emonti-buby 1.0.0

data/History.txt

@@ -0,0 +1,4 @@
+== 1.0.0 / 2009-05-08
+
+* 1 major enhancement
+  * Birthday!

data/README.rdoc

@@ -0,0 +1,278 @@
+buby
+  by Eric Monti
+  http://github.com/emonti/buby
+
+== DESCRIPTION:
+
+Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.
+
+== FEATURES/PROBLEMS:
+
+* Intercept and log proxied requests and responses via Burp into Ruby and 
+  perform arbitrary processing on them.
+
+* Modify requests and responses in-line using Ruby scripts.
+
+* Pass requests and other information from JRuby to various sub-interfaces in 
+  Burp
+
+* Use the Burp framework for active and passive scanning using arbitrary
+  requests and responses.
+
+* Use the Burp framework for making arbitrary HTTP requests
+
+
+Buby is implemented using an abstract Ruby event handler and interface class. The Buby Ruby class is back-ended with a minimal BurpExtender class implemented in Java.  The java code is required to conform to nuances in the Burp extension interface and while it's in the pure Java runtime, it acts as 'glue' where deemed appropriate, but otherwise tries to stay out of the way.
+
+The java BurpExtender included with Buby is an implementation of IBurpExtender which is the interface API supplied by PortSwigger for writing extensions to Burp Suite. It mostly acts as a method proxy between Ruby and Java, doing very little except event handler proxying between the java and ruby runtimes with run-time type conversion as needed.
+
+
+== REQUIREMENTS:
+
+Buby requires a copy of Burp Suite. Not sure if this will work with the unlicensed trial version. Point is, you'll need to get this separately since it's a trade-marked commercial product of PortSwigger Ltd.
+
+See http://portswigger.net/
+
+
+== BUILD/INSTALLATION:
+
+=== Gem
+You should be able to get up and running with just the gem and a copy of Burp. 
+I've packaged up a pre-built buby.jar file containing the required classes 
+minus ofcourse, Burp itself. 
+
+  gem install emonti-buby
+
+See manual step #5 below. For best results, you'll still want to make your 
+burp.jar available in the ruby runtime library path.
+
+
+=== Manual
+Here are manual instructions if you want or need to build things yourself:
+
+1. Download buby from github
+  git clone git://github.com/emonti/buby.git
+
+2. Compile BurpExtender.java. Include jruby.jar in the classpath:
+
+  cd buby/java/src
+  javac -classpath (.../jruby/root)/lib/jruby.jar:. BurpExtender.java
+
+3. Create a new lib/buby.jar
+
+  jar cvf ../../lib/buby.jar .
+
+4. Copy the buby library to your JRuby library path. Your location may vary:
+
+  cp buby.jar buby.rb (.../jruby)/lib/site_ruby/1.8/
+
+5. The last part is a bit tricky. Burp Suite itself is obviously not packaged
+   with buby. You'll need to somehow put your 'burp.jar' in a place where
+   it is visible in the JRuby RUBY-LIB paths. While there are a few other
+   methods added for pulling in 'burp.jar' during run-time, this one is by far
+   the least amount of hassle in the long run.
+
+Here's a quick way to see jruby's runtime lib-path:
+    
+  jruby -e 'puts $:'
+
+There is usually a '.../jruby/lib/1.8/java' directory reference in there, 
+though the directory may not exist in your set-up yet and you may need to 
+create it.
+
+Note: I keep my jruby installation under my home directory. Also, I think 
+my jruby version is out of date at the time of writing. But your configuration
+should still be relatively close to this. 
+
+Here's how I have mine set up.
+
+  mkdir ~/jruby-1.1.5/lib/ruby/1.8/java
+  ln -s ~/tools/burp.jar ~/jruby-1.1.5/lib/ruby/1.8/java/burp.jar
+
+Once this is done, everything should be ready to go.
+
+== TEST AND USAGE EXAMPLE:
+
+The gem includes a command-line tool called 'buby' but it doesn't do much right
+now. You can, however use this as a minimal test to confirm whether Burp can be 
+launched from ruby and whether Buby and Burp are connected.
+
+Here are some really simple test examples using Buby through IRB:
+
+  $ jruby -S irb
+
+  require 'buby'
+  $DEBUG = true
+
+  # Here's one way to explicitely add burp.jar into the runtime if its not
+  # already.
+  Buby.load_burp("/path/to/burp.jar") if not Buby.burp_loaded?
+  buby = Buby.start_burp()
+
+At this point, you should see Burp starting and with the $DEBUG flag, you'll 
+also see several debug messages in IRB coming from Buby as various events are 
+generated by the BurpExtender java implementation. Once Burp is running, click 
+on the alerts tab.
+
+You should see now something like the following in alerts:
+
+  2:46:01 PM  suite   method BurpExtender.processProxyMessage() found
+  2:46:01 PM  suite   method BurpExtender.registerExtenderCallbacks() found
+  2:46:01 PM  suite   method BurpExtender.setCommandLineArgs() found
+  2:46:01 PM  suite   method BurpExtender.applicationClosing() found
+  2:46:01 PM  proxy   proxy service started on port 8080
