Class: Buby
- Inherits:
-
Object
- Object
- Buby
- Defined in:
- lib/buby.rb,
lib/buby/extends/scan_issue.rb,
lib/buby/extends/buby_array_wrapper.rb,
lib/buby/extends/http_request_response.rb
Overview
Buby is a mash-up of the commercial security testing web proxy PortSwigger Burp Suite(tm) allowing you to add scripting to Burp. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API.
The Buby class is an abstract implementation of a BurpExtender ruby handler. Included are several abstract event handlers used from the BurpExtender java implementation:
-
evt_extender_init
-
evt_proxy_message
-
evt_command_line_args
-
evt_register_callbacks
-
evt_application_closing
Buby also supports the newer event handlers available in Burp 1.2.09 and up:
-
evt_http_message
-
evt_scan_issue
This class also exposes several methods to access Burp functionality and user interfaces through the IBurpExtenderCallbacks interface (note, several abbreviated aliases also exist for each):
-
doActiveScan
-
doPassiveScan
-
excludeFromScope
-
includeInScope
-
isInScope
-
issueAlert
-
makeHttpRequest
-
sendToIntruder
-
sendToRepeater
-
sendToSpider
Buby also provides front-end ruby methods for the various callback methods supported by Burp. New callbacks have been cropping up in newer Burp versions frequently.
Available since Burp 1.2.09:
-
getProxyHistory
-
getSiteMap
-
restoreState
-
saveState
-
getParameters
-
getHeaders
Available since Burp 1.2.15:
-
getScanIssues
Available since Burp 1.2.17:
-
exitSuite
If you wish to access any of the IBurpExtenderCallbacks methods directly. You can use ‘burp_callbacks’ to obtain a reference.
Credit:
-
Burp and Burp Suite are trade-marks of PortSwigger Ltd.
Copyright 2008 PortSwigger Ltd. All rights reserved. See http://portswigger.net for license terms.
-
This ruby library and the accompanying BurpExtender.java implementation were written by Eric Monti @ Matasano Security.
Matasano claims no professional or legal affiliation with PortSwigger LTD. nor do we sell or officially endorse any of their products.
However, this author would like to express his personal and professional respect and appreciation for their making available the BurpExtender extension API. The availability of this interface in an already great tool goes a long way to make Burp Suite a truly first-class application.
-
Forgive the name. It won out over “Burb” and “BurpRub”. It’s just easier to type and say out-loud. Mike Tracy gets full credit as official Buby-namer.
Defined Under Namespace
Modules: HttpRequestResponseHelper, ScanIssueHelper Classes: BubyArrayWrapper, HttpRequestResponseList, ScanIssuesList
Constant Summary collapse
- LIBPATH =
:stopdoc:
::File.(::File.dirname(__FILE__)) + ::File::SEPARATOR
- PATH =
::File.dirname(LIBPATH) + ::File::SEPARATOR
- ACTION_FOLLOW_RULES =
BurpExtender::ACTION_FOLLOW_RULES
- ACTION_DO_INTERCEPT =
BurpExtender::ACTION_DO_INTERCEPT
- ACTION_DONT_INTERCEPT =
BurpExtender::ACTION_DONT_INTERCEPT
- ACTION_DROP =
BurpExtender::ACTION_DROP
- ACTION_FOLLOW_RULES_AND_REHOOK =
BurpExtender::ACTION_FOLLOW_RULES_AND_REHOOK
- ACTION_DO_INTERCEPT_AND_REHOOK =
BurpExtender::ACTION_DO_INTERCEPT_AND_REHOOK
- ACTION_DONT_INTERCEPT_AND_REHOOK =
BurpExtender::ACTION_DONT_INTERCEPT_AND_REHOOK
Class Method Summary collapse
-
.burp_loaded? ⇒ Boolean
Checks the Java namespace to see if Burp has been loaded.
-
.libpath(*args) ⇒ Object
Returns the library path for the module.
-
.load_burp(jar_path) ⇒ Object
Attempts to load burp with require and confirm it provides the required class in the Java namespace.
-
.path(*args) ⇒ Object
Returns the lpath for the module.
-
.require_all_libs_relative_to(fname, dir = nil) ⇒ Object
Utility method used to require all files ending in .rb that lie in the directory below this file that has the same name as the filename passed in.
-
.start_burp(h_class = nil, init_args = nil, args = nil) ⇒ Object
Starts burp using a supplied handler class, h_class = Buby or a derived class.
