emonti-buby 1.1.3 → 1.1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +4 -0
- data/bin/buby +11 -2
- data/buby.gemspec +1 -1
- data/lib/buby.rb +33 -23
- metadata +3 -2
data/History.txt
CHANGED
data/bin/buby
CHANGED
@@ -39,6 +39,15 @@ $DEBUG=true if args[:debug]
|
|
39
39
|
$burp = Buby.start_burp()
|
40
40
|
|
41
41
|
if args[:irb]
|
42
|
-
|
43
|
-
IRB.
|
42
|
+
# yucky hack...
|
43
|
+
IRB.setup(nil)
|
44
|
+
IRB.conf[:IRB_NAME] = File.basename($0, ".rb")
|
45
|
+
module IRB
|
46
|
+
class <<self
|
47
|
+
def setup(*args); end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
puts "Global $burp is set to #{$burp.inspect}",
|
51
|
+
" Important Note: You'll need to exit by closing the burp window."
|
52
|
+
IRB.start()
|
44
53
|
end
|
data/buby.gemspec
CHANGED
data/lib/buby.rb
CHANGED
@@ -118,9 +118,10 @@ class Buby
|
|
118
118
|
# * host = The hostname of the remote HTTP server.
|
119
119
|
# * port = The port of the remote HTTP server.
|
120
120
|
# * https = Flags whether the protocol is HTTPS or HTTP.
|
121
|
-
# * req = The full HTTP request.
|
121
|
+
# * req = The full HTTP request. (String or Java bytes[])
|
122
122
|
def doActiveScan(host, port, https, req)
|
123
|
-
|
123
|
+
req = req.to_java_bytes if req.is_a? String
|
124
|
+
_check_cb.doActiveScan(host, port, https, req)
|
124
125
|
end
|
125
126
|
alias do_active_scan doActiveScan
|
126
127
|
alias active_scan doActiveScan
|
@@ -130,10 +131,12 @@ class Buby
|
|
130
131
|
# * host = The hostname of the remote HTTP server.
|
131
132
|
# * port = The port of the remote HTTP server.
|
132
133
|
# * https = Flags whether the protocol is HTTPS or HTTP.
|
133
|
-
# * req = The full HTTP request.
|
134
|
-
# * rsp = The full HTTP response.
|
134
|
+
# * req = The full HTTP request. (String or Java bytes[])
|
135
|
+
# * rsp = The full HTTP response. (String or Java bytes[])
|
135
136
|
def doPassiveScan(host, port, https, req, rsp)
|
136
|
-
|
137
|
+
req = req.to_java_bytes if req.is_a? String
|
138
|
+
rsp = rsp.to_java_bytes if rsp.is_a? String
|
139
|
+
_check_cb.doPassiveScan(host, port, https, req, rsp)
|
137
140
|
end
|
138
141
|
alias do_passive_scan doPassiveScan
|
139
142
|
alias passive_scan doPassiveScan
|
@@ -141,7 +144,8 @@ class Buby
|
|
141
144
|
# Exclude the specified URL from the Suite-wide scope.
|
142
145
|
# * url = The URL to exclude from the Suite-wide scope.
|
143
146
|
def excludeFromScope(url)
|
144
|
-
|
147
|
+
url = java.net.URL.new(url) if url.is_a? String
|
148
|
+
_check_cb.excludeFromScope(url)
|
145
149
|
end
|
146
150
|
alias exclude_from_scope excludeFromScope
|
147
151
|
alias exclude_scope excludeFromScope
|
@@ -149,7 +153,8 @@ class Buby
|
|
149
153
|
# Include the specified URL in the Suite-wide scope.
|
150
154
|
# * url = The URL to exclude in the Suite-wide scope.
|
151
155
|
def includeInScope(url)
|
152
|
-
|
156
|
+
url = java.net.URL.new(url) if url.is_a? String
|
157
|
+
_check_cb.includeInScope(url)
|
153
158
|
end
|
154
159
|
alias include_in_scope includeInScope
|
155
160
|
alias include_scope includeInScope
|
@@ -159,7 +164,8 @@ class Buby
|
|
159
164
|
#
|
160
165
|
# Returns: true / false
|
161
166
|
def isInScope(url)
|
162
|
-
|
167
|
+
url = java.net.URL.new(url) if url.is_a? String
|
168
|
+
_check_cb.isInScope(url)
