Python java.net.URL Examples
The following are 30
code examples of java.net.URL().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
java.net
, or try the search function
.
.
Example #1
| Source File: test_support.py From CTFCrackTools with GNU General Public License v3.0 | 6 votes |
|
def make_jar_classloader(jar):
import os
from java.net import URL, URLClassLoader
from java.io import File
if isinstance(jar, bytes): # Java will expect a unicode file name
jar = jar.decode(sys.getfilesystemencoding())
jar_url = File(jar).toURI().toURL().toString()
url = URL(u'jar:%s!/' % jar_url)
if is_jython_nt:
# URLJarFiles keep a cached open file handle to the jar even
# after this ClassLoader is GC'ed, disallowing Windows tests
# from removing the jar file from disk when finished with it
conn = url.openConnection()
if conn.getDefaultUseCaches():
# XXX: Globally turn off jar caching: this stupid
# instance method actually toggles a static flag. Need a
# better fix
conn.setDefaultUseCaches(False)
return URLClassLoader([url])
# Filename used for testing
Example #2
| Source File: burp_wp.py From burp_wp with MIT License | 6 votes |
|
def parse_bug_details(self, bug, plugin_name, _type):
content = "ID: <a href='https://wpvulndb.com/vulnerabilities/{}'>{}</a><br />Title: {}<br />Type: {}<br />".format(
bug['id'], bug['id'], bug['title'], bug['vuln_type'])
if 'reference' in bug:
content += "References:<br />"
for reference in bug['reference']:
content += "<a href='{}'>{}</a><br />".format(reference, reference)
if 'cve' in bug:
content += "CVE: {}<br />".format(bug['cve'])
if 'exploitdb' in bug:
content += "Exploit Database: <a href='https://www.exploit-db.com/exploits/{}/'>{}</a><br />".format(
bug['exploitdb'], bug['exploitdb'])
if 'fixed_in' in bug:
content += "Fixed in version: {}<br />".format(bug['fixed_in'])
content += "WordPress URL: <a href='https://wordpress.org/{type}/{plugin_name}'>https://wordpress.org/{type}/{plugin_name}</a>".format(
type=_type, plugin_name=plugin_name)
return content
Example #3
| Source File: FransLinkfinder.py From BurpJSLinkFinder with MIT License | 6 votes |
|
def doPassiveScan(self, ihrr):
try:
urlReq = ihrr.getUrl()
testString = str(urlReq)
linkA = linkAnalyse(ihrr,self.helpers)
# check if JS file
if ".js" in str(urlReq):
# Exclude casual JS files
if any(x in testString for x in JSExclusionList):
print("\n" + "[-] URL excluded " + str(urlReq))
else:
self.outputTxtArea.append("\n" + "[+] Valid URL found: " + str(urlReq))
issueText = linkA.analyseURL()
for counter, issueText in enumerate(issueText):
#print("TEST Value returned SUCCESS")
self.outputTxtArea.append("\n" + "\t" + str(counter)+' - ' +issueText['link'])
issues = ArrayList()
issues.add(SRI(ihrr, self.helpers))
return issues
except UnicodeEncodeError:
print ("Error in URL decode.")
