Python java.net.URL Examples
The following are 30
code examples of java.net.URL().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
java.net
, or try the search function
.
![](https://www.programcreek.com/common/static/images/search.png)
Example #1
Source File: test_support.py From CTFCrackTools with GNU General Public License v3.0 | 6 votes |
def make_jar_classloader(jar): import os from java.net import URL, URLClassLoader from java.io import File if isinstance(jar, bytes): # Java will expect a unicode file name jar = jar.decode(sys.getfilesystemencoding()) jar_url = File(jar).toURI().toURL().toString() url = URL(u'jar:%s!/' % jar_url) if is_jython_nt: # URLJarFiles keep a cached open file handle to the jar even # after this ClassLoader is GC'ed, disallowing Windows tests # from removing the jar file from disk when finished with it conn = url.openConnection() if conn.getDefaultUseCaches(): # XXX: Globally turn off jar caching: this stupid # instance method actually toggles a static flag. Need a # better fix conn.setDefaultUseCaches(False) return URLClassLoader([url]) # Filename used for testing
Example #2
Source File: burp_wp.py From burp_wp with MIT License | 6 votes |
def parse_bug_details(self, bug, plugin_name, _type): content = "ID: <a href='https://wpvulndb.com/vulnerabilities/{}'>{}</a><br />Title: {}<br />Type: {}<br />".format( bug['id'], bug['id'], bug['title'], bug['vuln_type']) if 'reference' in bug: content += "References:<br />" for reference in bug['reference']: content += "<a href='{}'>{}</a><br />".format(reference, reference) if 'cve' in bug: content += "CVE: {}<br />".format(bug['cve']) if 'exploitdb' in bug: content += "Exploit Database: <a href='https://www.exploit-db.com/exploits/{}/'>{}</a><br />".format( bug['exploitdb'], bug['exploitdb']) if 'fixed_in' in bug: content += "Fixed in version: {}<br />".format(bug['fixed_in']) content += "WordPress URL: <a href='https://wordpress.org/{type}/{plugin_name}'>https://wordpress.org/{type}/{plugin_name}</a>".format( type=_type, plugin_name=plugin_name) return content
Example #3
Source File: FransLinkfinder.py From BurpJSLinkFinder with MIT License | 6 votes |
def doPassiveScan(self, ihrr): try: urlReq = ihrr.getUrl() testString = str(urlReq) linkA = linkAnalyse(ihrr,self.helpers) # check if JS file if ".js" in str(urlReq): # Exclude casual JS files if any(x in testString for x in JSExclusionList): print("\n" + "[-] URL excluded " + str(urlReq)) else: self.outputTxtArea.append("\n" + "[+] Valid URL found: " + str(urlReq)) issueText = linkA.analyseURL() for counter, issueText in enumerate(issueText): #print("TEST Value returned SUCCESS") self.outputTxtArea.append("\n" + "\t" + str(counter)+' - ' +issueText['link']) issues = ArrayList() issues.add(SRI(ihrr, self.helpers)) return issues except UnicodeEncodeError: print ("Error in URL decode.") return None
Example #4
Source File: SpyDir.py From SpyDir with MIT License | 6 votes |
def _print_parsed_status(self, fcount): """Prints the parsed directory status information""" if self.parse_files and not self.loaded_plugins: self._plugins_missing_warning() if len(self.url_reqs) > 0: self.update_scroll("[*] Example URL: %s" % self.url_reqs[0]) if self.print_stats: report = (("[*] Found: %r files to be requested.\n\n" + "[*] Stats: \n " + "Found: %r files.\n") % (len(self.url_reqs), fcount)) if len(self.ext_stats) > 0: report += ("[*] Extensions found: %s" % str(dumps(self.ext_stats, sort_keys=True, indent=4))) else: report = ("[*] Found: %r files to be requested.\n" % len(self.url_reqs)) self.update_scroll(report) return report
Example #5
Source File: test_support.py From CTFCrackTools-V2 with GNU General Public License v3.0 | 6 votes |
def make_jar_classloader(jar): import os from java.net import URL, URLClassLoader from java.io import File if isinstance(jar, bytes): # Java will expect a unicode file name jar = jar.decode(sys.getfilesystemencoding()) jar_url = File(jar).toURI().toURL().toString() url = URL(u'jar:%s!/' % jar_url) if is_jython_nt: # URLJarFiles keep a cached open file handle to the jar even # after this ClassLoader is GC'ed, disallowing Windows tests # from removing the jar file from disk when finished with it conn = url.openConnection() if conn.getDefaultUseCaches(): # XXX: Globally turn off jar caching: this stupid # instance method actually toggles a static flag. Need a # better fix conn.setDefaultUseCaches(False) return URLClassLoader([url]) # Filename used for testing
Example #6
Source File: SpyDir.py From SpyDir with MIT License | 6 votes |
def _update(self): """Updates internal data""" self.config["Input Directory"] = self.source_input self.config["String Delimiter"] = self.delim.getText() white_list_text = self.ext_white_list.getText() self.config["Extension Whitelist"] = white_list_text.upper().split(',') file_url = self.url.getText() if not (file_url.startswith('https://') or file_url.startswith('http://')): self.update_scroll("[!] Assuming protocol! Default value: 'http://'") file_url = 'http://' + file_url self.url.setText(file_url) if not file_url.endswith('/') and file_url != "": file_url += '/' self.config["URL"] = file_url # self.config["Cookies"] = self.cookies.getText() # self.config["Headers"] = self.headers.getText() del self.url_reqs[:] self.curr_conf.setText(self.source_input) # Window sizing functions
Example #7
Source File: BurpSmartBuster.py From BurpSmartBuster with MIT License | 6 votes |
def updateConfig(self,meh): self._configSpider_NumberOfPages = int(self.spiderPagesTextField.getText()) if self.yesVerboseButton.isSelected(): self._verbose = True else: self._verbose = False if self.yesInScopeButton.isSelected(): self._configInScope_only = True else: self._configInScope_only = False fileType = [] fileTypeStr = self.fileTypeTextField.getText() self._ignoreFileType = self.fileTypeTextField.getText().split(",") self._logger.info("Config changed: " + "spiderNbrPages=" + str(self._configSpider_NumberOfPages) + ", Verbose is:" + str(self._verbose) + ", InScope is:" + str(self._configInScope_only) + ", fileTypeIgnored: " + str(self._ignoreFileType)) print "Now using config: " + "spiderNbrPages=" + str(self._configSpider_NumberOfPages) + ", Verbose is:" + str(self._verbose) + ", InScope is:" + str(self._configInScope_only) + ", fileTypeIgnored: " + str(self._ignoreFileType) return #add a URL to the list
Example #8
Source File: test_support.py From medicare-demo with Apache License 2.0 | 6 votes |
def open_urlresource(url): import urllib, urlparse import os.path filename = urlparse.urlparse(url)[2].split('/')[-1] # '/': it's URL! for path in [os.path.curdir, os.path.pardir]: fn = os.path.join(path, filename) if os.path.exists(fn): return open(fn) requires('urlfetch') print >> get_original_stdout(), '\tfetching %s ...' % url fn, _ = urllib.urlretrieve(url, filename) return open(fn) #======================================================================= # Decorator for running a function in a different locale, correctly resetting # it afterwards.
Example #9
Source File: BurpSmartBuster.py From BurpSmartBuster with MIT License | 6 votes |
def runRequest(self,url,responseQueue): #TODO: After thread is done, in thread read the _requestQeue object self._logger.debug("runRequest(URL): "+url) self._logger.info("EXECUTING REQUEST FOR: "+url) response = requests.get(url, headers=self._headers, allow_redirects=False) responseQueue.put(response) #TODO: Get code #TODO: add page to SiteMap if not there already? self._logger.debug("runRequest done for: "+url) return #TODO randomizedUserAgent
Example #10
Source File: off-by-slash.py From off-by-slash with MIT License | 6 votes |
def generateUrls(self, url, requestResponse): urls = [] path = url.getPath() parts = filter(None, path.split("/")) for part in parts: if "." in part: continue # Checks if /part../ results in 403 if not self.quickCheck(url, part, requestResponse): continue self._stdout.println("Potentially vulnerable: %s" % url) replacement = "/%s../%s/" % (part, part) urls.append(URL(url.toString().replace("/%s/" % part, replacement))) if self.enableDirectoryGuessing: urls = urls + self.guessDirectories(url, part) return urls
Example #11
Source File: burp_wp.py From burp_wp with MIT License | 5 votes |
def _make_http_request_wrapper(self, original_url): try: java_url = URL(original_url) request = self.helpers.buildHttpRequest(java_url) response = self.callbacks.makeHttpRequest(java_url.getHost(), 443, True, request) response_info = self.helpers.analyzeResponse(response) if response_info.getStatusCode() in INTERESTING_CODES: return self.helpers.bytesToString(response)[response_info.getBodyOffset():].encode("latin1") else: self.print_debug("[-] _make_http_request_wrapper request failed") return None except: self.print_debug("[-] _make_http_request_wrapper failed: {}".format(traceback.format_exc())) return None
Example #12
Source File: burp_git_bridge.py From burp-git-bridge with MIT License | 5 votes |
def getColumnName(self, columnIndex): ''' Used by the Java Swing UI ''' cols = ["Time added", "Tool", "URL", "Issue", "Who"] try: return cols[columnIndex] except KeyError: return ""
Example #13
Source File: bumpster.py From bumpster with MIT License | 5 votes |
def dnsdumpster_query(self, host): res = DNSDumpsterAPI().search(host) for i in res['host']: sub1 = URL("http://" + i['domain'] + "/") sub2 = URL("https://" + i['domain'] + "/") if not self._callbacks.isInScope(sub1): print "Adding %s to Burp Scope" % sub1 self._callbacks.includeInScope(sub1) if not self._callbacks.isInScope(sub2): self._callbacks.includeInScope(sub2) return
Example #14
Source File: test_support.py From medicare-demo with Apache License 2.0 | 5 votes |
def make_jar_classloader(jar): import os from java.net import URL, URLClassLoader url = URL('jar:file:%s!/' % jar) if os._name == 'nt': # URLJarFiles keep a cached open file handle to the jar even # after this ClassLoader is GC'ed, disallowing Windows tests # from removing the jar file from disk when finished with it conn = url.openConnection() if conn.getDefaultUseCaches(): # XXX: Globally turn off jar caching: this stupid # instance method actually toggles a static flag. Need a # better fix conn.setDefaultUseCaches(False) return URLClassLoader([url])
Example #15
Source File: vis2.py From medicare-demo with Apache License 2.0 | 5 votes |
def __init__(self): URLClassLoader.__init__(self, []) self.addURL(URL("file:///home/jiwon/workspace/graphlite/socialite-all.jar"))
Example #16
Source File: burp_git_bridge.py From burp-git-bridge with MIT License | 5 votes |
def getUrl(self): return URL(self.entry.url)
Example #17
Source File: MySQLdb.py From lightbulb-framework with MIT License | 5 votes |
def addURL(self, u): """Purpose: Call this with u= URL for the new Class/jar to be loaded""" sysloader = self.java.lang.ClassLoader.getSystemClassLoader() sysclass = self.java.net.URLClassLoader method = sysclass.getDeclaredMethod("addURL", [self.java.net.URL]) a = method.setAccessible(1) jar_a = jarray.array([u], self.java.lang.Object) b = method.invoke(sysloader, [u]) return u
Example #18
Source File: burp_wp.py From burp_wp with MIT License | 5 votes |
def is_unique_plugin_on_website(self, url, plugin_name): if plugin_name not in self.list_plugins_on_website[url]: self.list_plugins_on_website[url].append(plugin_name) self.print_debug("[+] is_unique_plugin_on_website URL: {}, plugin: {}".format(url, plugin_name)) return True return False
Example #19
Source File: test_array_jy.py From CTFCrackTools-V2 with GNU General Public License v3.0 | 5 votes |
def test_assignable_varargs(self): "array.array objects can be used in the varargs position" # modified from test case in http://bugs.jython.org/issue2423; from java.lang import Class from java.net import URL, URLClassLoader params = jarray.array([URL], Class) # URLClassLoader.addURL is protected, so workaround via reflection method = URLClassLoader.getDeclaredMethod('addURL', params) # and verify we got the right method after all self.assertEqual(method.name, "addURL")
Example #20
Source File: test_support.py From CTFCrackTools-V2 with GNU General Public License v3.0 | 5 votes |
def open_urlresource(url, check=None): import urlparse, urllib2 filename = urlparse.urlparse(url)[2].split('/')[-1] # '/': it's URL! fn = os.path.join(os.path.dirname(__file__), "data", filename) def check_valid_file(fn): f = open(fn) if check is None: return f elif check(f): f.seek(0) return f f.close() if os.path.exists(fn): f = check_valid_file(fn) if f is not None: return f unlink(fn) # Verify the requirement before downloading the file requires('urlfetch') print >> get_original_stdout(), '\tfetching %s ...' % url f = urllib2.urlopen(url, timeout=15) try: with open(fn, "wb") as out: s = f.read() while s: out.write(s) s = f.read() finally: f.close() f = check_valid_file(fn) if f is not None: return f raise TestFailed('invalid resource "%s"' % fn)
Example #21
Source File: CTFhelper.py From CTFHelper with MIT License | 5 votes |
def doActiveScan(self, baseRequestResponse, insertionPoint): reqinfo = helpers.analyzeRequest(baseRequestResponse) url = str(reqinfo.getUrl()) url = urlparse(url) issues = [] burl = url.scheme + '://' + url.netloc + '/' + url.path if burl in self.hs or url.path[-1] == '/': return None self.hs.add(burl) for regex in self.patterns.iterkeys(): subs = self.patterns[regex] for sub in subs: baktest = helpers.buildHttpRequest(URL(url.scheme, url.hostname, url.port, regex.sub(sub, url.path))) attack = cbs.makeHttpRequest(baseRequestResponse.getHttpService(), baktest) reqinfo = helpers.analyzeResponse(attack.getResponse()) if reqinfo.getStatusCode() == 200: issues.append(CustomScanIssue( attack.getHttpService(), helpers.analyzeRequest(attack).getUrl(), [attack], "Backup file leaked", "Suspecious backup file likely leaked", "High")) return issues
Example #22
Source File: CTFhelper.py From CTFHelper with MIT License | 5 votes |
def doActiveScan(self, baseRequestResponse, insertionPoint): reqinfo = helpers.analyzeRequest(baseRequestResponse) url = str(reqinfo.getUrl()) url = urlparse(url) issues = [] rpath, file = path.split(url.path) burl = url.scheme + '://' + url.netloc + '/' + rpath if burl in self.hs: return None self.hs.add(burl) for dir in self.patterns: dirtest = helpers.buildHttpRequest(URL(url.scheme, url.hostname, url.port, rpath + '/' + dir)) attack = cbs.makeHttpRequest(baseRequestResponse.getHttpService(), dirtest) reqinfo = helpers.analyzeResponse(attack.getResponse()) if reqinfo.getStatusCode() == 200: issues.append(CustomScanIssue( attack.getHttpService(), helpers.analyzeRequest(attack).getUrl(), [attack], "Sensitive info leaked", "Sensitive directory or file likely leaked", "High")) return issues
Example #23
Source File: ActiveScan3Plus.py From ActiveScan3Plus with Apache License 2.0 | 5 votes |
def doActiveScan(self, basePair, insertionPoint): global check if check == 0: return None if self._helpers.analyzeRequest(basePair.getRequest()).getMethod() == "GET": method = IParameter.PARAM_URL else: method = IParameter.PARAM_BODY path = self._helpers.analyzeRequest(basePair).getUrl().getPath() port = self._helpers.analyzeRequest(basePair).getUrl().getPort() proto = self._helpers.analyzeRequest(basePair).getUrl().getProtocol() hostname = self._helpers.analyzeRequest(basePair).getUrl().getHost() if not '.' in path: return None for temps in self._payloads: url = URL(proto,hostname,port,path+temps) newRequest = self._helpers.buildHttpRequest(url) attack = callbacks.makeHttpRequest(basePair.getHttpService(), newRequest) resp_code = self._helpers.analyzeResponse(attack.getResponse()).getStatusCode() if resp_code == 200: url = self._helpers.analyzeRequest(attack).getUrl() print "Possible Source code disclosure!" if (url not in self._done): self._done.append(url) return [CustomScanIssue(attack.getHttpService(), url, [attack], 'Source code disclosure', "The server contains temporary files.<p>", 'Tentative', 'Low')] # Ruby on rails attacks # Starting point: http://www.phrack.org/papers/attacking_ruby_on_rails.html
Example #24
Source File: test_array_jy.py From CTFCrackTools with GNU General Public License v3.0 | 5 votes |
def test_assignable_varargs(self): "array.array objects can be used in the varargs position" # modified from test case in http://bugs.jython.org/issue2423; from java.lang import Class from java.net import URL, URLClassLoader params = jarray.array([URL], Class) # URLClassLoader.addURL is protected, so workaround via reflection method = URLClassLoader.getDeclaredMethod('addURL', params) # and verify we got the right method after all self.assertEqual(method.name, "addURL")
Example #25
Source File: test_support.py From CTFCrackTools with GNU General Public License v3.0 | 5 votes |
def open_urlresource(url, check=None): import urlparse, urllib2 filename = urlparse.urlparse(url)[2].split('/')[-1] # '/': it's URL! fn = os.path.join(os.path.dirname(__file__), "data", filename) def check_valid_file(fn): f = open(fn) if check is None: return f elif check(f): f.seek(0) return f f.close() if os.path.exists(fn): f = check_valid_file(fn) if f is not None: return f unlink(fn) # Verify the requirement before downloading the file requires('urlfetch') print >> get_original_stdout(), '\tfetching %s ...' % url f = urllib2.urlopen(url, timeout=15) try: with open(fn, "wb") as out: s = f.read() while s: out.write(s) s = f.read() finally: f.close() f = check_valid_file(fn) if f is not None: return f raise TestFailed('invalid resource "%s"' % fn)
Example #26
Source File: jsonp.py From jsonp with MIT License | 5 votes |
def doPassiveScan(self, baseRequestResponse): response = baseRequestResponse.getResponse() res_type = self._helpers.analyzeResponse(response).getStatedMimeType() if res_type == "JSON": payloads = self.load_payloads() for i in payloads: request_url = self._helpers.analyzeRequest(baseRequestResponse).getUrl() payload_url = urlparse(self.construct_url(str(request_url), i)) if payload_url.query != "": payload_format = '{uri.path}?{uri.query}'.format(uri=payload_url) else: payload_format = '{uri.path}'.format(uri=payload_url) request_headers = self.replace_header(self._helpers.analyzeRequest(baseRequestResponse).getHeaders(), "GET " + payload_format + " HTTP/1.1") request = self._helpers.buildHttpMessage(request_headers, None) print("Edited URL, and creating request to the following URL: " + payload_format) response = self._callbacks.makeHttpRequest(request_url.getHost(), request_url.getPort(), False if request_url.getProtocol() == "http" else True, request) response_type = self._helpers.analyzeResponse(response).getStatedMimeType() if response_type == "script": return [CustomScanIssue( baseRequestResponse.getHttpService(), self._helpers.analyzeRequest(baseRequestResponse).getUrl(), [baseRequestResponse], "Hidden JSONP endpoint found", # @TODO A class which implements IHttpRequestResponse needs to be created for a byte > ihttprequestresponse conversion. There's no helper for this "Callback request path: " + payload_format + ". A JSON endpoint was found with a (possibly hidden) JSONP functionality. This allows you to retrieve the returned data cross-origin (in case there are no additional checks / CSRF tokens in place). This may also help to bypass content security policies.", "Medium")]
Example #27
Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
def set_url(self, menu_url): """Changes the configuration URL to the one from the menu event""" self.url.setText(menu_url) # Event functions
Example #28
Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
def restore(self, event): """Attempts to restore the previously saved configuration.""" jdump = None try: jdump = loads(self._callbacks.loadExtensionSetting("config")) except Exception as exc: # Generic exception thrown directly to user self.update_scroll( "[!!] Error during restore!\n\tException: %s" % str(exc)) if jdump is not None: self.url.setText(jdump.get('URL')) # self.cookies.setText(jdump.get('Cookies')) # self.headers.setText(jdump.get("Headers")) ewl = "" for ext in jdump.get('Extension Whitelist'): ewl += ext + ", " self.ext_white_list.setText(ewl[:-2]) self.delim.setText(jdump.get('String Delimiter')) self.source_input = jdump.get("Input Directory") self.config['Plugin Folder'] = jdump.get("Plugin Folder") if (self.config['Plugin Folder'] is not None and (len(self.plugins.values()) < 1)): self._load_plugins(self.config['Plugin Folder']) self._update() self.update_scroll("[^] Restore complete!") else: self.update_scroll("[!!] Restore failed!")
Example #29
Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
def save(self, event=None): """ Saves the configuration details to a Burp Suite's persistent store. """ self._update() try: if not self._callbacks.isInScope(URL(self.url.getText())): self.update_scroll("[!!] URL provided is NOT in Burp Scope!") except MalformedURLException: # If url field is blank we'll pass # still save the settings. try: self._callbacks.saveExtensionSetting("config", dumps(self.config)) self.update_scroll("[^] Settings saved!") except Exception: self.update_scroll("[!!] Error saving settings to Burp Suite!")
Example #30
Source File: SpyDir.py From SpyDir with MIT License | 5 votes |
def _code_as_endpoints(self, filename, ext): file_set = set() file_url = self.config.get("URL") if self.loaded_plugins or ext == '.txt': if self._ext_test(ext): file_set.update( self._parse_file(filename, file_url)) else: file_set.update( self._parse_file(filename, file_url)) return file_set