Add code

Author: stephenbradshaw

.gitignore

@@ -0,0 +1,27 @@
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+replay_pid*
+
+target/
+.DS_Store

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2022, Stephen Bradshaw
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,2 @@
+# BurpPythonGateway
+Uses py4j to make Burp Extender internals available to Python code and interactive interpreters like iPython

pom.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.mycompany</groupId>
+    <artifactId>Burp_Python_Gateway</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+<build>
+    <sourceDirectory>src</sourceDirectory>
+    <plugins>
+      <plugin>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>3.8.1</version>
+        <configuration>
+          <source>1.8</source>
+          <target>1.8</target>
+        </configuration>
+      </plugin>
+     <plugin>
+       <artifactId>maven-assembly-plugin</artifactId>
+       <version>3.1.1</version>
+       <configuration>
+           <descriptorRefs>
+               <descriptorRef>jar-with-dependencies</descriptorRef>
+           </descriptorRefs>
+       </configuration>
+       <executions>
+           <execution>
+               <id>make-assembly</id>
+               <phase>package</phase>
+               <goals>
+                   <goal>single</goal>
+               </goals>
+           </execution>
+       </executions>
+      </plugin>
+    </plugins>
+  </build>
+    <name>Burp_Python_Gateway</name>
+    <dependencies>
+  	<dependency>
+  		<groupId>net.portswigger.burp.extender</groupId>
+  		<artifactId>burp-extender-api</artifactId>
+  		<version>1.7.22</version>
+  	</dependency>
+        <dependency>
+            <groupId>net.sf.py4j</groupId>
+            <artifactId>py4j</artifactId>
+            <version>0.10.9</version>
+        </dependency>
+    </dependencies>
+</project>

python/examples.py

@@ -0,0 +1,56 @@
+#!/usr/bin/env python
+
+from py4j.java_gateway import JavaGateway
+gateway = JavaGateway()
+
+# callbacks
+callbacks = gateway.entry_point
+
+# helpers
+helpers = callbacks.getHelpers()
+
+# sitemap
+sm = callbacks.getSiteMap('h')
+
+# out of scope host names
+set([a.getHost() for a in sm if not callbacks.isInScope(a.getUrl())])
+
+# in scope items
+ssm = [a for a in sm if callbacks.isInScope(a.getUrl())]
+
+# get headers
+def get_headers(request):
+    head = request.split(b'\r\n\r\n')[0].decode('utf8')
+    return [(a.split(':', 1)[0].rstrip(), a.split(':', 1)[1].rstrip().lstrip())  for a in head.split('\r\n') if ':' in a]
+
+
+# in scope site map items
+ssm = [a for a in sm if callbacks.isInScope(a.getUrl())]
+
+# get user agents for in scope hosts
+set([b[1] for a in ssm for b in get_headers(a.getRequest()) if b[0].lower() == 'user-agent'])
+
+
+# get user agents used per host in scope
+host_user_agents = { a: [] for a in set([a.getHost() for a in ssm])}
+for entry in ssm:
+    host = entry.getHost()
+    headers = get_headers(entry.getRequest())
+    host_user_agents[host] = host_user_agents[host] + list(set([a[1] for a in headers if a[0].lower() == 'user-agent' and a[1] not in host_user_agents[host]]))
+
+
+# request types of in scope items
+set([a.getRequest().split(b' ')[0].decode('utf8') for a in ssm])
+
+# data
+
+# URL parameters
+
+# unusual request types (not GET, HEAD, POST)
+
+# unusual headers
+
+
+
+
+

src/main/java/burp/BurpExtender.java

@@ -0,0 +1,22 @@
+package burp;
+
+import java.io.PrintWriter;
+import py4j.GatewayServer;
+
+public class BurpExtender implements IBurpExtender {
+    
+    	@Override
+	public void registerExtenderCallbacks (IBurpExtenderCallbacks callbacks)
+	{
+            callbacks.setExtensionName("Burp Python Gateway");
+
+            PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true);
+            
+            GatewayServer gatewayServer = new GatewayServer(callbacks);
+            gatewayServer.start();
+            
+            callbacks.registerExtensionStateListener(new ExtensionStateListener(gatewayServer));
+            
+            stdout.println("Burp Python Gateway Loaded!");
+	}
+}

src/main/java/burp/ExtensionStateListener.java

@@ -0,0 +1,20 @@
+package burp;
+
+import py4j.GatewayServer;
+
+
+public class ExtensionStateListener implements IExtensionStateListener {
+    private GatewayServer gatewayServer;
+    
+    
+    public ExtensionStateListener(GatewayServer gatewayServer){
+        this.gatewayServer = gatewayServer;
+        
+    }
+    
+    @Override 
+    public void extensionUnloaded(){
+        this.gatewayServer.shutdown();
+    }
+    
+}