Plugin for loading Burp state files from commandline:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | # vim: set ts=4 sw=4 tw=79 fileencoding=utf-8:
from __future__ import absolute_import
from bluec0re import ICallback
from java.io import File
class CmdlinePlugin(ICallback):
def __str__(self):
return type(self).__name__
def setCommandLineArgs(self, args):
self.args = args
def registerExtenderCallbacks(self, callbacks):
if len(self.args) > 1 and not self.args[-1].startswith('-'):
f = File(self.args[-1])
if f.exists():
callbacks.restoreState(f)
def toString(self):
return 'CmdlinePlugin'
|
Plugin for saving request/response items in a file (without the Burp-XML around it):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 | # vim: set ts=4 sw=4 tw=79 fileencoding=utf-8:
from __future__ import absolute_import
from bluec0re import ICallback
from burp import IMenuItemHandler
from java.io import File
from javax.swing import JFileChooser, JOptionPane
class PocPlugin(ICallback):
def __str__(self):
return type(self).__name__
def registerExtenderCallbacks(self, callbacks):
callbacks.registerMenuItem('Save PoC', Handler())
def toString(self):
return 'PoCPlugin'
class Handler(IMenuItemHandler):
def __init__(self, *args, **kwargs):
super(Handler, self).__init__(*args, **kwargs)
self.dir = None
def menuItemClicked(self, menuItemCaption, messageInfo):
if menuItemCaption == 'Save PoC':
if self.dir:
fc = JFileChooser(self.dir)
else:
fc = JFileChooser()
returnVal = fc.showSaveDialog(None)
if returnVal == JFileChooser.APPROVE_OPTION:
file = fc.getSelectedFile()
try:
mode = 'w'
if file.exists():
res = JOptionPane.showConfirmDialog(None,
"File exists. Append?")
mode = {
JOptionPane.YES_OPTION : 'a',
JOptionPane.NO_OPTION : 'w',
JOptionPane.CANCEL_OPTION : None,
}[res]
if not mode:
return
fp = open(str(file.getAbsolutePath()), mode)
for req_resp in messageInfo:
req = req_resp.getRequest()
resp = req_resp.getResponse()
fp.write(req.tostring())
fp.write('\r\n\r\n')
fp.write(resp.tostring())
fp.write('\r\n\r\n')
fp.close()
except Exception, e:
JOptionPane.showMessageDialog(None,
"Error during save: " + str(e), "Error",
JOptionPane.ERROR_MESSAGE)
raise
JOptionPane.showMessageDialog(None,
"File was successfully saved", "Ok",
JOptionPane.INFORMATION_MESSAGE)
self.dir = fc.getCurrentDirectory()
|
The Java class which have to be implemented by the Python scripts (based on IBurpExtender):
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 | package bluec0re;
import java.util.List;
import java.util.Map;
import burp.*;
/*
* Based on:
*
* @(#)IBurpExtender.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite and Burp
* Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
public abstract class ICallback
{
/**
* This method is invoked immediately after the implementation's constructor
* to pass any command-line arguments that were passed to Burp Suite on
* startup. It allows implementations to control aspects of their behaviour
* at runtime by defining their own command-line arguments.
*
* @param args The command-line arguments passed to Burp Suite on startup.
*/
public abstract void setCommandLineArgs(String[] args);
/**
* This method is invoked by Burp Proxy whenever a client request or server
* response is received. It allows implementations to perform logging
* functions, modify the message, specify an action (intercept, drop, etc.)
* and perform any other arbitrary processing.
*
* @param messageReference An identifier which is unique to a single
* request/response pair. This can be used to correlate details of requests
* and responses and perform processing on the response message accordingly.
* @param messageIsRequest Flags whether the message is a client request or
* a server response.
* @param remoteHost The hostname of the remote HTTP server.
* @param remotePort The port of the remote HTTP server.
* @param serviceIsHttps Flags whether the protocol is HTTPS or HTTP.
* @param httpMethod The method verb used in the client request.
* @param url The requested URL.
* @param resourceType The filetype of the requested resource, or a
* zero-length string if the resource has no filetype.
* @param statusCode The HTTP status code returned by the server. This value
* is <code>null</code> for request messages.
* @param responseContentType The content-type string returned by the
* server. This value is <code>null</code> for request messages.
* @param message The full HTTP message.
* @param action An array containing a single integer, allowing the
* implementation to communicate back to Burp Proxy a non-default
* interception action for the message. The default value is
* <code>ACTION_FOLLOW_RULES</code>. Set <code>action[0]</code> to one of
* the other possible values to perform a different action.
* @return Implementations should return either (a) the same object received
* in the <code>message</code> paramater, or (b) a different object
* containing a modified message.
*/
public abstract byte[] processProxyMessage(
int messageReference,
boolean messageIsRequest,
String remoteHost,
int remotePort,
boolean serviceIsHttps,
String httpMethod,
String url,
String resourceType,
String statusCode,
String responseContentType,
byte[] message,
int[] action);
/**
* Causes Burp Proxy to follow the current interception rules to determine
* the appropriate action to take for the message.
*/
public final static int ACTION_FOLLOW_RULES = 0;
/**
* Causes Burp Proxy to present the message to the user for manual
* review or modification.
*/
public final static int ACTION_DO_INTERCEPT = 1;
/**
* Causes Burp Proxy to forward the message to the remote server or client.
*/
public final static int ACTION_DONT_INTERCEPT = 2;
/**
* Causes Burp Proxy to drop the message and close the client connection.
*/
public final static int ACTION_DROP = 3;
/**
* Causes Burp Proxy to follow the current interception rules to determine
* the appropriate action to take for the message, and then make a second
* call to processProxyMessage.
*/
public final static int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
/**
* Causes Burp Proxy to present the message to the user for manual
* review or modification, and then make a second call to
* processProxyMessage.
*/
public final static int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
/**
* Causes Burp Proxy to skip user interception, and then make a second call
* to processProxyMessage.
*/
public final static int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
/**
* This method is invoked on startup. It registers an instance of the
* <code>IBurpExtenderCallbacks</code> interface, providing methods that
* may be invoked by the implementation to perform various actions.
*
* The call to registerExtenderCallbacks need not return, and
* implementations may use the invoking thread for any purpose.<p>
*
* @param callbacks An implementation of the
* <code>IBurpExtenderCallbacks</code> interface.
*/
public abstract void registerExtenderCallbacks(burp.IBurpExtenderCallbacks callbacks);
/**
* This method is invoked immediately before Burp Suite exits.
* It allows implementations to carry out any clean-up actions necessary
* (e.g. flushing log files or closing database resources).
*/
public abstract void applicationClosing();
/**
* This method is invoked whenever any of Burp's tools makes an HTTP request
* or receives a response. It allows extensions to intercept and modify the
* HTTP traffic of all Burp tools. For each request, the method is invoked
* after the request has been fully processed by the invoking tool and is
* about to be made on the network. For each response, the method is invoked
* after the response has been received from the network and before any
* processing is performed by the invoking tool.
*
* @param toolName The name of the Burp tool which is making the request.
* @param messageIsRequest Indicates whether the message is a request or
* response.
* @param messageInfo Details of the HTTP message.
*/
public abstract void processHttpMessage(
String toolName,
boolean messageIsRequest,
IHttpRequestResponse messageInfo);
/**
* This method is invoked whenever Burp Scanner discovers a new, unique
* issue, and can be used to perform customised reporting or logging of issues.
*
* @param issue Details of the new scan issue.
*/
public abstract void newScanIssue(IScanIssue issue);
}
|
A startscript for Burp Suite with autoloading CmdlinePlugin and PoCPlugin:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | #!/bin/sh
BURP_PATH=
JYTHON_PATH=
PLUGIN_PATH=
CP="$PLUGIN_PATH/burp_python.jar:$JYTHON_PATH/jython.jar:$BURP_PATH/burpsuite_pro_v1.4.05.jar"
java -Xmx1536m -classpath $CP burp.StartBurp --python-home=$JYTHON_PATH/Lib $@ |& while read line
do
echo "$line" | grep Listen > /dev/null
if [[ $? -eq 0 ]]
then
PORT=$(echo "$line" | sed 's/.*://')
echo -e "cd $PLUGIN_PATH\nadd CmdlinePlugin\nadd PoCPlugin\ncd $(pwd)\nquit\n" | \
nc localhost $PORT
fi
echo "$line"
done
|