Java tutorial
/* * Copyright (C) 2014 DobinRutishauser@broken.ch * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package gui.sqlmap; import java.io.BufferedReader; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.util.ArrayList; import java.util.List; import javax.swing.JOptionPane; import javax.swing.SwingWorker; import model.SentinelHttpMessage; import model.SentinelHttpParam; import org.apache.commons.lang3.StringUtils; import util.BurpCallbacks; import util.SettingsManager; /** * * @author DobinRutishauser@broken.ch */ public class SqlmapUi extends javax.swing.JPanel { private SentinelHttpMessage httpMessage; private SentinelHttpParam attackParam; /** * Creates new form SqlmapUi */ public SqlmapUi() { initComponents(); SqlmapData data = SettingsManager.getSqlmapConfig(); textfieldSqlmap.setText(data.sqlmapPath); textfieldPython.setText(data.pythonPath); textfieldWorkingdir.setText(data.workingDir); } private List<String> args; private void startSqlmap() { String python = textfieldPython.getText(); String workingDir = textfieldWorkingdir.getText(); String sqlmap = textfieldSqlmap.getText(); // Do some basic tests File f; f = new File(python); if (!f.exists()) { JOptionPane.showMessageDialog(this, "Python path does not exist: " + python); return; } f = new File(workingDir); if (!f.exists()) { JOptionPane.showMessageDialog(this, "workingDir path does not exist: " + workingDir); return; } f = new File(sqlmap); if (!f.exists()) { JOptionPane.showMessageDialog(this, "sqlmap path does not exist: " + sqlmap); return; } // Write request file String requestFile = workingDir + "request.txt"; try { FileOutputStream fos = new FileOutputStream(requestFile); fos.write(httpMessage.getRequest()); fos.close(); } catch (IOException e) { JOptionPane.showMessageDialog(this, "could not write request: " + workingDir + "request.txt"); BurpCallbacks.getInstance().print("Error: " + e.getMessage()); } // Start sqlmap args = new ArrayList<String>(); args.add(python); args.add(sqlmap); args.add("-r"); args.add(requestFile); args.add("--batch"); args.add("-p"); args.add(attackParam.getName()); String sessionFile = workingDir + "sessionlog.txt"; args.add("-s"); args.add(sessionFile); args.add("--flush-session"); String traceFile = workingDir + "tracelog.txt"; args.add("-t"); args.add(traceFile); args.add("--disable-coloring"); args.add("--cleanup"); textareaCommand.setText(StringUtils.join(args, " ")); SwingWorker worker = new SwingWorker<String, Void>() { @Override public String doInBackground() { ProcessBuilder pb = new ProcessBuilder(args); //BurpCallbacks.getInstance().print(pb.command().toString()); pb.redirectErrorStream(true); Process proc; try { proc = pb.start(); InputStream is = proc.getInputStream(); InputStreamReader isr = new InputStreamReader(is); BufferedReader br = new BufferedReader(isr); String line; int exit = -1; while ((line = br.readLine()) != null) { // Outputs your process execution addLine(line); try { exit = proc.exitValue(); if (exit == 0) { // Process finished } } catch (IllegalThreadStateException t) { // The process has not yet finished. // Should we stop it? //if (processMustStop()) // processMustStop can return true // after time out, for example. //{ // proc.destroy(); //} } } } catch (IOException ex) { BurpCallbacks.getInstance().print(ex.getLocalizedMessage()); } return ""; } @Override public void done() { } }; worker.execute(); } private void addLine(String line) { // if (line.length() > 0) { jTextArea1.setText(jTextArea1.getText() + line + "\n"); // } } /** * This method is called from within the constructor to initialize the form. * WARNING: Do NOT modify this code. The content of this method is always * regenerated by the Form Editor. */ @SuppressWarnings("unchecked") // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents private void initComponents() { jPanel1 = new javax.swing.JPanel(); jLabel1 = new javax.swing.JLabel(); jLabel2 = new javax.swing.JLabel(); textfieldWorkingdir = new javax.swing.JTextField(); textfieldSqlmap = new javax.swing.JTextField(); jLabel6 = new javax.swing.JLabel(); textfieldPython = new javax.swing.JTextField(); jPanel2 = new javax.swing.JPanel(); jLabel3 = new javax.swing.JLabel(); jLabel4 = new javax.swing.JLabel(); jLabel5 = new javax.swing.JLabel(); jButton1 = new javax.swing.JButton(); jComboBox1 = new javax.swing.JComboBox(); jComboBox2 = new javax.swing.JComboBox(); jComboBox3 = new javax.swing.JComboBox(); jLabel7 = new javax.swing.JLabel(); textfieldAttackParam = new javax.swing.JTextField(); jPanel3 = new javax.swing.JPanel(); jScrollPane1 = new javax.swing.JScrollPane(); jTextArea1 = new javax.swing.JTextArea(); jPanel4 = new javax.swing.JPanel(); jScrollPane2 = new javax.swing.JScrollPane(); textareaCommand = new javax.swing.JTextArea(); jPanel1.setBorder(javax.swing.BorderFactory.createEtchedBorder()); jLabel1.setText("SQLMAP Python:"); jLabel2.setText("Working Directory:"); textfieldWorkingdir.setText("/tmp/sqlmap"); textfieldSqlmap.setText("/home/dobin/Downloads/sqlmapproject-sqlmap-cb1f17c/sqlmap.py"); jLabel6.setText("Python Executable:"); textfieldPython.setText("/usr/bin/python"); javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1); jPanel1.setLayout(jPanel1Layout); jPanel1Layout.setHorizontalGroup(jPanel1Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(jPanel1Layout.createSequentialGroup() .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(jPanel1Layout.createSequentialGroup().addGap(2, 2, 2).addGroup( jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jLabel6).addComponent(jLabel1)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addGroup(jPanel1Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(textfieldSqlmap, javax.swing.GroupLayout.DEFAULT_SIZE, 522, Short.MAX_VALUE) .addComponent(textfieldPython))) .addGroup(jPanel1Layout.createSequentialGroup().addComponent(jLabel2) .addGap(23, 23, 23).addComponent(textfieldWorkingdir))) .addContainerGap())); jPanel1Layout.setVerticalGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(jPanel1Layout.createSequentialGroup() .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel6).addComponent(textfieldPython, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(textfieldSqlmap, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(jLabel1)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel2).addComponent(textfieldWorkingdir, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addGap(8, 8, 8))); jPanel2.setBorder(javax.swing.BorderFactory.createEtchedBorder()); jLabel3.setText("DB:"); jLabel4.setText("OS:"); jLabel5.setText("Risk:"); jButton1.setText("Go"); jButton1.addActionListener(new java.awt.event.ActionListener() { public void actionPerformed(java.awt.event.ActionEvent evt) { jButton1ActionPerformed(evt); } }); jComboBox1.setModel( new javax.swing.DefaultComboBoxModel(new String[] { "Item 1", "Item 2", "Item 3", "Item 4" })); jComboBox2.setModel( new javax.swing.DefaultComboBoxModel(new String[] { "Item 1", "Item 2", "Item 3", "Item 4" })); jComboBox3.setModel( new javax.swing.DefaultComboBoxModel(new String[] { "Item 1", "Item 2", "Item 3", "Item 4" })); jLabel7.setText("Param to attack:"); textfieldAttackParam.setEditable(false); textfieldAttackParam.setText(" "); javax.swing.GroupLayout jPanel2Layout = new javax.swing.GroupLayout(jPanel2); jPanel2.setLayout(jPanel2Layout); jPanel2Layout.setHorizontalGroup(jPanel2Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(jPanel2Layout.createSequentialGroup().addGroup(jPanel2Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING).addComponent(jLabel3) .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jLabel5, javax.swing.GroupLayout.Alignment.TRAILING) .addComponent(jLabel4))) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(jPanel2Layout.createSequentialGroup() .addComponent(jComboBox1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addGap(69, 69, 69).addComponent(jLabel7) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(textfieldAttackParam, javax.swing.GroupLayout.PREFERRED_SIZE, 106, javax.swing.GroupLayout.PREFERRED_SIZE) .addGap(0, 0, Short.MAX_VALUE)) .addGroup(jPanel2Layout.createSequentialGroup() .addGroup(jPanel2Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jComboBox2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(jComboBox3, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(jButton1))) .addContainerGap())); jPanel2Layout.setVerticalGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(jPanel2Layout.createSequentialGroup() .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(jButton1)) .addGroup(jPanel2Layout.createSequentialGroup().addGroup(jPanel2Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jComboBox1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(jLabel3).addComponent(jLabel7).addComponent(textfieldAttackParam, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jComboBox2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(jLabel4)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jComboBox3, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(jLabel5)))); jPanel3.setBorder(javax.swing.BorderFactory.createEtchedBorder()); jTextArea1.setColumns(20); jTextArea1.setRows(5); jScrollPane1.setViewportView(jTextArea1); javax.swing.GroupLayout jPanel3Layout = new javax.swing.GroupLayout(jPanel3); jPanel3.setLayout(jPanel3Layout); jPanel3Layout.setHorizontalGroup(jPanel3Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING).addComponent(jScrollPane1)); jPanel3Layout.setVerticalGroup(jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jScrollPane1, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, 122, Short.MAX_VALUE)); textareaCommand.setEditable(false); textareaCommand.setColumns(20); textareaCommand.setRows(5); textareaCommand.setWrapStyleWord(true); jScrollPane2.setViewportView(textareaCommand); javax.swing.GroupLayout jPanel4Layout = new javax.swing.GroupLayout(jPanel4); jPanel4.setLayout(jPanel4Layout); jPanel4Layout.setHorizontalGroup(jPanel4Layout .createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING).addComponent(jScrollPane2)); jPanel4Layout.setVerticalGroup(jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jScrollPane2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)); javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); this.setLayout(layout); layout.setHorizontalGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(jPanel2, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(jPanel3, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(jPanel4, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)); layout.setVerticalGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() .addComponent(jPanel1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(jPanel2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(jPanel4, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED).addComponent(jPanel3, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))); }// </editor-fold>//GEN-END:initComponents private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed startSqlmap(); }//GEN-LAST:event_jButton1ActionPerformed // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JButton jButton1; private javax.swing.JComboBox jComboBox1; private javax.swing.JComboBox jComboBox2; private javax.swing.JComboBox jComboBox3; private javax.swing.JLabel jLabel1; private javax.swing.JLabel jLabel2; private javax.swing.JLabel jLabel3; private javax.swing.JLabel jLabel4; private javax.swing.JLabel jLabel5; private javax.swing.JLabel jLabel6; private javax.swing.JLabel jLabel7; private javax.swing.JPanel jPanel1; private javax.swing.JPanel jPanel2; private javax.swing.JPanel jPanel3; private javax.swing.JPanel jPanel4; private javax.swing.JScrollPane jScrollPane1; private javax.swing.JScrollPane jScrollPane2; private javax.swing.JTextArea jTextArea1; private javax.swing.JTextArea textareaCommand; private javax.swing.JTextField textfieldAttackParam; private javax.swing.JTextField textfieldPython; private javax.swing.JTextField textfieldSqlmap; private javax.swing.JTextField textfieldWorkingdir; // End of variables declaration//GEN-END:variables void setHttpMessage(SentinelHttpMessage origHttpMessage, SentinelHttpParam attackParam) { this.httpMessage = origHttpMessage; this.attackParam = attackParam; this.textfieldAttackParam.setText(attackParam.getName()); } void storeConfig() { SqlmapData data = new SqlmapData(textfieldPython.getText(), textfieldSqlmap.getText(), textfieldWorkingdir.getText()); SettingsManager.storeSqlmapConfig(data); } }