emonti-buby 1.1.3 → 1.1.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/History.txt +4 -0
  2. data/bin/buby +11 -2
  3. data/buby.gemspec +1 -1
  4. data/lib/buby.rb +33 -23
  5. metadata +3 -2
data/History.txt CHANGED
@@ -1,3 +1,7 @@
1
+ == 1.1.3.1 / 2009-09-09
2
+ * fix
3
+ * fixed a typo in the String type-check for Buby.getParameters()
4
+
1
5
  == 1.1.3 / 2009-08-25
2
6
  * 1 enhancement
3
7
  * new convenience methods added for iterating and searching through
data/bin/buby CHANGED
@@ -39,6 +39,15 @@ $DEBUG=true if args[:debug]
39
39
  $burp = Buby.start_burp()
40
40
 
41
41
  if args[:irb]
42
- puts "Global $burp is set to #{$burp.inspect}"
43
- IRB.start
42
+ # yucky hack...
43
+ IRB.setup(nil)
44
+ IRB.conf[:IRB_NAME] = File.basename($0, ".rb")
45
+ module IRB
46
+ class <<self
47
+ def setup(*args); end
48
+ end
49
+ end
50
+ puts "Global $burp is set to #{$burp.inspect}",
51
+ " Important Note: You'll need to exit by closing the burp window."
52
+ IRB.start()
44
53
  end
data/buby.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{buby}
5
- s.version = "1.1.3"
5
+ s.version = "1.1.3.1"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Eric Monti - Matasano Security"]
data/lib/buby.rb CHANGED
@@ -118,9 +118,10 @@ class Buby
118
118
  # * host = The hostname of the remote HTTP server.
119
119
  # * port = The port of the remote HTTP server.
120
120
  # * https = Flags whether the protocol is HTTPS or HTTP.
121
- # * req = The full HTTP request.
121
+ # * req = The full HTTP request. (String or Java bytes[])
122
122
  def doActiveScan(host, port, https, req)
123
- _check_cb.doActiveScan(host, port, https, req.to_java_bytes)
123
+ req = req.to_java_bytes if req.is_a? String
124
+ _check_cb.doActiveScan(host, port, https, req)
124
125
  end
125
126
  alias do_active_scan doActiveScan
126
127
  alias active_scan doActiveScan
@@ -130,10 +131,12 @@ class Buby
130
131
  # * host = The hostname of the remote HTTP server.
131
132
  # * port = The port of the remote HTTP server.
132
133
  # * https = Flags whether the protocol is HTTPS or HTTP.
133
- # * req = The full HTTP request.
134
- # * rsp = The full HTTP response.
134
+ # * req = The full HTTP request. (String or Java bytes[])
135
+ # * rsp = The full HTTP response. (String or Java bytes[])
135
136
  def doPassiveScan(host, port, https, req, rsp)
136
- _check_cb.doPassiveScan(host, port, https, req.to_java_bytes, rsp.to_java_bytes)
137
+ req = req.to_java_bytes if req.is_a? String
138
+ rsp = rsp.to_java_bytes if rsp.is_a? String
139
+ _check_cb.doPassiveScan(host, port, https, req, rsp)
137
140
  end
138
141
  alias do_passive_scan doPassiveScan
139
142
  alias passive_scan doPassiveScan
@@ -141,7 +144,8 @@ class Buby
141
144
  # Exclude the specified URL from the Suite-wide scope.
142
145
  # * url = The URL to exclude from the Suite-wide scope.
143
146
  def excludeFromScope(url)
144
- _check_cb.excludeFromScope(java.net.URL.new(url.to_s))
147
+ url = java.net.URL.new(url) if url.is_a? String
148
+ _check_cb.excludeFromScope(url)
145
149
  end
146
150
  alias exclude_from_scope excludeFromScope
147
151
  alias exclude_scope excludeFromScope
@@ -149,7 +153,8 @@ class Buby
149
153
  # Include the specified URL in the Suite-wide scope.
150
154
  # * url = The URL to exclude in the Suite-wide scope.
151
155
  def includeInScope(url)
152
- _check_cb.includeInScope(java.net.URL.new(url.to_s))
156
+ url = java.net.URL.new(url) if url.is_a? String
157
+ _check_cb.includeInScope(url)
153
158
  end
154
159
  alias include_in_scope includeInScope
155
160
  alias include_scope includeInScope
@@ -159,7 +164,8 @@ class Buby
159
164
  #
160
165
  # Returns: true / false
161
166
  def isInScope(url)
162
- _check_cb.isInScope(java.net.URL.new(url.to_s))
167
+ url = java.net.URL.new(url) if url.is_a? String
168
+ _check_cb.isInScope(url)
163
169
  end
164
170
  alias is_in_scope isInScope
165
171
  alias in_scope? isInScope
@@ -176,13 +182,12 @@ class Buby
176
182
  # * host = The hostname of the remote HTTP server.
177
183
  # * port = The port of the remote HTTP server.
178
184
  # * https = Flags whether the protocol is HTTPS or HTTP.
179
- # * req = The full HTTP request.
185
+ # * req = The full HTTP request. (String or Java bytes[])
180
186
  #
181
187
  # Returns: The full response retrieved from the remote server.
182
188
  def makeHttpRequest(host, port, https, req)
183
- String.from_java_bytes(
184
- _check_cb.makeHttpRequest(host, port, https, req.to_java_bytes)
185
- )
189