Instance Method Summary collapse
-
#_check_and_callback(meth, *args) ⇒ Object
This method is a __send__ callback gate for the IBurpExtenderCallbacks reference.
-
#_check_cb ⇒ Object
Internal method to check for the existence of the burp_callbacks reference before doing anything with it.
-
#activate! ⇒ Object
Makes this handler the active Ruby handler object for the BurpExtender Java runtime.
-
#burp_callbacks ⇒ Object
Returns the internal reference to the IBupExtenderCallbacks instance.
-
#burp_extender ⇒ Object
Returns the internal reference to the BurpExtender instance.
-
#doActiveScan(host, port, https, req) ⇒ Object
(also: #do_active_scan, #active_scan)
Send an HTTP request to the Burp Scanner tool to perform an active vulnerability scan.
-
#doPassiveScan(host, port, https, req, rsp) ⇒ Object
(also: #do_passive_scan, #passive_scan)
Send an HTTP request and response to the Burp Scanner tool to perform a passive vulnerability scan.
-
#evt_application_closing ⇒ Object
This method is called by BurpExtender right before closing the application.
-
#evt_command_line_args(args) ⇒ Object
This method is called by the BurpExtender implementation Burp startup.
-
#evt_extender_init(ext) ⇒ Object
This method is called by the BurpExtender java implementation upon initialization of the BurpExtender instance for Burp.
-
#evt_http_message(tool_name, is_request, message_info) ⇒ Object
This method is invoked whenever any of Burp’s tools makes an HTTP request or receives a response.
-
#evt_proxy_message(msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action) ⇒ Object
This method is called by BurpExtender while proxying HTTP messages and before passing them through the Burp proxy.
-
#evt_proxy_message_raw(msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action) ⇒ Object
Seems we need to specifically render our ‘message’ to a string here in ruby.
-
#evt_register_callbacks(cb) ⇒ Object
This method is called by BurpExtender on startup to register Burp’s IBurpExtenderCallbacks interface object.
-
#evt_scan_issue(issue) ⇒ Object
This method is invoked whenever Burp Scanner discovers a new, unique issue, and can be used to perform customised reporting or logging of detected issues.
-
#excludeFromScope(url) ⇒ Object
(also: #exclude_from_scope, #exclude_scope)
Exclude the specified URL from the Suite-wide scope.
-
#exitSuite(prompt_user = false) ⇒ Object
(also: #exit_suite, #close)
Shuts down Burp programatically.
-
#getHeaders(msg) ⇒ Object
(also: #headers, #get_headers)
Parses a raw HTTP message (request or response ) and returns an associative array containing the headers as they are structured in the ‘Headers’ tab in the Burp request/response viewer UI.
-
#getParameters(req) ⇒ Object
(also: #parameters, #get_parameters)
Parses a raw HTTP request message and returns an associative array containing parameters as they are structured in the ‘Parameters’ tab in the Burp request UI.
-
#getProxyHistory ⇒ Object
(also: #proxy_history, #get_proxy_history)
Returns a Java array of IHttpRequestResponse objects pulled directly from the Burp proxy history.
-
#getScanIssues(urlprefix = nil) ⇒ Object
(also: #scan_issues, #get_scan_issues)
This method returns all of the current scan issues for URLs matching the specified literal prefix.
-
#getSiteMap(urlprefix = nil) ⇒ Object
(also: #site_map, #get_site_map)
Returns a Java array of IHttpRequestResponse objects pulled directly from the Burp site map for all urls matching the specified literal prefix.
-
#harvest_cookies_from_history(cookie = nil, urlrx = nil, statefile = nil) ⇒ Object
Harvest cookies from a session’s proxy history.
-
#includeInScope(url) ⇒ Object
(also: #include_in_scope, #include_scope)
Include the specified URL in the Suite-wide scope.
-
#initialize(other = nil) ⇒ Buby
constructor
:startdoc:.
-
#isInScope(url) ⇒ Object
(also: #is_in_scope, #in_scope?)
Query whether a specified URL is within the current Suite-wide scope.
-
#issueAlert(msg) ⇒ Object
(also: #issue_alert, #alert)
Display a message in the Burp Suite alerts tab.
-
#makeHttpRequest(host, port, https, req) ⇒ Object
(also: #make_http_request, #make_request)
Issue an arbitrary HTTP request and retrieve its response * host = The hostname of the remote HTTP server.
