Add the option to restrict the logging to the requests that are inclu…

…ded into the defined target scope.
righettod · Sep 9, 2018 · fca9052 · fca9052
1 parent a984376
commit fca9052
Show file tree

Hide file tree

Showing 9 changed files with 170 additions and 16 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,12 @@ Once loaded, the extension create, if needed, a DB file named **ActivityTrailLog
 
 ![DB Content](example2.png)
 
+There is an option to restrict the logging to the requests that are included into the defined target scope (BURP tab **Target** > **Scope**):
+
+![Option Menu State 1](example3.png)
+
+![Option Menu State 2](example4.png)
+
 # Build the extension JAR file
 
 Use the following command and the JAR file will be located in folder **build/lib**:
@@ -41,6 +47,10 @@ $ gradlew clean fatJar
 
 # Change log
 
+**1.0.1**
+
+* Add the option to restrict the logging to the requests that are included into the defined target scope.
+
 **1.0.0**
 
 * Creation of the extension and initial release.

diff --git a/build.gradle b/build.gradle
@@ -1,7 +1,7 @@
 apply plugin: 'java'
 
 group 'eu.righettod'
-version '1.0.0'
+version '1.0.1'
 
 repositories {
     mavenCentral()

diff --git a/example1.png b/example1.png
diff --git a/example3.png b/example3.png
diff --git a/example4.png b/example4.png
diff --git a/src/burp/ActivityHttpListener.java b/src/burp/ActivityHttpListener.java
@@ -15,25 +15,43 @@ class ActivityHttpListener implements IHttpListener {
      */
     private Trace trace;
 
+    /**
+     * Ref on Burp tool to manipulate the HTTP requests and have access to API to identify the source of the activity (tool name).
+     */
+    private IBurpExtenderCallbacks callbacks;
+
     /**
      * Constructor.
      *
      * @param activityLogger Ref on handler that will store the activity information into the activity log storage.
      * @param trace          Ref on project logger.
+     * @param callbacks      Ref on Burp tool to manipulate the HTTP requests and have access to API to identify the source of the activity (tool name).
      */
-    ActivityHttpListener(ActivityLogger activityLogger, Trace trace) {
+    ActivityHttpListener(ActivityLogger activityLogger, Trace trace, IBurpExtenderCallbacks callbacks) {
         this.activityLogger = activityLogger;
         this.trace = trace;
+        this.callbacks = callbacks;
     }
 
     /**
      * {@inheritDoc}
      */
     public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
         try {
-            //Save the information of the current request if the message is an HTTP request
+            //Save the information of the current request if the message is an HTTP request and according to the scope restriction option
             if (messageIsRequest) {
-                this.activityLogger.logEvent(toolFlag, messageInfo);
+                boolean mustLogRequest = false;
+                IRequestInfo reqInfo = callbacks.getHelpers().analyzeRequest(messageInfo);
+                if (!ConfigMenu.ONLY_INCLUDE_REQUESTS_FROM_SCOPE) {
+                    mustLogRequest = true;
+                } else if (this.callbacks.isInScope(reqInfo.getUrl())) {
+                    mustLogRequest = true;
+                }
+
+                //Log the request if the condition are meet
+                if (mustLogRequest) {
+                    this.activityLogger.logEvent(toolFlag, reqInfo, messageInfo.getRequest());
+                }
             }
         } catch (Exception e) {
             this.trace.writeLog("Cannot save request: " + e.getMessage());

