github-starred/burp-ui
2
0
Fork 0
mirror of https://github.com/ziirish/burp-ui.git synced 2026-05-15 06:05:58 -06:00
Code Issues 1 Projects Packages Wiki Activity Actions

doc

Browse source
This commit is contained in:
ziirish 2015-10-08 19:14:50 +02:00
parent e085eb7c88
commit 07bc163a1e
13 changed files with 326 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

14
burpui/misc/acl/basic.py
View file

@ -9,7 +9,9 @@ import json
class ACLloader(BUIaclLoader):
"""See :class:`burpui.misc.acl.interface.BUIaclLoader`"""
def __init__(self, app=None, standalone=False):
"""See :func:`burpui.misc.acl.interface.BUIaclLoader.__init__`"""
self.app = app
self.admins = [
'admin'
@ -55,13 +57,21 @@ class ACLloader(BUIaclLoader):
@property
def acl(self):
"""Property to retrieve the backend"""
if self._acl:
return self._acl
return None
class BasicACL(BUIacl):
"""See :class:`burpui.misc.acl.interface.BUIacl`"""
def __init__(self, handler=None):
""":func:`burpui.misc.acl.interface.BUIacl.__init__` instanciate ACL
engine.
:param handler: ACL handler
:type handler: :class:`burpui.misc.acl.interface.BUIaclLoader`
"""
if not handler:
return
self.handler = handler
@ -71,11 +81,13 @@ class BasicACL(BUIacl):
self.srv = handler.servers
def is_admin(self, username=None):
"""See :func:`burpui.misc.acl.interface.BUIacl.is_admin`"""
if not username:
return False
return username in self.admins
def clients(self, username=None, server=None):
"""See :func:`burpui.misc.acl.interface.BUIacl.clients`"""
if not username:
return []
if username in self.cls:
@ -91,11 +103,13 @@ class BasicACL(BUIacl):
return [username]
def servers(self, username=None):
"""See :func:`burpui.misc.acl.interface.BUIacl.servers`"""
if username and username in self.srv:
return self.srv[username]
return []
def is_client_allowed(self, username=None, client=None, server=None):
"""See :func:`burpui.misc.acl.interface.BUIacl.is_client_allowed`"""
if not username or not client:
return False
# No server defined whereas we have an extended ACL

77
burpui/misc/acl/interface.py
View file

@ -1,21 +1,88 @@
# -*- coding: utf8 -*-
"""
.. module:: burpui.misc.acl.interface
:platform: Unix
:synopsis: Burp-UI ACL interface.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
"""
class BUIaclLoader:
"""The :class:`burpui.misc.acl.interface.BUIaclLoader` class is used to
load the actual ACL backend"""
def __init__(self, app=None, standalone=False):
""":func:`burpui.misc.acl.interface.BUIaclLoader.__init__` instanciate
the loader.
:param app: Application context
:type app: :class:`burpui.server.BUIServer`
:param standalone: Multi-agent or standalone mode
:type standalone: bool
"""
pass
@property
def acl(self):
raise NotImplementedError("Sorry, the current Backend does not implement this method!")
"""Property to retrieve the backend"""
return None
class BUIacl:
"""The :class:`burpui.misc.acl.interface.BUIacl` class represents the ACL
engine.
"""
def is_admin(self, username=None):
raise NotImplementedError("Sorry, the current Backend does not implement this method!")
""":func:`burpui.misc.acl.interface.BUIacl.is_admin` is used to know if
a user has administrator rights.
:param username: Username to check
:type username: str
:returns: True if the user has admin rights, otherwise False
"""
return False
def clients(self, username=None, server=None):
raise NotImplementedError("Sorry, the current Backend does not implement this method!")
""":func:`burpui.misc.acl.interface.BUIacl.clients` returns a list of
allowed clients for a given user.
:param username: Username to check
:type username: str
:param server: Server name. Used in multi-agent mode
:type server: str
:returns: A list of clients
"""
return []
def servers(self, username=None):
raise NotImplementedError("Sorry, the current Backend does not implement this method!")
""":func:`burpui.misc.acl.interface.BUIacl.servers` returns a list of
allowed servers for a given user.
:param username: Username to check
:type username: str
:returns: A list of servers
"""
return []
def is_client_allowed(self, username=None, client=None, server=None):
raise NotImplementedError("Sorry, the current Backend does not implement this method!")
""":func:`burpui.misc.acl.interface.BUIacl.is_client_allowed` tells us
if a given user has access to a given client on a given server.
:param username: Username to check
:type username: str
:param client: Client to check
:type client: str
:param server: Server to check
:type server: str
:returns: True if username is granted, otherwise False
"""
return False

