diff --git a/.gitignore b/.gitignore
index a79f4b2..0c507b6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,4 @@
/.idea
/burp-vulners-scanner.iml
/target/
-!/target/burp-vulners-scanner-1.1.jar
+!/target/burp-vulners-scanner-1.2.jar
diff --git a/pom.xml b/pom.xml
index 5d3cb89..f3bf2ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
burp-vulners-scanner
burp-vulners-scanner
- 1.1
+ 1.2
UTF-8
@@ -22,16 +22,10 @@
-
- org.codehaus.jackson
- jackson-mapper-asl
- 1.9.13
-
-
com.codemagi
burp-suite-utils
- 1.0.8
+ LATEST
@@ -40,17 +34,16 @@
7.0.3
-
- com.mashape.unirest
- unirest-java
- 1.4.9
-
-
org.jtwig
jtwig-core
5.85.3.RELEASE
+
+ org.json
+ json
+ 20160810
+
@@ -77,8 +70,8 @@
org.apache.maven.plugins
maven-compiler-plugin
- 1.7
- 1.7
+ 8
+ 8
diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java
index f75d3e0..6d58edb 100644
--- a/src/main/java/burp/BurpExtender.java
+++ b/src/main/java/burp/BurpExtender.java
@@ -7,12 +7,17 @@
import com.codemagi.burp.ScannerMatch;
import com.monikamorrow.burp.BurpSuiteTab;
+import java.io.IOException;
import java.net.URL;
import java.util.*;
+import java.util.regex.Pattern;
public class BurpExtender extends PassiveScan {
+ public static String SETTING_API_KEY_NAME = "SETTING_API_KEY_NAME";
+
+ private String apiKey = "";
private TabComponent tabComponent;
private VulnersService vulnersService;
private Map domains = new HashMap<>();
@@ -28,8 +33,15 @@ protected void initPassiveScan() {
mTab.addComponent(tabComponent.getRootPanel());
+ apiKey = callbacks.loadExtensionSetting(SETTING_API_KEY_NAME);
+ tabComponent.setAPIKey(apiKey);
+
vulnersService = new VulnersService(this, callbacks, helpers, domains, tabComponent);
- vulnersService.loadRules();
+ try {
+ vulnersService.loadRules();
+ } catch (IOException e) {
+ callbacks.printError("[Vulners]" + e.getMessage());
+ }
}
@Override
@@ -69,8 +81,6 @@ protected List processIssues(List matches, IHttpReques
String domainName = helpers.analyzeRequest(baseRequestResponse).getUrl().getHost();
List startStop = new ArrayList<>(1);
- callbacks.printOutput("[Vulners] Processing issues for: " + domainName);
-
//get the existing matches for this domain
Domain domain = domains.get(domainName);
@@ -79,11 +89,23 @@ protected List processIssues(List matches, IHttpReques
}
Collections.sort(matches); //matches must be in order
+ ScannerMatch lastMatch = null;
for (ScannerMatch match : matches) {
+
+ // do not continue if software wal already found before
if (domain.getSoftware().get(match.getType() + match.getMatchGroup()) != null) {
continue;
}
+ // Ignore matches that overlapped previous positions. Usually it's the similar rule match
+ if (lastMatch !=null && (lastMatch.getStart() >= match.getStart() || lastMatch.getEnd() >= match.getEnd())) {
+ callbacks.printError("[Vulners] Ignore overlapped rule " + domainName + " new issue " + match.getFullMatch());
+ continue;
+ }
+ lastMatch = match;
+
+ callbacks.printOutput("[Vulners] Processing domain " + domainName + " new issue " + match.getFullMatch());
+
Software software = new Software(
match.getType() + match.getMatchGroup(),
match.getType(),
@@ -118,4 +140,21 @@ public VulnersService getVulnersService() {
Map> getMatchRules() {
return matchRules;
}
+
+ public String getApiKey() {
+ return apiKey;
+ }
+
+ public void setApiKey(String apiKey) {
+ apiKey = apiKey.trim();
+ Pattern pattern = Pattern.compile("[A-Z0-9]{0,128}");
+
+ if (pattern.matcher(apiKey).matches()) {
+ callbacks.printOutput("[Vulners] Set API key " + apiKey);
+ callbacks.saveExtensionSetting(SETTING_API_KEY_NAME, apiKey);
+ this.apiKey = apiKey;
+ } else {
+ callbacks.printError("[Vulners] Wrong api key provided, should match /[A-Z0-9]{64}/ " + apiKey);
+ }
+ }
}
\ No newline at end of file
diff --git a/src/main/java/burp/HttpClient.java b/src/main/java/burp/HttpClient.java
index e1570fe..509fd51 100644
