ncoblentz

<html>
<head>
    <script type="text/javascript" src="js/jquery.js" ></script>
    <script type="text/javascript" src="js/jquery.form.js" ></script>
    <script type="text/javascript" src="js/jquery.populate.js" ></script>
    
    <script type="text/javascript">  
	function getAppData(){
		$.ajax({
		    type: "get",

ncoblentz

<?xml version="1.0" encoding="utf-8" ?>
<widget xmlns="http://www.w3.org/ns/widgets"
        xmlns:rim="http://www.blackberry.com/ns/widgets"
        version="1.0.0">

  <name>Permissions Test</name>

  <description>This application tests whether privileged APIs can be called without AppWorld reporting those permissions to the user.</description>

  <author>Nick Coblentz</author>

ncoblentz

<?xml version="1.0" encoding="utf-8" ?>
<widget xmlns="http://www.w3.org/ns/widgets"
        xmlns:rim="http://www.blackberry.com/ns/widgets"
        version="1.0.0">

  <name>Permissions Test</name>

  <description>This application tests whether privileged APIs can be called without AppWorld reporting those permissions to the user.</description>

  <author>Nick Coblentz</author>

ncoblentz

# encoding: utf-8

#http://code.google.com/p/owaspbwa/wiki/ProjectSummary
#http://sourceforge.net/apps/trac/owaspbwa/report/1

require 'capybara/rspec'

Capybara.default_driver = :selenium
Capybara.run_server = false
#page = Capybara::Session.new(:selenium)

ncoblentz

# encoding: utf-8

#http://code.google.com/p/owaspbwa/wiki/ProjectSummary
#http://sourceforge.net/apps/trac/owaspbwa/report/1

require 'rspec'
require 'watir-webdriver'

$BROKEN_WEB_APPS_HOST='http://owaspbwa'

ncoblentz

#POST http://owaspbwa/vicnum/vicnum5.php
#player=<script>alert(1)</script>

require 'tempfile'
require 'escape_utils'
require 'watir-webdriver'
target='http://owaspbwa/vicnum/vicnum5.php' #the attack target
post='player=<script>alert(1)</script>' #the POST data to send to the target
postdata=Array.new

ncoblentz

def each_frame(frames,&block)
	frames.each do |f|
		yield f
		each_frame(f.frames,&block)
	end
end

status = browser.html.include?(match)
each_frame(browser.frames) do |f|
	break if(status=status || f.html.include?(match))

ncoblentz

url='http://www.google.com'
browser.goto(url)
browser.execute_script(%q|var el = document.createElement("script");el.setAttribute("src","http://code.jquery.com/jquery-1.6.4.min.js");document.body.appendChild(el);|)
browser.execute_script(%q|var geturl = $.ajax({type: GET,url: '|+url+%q|',complete: function () {$('body').data('httpheaders_complete',true);},success: function (data,status,xhr) {$('body').data('httpheaders',geturl.getAllResponseHeaders());$('body').data('content',data);}});|)
browser.wait_until { browser.execute_script(%q|return $('body').data('httpheaders_complete');|) }
browser.execute_script(%q|return $('body').data('httpheaders');|)

ncoblentz

# -*- coding: utf-8 -*-
"""
Created on Wed Dec 19 14:20:28 2012

@author: Nick Coblentz
"""

from burp import IBurpExtender
from burp import IMessageEditorTabFactory
from burp import IMessageEditorTab

ncoblentz

# -*- coding: utf-8 -*-
"""
Created on Fri Dec 28 14:16:12 2012

@author: Nick Coblentz
Some of this code is borrowed from Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In
It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp.
"""

from burp import IBurpExtender