return None
Example #4
| Source File: SpyDir.py From SpyDir with MIT License | 6 votes |
|
def _print_parsed_status(self, fcount):
"""Prints the parsed directory status information"""
if self.parse_files and not self.loaded_plugins:
self._plugins_missing_warning()
if len(self.url_reqs) > 0:
self.update_scroll("[*] Example URL: %s" % self.url_reqs[0])
if self.print_stats:
report = (("[*] Found: %r files to be requested.\n\n" +
"[*] Stats: \n " +
"Found: %r files.\n") % (len(self.url_reqs), fcount))
if len(self.ext_stats) > 0:
report += ("[*] Extensions found: %s"
% str(dumps(self.ext_stats,
sort_keys=True, indent=4)))
else:
report = ("[*] Found: %r files to be requested.\n" %
len(self.url_reqs))
self.update_scroll(report)
return report
Example #5
| Source File: test_support.py From CTFCrackTools-V2 with GNU General Public License v3.0 | 6 votes |
|
def make_jar_classloader(jar):
import os
from java.net import URL, URLClassLoader
from java.io import File
if isinstance(jar, bytes): # Java will expect a unicode file name
jar = jar.decode(sys.getfilesystemencoding())
jar_url = File(jar).toURI().toURL().toString()
url = URL(u'jar:%s!/' % jar_url)
if is_jython_nt:
# URLJarFiles keep a cached open file handle to the jar even
# after this ClassLoader is GC'ed, disallowing Windows tests
# from removing the jar file from disk when finished with it
conn = url.openConnection()
if conn.getDefaultUseCaches():
# XXX: Globally turn off jar caching: this stupid
# instance method actually toggles a static flag. Need a
# better fix
conn.setDefaultUseCaches(False)
return URLClassLoader([url])
# Filename used for testing
Example #6
| Source File: SpyDir.py From SpyDir with MIT License | 6 votes |
|
def _update(self):
"""Updates internal data"""
self.config["Input Directory"] = self.source_input
self.config["String Delimiter"] = self.delim.getText()
white_list_text = self.ext_white_list.getText()
self.config["Extension Whitelist"] = white_list_text.upper().split(',')
file_url = self.url.getText()
if not (file_url.startswith('https://') or file_url.startswith('http://')):
self.update_scroll("[!] Assuming protocol! Default value: 'http://'")
file_url = 'http://' + file_url
self.url.setText(file_url)
if not file_url.endswith('/') and file_url != "":
file_url += '/'
self.config["URL"] = file_url
# self.config["Cookies"] = self.cookies.getText()
# self.config["Headers"] = self.headers.getText()
del self.url_reqs[:]
self.curr_conf.setText(self.source_input)
# Window sizing functions
Example #7
| Source File: BurpSmartBuster.py From BurpSmartBuster with MIT License | 6 votes |
|
def updateConfig(self,meh):
self._configSpider_NumberOfPages = int(self.spiderPagesTextField.getText())
if self.yesVerboseButton.isSelected():
self._verbose = True
else:
self._verbose = False
if self.yesInScopeButton.isSelected():
self._configInScope_only = True
else:
self._configInScope_only = False
fileType = []
fileTypeStr = self.fileTypeTextField.getText()
self._ignoreFileType = self.fileTypeTextField.getText().split(",")
self._logger.info("Config changed: " + "spiderNbrPages=" + str(self._configSpider_NumberOfPages) + ", Verbose is:" + str(self._verbose) + ", InScope is:" + str(self._configInScope_only) + ", fileTypeIgnored: " + str(self._ignoreFileType))
print "Now using config: " + "spiderNbrPages=" + str(self._configSpider_NumberOfPages) + ", Verbose is:" + str(self._verbose) + ", InScope is:" + str(self._configInScope_only) + ", fileTypeIgnored: " + str(self._ignoreFileType)
return
#add a URL to the list
Example #8
| Source File: test_support.py From medicare-demo with Apache License 2.0 | 6 votes |
|
def open_urlresource(url):
import urllib, urlparse
import os.path
filename = urlparse.urlparse(url)[2].split('/')[-1] # '/': it's URL!
for path in [os.path.curdir, os.path.pardir]:
fn = os.path.join(path, filename)
if os.path.exists(fn):
return open(fn)
requires('urlfetch')
print >> get_original_stdout(), '\tfetching %s ...' % url
fn, _ = urllib.urlretrieve(url, filename)
return open(fn)
#=======================================================================
# Decorator for running a function in a different locale, correctly resetting
# it afterwards.
Example #9
| Source File: BurpSmartBuster.py From BurpSmartBuster with MIT License | 6 votes |
|
def runRequest(self,url,responseQueue):
#TODO: After thread is done, in thread read the _requestQeue object
self._logger.debug("runRequest(URL): "+url)
self._logger.info("EXECUTING REQUEST FOR: "+url)
response = requests.get(url, headers=self._headers, allow_redirects=False)
responseQueue.put(response)
#TODO: Get code
#TODO: add page to SiteMap if not there already?
