Class: Buby::ScannerCheck

Inherits:

Object

• Object
• Buby::ScannerCheck

Includes:

Java::Burp::IScannerCheck

Defined in:

lib/buby/scanner_check.rb

Overview

TODO:

DSL methods

Extensions can implement this interface and then call #registerScannerCheck to register a custom Scanner check. When performing scanning, Burp will ask the check to perform active or passive scanning on the base request, and report any Scanner issues that are identified.

Constant Summary

REPORT_EXISTING =

-1

REPORT_BOTH =

0

REPORT_NEW =

1

Instance Method Summary

• #consolidateDuplicateIssues(existingIssue, newIssue) ⇒ Object abstract

  The Scanner invokes this method when the custom Scanner check has reported multiple issues for the same URL path.

• #doActiveScan(baseRequestResponse, insertionPoint) ⇒ Array<IScanIssue>^? abstract

  The Scanner invokes this method for each insertion point that is actively scanned.

• #doPassiveScan(baseRequestResponse) ⇒ Array<IScanIssue>^? abstract

  The Scanner invokes this method for each base request / response that is passively scanned.

Instance Method Details

#consolidateDuplicateIssues(existingIssue, newIssue) ⇒ Object

This method is abstract.

subclass and override to proccess scan issues

The Scanner invokes this method when the custom Scanner check has reported multiple issues for the same URL path. This can arise either because there are multiple distinct vulnerabilities, or because the same (or a similar) request has been scanned more than once. The custom check should determine whether the issues are duplicates. In most cases, where a check uses distinct issue names or descriptions for distinct issues, the consolidation process will simply be a matter of comparing these features for the two issues.

Parameters:

• existingIssue (IScanIssue) —

  An issue that was previously reported by this Scanner check.

• newIssue (IScanIssue) —

  An issue at the same URL path that has been newly reported by this Scanner check.

Returns:

• An indication of which issue(s) should be reported in the main Scanner results. The method should return

  • REPORT_EXISTING to report the existing issue only,

  • REPORT_BOTH to report both issues, and

  • REPORT_NEW to report the new issue only.

# File 'lib/buby/scanner_check.rb', line 79

def consolidateDuplicateIssues(existingIssue, newIssue)
  pp [:got_consolidateDuplicateIssues, existingIssue, newIssue]
  REPORT_BOTH
end

#doActiveScan(baseRequestResponse, insertionPoint) ⇒ Array<IScanIssue>^?

This method is abstract.

subclass and call super

Note:

Extensions are responsible for ensuring that attack payloads are suitably encoded within requests (for example, by URL-encoding relevant metacharacters in the URL query string). Encoding is not automatically carried out by the IScannerInsertionPoint, because this would prevent Scanner checks from testing for certain input filter bypasses. Extensions should query the IScannerInsertionPoint to determine its type, and apply any encoding that may be appropriate.

The Scanner invokes this method for each insertion point that is actively scanned. Extensions may issue HTTP requests as required to carry out active scanning, and should use the IScannerInsertionPoint object provided to build scan requests for particular payloads.

Parameters:

• baseRequestResponse (IHttpRequestResponse) —

  The base HTTP request / response that should be actively scanned.

• insertionPoint (IScannerInsertionPoint) —

  An object that can be queried to obtain details of the insertion point being tested, and can be used to build scan requests for particular payloads.

Returns:

• (Array<IScanIssue>, nil) —

  A list of IScanIssue objects, or nil if no issues are identified.

# File 'lib/buby/scanner_check.rb', line 55

def doActiveScan(baseRequestResponse, insertionPoint)
  pp [:got_doActiveScan, baseRequestResponse, insertionPoint] if $DEBUG
  Buby::HttpRequestResponseHelper.implant baseRequestResponse
  Buby::Implants::ScannerInsertionPoint.implant insertionPoint
  nil
end

#doPassiveScan(baseRequestResponse) ⇒ Array<IScanIssue>^?

This method is abstract.

subclass and call super

Note:

Extensions should not only analyze the HTTP messages provided during passive scanning, and should not make any new HTTP requests of their own.

The Scanner invokes this method for each base request / response that is passively scanned.

Parameters:

• baseRequestResponse (IHttpRequestResponse) —

  The base HTTP request / response that should be passively scanned.

Returns:

• (Array<IScanIssue>, nil) —

  A list of IScanIssue objects, or nil if no issues are identified.

# File 'lib/buby/scanner_check.rb', line 28

def doPassiveScan(baseRequestResponse)
  pp [:got_doPassiveScan, baseRequestResponse] if $DEBUG
  Buby::HttpRequestResponseHelper.implant baseRequestResponse
  nil
end