-
#registerMenuItem(menuItemCaption, menuItemHandler) ⇒ Object
This method can be used to register a new menu item which will appear on the various context menus that are used throughout Burp Suite to handle user-driven actions.
-
#restoreState(filename) ⇒ Object
(also: #restore_state)
Restores Burp session state from a previously saved state file.
-
#saveState(filename) ⇒ Object
(also: #save_state)
Saves the current Burp session to a state file.
-
#search_proxy_history(statefile = nil, urlrx = nil) ⇒ Object
Searches the proxy history for the url’s matched by the specified regular expression (returns them all if urlrx is nil).
-
#sendToIntruder(host, port, https, req) ⇒ Object
(also: #send_to_intruder, #intruder)
Send an HTTP request to the Burp Intruder tool * host = The hostname of the remote HTTP server.
-
#sendToRepeater(host, port, https, req, tab = nil) ⇒ Object
(also: #send_to_repeater, #repeater)
Send an HTTP request to the Burp Repeater tool.
-
#sendToSpider(url) ⇒ Object
(also: #send_to_spider, #spider)
Send a seed URL to the Burp Spider tool.
-
#start_burp(args = []) ⇒ Object
Prepares the java BurpExtender implementation with a reference to self as the module handler and launches burp suite.
-
#with_proxy_history(statefile = nil) ⇒ Object
This is a convenience wrapper which can load a given burp state file and lets its caller to perform actions inside of a block on the proxy history contained in the loaded session.
-
#with_site_map(urlprefix = nil, statefile = nil) ⇒ Object
This is a convenience wrapper which can load a given burp state file and lets its caller to perform actions inside of a block on the site map contained in the loaded session.
-
#with_statefile(statefile = nil) {|_self| ... } ⇒ Object
This is a convenience wrapper which loads a given burp statefile and lets its caller perform actions via burp while its loaded on it inside of a block.
Constructor Details
Class Method Details
.burp_loaded? ⇒ Boolean
Checks the Java namespace to see if Burp has been loaded.
740 741 742 743 744 745 746 747 |
# File 'lib/buby.rb', line 740 def self.burp_loaded? begin include_class 'burp.StartBurp' return true rescue NameError return false end end |
.libpath(*args) ⇒ Object
Returns the library path for the module. If any arguments are given, they will be joined to the end of the libray path using File.join
.
755 756 757 |
# File 'lib/buby.rb', line 755 def self.libpath( *args ) args.empty? ? LIBPATH : ::File.join(LIBPATH, args.flatten) end |
.load_burp(jar_path) ⇒ Object
Attempts to load burp with require and confirm it provides the required class in the Java namespace.
Returns: true/false depending on whether the required jar provides us the required class
Raises: may raise the usual require exceptions if jar_path is bad.
734 735 736 737 |
# File 'lib/buby.rb', line 734 def self.load_burp(jar_path) require jar_path return burp_loaded? end |
.path(*args) ⇒ Object
Returns the lpath for the module. If any arguments are given, they will be joined to the end of the path using File.join
.
763 764 765 |
# File 'lib/buby.rb', line 763 def self.path( *args ) args.empty? ? PATH : ::File.join(PATH, args.flatten) end |
.require_all_libs_relative_to(fname, dir = nil) ⇒ Object
Utility method used to require all files ending in .rb that lie in the directory below this file that has the same name as the filename passed in. Optionally, a specific directory name can be passed in such that the filename does not have to be equivalent to the directory.
772 773 774 775 776 777 778 |
# File 'lib/buby.rb', line 772 def self.require_all_libs_relative_to( fname, dir = nil ) dir ||= ::File.basename(fname, '.*') search_me = ::File.( ::File.join(::File.dirname(fname), dir, '**', '*.rb')) Dir.glob(search_me).sort.each {|rb| require rb} end |
.start_burp(h_class = nil, init_args = nil, args = nil) ⇒ Object
Starts burp using a supplied handler class,
h_class = Buby or a derived class. instance of which will become handler.
args = arguments to Burp
init_args = arguments to the handler constructor
Returns the handler instance
720 721 722 723 724 725 |
# File 'lib/buby.rb', line 720 def self.start_burp(h_class=nil, init_args=nil, args=nil) h_class ||= self init_args ||= [] args ||= [] h_class.new(*init_args).start_burp(args) end |
Instance Method Details
#_check_and_callback(meth, *args) ⇒ Object
This method is a __send__ callback gate for the IBurpExtenderCallbacks reference. It first checks to see if a method is available before calling with the specified arguments, and raises an exception if it is unavailable.