+  2:46:01 PM  suite   [BurpExtender] registering JRuby handler callbacks
+  2:46:01 PM  suite   [JRuby::Buby] registered callback
+
+To confirm you are connected back to Burp in IRB, do the following:
+
+  buby.alert("hello Burp!")
+
+Which should produce a new alert:
+
+  2:47:00 PM  suite   hello Burp!
+
+
+Next, lets make an HTTP request through the proxy. We'll use Net:HTTP right 
+in IRB for illustration purposes. However, you can just as easily perform this 
+test through a browser configured to use Burp as its proxy.  
+
+  require 'net/http'
+  p = Net::HTTP::Proxy("localhost", 8080).start("www.example.com")
+  p.get("/")
+
+
+With $DEBUG = true, you should see the debugging output from Ruby as the proxy
+passes your request back to your Ruby runtime.
+
+It will look something like the following in IRB:
+
+  >> p.get("/")   
+  [:got_proxy_request,
+   [:msg_ref, 1],
+   [:is_req, true],
+   [:rhost, "www.example.com"],
+   [:rport, 80],
+   [:is_https, false],
+   [:http_meth, "GET"],
+   [:url, "/"],
+   [:resourceType, nil],
+   [:status, nil],
+   [:req_content_type, nil],
+   [:message, "GET / HTTP/1.1\r\nAccept:..."],
+   [:action, 0]]
+
+You may also see the response right away depending on your intercept settings 
+in Burp. Back the in Burp proxy's intercept window, turn off interception if 
+it hasn't already been disabled. Now you should definitely see the response 
+in IRB as it passes back through the Burp proxy.
+
+  [:got_proxy_response,
+   [:msg_ref, 1],
+   [:is_req, false],
+   [:rhost, "www.example.com"],
+   [:rport, 80],
+   [:is_https, false],
+   [:http_meth, "GET"],
+   [:url, "/"],
+   [:resourceType, nil],
+   [:status, "200"],
+   [:req_content_type, "text/html; charset=utf-8"],
+   [:message, "HTTP/1.1 200 OK\r\n..."],
+   [:action, 0]]
+  => #<Net::HTTPOK 200 OK readbody=true>
+  >>
+
+Note also, the Net::HTTP request should have returned the same result as shown in the proxy.
+
+Now, lets try something mildly interesting with the proxy. This contrived example will implement a proxy request manipulator to do HTTP request verb tampering on every GET request that goes through the proxy. 
+
+  # Note: I'm using 'instance_eval' here only to stay with the flow of the 
+  # existing IRB session. Normally, you'd probably want to implement this as 
+  # an override in your Buby-derived class.
+
+  buby.instance_eval do
+
+    def evt_proxy_message(*param)
+      msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, 
+      status, req_content_type, message, action = param
+
+      if is_req and http_meth=="GET"
+        # Change the HTTP request verb to something silly
+        message[0,3] = "PET"
+
+        # Forcibly disable interception in the Burp UI
+        action[0] = Buby::ACTION_DONT_INTERCEPT
+
+        # Return a new instance and still get $DEBUG info
+        return super(*param).dup
+      else
+        # Just get $DEBUG info for all other requests
+        return super(*param)
+      end
+    end
+
+  end
+
+  # Now, make another request using the Net::HTTP client
+  p.get("/")
+
+
+This should produce a request that looks like the following in IRB:
+
+  [:got_proxy_request,
+   ...
+   [:message,
+    "PET / HTTP/1.1\r\nAccept: */*\r\nUser-Agent: Ruby..."],
+    [:action, 2]]
+
+And, assuming 'www.example.com' checks for valid request verbs, you should see something like the following response:
+
+  [:got_proxy_response,
+   ...
+   [:http_meth, "PET"],
+   [:url, "/"],
+   [:resourceType, nil],
+   [:status, "400"],
+   ...
+   [:message,
+    "HTTP/1.1 400 Bad Request\r\nContent-Type:..."],
+   [:action, 0]]
+  => #<Net::HTTPBadRequest 400 Bad Request readbody=true>
+
+
+== CREDIT:
+* Burp and Burp Suite are trademarks of PortSwigger(ltd) 
+  Copyright 2008 PortSwigger Ltd. All rights reserved.
+  See http://portswigger.net for license terms.
+
+* This ruby library and the accompanying BurpExtender.java implementation are 
+  written by Eric Monti @ Matasano Security. Matasano Security claims no 
+  professional or legal affiliation with PortSwigger LTD.
+
+  However, the author would like to express his personal and professional 
+  respect and admiration to Burp's authors and appreciation to PortSwigger for 
+  the availability of the IBurpExtender extension API.
+
+  The availability of this interface goes a long way to helping make Burp Suite 
+  a truly first-class application.
+
+== LICENSE:
+
+* Burp and Burp Suite are trademarks of PortSwigger Ltd.
+  Copyright 2008 PortSwigger Ltd. All rights reserved.
+  See http://portswigger.net for license terms.
+
+* The Buby Ruby library and its accompanying BurpExtender implementation are
+  both freely available under the terms of the MIT public license:
+
+(The MIT License)
+
+Copyright (C) 2009 Eric Monti, Matasano Security
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 
+