--- a/src/main/java/burp/HttpClient.java
+++ b/src/main/java/burp/HttpClient.java
@@ -1,54 +1,68 @@
package burp;
-import com.mashape.unirest.http.Unirest;
-import org.apache.http.HttpHost;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.conn.ssl.TrustStrategy;
-import org.apache.http.impl.client.BasicCookieStore;
-import org.apache.http.impl.nio.client.CloseableHttpAsyncClient;
-import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
-import org.apache.http.impl.nio.client.HttpAsyncClients;
-import org.apache.http.ssl.SSLContexts;
-
-import javax.net.ssl.SSLContext;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-class HttpClient {
-
- public static CloseableHttpAsyncClient createSSLClient() {
- return createSSLClient(null);
+import org.json.JSONObject;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+public class HttpClient {
+
+ private static String VULNERS_API_HOST = "vulners.com";
+ private static String VULNERS_API_PATH = "/api/v3/burp/";
+
+ private final IBurpExtenderCallbacks callbacks;
+ private final IExtensionHelpers helpers;
+ private final BurpExtender burpExtender;
+
+ HttpClient(IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers, BurpExtender burpExtender) {
+ this.burpExtender = burpExtender;
+ this.callbacks = callbacks;
+ this.helpers = helpers;
}
- public static CloseableHttpAsyncClient createSSLClient(HttpHost proxy) {
- TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
+ public JSONObject get(String action, Map params) {
+ List headers = new ArrayList<>();
+ headers.add("POST " + VULNERS_API_PATH + action + "/ HTTP/1.1");
+ headers.add("Host: " + VULNERS_API_HOST);
+ headers.add("User-Agent: vulners-burpscanner-v-1.2");
+ headers.add("Content-type: application/json");
- @Override
- public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
- return true;
- }
- };
+ JSONObject jsonBody = new JSONObject();
- try {
- SSLContext sslContext = SSLContexts.custom()
- .loadTrustMaterial(null, acceptingTrustStrategy)
- .build();
+ if (burpExtender.getApiKey() != null) {
+ jsonBody = jsonBody.put("apiKey", burpExtender.getApiKey());
+ }
- HttpAsyncClientBuilder client = HttpAsyncClients.custom()
- .setDefaultCookieStore(new BasicCookieStore())
- .setSSLContext(sslContext)
- .setSSLHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+ for (Map.Entry p: params.entrySet()) {
+ jsonBody = jsonBody.put(p.getKey(), p.getValue());
+ }
- if (proxy !=null) {
- client.setProxy(proxy);
- }
+ byte[] request = helpers.buildHttpMessage(headers, helpers.stringToBytes(jsonBody.toString()));
+ byte[] response = callbacks.makeHttpRequest(VULNERS_API_HOST, 443, true, request);
+ return parseResponse(response);
+ }
+
+ private JSONObject parseResponse(byte[] response) {
+ String responseString = helpers.bytesToString(response);
+ IResponseInfo iResponseInfo = helpers.analyzeResponse(response);
+ String jsonString = responseString.substring(iResponseInfo.getBodyOffset());
+
+ JSONObject object = new JSONObject(jsonString);
- return client.build();
+ try {
+ if (object.getString("result").equals("OK")) {
+ return object.getJSONObject("data");
+ } else {
+ callbacks.printOutput("[DEBUG] not OK");
+ callbacks.printOutput(jsonString);
+ return object;
+ }
} catch (Exception e) {
- System.out.println("Could not create SSLContext");
- return null;
+ callbacks.printError("[ERROR]");
+ callbacks.printError(jsonString);
+ return object;
}
-
}
+
}
diff --git a/src/main/java/burp/PathIssue.java b/src/main/java/burp/PathIssue.java
index b342857..a902a7a 100644
--- a/src/main/java/burp/PathIssue.java
+++ b/src/main/java/burp/PathIssue.java
@@ -1,6 +1,5 @@
package burp;
-import burp.models.Software;
import burp.models.Vulnerability;
import com.codemagi.burp.ScanIssueConfidence;
import com.codemagi.burp.ScanIssueSeverity;
@@ -10,7 +9,6 @@
import java.net.URL;
import java.util.Collection;
-import java.util.List;
import java.util.Set;
public class PathIssue implements IScanIssue {
@@ -22,7 +20,7 @@ public class PathIssue implements IScanIssue {
private final String path;
private final Set vulnerabilities;
- public PathIssue(IHttpRequestResponse baseRequestResponse, IExtensionHelpers helpers, IBurpExtenderCallbacks callbacks, String path, Set vulnerabilities) {
+ PathIssue(IHttpRequestResponse baseRequestResponse, IExtensionHelpers helpers, IBurpExtenderCallbacks callbacks, String path, Set vulnerabilities) {
this.baseRequestResponse = baseRequestResponse;
this.helpers = helpers;
this.callbacks = callbacks;
diff --git a/src/main/java/burp/SoftwareIssue.java b/src/main/java/burp/SoftwareIssue.java
index 75739d7..68939de 100644
--- a/src/main/java/burp/SoftwareIssue.java
+++ b/src/main/java/burp/SoftwareIssue.java
@@ -5,13 +5,8 @@
import com.codemagi.burp.ScanIssueConfidence;
import com.codemagi.burp.ScanIssueSeverity;
import com.google.common.base.Function;
-import com.google.common.base.Predicates;
import com.google.common.collect.Collections2;
import com.google.common.collect.Ordering;
-import org.jtwig.environment.DefaultEnvironmentConfiguration;
-import org.jtwig.environment.Environment;
-import org.jtwig.environment.EnvironmentConfiguration;
-import org.jtwig.environment.EnvironmentFactory;
import java.net.URL;
import java.util.Collection;
@@ -23,8 +18,8 @@ public class SoftwareIssue implements IScanIssue {
private final IExtensionHelpers helpers;
private final IBurpExtenderCallbacks callbacks;
private final List startStop;
- private final Software software;
- private final Environment environment;
+
+ private Software software;
SoftwareIssue(IHttpRequestResponse baseRequestResponse, IExtensionHelpers helpers, IBurpExtenderCallbacks callbacks, List startStop, Software software) {
this.baseRequestResponse = baseRequestResponse;
@@ -33,11 +28,6 @@ public class SoftwareIssue implements IScanIssue {
this.startStop = startStop;
this.software = software;
-
- // Environment
- EnvironmentConfiguration configuration = new DefaultEnvironmentConfiguration();
- EnvironmentFactory environmentFactory = new EnvironmentFactory();
- this.environment = environmentFactory.create(configuration);
}
@Override
@@ -132,17 +122,21 @@ public int getIssueType() {
@Override
public String getRemediationDetail() {
- return null;
+ return "";
}
@Override
public String getIssueBackground() {
- return null;
+ return "";
}
@Override
public String getRemediationBackground() {
- return null;
+ return "";
+ }
+
+ public void setSoftware(Software software) {
+ this.software = software;
}
private boolean hasVulnerabilities() {
diff --git a/src/main/java/burp/Utils.java b/src/main/java/burp/Utils.java
index 8b90ab4..3e64cd0 100644
--- a/src/main/java/burp/Utils.java
+++ b/src/main/java/burp/Utils.java
@@ -4,9 +4,11 @@
import com.google.common.base.Function;
import com.google.common.collect.Collections2;
import com.google.common.collect.Ordering;
+import org.json.JSONArray;
+import org.json.JSONObject;
import java.util.Collection;
-import java.util.List;
+import java.util.HashSet;
import java.util.Set;
/**
@@ -44,4 +46,21 @@ public String apply(Vulnerability vulnerability) {
}
);
}
+
+
+ public static Set getVulnerabilities(JSONObject data) {
+ Set vulnerabilities = new HashSet<>();
+
+ if (!data.has("search")) {
+ return vulnerabilities;
+ }
+
+ JSONArray bulletins = data.getJSONArray("search");
+ for (Object bulletin : bulletins) {
+ vulnerabilities.add(
+ new Vulnerability(((JSONObject) bulletin).getJSONObject("_source"))
+ );
+ }
+ return vulnerabilities;
+ }
}
diff --git a/src/main/java/burp/VulnersRestCallback.java b/src/main/java/burp/VulnersRestCallback.java
deleted file mode 100644
index 2cee2bd..0000000
--- a/src/main/java/burp/VulnersRestCallback.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package burp;
