@Override public void insertUpdate(DocumentEvent e) { changedUpdate(e); }
@Override protected void initPassiveScan() { extensionName = "Software Vulnerability Scanner"; settingsNamespace = "VULNERS_"; BurpSuiteTab mTab = new BurpSuiteTab("Software Vulnerability Scanner", callbacks); this.tabComponent = new TabComponent(this, callbacks, domains); mTab.addComponent(tabComponent.getRootPanel()); vulnersService = new VulnersService(this, callbacks, helpers, domains, tabComponent); vulnersService.loadRules(); }
@Override public void onFail(JSONObject error) { // update gui component tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected()); callbacks.addScanIssue(new SoftwareIssue( baseRequestResponse, helpers, callbacks, startStop, domains.get(domainName).getSoftware().get(software.getKey()) )); } });
this.domains = domains; $$$setupUI$$$(); final RulesTableListener ruleTableListener = new RulesTableListener(callbacks, this.tblRules, this.rulesTable.getDefaultModel(), burpExtender); this.tblRules.getModel().addTableModelListener(ruleTableListener); tbxProxyHost.getDocument().addDocumentListener(getProxyTextChangeListener()); tbxProxyPort.getDocument().addDocumentListener(getProxyTextChangeListener()); cbxProxyEnabled.addActionListener(getProxyChangeListener());
@Override public void onSuccess(JSONObject data) { JSONObject rules = data.getJSONObject("rules"); Iterator<String> ruleKeys = rules.keys(); DefaultTableModel ruleModel = tabComponent.getRulesTable().getDefaultModel(); ruleModel.setRowCount(0); //reset table while (ruleKeys.hasNext()) { String key = ruleKeys.next(); final JSONObject v = rules.getJSONObject(key); ruleModel.addRow(new Object[]{key, v.getString("regex"), v.getString("alias"), v.getString("type")}); try { Pattern pattern = Pattern.compile(v.getString("regex")); System.out.println("[NEW] " + pattern); burpExtender.getMatchRules().put(key, new HashMap<String, String>() {{ put("regex", v.getString("regex")); put("alias", v.getString("alias")); put("type", v.getString("type")); }}); // Match group 1 - is important burpExtender.addMatchRule(new MatchRule(pattern, 1, key, ScanIssueSeverity.LOW, ScanIssueConfidence.CERTAIN)); } catch (PatternSyntaxException pse) { callbacks.printError("Unable to compile pattern: " + v.getString("regex") + " for: " + key); burpExtender.printStackTrace(pse); } } } });
@Override public void onScannerSuccess(Set<Vulnerability> vulnerabilities) { // update cache domains.get(domainName) .getPaths() .put(path, vulnerabilities); // update gui component tabComponent.getPathsTable().getDefaultModel().addRow(new Object[]{ domainName, path, Utils.getMaxScore(vulnerabilities), Utils.getVulnersList(vulnerabilities) }); // add Burp issue callbacks.addScanIssue(new PathIssue( baseRequestResponse, helpers, callbacks, path, vulnerabilities )); } });
@Override public List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse) { List<IScanIssue> issues = super.doPassiveScan(baseRequestResponse); URL url = helpers.analyzeRequest(baseRequestResponse).getUrl(); /* * Here we check possible vulnerabilities related on request path */ if ((tabComponent.getCbxPathScanInScope().isSelected() && !callbacks.isInScope(url)) || !tabComponent.getCbxPathSearch().isSelected()) { return issues; } String domainName = url.getHost(); String path = url.getPath(); Domain domain = domains.get(domainName); if (domain == null) { domains.put(domainName, domain = new Domain()); } if (!domain.getPaths().containsKey(path)) { callbacks.printOutput("[Vulners] adding new path '" + path + "' for domain " + domainName); domain.getPaths().put(path, null); vulnersService.checkURLPath(domainName, path, baseRequestResponse); } return issues; }
createUIComponents(); rootPanel = new JPanel(); rootPanel.setLayout(new GridLayoutManager(5, 19, new Insets(0, 0, 0, 0), -1, -1));
@Override public void onScannerSuccess(Set<Vulnerability> vulnerabilities) { for (Vulnerability vulnerability : vulnerabilities) { // update cache domains.get(domainName) .getSoftware() .get(software.getKey()) .getVulnerabilities() .add(vulnerability); } // update gui component tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected()); // add Burp issue callbacks.addScanIssue(new SoftwareIssue( baseRequestResponse, helpers, callbacks, startStop, domains.get(domainName).getSoftware().get(software.getKey()) )); }
@Override public void removeUpdate(DocumentEvent e) { changedUpdate(e); }