crash.software
Projects
Pull Requests
Issues
Builds
autorize
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY autorize Commits e9b97a2c
🤬
  • ■ ■ ■ ■ ■ ■
    Autorize.py
    1 1  #!/usr/bin/env python
    2 2  # -*- coding: utf-8 -*-
    3 3   
    4  -from burp import IBurpExtender
    5  -from burp import IHttpListener
    6  - 
     4 +from burp import IBurpExtender, IHttpListener, IProxyListener
    7 5  from authorization.authorization import handle_message
    8  - 
    9 6  from helpers.initiator import Initiator
     7 +from helpers.filters import handle_proxy_message
    10 8   
    11  -class BurpExtender(IBurpExtender, IHttpListener):
     9 +class BurpExtender(IBurpExtender, IHttpListener, IProxyListener):
    12 10   
    13 11   def registerExtenderCallbacks(self, callbacks):
    14 12   self._callbacks = callbacks
    skipped 21 lines
    36 34   def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
    37 35   handle_message(self, toolFlag, messageIsRequest, messageInfo)
    38 36   
     37 + #
     38 + # implement IProxyListener
     39 + #
     40 + def processProxyMessage(self, messageIsRequest, message):
     41 + handle_proxy_message(self,message)
     42 +
     43 + 
  • ■ ■ ■ ■ ■ ■
    authorization/authorization.py
    skipped 80 lines
    81 81   
    82 82   message_passed_filters = True
    83 83   for i in range(0, self.IFList.getModel().getSize()):
    84  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Scope items only":
     84 + interceptionFilter = self.IFList.getModel().getElementAt(i)
     85 + interceptionFilterTitle = interceptionFilter.split(":")[0]
     86 + if interceptionFilterTitle == "Scope items only":
    85 87   currentURL = URL(urlString)
    86 88   if not self._callbacks.isInScope(currentURL):
    87 89   message_passed_filters = False
    88 90   
    89  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (simple string)":
    90  - if self.IFList.getModel().getElementAt(i)[30:] not in urlString:
     91 + if interceptionFilterTitle == "URL Contains (simple string)":
     92 + if interceptionFilter[30:] not in urlString:
    91 93   message_passed_filters = False
    92 94   
    93  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Contains (regex)":
    94  - regex_string = self.IFList.getModel().getElementAt(i)[22:]
     95 + if interceptionFilterTitle == "URL Contains (regex)":
     96 + regex_string = interceptionFilter[22:]
    95 97   if re.search(regex_string, urlString, re.IGNORECASE) is None:
    96 98   message_passed_filters = False
    97 99   
    98  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (simple string)":
    99  - if self.IFList.getModel().getElementAt(i)[34:] in urlString:
     100 + if interceptionFilterTitle == "URL Not Contains (simple string)":
     101 + if interceptionFilter[34:] in urlString:
    100 102   message_passed_filters = False
    101 103   
    102  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (regex)":
    103  - regex_string = self.IFList.getModel().getElementAt(i)[26:]
     104 + if interceptionFilterTitle == "URL Not Contains (regex)":
     105 + regex_string = interceptionFilter[26:]
    104 106   if not re.search(regex_string, urlString, re.IGNORECASE) is None:
    105 107   message_passed_filters = False
    106 108   
    107  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body contains (simple string)":
    108  - if self.IFList.getModel().getElementAt(i)[40:] not in bodyStr:
     109 + if interceptionFilterTitle == "Request Body contains (simple string)":
     110 + if interceptionFilter[40:] not in bodyStr:
    109 111   message_passed_filters = False
    110 112   
    111  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body contains (regex)":
    112  - regex_string = self.IFList.getModel().getElementAt(i)[32:]
     113 + if interceptionFilterTitle == "Request Body contains (regex)":
     114 + regex_string = interceptionFilter[32:]
    113 115   if re.search(regex_string, bodyStr, re.IGNORECASE) is None:
    114 116   message_passed_filters = False
    115 117   
    116  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body NOT contains (simple string)":
    117  - if self.IFList.getModel().getElementAt(i)[44:] in bodyStr:
     118 + if interceptionFilterTitle == "Request Body NOT contains (simple string)":
     119 + if interceptionFilter[44:] in bodyStr:
    118 120   message_passed_filters = False
    119 121   
    120  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body Not contains (regex)":
    121  - regex_string = self.IFList.getModel().getElementAt(i)[36:]
     122 + if interceptionFilterTitle == "Request Body Not contains (regex)":
     123 + regex_string = interceptionFilter[36:]
    122 124   if not re.search(regex_string, bodyStr, re.IGNORECASE) is None:
    123 125   message_passed_filters = False
    124 126   
    125  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body contains (simple string)":
    126  - if self.IFList.getModel().getElementAt(i)[41:] not in resStr:
     127 + if interceptionFilterTitle == "Response Body contains (simple string)":
     128 + if interceptionFilter[41:] not in resStr:
    127 129   message_passed_filters = False
    128 130   
    129  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body contains (regex)":
    130  - regex_string = self.IFList.getModel().getElementAt(i)[33:]
     131 + if interceptionFilterTitle == "Response Body contains (regex)":
