/
generateClickJackingPoC.py
121 lines (94 loc) · 3.92 KB
/
generateClickJackingPoC.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# -*- coding: utf-8 -*-
from burp import IBurpExtender, IContextMenuFactory
from java.util import List, ArrayList
from javax.swing import JMenuItem, JOptionPane, JButton, JPanel
from java.awt import Toolkit, BorderLayout
from java.awt.datatransfer import StringSelection
from java.awt.event import ActionListener
class CopyActionListener(ActionListener):
def __init__(self, text):
self.text = text
def actionPerformed(self, event):
self.copyToClipboard(self.text)
def copyToClipboard(self, text):
selection = StringSelection(text)
clipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
clipboard.setContents(selection, selection)
class CloseActionListener(ActionListener):
def actionPerformed(self, event):
frame = JOptionPane.getRootFrame()
frame.dispose()
class BurpExtender(IBurpExtender, IContextMenuFactory):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Generate Clickjacking PoC")
print("Successfully Loaded...")
callbacks.registerContextMenuFactory(self)
return
def createMenuItems(self, invocation):
menu = ArrayList()
self.context = invocation
menu.add(JMenuItem("Generate Clickjacking PoC", actionPerformed=self.generatePoC))
return menu
def generatePoC(self, event):
http_traffic = self.context.getSelectedMessages()
for traffic in http_traffic:
analyzed_request = self._helpers.analyzeRequest(traffic)
url = analyzed_request.getUrl()
protocol = "https://" if url.getProtocol() == "https" else "http://"
host = url.getHost()
path = url.getPath()
full = protocol + host + path
cj_poc = """
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>BurpSuite Generate ClickJacking PoC</title>
<style>
</style>
</head>
<body style="background-color: beige;">
<!-- Start Section -->
<div>
<center>
<h3>This proof-of-concept Generated by BurpSuite Generate ClickJacking PoC extension! </h3>
</center>
</div>
<br>
<br>
<!-- * Vulnerable host in the iframe src -->
<div>
<iframe src="{}" frameborder="0" width="100%" height="800px"></iframe>
</div>
</body>
</html>
""".format(full)
print("\n" + full)
self.showMessageBox(cj_poc)
return
def showMessageBox(self, message):
panel = JPanel()
panel.setLayout(BorderLayout())
copy_button = JButton("Copy")
copy_button.addActionListener(CopyActionListener(message))
close_button = JButton("Close")
close_button.addActionListener(CloseActionListener())
button_panel = JPanel()
button_panel.add(copy_button)
button_panel.add(close_button)
panel.add(button_panel, BorderLayout.SOUTH)
panel.add(JOptionPane(JOptionPane.INFORMATION_MESSAGE, message=message, options=[]), BorderLayout.CENTER)
dialog = JOptionPane(panel, JOptionPane.PLAIN_MESSAGE, JOptionPane.DEFAULT_OPTION, None, [], copy_button)
dialog.createDialog(None, "ClickJacking PoC").setVisible(True)
return
def unloadExtension(self):
print("Unloading extension...")
# No specific resources to clean up
return
# Initialize the BurpExtender class
callbacks = None
# Add the extension to the Burp Suite interface
extender = BurpExtender()