#Lopseg from burp import IBurpExtender from burp import IContextMenuFactory from javax.swing import JMenuItem from java.util import List, ArrayList from java.net import URL import subprocess import threading import os import sys PATH_EXTRACTOR = 'dependencies/jsextractor.rb' PATH_TMP_FILE = "db/tmp.js" print "Js Path Extractor" class BurpExtender(IBurpExtender, IContextMenuFactory): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self.context = None # we set up our extension callbacks.setExtensionName("BHP JS scraper") callbacks.registerContextMenuFactory(self) return def createMenuItems(self, context_menu): self.context = context_menu menu_list = ArrayList() menu_list.add(JMenuItem("Send to js scraper", actionPerformed=self.pre_scan)) return menu_list def pre_scan(self,event): # grab the details of what the user clicked http_traffic = self.context.getSelectedMessages() for traffic in http_traffic: http_service = traffic.getHttpService() host = http_service.getHost() print 'Scanning :' + host response_plain_text = open(PATH_TMP_FILE,'w') responseInfo=traffic.getResponse() for char in responseInfo: try: response_plain_text.write(str(unichr(char))) except: response_plain_text.write('.') response_plain_text.close() cmd = "ruby "+PATH_EXTRACTOR+" "+PATH_TMP_FILE print cmd ## run it ## p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE) ## But do not wait till finish, start displaying output immediately ## while True: out = p.stdout.read(1) if out == '' and p.poll() != None: break if out != '': sys.stdout.write(out) sys.stdout.flush() return self.jsbeautify(host) def jsbeautify(self,host): try: cmd = subprocess.Popen("python db/parser.py "+PATH_TMP_FILE.split('/')[1]+" "+host,shell=True,stdin=subprocess.PIPE,stderr=subprocess.PIPE,stdout=subprocess.PIPE) print "A version of this js file has been beautified and saved at\n "+os.getcwd()+"/db/"+cmd.stdout.read().split('\n')[1] except: print 'In order to this feature work properly install jsbeatifier on your system with the instructions given at:\n' print 'https://github.com/Lopseg/Jspathextractor' return