From 9a5b1c9ec1db2e8b231493ce0cd1e956b435a60e Mon Sep 17 00:00:00 2001 From: fhaag95 Date: Tue, 30 Jul 2024 12:30:16 +0200 Subject: [PATCH 01/36] Increase version to 1.3.4 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 318a6ba4..c17365c2 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 de.usd.CSTC CSTC - 1.3.3 + 1.3.4 CSTC CSTC From 3acc716553cef2ab082ab8572bf7ce99d1a34e52 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Tue, 30 Jul 2024 13:29:35 +0200 Subject: [PATCH 02/36] Refactor operations tree --- src/main/java/de/usd/cstchef/Utils.java | 38 +++++++++++++++++-- .../de/usd/cstchef/view/OperationsTree.java | 8 +++- .../java/de/usd/cstchef/view/RecipePanel.java | 3 +- 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/src/main/java/de/usd/cstchef/Utils.java b/src/main/java/de/usd/cstchef/Utils.java index b6db945d..8c6fd69d 100644 --- a/src/main/java/de/usd/cstchef/Utils.java +++ b/src/main/java/de/usd/cstchef/Utils.java @@ -149,6 +149,7 @@ import de.usd.cstchef.operations.utils.SetIfEmpty; import de.usd.cstchef.operations.utils.StoreVariable; import de.usd.cstchef.view.View; +import de.usd.cstchef.view.filter.FilterState.BurpOperation; public class Utils { @@ -294,7 +295,7 @@ public static Class[] getOperationsBurp() { // TODO reflection does not work in Burp Suite @SuppressWarnings("unchecked") - public static Class[] getOperationsDev() { + public static Class[] getOperationsDevOutgoingFormatting() { return new Class[] { Addition.class, AddKey.class, AesDecryption.class, AesEncryption.class, And.class, Blake.class, Counter.class, DateTime.class, Deflate.class, DesDecryption.class, DesEncryption.class, @@ -326,8 +327,39 @@ public static Class[] getOperationsDev() { }; } - public static Class[] getOperations() { - return BurpUtils.inBurp() ? Utils.getOperationsDev() : Utils.getOperationsDev(); + // TODO reflection does not work in Burp Suite + @SuppressWarnings("unchecked") + public static Class[] getOperationsDevIncoming() { + return new Class[] { + Addition.class, AddKey.class, AesDecryption.class, AesEncryption.class, And.class, + Blake.class, Counter.class, DateTime.class, Deflate.class, DesDecryption.class, DesEncryption.class, + Divide.class, DivideList.class, DSTU7564.class, FromBase64.class, FromHex.class, GetRequestBuilder.class, + GetVariable.class, Gost.class, GUnzip.class, Gzip.class, Hmac.class, HttpBodyExtractor.class, + HttpCookieExtractor.class, HttpHeaderExtractor.class, HttpHeaderSetter.class, HttpJsonExtractor.class, + HttpJsonSetter.class, HttpMultipartExtractor.class, HttpMultipartSetter.class, PlainRequest.class, + HttpSetBody.class, HttpSetCookie.class, HttpXmlExtractor.class, HttpXmlSetter.class, HtmlEncode.class, + HtmlDecode.class, Inflate.class, JsonExtractor.class, JsonSetter.class, JWTDecode.class, JWTSign.class, + Length.class, LineExtractor.class, LineSetter.class, MD2.class, MD4.class, MD5.class, Mean.class, Median.class, + Multiply.class, MultiplyList.class, NoOperation.class, NumberCompare.class, Prefix.class, RandomNumber.class, + RandomUUID.class, ReadFile.class, RegexExtractor.class, Reverse.class, Replace.class, + RIPEMD.class, RsaDecryption.class, RsaEncryption.class, RsaSignature.class, SM2Signature.class, SM3.class, + SM4Encryption.class, SM4Decryption.class, RegexMatch.class, SetIfEmpty.class, SHA1.class, SHA2.class, + SHA3.class, Skein.class, SplitAndSelect.class, StaticString.class, StoreVariable.class, Sub.class, Substring.class, + Uppercase.class, Lowercase.class, Subtraction.class, Suffix.class, Sum.class, StringContains.class, + StringMatch.class, Tiger.class, TimestampOffset.class, TimestampToDateTime.class, ToBase64.class, ToHex.class, + UnixTimestamp.class, UrlDecode.class, UrlEncode.class, Whirlpool.class, WriteFile.class, XmlFullSignature.class, + XmlMultiSignature.class, Xor.class, SoapMultiSignature.class, Luhn.class, Concatenate.class, JsonBeautifier.class + }; + } + + public static Class[] getOperations(BurpOperation operation) { + //return BurpUtils.inBurp() ? Utils.getOperationsDev() : Utils.getOperationsDev(); + if(operation == BurpOperation.INCOMING) { + return getOperationsDevIncoming(); + } + else { + return getOperationsDevOutgoingFormatting(); + } } public enum MessageType { diff --git a/src/main/java/de/usd/cstchef/view/OperationsTree.java b/src/main/java/de/usd/cstchef/view/OperationsTree.java index 8a75bd3c..ffea66a3 100644 --- a/src/main/java/de/usd/cstchef/view/OperationsTree.java +++ b/src/main/java/de/usd/cstchef/view/OperationsTree.java @@ -21,6 +21,7 @@ import de.usd.cstchef.operations.Operation; import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.operations.Operation.OperationInfos; +import de.usd.cstchef.view.filter.FilterState.BurpOperation; public class OperationsTree extends JTree { @@ -28,9 +29,11 @@ public class OperationsTree extends JTree { private static ImageIcon nodeIcon = new ImageIcon(Operation.class.getResource("/operation.png")); private static ImageIcon openIcon = new ImageIcon(Operation.class.getResource("/folder_open.png")); private static ImageIcon closedIcon = new ImageIcon(Operation.class.getResource("/folder_closed.png")); + private BurpOperation operation; - public OperationsTree() { + public OperationsTree(BurpOperation operation) { super(); + this.operation = operation; this.setUI(new CustomTreeUI()); this.model = (DefaultTreeModel) this.getModel(); this.model.setRoot(this.createTree()); @@ -124,7 +127,8 @@ private DefaultMutableTreeNode createTree() { } // TODO add operations to categories - reflections do not work in burp :( - Class[] operations = Utils.getOperations(); + // pass the operation parameter so that separate operation trees can be defined for incoming/outgoing/formatting + Class[] operations = Utils.getOperations(this.operation); for (Class operation : operations) { OperationInfos operationInfos = operation.getAnnotation(OperationInfos.class); if (operationInfos == null) { diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index efeb97e9..c1d8c34d 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -119,7 +119,8 @@ public RecipePanel(BurpOperation operation, MessageType messageType) { JTextField searchText = new JTextField(); searchTreePanel.add(searchText, BorderLayout.PAGE_START); - OperationsTree operationsTree = new OperationsTree(); + // pass the operation parameter so that separate operation trees can be defined for incoming/outgoing/formatting + OperationsTree operationsTree = new OperationsTree(operation); operationsTree.setRootVisible(false); searchTreePanel.add(new JScrollPane(operationsTree)); searchText.getDocument().addDocumentListener(new DocumentListener() { From 0ef84729788edd2520008adf89c6054f0aea14e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 06:07:11 +0000 Subject: [PATCH 03/36] Bump net.portswigger.burp.extensions:montoya-api Bumps net.portswigger.burp.extensions:montoya-api from 2023.12.1 to 2024.7. --- updated-dependencies: - dependency-name: net.portswigger.burp.extensions:montoya-api dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c17365c2..d15e23e1 100644 --- a/pom.xml +++ b/pom.xml @@ -23,7 +23,7 @@ net.portswigger.burp.extensions montoya-api - 2023.12.1 + 2024.7 From fc325a18ae812b45c412941fe74b825c29027c19 Mon Sep 17 00:00:00 2001 From: fhaag95 Date: Fri, 2 Aug 2024 15:04:22 +0200 Subject: [PATCH 04/36] Disable Bake button if auto bake is active --- src/main/java/de/usd/cstchef/view/RecipePanel.