-
meth = string or symbol name of method
-
args = variable length array of arguments to pass to meth
238 239 240 241 242 243 244 |
# File 'lib/buby.rb', line 238 def _check_and_callback(meth, *args) cb = _check_cb unless cb.respond_to?(meth) raise "#{meth} is not available in your version of Burp" end cb.__send__ meth, *args end |
#_check_cb ⇒ Object
Internal method to check for the existence of the burp_callbacks reference before doing anything with it.
115 116 117 |
# File 'lib/buby.rb', line 115 def _check_cb @burp_callbacks or raise "Burp callbacks have not been set" end |
#activate! ⇒ Object
Makes this handler the active Ruby handler object for the BurpExtender Java runtime. (there can be only one!)
99 100 101 |
# File 'lib/buby.rb', line 99 def activate! BurpExtender.set_handler(self) end |
#burp_callbacks ⇒ Object
Returns the internal reference to the IBupExtenderCallbacks instance. This reference gets set from Java through the evt_register_callbacks method. It is exposed to allow you to access the IBurpExtenderCallbacks instance directly if you so choose.
111 |
# File 'lib/buby.rb', line 111 def burp_callbacks; @burp_callbacks; end |
#burp_extender ⇒ Object
Returns the internal reference to the BurpExtender instance. This reference gets set from Java through the evt_extender_init method.
105 |
# File 'lib/buby.rb', line 105 def burp_extender; @burp_extender; end |
#doActiveScan(host, port, https, req) ⇒ Object Also known as: do_active_scan, active_scan
Send an HTTP request to the Burp Scanner tool to perform an active vulnerability scan.
* host = The hostname of the remote HTTP server.
* port = The port of the remote HTTP server.
* https = Flags whether the protocol is HTTPS or HTTP.
* req = The full HTTP request. (String or Java bytes[])
125 126 127 128 |
# File 'lib/buby.rb', line 125 def doActiveScan(host, port, https, req) req = req.to_java_bytes if req.is_a? String _check_cb.doActiveScan(host, port, https, req) end |
#doPassiveScan(host, port, https, req, rsp) ⇒ Object Also known as: do_passive_scan, passive_scan
Send an HTTP request and response to the Burp Scanner tool to perform a passive vulnerability scan.
* host = The hostname of the remote HTTP server.
* port = The port of the remote HTTP server.
* https = Flags whether the protocol is HTTPS or HTTP.
* req = The full HTTP request. (String or Java bytes[])
* rsp = The full HTTP response. (String or Java bytes[])
139 140 141 142 143 |
# File 'lib/buby.rb', line 139 def doPassiveScan(host, port, https, req, rsp) req = req.to_java_bytes if req.is_a? String rsp = rsp.to_java_bytes if rsp.is_a? String _check_cb.doPassiveScan(host, port, https, req, rsp) end |
#evt_application_closing ⇒ Object
This method is called by BurpExtender right before closing the application. Implementations can use this method to perform cleanup tasks such as closing files or databases before exit.
604 605 606 |
# File 'lib/buby.rb', line 604 def evt_application_closing pp([:got_app_close]) if $DEBUG end |
#evt_command_line_args(args) ⇒ Object
This method is called by the BurpExtender implementation Burp startup. The args parameter contains main()‘s argv command-line arguments array.
Note: This maps to the ‘setCommandLineArgs’ method in the java implementation of BurpExtender.
The return value is ignored.
370 371 372 |
# File 'lib/buby.rb', line 370 def evt_command_line_args args pp([:got_args, args]) if $DEBUG end |
#evt_extender_init(ext) ⇒ Object
This method is called by the BurpExtender java implementation upon initialization of the BurpExtender instance for Burp. The args parameter is passed with a instance of the newly initialized BurpExtender instance so that implementations can access and extend its public interfaces.
The return value is ignored.
358 359 360 361 |
# File 'lib/buby.rb', line 358 def evt_extender_init ext @burp_extender = ext pp([:got_extender, ext]) if $DEBUG end |
#evt_http_message(tool_name, is_request, message_info) ⇒ Object
This method is invoked whenever any of Burp’s tools makes an HTTP request or receives a response. This is effectively a generalised version of the pre-existing evt_proxy_message method, and can be used to intercept and modify the HTTP traffic of all Burp tools.
