v0.1.0

Author: BitTheByte

.gitignore

@@ -0,0 +1,2 @@
+.idea
+out/*

BitTraversal.iml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

README.md

@@ -0,0 +1,3 @@
+# BitTraversal - in development
+
+Recursive Directory Traversal Scanner 

list/payloads.list

@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Main-Class: burp.BurpExtender
+

list/regex.list

@@ -0,0 +1,40 @@
+package burp;
+
+import scanner.Executor;
+import utils.UrlUtils;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.net.MalformedURLException;
+import java.net.URISyntaxException;
+import java.net.URL;
+
+public class BurpExtender implements burp.IBurpExtender, burp.IHttpListener
+{
+    public static PrintWriter stdout;
+    public static PrintWriter stderr;
+    public static burp.IExtensionHelpers helpers;
+    public static IBurpExtenderCallbacks callbacks;
+
+    @Override
+    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
+    {
+        BurpExtender.callbacks = callbacks;
+        callbacks.setExtensionName("Bit/Traversal");
+
+        stdout  = new PrintWriter(callbacks.getStdout(), true);
+        stderr  = new PrintWriter(callbacks.getStderr(),true);
+        helpers = callbacks.getHelpers();
+        stdout.println("0.1v - loaded");
+
+        callbacks.registerHttpListener(this);
+    }
+
+
+    @Override
+    public void processHttpMessage(int toolFlag, boolean messageIsRequest, burp.IHttpRequestResponse messageInfo) throws IOException, URISyntaxException {
+        if (!messageIsRequest)
+            return;
+        new Executor().Scan(messageInfo);
+    }
+}

src/META-INF/MANIFEST.MF

@@ -0,0 +1,97 @@
+package burp;
+
+/*
+ * @(#)IBurpCollaboratorClientContext.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Community Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * This interface represents an instance of a Burp Collaborator client context,
+ * which can be used to generate Burp Collaborator payloads and poll the
+ * Collaborator server for any network interactions that result from using those
+ * payloads. Extensions can obtain new instances of this class by calling
+ * <code>IBurpExtenderCallbacks.createBurpCollaboratorClientContext()</code>.
+ * Note that each Burp Collaborator client context is tied to the Collaborator
+ * server configuration that was in place at the time the context was created.
+ */
+public interface IBurpCollaboratorClientContext
+{
+
+    /**
+     * This method is used to generate new Burp Collaborator payloads.
+     *
+     * @param includeCollaboratorServerLocation Specifies whether to include the
+     * Collaborator server location in the generated payload.
+     * @return The payload that was generated.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    String generatePayload(boolean includeCollaboratorServerLocation);
+
+    /**
+     * This method is used to retrieve all interactions received by the
+     * Collaborator server resulting from payloads that were generated for this
+     * context.
+     *
+     * @return The Collaborator interactions that have occurred resulting from
+     * payloads that were generated for this context.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchAllCollaboratorInteractions();
+
+    /**
+     * This method is used to retrieve interactions received by the Collaborator
+     * server resulting from a single payload that was generated for this
+     * context.
+     *
+     * @param payload The payload for which interactions will be retrieved.
+     * @return The Collaborator interactions that have occurred resulting from
+     * the given payload.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchCollaboratorInteractionsFor(String payload);
+
+    /**
+     * This method is used to retrieve all interactions made by Burp Infiltrator
+     * instrumentation resulting from payloads that were generated for this
+     * context.
+     *
+     * @return The interactions triggered by the Burp Infiltrator
+     * instrumentation that have occurred resulting from payloads that were
+     * generated for this context.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchAllInfiltratorInteractions();
+
+    /**
+     * This method is used to retrieve interactions made by Burp Infiltrator
+     * instrumentation resulting from a single payload that was generated for
+     * this context.
+     *
+     * @param payload The payload for which interactions will be retrieved.
+     * @return The interactions triggered by the Burp Infiltrator
+     * instrumentation that have occurred resulting from the given payload.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchInfiltratorInteractionsFor(String payload);
+
+    /**
+     * This method is used to retrieve the network location of the Collaborator
+     * server.
+     *
+     * @return The hostname or IP address of the Collaborator server.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    String getCollaboratorServerLocation();
+}

src/burp/BurpExtender.java

@@ -0,0 +1,41 @@
+package burp;
+
+/*
+ * @(#)IBurpCollaboratorInteraction.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Community Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.Map;
+
+/**
+ * This interface represents a network interaction that occurred with the Burp
+ * Collaborator server.
+ */
+public interface IBurpCollaboratorInteraction
+{
+
+    /**
+     * This method is used to retrieve a property of the interaction. Properties
+     * of all interactions are: interaction_id, type, client_ip, and time_stamp.
+     * Properties of DNS interactions are: query_type and raw_query. The
+     * raw_query value is Base64-encoded. Properties of HTTP interactions are:
+     * protocol, request, and response. The request and response values are
+     * Base64-encoded.
+     *
+     * @param name The name of the property to retrieve.
+     * @return A string representing the property value, or null if not present.
+     */
+    String getProperty(String name);
+
+    /**
+     * This method is used to retrieve a map containing all properties of the
+     * interaction.
+     *
+     * @return A map containing all properties of the interaction.
+     */
+    Map<String, String> getProperties();
+}

src/burp/IBurpCollaboratorClientContext.java

@@ -0,0 +1,31 @@
+package burp;
+
+/*
+ * @(#)IBurpExtender.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Community Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * All extensions must implement this interface.
+ *
+ * Implementations must be called BurpExtender, in the package burp, must be
+ * declared public, and must provide a default (public, no-argument)
+ * constructor.
+ */
+public interface IBurpExtender
+{
+    /**
+     * This method is invoked when the extension is loaded. It registers an
+     * instance of the
+     * <code>IBurpExtenderCallbacks</code> interface, providing methods that may
+     * be invoked by the extension to perform various actions.
+     *
+     * @param callbacks An
+     * <code>IBurpExtenderCallbacks</code> object.
+     */
+    void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
+}