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index efeb97e9..c2bb2b25 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -180,6 +180,7 @@ public void actionPerformed(ActionEvent e) { }); JButton bakeButton = new JButton("Bake"); + bakeButton.setEnabled(!autoBake); activeOperationsPanel.addActionComponent(bakeButton); bakeButton.addActionListener(new ActionListener() { @Override @@ -232,6 +233,7 @@ public void actionPerformed(ActionEvent arg0) { @Override public void actionPerformed(ActionEvent ae) { autoBake = bakeCheckBox.isSelected(); + bakeButton.setEnabled(!autoBake); bake(false); } }); From 84cd021e6ceba30679d55c00dc08eff6d7c13db8 Mon Sep 17 00:00:00 2001 From: fhaag95 Date: Fri, 2 Aug 2024 15:39:04 +0200 Subject: [PATCH 05/36] Add Remove Whitespace and Strip String operations --- src/main/java/de/usd/cstchef/Utils.java | 4 +- .../operations/string/RemoveWhitespace.java | 57 +++++++++++++++++++ .../usd/cstchef/operations/string/Strip.java | 54 ++++++++++++++++++ 3 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 src/main/java/de/usd/cstchef/operations/string/RemoveWhitespace.java create mode 100644 src/main/java/de/usd/cstchef/operations/string/Strip.java diff --git a/src/main/java/de/usd/cstchef/Utils.java b/src/main/java/de/usd/cstchef/Utils.java index b6db945d..0b773056 100644 --- a/src/main/java/de/usd/cstchef/Utils.java +++ b/src/main/java/de/usd/cstchef/Utils.java @@ -136,6 +136,8 @@ import de.usd.cstchef.operations.string.Reverse; import de.usd.cstchef.operations.string.SplitAndSelect; import de.usd.cstchef.operations.string.StaticString; +import de.usd.cstchef.operations.string.Strip; +import de.usd.cstchef.operations.string.RemoveWhitespace; import de.usd.cstchef.operations.string.Substring; import de.usd.cstchef.operations.string.Suffix; import de.usd.cstchef.operations.string.Uppercase; @@ -318,7 +320,7 @@ public static Class[] getOperationsDev() { SetIfEmpty.class, SHA1.class, SHA2.class, SHA3.class, Skein.class, SplitAndSelect.class, StaticString.class, StoreVariable.class, Sub.class, Substring.class, Uppercase.class, Lowercase.class, Subtraction.class, - Suffix.class, Sum.class, StringContains.class, StringMatch.class, Tiger.class, + Suffix.class, Sum.class, StringContains.class, StringMatch.class, Strip.class, RemoveWhitespace.class, Tiger.class, TimestampOffset.class, TimestampToDateTime.class, ToBase64.class, ToHex.class, UnixTimestamp.class, UrlDecode.class, UrlEncode.class, Whirlpool.class, WriteFile.class, XmlFullSignature.class, XmlMultiSignature.class, diff --git a/src/main/java/de/usd/cstchef/operations/string/RemoveWhitespace.java b/src/main/java/de/usd/cstchef/operations/string/RemoveWhitespace.java new file mode 100644 index 00000000..37fcbda7 --- /dev/null +++ b/src/main/java/de/usd/cstchef/operations/string/RemoveWhitespace.java @@ -0,0 +1,57 @@ +package de.usd.cstchef.operations.string; + +import javax.swing.JComboBox; + +import burp.BurpUtils; +import burp.api.montoya.core.ByteArray; +import de.usd.cstchef.Utils.MessageType; +import de.usd.cstchef.operations.Operation; +import de.usd.cstchef.operations.OperationCategory; +import de.usd.cstchef.operations.Operation.OperationInfos; + +@OperationInfos(name = "Remove Whitespace", category = OperationCategory.STRING, description = "Removes Spaces, Tabs or Newlines from input") +public class RemoveWhitespace extends Operation { + + JComboBox whitespaceSelection; + + @Override + protected ByteArray perform(ByteArray input, MessageType messageType) throws Exception { + try { + if(input != null) { + String inputStr = input.toString(); + String selection = (String)this.whitespaceSelection.getSelectedItem(); + switch(selection){ + case "Space": + inputStr = inputStr.replaceAll(" ", ""); + break; + case "Newline": + inputStr = inputStr.replaceAll("\n", ""); + break; + case "Tab": + inputStr = inputStr.replaceAll("\t", ""); + break; + case "All": + inputStr = inputStr.replaceAll("[\n\t\s]*", ""); + break; + default: + throw new IllegalArgumentException("Unkown whitespace type selection"); + } + + return factory.createByteArray(inputStr); + } + else { + return factory.createByteArray(""); + } + + } catch (Exception e) { + return input; + } + } + + @Override + public void createUI() { + this.whitespaceSelection = new JComboBox<>(new String[] { "Space", "Newline", "Tab", "All"}); + this.whitespaceSelection.setSelectedIndex(1); + this.addUIElement("Type: ", this.whitespaceSelection); + } +} diff --git a/src/main/java/de/usd/cstchef/operations/string/Strip.java b/src/main/java/de/usd/cstchef/operations/string/Strip.java new file mode 100644 index 00000000..b61c8b36 --- /dev/null +++ b/src/main/java/de/usd/cstchef/operations/string/Strip.java @@ -0,0 +1,54 @@ +package de.usd.cstchef.operations.string; + +import javax.swing.JComboBox; + +import burp.BurpUtils; +import burp.api.montoya.core.ByteArray; +import de.usd.cstchef.Utils.MessageType; +import de.usd.cstchef.operations.Operation; +import de.usd.cstchef.operations.OperationCategory; +import de.usd.cstchef.operations.Operation.OperationInfos; + +@OperationInfos(name = "Strip", category = OperationCategory.STRING, description = "Strip Whitespace at beginning, end or both") +public class Strip extends Operation { + + JComboBox stripLocationSelection; + + @Override + protected ByteArray perform(ByteArray input, MessageType messageType) throws Exception { + try { + if(input != null) { + String inputStr = input.toString(); + String selection = (String)this.stripLocationSelection.getSelectedItem(); + switch(selection){ + case "Start": + inputStr = inputStr.stripLeading(); + break; + case "End": + inputStr = inputStr.stripTrailing(); + break; + case "Both": + inputStr = inputStr.stripLeading().stripTrailing(); + break; + default: + throw new IllegalArgumentException("Unkown location selection"); + } + + return factory.createByteArray(inputStr); + } + else { + return factory.createByteArray(""); + } + + } catch (Exception e) { + return input; + } + } + + @Override + public void createUI() { + this.stripLocationSelection = new JComboBox<>(new String[] { "Start", "End", "Both"}); + this.stripLocationSelection.setSelectedIndex(0); + this.addUIElement("Strip at: ", this.stripLocationSelection); + } +} From f54dc5f3efc3af78c30a9528a365867aa324f793 Mon Sep 17 00:00:00 2001 From: fhaag95 Date: Mon, 12 Aug 2024 01:20:32 +0200 Subject: [PATCH 06/36] Add placeholder to operations tree search box --- .../java/de/usd/cstchef/view/RecipePanel.java | 19 ++-- .../cstchef/view/ui/PlaceholderTextField.java | 103 ++++++++++++++++++ .../cstchef/view/ui/TextChangedListener.java | 5 + 3 files changed, 115 insertions(+), 12 deletions(-) create mode 100644 src/main/java/de/usd/cstchef/view/ui/PlaceholderTextField.java create mode 100644 src/main/java/de/usd/cstchef/view/ui/TextChangedListener.java diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index c2bb2b25..fda5eb6c 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -43,6 +43,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ArrayNode; import com.fasterxml.jackson.databind.node.ObjectNode; +import com.fasterxml.jackson.databind.type.PlaceholderForType; import burp.BurpExtender; import burp.BurpUtils; @@ -65,6 +66,8 @@ import de.usd.cstchef.operations.Operation; import de.usd.cstchef.view.filter.FilterState; import de.usd.cstchef.view.filter.FilterState.BurpOperation; +import de.usd.cstchef.view.ui.PlaceholderTextField; +import de.usd.cstchef.view.ui.TextChangedListener; public class RecipePanel extends JPanel implements ChangeListener { @@ -116,27 +119,19 @@ public RecipePanel(BurpOperation operation, MessageType messageType) { JPanel searchTreePanel = new JPanel(); searchTreePanel.setLayout(new BorderLayout()); - JTextField searchText = new JTextField(); + PlaceholderTextField searchText = new PlaceholderTextField("Search"); searchTreePanel.add(searchText, BorderLayout.PAGE_START); OperationsTree operationsTree = new OperationsTree(); operationsTree.setRootVisible(false); searchTreePanel.add(new JScrollPane(operationsTree)); - searchText.getDocument().addDocumentListener(new DocumentListener() { - @Override - public void removeUpdate(DocumentEvent e) { - operationsTree.search(searchText.getText()); - } - - @Override - public void insertUpdate(DocumentEvent e) { - operationsTree.search(searchText.getText()); - } + searchText.addTextChangedListener(new TextChangedListener() { @Override - public void changedUpdate(DocumentEvent e) { + public void textChanged() { operationsTree.search(searchText.getText()); } + }); // create operations panel diff --git a/src/main/java/de/usd/cstchef/view/ui/PlaceholderTextField.java b/src/main/java/de/usd/cstchef/view/ui/PlaceholderTextField.java new file mode 100644 index 00000000..27c73863 --- /dev/null +++ b/src/main/java/de/usd/cstchef/view/ui/PlaceholderTextField.java @@ -0,0 +1,103 @@ +package de.usd.cstchef.view.ui; + + + +import javax.swing.JTextField; +import javax.swing.event.DocumentEvent; +import javax.swing.event.DocumentListener; + +import java.awt.event.FocusEvent; +import java.awt.event.FocusListener; +import java.util.ArrayList; + +public class PlaceholderTextField extends JTextField implements FocusListener, DocumentListener { + + private boolean isPlaceholderSet; + private boolean settingPlaceholder; + private String placeholder; + private ArrayList listeners = new ArrayList(); + + public PlaceholderTextField(){ + super(); + } + + public PlaceholderTextField(String placeholder){ + this(); + this.setPlaceholder(placeholder); + this.isPlaceholderSet = true; + this.settingPlaceholder = false; + this.renderPlaceholder(false); + this.addFocusListener(this); + this.getDocument().addDocumentListener(this); + } + + public void addTextChangedListener(TextChangedListener listener){ + this.listeners.add(listener); + } + + public void removeTextChangedListener(TextChangedListener listener){ + this.listeners.remove(listener); + } + + public String getPlaceholder() { + return placeholder; + } + + public void setPlaceholder(final String s) { + placeholder = s; + } + + @Override + public void focusGained(FocusEvent e) { + if(isPlaceholderSet){ + this.renderPlaceholder(true); + this.isPlaceholderSet = false; + } + } + + @Override + public void focusLost(FocusEvent e) { + if(this.getText() == null || this.getText().isEmpty()){ + this.isPlaceholderSet = true; + this.renderPlaceholder(false); + } + } + + public void renderPlaceholder(boolean emptyPlaceholder){ + this.settingPlaceholder = true; + if(!emptyPlaceholder){ + this.setText(this.getPlaceholder()); + } + else{ + this.setText(""); + } + this.settingPlaceholder = false; + } + + @Override + public void changedUpdate(DocumentEvent arg0) { + if(!this.settingPlaceholder){ + for (TextChangedListener listener : this.listeners) { + listener.textChanged(); + } + } + } + + @Override + public void insertUpdate(DocumentEvent arg0) { + if(!this.settingPlaceholder){ + for (TextChangedListener listener : this.listeners) { + listener.textChanged(); + } + } + } + + @Override + public void removeUpdate(DocumentEvent arg0) { + if(!this.settingPlaceholder){ + for (TextChangedListener listener : this.listeners) { + listener.textChanged(); + } + } + } +} \ No newline at end of file diff --git a/src/main/java/de/usd/cstchef/view/ui/TextChangedListener.java b/src/main/java/de/usd/cstchef/view/ui/TextChangedListener.java new file mode 100644 index 00000000..309a8096 --- /dev/null +++ b/src/main/java/de/usd/cstchef/view/ui/TextChangedListener.java @@ -0,0 +1,5 @@ +package de.usd.cstchef.view.ui; + +public interface TextChangedListener { + void textChanged(); +} From eb6b414173c4d1c50f510245354a7490a89ea00c Mon Sep 17 00:00:00 2001 From: fhaag95 Date: Mon, 12 Aug 2024 05:31:11 +0200 Subject: [PATCH 07/36] Name Setter and Extractors more descriptive --- .../de/usd/cstchef/operations/extractors/HttpBodyExtractor.java | 2 +- .../usd/cstchef/operations/extractors/HttpCookieExtractor.java | 2 +- .../de/usd/cstchef/operations/extractors/HttpGetExtractor.java | 2 +- .../usd/cstchef/operations/extractors/HttpHeaderExtractor.java | 2 +- .../de/usd/cstchef/operations/extractors/HttpJsonExtractor.java | 2 +- .../usd/cstchef/operations/extractors/HttpMethodExtractor.java | 2 +- .../cstchef/operations/extractors/HttpMultipartExtractor.java | 2 +- .../de/usd/cstchef/operations/extractors/HttpPostExtractor.java | 2 +- .../de/usd/cstchef/operations/extractors/HttpUriExtractor.java | 2 +- .../de/usd/cstchef/operations/extractors/HttpXmlExtractor.java | 2 +- .../de/usd/cstchef/operations/extractors/JsonExtractor.java | 2 +- .../java/de/usd/cstchef/operations/setter/HttpGetSetter.java | 2 +- .../java/de/usd/cstchef/operations/setter/HttpHeaderSetter.java | 2 +- .../java/de/usd/cstchef/operations/setter/HttpJsonSetter.java | 2 +- .../de/usd/cstchef/operations/setter/HttpMultipartSetter.java | 2 +- .../java/de/usd/cstchef/operations/setter/HttpPostSetter.java | 2 +- src/main/java/de/usd/cstchef/operations/setter/HttpSetBody.java | 2 +- .../java/de/usd/cstchef/operations/setter/HttpSetCookie.java | 2 +- src/main/java/de/usd/cstchef/operations/setter/HttpSetUri.java | 2 +- .../java/de/usd/cstchef/operations/setter/HttpXmlSetter.java | 2 +- src/main/java/de/usd/cstchef/operations/setter/JsonSetter.java | 2 +- src/main/java/de/usd/cstchef/view/RecipeStepPanel.java | 2 +- 22 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpBodyExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpBodyExtractor.java index 13465837..f7b430ed 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpBodyExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpBodyExtractor.java @@ -11,7 +11,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.operations.Operation.OperationInfos; -@OperationInfos(name = "HTTP Body", category = OperationCategory.EXTRACTORS, description = "Extracts the body of a HTTP messages.") +@OperationInfos(name = "Get HTTP Body", category = OperationCategory.EXTRACTORS, description = "Extracts the body of a HTTP messages.") public class HttpBodyExtractor extends Operation { @Override diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpCookieExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpCookieExtractor.java index 3a4e32e1..b7078cbd 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpCookieExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpCookieExtractor.java @@ -17,7 +17,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP Cookie", category = OperationCategory.EXTRACTORS, description = "Extracts a cookie from a HTTP message.") +@OperationInfos(name = "Get HTTP Cookie", category = OperationCategory.EXTRACTORS, description = "Extracts a cookie from a HTTP message.") public class HttpCookieExtractor extends Operation { protected VariableTextField cookieNameField; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpGetExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpGetExtractor.java index 2307c7e3..90c360d5 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpGetExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpGetExtractor.java @@ -20,7 +20,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP GET Param", category = OperationCategory.EXTRACTORS, description = "Extracts a GET Parameter of a HTTP request.") +@OperationInfos(name = "Get HTTP GET Param", category = OperationCategory.EXTRACTORS, description = "Extracts a GET Parameter of a HTTP request.") public class HttpGetExtractor extends Operation { protected VariableTextField parameter; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpHeaderExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpHeaderExtractor.java index 9103516a..c6014a3d 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpHeaderExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpHeaderExtractor.java @@ -9,7 +9,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP Header", category = OperationCategory.EXTRACTORS, description = "Extracts a header of a HTTP message.") +@OperationInfos(name = "Get HTTP Header", category = OperationCategory.EXTRACTORS, description = "Extracts a header of a HTTP message.") public class HttpHeaderExtractor extends Operation { protected VariableTextField headerNameField; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpJsonExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpJsonExtractor.java index a6cb96b0..78c277ac 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpJsonExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpJsonExtractor.java @@ -11,7 +11,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP JSON", category = OperationCategory.EXTRACTORS, description = "Get a JSON value from HTTP message.") +@OperationInfos(name = "Get HTTP JSON", category = OperationCategory.EXTRACTORS, description = "Get a JSON value from HTTP message.") public class HttpJsonExtractor extends Operation { protected JTextField fieldTxt; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpMethodExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpMethodExtractor.java index 76010bc9..dcb458a7 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpMethodExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpMethodExtractor.java @@ -9,7 +9,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP Method", category = OperationCategory.EXTRACTORS, description = "Extracts the method of a HTTP request.") +@OperationInfos(name = "Get HTTP Method", category = OperationCategory.EXTRACTORS, description = "Extracts the method of a HTTP request.") public class HttpMethodExtractor extends Operation { @Override diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpMultipartExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpMultipartExtractor.java index ffd2052b..77397436 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpMultipartExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpMultipartExtractor.java @@ -9,7 +9,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP Multipart Param", category = OperationCategory.EXTRACTORS, description = "Extracts a part of a multipart/form-data request.") +@OperationInfos(name = "Get HTTP Multipart Param", category = OperationCategory.EXTRACTORS, description = "Extracts a part of a multipart/form-data request.") public class HttpMultipartExtractor extends Operation { protected VariableTextField parameter; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpPostExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpPostExtractor.java index 6cdfb607..bb32b1f7 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpPostExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpPostExtractor.java @@ -14,7 +14,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP POST Param", category = OperationCategory.EXTRACTORS, description = "Extracts a POST parameter of a HTTP request.") +@OperationInfos(name = "Get HTTP POST Param", category = OperationCategory.EXTRACTORS, description = "Extracts a POST parameter of a HTTP request.") public class HttpPostExtractor extends Operation { protected VariableTextField parameter; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpUriExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpUriExtractor.java index bdcc24c8..a643c4a6 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpUriExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpUriExtractor.java @@ -16,7 +16,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP URI", category = OperationCategory.EXTRACTORS, description = "Extracts the URI of a HTTP request.") +@OperationInfos(name = "Get HTTP URI", category = OperationCategory.EXTRACTORS, description = "Extracts the URI of a HTTP request.") public class HttpUriExtractor extends Operation { protected JCheckBox checkbox; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/HttpXmlExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/HttpXmlExtractor.java index 9d09fac0..646645c0 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/HttpXmlExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/HttpXmlExtractor.java @@ -21,7 +21,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP XML", category = OperationCategory.EXTRACTORS, description = "Extract the first occurrence of a XML value from HTTP message.") +@OperationInfos(name = "Get HTTP XML", category = OperationCategory.EXTRACTORS, description = "Extract the first occurrence of a XML value from HTTP message.") public class HttpXmlExtractor extends Operation { protected JTextField fieldTxt; diff --git a/src/main/java/de/usd/cstchef/operations/extractors/JsonExtractor.java b/src/main/java/de/usd/cstchef/operations/extractors/JsonExtractor.java index 0a91062c..6685e4c6 100644 --- a/src/main/java/de/usd/cstchef/operations/extractors/JsonExtractor.java +++ b/src/main/java/de/usd/cstchef/operations/extractors/JsonExtractor.java @@ -14,7 +14,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "JSON", category = OperationCategory.EXTRACTORS, description = "Extracts values of JSON objects.") +@OperationInfos(name = "Get JSON", category = OperationCategory.EXTRACTORS, description = "Extracts values of JSON objects.") public class JsonExtractor extends Operation { private static JsonProvider provider; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpGetSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpGetSetter.java index 14339c39..60546fc7 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpGetSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpGetSetter.java @@ -10,7 +10,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP GET Param", category = OperationCategory.SETTER, description = "Sets a GET parameter to the specified value.") +@OperationInfos(name = "Set HTTP GET Param", category = OperationCategory.SETTER, description = "Sets a GET parameter to the specified value.") public class HttpGetSetter extends SetterOperation { private JCheckBox addIfNotPresent; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpHeaderSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpHeaderSetter.java index b08524c6..0b394c83 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpHeaderSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpHeaderSetter.java @@ -16,7 +16,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.operations.extractors.JsonExtractor; -@OperationInfos(name = "HTTP Header", category = OperationCategory.SETTER, description = "Set a HTTP header to the specified value.") +@OperationInfos(name = "Set HTTP Header", category = OperationCategory.SETTER, description = "Set a HTTP header to the specified value.") public class HttpHeaderSetter extends SetterOperation { private JCheckBox addIfNotPresent; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpJsonSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpJsonSetter.java index 4f6f6437..2008b068 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpJsonSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpJsonSetter.java @@ -25,7 +25,7 @@ import de.usd.cstchef.operations.extractors.JsonExtractor; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP JSON", category = OperationCategory.SETTER, description = "Set a JSON parameter to the specified value.") +@OperationInfos(name = "Set HTTP JSON", category = OperationCategory.SETTER, description = "Set a JSON parameter to the specified value.") public class HttpJsonSetter extends SetterOperation { private JCheckBox addIfNotPresent; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpMultipartSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpMultipartSetter.java index 9607ffb5..4e04262c 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpMultipartSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpMultipartSetter.java @@ -8,7 +8,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP Multipart Param", category = OperationCategory.SETTER, description = "Sets a part of a multipart/form-data request to the specified value.") +@OperationInfos(name = "Set HTTP Multipart Param", category = OperationCategory.SETTER, description = "Sets a part of a multipart/form-data request to the specified value.") public class HttpMultipartSetter extends SetterOperation { @Override diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpPostSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpPostSetter.java index 593c2f8b..582fb379 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpPostSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpPostSetter.java @@ -10,7 +10,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP POST Param", category = OperationCategory.SETTER, description = "Set a POST parameter to the specified value.") +@OperationInfos(name = "Set HTTP POST Param", category = OperationCategory.SETTER, description = "Set a POST parameter to the specified value.") public class HttpPostSetter extends SetterOperation { private JCheckBox addIfNotPresent; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpSetBody.java b/src/main/java/de/usd/cstchef/operations/setter/HttpSetBody.java index c7e5acc8..ca36e118 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpSetBody.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpSetBody.java @@ -16,7 +16,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.view.ui.FormatTextField; -@OperationInfos(name = "HTTP Body", category = OperationCategory.SETTER, description = "Set the HTTP body to the specified value.") +@OperationInfos(name = "Set HTTP Body", category = OperationCategory.SETTER, description = "Set the HTTP body to the specified value.") public class HttpSetBody extends Operation { private FormatTextField replacementTxt; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpSetCookie.java b/src/main/java/de/usd/cstchef/operations/setter/HttpSetCookie.java index 21969b02..4b84b572 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpSetCookie.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpSetCookie.java @@ -18,7 +18,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "HTTP Cookie", category = OperationCategory.SETTER, description = "Set a HTTP cookie to the specified value.") +@OperationInfos(name = "Set HTTP Cookie", category = OperationCategory.SETTER, description = "Set a HTTP cookie to the specified value.") public class HttpSetCookie extends SetterOperation { private JCheckBox addIfNotPresent; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpSetUri.java b/src/main/java/de/usd/cstchef/operations/setter/HttpSetUri.java index 607882be..02186036 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpSetUri.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpSetUri.java @@ -15,7 +15,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP URI", category = OperationCategory.SETTER, description = "Sets the specified variable as the uri.") +@OperationInfos(name = "Set HTTP URI", category = OperationCategory.SETTER, description = "Sets the specified variable as the uri.") public class HttpSetUri extends Operation { private VariableTextField uriTxt; diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java index 363a6ef6..644d644c 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java @@ -29,7 +29,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "HTTP XML", category = OperationCategory.SETTER, description = "Set a XML parameter to the specified value.") +@OperationInfos(name = "Set HTTP XML", category = OperationCategory.SETTER, description = "Set a XML parameter to the specified value.") public class HttpXmlSetter extends SetterOperation { @Override diff --git a/src/main/java/de/usd/cstchef/operations/setter/JsonSetter.java b/src/main/java/de/usd/cstchef/operations/setter/JsonSetter.java index 07ec9f09..2269d500 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/JsonSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/JsonSetter.java @@ -15,7 +15,7 @@ import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "JSON", category = OperationCategory.SETTER, description = "Set the value of a JSON object.") +@OperationInfos(name = "Set JSON", category = OperationCategory.SETTER, description = "Set the value of a JSON object.") public class JsonSetter extends SetterOperation implements ActionListener { private JCheckBox addIfNotPresent; diff --git a/src/main/java/de/usd/cstchef/view/RecipeStepPanel.java b/src/main/java/de/usd/cstchef/view/RecipeStepPanel.java index f4792204..fee51d65 100644 --- a/src/main/java/de/usd/cstchef/view/RecipeStepPanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipeStepPanel.java @@ -48,7 +48,7 @@ public class RecipeStepPanel extends JPanel { public RecipeStepPanel(String title, ChangeListener changelistener) { this.changeListener = changelistener; this.setLayout(new BorderLayout()); - this.setPreferredSize(new Dimension(300, 0)); + this.setPreferredSize(new Dimension(350, 0)); // header Box headerBox = Box.createHorizontalBox(); From 57746cdfc03fe17d4ebfde026a8a6aff53e25899 Mon Sep 17 00:00:00 2001 From: fhaag95 Date: Mon, 12 Aug 2024 13:08:21 +0200 Subject: [PATCH 08/36] Add expand and collpase all buttons to operations tree --- .../de/usd/cstchef/view/OperationsTree.java | 14 ++++++++++++ .../java/de/usd/cstchef/view/RecipePanel.java | 22 +++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/src/main/java/de/usd/cstchef/view/OperationsTree.java b/src/main/java/de/usd/cstchef/view/OperationsTree.java index 8a75bd3c..45f7bb14 100644 --- a/src/main/java/de/usd/cstchef/view/OperationsTree.java +++ b/src/main/java/de/usd/cstchef/view/OperationsTree.java @@ -159,6 +159,20 @@ private void expandAll(TreePath path) { this.expandPath(path); } + public void expandAll(){ + for(int i = 0; i < this.getRowCount(); i++){ + TreePath path = this.getPathForRow(i); + this.expandAll(path); + } + } + + public void collapseAll(){ + for(int i = 0; i < this.getRowCount(); i++){ + TreePath path = this.getPathForRow(i); + this.collapsePath(path); + } + } + public class CustomTreeUI extends BasicTreeUI { @Override protected boolean shouldPaintExpandControl(javax.swing.tree.TreePath path, int row, boolean isExpanded, diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index fda5eb6c..b2b015f9 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -25,6 +25,7 @@ import javax.swing.BorderFactory; import javax.swing.JButton; import javax.swing.JCheckBox; +import javax.swing.JComponent; import javax.swing.JFileChooser; import javax.swing.JLabel; import javax.swing.JOptionPane; @@ -34,6 +35,7 @@ import javax.swing.JTextField; import javax.swing.SwingUtilities; import javax.swing.ToolTipManager; +import javax.swing.border.Border; import javax.swing.event.ChangeEvent; import javax.swing.event.ChangeListener; import javax.swing.event.DocumentEvent; @@ -133,6 +135,26 @@ public void textChanged() { } }); + JPanel btnContainer = new JPanel(); + JButton expandAll = new JButton("+"); + expandAll.setToolTipText("Expand all operations"); + expandAll.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent arg0) { + operationsTree.expandAll(); + } + }); + JButton collapseAll = new JButton("-"); + collapseAll.setToolTipText("Collapse all operations"); + collapseAll.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent arg0) { + operationsTree.collapseAll(); + } + }); + btnContainer.add(expandAll); + btnContainer.add(collapseAll); + searchTreePanel.add(btnContainer, BorderLayout.PAGE_END); // create operations panel JPanel operationsPanel = new LayoutPanel("Operations"); From bb9042c67ca0cd4beaeb781aa632b0c5b1a2bff9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 06:21:36 +0000 Subject: [PATCH 09/36] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.3.1 to 3.4.0 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.3.1 to 3.4.0. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.3.1...surefire-3.4.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c17365c2..12ce1b63 100644 --- a/pom.xml +++ b/pom.xml @@ -103,7 +103,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.3.1 + 3.4.0 false true From 871e8831ad94610d4f01de194736f201622f3cf7 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 26 Aug 2024 09:05:48 +0200 Subject: [PATCH 10/36] Add unimplemented methods --- .../java/burp/objects/CstcHttpRequest.java | 51 +++++++++++++++---- .../java/burp/objects/CstcHttpResponse.java | 36 +++++++++++++ 2 files changed, 78 insertions(+), 9 deletions(-) diff --git a/src/main/java/burp/objects/CstcHttpRequest.java b/src/main/java/burp/objects/CstcHttpRequest.java index f5b2011d..ca617732 100644 --- a/src/main/java/burp/objects/CstcHttpRequest.java +++ b/src/main/java/burp/objects/CstcHttpRequest.java @@ -3,8 +3,6 @@ import java.util.List; import java.util.regex.Pattern; -import org.bouncycastle.util.Arrays; - import burp.api.montoya.core.ByteArray; import burp.api.montoya.core.Marker; import burp.api.montoya.http.HttpService; @@ -15,7 +13,6 @@ import burp.api.montoya.http.message.params.ParsedHttpParameter; import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.requests.HttpTransformation; -import