IMPORTANT: This event handler is only used in Burp version 1.2.09 and higher.
Note: this method maps to the processHttpMessage BurpExtender Java method.
This method should be overridden if you wish to implement functionality relating to generalized requests and responses from any BurpSuite tool.
You may want to use evt_proxy_message if you only intend to work on proxied messages. Note, however, the IHttpRequestResponse Java object is not used in evt_proxy_message and gives evt_http_message a somewhat nicer interface to work with.
Parameters:
-
tool_name = a string name of the tool that generated the message
-
is_request = boolean true = request / false = response
-
message_info = an instance of the IHttpRequestResponse Java class with methods for accessing and manipulating various attributes of the message.
579 580 581 582 |
# File 'lib/buby.rb', line 579 def (tool_name, is_request, ) HttpRequestResponseHelper.implant() pp([:got_http_message, tool_name, is_request, ]) if $DEBUG end |
#evt_proxy_message(msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action) ⇒ Object
This method is called by BurpExtender while proxying HTTP messages and before passing them through the Burp proxy. Implementations can use this method to implement arbitrary processing upon HTTP requests and responses such as interception, logging, modification, and so on.
The ‘is_req’ parameter indicates whether it is a response or request.
Note: This method maps to the ‘processProxyMessage’ method in the java implementation of BurpExtender.
See also, evt_proxy_message_raw which is actually called before this in the BurpExtender processProxyMessage handler.
Below are the parameters descriptions based on the IBurpExtender javadoc. Where applicable, decriptions have been modified for local parameter naming and other ruby-specific details added.
-
msg_ref: An identifier which is unique to a single request/response pair. This can be used to correlate details of requests and responses and perform processing on the response message accordingly. This number also corresponds to the Burp UI’s proxy “history” # column.
-
is_req: (true/false) Flags whether the message is a client request or a server response.
-
rhost: The hostname of the remote HTTP server.
-
rport: The port of the remote HTTP server.
-
is_https: Flags whether the protocol is HTTPS or HTTP.
-
http_meth: The method verb used in the client request.
-
url: The requested URL. Set in both the request and response.
-
resourceType: The filetype of the requested resource, or nil if the resource has no filetype.
-
status: The HTTP status code returned by the server. This value is nil for request messages.
-
req_content_type: The content-type string returned by the server. This value is nil for request messages.
-
message: The full HTTP message.
**Ruby note:
For convenience, the message is received and returned as a ruby String object. Internally within Burp it is handled as a java byte[] array. See also the notes about the return object below.
-
action: An array containing a single integer, allowing the implementation to communicate back to Burp Proxy a non-default interception action for the message. The default value is ACTION_FOLLOW_RULES (or 0). Possible values include:
ACTION_FOLLOW_RULES = 0 ACTION_DO_INTERCEPT = 1 ACTION_DONT_INTERCEPT = 2 ACTION_DROP = 3
Refer to the BurpExtender.java source comments for more details.
Return Value:
Implementations should return either (a) the same object received
in the message paramater, or (b) a different object containing a
modified message.
**IMPORTANT RUBY NOTE: Always be sure to return a new object if making modifications to messages.
Explanation: The (a) and (b) convention above is followed rather literally during type conversion on the return value back into the java BurpExtender.
When determining whether a change has been made in the message or not, the decision is made based on whether the object returned is the same as the object submitted in the call to evt_proxy_message.
So, for example, using in-place modification of the message using range substring assignments or destructive method variations like String.sub!() and String.gsub! alone won’t work because the same object gets returned to BurpExtender.
In short, this means that if you want modifications to be made, be sure to return a different String than the one you got in your handler.
So for example this code won’t do anything at all:
...
.sub!(/^GET /, "HEAD ")
return
Nor this:
[0..4] = "HEAD "
return
But this will
...
return message.sub(/^GET /, "HEAD ")
And so will this
...
[0..4] = "HEAD "
return .dup
534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 |
# File 'lib/buby.rb', line 534 def msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, , action pp([ (is_req)? :got_proxy_request : :got_proxy_response, [:msg_ref, msg_ref], [:is_req, is_req], [:rhost, rhost], [:rport, rport], [:is_https, is_https], [:http_meth, http_meth], [:url, url], [:resourceType, resourceType], [:status, status], [:req_content_type, req_content_type], [:message, ], [:action, action[0]] ]) if $DEBUG return end |
#evt_proxy_message_raw(msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, message, action) ⇒ Object
Seems we need to specifically render our ‘message’ to a string here in ruby. Otherwise there’s flakiness when converting certain binary non-ascii sequences. As long as we do it here, it should be fine.