-
-
-import burp.models.Vulnerability;
-import com.mashape.unirest.http.HttpResponse;
-import com.mashape.unirest.http.JsonNode;
-import com.mashape.unirest.http.async.Callback;
-import com.mashape.unirest.http.exceptions.UnirestException;
-import org.json.JSONArray;
-import org.json.JSONObject;
-
-import java.util.HashSet;
-import java.util.Set;
-
-abstract class VulnersRestCallback implements Callback {
-
-
- private IBurpExtenderCallbacks callbacks;
-
- VulnersRestCallback(IBurpExtenderCallbacks callbacks) {
- this.callbacks = callbacks;
- }
-
- /**
- * Rise with response of success returned list of vulnerabilities
- * @param vulnerabilities List of returned vulnerabilities
- */
- public void onScannerSuccess(Set vulnerabilities) {
-
- };
-
- public void onSuccess(JSONObject data) {
- JSONArray bulletins = data.getJSONArray("search");
-
- Set vulnerabilities = new HashSet<>();
- for (Object bulletin : bulletins) {
- vulnerabilities.add(
- new Vulnerability(((JSONObject) bulletin).getJSONObject("_source"))
- );
- }
-
- onScannerSuccess(vulnerabilities);
- }
-
- /**
- * Rise on error returned or no vulnerabilities found
- */
- public void onFail(JSONObject responseData) {
- callbacks.printError(responseData.getString("error"));
- };
-
- public void completed(HttpResponse response) {
- JSONObject responseBody = response.getBody().getObject();
-
- if ("ERROR".equals(responseBody.getString("result"))) {
- onFail((JSONObject) responseBody.get("data"));
- return;
- }
-
- onSuccess(responseBody.getJSONObject("data"));
- }
-
- public void failed(UnirestException e) {
- e.printStackTrace();
- }
-
- public void cancelled() {}
-
-}
diff --git a/src/main/java/burp/VulnersService.java b/src/main/java/burp/VulnersService.java
index cd9d785..a6740f9 100644
--- a/src/main/java/burp/VulnersService.java
+++ b/src/main/java/burp/VulnersService.java
@@ -5,208 +5,161 @@
import burp.models.Domain;
import burp.models.Software;
import burp.models.Vulnerability;
+import burp.models.VulnersRequest;
+import burp.tasks.PathScanTask;
+import burp.tasks.SoftwareScanTask;
import com.codemagi.burp.MatchRule;
import com.codemagi.burp.ScanIssueConfidence;
import com.codemagi.burp.ScanIssueSeverity;
-import com.google.common.util.concurrent.RateLimiter;
-import com.mashape.unirest.http.Unirest;
-import com.mashape.unirest.request.HttpRequest;
-import org.apache.http.HttpHost;
-import org.apache.http.impl.client.BasicCookieStore;
-import org.apache.http.impl.nio.client.CloseableHttpAsyncClient;
import org.json.JSONObject;
import javax.swing.table.DefaultTableModel;
+import java.io.IOException;
import java.util.*;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
+
public class VulnersService {
- private static String BURP_API_URL = "https://vulners.com/api/v3/burp/{path}/";
private BurpExtender burpExtender;
private final IBurpExtenderCallbacks callbacks;
private final IExtensionHelpers helpers;
private final TabComponent tabComponent;
private Map domains;
- private final RateLimiter rateLimiter;
- public VulnersService(BurpExtender burpExtender, IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers, Map domains, TabComponent tabComponent) {
+ private final HttpClient httpClient;
+
+ VulnersService(BurpExtender burpExtender, IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers, Map domains, TabComponent tabComponent) {
this.burpExtender = burpExtender;
this.callbacks = callbacks;
this.helpers = helpers;
this.domains = domains;
this.tabComponent = tabComponent;
- this.rateLimiter = RateLimiter.create(4.0); // Count of max RPS
- Unirest.setDefaultHeader("user-agent", "vulners-burpscanner-v-1.1");
- Unirest.setAsyncHttpClient(HttpClient.createSSLClient());
+ this.httpClient = new HttpClient(callbacks, helpers, burpExtender);
}
-
/**
* Check found software for vulnerabilities using https://vulnes.com/api/v3/burp/software/
- *
- * @param domainName
- * @param software
- * @param baseRequestResponse
- * @param startStop
*/
void checkSoftware(final String domainName, final Software software, final IHttpRequestResponse baseRequestResponse, final List startStop) {
- // Limiting requests rate
- // TODO make non block MQ
- rateLimiter.acquire();
-
- final HttpRequest request = Unirest.get(BURP_API_URL)
- .routeParam("path", "software")
- .queryString("software", software.getAlias())
- .queryString("version", software.getVersion())
- .queryString("type", software.getMatchType());
+ SoftwareIssue softwareIssue = new SoftwareIssue(
+ baseRequestResponse,
+ helpers,
+ callbacks,
+ startStop,
+ domains.get(domainName).getSoftware().get(software.getKey())
+ );
+
+ // add Information Burp issue
+ if (software.getVersion() == null) {
+ callbacks.addScanIssue(softwareIssue);
+ return;
+ }
- callbacks.printOutput("[Vulners] start check for domain " + domainName + " for software " + software.getName() + "/" + software.getVersion() + " : " + request.getUrl());
+ VulnersRequest request = new VulnersRequest(domainName, software, softwareIssue);
- request.asJsonAsync(new VulnersRestCallback(callbacks) {
+ new SoftwareScanTask(request, httpClient, vulnersRequest -> {
- @Override
- public void onScannerSuccess(Set vulnerabilities) {
+ Set vulnerabilities = vulnersRequest.getVulnerabilities();
- for (Vulnerability vulnerability : vulnerabilities) {
- // update cache
- domains.get(domainName)
- .getSoftware()
- .get(software.getKey())
- .getVulnerabilities()
- .add(vulnerability);
- }
-
- // update gui component
- tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected());
-
-
- // add Burp issue
- callbacks.addScanIssue(new SoftwareIssue(
- baseRequestResponse,
- helpers,
- callbacks,
- startStop,
- domains.get(domainName).getSoftware().get(software.getKey())
- ));
+ // update cache
+ for (Vulnerability vulnerability : vulnerabilities) {
+ domains.get(vulnersRequest.getDomain())
+ .getSoftware()
+ .get(vulnersRequest.getSoftware().getKey())
+ .getVulnerabilities()
+ .add(vulnerability);
}
- @Override
- public void onFail(JSONObject error) {
- // update gui component
- tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected());
-
- callbacks.addScanIssue(new SoftwareIssue(
- baseRequestResponse,
- helpers,
- callbacks,
- startStop,
- domains.get(domainName).getSoftware().get(software.getKey())
- ));
- }
- });
+ // update gui component
+ tabComponent.getSoftwareTable().refreshTable(domains, tabComponent.getCbxSoftwareShowVuln().isSelected());
+
+ // add Vulnerability Burp issue
+ vulnersRequest.getSoftwareIssue().setSoftware(
+ domains.get(vulnersRequest.getDomain())
+ .getSoftware()
+ .get(vulnersRequest.getSoftware().getKey())
+ );
+ callbacks.addScanIssue(vulnersRequest.getSoftwareIssue());
+ }).run();
}
/**
* Check found software for vulnerabilities using https://vulnes.com/api/v3/burp/path/
- *
- * @param domainName
- * @param path
- * @param baseRequestResponse
*/
void checkURLPath(final String domainName, final String path, final IHttpRequestResponse baseRequestResponse) {
- // Limiting requests rate
- // TODO make non block MQ
- rateLimiter.acquire();
-
- Unirest.get(BURP_API_URL)
- .routeParam("path", "path")
- .queryString("path", path)
- .asJsonAsync(new VulnersRestCallback(callbacks) {
-
- @Override
- public void onScannerSuccess(Set vulnerabilities) {
-
- // update cache
- domains.get(domainName)
- .getPaths()
- .put(path, vulnerabilities);
-
- // update gui component
- tabComponent.getPathsTable().getDefaultModel().addRow(new Object[]{
- domainName,
- path,
- Utils.getMaxScore(vulnerabilities),
- Utils.getVulnersList(vulnerabilities)
- });
-
- // add Burp issue
- callbacks.addScanIssue(new PathIssue(
- baseRequestResponse,
- helpers,
- callbacks,
- path,
- vulnerabilities
- ));
- }
- });