4
burpui/misc/auth/interface.py
View file

@ -32,7 +32,7 @@ class BUIhandler:
:returns: The corresponding user object
"""
raise NotImplementedError("Sorry, the current Backend does not implement this method!")
return None
class BUIuser(UserMixin):
@ -51,4 +51,4 @@ class BUIuser(UserMixin):
:returns: True if the name and password match, otherwise False
"""
raise NotImplementedError("Sorry, the current Backend does not implement this method!")
return False

4
burpui/misc/backend/burp1.py
View file

@ -26,7 +26,7 @@ import codecs
from future.utils import iteritems
from pipes import quote
from burpui.misc.utils import human_readable as _hr, BUIlogging, BUIcompress
from burpui.misc.utils import human_readable as _hr, BUIcompress
from burpui.misc.backend.interface import BUIbackend, BUIserverException
from burpui.misc.parser.burp1 import Parser
@ -44,7 +44,7 @@ g_burpconfsrv = u'/etc/burp/burp-server.conf'
g_tmpdir = u'/tmp/bui'
class Burp(BUIbackend, BUIlogging):
class Burp(BUIbackend):
"""The :class:`burpui.misc.backend.burp1.Burp` class provides a consistent
backend for ``burp-1`` servers.

9
burpui/misc/backend/interface.py
View file

@ -7,9 +7,10 @@
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
"""
from burpui.misc.utils import BUIlogging
class BUIbackend:
class BUIbackend(BUIlogging):
"""The :class:`burpui.misc.backend.interface.BUIbackend` class provides
a consistent interface backend for any ``burp`` server.
@ -47,7 +48,7 @@ class BUIbackend:
:returns: The output returned by the server parsed as an array
example::
Example::
[
"client1\t2\ti\t576 0 1443766803",
@ -75,7 +76,7 @@ class BUIbackend:
:returns: Dict containing the backup log
example::
Example::
{
"dir": {
@ -486,7 +487,7 @@ class BUIbackend:
:param data: Data as sent by the web-form
:type data: dict
:param conf: force the file path (for file inclusions for instance)
:param conf: Force the file path (for file inclusions for instance)
:type conf: str
:param agent: What server to ask (only in multi-agent mode)

3
burpui/misc/backend/multi.py
View file

@ -19,10 +19,9 @@ except ImportError:
from future.utils import iteritems
from burpui.misc.backend.interface import BUIbackend, BUIserverException
from burpui.misc.utils import BUIlogging
class Burp(BUIbackend, BUIlogging):
class Burp(BUIbackend):
"""The :class:`burpui.misc.backend.multi.Burp` class provides a consistent
backend to interact with ``agents``.

20
burpui/misc/parser/burp1.py
View file

@ -10,7 +10,12 @@ from burpui.misc.utils import BUIlogging
from burpui.misc.parser.interface import BUIparser
class Parser(BUIparser, BUIlogging):
class Parser(BUIparser):
""":class:`burpui.misc.parser.burp1.Parser` provides a consistent interface
to parse burp configuration files.
It implements :class:`burpui.misc.parser.interface.BUIparser`.
"""
pver = 1
defaults = {
u'address': u'', # IP
@ -503,6 +508,7 @@ class Parser(BUIparser, BUIlogging):
}
def __init__(self, app=None, conf=None):
"""See :func:`burpui.misc.parser.interface.BUIparser.__init__`"""
super(Parser, self).__init__(app, conf)
self._logger('info', 'Parser initialized with: %s', self.conf)
self.clientconfdir = None
@ -590,7 +596,7 @@ class Parser(BUIparser, BUIlogging):
return dic, boolean, multi, integer, includes, includes_ext
def path_expander(self, pattern=None, client=None):
"""This method returns a list of files matching the given pattern"""
"""See :func:`burpui.misc.parser.interface.BUIparser.path_expander`"""
# TODO: enhance security by allowing only some paths (ie. remove '..' if needed)
if not pattern:
return []
@ -605,6 +611,7 @@ class Parser(BUIparser, BUIlogging):
return [x for x in glob(pattern) if os.path.isfile(x) and not x.endswith('~')]
def remove_client(self, client=None):
"""See :func:`burpui.misc.parser.interface.BUIparser.remove_client`"""
if not client:
return [2, "No client provided"]
try:
@ -614,6 +621,7 @@ class Parser(BUIparser, BUIlogging):
return [2, str(e)]
def read_client_conf(self, client=None, conf=None):
"""See :func:`burpui.misc.parser.interface.BUIparser.read_client_conf`"""
res = {
u'common': [],
u'boolean': [],
@ -648,6 +656,7 @@ class Parser(BUIparser, BUIlogging):
return res
def read_server_conf(self, conf=None):
"""See :func:`burpui.misc.parser.interface.BUIparser.read_server_conf`"""
mconf = None
res = {
u'common': [],
@ -692,6 +701,7 @@ class Parser(BUIparser, BUIlogging):
return res
def store_client_conf(self, data, client=None, conf=None):
"""See :func:`burpui.misc.parser.interface.BUIparser.store_client_conf`"""
if conf and not conf.startswith('/'):
conf = os.path.join(self.clientconfdir, conf)
if not conf and not client:
@ -701,6 +711,7 @@ class Parser(BUIparser, BUIlogging):
return self.store_conf(data, conf, mode='cli')
def store_conf(self, data, conf=None, mode='srv'):
"""See :func:`burpui.misc.parser.interface.BUIparser.store_conf`"""
mconf = None
if not conf:
mconf = self.conf
@ -853,7 +864,10 @@ class Parser(BUIparser, BUIlogging):
key = key.strip()
return key not in keys
def get_priv_attr(self, key):
def get_priv_attr(self, key=None):
"""See :func:`burpui.misc.parser.interface.BUIparser.get_priv_attr`"""
if not key:
return []
try:
return getattr(self, key)
except:

177
burpui/misc/parser/interface.py
View file

@ -1,28 +1,199 @@
# -*- coding: utf8 -*-
"""
.. module:: burpui.misc.parser.interface
:platform: Unix
:synopsis: Burp-UI parser interface.
.. moduleauthor:: Ziirish <ziirish@ziirish.info>
class BUIparser(object):
"""
from burpui.misc.utils import BUIlogging
class BUIparser(BUIlogging):
""":class:`burpui.misc.parser.interface.BUIparser` defines a generic
interface for ``burp`` configuration files parser.
"""
def __init__(self, app=None, conf=None):
""":func:`burpui.misc.parser.interface.BUIparser.__init__` instanciate
the parser.
:param app: The application context
:type app: :class:`burpui.server.BUIServer`
:param conf: The main configuration file
:type conf: str
"""
self.app = app
self.conf = conf
self.logger = None
if self.app:
self.logger = self.app.logger
def read_server_conf(self):
def read_server_conf(self, conf=None):
""":func:`burpui.misc.parser.interface.BUIparser.read_server_conf` is
called by :func:`burpui.misc.backend.interface.BUIbackend.read_conf_srv`
in order to parse the burp-server configuration file.
:param conf: Complementary configuration file (for instance, file
inclusions)
:type conf: str
:returns: Dict of options
Example::
{
"boolean": [
{
"name": "hardlinked_archive",
"value": false
},
{
"name": "syslog",
"value": true
},
],
"clients": [
{
"name": "client1",
"value": "/etc/burp/clientconfdir/client1"
},
{
"name": "client2",
"value": "/etc/burp/clientconfdir/client2"
},
],
"common": [
{
"name": "mode",
"value": "server"
},
{
"name": "directory",
"value": "/srv/burp"
},
],
"includes": [],
"includes_ext": [],
"integer": [
{
"name": "port",
"value": 4971
},
{
"name": "status_port",
"value": 4972
},
{
"name": "max_children",
"value": 5
},
{
"name": "max_status_children",
"value": 5
}
],
"multi": [
{
"name": "keep",
"value": [
"7",
"4",
"4"
]
},
{
"name": "timer_arg",
"value": [
"12h",
"Mon,Tue,Thu,Fri,17,18,19,20,21,22,23",
"Wed,Sat,Sun,06,07,08,09,10,11,12,13,14,15,16,17,18,19,20,21,22,23"
]
},
],
}
"""
raise NotImplementedError("Sorry, the current Parser does not implement this method!")
def store_client_conf(self, data, client=None, conf=None):
""":func:`burpui.misc.parser.interface.BUIparser.store_client_conf` is
used by :func:`burpui.misc.backend.BUIbackend.store_conf_cli`.
It works the same way as :func:`burpui.misc.parser.interface.BUIparser.store_conf`
with an extra parameter:
:param client: Name of the client for which to apply this config
:type client: str
"""
raise NotImplementedError("Sorry, the current Parser does not implement this method!")
def store_conf(self, data, conf=None, mode='srv'):
""":func:`burpui.misc.parser.interface.BUIparser.store_conf` is used to
store the configuration from the web-ui into the actual configuration
files.
It is used by :func:`burpui.misc.backend.BUIbackend.store_conf_srv`.
:param data: Data sent by the web-form
:type data: dict
:param conf: Force the file path (for file inclusions for instance)
:type conf: str
:param mode: We actually use the same method for clients and server files
:type mode: str
:returns: A list of notifications to return to the UI (success or
failure)
Example::
[[0, "Success"]]
"""
raise NotImplementedError("Sorry, the current Parser does not implement this method!")
def get_priv_attr(self, key):
""":func:`burpui.misc.parser.interface.BUIparser.get_priv_attr` is used
to retrieve some attributes from the Parser.
It is used by :func:`burpui.misc.backend.interface.BUIbackend.get_parser_attr`
:param key: Name of the attribute to retrieve
:type key: str
:returns: The requested attribute or an empty list
"""
raise NotImplementedError("Sorry, the current Parser does not implement this method!")
def path_expander(self, pattern=None):
def path_expander(self, pattern=None, client=None):
""":func:`burpui.misc.parser.interface.BUIparser.path_expander` is used
to expand path of file inclusions glob the user can set in the setting
panel.
:param pattern: The glob/path to expand
:type pattern: str
:param client: The client name when working on client files
:type client: str
:returns: A list of files or an empty list
"""
raise NotImplementedError("Sorry, the current Parser does not implement this method!")
def remove_client(self, client=None):
""":func:`burpui.misc.parser.interface.BUIparser.remove_client` is used
to delete a client from burp's configuration.
:param client: The name of the client to remove
:type client: str
:returns: A list of notifications to return to the UI (success or
failure)
"""
raise NotImplementedError("Sorry, the current Parser does not implement this method!")
def read_client_conf(self, client=None, conf=None):
""":func:`burpui.misc.parser.interface.BUIparser.read_client_conf` is
called by :func:`burpui.misc.backend.interface.BUIbackend.read_conf_cli`
in order to parse the burp-clients configuration files.
It works the same way as :func:`burpui.misc.parser.interface.BUIparser.read_server_conf`
"""
raise NotImplementedError("Sorry, the current Parser does not implement this method!")

13
docs/acl.rst Normal file
View file

@ -0,0 +1,13 @@
ACL
===
Here is the *acl* interface definition in order to implement a new acl backend.
It is composed by two classes.
.. autoclass:: burpui.misc.acl.interface.BUIaclLoader
:members:
:inherited-members:
.. autoclass:: burpui.misc.acl.interface.BUIacl
:members:
:inherited-members:

13
docs/auth.rst Normal file
View file

@ -0,0 +1,13 @@
Auth
====
Here is the *auth* interface definition in order to implement a new
authentication backend. It is composed by two classes.
.. autoclass:: burpui.misc.auth.interface.BUIhandler
:members:
:inherited-members:
.. autoclass:: burpui.misc.auth.interface.BUIuser
:members:
:inherited-members:

2
docs/backend.rst
View file

@ -1,6 +1,8 @@
Backend
=======
Here is the *backend* interface definition in order to implement a new backend.
.. autoclass:: burpui.misc.backend.interface.BUIbackend
:members:
:inherited-members:

3
docs/developer.rst
View file

@ -6,3 +6,6 @@ Developer Guide
api
backend
parser
auth
acl

8
docs/parser.rst Normal file
View file

@ -0,0 +1,8 @@
Parser
======
Here is the *parser* interface definition in order to implement a new parser.
.. autoclass:: burpui.misc.parser.interface.BUIparser
:members:
:inherited-members: