RELEASE-1.2

.gitignore

@@ -2,4 +2,4 @@
 /.idea
 /burp-vulners-scanner.iml
 /target/
-!/target/burp-vulners-scanner-1.1.jar
+!/target/burp-vulners-scanner-1.2.jar

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>burp-vulners-scanner</groupId>
     <artifactId>burp-vulners-scanner</artifactId>
-    <version>1.1</version>
+    <version>1.2</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -22,16 +22,10 @@
 
     <dependencies>
 
-        <dependency>
-            <groupId>org.codehaus.jackson</groupId>
-            <artifactId>jackson-mapper-asl</artifactId>
-            <version>1.9.13</version>
-        </dependency>
-
         <dependency>
             <groupId>com.codemagi</groupId>
             <artifactId>burp-suite-utils</artifactId>
-            <version>1.0.8</version>
+            <version>LATEST</version>
         </dependency>
 
         <dependency>
@@ -40,17 +34,16 @@
             <version>7.0.3</version>
         </dependency>
 
-        <dependency>
-            <groupId>com.mashape.unirest</groupId>
-            <artifactId>unirest-java</artifactId>
-            <version>1.4.9</version>
-        </dependency>
-
         <dependency>
             <groupId>org.jtwig</groupId>
             <artifactId>jtwig-core</artifactId>
             <version>5.85.3.RELEASE</version>
         </dependency>
+        <dependency>
+            <groupId>org.json</groupId>
+            <artifactId>json</artifactId>
+            <version>20160810</version>
+        </dependency>
 
     </dependencies>
 
@@ -77,8 +70,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.7</source>
-                    <target>1.7</target>
+                    <source>8</source>
+                    <target>8</target>
                 </configuration>
             </plugin>
 

src/main/java/burp/BurpExtender.java

@@ -7,12 +7,17 @@
 import com.codemagi.burp.ScannerMatch;
 import com.monikamorrow.burp.BurpSuiteTab;
 
+import java.io.IOException;
 import java.net.URL;
 import java.util.*;
+import java.util.regex.Pattern;
 
 
 public class BurpExtender extends PassiveScan {
 
+    public static String SETTING_API_KEY_NAME = "SETTING_API_KEY_NAME";
+
+    private String apiKey = "";
     private TabComponent tabComponent;
     private VulnersService vulnersService;
     private Map<String, Domain> domains = new HashMap<>();
@@ -28,8 +33,15 @@ protected void initPassiveScan() {
 
         mTab.addComponent(tabComponent.getRootPanel());
 
+        apiKey = callbacks.loadExtensionSetting(SETTING_API_KEY_NAME);
+        tabComponent.setAPIKey(apiKey);
+
         vulnersService = new VulnersService(this, callbacks, helpers, domains, tabComponent);
-        vulnersService.loadRules();
+        try {
+            vulnersService.loadRules();
+        } catch (IOException e) {
+            callbacks.printError("[Vulners]" + e.getMessage());
+        }
     }
 
     @Override
@@ -69,8 +81,6 @@ protected List<IScanIssue> processIssues(List<ScannerMatch> matches, IHttpReques
 
         String domainName = helpers.analyzeRequest(baseRequestResponse).getUrl().getHost();
         List<int[]> startStop = new ArrayList<>(1);
-        callbacks.printOutput("[Vulners] Processing issues for: " + domainName);
-
 
         //get the existing matches for this domain
         Domain domain = domains.get(domainName);
@@ -79,11 +89,23 @@ protected List<IScanIssue> processIssues(List<ScannerMatch> matches, IHttpReques
         }
 
         Collections.sort(matches); //matches must be in order
+        ScannerMatch lastMatch = null;
         for (ScannerMatch match : matches) {
+
+            // do not continue if software wal already found before
             if (domain.getSoftware().get(match.getType() + match.getMatchGroup()) != null) {
                 continue;
             }
 
+            // Ignore matches that overlapped previous positions. Usually it's the similar rule match
+            if (lastMatch !=null && (lastMatch.getStart() >= match.getStart() || lastMatch.getEnd() >= match.getEnd())) {
+                callbacks.printError("[Vulners] Ignore overlapped rule " + domainName + " new issue " + match.getFullMatch());
+                continue;
+            }
+            lastMatch = match;
+
+            callbacks.printOutput("[Vulners] Processing domain " + domainName + " new issue " + match.getFullMatch());
+
             Software software = new Software(
                     match.getType() + match.getMatchGroup(),
                     match.getType(),
@@ -118,4 +140,21 @@ public VulnersService getVulnersService() {
     Map<String, Map<String, String>> getMatchRules() {
         return matchRules;
     }
+
+    public String getApiKey() {
+        return apiKey;
+    }
+
+    public void setApiKey(String apiKey) {
+        apiKey = apiKey.trim();
+        Pattern pattern = Pattern.compile("[A-Z0-9]{0,128}");
+
+        if (pattern.matcher(apiKey).matches()) {
+            callbacks.printOutput("[Vulners] Set API key " + apiKey);
+            callbacks.saveExtensionSetting(SETTING_API_KEY_NAME, apiKey);
+            this.apiKey = apiKey;
+        } else {
+            callbacks.printError("[Vulners] Wrong api key provided, should match /[A-Z0-9]{64}/ " + apiKey);
+        }
+    }
 }

src/main/java/burp/HttpClient.java

@@ -1,54 +1,68 @@
 package burp;
 
-import com.mashape.unirest.http.Unirest;
-import org.apache.http.HttpHost;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.conn.ssl.TrustStrategy;
-import org.apache.http.impl.client.BasicCookieStore;
-import org.apache.http.impl.nio.client.CloseableHttpAsyncClient;
-import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
-import org.apache.http.impl.nio.client.HttpAsyncClients;
-import org.apache.http.ssl.SSLContexts;
-
-import javax.net.ssl.SSLContext;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-class HttpClient {
-
-    public static CloseableHttpAsyncClient createSSLClient() {
-        return createSSLClient(null);
+import org.json.JSONObject;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+public class HttpClient {
+
+    private static String VULNERS_API_HOST = "vulners.com";
+    private static String VULNERS_API_PATH = "/api/v3/burp/";
+
+    private final IBurpExtenderCallbacks callbacks;
+    private final IExtensionHelpers helpers;
+    private final BurpExtender burpExtender;
+
+    HttpClient(IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers, BurpExtender burpExtender) {
+        this.burpExtender = burpExtender;
+        this.callbacks = callbacks;
+        this.helpers = helpers;
     }
 
-    public static CloseableHttpAsyncClient createSSLClient(HttpHost proxy) {
-        TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
+    public JSONObject get(String action, Map<String, String> params) {
+        List<String> headers = new ArrayList<>();
+        headers.add("POST " + VULNERS_API_PATH + action + "/ HTTP/1.1");
+        headers.add("Host: " + VULNERS_API_HOST);
+        headers.add("User-Agent: vulners-burpscanner-v-1.2");
+        headers.add("Content-type: application/json");
 
-            @Override
-            public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
-                return true;
-            }
-        };
+        JSONObject jsonBody = new JSONObject();
 
-        try {
-            SSLContext sslContext = SSLContexts.custom()
-                    .loadTrustMaterial(null, acceptingTrustStrategy)
-                    .build();
+        if (burpExtender.getApiKey() != null) {
+            jsonBody = jsonBody.put("apiKey", burpExtender.getApiKey());
+        }
 
-            HttpAsyncClientBuilder client = HttpAsyncClients.custom()
-                    .setDefaultCookieStore(new BasicCookieStore())
-                    .setSSLContext(sslContext)
-                    .setSSLHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+        for (Map.Entry<String, String> p: params.entrySet()) {
+            jsonBody = jsonBody.put(p.getKey(), p.getValue());
+        }
 
-            if (proxy !=null) {
-                client.setProxy(proxy);
-            }
+        byte[] request = helpers.buildHttpMessage(headers, helpers.stringToBytes(jsonBody.toString()));
+        byte[] response = callbacks.makeHttpRequest(VULNERS_API_HOST, 443, true, request);
+        return parseResponse(response);
+    }
+
+    private JSONObject parseResponse(byte[] response) {
+        String responseString = helpers.bytesToString(response);
+        IResponseInfo iResponseInfo = helpers.analyzeResponse(response);
+        String jsonString = responseString.substring(iResponseInfo.getBodyOffset());
+
+        JSONObject object = new JSONObject(jsonString);
 
-            return client.build();
+        try {
+            if (object.getString("result").equals("OK")) {
+                return object.getJSONObject("data");
+            } else {
+                callbacks.printOutput("[DEBUG] not OK");
+                callbacks.printOutput(jsonString);
+                return object;
+            }
         } catch (Exception e) {
-            System.out.println("Could not create SSLContext");
-            return null;
+            callbacks.printError("[ERROR]");
+            callbacks.printError(jsonString);
+            return object;
         }
-
     }
+
 }

src/main/java/burp/PathIssue.java

@@ -1,6 +1,5 @@
 package burp;
 