+ VulnersRequest request = new VulnersRequest(domainName, path, baseRequestResponse);
+
+ new PathScanTask(request, httpClient, vulnersRequest -> {
+ Set vulnerabilities = vulnersRequest.getVulnerabilities();
+
+ if (vulnerabilities.isEmpty()) {
+ return;
+ }
+
+ // update cache
+ domains.get(vulnersRequest.getDomain())
+ .getPaths()
+ .put(vulnersRequest.getPath(), vulnerabilities);
+
+ // update gui component
+ tabComponent.getPathsTable().getDefaultModel().addRow(new Object[]{
+ vulnersRequest.getDomain(),
+ vulnersRequest.getPath(),
+ Utils.getMaxScore(vulnerabilities),
+ Utils.getVulnersList(vulnerabilities)
+ });
+
+ // add Burp issue
+ callbacks.addScanIssue(new PathIssue(
+ vulnersRequest.getBaseRequestResponse(),
+ helpers,
+ callbacks,
+ vulnersRequest.getPath(),
+ vulnerabilities
+ ));
+ }).run();
}
/**
* Check out rules for matching
*/
- public void loadRules() {
- Unirest.get(BURP_API_URL)
- .routeParam("path", "rules")
- .asJsonAsync(new VulnersRestCallback(callbacks) {
-
- @Override
- public void onSuccess(JSONObject data) {
- JSONObject rules = data.getJSONObject("rules");
- Iterator ruleKeys = rules.keys();
-
- DefaultTableModel ruleModel = tabComponent.getRulesTable().getDefaultModel();
- ruleModel.setRowCount(0); //reset table
- while (ruleKeys.hasNext()) {
- String key = ruleKeys.next();
- final JSONObject v = rules.getJSONObject(key);
-
- ruleModel.addRow(new Object[]{key, v.getString("regex"), v.getString("alias"), v.getString("type")});
-
- try {
- Pattern pattern = Pattern.compile(v.getString("regex"));
- System.out.println("[NEW] " + pattern);
-
- burpExtender.getMatchRules().put(key, new HashMap() {{
- put("regex", v.getString("regex"));
- put("alias", v.getString("alias"));
- put("type", v.getString("type"));
- }});
- // Match group 1 - is important
- burpExtender.addMatchRule(new MatchRule(pattern, 1, key, ScanIssueSeverity.LOW, ScanIssueConfidence.CERTAIN));
- } catch (PatternSyntaxException pse) {
- callbacks.printError("Unable to compile pattern: " + v.getString("regex") + " for: " + key);
- burpExtender.printStackTrace(pse);
- }
- }
-
- }
- });
- }
+ public void loadRules() throws IOException {
+
+ JSONObject data = httpClient.get("rules", new HashMap());
+
+ JSONObject rules = data.getJSONObject("rules");
+ Iterator ruleKeys = rules.keys();
- public static void buildHttpClient(String host, String port) {
- try {
- if ("".equals(host) && "".equals(port)) {
- Unirest.setAsyncHttpClient(null);
- } else {
- Unirest.setAsyncHttpClient(HttpClient.createSSLClient(new HttpHost(host, Integer.valueOf(port))));
+ DefaultTableModel ruleModel = tabComponent.getRulesTable().getDefaultModel();
+ ruleModel.setRowCount(0); //reset table
+ while (ruleKeys.hasNext()) {
+ String key = ruleKeys.next();
+ final JSONObject v = rules.getJSONObject(key);
+
+ ruleModel.addRow(new Object[]{key, v.getString("regex"), v.getString("alias"), v.getString("type")});
+
+ try {
+ Pattern pattern = Pattern.compile(v.getString("regex"));
+ System.out.println("[NEW] " + pattern);
+
+ burpExtender.getMatchRules().put(key, new HashMap() {{
+ put("regex", v.getString("regex"));
+ put("alias", v.getString("alias"));
+ put("type", v.getString("type"));
+ }});
+
+ // Match group 1 - is important
+ burpExtender.addMatchRule(new MatchRule(pattern, 1, key, ScanIssueSeverity.LOW, ScanIssueConfidence.CERTAIN));
+ } catch (PatternSyntaxException pse) {
+ callbacks.printError("[Vulners] Unable to compile pattern: " + v.getString("regex") + " for: " + key);
+ burpExtender.printStackTrace(pse);
}
- } catch (Exception e) {
- System.out.println("[Vulners] can't build HTTP client");
}
}
+
}
diff --git a/src/main/java/burp/gui/TabComponent.form b/src/main/java/burp/gui/TabComponent.form
index 83fd636..b366f3e 100644
--- a/src/main/java/burp/gui/TabComponent.form
+++ b/src/main/java/burp/gui/TabComponent.form
@@ -1,7 +1,6 @@