de.usd.cstchef.operations.extractors.JsonExtractor; public class CstcHttpRequest implements HttpRequest { @@ -140,12 +137,6 @@ public String url() { return url; } - @Override - public ParsedHttpParameter parameter(String name, HttpParameterType type) { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'parameter'"); - } - @Override public boolean isInScope() { // TODO Auto-generated method stub @@ -212,6 +203,12 @@ public boolean hasParameters(HttpParameterType type) { throw new UnsupportedOperationException("Unimplemented method 'hasParameters'"); } + @Override + public ParsedHttpParameter parameter(String name, HttpParameterType type) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'parameter'"); + } + @Override public boolean hasParameter(String name, HttpParameterType type) { // TODO Auto-generated method stub @@ -404,6 +401,18 @@ public HttpRequest withAddedHeader(HttpHeader header) { throw new UnsupportedOperationException("Unimplemented method 'withAddedHeader'"); } + @Override + public HttpRequest withAddedHeaders(List headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withAddedHeaders'"); + } + + @Override + public HttpRequest withAddedHeaders(HttpHeader... headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withAddedHeaders'"); + } + @Override public HttpRequest withUpdatedHeader(String name, String value) { // TODO Auto-generated method stub @@ -416,6 +425,18 @@ public HttpRequest withUpdatedHeader(HttpHeader header) { throw new UnsupportedOperationException("Unimplemented method 'withUpdatedHeader'"); } + @Override + public HttpRequest withUpdatedHeaders(List headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withUpdatedHeaders'"); + } + + @Override + public HttpRequest withUpdatedHeaders(HttpHeader... headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withUpdatedHeaders'"); + } + @Override public HttpRequest withRemovedHeader(String name) { // TODO Auto-generated method stub @@ -428,6 +449,18 @@ public HttpRequest withRemovedHeader(HttpHeader header) { throw new UnsupportedOperationException("Unimplemented method 'withRemovedHeader'"); } + @Override + public HttpRequest withRemovedHeaders(List headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withRemovedHeaders'"); + } + + @Override + public HttpRequest withRemovedHeaders(HttpHeader... headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withRemovedHeaders'"); + } + @Override public HttpRequest withMarkers(List markers) { // TODO Auto-generated method stub diff --git a/src/main/java/burp/objects/CstcHttpResponse.java b/src/main/java/burp/objects/CstcHttpResponse.java index 6333fe30..42fa366e 100644 --- a/src/main/java/burp/objects/CstcHttpResponse.java +++ b/src/main/java/burp/objects/CstcHttpResponse.java @@ -276,6 +276,18 @@ public HttpResponse withAddedHeader(String name, String value) { throw new UnsupportedOperationException("Unimplemented method 'withAddedHeader'"); } + @Override + public HttpResponse withAddedHeaders(List headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withAddedHeaders'"); + } + + @Override + public HttpResponse withAddedHeaders(HttpHeader... headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withAddedHeaders'"); + } + @Override public HttpResponse withUpdatedHeader(HttpHeader header) { // TODO Auto-generated method stub @@ -288,6 +300,18 @@ public HttpResponse withUpdatedHeader(String name, String value) { throw new UnsupportedOperationException("Unimplemented method 'withUpdatedHeader'"); } + @Override + public HttpResponse withUpdatedHeaders(List headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withUpdatedHeaders'"); + } + + @Override + public HttpResponse withUpdatedHeaders(HttpHeader... headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withUpdatedHeaders'"); + } + @Override public HttpResponse withRemovedHeader(HttpHeader header) { // TODO Auto-generated method stub @@ -300,6 +324,18 @@ public HttpResponse withRemovedHeader(String name) { throw new UnsupportedOperationException("Unimplemented method 'withRemovedHeader'"); } + @Override + public HttpResponse withRemovedHeaders(List headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withRemovedHeaders'"); + } + + @Override + public HttpResponse withRemovedHeaders(HttpHeader... headers) { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'withRemovedHeaders'"); + } + @Override public HttpResponse withMarkers(List markers) { // TODO Auto-generated method stub From 719f135189c9a37c917bafbc8cf50a0cd96f30be Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 26 Aug 2024 14:43:10 +0200 Subject: [PATCH 11/36] Refactor XML Setter --- .../operations/setter/HttpXmlSetter.java | 124 ++++++++++++------ 1 file changed, 83 insertions(+), 41 deletions(-) diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java index 644d644c..582a4e51 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java @@ -4,78 +4,120 @@ import java.io.StringWriter; import javax.swing.JCheckBox; -import javax.xml.parsers.DocumentBuilder; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathConstants; +import javax.xml.xpath.XPathFactory; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import burp.BurpUtils; -import burp.api.montoya.MontoyaApi; import burp.api.montoya.core.ByteArray; -import burp.api.montoya.http.message.params.HttpParameter; -import burp.api.montoya.http.message.params.HttpParameterType; -import burp.api.montoya.http.message.params.ParsedHttpParameter; +import burp.api.montoya.http.message.HttpMessage; import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.responses.HttpResponse; -import de.usd.cstchef.Utils; import de.usd.cstchef.Utils.MessageType; import de.usd.cstchef.operations.Operation.OperationInfos; -import de.usd.cstchef.operations.OperationCategory; import de.usd.cstchef.view.ui.VariableTextField; +import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "Set HTTP XML", category = OperationCategory.SETTER, description = "Set a XML parameter to the specified value.") +@OperationInfos(name = "Set HTTP XML", category = OperationCategory.SETTER, description = "Set a XML parameter to the specified value.