Skip to content

Commit

Permalink
Edit Operation message fix + rm dependency from helpers
Browse files Browse the repository at this point in the history 
- Almost completely removed dependency from burp helpers
- Edit Operation add in message url and head now append value if param not present
  • Loading branch information
@mattebit
mattebit committed Nov 9, 2023
1 parent aa9f766 commit 07eae0b
Show file tree
Hide file tree
Showing 12 changed files with 99 additions and 93 deletions.
2 changes: 1 addition & 1 deletion doc/language.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ By using an Edit Operation inside an Operation, you are able to edit the interce
- `from` to select the section of the message you need
- `edit` to edit the value of the given parameter. (only for url and head sections) use `value` to specify the new value.
- `edit regex` to edit with a regex the section of the message you selected. use `value` to specify the new value
- `add` to add some content to the given section. in case of url and head, you need to specify the name of the parameter in this tag, and the value with `value`. For the body section, the content will be always appended to the end of the body, so you can leave this tag value empty and put the content to append in the `value` tag.
- `add` to add some content to the given section. in case of url and head, you need to specify the name of the parameter in this tag, and the value with `value`. If the parameter is not found, a new parameter is added, if the parameter is already present, the new value will be appended to the old one. For the body section, the content will be always appended to the end of the body, so you can leave this tag value empty and put the content to append in the `value` tag.
- `remove` used to specify the name of a parameter to remove in url and head. Not available on body.
- `value` used to specify the new value for the edit operations
- `use` used in place of `value` to use the given variable value as new value. You should give a variable name to this tag.
Expand Down
2 changes: 0 additions & 2 deletions tool/src/main/java/migt/BurpExtender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
errorStream = new PrintStream(stdErr);

mainPane = new GUI();
mainPane.helpers = callbacks.getHelpers();
mainPane.callbacks = callbacks;
mainPane.messageViewer = callbacks.createMessageEditor(mainPane.controller, false);
mainPane.splitPane.setRightComponent(mainPane.messageViewer.getComponent());
Expand Down Expand Up @@ -163,7 +162,6 @@ private void processMatchedMsg(MessageType msg_type,
HTTPReqRes message) {
messageInfo.setHighlight("red");

mainPane.act_active_op.helpers = helpers;
mainPane.act_active_op.setAPI(new Operation_API(message, msg_type.msg_to_process_is_request));
mainPane.act_active_op.execute();

Expand Down
40 changes: 15 additions & 25 deletions tool/src/main/java/migt/DecodeOperation.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package migt;

import burp.IExtensionHelpers;
import com.jayway.jsonpath.JsonPath;
import org.json.JSONArray;
import org.json.JSONObject;
Expand Down Expand Up @@ -106,7 +105,6 @@ public DecodeOperation(JSONObject decode_op_json) throws ParsingException {
* Decodes a parameter from a message, given the message section and the list of encodings to be applied during
* decoding
*
* @param helpers IExtensionHelpers helpers object from Burp
* @param ms The message section that contains the parameter to be decoded
* @param encodings The list of encodings to be applied to decode the parameter
* @param messageInfo The message to be decoded
Expand All @@ -115,25 +113,25 @@ public DecodeOperation(JSONObject decode_op_json) throws ParsingException {
* @return The decoded parameter as a string
* @throws ParsingException If problems are encountered during decoding
*/
public static String decodeParam(IExtensionHelpers helpers,
DecodeOperationFrom ms,
public static String decodeParam(DecodeOperationFrom ms,
List<Encoding> encodings,
HTTPReqRes messageInfo,
Boolean isRequest,
String decode_param) throws ParsingException {
String decoded_param = "";
// TODO add regex selection
switch (ms) {
case HEAD:
decoded_param = decode(
encodings, messageInfo.getHeadParam(isRequest, decode_param), helpers);
encodings, messageInfo.getHeadParam(isRequest, decode_param));
break;
case BODY:
decoded_param = decode(
encodings, messageInfo.getBodyRegex(isRequest, decode_param), helpers);
encodings, messageInfo.getBodyRegex(isRequest, decode_param));
break;
case URL:
decoded_param = decode(
encodings, messageInfo.getUrlParam(decode_param), helpers);
encodings, messageInfo.getUrlParam(decode_param));
break;
}

Expand All @@ -152,32 +150,30 @@ public static String decodeParam(IExtensionHelpers helpers,
* @return the decoded string
* @throws ParsingException if the decoding fails
*/
public static String decode(List<Encoding> encodings, String encoded, IExtensionHelpers helpers) throws ParsingException {
// TODO: remove dependency from helpers
public static String decode(List<Encoding> encodings, String encoded) throws ParsingException {
String actual = encoded;
byte[] actual_b = null;
boolean isActualString = true;

if (encoded.length() == 0) {
if (encoded.isEmpty()) {
return "";
}

for (Encoding e : encodings) {
switch (e) {
case BASE64:
if (isActualString) {
actual_b = helpers.base64Decode(actual);
actual_b = Base64.getDecoder().decode(actual);
isActualString = false;
} else {
actual_b = helpers.base64Decode(actual_b);
actual_b = Base64.getDecoder().decode(actual_b);
}
break;
case URL:

if (isActualString) {
actual = helpers.urlDecode(actual);
actual = java.net.URLDecoder.decode(actual, StandardCharsets.UTF_8);
} else {
actual = helpers.urlDecode(new String(actual_b));
actual = java.net.URLDecoder.decode(new String(actual_b), StandardCharsets.UTF_8);
isActualString = true;
}
break;
Expand Down Expand Up @@ -393,12 +389,10 @@ public void setAPI(DecodeOperation_API dop_api) {
* Loads an Operation API
*
* @param api
* @param helpers
* @throws ParsingException
*/
public void loader(Operation_API api, IExtensionHelpers helpers) {
public void loader(Operation_API api) {
// load api, extract needed things
this.helpers = helpers;
this.imported_api = api;
}

Expand All @@ -407,10 +401,8 @@ public void loader(Operation_API api, IExtensionHelpers helpers) {
*
* @param api
*/
public void loader(DecodeOperation_API api, IExtensionHelpers helpers) {
public void loader(DecodeOperation_API api) {
this.imported_api = api;
this.helpers = helpers;

}

/**
Expand All @@ -426,7 +418,6 @@ public API exporter() throws ParsingException {

if (imported_api instanceof Operation_API) {
Tools.editMessageParam(
helpers,
decode_target,
from,
((Operation_API) imported_api).message,
Expand All @@ -450,7 +441,6 @@ public API exporter() throws ParsingException {
public void execute(List<Var> vars) throws ParsingException {
if (imported_api instanceof Operation_API) {
decoded_content = decodeParam(
helpers,
from,
encodings,
((Operation_API) imported_api).message,
Expand All @@ -474,7 +464,7 @@ public void execute(List<Var> vars) throws ParsingException {
result = false;
return;
}
decoded_content = decode(encodings, found, helpers);
decoded_content = decode(encodings, found);
break;

default:
Expand Down Expand Up @@ -503,7 +493,7 @@ public void execute(List<Var> vars) throws ParsingException {

// executes recursive decode operations
if (decodeOperations.size() != 0) {
executeDecodeOps(this, helpers, vars);
executeDecodeOps(this, vars);
}

// execute checks
Expand Down
9 changes: 1 addition & 8 deletions tool/src/main/java/migt/ExecutePassives.java
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package migt;

import burp.IExtensionHelpers;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
Expand All @@ -13,7 +11,6 @@
public class ExecutePassives implements Runnable {
final Object lock = new Object();
public List<Test> passives;
IExtensionHelpers helpers;
ExecutePassiveListener listener;
List<MessageType> messageTypes;
boolean finished;
Expand All @@ -22,17 +19,14 @@ public class ExecutePassives implements Runnable {
/**
* Used to instantiate an ExecutePassives object
*
* @param helpers IExtensionHelpers instance of Burp
* @param passiveTests The list of passive tests to execute
* @param listener the listener for this ExecutePassives Object, used to communicate with the thread
* @param msg_types the list of message types needed by the tests
*/
public ExecutePassives(IExtensionHelpers helpers,
List<Test> passiveTests,
public ExecutePassives(List<Test> passiveTests,
ExecutePassiveListener listener,
List<MessageType> msg_types) {
this.passives = passiveTests;
this.helpers = helpers;
this.listener = listener;
this.messageTypes = msg_types;
this.finished = false;
Expand Down Expand Up @@ -104,7 +98,6 @@ public void run() {
res = Tools.executePassiveTest(
actual_test,
executedSession.messages,
helpers,
messageTypes);
} catch (ParsingException e) {
actual_test.applicable = false;
Expand Down
8 changes: 5 additions & 3 deletions tool/src/main/java/migt/GUI.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
package migt;

import burp.*;
import burp.IBurpExtenderCallbacks;
import burp.IHttpService;
import burp.IMessageEditor;
import burp.IMessageEditorController;
import com.google.gson.Gson;
import org.json.JSONArray;
import org.json.JSONException;
Expand Down Expand Up @@ -94,7 +97,6 @@ public class GUI extends JSplitPane {
JTabbedPane bot_tabbed;
Map<String, Integer> bot_tabs_index;
HTTPReqRes viewedMessage;
IExtensionHelpers helpers;
IBurpExtenderCallbacks callbacks;
List<String> sessions_names;
Map<String, String> session_port;
Expand Down Expand Up @@ -681,7 +683,7 @@ public ArrayList<HTTPReqRes> onTrackExecuteDone() {
}
};

ExecutePassives expa = new ExecutePassives(helpers,
ExecutePassives expa = new ExecutePassives(
passives,
listener,
messageTypes);
Expand Down
41 changes: 38 additions & 3 deletions tool/src/main/java/migt/HTTPReqRes.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,7 +489,7 @@ public void removeUrlParam(String name) throws ParsingException {
}

/**
* Adds an url query parameter to the request url
* Adds an url query parameter to the request url. If parameter already present, concatenate new value to old.
*
* @param name the name of the new parameter
* @param value the value of the new parameter
Expand All @@ -509,7 +509,23 @@ public void addUrlParam(String name, String value) {
throw new RuntimeException(e);
}

params.add(new BasicNameValuePair(name, value));
int c = 0;
boolean found = false;
for (NameValuePair p : params) {
if (p.getName().equals(name)) {
found = true;
break;
}
c += 1;
}

if (found) {
String old_value = params.get(c).getValue();
old_value += value;
params.set(c, new BasicNameValuePair(name, old_value));
} else {
params.add(new BasicNameValuePair(name, value));
}

String new_query = URLEncodedUtils.format(params, "utf-8");

Expand Down Expand Up @@ -581,7 +597,26 @@ public void editHeadParam(Boolean isRequest, String param, String new_value) {
* @param value the value of the new header
*/
public void addHeadParameter(boolean isRequest, String name, String value) {
(isRequest ? this.headers_req : this.headers_resp).add(name + ": " + value);
List<String> headers = isRequest ? this.headers_req : this.headers_resp;

int c = 0;
boolean found = false;

for (String h : headers) {
if (h.startsWith(name + ":")) {
found = true;
break;
}
c += 1;
}

if (found) {
String old_header = headers.get(c);
old_header += value;
headers_req.set(c, old_header);
} else {
headers.add(name + ": " + value);
}
}

/**
Expand Down
10 changes: 1 addition & 9 deletions tool/src/main/java/migt/MessageOperation.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package migt;

import burp.IExtensionHelpers;
import org.json.JSONObject;

import java.io.File;
Expand Down Expand Up @@ -133,8 +132,7 @@ public Operation_API exporter() {
* @return the updated Operation with the result
* @throws ParsingException if parsing of names is not successfull
*/
public Operation execute(Operation op,
IExtensionHelpers helpers) throws ParsingException {
public Operation execute(Operation op) throws ParsingException {
for (MessageOperation mop : op.getMessageOperations()) {
Pattern pattern;
Matcher matcher;
Expand Down Expand Up @@ -243,7 +241,6 @@ public Operation execute(Operation op,

case EDIT:
op.processed_message = Tools.editMessageParam(
helpers,
mop.what,
mop.from,
op.api.message,
Expand All @@ -254,7 +251,6 @@ public Operation execute(Operation op,

case EDIT_REGEX:
op.processed_message = Tools.editMessage(
helpers,
mop.what,
mop,
op.api.message,
Expand Down Expand Up @@ -388,10 +384,6 @@ public Operation execute(Operation op,
} else {
op.api.message.setResponse(op.processed_message);
}
if (op.processed_message_service != null) {
// TODO: check if ok to remove
//op.api.message.setHttpService(op.processed_message_service);
}
}
} catch (StackOverflowError e) {
e.printStackTrace();
Expand Down
6 changes: 0 additions & 6 deletions tool/src/main/java/migt/Module.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package migt;

import burp.IExtensionHelpers;
import org.json.JSONObject;

/**
Expand All @@ -11,7 +10,6 @@ public class Module {
// These variables should be present in each module
boolean result = true;
boolean applicable = false;
IExtensionHelpers helpers;
API api; // the api of this module
API imported_api; // the api imported from a previous module

Expand All @@ -28,10 +26,6 @@ public Module(JSONObject json_module) {
// Parse
}

public Module(IExtensionHelpers helpers) {
this.helpers = helpers;
}

/**
* This function should be called to check that after an initialization of a module all the necessary parameters
* are set correctly. And the JSON has been parsed correctly with all the required tags present.
Expand Down
Loading

0 comments on commit 07eae0b

Please sign in to comment.