public void extensionUnloaded() { Utilities.out("Unloading extension..."); Utilities.unloaded.set(true); }
public void extensionUnloaded() { Utilities.out("Aborting param bruteforce"); Utilities.unloaded.set(true); }
void printSettings() { for(String key: settings.keySet()) { Utilities.out(key + ": "+settings.get(key)); } }
public void extensionUnloaded() { Utilities.out("Extension unloading - triggering abort"); stop = true; Thread.currentThread().interrupt(); }
void printSettings() { for(String key: settings.keySet()) { Utilities.out(key + ": "+settings.get(key)); } }
void printSettings() { for(String key: settings.keySet()) { Utilities.out(key + ": "+settings.get(key)); } }
public void run() { try { while (!stop) { Thread.sleep(10000); collab.poll().forEach(e -> processInteraction(e)); } } catch (InterruptedException e) { Utilities.out("Interrupted"); } catch (Exception e) { Utilities.out("Error fetching/handling interactions: "+e.getMessage()); } Utilities.out("Shutting down collaborator monitor thread"); }
public static byte[] setHeader(byte[] request, String header, String value) { int[] offsets = getHeaderOffsets(request, header); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); try { outputStream.write( Arrays.copyOfRange(request, 0, offsets[1])); outputStream.write(helpers.stringToBytes(value)); outputStream.write(Arrays.copyOfRange(request, offsets[2], request.length)); return outputStream.toByteArray(); } catch (IOException e) { throw new RuntimeException("Request creation unexpectedly failed"); } catch (NullPointerException e) { Utilities.out("header locating fail: "+header); Utilities.out("'"+helpers.bytesToString(request)+"'"); throw new RuntimeException("Can't find the header"); } }
public static byte[] setHeader(byte[] request, String header, String value) { int[] offsets = getHeaderOffsets(request, header); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); try { outputStream.write( Arrays.copyOfRange(request, 0, offsets[1])); outputStream.write(helpers.stringToBytes(value)); outputStream.write(Arrays.copyOfRange(request, offsets[2], request.length)); return outputStream.toByteArray(); } catch (IOException e) { throw new RuntimeException("Request creation unexpectedly failed"); } catch (NullPointerException e) { Utilities.out("header locating fail: "+header); Utilities.out("'"+helpers.bytesToString(request)+"'"); throw new RuntimeException("Can't find the header"); } }
Correlator() { idToRequestID = new HashMap<>(); requests = new HashMap<>(); idToType = new HashMap<>(); burpIdToRequestID = new HashMap<>(); collab = Utilities.callbacks.createBurpCollaboratorClientContext(); client_ips = new HashSet<>(); try { String pollPayload = collab.generatePayload(true); Utilities.callbacks.makeHttpRequest(pollPayload, 80, false, ("GET / HTTP/1.1\r\nHost: " + pollPayload + "\r\n\r\n").getBytes()); for (IBurpCollaboratorInteraction interaction: collab.fetchCollaboratorInteractionsFor(pollPayload)) { client_ips.add(interaction.getProperty("client_ip")); } Utilities.out("Calculated your IPs: "+ client_ips.toString()); } catch (NullPointerException e) { Utilities.out("Unable to calculate client IP - collaborator may not be functional"); } catch (java.lang.IllegalArgumentException e) { Utilities.out("The Collaborator appears to be misconfigured. Please run a health check via Project Options->Misc. Also, note that Collaborator Everywhere does not support the IP-address mode."); } }
public void run() { HashMap<String, ArrayDeque<WorkTarget>> itemsByHost = splitItemsByHost(); try { to_spider = new PrintWriter("to_spider", "UTF-8"); Utilities.out("File will be created at "+System.getProperty("user.dir")+"/to_spider"); distributeWork(itemsByHost); } catch (FileNotFoundException e) { Utilities.err(e.getMessage()); } catch (UnsupportedEncodingException e) { Utilities.err(e.getMessage()); } finally { to_spider.close(); } completed = true; requests = null; }
@Override public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) { new Utilities(callbacks); callbacks.setExtensionName(name); try { StringUtils.isNumeric("1"); } catch (java.lang.NoClassDefFoundError e) { Utilities.out("Failed to import the Apache Commons Lang library. You can get it from http://commons.apache.org/proper/commons-lang/"); throw new NoClassDefFoundError(); } try { callbacks.getHelpers().analyzeResponseVariations(); } catch (java.lang.NoSuchMethodError e) { Utilities.out("This extension requires Burp Suite Pro 1.7.10 or later"); throw new NoSuchMethodError(); } FastScan scan = new FastScan(callbacks); callbacks.registerScannerCheck(scan); callbacks.registerExtensionStateListener(scan); callbacks.registerContextMenuFactory(new OfferParamGuess(callbacks)); Utilities.out("Loaded " + name + " v" + version); SwingUtilities.invokeLater(new ConfigMenu()); }