self._logger.debug("runRequest done for: "+url)
return
#TODO randomizedUserAgent
Example #10
| Source File: off-by-slash.py From off-by-slash with MIT License | 6 votes |
|
def generateUrls(self, url, requestResponse):
urls = []
path = url.getPath()
parts = filter(None, path.split("/"))
for part in parts:
if "." in part:
continue
# Checks if /part../ results in 403
if not self.quickCheck(url, part, requestResponse):
continue
self._stdout.println("Potentially vulnerable: %s" % url)
replacement = "/%s../%s/" % (part, part)
urls.append(URL(url.toString().replace("/%s/" % part, replacement)))
if self.enableDirectoryGuessing:
urls = urls + self.guessDirectories(url, part)
return urls
Example #11
| Source File: burp_wp.py From burp_wp with MIT License | 5 votes |
|
def _make_http_request_wrapper(self, original_url):
try:
java_url = URL(original_url)
request = self.helpers.buildHttpRequest(java_url)
response = self.callbacks.makeHttpRequest(java_url.getHost(), 443, True, request)
response_info = self.helpers.analyzeResponse(response)
if response_info.getStatusCode() in INTERESTING_CODES:
return self.helpers.bytesToString(response)[response_info.getBodyOffset():].encode("latin1")
else:
self.print_debug("[-] _make_http_request_wrapper request failed")
return None
except:
self.print_debug("[-] _make_http_request_wrapper failed: {}".format(traceback.format_exc()))
return None
Example #12
| Source File: burp_git_bridge.py From burp-git-bridge with MIT License | 5 votes |
|
def getColumnName(self, columnIndex):
'''
Used by the Java Swing UI
'''
cols = ["Time added",
"Tool",
"URL",
"Issue",
"Who"]
try:
return cols[columnIndex]
except KeyError:
return ""
Example #13
| Source File: bumpster.py From bumpster with MIT License | 5 votes |
|
def dnsdumpster_query(self, host):
res = DNSDumpsterAPI().search(host)
for i in res['host']:
sub1 = URL("http://" + i['domain'] + "/")
sub2 = URL("https://" + i['domain'] + "/")
if not self._callbacks.isInScope(sub1):
print "Adding %s to Burp Scope" % sub1
self._callbacks.includeInScope(sub1)
if not self._callbacks.isInScope(sub2):
self._callbacks.includeInScope(sub2)
return
Example #14
| Source File: test_support.py From medicare-demo with Apache License 2.0 | 5 votes |
|
def make_jar_classloader(jar):
import os
from java.net import URL, URLClassLoader
url = URL('jar:file:%s!/' % jar)
if os._name == 'nt':
# URLJarFiles keep a cached open file handle to the jar even
# after this ClassLoader is GC'ed, disallowing Windows tests
# from removing the jar file from disk when finished with it
conn = url.openConnection()
if conn.getDefaultUseCaches():
# XXX: Globally turn off jar caching: this stupid
# instance method actually toggles a static flag. Need a
# better fix
conn.setDefaultUseCaches(False)
return URLClassLoader([url])
Example #15
| Source File: vis2.py From medicare-demo with Apache License 2.0 | 5 votes |
|
def __init__(self):
URLClassLoader.__init__(self, [])
self.addURL(URL("file:///home/jiwon/workspace/graphlite/socialite-all.jar"))
Example #16
| Source File: burp_git_bridge.py From burp-git-bridge with MIT License | 5 votes |
|
def getUrl(self):
return URL(self.entry.url)
