Skip to content

Commit

Permalink
Add ability to load match rules from jar
Browse files Browse the repository at this point in the history 
In case loading from remote repo fails
  • Loading branch information
@augustd
augustd committed Nov 8, 2017
1 parent 93d2ef2 commit 7b9ce7e
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 32 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.codemagi</groupId>
<artifactId>burp-suite-utils</artifactId>
<version>1.0.9</version>
<version>1.0.10</version>
<packaging>jar</packaging>
<name>Burp Suite Utils</name>
<description>The Burp Suite Utils project provides developers with APIs for building Burp Suite Extensions.</description>
Expand Down
102 changes: 71 additions & 31 deletions src/main/java/com/codemagi/burp/RuleTableComponent.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ public class RuleTableComponent extends javax.swing.JPanel {
PassiveScan scan;

private String DEFAULT_URL = "https://raw.githubusercontent.com/augustd/burp-suite-software-version-checks/master/src/burp/match-rules.tab";
private String backupUrl;
public static final String SETTING_URL = "SETTING_URL";

/**
Expand All @@ -39,10 +40,15 @@ public class RuleTableComponent extends javax.swing.JPanel {
* @param defaultUrl The default URL to load match rules from
*/
public RuleTableComponent(PassiveScan passiveScan, IBurpExtenderCallbacks callbacks, String defaultUrl) {
this(passiveScan, callbacks, defaultUrl, null);
}

public RuleTableComponent(PassiveScan passiveScan, IBurpExtenderCallbacks callbacks, String defaultUrl, String backupUrl) {

mCallbacks = callbacks;
this.scan = passiveScan;
this.DEFAULT_URL = defaultUrl;
this.backupUrl = backupUrl;

initComponents();

Expand All @@ -52,7 +58,13 @@ public RuleTableComponent(PassiveScan passiveScan, IBurpExtenderCallbacks callba
restoreSettings();

//load match rules from GitHub
loadMatchRules(urlTextField.getText());
boolean loadSuccess = loadMatchRules(urlTextField.getText());

//as a backup, load match rules from within the jar
if (!loadSuccess && backupUrl != null) {
mCallbacks.printOutput("WARNING: Failed to load remote match rules");
loadMatchRulesFromJar(backupUrl);
}

//add a listener for changes to the table model
final DefaultTableModel model = (DefaultTableModel)rules.getModel();
Expand Down Expand Up @@ -96,62 +108,90 @@ public void tableChanged(TableModelEvent e) {
}

/**
* Load match rules from a file
* Load match rules from a URL
*/
private boolean loadMatchRules(String rulesUrl) {
//load match rules from file
try {

DefaultTableModel model = (DefaultTableModel)rules.getModel();

//request match rules from URL
//request match rules from remote URL
mCallbacks.printOutput("Loading match rules from: " + rulesUrl);
URL url = new URL(rulesUrl);
IHttpService service = new HttpService(url);
HttpRequest request = new HttpRequest(url);
IHttpRequestResponse ihrr = mCallbacks.makeHttpRequest(service, request.getBytes());

//parse the response
byte[] responseBytes = ihrr.getResponse();
if (responseBytes == null) return false; //no response received from server
HttpResponse response = HttpResponse.parseMessage(responseBytes);

//read match rules from the response
Reader is = new StringReader(response.getBody());
BufferedReader reader = new BufferedReader(is);

String str;
while ((str = reader.readLine()) != null) {
mCallbacks.printOutput("str: " + str);
if (str.trim().length() == 0) {
continue;
}

String[] values = str.split("\\t");
model.addRow(values);

Pattern pattern = Pattern.compile(values[0]);

scan.addMatchRule(new MatchRule(
pattern,
new Integer(values[1]),
values[2],
ScanIssueSeverity.fromName(values[3]),
ScanIssueConfidence.fromName(values[4]))
);
}
processMatchRules(reader);

return true;

} catch (IOException e) {
scan.printStackTrace(e);
} catch (NumberFormatException e) {
scan.printStackTrace(e);
} catch (Exception e) {
scan.printStackTrace(e);
}

return false;
}

/**
* Load match rules from within the jar
*/
private boolean loadMatchRulesFromJar(String rulesUrl) {
//load match rules from a local file
try {
mCallbacks.printOutput("Loading match rules from local jar: " + rulesUrl);
InputStream in = getClass().getClassLoader().getResourceAsStream(rulesUrl);
BufferedReader reader = new BufferedReader(new InputStreamReader(in));

processMatchRules(reader);

return true;

} catch (IOException e) {
OutputStream error = mCallbacks.getStderr();
e.printStackTrace(new PrintStream(error));
scan.printStackTrace(e);
} catch (NumberFormatException e) {
OutputStream error = mCallbacks.getStderr();
e.printStackTrace(new PrintStream(error));
scan.printStackTrace(e);
}

return false;
}

private void processMatchRules(BufferedReader reader) throws IOException {
DefaultTableModel model = (DefaultTableModel)rules.getModel();

String str;
while ((str = reader.readLine()) != null) {
mCallbacks.printOutput("str: " + str);
if (str.trim().length() == 0) {
continue;
}

String[] values = str.split("\\t");
model.addRow(values);

Pattern pattern = Pattern.compile(values[0]);

scan.addMatchRule(new MatchRule(
pattern,
new Integer(values[1]),
values[2],
ScanIssueSeverity.fromName(values[3]),
ScanIssueConfidence.fromName(values[4]))
);
}
}

/**
* Save all configured settings
*/
Expand All @@ -173,7 +213,7 @@ public void restoreSettings() {
mCallbacks.printOutput("Restoring settings...");

String settingUrl = mCallbacks.loadExtensionSetting(scan.getSettingsNamespace() + SETTING_URL);
mCallbacks.printOutput("Loaded URL: " + settingUrl);
mCallbacks.printOutput("Match rules URL from settings: " + settingUrl);
if (settingUrl != null) {
urlTextField.setText(settingUrl);
//extender.setFormUrl(settingUrl);
Expand Down

0 comments on commit 7b9ce7e

Please sign in to comment.