-import burp.models.Software;
 import burp.models.Vulnerability;
 import com.codemagi.burp.ScanIssueConfidence;
 import com.codemagi.burp.ScanIssueSeverity;
@@ -10,7 +9,6 @@
 
 import java.net.URL;
 import java.util.Collection;
-import java.util.List;
 import java.util.Set;
 
 public class PathIssue implements IScanIssue {
@@ -22,7 +20,7 @@ public class PathIssue implements IScanIssue {
     private final String path;
     private final Set<Vulnerability> vulnerabilities;
 
-    public PathIssue(IHttpRequestResponse baseRequestResponse, IExtensionHelpers helpers, IBurpExtenderCallbacks callbacks, String path, Set<Vulnerability> vulnerabilities) {
+    PathIssue(IHttpRequestResponse baseRequestResponse, IExtensionHelpers helpers, IBurpExtenderCallbacks callbacks, String path, Set<Vulnerability> vulnerabilities) {
         this.baseRequestResponse = baseRequestResponse;
         this.helpers = helpers;
         this.callbacks = callbacks;

src/main/java/burp/SoftwareIssue.java

@@ -5,13 +5,8 @@
 import com.codemagi.burp.ScanIssueConfidence;
 import com.codemagi.burp.ScanIssueSeverity;
 import com.google.common.base.Function;
-import com.google.common.base.Predicates;
 import com.google.common.collect.Collections2;
 import com.google.common.collect.Ordering;
-import org.jtwig.environment.DefaultEnvironmentConfiguration;
-import org.jtwig.environment.Environment;
-import org.jtwig.environment.EnvironmentConfiguration;
-import org.jtwig.environment.EnvironmentFactory;
 
 import java.net.URL;
 import java.util.Collection;
@@ -23,8 +18,8 @@ public class SoftwareIssue implements IScanIssue {
     private final IExtensionHelpers helpers;
     private final IBurpExtenderCallbacks callbacks;
     private final List<int[]> startStop;
-    private final Software software;
-    private final Environment environment;
+
+    private Software software;
 
     SoftwareIssue(IHttpRequestResponse baseRequestResponse, IExtensionHelpers helpers, IBurpExtenderCallbacks callbacks, List<int[]> startStop, Software software) {
         this.baseRequestResponse = baseRequestResponse;
@@ -33,11 +28,6 @@ public class SoftwareIssue implements IScanIssue {
         this.startStop = startStop;
 
         this.software = software;
-
-        // Environment
-        EnvironmentConfiguration configuration = new DefaultEnvironmentConfiguration();
-        EnvironmentFactory environmentFactory = new EnvironmentFactory();
-        this.environment = environmentFactory.create(configuration);
     }
 
     @Override
@@ -132,17 +122,21 @@ public int getIssueType() {
 
     @Override
     public String getRemediationDetail() {
-        return null;
+        return "";
     }
 
     @Override
     public String getIssueBackground() {
-        return null;
+        return "";
     }
 
     @Override
     public String getRemediationBackground() {
-        return null;
+        return "";
+    }
+
+    public void setSoftware(Software software) {
+        this.software = software;
     }
 
     private boolean hasVulnerabilities() {

src/main/java/burp/Utils.java

@@ -4,9 +4,11 @@
 import com.google.common.base.Function;
 import com.google.common.collect.Collections2;
 import com.google.common.collect.Ordering;
+import org.json.JSONArray;
+import org.json.JSONObject;
 
 import java.util.Collection;
-import java.util.List;
+import java.util.HashSet;
 import java.util.Set;
 
 /**
@@ -44,4 +46,21 @@ public String apply(Vulnerability vulnerability) {
                 }
         );
     }
+
+
+    public static Set<Vulnerability> getVulnerabilities(JSONObject data) {
+        Set<Vulnerability> vulnerabilities = new HashSet<>();
+
+        if (!data.has("search")) {
+            return vulnerabilities;
+        }
+
+        JSONArray bulletins = data.getJSONArray("search");
+        for (Object bulletin : bulletins) {
+            vulnerabilities.add(
+                    new Vulnerability(((JSONObject) bulletin).getJSONObject("_source"))
+            );
+        }
+        return vulnerabilities;
+    }
 }