Module: BscanHelper

Included in:

BScan

Defined in:

lib/bscan/utils/bscan_helper.rb

Defined Under Namespace

Classes: Issue, Message

Instance Attribute Summary

• #activity ⇒ Object

  Returns the value of attribute activity.

• #bscan_config ⇒ Object readonly

  Returns the value of attribute bscan_config.

• #modules_only ⇒ Object readonly

  Returns the value of attribute modules_only.

• #run_proxy ⇒ Object readonly

  Returns the value of attribute run_proxy.

• #stat ⇒ Object

  Returns the value of attribute stat.

• #url_prefs ⇒ Object readonly

  Returns the value of attribute url_prefs.

Instance Method Summary

• #add_multi(map, k, v) ⇒ Object
• #add_spider_headers(params) ⇒ Object
• #copy_vars(from) ⇒ Object
• #do_active_scan(host, port, https, req) ⇒ Object
• #do_passive_scan(host, port, https, req, resp) ⇒ Object
• #do_scan(msg, trg, inj) ⇒ Object
• #esc(exp) ⇒ Object
• #excluded?(u) ⇒ Boolean
• #exit_suite(prompt) ⇒ Object
• #get_action ⇒ Object
• #get_action_params ⇒ Object
• #get_bool_prop(nm) ⇒ Object
• #get_par(k, defv, str = false) ⇒ Object
• #get_rr(obj, method) ⇒ Object
• #get_url_host_port(req, proto) ⇒ Object
• #hdr_nbr(params, par) ⇒ Object
• #include_in_scope(url) ⇒ Object
• #init_internals(cmd_params) ⇒ Object
• #init_stat ⇒ Object
• #is_in_scope(url) ⇒ Object
• #is_module_static(n, p) ⇒ Object
• #load_config(config, burp_defaults = nil) ⇒ Object
• #Log(mtype, *msgs) ⇒ Object
• #log(ll, stream) ⇒ Object
• #make_request_socket(host, port, https, req) ⇒ Object
• #msg_end(rsp) ⇒ Object
• #open_in_path(file, pathonly = false) ⇒ Object
• #prop(nm) ⇒ Object
• #read_response_socket(s) ⇒ Object
• #redirect(u, req) ⇒ Object
• #redirect?(req) ⇒ Boolean
• #replace_params(inp) ⇒ Object
• #run_modules(base, msg = nil) ⇒ Object
• #save_config ⇒ Object
• #search_path ⇒ Object
• #search_path_file(file) ⇒ Object
• #send_only(req, proto, inj) ⇒ Object
• #send_req(req, proto, inj) ⇒ Object
• #send_to_spider(url) ⇒ Object
• #set_len(r) ⇒ Object
• #to_map(h) ⇒ Object
• #verify_response(u, req, rsp, inj, time) ⇒ Object
• #write_issue_state(issue) ⇒ Object

Instance Attribute Details

#activity ⇒ Object

Returns the value of attribute activity.

# File 'lib/bscan/utils/bscan_helper.rb', line 34

def activity
  @activity
end

#bscan_config ⇒ Object (readonly)

Returns the value of attribute bscan_config.

# File 'lib/bscan/utils/bscan_helper.rb', line 32

def bscan_config
  @bscan_config
end

#modules_only ⇒ Object (readonly)

Returns the value of attribute modules_only.

# File 'lib/bscan/utils/bscan_helper.rb', line 29

def modules_only
  @modules_only
end

#run_proxy ⇒ Object (readonly)

Returns the value of attribute run_proxy.

# File 'lib/bscan/utils/bscan_helper.rb', line 31

def run_proxy
  @run_proxy
end

#stat ⇒ Object

Returns the value of attribute stat.

# File 'lib/bscan/utils/bscan_helper.rb', line 33

def stat
  @stat
end

#url_prefs ⇒ Object (readonly)

Returns the value of attribute url_prefs.

# File 'lib/bscan/utils/bscan_helper.rb', line 30

def url_prefs
  @url_prefs
end

Instance Method Details

#add_multi(map, k, v) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 391

def add_multi map,k,v
  if (map[k])
    ov = map[k];
    if (ov.kind_of?(Array))
      map[k] << v
    else 
      map[k] = [ov,v]
    end
  else
    map[k] = v  
  end
end

#add_spider_headers(params) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 549

def add_spider_headers params
  acts = get_action
  pars = get_action_params
  Log 3, "BscanHelper.add_spider_headers #{acts[0]} #{pars[0]}"
  i = -1
  acts.each do |a|
    i += 1
    case a
    when 'add_header'
      start = hdr_nbr params,pars[i]
      Log 3, "BscanHelper.add_spider_headers #{a} #{pars[i]} #{start}"
      params['spider.customheader' + start.to_s] = pars[i] if not params['spider.customheader' + start.to_s] 
    end
  end
end

#copy_vars(from) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 66

def copy_vars from
  from.instance_variables.each do |nm| 
    self.instance_variable_set(nm, from.instance_variable_get(nm))
#      puts "#{nm} => #{from.instance_variable_get(nm)}"
  end
end

#do_active_scan(host, port, https, req) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 495

def do_active_scan host, port, https, req
  req = req.to_java_bytes if req.kind_of?(String)
  @burp_cb.doActiveScan(host, port, https, req)  if @burp_cb
end

#do_passive_scan(host, port, https, req, resp) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 489

def do_passive_scan host, port, https, req, resp
  req = req.to_java_bytes if req.kind_of?(String)
  resp = resp.to_java_bytes if resp.kind_of?(String)
  @burp_cb.doPassiveScan(host, port, https, req, resp)  if @burp_cb
end

#do_scan(msg, trg, inj) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 126

def do_scan msg, trg, inj
  @activity[0]=true
  Log 2, "#{@mid}do_scan Scanning: #{trg}"
#    msg.url = trg
  path = $1 if trg =~ /\/\/[^\/]+(\/.*)/
  path = '/' if (not path) or (path.length < 1)
  req = msg.getRequest().to_s.sub(/(POST|GET|DELETE|PUT|TRACE|HEAD)\s*(.+)\s*HTTP/, "\\1 #{path} HTTP")
  
  send_req req, msg.getProtocol, inj
  
end

#esc(exp) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 264

def esc exp
  Regexp.escape exp
end

#excluded?(u) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/bscan/utils/bscan_helper.rb', line 148

def excluded? u
  exts = @burp_config['target.hideextensionsitems']
  if exts
    exts.split(',').each do |ex|
      return true if u =~ /.*\.#{ex}$/i 
    end
  end
  false
end

#exit_suite(prompt) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 577

def exit_suite prompt
  @burp_cb.exitSuite(prompt.to_java(Java::boolean))
end

#get_action ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 77

def get_action
  actions = @bscan_config['bscan.action']
  actions = [actions] if not actions.kind_of?(Array)
  actions
end

#get_action_params ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 83

def get_action_params
  params = @bscan_config['bscan.action_params']
  params = [params] if not params.kind_of?(Array)
  params
end

#get_bool_prop(nm) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 62

def get_bool_prop nm
  @bscan_config[nm] == 'true' or @bscan_config[nm] == 'yes'
end

#get_par(k, defv, str = false) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 89

def get_par k,defv,str=false
  p = @bscan_config[prop(k)] 
  p = p.to_i if !str && p && p.to_i.to_s == p
  p = true if !str && (p == 'true' or p == 'yes')
  p = false if !str && (p == 'false' or p == 'no')
  p ? p:defv 
end

#get_rr(obj, method) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 345

def get_rr obj, method
  if obj.respond_to? method
    obj.send(method)
  else
    case method
    when 'req_str'
      obj.getRequest().to_s
    when 'rsp_str'
      obj.getResponse().to_s
    else
      'ERROR: METHOD NOT DEFINED'
    end
  end      
end

#get_url_host_port(req, proto) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 138

def get_url_host_port req,proto
  host,port = $1.split(/\s*:\s*/,2) if req =~ /host\s*:\s*([^\s]+)\s*\r?\n/i
  if not port
    port = '80' if proto == 'http'
    port = '443' if proto == 'https'
  end  
  path = $2 if req =~/(POST|GET|DELETE|PUT|TRACE|HEAD)\s+(.+)\s+HTTP/
  ["#{proto}://#{host}:#{port}"+path,host,port.to_i]
end

#hdr_nbr(params, par) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 541

def hdr_nbr params,par
  start = 0
  while params['spider.customheader' + start.to_s] and  params['spider.customheader' + start.to_s] != par
    start += 1
  end
  start
end

#include_in_scope(url) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 510

def include_in_scope(url)
  case url
     when Java::Burp::IHttpRequestResponse,  Java::Burp::IRequestInfo
       url = url.getUrl
     else
       url = Java::JavaNet::URL.new(url.to_s) unless url.is_a? Java::JavaNet::URL
  end
  @burp_cb.includeInScope(url)  if @burp_cb
end

#init_internals(cmd_params) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 415

def init_internals  cmd_params
  
  init_stat
  @activity ||= [false]

#    @cmd_params ||= JSON.parse args[0]
  @cmd_params ||= cmd_params
  @ll =  @cmd_params['loglevel'].to_i

  lfile = @cmd_params['logfile']
  if lfile != nil
      begin
        @log = java.io.PrintStream.new(lfile)
      rescue Exception => e
        $stderr.puts("BscanHelper.init_internals  Error: can't open log file '#{lfile}', exception: #{e.message}")
        $stderr.puts(e.backtrace.join("\n"))
        Process.exit!(2)
      end
  else
    @log = java.lang.System.out
  end

  Log 2, "BscanHelper.init_internals CMD_PARAMS: #{@cmd_params}"
  @cmd_params.each_pair do |k,v|
    Log 2,"BscanHelper.init_internals #{k}:#{v}"
  end
  
  @burp_cb = nil
  @bscan_config = @cmd_params['bscan_config']
  @burp_config = @cmd_params['burp_config']
  @issues = @bscan_config['bscan.issues']
  @modules_only = (@bscan_config['bscan.modules_only'] and @bscan_config['bscan.modules_only'] == 'true') 
  @run_proxy ||= (@bscan_config['bscan.run_proxy'] and @bscan_config['bscan.run_proxy'] == 'true') 
  @url_prefs ||= @bscan_config['bscan.report_url_prefix']
  @url_prefs = [@url_prefs] if @url_prefs and not @url_prefs.kind_of?(Array)
  @modules ||= @bscan_config['bscan.modules']
  @modules ||= [] if not @modules
  @modules = [@modules] if not @modules.kind_of?(Array)
  mods = []
  @modules.each do |m|
    mods << m.split(',')
  end
  @modules = mods.flatten 
   
    
  Log 1, "BscanHelper.init_internals No issues dir provided. Issues will not be logged." if not @issues
  if (@issues)
    begin 
      dt = Time.now.strftime("%y%m%d_%H%M%S")
      File.directory? @issues or %x{mkdir -p "#{@issues}"}
      @sstream = "#{@issues}/session.#{dt}.zip"
      ifile = "#{@issues}/issues.#{dt}.txt"
      @istream = java.io.PrintStream.new(ifile)
      @stat['issues'] = ifile
    rescue Exception => e
      Log 0, "BscanHelper.init_internals Can't create issues or session files, Exception: #{e.message}"
      Log 0,  e.backtrace.join("\n")
      exit_suite
    end
  end
  
end

#init_stat ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 404

def init_stat
  @stat ||= {}
  @stat['start_time'] = Time.now.strftime("%Y-%m-%d %H:%M:%S")
  @stat['end_time'] = ''
  @stat['high'] = 0
  @stat['med'] = 0
  @stat['low'] = 0
  @stat['issues'] = ''
  @stat['urls'] = ''
end

#is_in_scope(url) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 500

def is_in_scope(url)
 case url
    when Java::Burp::IHttpRequestResponse,  Java::Burp::IRequestInfo
      url = url.getUrl
    else
      url = Java::JavaNet::URL.new(url.to_s) unless url.is_a? Java::JavaNet::URL
 end
 @burp_cb.isInScope(url)  if @burp_cb
end

#is_module_static(n, p) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 478

def is_module_static n,p
  pref = 'bscan.' + n + '.'
  pref += p + '.' if p and p.length > 0
  @bscan_config[pref + 'static_request'] == 'true'  
end

#load_config(config, burp_defaults = nil) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 530

def load_config config,burp_defaults=nil
  @load_config_flag = true
  begin
    @burp_extender.loadConfig(config.to_java, burp_defaults)
    Log 2, "BscanHelper.load_config finished"
  rescue Exception => e
     Log 0, "BscanHelper.load_config\nException: #{e.message}"
    Log 0,  e.backtrace.join("\n")
  end
 @load_config_flag = false
end

#Log(mtype, *msgs) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 291

def Log (mtype, *msgs)
  pr = "Unknown:"
  case mtype
  when 0
    pr = "ERROR:"
  when 1
    pr = "WARN:"
  when 2
    pr = "INFO:"
  when 3
    pr = "DEBUG:"
  end  
  msgs.each do |msg|
    if (@ll >= mtype)
      dt = Time.now.strftime("%y%m%d %H%M%S")
      @log.println "#{dt} #{pr} #{msg}"
    end
  end
  @log.flush
end

#log(ll, stream) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 387

def log ll, stream
  stream.puts if true 
end

#make_request_socket(host, port, https, req) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 175

def make_request_socket host, port, https, req
 begin
    rsp = ''
    s = TCPSocket.new(host, port)
    Log 2, "#{@mid}make_request_socket new socket #{host} #{port} #{https}"
    if (https)
      ctx = OpenSSL::SSL::SSLContext.new
      ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE 
      s = OpenSSL::SSL::SSLSocket.new(s, ctx)
      s.connect
    end
    s.syswrite(req)
    Log 2, "#{@mid}make_request_socket write succeeded for  #{req}"
    rsp = read_response_socket s
    while ((u = redirect? rsp))
      rsp = redirect u,req
    end
    Log 2, "#{@mid}make_request_socket read succeeded #{rsp}"
  rescue Exception => e
    Log 1, "#{@mid}make_request_socket failed: #{e.message}"
    Log 1, e.backtrace.join("\n")
  end
  begin
    s.close
  rescue
  end  
  rsp
end

#msg_end(rsp) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 223

def msg_end rsp
  rsp[-4..-1] == "\r\n\r\n" || rsp[-2..-1] == "\n\n"
end

#open_in_path(file, pathonly = false) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 106

def open_in_path file,pathonly=false
  io = nil
  files = search_path_file(file)
  files.each do |p|
      if File.file?(p)
        return p if pathonly
        io = File.open(p,"r") 
        return io if io
      end
  end
  raise "Can't find file in: #{files.join(':')}"
end

#prop(nm) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 73

def prop nm
    @prop_pref + nm   
end

#read_response_socket(s) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 227

def read_response_socket s
    rsp=''
    begin
      while (ch=s.sysread(1))
        rsp += ch
        break if msg_end rsp
        if rsp =~ /Content-Length\s*:\s*(\d+)\r?\n$/i
          len = $1.to_i
          while (c=s.sysread(1))
            rsp += c
            if msg_end rsp
              return rsp if len <= 0
              rsp += s.sysread(len)
              return rsp;
            end
          end  
          break  
        end
      end
    rescue Exception => e
      Log 1, "#{@mid}read_response_socket failed: #{e.message}\nResponse:\n#{rsp}"
      Log 1, e.backtrace.join("\n")
    end      
    rsp
end

#redirect(u, req) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 211

def redirect u, req
  uri = URI.parse(u)
  proto = uri.scheme 
  host = uri.host 
  port = uri.port 
  path = uri.path 
  path += '?' + uri.query if uri.query 
  make_request_socket host, port, ('https'==proto),
    req.sub(/^(POST|GET|DELETE|PUT|TRACE|HEAD)\s+\/[^\s]+/, "\\1 #{path}")
end

#redirect?(req) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/bscan/utils/bscan_helper.rb', line 204

def redirect? req
  if req =~ /^HTTP\/[^\s]+\s+3\d\d/i
    return $1 if  req =~ /\nLocation\s*:\s*([^\r\n]+)\r?\n/i 
  end 
  nil
end

#replace_params(inp) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 565

def replace_params inp
  while inp =~ /#\{bscan\.(\w+)\}/ do
    v = @bscan_config['bscan.global.'+ $1 ]
    if not v
      Log 0, "BscanHelper.replace_params can't replace #{$1} was bscan.global.#{$1} defined?" 
      next   
    end
    Log 3, "BscanHelper.replace_params #{$1} -> " + v
    inp.sub!(/#\{bscan\.(\w+)\}/, v)
  end
end

#run_modules(base, msg = nil) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 312

def run_modules base, msg=nil
  if @modules 
    @modules.each do |m|
      begin
        mod,prop=m.split(':',2)
        prop ||=''
        mn = File.basename(mod,".rb")
        is_static = is_module_static(mn,prop)
        Log 2, "BscanHelper.run_modules executing module #{mod}:#{prop} #{is_static}"
        mn.camelize!
        if (is_static && !msg) || (!is_static && msg)
          eval("
#           puts '=====================MODULE PATH: ' + $:.join(':') 
            require '#{mod}'
            require 'bscan/utils/bscan_helper.rb'
            
            class #{mn}#{prop}Class
              include #{mn}
              include BscanHelper
            end
            modins = #{mn}#{prop}Class.new
            modins.copy_vars base if base
            modins.run(self, msg, prop)
            ")
        end
      rescue Exception => e
        Log 1, "BscanHelper.run_modules Can't exceute module #{mod}, Exception: #{e.message}"
        Log 1, e.backtrace.join("\n")
      end
    end
  end
end

#save_config ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 519

def save_config
  @burp_cb.saveConfig().to_hash
end

#search_path ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 97

def search_path
    path = []
    path << File.expand_path('.') << File.expand_path(File.join('.','lib')) << File.expand_path(File.join('~','.bscan')) << File.expand_path(File.join('etc','bscan')) << $:
end

#search_path_file(file) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 102

def search_path_file file
  Pathname.new(file).absolute? ? [file] : search_path.map! {|p| File.join(p,file)}
end

#send_only(req, proto, inj) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 158

def send_only req, proto, inj
  begin
   trg,host,port = get_url_host_port req,proto
   return nil if excluded? trg
   https = proto == "https" ? true : false
   start = Time.now   
   Log 2, "#{@mid}send_req make_req: '#{trg}' '#{host}' '#{port}'\n#{req}"
#      rsp = @bscan.make_request(host, port, https, req)
   rsp = make_request_socket host, port, https, req
   rt = Time.now - start
   return [rsp,rt,trg,host,port] 
 rescue Exception => e
   Log 0, "#{@mid}send_req Exception: #{e.message}"
   Log 0, e.backtrace.join("\n")
 end 
end

#send_req(req, proto, inj) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 253

def send_req req, proto, inj
    rsp,rt,trg,host,port = send_only req, proto, inj
    return if not rsp
    https = proto == "https" ? true : false
    if not @modules_only
      Log 2, "#{@mid}send_req do_passive: '#{trg}' '#{host}' '#{port}'\n#{req}\n#{rsp}"
      @burp.do_passive_scan(host, port, https, req, rsp) 
    end
    verify_response trg, req, rsp, inj, rt
end

#send_to_spider(url) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 484

def send_to_spider url
  url = Java::JavaNet::URL.new(url.to_s) unless url.kind_of?(Java::JavaNet::URL)
  @burp_cb.sendToSpider(url) if @burp_cb
end

#set_len(r) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 119

def set_len r
    mbody = r.match(/(\r?\n\r?\n)/)
    body_pos = mbody.end(0)
    r.sub!(/content-length\s*:\s*\d+/i, "Content-Length: "+(r.length-body_pos).to_s)
end

#to_map(h) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 522

def to_map h
  m = Java.java.util.HashMap.new
  h.each_pair do |k,v|
    m.put(k,v)
  end
  m
end

#verify_response(u, req, rsp, inj, time) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 268

def verify_response u, req, rsp, inj, time
 
 Log 2, "#{@mid}verify_response: #{u} #{inj} #{time} #{req} #{rsp}"

  st = $1 if rsp =~ /^\s*HTTP.*\s+(\d+)\s+/
  st ||= '0'
  st = st.to_i
  issue = nil
  if (st >= 500 and @config[prop('check_status')]=='true')
    issue = Issue.new "#{@mid.chop}: Unexpected Error", u, "Medium", "Retest", req, rsp
  end
  mt = @config[prop('check_rsp_max_time')]
  mt = mt.to_i if mt
  if (mt and mt > 0 and time > mt)
    issue = Issue.new "#{@mid.chop}: Long Response Time", u, "Medium", "Retest", req, rsp, "Response time is longer that #{mt}"
  end
  if (rsp =~ /#{esc(inj)}/  and @config[prop('check_replay')]=='true') and inj.size >= 5 and inj =~ /[<>]/
    issue = Issue.new "#{@mid.chop}: Possible XSS", u, "High", "Retest", req, rsp, "The following input has been replayed in a response #{inj}"
  end
  
  write_issue_state issue if issue
end

#write_issue_state(issue) ⇒ Object

# File 'lib/bscan/utils/bscan_helper.rb', line 360

def write_issue_state issue
#   Log 2,"INSPECT: #{issue.http_messages[0].methods}  #{issue.http_messages[0].inspect}  #{issue.http_messages[0].to_s} "
  
  @stat['high'] += 1 if issue.severity =~ /High/i
  @stat['med'] += 1 if issue.severity =~ /Med/i
  @stat['low'] += 1 if issue.severity =~ /Low/i
  @stat['urls'] += "  #{issue.url}\n"
  
  Log 2,"BscanHelper.write_issue_state #{not @istream} #{issue.http_messages[0].methods}  #{get_rr(issue.http_messages[0],'req_str')}  #{get_rr(issue.http_messages[0],'rsp_str')}"
  @istream or return
  begin 
    @istream.println '#'*70
    @istream.println "#{issue.issue_name} : #{issue.url}"
    @istream.println "Severity: #{issue.severity}(#{issue.confidence})"
    @istream.println "Background: #{issue.issue_background}"
    @istream.println "Details: #{issue.issue_detail}" 
    @istream.println "Remediation: #{issue.remediation_background}"
    @istream.println "Request: #{get_rr(issue.http_messages[0],'req_str')}" 
    @istream.println "Response: #{get_rr(issue.http_messages[0],'rsp_str')}"
    # sync_save_state issue throws exceptions
    @istream.flush 
  rescue Exception => e
    Log 0, "BscanHelper.write_issue_state Can't write issue #{issue.issue_name}, Exception: #{e.message}"
    Log 0,  e.backtrace.join("\n")
  end
end