Note: This method maps to the ‘processProxyMessage’ method in the java implementation of BurpExtender.
This method just handles the conversion to and from evt_proxy_message which expects a message string
404 405 406 407 408 409 410 411 412 |
# File 'lib/buby.rb', line 404 def msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, , action pp [:evt_proxy_message_raw_hit, msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, , action ] if $DEBUG str_msg = String.from_java_bytes() ret = (msg_ref, is_req, rhost, rport, is_https, http_meth, url, resourceType, status, req_content_type, str_msg, action) = ret.to_java_bytes if ret.object_id != str_msg.object_id return end |
#evt_register_callbacks(cb) ⇒ Object
This method is called by BurpExtender on startup to register Burp’s IBurpExtenderCallbacks interface object.
This maps to the ‘registerExtenderCallbacks’ method in the Java implementation of BurpExtender.
The return value is ignored.
381 382 383 384 385 |
# File 'lib/buby.rb', line 381 def evt_register_callbacks cb @burp_callbacks = cb cb.issueAlert("[JRuby::#{self.class}] registered callback") pp([:got_callbacks, cb]) if $DEBUG end |
#evt_scan_issue(issue) ⇒ Object
This method is invoked whenever Burp Scanner discovers a new, unique issue, and can be used to perform customised reporting or logging of detected issues.
IMPORTANT: This event handler is only used in Burp version 1.2.09 and higher.
Note: this method maps to the BurpExtender Java method.
Parameters:
-
issue = an instance of the IScanIssue Java class with methods for viewing information on the scan issue that was generated.
596 597 598 599 |
# File 'lib/buby.rb', line 596 def evt_scan_issue(issue) ScanIssueHelper.implant(issue) pp([:got_scan_issue, issue]) if $DEBUG end |
#excludeFromScope(url) ⇒ Object Also known as: exclude_from_scope, exclude_scope
Exclude the specified URL from the Suite-wide scope.
* url = The URL to exclude from the Suite-wide scope.
149 150 151 152 |
# File 'lib/buby.rb', line 149 def excludeFromScope(url) url = java.net.URL.new(url) if url.is_a? String _check_cb.excludeFromScope(url) end |
#exitSuite(prompt_user = false) ⇒ Object Also known as: exit_suite, close
Shuts down Burp programatically. If the method returns the user cancelled the shutdown prompt.
331 332 333 |
# File 'lib/buby.rb', line 331 def exitSuite(prompt_user=false) _check_and_callback(:exitSuite, prompt_user ? true : false) end |
#getHeaders(msg) ⇒ Object Also known as: headers, get_headers
Parses a raw HTTP message (request or response ) and returns an associative array containing the headers as they are structured in the ‘Headers’ tab in the Burp request/response viewer UI.
IMPORTANT: This method is only available with Burp 1.2.09 and higher.
msg = raw request/response (String or Java bytes[])
322 323 324 325 |
# File 'lib/buby.rb', line 322 def getHeaders(msg) msg = msg.to_java_bytes if msg.is_a? String _check_and_callback(:getHeaders, msg) end |
#getParameters(req) ⇒ Object Also known as: parameters, get_parameters
Parses a raw HTTP request message and returns an associative array containing parameters as they are structured in the ‘Parameters’ tab in the Burp request UI.
IMPORTANT: This method is only available with Burp 1.2.09 and higher.
req = raw request (String or Java bytes[])
307 308 309 310 |
# File 'lib/buby.rb', line 307 def getParameters(req) req = req.to_java_bytes if req.is_a? String _check_and_callback(:getParameters, req) end |
#getProxyHistory ⇒ Object Also known as: proxy_history, get_proxy_history
Returns a Java array of IHttpRequestResponse objects pulled directly from the Burp proxy history.
249 250 251 |
# File 'lib/buby.rb', line 249 def getProxyHistory HttpRequestResponseList.new(_check_and_callback(:getProxyHistory)) end |
#getScanIssues(urlprefix = nil) ⇒ Object Also known as: scan_issues, get_scan_issues
This method returns all of the current scan issues for URLs matching the specified literal prefix. The prefix can be nil to match all issues.
IMPORTANT: This method is only available with Burp 1.2.15 and higher.
