Skip to content

Commit

Permalink
Merge pull request #19 from augustd/load-match-rules-from-jar
Browse files Browse the repository at this point in the history 
Add ability to load match rules from jar
  • Loading branch information
@augustd
augustd authored Nov 8, 2017
2 parents 93d2ef2 + 7b9ce7e commit 2f4596f
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 32 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.codemagi</groupId>
<artifactId>burp-suite-utils</artifactId>
<version>1.0.9</version>
<version>1.0.10</version>
<packaging>jar</packaging>
<name>Burp Suite Utils</name>
<description>The Burp Suite Utils project provides developers with APIs for building Burp Suite Extensions.</description>
Expand Down
102 changes: 71 additions & 31 deletions src/main/java/com/codemagi/burp/RuleTableComponent.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ public class RuleTableComponent extends javax.swing.JPanel {
PassiveScan scan;

private String DEFAULT_URL = "https://raw.githubusercontent.com/augustd/burp-suite-software-version-checks/master/src/burp/match-rules.tab";
private String backupUrl;
public static final String SETTING_URL = "SETTING_URL";

/**
Expand All @@ -39,10 +40,15 @@ public class RuleTableComponent extends javax.swing.JPanel {
* @param defaultUrl The default URL to load match rules from
*/
public RuleTableComponent(PassiveScan passiveScan, IBurpExtenderCallbacks callbacks, String defaultUrl) {
this(passiveScan, callbacks, defaultUrl, null);
}

public RuleTableComponent(PassiveScan passiveScan, IBurpExtenderCallbacks callbacks, String defaultUrl, String backupUrl) {

mCallbacks = callbacks;
this.scan = passiveScan;
this.DEFAULT_URL = defaultUrl;
this.backupUrl = backupUrl;

initComponents();

Expand All @@ -52,7 +58,13 @@ public RuleTableComponent(PassiveScan passiveScan, IBurpExtenderCallbacks callba
restoreSettings();

//load match rules from GitHub
loadMatchRules(urlTextField.getText());
boolean loadSuccess = loadMatchRules(urlTextField.getText());

//as a backup, load match rules from within the jar
if (!loadSuccess && backupUrl != null) {
mCallbacks.printOutput("WARNING: Failed to load remote match rules");
loadMatchRulesFromJar(backupUrl);
}

//add a listener for changes to the table model
final DefaultTableModel model = (DefaultTableModel)rules.getModel();
Expand Down Expand Up @@ -96,62 +108,90 @@ public void tableChanged(TableModelEvent e) {
}

/**
* Load match rules from a file
* Load match rules from a URL
*/
private boolean loadMatchRules(String rulesUrl) {
//load match rules from file
try {

DefaultTableModel model = (DefaultTableModel)rules.getModel();

//request match rules from URL
//request match rules from remote URL
mCallbacks.printOutput("Loading match rules from: " + rulesUrl);
URL url = new URL(rulesUrl);
IHttpService service = new HttpService(url);
HttpRequest request = new HttpRequest(url);
IHttpRequestResponse ihrr = mCallbacks.makeHttpRequest(service, request.getBytes());

//parse the response
byte[] responseBytes = ihrr.getResponse();
if (responseBytes == null) return false; //no response received from server
HttpResponse response = HttpResponse.parseMessage(responseBytes);

//read match rules from the response
Reader is = new StringReader(response.getBody());
BufferedReader reader = new BufferedReader(is);

String str;
while ((str = reader.readLine()) != null) {
mCallbacks.printOutput("str: " + str);
if (str.trim().length() == 0) {
continue;
}

String[] values = str.split("\\t");
model.addRow(values);

Pattern pattern = Pattern.compile(values[0]);

scan.addMatchRule(new MatchRule(
pattern,
new Integer(values[1]),
values[2],
ScanIssueSeverity.fromName(values[3]),
ScanIssueConfidence.fromName(values[4]))
);
}
processMatchRules(reader);

return true;

} catch (IOException e) {
scan.printStackTrace(e);
} catch (NumberFormatException e) {
scan.printStackTrace(e);
} catch (Exception e) {
scan.printStackTrace(e);
}

return false;
}

/**
* Load match rules from within the jar
*/
private boolean loadMatchRulesFromJar(String rulesUrl) {
//load match rules from a local file
try {
mCallbacks.printOutput("Loading match rules from local jar: " + rulesUrl);
InputStream in = getClass().getClassLoader().getResourceAsStream(rulesUrl);
BufferedReader reader = new BufferedReader(new InputStreamReader(in));

processMatchRules(reader);

return true;

} catch (IOException e) {
OutputStream error = mCallbacks.getStderr();
e.printStackTrace(new PrintStream(error));
scan.printStackTrace(e);
} catch (NumberFormatException e) {
OutputStream error = mCallbacks.getStderr();
e.printStackTrace(new PrintStream(error));
scan.printStackTrace(e);
}

return false;
}

private void processMatchRules(BufferedReader reader) throws IOException {
DefaultTableModel model = (DefaultTableModel)rules.getModel();

String str;
while ((str = reader.readLine()) != null) {
mCallbacks.printOutput("str: " + str);
if (str.trim().length() == 0) {
continue;
}

String[] values = str.split("\\t");
model.addRow(values);

Pattern pattern = Pattern.compile(values[0]);

scan.addMatchRule(new MatchRule(
pattern,
new Integer(values[1]),
values[2],
ScanIssueSeverity.fromName(values[3]),
ScanIssueConfidence.fromName(values[4]))
);
}
}

/**
* Save all configured settings
*/
Expand All @@ -173,7 +213,7 @@ public void restoreSettings() {
mCallbacks.printOutput("Restoring settings...");

String settingUrl = mCallbacks.loadExtensionSetting(scan.getSettingsNamespace() + SETTING_URL);
mCallbacks.printOutput("Loaded URL: " + settingUrl);
mCallbacks.printOutput("Match rules URL from settings: " + settingUrl);
if (settingUrl != null) {
urlTextField.setText(settingUrl);
//extender.setFormUrl(settingUrl);
Expand Down

0 comments on commit 2f4596f

Please sign in to comment.