     132 + regex_string = interceptionFilter[33:]
    131 133   if re.search(regex_string, resStr, re.IGNORECASE) is None:
    132 134   message_passed_filters = False
    133 135   
    134  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body NOT contains (simple string)":
    135  - if self.IFList.getModel().getElementAt(i)[45:] in resStr:
     136 + if interceptionFilterTitle == "Response Body NOT contains (simple string)":
     137 + if interceptionFilter[45:] in resStr:
    136 138   message_passed_filters = False
    137 139   
    138  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body Not contains (regex)":
    139  - regex_string = self.IFList.getModel().getElementAt(i)[37:]
     140 + if interceptionFilterTitle == "Response Body Not contains (regex)":
     141 + regex_string = interceptionFilter[37:]
    140 142   if not re.search(regex_string, resStr, re.IGNORECASE) is None:
    141 143   message_passed_filters = False
    142 144   
    143  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Header contains":
     145 + if interceptionFilterTitle == "Header contains":
    144 146   for header in list(resInfo.getHeaders()):
    145  - if self.IFList.getModel().getElementAt(i)[17:] in header:
     147 + if interceptionFilter[17:] in header:
    146 148   message_passed_filters = False
    147 149   
    148  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Header doesn't contain":
     150 + if interceptionFilterTitle == "Header doesn't contain":
    149 151   for header in list(resInfo.getHeaders()):
    150  - if not self.IFList.getModel().getElementAt(i)[17:] in header:
     152 + if not interceptionFilter[17:] in header:
    151 153   message_passed_filters = False
    152 154   
    153  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Only HTTP methods (newline separated)":
    154  - filterMethods = self.IFList.getModel().getElementAt(i)[39:].split("\n")
     155 + if interceptionFilterTitle == "Only HTTP methods (newline separated)":
     156 + filterMethods = interceptionFilter[39:].split("\n")
    155 157   filterMethods = [x.lower() for x in filterMethods]
    156 158   reqMethod = str(self._helpers.analyzeRequest(messageInfo).getMethod())
    157 159   if reqMethod.lower() not in filterMethods:
    158 160   message_passed_filters = False
    159 161   
    160  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Ignore HTTP methods (newline separated)":
    161  - filterMethods = self.IFList.getModel().getElementAt(i)[41:].split("\n")
     162 + if interceptionFilterTitle == "Ignore HTTP methods (newline separated)":
     163 + filterMethods = interceptionFilter[41:].split("\n")
    162 164   filterMethods = [x.lower() for x in filterMethods]
    163 165   reqMethod = str(self._helpers.analyzeRequest(messageInfo).getMethod())
    164 166   if reqMethod.lower() in filterMethods:
    165 167   message_passed_filters = False
    166 168   
    167  - if self.IFList.getModel().getElementAt(i).split(":")[0] == "Ignore OPTIONS requests":
     169 + if interceptionFilterTitle == "Ignore OPTIONS requests":
    168 170   reqMethod = str(self._helpers.analyzeRequest(messageInfo).getMethod())
    169 171   if reqMethod == "OPTIONS":
    170 172   message_passed_filters = False
    skipped 162 lines
  • ■ ■ ■ ■ ■
    gui/interception_filters.py
    skipped 47 lines
    48 48   "Ignore spider requests: (Content is not required)",
    49 49   "Ignore proxy requests: (Content is not required)",
    50 50   "Ignore target requests: (Content is not required)",
    51  - "Ignore OPTIONS requests: (Content is not required)"
     51 + "Ignore OPTIONS requests: (Content is not required)",
     52 + "Drop proxy listener ports: (Separated by comma)"
    52 53   ]
    53 54   self._extender.IFType = JComboBox(IFStrings)
    54 55   self._extender.IFType.setBounds(80, 10, 430, 30)
    skipped 58 lines
  • ■ ■ ■ ■ ■ ■
    helpers/filters.py
    skipped 1 lines
    2 2  # -*- coding: utf-8 -*-
    3 3   
    4 4  from java.awt import GridLayout
     5 +from burp import IInterceptedProxyMessage
    5 6   
    6 7  def addFilterHelper(typeObj, model, textObj):
    7 8   typeName = typeObj.getSelectedItem().split(":")[0]
    skipped 37 lines
    45 46   extender.requests_panel.revalidate()
    46 47   extender.expanded_requests = 0
    47 48   
     49 +def handle_proxy_message(self,message):
     50 + currentPort = message.getListenerInterface().split(":")[1]
     51 + for i in range(0, self.IFList.getModel().getSize()):
     52 + interceptionFilter = self.IFList.getModel().getElementAt(i)
     53 + interceptionFilterTitle = interceptionFilter.split(":")[0]
     54 + if interceptionFilterTitle == "Drop proxy listener ports":
     55 + portsList = interceptionFilter[27:].split(",")
     56 + portsList = [int(i) for i in portsList]
     57 + if int(currentPort) in portsList:
     58 + message.setInterceptAction(IInterceptedProxyMessage.ACTION_DROP)
  • ■ ■ ■ ■ ■ ■
    helpers/initiator.py
    skipped 63 lines
    64 64   self._extender._callbacks.registerContextMenuFactory(menu)
    65 65   self._extender._callbacks.addSuiteTab(itab)
    66 66   self._extender._callbacks.registerHttpListener(self._extender)
     67 + self._extender._callbacks.registerProxyListener(self._extender)
     68 + 
    67 69   
    68 70   def init_ui(self):
    69 71   self._extender._callbacks.customizeUiComponent(self._extender._splitpane)
    skipped 12 lines
Please wait...
Page is in error, reload to recover