From 15d6b651eabd4ad62bd9d7bc1823b4ab85089c71 Mon Sep 17 00:00:00 2001 From: Tijme Gommers Date: Wed, 23 May 2018 11:35:54 +0200 Subject: [PATCH] Improved readme. Automatically enabled extension on load. --- .semver | 2 +- README.md | 58 +++++++------------------ extension/Extension.py | 12 +++-- extension/ExtensionDetails.py | 2 +- extension/GraphWave.py | 2 +- extension/GraphWaveHttpListener.py | 1 - extension/GraphWavePropertyGenerator.py | 1 + extension/Resources/ExtensionTab.fxml | 2 +- 8 files changed, 30 insertions(+), 50 deletions(-) diff --git a/.semver b/.semver index 3eefcb9..7dea76e 100644 --- a/.semver +++ b/.semver @@ -1 +1 @@ -1.0.0 +1.0.1 diff --git a/README.md b/README.md index ca581c8..4b78cb1 100644 --- a/README.md +++ b/README.md @@ -12,50 +12,16 @@ -# Extension +**Table of Contents:** +* [Documentation](#Documentation) +* [Thesis](#Thesis) +* [Presentation](#Presentation) +* [Issues](#Issues) +* [License](#License) -### Installation +# Documentation -#### Oracle JDK - -Make sure you are using the Oracle JDK version 9 or 10. OpenJDK will **not** work! To install the Oracle JDK on Kali follow the instructions below. - -* Download the Java JDK (.tar.gz) from http://www.oracle.com/technetwork/java/javase/downloads/index.html -* Execute the commands below in the folder you downloaded the Java JDK to. - -``` -tar -xzvf jdk-10.0.1_linux-x64_bin.tar.gz -mv jdk-10.0.1 /opt/jdk-10.0.1 -update-alternatives --install /usr/bin/java java /opt/jdk-10.0.1/bin/java 1 -update-alternatives --install /usr/bin/javac javac /opt/jdk-10.0.1/bin/javac 1 -update-alternatives --set java /opt/jdk-10.0.1/bin/java -update-alternatives --set javac /opt/jdk-10.0.1/bin/javac -cp /opt/jdk-10.0.1/bin/* /opt/BurpSuitePro/jre/bin -``` - -Now verify that it's working by executing `java --verison`. - -#### Settings - -* Set Extender -> Options -> Python Environment -> Jython jar file to; - * ./graphwave/jython/jython-standalone-2.7.0.jar -* Set Extender -> Options -> Python Environment -> Python module folder to; - * The Python3 modules folder. This can be found by executing: - * `python3 -c "import json; print(json.__file__.replace('/json/__init__.py',''))"` - -#### GraphWave - -Use the [guide](https://support.portswigger.net/customer/portal/articles/1965930-how-to-install-an-extension-in-burp-suite) from Burp Suite to install the GraphWave extension. - -The file that needs to be loaded is `./extension/Extension.py`. - -### Usage - -* Enable the GraphWave extension by ticking the "Status" checkbox in the GraphWave tab. -* Adjust the settings to your needs. -* Spider a host or a specific branch. -* When done, mark similar requests as 'out-of-scope' in the GraphWave tab. -* Now start an active scan and make sure to check 'remove out-of-scope items'. +Please refer to the [wiki](https://github.com/tijme/graphwave/wiki) for installation and usage instructions. Our [F.A.Q](https://github.com/tijme/graphwave/wiki/F.A.Q) helps to troubleshoot any problems that might occur. # Thesis @@ -68,3 +34,11 @@ Please note that the thesis has been anonymised and some private information has **Preview:** [latest build](https://github.com/tijme/graphwave/blob/master/.github/presentation-graphwave-tijme-gommers.pdf) Please note that the presentation has been anonymised and some private information has been redacted. The source of the presentation (LaTex) is not open-source at the moment + +# Issues + +Issues or new features can be reported via the [GitHub issue tracker](https://github.com/tijme/graphwave/issues). Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one. + +# License + +GraphWave is open-sourced software licensed under the [MIT license](https://github.com/tijme/graphwave/blob/master/LICENSE.md). diff --git a/extension/Extension.py b/extension/Extension.py index 915d5dc..80b5a32 100644 --- a/extension/Extension.py +++ b/extension/Extension.py @@ -241,7 +241,7 @@ def initializeElements(self): self.elements["version"].setText("Version " + ExtensionDetails.VERSION) # Status checkbox - self.onEnabledChange("enabled", None, 0, False) + self.onEnabledChange("enabled", None, 0, True, True) self.elements["enabledCheckbox"].selectedProperty().addListener( ExtensionChangeListener(self.onEnabledChange, "enabled") ) @@ -279,9 +279,13 @@ def onSliderChange(self, elementKey, observable, oldValue, newValue): value = ("{0:." + str(decimals) + "f}").format(newValue) label.setText(title + " (" + value + ")") + if (elementKey == "mct"): + oldValue += 1.0 + newValue += 1.0 + self._graph.setOption(elementKey, newValue) - def onEnabledChange(self, elementKey, observable, oldValue, isEnabled): + def onEnabledChange(self, elementKey, observable, oldValue, isEnabled, isInitialSet=False): """GUI slider change listener. Executed on the GUI thread. Args: @@ -297,7 +301,9 @@ def onEnabledChange(self, elementKey, observable, oldValue, isEnabled): if isEnabled: self.elements["status"].setText("Status: " + ExtensionDetails.STATUS_ENABLED) self.elements["status"].setStyle("-fx-text-fill: #006600;") - self.onResetClick(None) + + if not isInitialSet: + self.onResetClick(None) else: self.elements["status"].setText("Status: " + ExtensionDetails.STATUS_DISABLED) self.elements["status"].setStyle("-fx-text-fill: #cc0000;") diff --git a/extension/ExtensionDetails.py b/extension/ExtensionDetails.py index ea339b9..3210eda 100644 --- a/extension/ExtensionDetails.py +++ b/extension/ExtensionDetails.py @@ -41,7 +41,7 @@ class ExtensionDetails: VERSION = "Unknown" - DEBUG = False + DEBUG = True STATUS_LOADING = "loading" STATUS_DISABLED = "disabled" diff --git a/extension/GraphWave.py b/extension/GraphWave.py index f4f6763..b9d4d17 100644 --- a/extension/GraphWave.py +++ b/extension/GraphWave.py @@ -206,7 +206,7 @@ def getMatchingPoints(self, response, properties): matchingPoints = 0 - self.debug("------------------- Getting matching points -------------------") + self.debug("------------------- Getting matching points ------------------- (" + response.url + ")") for property in properties: if property not in self.edges_properties: diff --git a/extension/GraphWaveHttpListener.py b/extension/GraphWaveHttpListener.py index f0eb323..2c9f920 100644 --- a/extension/GraphWaveHttpListener.py +++ b/extension/GraphWaveHttpListener.py @@ -95,7 +95,6 @@ def processHttpMessage(self, toolFlag, messageIsRequest, requestResponse): self._config.exclude(request.getUrl().toString()) else: self._config.include(request.getUrl().toString()) - else: self._config.include(request.getUrl().toString()) diff --git a/extension/GraphWavePropertyGenerator.py b/extension/GraphWavePropertyGenerator.py index 1a1fdef..65a8117 100644 --- a/extension/GraphWavePropertyGenerator.py +++ b/extension/GraphWavePropertyGenerator.py @@ -80,6 +80,7 @@ def getUrlProperties(url, options): parsed = urlparse(url) properties.append(GraphWaveProperty("url.scheme", 0.025, parsed.scheme)) + properties.append(GraphWaveProperty("url.netloc", 1.000, parsed.netloc)) # Can't be set in GUI properties.extend(GraphWavePropertyGenerator.getUrlPathProperties(parsed.path, options)) properties.extend(GraphWavePropertyGenerator.getUrlQueryProperties(parsed.query, options)) diff --git a/extension/Resources/ExtensionTab.fxml b/extension/Resources/ExtensionTab.fxml index ed1e02e..67d35ef 100644 --- a/extension/Resources/ExtensionTab.fxml +++ b/extension/Resources/ExtensionTab.fxml @@ -126,7 +126,7 @@ - +