data/Rakefile

@@ -0,0 +1,33 @@
+# Look in the tasks/setup.rb file for the various options that can be
+# configured in this Rakefile. The .rake files in the tasks directory
+# are where the options are used.
+
+begin
+  require 'bones'
+  Bones.setup
+rescue LoadError
+  begin
+    load 'tasks/setup.rb'
+  rescue LoadError
+    raise RuntimeError, '### please install the "bones" gem ###'
+  end
+end
+
+ensure_in_path 'lib'
+ensure_in_path 'java'
+require 'buby'
+
+task :default => 'spec:run'
+
+PROJ.name = 'buby'
+PROJ.authors = 'Eric Monti - Matasano Security'
+PROJ.email = 'emonti@matasano.com'
+PROJ.url = 'http://github.com/emonti/buby'
+PROJ.version = Buby::VERSION
+PROJ.rubyforge.name = 'buby'
+PROJ.readme_file = 'README.rdoc'
+PROJ.libs << "java"
+
+PROJ.spec.opts << '--color'
+
+# EOF

data/bin/buby

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+require File.expand_path(File.join(File.dirname(__FILE__), %w[.. lib buby]))
+require 'irb'
+
+unless Buby.burp_loaded?
+  begin
+    raise "You must specify the path to your burp.jar" unless jar=ARGV.shift
+    raise "#{jar} did not provide burp.StartBurp" unless Buby.load_burp(jar)
+  rescue
+    STDERR.puts "Error: #{$!}"
+    exit 1
+  end
+end
+$burp = Buby.start_burp()
+IRB.start if $DEBUG