diff --git a/src/burp/ActivityLogger.java b/src/burp/ActivityLogger.java
@@ -76,17 +76,14 @@ class ActivityLogger implements IExtensionStateListener {
     /**
      * Save an activity event into the storage.
      *
-     * @param toolFlag    A flag indicating the Burp tool that issued the request.
-     *                    Burp tool flags are defined in the
-     *                    <code>IBurpExtenderCallbacks</code> interface.
-     * @param messageInfo Details of the request / response to be processed.
-     *                    Extensions can call the setter methods on this object to update the
-     *                    current message and so modify Burp's behavior.
+     * @param toolFlag   A flag indicating the Burp tool that issued the request.
+     *                   Burp tool flags are defined in the
+     *                   <code>IBurpExtenderCallbacks</code> interface.
+     * @param reqInfo    Details of the request to be processed.
+     * @param reqContent Raw content of the request.
      * @throws Exception If event cannot be saved.
      */
-    void logEvent(int toolFlag, IHttpRequestResponse messageInfo) throws Exception {
-        //Extract useful information from the request
-        IRequestInfo reqInfo = callbacks.getHelpers().analyzeRequest(messageInfo);
+    void logEvent(int toolFlag, IRequestInfo reqInfo, byte[] reqContent) throws Exception {
         //Verify that the DB connection is still opened
         if (this.storageConnection.isClosed()) {
             //Get new one
@@ -100,7 +97,7 @@ void logEvent(int toolFlag, IHttpRequestResponse messageInfo) throws Exception {
             stmt.setString(2, reqInfo.getUrl().toString());
             stmt.setString(3, reqInfo.getMethod());
             stmt.setString(4, callbacks.getToolName(toolFlag));
-            stmt.setString(5, callbacks.getHelpers().bytesToString(messageInfo.getRequest()));
+            stmt.setString(5, callbacks.getHelpers().bytesToString(reqContent));
             stmt.setString(6, LocalDateTime.now().format(this.datetimeFormatter));
             int count = stmt.executeUpdate();
             if (count != 1) {

diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java
@@ -1,5 +1,6 @@
 package burp;
 
+import javax.swing.SwingUtilities;
 import java.io.File;
 
 /**
@@ -15,11 +16,14 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
             String extensionName = "ActivityTrailLog";
             callbacks.setExtensionName(extensionName);
             Trace trace = new Trace(callbacks);
-            String storeFileName = new File(System.getProperty("user.home"),extensionName + ".db").getAbsolutePath().replaceAll("\\\\","/");
+            ConfigMenu configMenu = new ConfigMenu(callbacks, trace);
+            SwingUtilities.invokeLater(configMenu);
+            String storeFileName = new File(System.getProperty("user.home"), extensionName + ".db").getAbsolutePath().replaceAll("\\\\", "/");
             ActivityLogger activityLogger = new ActivityLogger(storeFileName, callbacks, trace);
-            ActivityHttpListener activityHttpListener = new ActivityHttpListener(activityLogger, trace);
+            ActivityHttpListener activityHttpListener = new ActivityHttpListener(activityLogger, trace, callbacks);
             callbacks.registerHttpListener(activityHttpListener);
             callbacks.registerExtensionStateListener(activityLogger);
+            callbacks.registerExtensionStateListener(configMenu);
         } catch (Exception e) {
             callbacks.issueAlert("Cannot start the extension: " + e.getMessage());
         }