|
163
169
|
end
|
164
170
|
alias is_in_scope isInScope
|
165
171
|
alias in_scope? isInScope
|
@@ -176,13 +182,12 @@ class Buby
|
|
176
182
|
# * host = The hostname of the remote HTTP server.
|
177
183
|
# * port = The port of the remote HTTP server.
|
178
184
|
# * https = Flags whether the protocol is HTTPS or HTTP.
|
179
|
-
# * req = The full HTTP request.
|
185
|
+
# * req = The full HTTP request. (String or Java bytes[])
|
180
186
|
#
|
181
187
|
# Returns: The full response retrieved from the remote server.
|
182
188
|
def makeHttpRequest(host, port, https, req)
|
183
|
-
String
|
184
|
-
|
185
|
-
)
|
189
|
+
req = req.to_java_bytes if req.is_a? String
|
190
|
+
String.from_java_bytes( _check_cb.makeHttpRequest(host, port, https, req) )
|
186
191
|
end
|
187
192
|
alias make_http_request makeHttpRequest
|
188
193
|
alias make_request makeHttpRequest
|
@@ -191,9 +196,10 @@ class Buby
|
|
191
196
|
# * host = The hostname of the remote HTTP server.
|
192
197
|
# * port = The port of the remote HTTP server.
|
193
198
|
# * https = Flags whether the protocol is HTTPS or HTTP.
|
194
|
-
# * req = The full HTTP request.
|
199
|
+
# * req = The full HTTP request. (String or Java bytes[])
|
195
200
|
def sendToIntruder(host, port, https, req)
|
196
|
-
|
201
|
+
req = req.to_java_bytes if req.is_a? String
|
202
|
+
_check_cb.sendToIntruder(host, port, https, req)
|
197
203
|
end
|
198
204
|
alias send_to_intruder sendToIntruder
|
199
205
|
alias intruder sendToIntruder
|
@@ -202,10 +208,11 @@ class Buby
|
|
202
208
|
# * host = The hostname of the remote HTTP server.
|
203
209
|
# * port = The port of the remote HTTP server.
|
204
210
|
# * https = Flags whether the protocol is HTTPS or HTTP.
|
205
|
-
# * req = The full HTTP request.
|
211
|
+
# * req = The full HTTP request. (String or Java bytes[])
|
206
212
|
# * tab = The tab caption displayed in Repeater. (default: auto-generated)
|
207
213
|
def sendToRepeater(host, port, https, req, tab=nil)
|
208
|
-
|
214
|
+
req = req.to_java_bytes if req.is_a? String
|
215
|
+
_check_cb.sendToRepeater(host, port, https, req, tab)
|
209
216
|
end
|
210
217
|
alias send_to_repeater sendToRepeater
|
211
218
|
alias repeater sendToRepeater
|
@@ -213,7 +220,8 @@ class Buby
|
|
213
220
|
# Send a seed URL to the Burp Spider tool.
|
214
221
|
# * url = The new seed URL to begin spidering from.
|
215
222
|
def sendToSpider(url)
|
216
|
-
|
223
|
+
url = java.net.URL.new(url) if url.is_a? String
|
224
|
+
_check_cb.includeInScope(url)
|
217
225
|
end
|
218
226
|
alias send_to_spider sendToSpider
|
219
227
|
alias spider sendToSpider
|
@@ -289,9 +297,10 @@ class Buby
|
|
289
297
|
#
|
290
298
|
# IMPORTANT: This method is only available with Burp 1.2.09 and higher.
|
291
299
|
#
|
292
|
-
# req = raw request
|
300
|
+
# req = raw request (String or Java bytes[])
|
293
301
|
def getParameters(req)
|
294
|
-
|
302
|
+
req = req.to_java_bytes if req.is_a? String
|
303
|
+
_check_and_callback(:getParameters, req)
|
295
304
|
end
|
296
305
|
alias parameters getParameters
|
297
306
|
alias get_parameters getParameters
|
@@ -302,12 +311,13 @@ class Buby
|
|
302
311
|
#
|
303
312
|
# IMPORTANT: This method is only available with Burp 1.2.09 and higher.
|
304
313
|
#
|
305
|
-
# msg = raw request/response
|
314
|
+
# msg = raw request/response (String or Java bytes[])
|
306
315
|
def getHeaders(msg)
|
307
|
-
|
316
|
+
msg = msg.to_java_bytes if msg.is_a? String
|
317
|
+
_check_and_callback(:getHeaders, msg)
|
308
318
|
end
|
309
319
|
alias headers getHeaders
|
310
|
-
alias
|
320
|
+
alias get_headers getHeaders
|
311
321
|
|
312
322
|
|
313
323
|
### Event Handlers ###
|
@@ -502,7 +512,7 @@ class Buby
|
|
502
512
|
# relating to generalized requests and responses from any BurpSuite tool.
|
503
513
|
# You may want to use evt_proxy_message if you only intend to work with only
|
504
514
|
# proxied messages. Note, however, the IHttpRequestResponse Java object is
|
505
|
-
# not used in
|
515
|
+
# not used in evt_proxy_message and gives evt_http_message a somewhat
|
506
516
|
# nicer interface to work with.
|
507
517
|
#
|
508
518
|
# Parameters:
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: emonti-buby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.3
|
4
|
+
version: 1.1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eric Monti - Matasano Security
|
@@ -66,6 +66,7 @@ files:
|
|
66
66
|
- test/test_buby.rb
|
67
67
|
has_rdoc: false
|
68
68
|
homepage: http://emonti.github.com/buby
|
69
|
+
licenses:
|
69
70
|
post_install_message:
|
70
71
|
rdoc_options:
|
71
72
|
- --main
|
@@ -88,7 +89,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
88
89
|
requirements: []
|
89
90
|
|
90
91
|
rubyforge_project: buby
|
91
|
-
rubygems_version: 1.
|
92
|
+
rubygems_version: 1.3.5
|
92
93
|
signing_key:
|
93
94
|
specification_version: 3
|
94
95
|
summary: Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger
|