data/buby.gemspec

@@ -0,0 +1,37 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{buby}
+  s.version = "1.0.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Eric Monti - Matasano Security"]
+  s.date = %q{2009-05-08}
+  s.default_executable = %q{buby}
+  s.description = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger.  Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.  This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.}
+  s.email = %q{emonti@matasano.com}
+  s.executables = ["buby"]
+  s.extra_rdoc_files = ["History.txt", "README.rdoc", "bin/buby"]
+  s.files = ["History.txt", "README.rdoc", "Rakefile", "bin/buby", "buby.gemspec", "java/buby.jar", "java/src/BurpExtender.java", "java/src/burp/IBurpExtender.java", "java/src/burp/IBurpExtenderCallbacks.java", "lib/buby.rb", "samples/basic.rb", "spec/buby_spec.rb", "spec/spec_helper.rb", "tasks/ann.rake", "tasks/bones.rake", "tasks/gem.rake", "tasks/git.rake", "tasks/notes.rake", "tasks/post_load.rake", "tasks/rdoc.rake", "tasks/rubyforge.rake", "tasks/setup.rb", "tasks/spec.rake", "tasks/svn.rake", "tasks/test.rake", "tasks/zentest.rake", "test/test_buby.rb"]
+  s.has_rdoc = true
+  s.homepage = %q{http://github.com/emonti/buby}
+  s.rdoc_options = ["--main", "README.rdoc"]
+  s.require_paths = ["lib", "java"]
+  s.rubyforge_project = %q{buby}
+  s.rubygems_version = %q{1.3.1}
+  s.summary = %q{Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger}
+  s.test_files = ["test/test_buby.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<bones>, [">= 2.5.0"])
+    else
+      s.add_dependency(%q<bones>, [">= 2.5.0"])
+    end
+  else
+    s.add_dependency(%q<bones>, [">= 2.5.0"])
+  end
+end