Example #17
| Source File: MySQLdb.py From lightbulb-framework with MIT License | 5 votes |
|
def addURL(self, u):
"""Purpose: Call this with u= URL for
the new Class/jar to be loaded"""
sysloader = self.java.lang.ClassLoader.getSystemClassLoader()
sysclass = self.java.net.URLClassLoader
method = sysclass.getDeclaredMethod("addURL", [self.java.net.URL])
a = method.setAccessible(1)
jar_a = jarray.array([u], self.java.lang.Object)
b = method.invoke(sysloader, [u])
return u
Example #18
| Source File: burp_wp.py From burp_wp with MIT License | 5 votes |
|
def is_unique_plugin_on_website(self, url, plugin_name):
if plugin_name not in self.list_plugins_on_website[url]:
self.list_plugins_on_website[url].append(plugin_name)
self.print_debug("[+] is_unique_plugin_on_website URL: {}, plugin: {}".format(url, plugin_name))
return True
return False
Example #19
| Source File: test_array_jy.py From CTFCrackTools-V2 with GNU General Public License v3.0 | 5 votes |
|
def test_assignable_varargs(self):
"array.array objects can be used in the varargs position"
# modified from test case in http://bugs.jython.org/issue2423;
from java.lang import Class
from java.net import URL, URLClassLoader
params = jarray.array([URL], Class)
# URLClassLoader.addURL is protected, so workaround via reflection
method = URLClassLoader.getDeclaredMethod('addURL', params)
# and verify we got the right method after all
self.assertEqual(method.name, "addURL")
Example #20
| Source File: test_support.py From CTFCrackTools-V2 with GNU General Public License v3.0 | 5 votes |
|
def open_urlresource(url, check=None):
import urlparse, urllib2
filename = urlparse.urlparse(url)[2].split('/')[-1] # '/': it's URL!
fn = os.path.join(os.path.dirname(__file__), "data", filename)
def check_valid_file(fn):
f = open(fn)
if check is None:
return f
elif check(f):
f.seek(0)
return f
f.close()
if os.path.exists(fn):
f = check_valid_file(fn)
if f is not None:
return f
unlink(fn)
# Verify the requirement before downloading the file
requires('urlfetch')
print >> get_original_stdout(), '\tfetching %s ...' % url
f = urllib2.urlopen(url, timeout=15)
try:
with open(fn, "wb") as out:
s = f.read()
while s:
out.write(s)
s = f.read()
finally:
f.close()
f = check_valid_file(fn)
if f is not None:
return f
raise TestFailed('invalid resource "%s"' % fn)
Example #21
| Source File: CTFhelper.py From CTFHelper with MIT License | 5 votes |
|
def doActiveScan(self, baseRequestResponse, insertionPoint):
reqinfo = helpers.analyzeRequest(baseRequestResponse)
url = str(reqinfo.getUrl())
url = urlparse(url)
issues = []
burl = url.scheme + '://' + url.netloc + '/' + url.path
if burl in self.hs or url.path[-1] == '/':
return None
self.hs.add(burl)
for regex in self.patterns.iterkeys():
subs = self.patterns[regex]
for sub in subs:
baktest = helpers.buildHttpRequest(URL(url.scheme, url.hostname, url.port, regex.sub(sub, url.path)))
attack = cbs.makeHttpRequest(baseRequestResponse.getHttpService(), baktest)
reqinfo = helpers.analyzeResponse(attack.getResponse())
if reqinfo.getStatusCode() == 200:
issues.append(CustomScanIssue(
attack.getHttpService(),
helpers.analyzeRequest(attack).getUrl(),
[attack],
"Backup file leaked",
"Suspecious backup file likely leaked",
"High"))
return issues
Example #22
| Source File: CTFhelper.py From CTFHelper with MIT License | 5 votes |
|
def doActiveScan(self, baseRequestResponse, insertionPoint):
reqinfo = helpers.analyzeRequest(baseRequestResponse)
url = str(reqinfo.getUrl())
url = urlparse(url)
issues = []
rpath, file = path.split(url.path)
burl = url.scheme + '://' + url.netloc + '/' + rpath
if burl in self.hs:
return None
self.hs.add(burl)
for dir in self.patterns:
dirtest = helpers.buildHttpRequest(URL(url.scheme, url.hostname, url.port, rpath + '/' + dir))
attack = cbs.makeHttpRequest(baseRequestResponse.getHttpService(), dirtest)
reqinfo = helpers.analyzeResponse(attack.getResponse())
if reqinfo.getStatusCode() == 200:
issues.append(CustomScanIssue(
attack.getHttpService(),
helpers.analyzeRequest(attack).getUrl(),
[attack],
"Sensitive info leaked",
"Sensitive directory or file likely leaked",
"High"))
return issues
Example #23
| Source File: ActiveScan3Plus.py From ActiveScan3Plus with Apache License 2.0 | 5 votes |
|
def doActiveScan(self, basePair, insertionPoint):
global check
if check == 0:
return None
if self._helpers.analyzeRequest(basePair.getRequest()).getMethod() == "GET":
method = IParameter.PARAM_URL
else:
method = IParameter.PARAM_BODY
path = self._helpers.analyzeRequest(basePair).getUrl().getPath()
port = self._helpers.analyzeRequest(basePair).getUrl().getPort()
proto = self._helpers.analyzeRequest(basePair).getUrl().getProtocol()
hostname = self._helpers.analyzeRequest(basePair).getUrl().getHost()
if not '.' in path:
return None
for temps in self._payloads:
url = URL(proto,hostname,port,path+temps)
newRequest = self._helpers.buildHttpRequest(url)
attack = callbacks.makeHttpRequest(basePair.getHttpService(), newRequest)
resp_code = self._helpers.analyzeResponse(attack.getResponse()).getStatusCode()
if resp_code == 200:
url = self._helpers.analyzeRequest(attack).getUrl()
print "Possible Source code disclosure!"
if (url not in self._done):
self._done.append(url)
return [CustomScanIssue(attack.getHttpService(), url, [attack], 'Source code disclosure', "The server contains temporary files.<p>", 'Tentative', 'Low')]
# Ruby on rails attacks
# Starting point: http://www.phrack.org/papers/attacking_ruby_on_rails.html
Example #24
| Source File: test_array_jy.py From CTFCrackTools with GNU General Public License v3.0 | 5 votes |
|
def test_assignable_varargs(self):
"array.array objects can be used in the varargs position"
# modified from test case in http://bugs.jython.org/issue2423;
from java.lang import Class
from java.net import URL, URLClassLoader
params = jarray.array([URL], Class)
# URLClassLoader.addURL is protected, so workaround via reflection
method = URLClassLoader.getDeclaredMethod('addURL', params)
# and verify we got the right method after all
self.assertEqual(method.name, "addURL")
Example #25
| Source File: test_support.py From CTFCrackTools with GNU General Public License v3.0 | 5 votes |
|
def open_urlresource(url, check=None):
import urlparse, urllib2
filename = urlparse.urlparse(url)[2].split('/')[-1] # '/': it's URL!