diff --git a/src/burp/ConfigMenu.java b/src/burp/ConfigMenu.java
@@ -0,0 +1,125 @@
+package burp;
+
+import javax.swing.AbstractAction;
+import javax.swing.JCheckBoxMenuItem;
+import javax.swing.JFrame;
+import javax.swing.JMenu;
+import javax.swing.JMenuBar;
+import java.awt.Frame;
+import java.awt.event.ActionEvent;
+
+/**
+ * Menu to configure the extension options. Currently, there only a single option that allow to restrict the logging to defined target scope.
+ */
+class ConfigMenu implements Runnable, IExtensionStateListener {
+
+    /**
+     * Expose the single configuration option to the extension classes.
+     */
+    static volatile boolean ONLY_INCLUDE_REQUESTS_FROM_SCOPE = Boolean.FALSE;
+
+    /**
+     * Option configuration key.
+     */
+    private static final String CFG_KEY = "ONLY_INCLUDE_REQUESTS_FROM_SCOPE";
+
+    /**
+     * Extension root configuration menu.
+     */
+    private JMenu cfgMenu;
+
+    /**
+     * Ref on Burp tool to manipulate the HTTP requests and have access to API to identify the source of the activity (tool name).
+     */
+    private IBurpExtenderCallbacks callbacks;
+
+    /**
+     * Ref on project logger.
+     */
+    private Trace trace;
+
+
+    /**
+     * Constructor.
+     *
+     * @param callbacks Ref on Burp tool to manipulate the HTTP requests and have access to API to identify the source of the activity (tool name).
+     * @param trace     Ref on project logger.
+     */
+    ConfigMenu(IBurpExtenderCallbacks callbacks, Trace trace) {
+        this.callbacks = callbacks;
+        this.trace = trace;
+        //Load the save state of the options
+        String value = this.callbacks.loadExtensionSetting(CFG_KEY);
+        if (value != null) {
+            ONLY_INCLUDE_REQUESTS_FROM_SCOPE = Boolean.parseBoolean(value);
+        }
+    }
+
+    /**
+     * Build the options menu used to configure the extension.
+     */
+    @Override
+    public void run() {
+        //Build the menu
+        String menuText = "Log only requests from defined target scope";
+        this.cfgMenu = new JMenu("Audit Trail");
+        final JCheckBoxMenuItem scopeMenuItem = new JCheckBoxMenuItem(menuText, ONLY_INCLUDE_REQUESTS_FROM_SCOPE);
+        scopeMenuItem.addActionListener(new AbstractAction(menuText) {
+            public void actionPerformed(ActionEvent e) {
+                if (scopeMenuItem.isSelected()) {
+                    ConfigMenu.this.callbacks.saveExtensionSetting(CFG_KEY, Boolean.TRUE.toString());
+                    ConfigMenu.this.ONLY_INCLUDE_REQUESTS_FROM_SCOPE = Boolean.TRUE;
+                    ConfigMenu.this.trace.writeLog("From now, only requests from defined target scope will be logged.");
+                } else {
+                    ConfigMenu.this.callbacks.saveExtensionSetting(CFG_KEY, Boolean.FALSE.toString());
+                    ConfigMenu.this.ONLY_INCLUDE_REQUESTS_FROM_SCOPE = Boolean.FALSE;
+                    ConfigMenu.this.trace.writeLog("From now, all requests will be logged.");
+                }
+            }
+        });
+        this.cfgMenu.add(scopeMenuItem);
+        //Add it to BURP menu
+        JFrame burpFrame = ConfigMenu.getBurpFrame();
+        if (burpFrame != null) {
+            JMenuBar jMenuBar = burpFrame.getJMenuBar();
+            jMenuBar.add(this.cfgMenu);
+            jMenuBar.repaint();
+            this.trace.writeLog("Configuration menu added.");
+        } else {
+            this.trace.writeLog("Cannot add the configuration menu (ref on the BURP frame is null).");
+        }
+    }
+
+    /**
+     * Remove the menu from BURP menu bar.
+     *
+     * @see "https://github.com/PortSwigger/param-miner/blob/master/src/burp/Utilities.java"
+     */
+    @Override
+    public void extensionUnloaded() {
+        JFrame burpFrame = ConfigMenu.getBurpFrame();
+        if (burpFrame != null && this.cfgMenu != null) {
+            JMenuBar jMenuBar = burpFrame.getJMenuBar();
+            jMenuBar.remove(this.cfgMenu);
+            jMenuBar.repaint();
+            this.trace.writeLog("Configuration menu removed.");
+        } else {
+            this.trace.writeLog("Cannot remove the configuration menu (ref on the BURP frame is null).");
+        }
+    }
+
+    /**
+     * Get a reference on the BURP main frame.
+     *
+     * @return BURP main frame.
+     * @see "https://github.com/PortSwigger/param-miner/blob/master/src/burp/Utilities.java"
+     */
+    private static JFrame getBurpFrame() {
+        for (Frame f : Frame.getFrames()) {
+            if (f.isVisible() && f.getTitle().startsWith(("Burp Suite"))) {
+                return (JFrame) f;
+            }
+        }
+        return null;
+    }
+}