data/java/src/BurpExtender.java

@@ -0,0 +1,247 @@
+//import javax.annotation.PostConstruct; 
+
+import burp.IBurpExtender;
+import burp.IBurpExtenderCallbacks;
+
+import org.jruby.*;
+import org.jruby.javasupport.JavaUtil;
+import org.jruby.runtime.ThreadContext; 
+import org.jruby.runtime.builtin.IRubyObject; 
+
+/**
+ * This is an implementation of the BurpExtender/IBurpExtender interface
+ * for Burp Suite which provides glue between a Ruby runtime and Burp.
+ *
+ * This is a complete implementation of the Burp Extender interfaces available
+ * as of Burp Suite 1.2/1.2.05
+ */
+public class BurpExtender implements IBurpExtender { 
+    public final static String INIT_METH =     "evt_extender_init";
+    public final static String PROXY_METH =    "evt_proxy_message";
+    public final static String MAINARGS_METH = "evt_commandline_args";
+    public final static String REG_METH =      "evt_register_callbacks";
+    public final static String CLOSE_METH =    "evt_application_closing";
+
+    // Internal reference to hold the ruby Burp handler
+    private static IRubyObject r_obj = null;
+
+    /**
+     * Sets an internal reference to the ruby handler class or module to use 
+     * for proxied BurpExtender events into a ruby runtime.
+     *
+     * Generally, this should probably be called before burp.StartBurp.main. 
+     * However, it is also possible to set this afterwards and even swap in 
+     * new objects during runtime.
+     */
+    public static void set_handler(IRubyObject hnd) { r_obj = hnd; }
+
+    /** 
+     * Returns the internal Ruby handler reference. 
+     *
+     * The handler is the ruby class or module used for proxying BurpExtender 
+     * events into a ruby runtime.
+     */
+    public static IRubyObject get_handler() { return r_obj; }
+
+
+    /** 
+     * This constructor is invoked from Burp's extender framework.
+     *
+     * This implementation invokes the <code>INIT_METH</code> method
+     * from the Ruby handler object if one is defined passing it Ruby
+     * usable reference to the instance.
+     *
+     */
+    public BurpExtender() {
+      if (r_obj !=null && r_obj.respondsTo(INIT_METH))
+        r_obj.callMethod(ctx(r_obj), INIT_METH, to_ruby(rt(r_obj), this));
+    }
+
+
+    /**
+     * This method is invoked immediately after the implementation's constructor
+     * to pass any command-line arguments that were passed to Burp Suite on
+     * startup. 
+     *
+     * This implementation invokes the method defined by 
+     * <code>MAINARGS_METH</code> in the Ruby handler if both the handler
+     * and its ruby method are defined.
+     *
+     * It allows Ruby implementations to control aspects of their behaviour at 
+     * runtime by defining their own command-line arguments.
+     *
+     * WARNING: Burp appears to have a bug (as of 1.2 and 1.2.05) which causes
+     * Burp to exit immediately if arguments are supplied regardless whether 
+     * this handler is used.
+     *
+     * @param args The command-line arguments passed to Burp Suite on startup.
+     */
+    public void setCommandLineArgs(String[] args) {
+      if(r_obj != null && r_obj.respondsTo(MAINARGS_METH))
+        r_obj.callMethod(ctx(r_obj), MAINARGS_METH, to_ruby(rt(r_obj), args));
+    }
+  
+    /**
+     * This method is invoked on startup. It registers an instance of the 
+     * <code>burp.IBurpExtenderCallbacks</code> interface, providing methods 
+     * that may be invoked by the implementation to perform various actions.
+     * 
+     * The call to registerExtenderCallbacks need not return, and 
+     * implementations may use the invoking thread for any purpose.<p>
+     *
+     * This implementation simply passes a ruby-usable "callbacks" instance to 
+     * the Ruby handler using the method defined by <code>REG_METH</code> if 
+     * both the handler and its ruby method are defined.
+     *
+     * @param callbacks An implementation of the 
+     * <code>IBurpExtenderCallbacks</code> interface.
+     */
+    public void registerExtenderCallbacks(IBurpExtenderCallbacks cb) {
+      if(r_obj != null && r_obj.respondsTo(REG_METH)) {
+        cb.issueAlert("[BurpExtender] registering JRuby handler callbacks");
+        r_obj.callMethod(ctx(r_obj), REG_METH, to_ruby(rt(r_obj), cb));
+      }
+    }
+
+    /**
+     * This method is invoked by Burp Proxy whenever a client request or server
+     * response is received. 
+     *
+     * This implementation simply passes all arguments to the Ruby handler's 
+     * method defined by <code>PROXY_METH</code> if both the handler and
+     * its ruby method are defined.
+     *
+     * This allows Ruby implementations to perform logging functions, modify 
+     * the message, specify an action (intercept, drop, etc.) and perform any 
+     * other arbitrary processing.
+     *
+     * @param messageReference An identifier which is unique to a single 
+     * request/response pair. This can be used to correlate details of requests
+     * and responses and perform processing on the response message accordingly.
+     * @param messageIsRequest Flags whether the message is a client request or
+     * a server response.
+     * @param remoteHost The hostname of the remote HTTP server.
+     * @param remotePort The port of the remote HTTP server.
+     * @param serviceIsHttps Flags whether the protocol is HTTPS or HTTP.
+     * @param httpMethod The method verb used in the client request.
+     * @param url The requested URL.
+     * @param resourceType The filetype of the requested resource, or a 
+     * zero-length string if the resource has no filetype.
+     * @param statusCode The HTTP status code returned by the server. This value
+     * is <code>null</code> for request messages.
+     * @param responseContentType The content-type string returned by the 
+     * server. This value is <code>null</code> for request messages.
+     * @param message The full HTTP message.
+     * @param action An array containing a single integer, allowing the
+     * implementation to communicate back to Burp Proxy a non-default 
+     * interception action for the message. The default value is 
+     * <code>ACTION_FOLLOW_RULES</code>. Set <code>action[0]</code> to one of 
+     * the other possible values to perform a different action.
+     * @return Implementations should return either (a) the same object received
+     * in the <code>message</code> paramater, or (b) a different object 
+     * containing a modified message.
+     */
+    public byte[] processProxyMessage( 
+        int messageReference, 
+        boolean messageIsRequest, 
+        String remoteHost, 
+        int remotePort, 
+        boolean serviceIsHttps, 
+        String httpMethod, 
+        String url, 
+        String resourceType, 
+        String statusCode, 
+        String responseContentType, 
+        byte[] message, 
+        int[] action
+     ) {
+
+      if (r_obj != null && r_obj.respondsTo(PROXY_METH)) {
+        Ruby rt = rt(r_obj);
+        // prepare an alternate action value to present to ruby
+        IRubyObject r_action = to_ruby(rt, action);
+
+        // prepare an alternate message value to present to ruby
+        IRubyObject r_msg = to_ruby(rt, RubyString.bytesToString(message));
+
+        IRubyObject pxy_msg[] = {
+          to_ruby(rt, messageReference),
+          to_ruby(rt, messageIsRequest),
+          to_ruby(rt, remoteHost),
+          to_ruby(rt, remotePort),
+          to_ruby(rt, serviceIsHttps),
+          to_ruby(rt, httpMethod),
+          to_ruby(rt, url),
+          to_ruby(rt, resourceType),
+          to_ruby(rt, statusCode),
+          to_ruby(rt, responseContentType),
+          r_msg,
+          r_action
+        };
+
+        // slurp back in the action value in-case it's been changed
+        action[0] = ((int[]) JavaUtil.convertRubyToJava(r_action))[0];
+
+        IRubyObject ret = r_obj.callMethod(ctx(r_obj), PROXY_METH, pxy_msg);
+        if(ret != r_msg)
+          return ((RubyString) ret).getBytes();
+      }
+
+      return message;
+    }
+
+    /**
+     * This method is invoked immediately before Burp Suite exits. 
+     * This implementation simply invokes the Ruby handler's method defined
+     * by <code>CLOSE_METH</code> if both the handler and its ruby method are
+     * defined.
+     *
+     * This allows implementations to carry out any clean-up actions necessary
+     * (e.g. flushing log files or closing database resources, etc.).
+     */
+    public void applicationClosing() {
+      if (r_obj != null && r_obj.respondsTo(CLOSE_METH))
+        r_obj.callMethod(ctx(r_obj), CLOSE_METH);
+    }
+
+    // Private method to return the ThreadContext for a given ruby object.
+    // This is used in the various event proxies
+    private ThreadContext ctx(IRubyObject obj) {
+      return rt(obj).getThreadService().getCurrentContext();
+    }
+
+    // Private method to return the ruby runtime for a given ruby object.
+    // This is used in the various event proxies
+    private Ruby rt(IRubyObject obj) {
+      return obj.getRuntime();
+    }
+
+    // private method to transfer arbitrary java objects into a ruby runtime.
+    // This is used in the various event proxies to pass arguments to the
+    // ruby handler object.
+    private IRubyObject to_ruby(Ruby rt, Object obj) {
+      return JavaUtil.convertJavaToUsableRubyObject(rt, obj);
+    }
+
+
+    /** 
+     * Causes Burp Proxy to follow the current interception rules to determine
+     * the appropriate action to take for the message.
+     */
+    public final static int ACTION_FOLLOW_RULES = 0;
+    /** 
+     * Causes Burp Proxy to present the message to the user for manual
+     * review or modification.
+     */
+    public final static int ACTION_DO_INTERCEPT = 1;
+    /** 
+     * Causes Burp Proxy to forward the message to the remote server or client.
+     */
+    public final static int ACTION_DONT_INTERCEPT = 2;
+    /** 
+     * Causes Burp Proxy to drop the message and close the client connection.
+     */
+    public final static int ACTION_DROP = 3;    
+
+} 
+