fn = os.path.join(os.path.dirname(__file__), "data", filename)
def check_valid_file(fn):
f = open(fn)
if check is None:
return f
elif check(f):
f.seek(0)
return f
f.close()
if os.path.exists(fn):
f = check_valid_file(fn)
if f is not None:
return f
unlink(fn)
# Verify the requirement before downloading the file
requires('urlfetch')
print >> get_original_stdout(), '\tfetching %s ...' % url
f = urllib2.urlopen(url, timeout=15)
try:
with open(fn, "wb") as out:
s = f.read()
while s:
out.write(s)
s = f.read()
finally:
f.close()
f = check_valid_file(fn)
if f is not None:
return f
raise TestFailed('invalid resource "%s"' % fn)
Example #26
| Source File: jsonp.py From jsonp with MIT License | 5 votes |
|
def doPassiveScan(self, baseRequestResponse):
response = baseRequestResponse.getResponse()
res_type = self._helpers.analyzeResponse(response).getStatedMimeType()
if res_type == "JSON":
payloads = self.load_payloads()
for i in payloads:
request_url = self._helpers.analyzeRequest(baseRequestResponse).getUrl()
payload_url = urlparse(self.construct_url(str(request_url), i))
if payload_url.query != "":
payload_format = '{uri.path}?{uri.query}'.format(uri=payload_url)
else:
payload_format = '{uri.path}'.format(uri=payload_url)
request_headers = self.replace_header(self._helpers.analyzeRequest(baseRequestResponse).getHeaders(), "GET " + payload_format + " HTTP/1.1")
request = self._helpers.buildHttpMessage(request_headers, None)
print("Edited URL, and creating request to the following URL: " + payload_format)
response = self._callbacks.makeHttpRequest(request_url.getHost(), request_url.getPort(), False if request_url.getProtocol() == "http" else True, request)
response_type = self._helpers.analyzeResponse(response).getStatedMimeType()
if response_type == "script":
return [CustomScanIssue(
baseRequestResponse.getHttpService(),
self._helpers.analyzeRequest(baseRequestResponse).getUrl(),
[baseRequestResponse],
"Hidden JSONP endpoint found",
# @TODO A class which implements IHttpRequestResponse needs to be created for a byte > ihttprequestresponse conversion. There's no helper for this
"Callback request path: " + payload_format + ". A JSON endpoint was found with a (possibly hidden) JSONP functionality. This allows you to retrieve the returned data cross-origin (in case there are no additional checks / CSRF tokens in place). This may also help to bypass content security policies.",
"Medium")]
Example #27
| Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
|
def set_url(self, menu_url):
"""Changes the configuration URL to the one from the menu event"""
self.url.setText(menu_url)
# Event functions
Example #28
| Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
|
def restore(self, event):
"""Attempts to restore the previously saved configuration."""
jdump = None
try:
jdump = loads(self._callbacks.loadExtensionSetting("config"))
except Exception as exc: # Generic exception thrown directly to user
self.update_scroll(
"[!!] Error during restore!\n\tException: %s" % str(exc))
if jdump is not None:
self.url.setText(jdump.get('URL'))
# self.cookies.setText(jdump.get('Cookies'))
# self.headers.setText(jdump.get("Headers"))
ewl = ""
for ext in jdump.get('Extension Whitelist'):
ewl += ext + ", "
self.ext_white_list.setText(ewl[:-2])
self.delim.setText(jdump.get('String Delimiter'))
self.source_input = jdump.get("Input Directory")
self.config['Plugin Folder'] = jdump.get("Plugin Folder")
if (self.config['Plugin Folder'] is not None and
(len(self.plugins.values()) < 1)):
self._load_plugins(self.config['Plugin Folder'])
self._update()
self.update_scroll("[^] Restore complete!")
else:
self.update_scroll("[!!] Restore failed!")
Example #29
| Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
|
def save(self, event=None):
"""
Saves the configuration details to a Burp Suite's persistent store.
"""
self._update()
try:
if not self._callbacks.isInScope(URL(self.url.getText())):
self.update_scroll("[!!] URL provided is NOT in Burp Scope!")
except MalformedURLException: # If url field is blank we'll
pass # still save the settings.
try:
self._callbacks.saveExtensionSetting("config", dumps(self.config))
self.update_scroll("[^] Settings saved!")
except Exception:
self.update_scroll("[!!] Error saving settings to Burp Suite!")
Example #30
| Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
|
def _code_as_endpoints(self, filename, ext):
file_set = set()
file_url = self.config.get("URL")
if self.loaded_plugins or ext == '.txt':
if self._ext_test(ext):
file_set.update(
self._parse_file(filename, file_url))
else:
file_set.update(
self._parse_file(filename, file_url))
return file_set