@Override public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) { new Utilities(callbacks); callbacks.setExtensionName(name); Correlator collab = new Correlator(); Monitor collabMonitor = new Monitor(collab); new Thread(collabMonitor).start(); callbacks.registerExtensionStateListener(collabMonitor); callbacks.registerProxyListener(new Injector(collab)); Utilities.out("Loaded " + name + " v" + version); } }
static IHttpRequestResponse attemptRequest(IHttpService service, byte[] req) { if(unloaded.get()) { Utilities.out("Extension unloaded - aborting attack"); throw new RuntimeException("Extension unloaded"); } IHttpRequestResponse result = null; for(int attempt=1; attempt<3; attempt++) { try { result = callbacks.makeHttpRequest(service, req); } catch(RuntimeException e) { Utilities.log(e.toString()); Utilities.log("Critical request error, retrying..."); continue; } if (result.getResponse() == null) { Utilities.log("Request failed, retrying..."); //requestResponse.setResponse(new byte[0]); } else { break; } } if (result.getResponse() == null) { Utilities.log("Request failed multiple times, giving up"); } return result; }
static IHttpRequestResponse attemptRequest(IHttpService service, byte[] req) { if(unloaded.get()) { Utilities.out("Extension unloaded - aborting attack"); throw new RuntimeException("Extension unloaded"); } IHttpRequestResponse result = null; for(int attempt=1; attempt<3; attempt++) { try { result = callbacks.makeHttpRequest(service, req); } catch(RuntimeException e) { Utilities.log(e.toString()); Utilities.log("Critical request error, retrying..."); continue; } if (result.getResponse() == null) { Utilities.log("Request failed, retrying..."); //requestResponse.setResponse(new byte[0]); } else { break; } } if (result.getResponse() == null) { Utilities.log("Request failed multiple times, giving up"); } return result; }
public byte[] injectPayloads(byte[] request, Integer requestCode) { //request = Utilities.replaceRequestLine(request, "GET @"+collabId + "/"+collabId.split("[.]")[0] + " HTTP/1.1"); //request = Utilities.addOrReplaceHeader(request, "Referer", "http://portswigger-labs.net/redirect.php?url=https://portswigger-labs.net/"+collabId); request = Utilities.addOrReplaceHeader(request, "Cache-Control", "no-transform"); for (String[] injection: injectionPoints) { String payload = injection[2].replace("%s", collab.generateCollabId(requestCode, injection[1])); // replace %h with corresponding Host header (same as with %s for Collaborator) payload = payload.replace("%h", Utilities.getHeader(request, "Host")); switch ( injection[0] ){ case "param": IParameter param = Utilities.helpers.buildParameter(injection[1], payload, IParameter.PARAM_URL); request = Utilities.helpers.removeParameter(request, param); request = Utilities.helpers.addParameter(request, param); break; case "header": request = Utilities.addOrReplaceHeader(request, injection[1], payload); break; default: Utilities.out("Unrecognised injection type: " + injection[0]); } } return request; }
@Override public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) { new Utilities(callbacks); Utilities.out("Loaded " + name + " v" + version ); SwingUtilities.invokeLater(new ConfigMenu()); Utilities.globalSettings.printSettings(); callbacks.setExtensionName(name); callbacks.registerHttpListener(new Throttler()); callbacks.registerContextMenuFactory(new OfferDistributedScan(callbacks)); } }
private static boolean findPersistent(IHttpRequestResponse baseRequestResponse, Attack paramGuess, String attackID, CircularFifoQueue<String> recentParams, ArrayList<String> currentParams, HashSet<String> alreadyReported) { if (currentParams == null) { currentParams = new ArrayList<>(); } byte[] failResp = paramGuess.getFirstRequest().getResponse(); if (failResp == null) { return false; } if (!Utilities.containsBytes(failResp, "wrtqva".getBytes())) { return false; } byte[] req = paramGuess.getFirstRequest().getRequest(); for(Iterator<String> params = recentParams.iterator(); params.hasNext();) { String param = params.next(); if(currentParams.contains(param) || alreadyReported.contains(param)) { continue; } byte[] canary = Utilities.helpers.stringToBytes(Utilities.toCanary(param.split("~", 2)[0]) + attackID); if (Utilities.containsBytes(failResp, canary) && !Utilities.containsBytes(req, canary)){ Utilities.out("Identified persistent parameter on "+Utilities.getURL(baseRequestResponse) + ":" + param); params.remove(); Utilities.callbacks.addScanIssue(new CustomScanIssue(baseRequestResponse.getHttpService(), Utilities.getURL(baseRequestResponse), paramGuess.getFirstRequest(), "Secret parameter", "Found persistent parameter: '"+param+"'. Disregard the request and look for " + Utilities.helpers.bytesToString(canary) + " in the response", "High", "Firm", "Investigate")); alreadyReported.add(param); return true; } } return false; }
Utilities.out("Aborting scan - all scanner checks disabled"); return issues;
Utilities.out("Can't autoscan identified parameter - requires pro edition"); return;