+ req = req.to_java_bytes if req.is_a? String
190
+ String.from_java_bytes( _check_cb.makeHttpRequest(host, port, https, req) )
186
191
  end
187
192
  alias make_http_request makeHttpRequest
188
193
  alias make_request makeHttpRequest
@@ -191,9 +196,10 @@ class Buby
191
196
  # * host = The hostname of the remote HTTP server.
192
197
  # * port = The port of the remote HTTP server.
193
198
  # * https = Flags whether the protocol is HTTPS or HTTP.
194
- # * req = The full HTTP request.
199
+ # * req = The full HTTP request. (String or Java bytes[])
195
200
  def sendToIntruder(host, port, https, req)
196
- _check_cb.sendToIntruder(host, port, https, req.to_java_bytes)
201
+ req = req.to_java_bytes if req.is_a? String
202
+ _check_cb.sendToIntruder(host, port, https, req)
197
203
  end
198
204
  alias send_to_intruder sendToIntruder
199
205
  alias intruder sendToIntruder
@@ -202,10 +208,11 @@ class Buby
202
208
  # * host = The hostname of the remote HTTP server.
203
209
  # * port = The port of the remote HTTP server.
204
210
  # * https = Flags whether the protocol is HTTPS or HTTP.
205
- # * req = The full HTTP request.
211
+ # * req = The full HTTP request. (String or Java bytes[])
206
212
  # * tab = The tab caption displayed in Repeater. (default: auto-generated)
207
213
  def sendToRepeater(host, port, https, req, tab=nil)
208
- _check_cb.sendToRepeater(host, port, https, req.to_java_bytes, tab)
214
+ req = req.to_java_bytes if req.is_a? String
215
+ _check_cb.sendToRepeater(host, port, https, req, tab)
209
216
  end
210
217
  alias send_to_repeater sendToRepeater
211
218
  alias repeater sendToRepeater
@@ -213,7 +220,8 @@ class Buby
213
220
  # Send a seed URL to the Burp Spider tool.
214
221
  # * url = The new seed URL to begin spidering from.
215
222
  def sendToSpider(url)
216
- _check_cb.includeInScope(java.net.URL.new(url.to_s))
223
+ url = java.net.URL.new(url) if url.is_a? String
224
+ _check_cb.includeInScope(url)
217
225
  end
218
226
  alias send_to_spider sendToSpider
219
227
  alias spider sendToSpider
@@ -289,9 +297,10 @@ class Buby
289
297
  #
290
298
  # IMPORTANT: This method is only available with Burp 1.2.09 and higher.
291
299
  #
292
- # req = raw request string (converted to Java bytes[] in passing)
300
+ # req = raw request (String or Java bytes[])
293
301
  def getParameters(req)
294
- _check_and_callback(:getParameters, req.to_s.to_java_bytes)
302
+ req = req.to_java_bytes if req.is_a? String
303
+ _check_and_callback(:getParameters, req)
295
304
  end
296
305
  alias parameters getParameters
297
306
  alias get_parameters getParameters
@@ -302,12 +311,13 @@ class Buby
302
311
  #
303
312
  # IMPORTANT: This method is only available with Burp 1.2.09 and higher.
304
313
  #
305
- # msg = raw request/response string (converted to Java bytes[] in passing)
314
+ # msg = raw request/response (String or Java bytes[])
306
315
  def getHeaders(msg)
307
- _check_and_callback(:getHeaders, msg.to_s.to_java_bytes)
316
+ msg = msg.to_java_bytes if msg.is_a? String
317
+ _check_and_callback(:getHeaders, msg)
308
318
  end
309
319
  alias headers getHeaders
310
- alias get_Headers getHeaders
320
+ alias get_headers getHeaders
311
321
 
312
322
 
313
323
  ### Event Handlers ###
@@ -502,7 +512,7 @@ class Buby
502
512
  # relating to generalized requests and responses from any BurpSuite tool.
503
513
  # You may want to use evt_proxy_message if you only intend to work with only
504
514
  # proxied messages. Note, however, the IHttpRequestResponse Java object is
505
- # not used in evt_proxy_http_message and gives evt_http_message a somewhat
515
+ # not used in evt_proxy_message and gives evt_http_message a somewhat
506
516
  # nicer interface to work with.
507
517
  #
508
518
  # Parameters:
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: emonti-buby
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.3
4
+ version: 1.1.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Eric Monti - Matasano Security
@@ -66,6 +66,7 @@ files:
66
66
  - test/test_buby.rb
67
67
  has_rdoc: false
68
68
  homepage: http://emonti.github.com/buby
69
+ licenses:
69
70
  post_install_message:
70
71
  rdoc_options:
71
72
  - --main
@@ -88,7 +89,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
88
89
  requirements: []
89
90
 
90
91
  rubyforge_project: buby
91
- rubygems_version: 1.2.0
92
+ rubygems_version: 1.3.5
92
93
  signing_key:
93
94
  specification_version: 3
94
95
  summary: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger