Skip to content

Commit

Permalink
Merge pull request #2 from ahanel13/enhancement/add_amf_error_logging
Browse files Browse the repository at this point in the history
Enhancement/add amf error logging
  • Loading branch information
ahanel13 authored Oct 3, 2024
2 parents 9e0477e + 0421437 commit 2aae60d
Show file tree
Hide file tree
Showing 8 changed files with 52 additions and 29 deletions.
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<groupId>me.anthonyhanel</groupId>
<artifactId>Firewall-Ferret</artifactId>
<version>1.2.0</version>
<version>1.2.1</version>

<properties>
<maven.compiler.source>17</maven.compiler.source>
Expand Down
12 changes: 6 additions & 6 deletions src/main/java/controller/FireWallFerretController.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
import burp.api.montoya.core.Registration;
import burp.api.montoya.ui.contextmenu.InvocationType;
import model.InsertPntProvider;
import model.actionListeners.AddActionListener;
import model.actionListeners.InsertActionListener;
import controller.actionListeners.AddBulletActionListener;
import controller.actionListeners.InsertBulletActionListener;
import view.FerretMenuProvider;
import view.FerretSuiteTab;

Expand Down Expand Up @@ -33,7 +33,7 @@ public FireWallFerretController(
) {
_api = api;
_menuContext = menuContext;
_insPointProvider = new InsertPntProvider(List.of(8, 16, 32, 64, 128, 1024));
_insPointProvider = new InsertPntProvider(List.of(8, 16, 32, 64, 128, 1024), _api);
_view = view;

registerMenuContext();
Expand Down Expand Up @@ -65,7 +65,7 @@ public void actionPerformed(ActionEvent e){
List<Integer> bulletSizes = getBulletSizeList();

_insProviderReg = _api.scanner()
.registerInsertionPointProvider(new InsertPntProvider(bulletSizes));
.registerInsertionPointProvider(new InsertPntProvider(bulletSizes, _api));

_view.setMessage("Updating Scanner bullets to: " + bulletSizes);
}
Expand All @@ -82,10 +82,10 @@ private void registerMenuContext() {
_api.userInterface().registerContextMenuItemsProvider(_menuContext);

_menuContext.addActionListenerToInsertItem(
new InsertActionListener(_api, _menuContext, replacingInvocationType));
new InsertBulletActionListener(_api, _menuContext, replacingInvocationType));

_menuContext.addActionListenerToAddItem(
new AddActionListener(_api, _menuContext, replacingInvocationType));
new AddBulletActionListener(_api, _menuContext, replacingInvocationType));
}

//-----------------------------------------------------------------------------
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package model.actionListeners;
package controller.actionListeners;

import burp.api.montoya.MontoyaApi;
import burp.api.montoya.ui.contextmenu.InvocationType;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package model.actionListeners;
package controller.actionListeners;

import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.requests.HttpRequest;
Expand All @@ -9,17 +9,18 @@
import view.BulletOptionsDialog;
import view.FerretMenuProvider;

import javax.swing.*;
import java.awt.event.ActionEvent;
import java.util.List;
import java.util.Optional;

////////////////////////////////////////
// CLASS AddActionListener
////////////////////////////////////////
public class AddActionListener extends AbstractListeners{
public class AddBulletActionListener extends AbstractListeners{

//-------------------------------------------------------------------------
public AddActionListener(MontoyaApi montoyaApi, FerretMenuProvider context, List<InvocationType> type){
public AddBulletActionListener(MontoyaApi montoyaApi, FerretMenuProvider context, List<InvocationType> type){
super(montoyaApi, context, type);
}

Expand All @@ -34,18 +35,28 @@ public void actionPerformed(ActionEvent e){

Optional<MessageEditorHttpRequestResponse> reqRespEditor = menuContext.getReqRespEditor();
String bullet = BulletFactory.bullet(bulletSize);
HttpRequest contextReq = menuContext.getReqResp().request();
HttpRequest updatedReq = getRequest(contextReq, bullet);

if(_isEditorEvent() && reqRespEditor.isPresent()) // if event came from an editor then replace the request
reqRespEditor.get().setRequest(updatedReq);
else // else if the event came from a viewer, then create a repeater tab
api.repeater().sendToRepeater(updatedReq);
HttpRequest contextReq = menuContext.getReqResp().request();
Optional<HttpRequest> updatedReq = getRequest(contextReq, bullet);

if(updatedReq.isPresent()){
if(_isEditorEvent() && reqRespEditor.isPresent()) // if event came from an editor then replace the request
reqRespEditor.get().setRequest(updatedReq.orElse(null));
else // else if the event came from a viewer, then create a repeater tab
api.repeater().sendToRepeater(updatedReq.orElse(null));
}
}

//-------------------------------------------------------------------------
public HttpRequest getRequest(HttpRequest request, String bullet){
return RequestBuilder.build(request, bullet);
public Optional<HttpRequest> getRequest(HttpRequest request, String bullet){
try {
return Optional.of(RequestBuilder.build(request, bullet));
}
catch (UnsupportedOperationException e) {
api.logging().logToError(e);
api.logging().raiseErrorEvent(e.getMessage());
JOptionPane.showMessageDialog(this.api.userInterface().swingUtils().suiteFrame(), e.getMessage());
return Optional.empty();
}
}

}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package model.actionListeners;
package controller.actionListeners;

import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.requests.HttpRequest;
Expand All @@ -16,10 +16,10 @@
////////////////////////////////////////
// CLASS InsertActionListener
////////////////////////////////////////
public class InsertActionListener extends AbstractListeners{
public class InsertBulletActionListener extends AbstractListeners{

//-------------------------------------------------------------------------
public InsertActionListener(MontoyaApi api, FerretMenuProvider context, List<InvocationType> type){
public InsertBulletActionListener(MontoyaApi api, FerretMenuProvider context, List<InvocationType> type){
super(api, context, type);
}

Expand Down
10 changes: 8 additions & 2 deletions src/main/java/model/BulletInsertionPoint.java
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Range;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.logging.Logging;
import burp.api.montoya.scanner.audit.insertionpoint.AuditInsertionPoint;
import model.creators.BulletFactory;
import model.creators.RequestBuilder;
Expand All @@ -15,10 +16,11 @@
public class BulletInsertionPoint implements AuditInsertionPoint{

//-----------------------------------------------------------------------------
public BulletInsertionPoint(HttpRequest request, int kilobytes){
public BulletInsertionPoint(HttpRequest request, int kilobytes, Logging logging){
_request = request;
_baseValue = BulletFactory.bullet(kilobytes * 1024);
_name = String.valueOf(kilobytes).concat("kb Bullet Insertion Point");
_logging = logging;
}

//-----------------------------------------------------------------------------
Expand All @@ -40,7 +42,10 @@ public HttpRequest buildHttpRequestWithPayload(ByteArray payload){
try {
updatedReq = RequestBuilder.build(_request, _baseValue.concat(payload.toString()));
}
catch(UnsupportedOperationException ignored) {}
catch(UnsupportedOperationException e) {
_logging.raiseErrorEvent(e.getMessage());
_logging.logToError(e);
}

return updatedReq;
}
Expand All @@ -54,6 +59,7 @@ public List<Range> issueHighlights(ByteArray payload){
private final String _name;
private final HttpRequest _request;
private final String _baseValue;
private final Logging _logging;
}
////////////////////////////////////////
// END CLASS BulletInsertionPoint
Expand Down
10 changes: 7 additions & 3 deletions src/main/java/model/InsertPntProvider.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package model;

import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.scanner.audit.insertionpoint.AuditInsertionPoint;
import burp.api.montoya.scanner.audit.insertionpoint.AuditInsertionPointProvider;
Expand All @@ -12,21 +13,24 @@
////////////////////////////////////////
public class InsertPntProvider implements AuditInsertionPointProvider{


public InsertPntProvider(List<Integer> sizes){bulletSizes = sizes;}
public InsertPntProvider(List<Integer> sizes, MontoyaApi api){
bulletSizes = sizes;
this.api = api;
}

@Override
public List<AuditInsertionPoint> provideInsertionPoints(HttpRequestResponse baseHttpReqResp){
List<AuditInsertionPoint> insPoints = new ArrayList<>(bulletSizes.size());

for(Integer size : bulletSizes) {
insPoints.add(new BulletInsertionPoint(baseHttpReqResp.request(), size));
insPoints.add(new BulletInsertionPoint(baseHttpReqResp.request(), size, api.logging()));
}

return insPoints;
}

private final List<Integer> bulletSizes;
private final MontoyaApi api;

}
////////////////////////////////////////
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/model/creators/RequestBuilder.java
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,9 @@ private static String extractBoundary(String request) {

//-----------------------------------------------------------------------------
private static HttpRequest padAmfWith(HttpRequest request, String bullet) {
return request;
throw new UnsupportedOperationException(
"AMF Padding in not yet supported. See https://github.com/ahanel13/Firewall-Ferret/issues/1" +
" for more information and or to contribute to the project.");
}

//-----------------------------------------------------------------------------
Expand Down

0 comments on commit 2aae60d

Please sign in to comment.