270 271 272 |
# File 'lib/buby.rb', line 270 def getScanIssues(urlprefix=nil) ScanIssuesList.new( _check_and_callback(:getScanIssues, urlprefix) ) end |
#getSiteMap(urlprefix = nil) ⇒ Object Also known as: site_map, get_site_map
Returns a Java array of IHttpRequestResponse objects pulled directly from the Burp site map for all urls matching the specified literal prefix. The prefix can be nil to return all objects.
259 260 261 |
# File 'lib/buby.rb', line 259 def getSiteMap(urlprefix=nil) HttpRequestResponseList.new(_check_and_callback(:getSiteMap, urlprefix)) end |
#harvest_cookies_from_history(cookie = nil, urlrx = nil, statefile = nil) ⇒ Object
Harvest cookies from a session’s proxy history.
Params:
cookie = optional: name of cookie to harvest
urlrx = optional: regular expression to match urls against
statefile = optional: filename for a burp session file to temporarily load
and harvest from.
Takes an optional block as additional ‘select’ criteria for cookies. The block return value of true/false will determine whether a cookie string is selected.
692 693 694 695 696 697 698 699 700 701 702 |
# File 'lib/buby.rb', line 692 def (=nil, urlrx=nil, statefile=nil) ret = [] search_proxy_history(statefile, urlrx) do |hrr| if heads=hrr.rsp_headers ret += heads.select do |h| h[0].downcase == 'set-cookie' and (not block_given? or yield(h[1])) end.map{|h| h[1]} end end return ret end |
#includeInScope(url) ⇒ Object Also known as: include_in_scope, include_scope
Include the specified URL in the Suite-wide scope.
* url = The URL to exclude in the Suite-wide scope.
158 159 160 161 |
# File 'lib/buby.rb', line 158 def includeInScope(url) url = java.net.URL.new(url) if url.is_a? String _check_cb.includeInScope(url) end |
#isInScope(url) ⇒ Object Also known as: is_in_scope, in_scope?
Query whether a specified URL is within the current Suite-wide scope.
* url = The URL to query
Returns: true / false
169 170 171 172 |
# File 'lib/buby.rb', line 169 def isInScope(url) url = java.net.URL.new(url) if url.is_a? String _check_cb.isInScope(url) end |
#issueAlert(msg) ⇒ Object Also known as: issue_alert, alert
Display a message in the Burp Suite alerts tab.
* msg = The alert message to display.
178 179 180 |
# File 'lib/buby.rb', line 178 def issueAlert(msg) _check_cb.issueAlert(msg.to_s) end |
#makeHttpRequest(host, port, https, req) ⇒ Object Also known as: make_http_request, make_request
Issue an arbitrary HTTP request and retrieve its response
* host = The hostname of the remote HTTP server.
* port = The port of the remote HTTP server.
* https = Flags whether the protocol is HTTPS or HTTP.
* req = The full HTTP request. (String or Java bytes[])
Returns: The full response retrieved from the remote server.
191 192 193 194 |
# File 'lib/buby.rb', line 191 def makeHttpRequest(host, port, https, req) req = req.to_java_bytes if req.is_a? String String.from_java_bytes( _check_cb.makeHttpRequest(host, port, https, req) ) end |
#registerMenuItem(menuItemCaption, menuItemHandler) ⇒ Object
This method can be used to register a new menu item which will appear on the various context menus that are used throughout Burp Suite to handle user-driven actions.
on the menu item.
345 346 347 348 |
# File 'lib/buby.rb', line 345 def registerMenuItem(, ) _check_and_callback(:registerMenuItem, , ) issueAlert("Handler #{} registered for \"#{}\"") end |
#restoreState(filename) ⇒ Object Also known as: restore_state
Restores Burp session state from a previously saved state file. See also: saveState
IMPORTANT: This method is only available with Burp 1.2.09 and higher.
-
filename = path and filename of the file to restore from
283 284 285 |
# File 'lib/buby.rb', line 283 def restoreState(filename) _check_and_callback(:restoreState, java.io.File.new(filename)) end |
#saveState(filename) ⇒ Object Also known as: save_state
Saves the current Burp session to a state file. See also restoreState.
IMPORTANT: This method is only available with Burp 1.2.09 and higher.
-
filename = path and filename of the file to save to
294 295 296 |
# File 'lib/buby.rb', line 294 def saveState(filename) _check_and_callback(:saveState, java.io.File.new(filename)) end |
#search_proxy_history(statefile = nil, urlrx = nil) ⇒ Object
Searches the proxy history for the url’s matched by the specified regular expression (returns them all if urlrx is nil).
A statefile to search in can optionally be specified or the existing state will be used if statefile is nil.
This method also accepts an optional block which is passed each of the matched history members.
671 672 673 674 675 676 677 678 679 |
# File 'lib/buby.rb', line 671 def search_proxy_history(statefile=nil, urlrx=nil) ret = [] with_proxy_history(statefile) do |r| if (not urlrx) or r.url.to_s =~ urlrx ret << r if (not block_given?) or yield(r) end end return ret end |
#sendToIntruder(host, port, https, req) ⇒ Object Also known as: send_to_intruder, intruder
Send an HTTP request to the Burp Intruder tool
* host = The hostname of the remote HTTP server.
* port = The port of the remote HTTP server.
* https = Flags whether the protocol is HTTPS or HTTP.
* req = The full HTTP request. (String or Java bytes[])
203 204 205 206 |
# File 'lib/buby.rb', line 203 def sendToIntruder(host, port, https, req) req = req.to_java_bytes if req.is_a? String _check_cb.sendToIntruder(host, port, https, req) end |
#sendToRepeater(host, port, https, req, tab = nil) ⇒ Object Also known as: send_to_repeater, repeater
Send an HTTP request to the Burp Repeater tool.
* host = The hostname of the remote HTTP server.
* port = The port of the remote HTTP server.
* https = Flags whether the protocol is HTTPS or HTTP.
* req = The full HTTP request. (String or Java bytes[])
* tab = The tab caption displayed in Repeater. (default: auto-generated)
216 217 218 219 |
# File 'lib/buby.rb', line 216 def sendToRepeater(host, port, https, req, tab=nil) req = req.to_java_bytes if req.is_a? String _check_cb.sendToRepeater(host, port, https, req, tab) end |
#sendToSpider(url) ⇒ Object Also known as: send_to_spider, spider
Send a seed URL to the Burp Spider tool.
* url = The new seed URL to begin spidering from.
225 226 227 228 |
# File 'lib/buby.rb', line 225 def sendToSpider(url) url = java.net.URL.new(url) if url.is_a? String _check_cb.includeInScope(url) end |
#start_burp(args = []) ⇒ Object
Prepares the java BurpExtender implementation with a reference to self as the module handler and launches burp suite.
708 709 710 711 712 |
# File 'lib/buby.rb', line 708 def start_burp(args=[]) activate!() Java::Burp::StartBurp.main(args.to_java(:string)) return self end |
#with_proxy_history(statefile = nil) ⇒ Object
This is a convenience wrapper which can load a given burp state file and lets its caller to perform actions inside of a block on the proxy history contained in the loaded session.
If a statefile argument isn’t specified current burp session state is used.
Yields each entry in the proxy history to a block.
630 631 632 633 634 |
# File 'lib/buby.rb', line 630 def with_proxy_history(statefile=nil) with_statefile(statefile) do |this| this.proxy_history.each {|h| yield h } end end |
#with_site_map(urlprefix = nil, statefile = nil) ⇒ Object
This is a convenience wrapper which can load a given burp state file and lets its caller to perform actions inside of a block on the site map contained in the loaded session.
If a statefile argument isn’t specified current burp session state is used.
Yields each entry in the site map to a block.
617 618 619 620 621 |
# File 'lib/buby.rb', line 617 def with_site_map(urlprefix=nil, statefile=nil) with_statefile(statefile) do |this| this.site_map(urlprefix).each {|h| yield h } end end |
#with_statefile(statefile = nil) {|_self| ... } ⇒ Object
This is a convenience wrapper which loads a given burp statefile and lets its caller perform actions via burp while its loaded on it inside of a block. The old state is restored after the block completes.
It can safely be run with a nil statefile argument in which the current burp session state is used.
642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 |
# File 'lib/buby.rb', line 642 def with_statefile(statefile=nil) if statefile # save current state: old_state=".#{$$}.#{Time.now.to_i}.state.bak" self.alert "Saving current state to temp statefile: #{old_state}" self.save_state(old_state) self.alert "Restoring state: #{statefile}" self.restore_state(statefile) end yield self if statefile # restore original state self.alert "Restoring temp statefile: #{old_state}" self.restore_state old_state self.alert "Deleting temp state file: #{old_state}" File.unlink old_state end end |