Fixed bugs on jwt and message replacement

- Sometime messages were replaced even if no edits were made on them - There was a bug that caused the tool to not throw an error when wrong jwt edits were made
stfbk · Sep 22, 2023 · a0a7bb7 · a0a7bb7
1 parent a44f4f4
commit a0a7bb7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/tool/src/main/java/migt/BurpExtender.java b/tool/src/main/java/migt/BurpExtender.java
@@ -6,6 +6,7 @@
 import java.awt.*;
 import java.io.OutputStream;
 import java.io.PrintStream;
+import java.util.Arrays;
 import java.util.Objects;
 
 /**
@@ -175,9 +176,13 @@ private void processMatchedMsg(MessageType msg_type,
                     // TODO: fix randomly replaced messages
                     // sometimes the bytes of the processed message is different from the original one, but the string
                     // of both messages is equal
-                    messageInfo.setRequest(mainPane.act_active_op.processed_message);
+                    if (!Arrays.equals(message.getRequest(), mainPane.act_active_op.processed_message)) {
+                        messageInfo.setRequest(mainPane.act_active_op.processed_message);
+                    }
                 } else {
-                    messageInfo.setResponse(mainPane.act_active_op.processed_message);
+                    if (!Arrays.equals(message.getResponse(), mainPane.act_active_op.processed_message)) {
+                        messageInfo.setResponse(mainPane.act_active_op.processed_message);
+                    }
                 }
             }
         } catch (UnsupportedOperationException e) {

diff --git a/tool/src/main/java/migt/EditOperation.java b/tool/src/main/java/migt/EditOperation.java
@@ -307,12 +307,12 @@ public void execute(List<Var> vars) throws ParsingException {
                             this.result = false;
                             return;
                         }
-                    }
-                    applicable = true;
-
-                    if (sign) {
+                    } else if (sign) {
+                        applicable = true;
                         tmp_imported_api.jwt.sign = true;
                         tmp_imported_api.jwt.private_key_pem = jwt_private_key_pem;
+                    } else {
+                        throw new ParsingException("missing jwt section in Edit operation");
                     }
 
                     break;