\nUse XPath Syntax.") public class HttpXmlSetter extends SetterOperation { + private VariableTextField path; + private VariableTextField value; + private JCheckBox addIfNotPresent; + @Override protected ByteArray perform(ByteArray input, MessageType messageType) throws Exception { - String parameterName = getWhere(); - if (parameterName.equals("")) + String p = this.path.getText(); + String v = this.value.getText(); + + if(p.trim().isEmpty()) { return input; + } + + if (messageType == MessageType.REQUEST || messageType == MessageType.RESPONSE) { + + HttpMessage httpMessage; + httpMessage = messageType == MessageType.REQUEST ? HttpRequest.httpRequest(input) : HttpResponse.httpResponse(input); + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setNamespaceAware(true); + dbf.setXIncludeAware(false); + // XXE + dbf.setExpandEntityReferences(false); + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + + Document doc = messageType == MessageType.REQUEST ? dbf.newDocumentBuilder().parse(new ByteArrayInputStream(factory.createHttpRequest(input).bodyToString().getBytes())) : + dbf.newDocumentBuilder().parse(new ByteArrayInputStream(factory.createHttpResponse(input).bodyToString().getBytes())); + doc.getDocumentElement().normalize(); + + Element toAdd; + + XPath xPath = XPathFactory.newInstance().newXPath(); + NodeList nodeList; - if (messageType == MessageType.REQUEST) { try { - HttpRequest request = HttpRequest.httpRequest(input); - if (request.hasParameter(parameterName, HttpParameterType.XML)) { - return request - .withParameter(HttpParameter.parameter(parameterName, getWhat(), HttpParameterType.XML)) - .toByteArray(); - } else { - return input; - } - } catch (Exception e) { - throw new IllegalArgumentException("Input is not a valid request"); + nodeList = (NodeList) xPath.compile(p).evaluate(doc, XPathConstants.NODESET); } - } else if (messageType == MessageType.RESPONSE) { - HttpResponse response = HttpResponse.httpResponse(input); - DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - Document doc = builder.parse(new ByteArrayInputStream(response.bodyToString().getBytes())); - doc.getDocumentElement().normalize(); - NodeList nodeList = doc.getElementsByTagName(parameterName); - Element first = (Element) nodeList.item(0); - if (first != null) { - first.setTextContent(getWhat()); + catch(Exception e) { + throw new IllegalArgumentException("Invalid XPath Syntax."); } - else{ - throw new IllegalArgumentException("Parameter could not be found"); + + for(int i = 0; i < nodeList.getLength(); i++) { + nodeList.item(i).setTextContent(v); } - DOMSource domSource = new DOMSource(doc); - StringWriter writer = new StringWriter(); - StreamResult result = new StreamResult(writer); - TransformerFactory tf = TransformerFactory.newInstance(); - Transformer transformer = tf.newTransformer(); - transformer.transform(domSource, result); - return response.withBody(writer.toString()).toByteArray(); - } else { + + if(nodeList.getLength() == 0 && addIfNotPresent.isSelected()) { + if(p.matches(".*/@[a-zA-Z0-9-_.]*")) { + nodeList = (NodeList) xPath.compile(p.replaceAll("/@[a-zA-Z0-9-_.]*$", "")).evaluate(doc, XPathConstants.NODESET); + for(int i = 0; i < nodeList.getLength(); i++) { + ((Element) nodeList.item(i)).setAttribute(p.split("@")[p.split("@").length - 1], v); + } + } + else { + nodeList = (NodeList) xPath.compile(p.replaceAll("/[a-zA-Z0-9-_.]*$", "")).evaluate(doc, XPathConstants.NODESET); + for(int i = 0; i < nodeList.getLength(); i++) { + toAdd = doc.createElement(p.split("/")[p.split("/").length - 1]); + toAdd.setTextContent(v); + nodeList.item(i).appendChild(toAdd); + } + } + } + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + + Transformer xformer = transformerFactory.newTransformer(); + xformer.setOutputProperty(OutputKeys.INDENT, "no"); + + StringWriter output = new StringWriter(); + xformer.transform(new DOMSource(doc), new StreamResult(output)); + return messageType == MessageType.REQUEST ? ((HttpRequest)httpMessage).withBody(output.toString()).toByteArray() : ((HttpResponse)httpMessage).withBody(output.toString()).toByteArray(); + } + else { return parseRawMessage(input); } + } + + @Override + public void createUI() { + this.path = new VariableTextField(); + this.value = new VariableTextField(); + this.addIfNotPresent = new JCheckBox("Add if not present"); + this.addUIElement("Path", this.path); + this.addUIElement("Value", this.value); + this.addUIElement(null, this.addIfNotPresent); } } From 2be50aca484eb55af9397f150b4fff879cb50f33 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 26 Aug 2024 15:42:11 +0200 Subject: [PATCH 12/36] Add dynamic lane count --- .../java/de/usd/cstchef/view/RecipePanel.java | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index 7d8f81cd..b841be6c 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -168,6 +168,33 @@ public void actionPerformed(ActionEvent arg0) { // create active operations (middle) panel LayoutPanel activeOperationsPanel = new LayoutPanel("Recipe"); + // button to add lanes + JButton addLaneButton = new JButton("Plus"); + activeOperationsPanel.addActionComponent(addLaneButton); + addLaneButton.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if(operationSteps < 100) { + increaseLaneNumber(1); + } + } + + }); + + // button to remove lanes + JButton removeLaneButton = new JButton("Minus"); + activeOperationsPanel.addActionComponent(removeLaneButton); + removeLaneButton.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if(operationSteps > 1) { + decreaseLaneNumber(1); + } + } + + }); inactiveWarning = new JLabel(this.operation.toString() + " Operations currently inactive!"); inactiveWarning.setForeground(Color.RED); @@ -328,6 +355,37 @@ public void actionPerformed(ActionEvent arg0) { startAutoBakeTimer(); } + private void increaseLaneNumber(int number) { + this.operationSteps += number; + + GridBagConstraints co = new GridBagConstraints(); + co.gridheight = GridBagConstraints.REMAINDER; + co.weighty = 1; + co.fill = GridBagConstraints.VERTICAL; + + for(int i = 0; i < number; i++) { + RecipeStepPanel opPanel = new RecipeStepPanel("Lane " + String.valueOf(operationSteps - (number - i) + 1), this); + operationLines.add(opPanel, co, operationSteps - (number - i)); + operationLines.revalidate(); + operationLines.repaint(); + + JPanel panel = opPanel.getOperationsPanel(); + MoveOperationMouseAdapter moma = new MoveOperationMouseAdapter(opPanel, operationLines); + panel.addMouseListener(moma); + panel.addMouseMotionListener(moma); + } + } + + private void decreaseLaneNumber(int number) { + int index = this.operationSteps; + this.operationSteps -= number; + for(int i = 0; i < number; i++) { + operationLines.remove(index - 1 - i); + operationLines.revalidate(); + operationLines.repaint(); + } + } + public void hideInactiveWarning(){ this.inactiveWarning.setVisible(false); } @@ -393,6 +451,10 @@ public void restoreState(String jsonState) throws IOException, ClassNotFoundExce throw new IOException("wrong data format"); } + if(stepNodes.size() > operationSteps) { + increaseLaneNumber(stepNodes.size() - operationSteps); + } + for (int step = 0; step < stepNodes.size(); step++) { JsonNode operationNodes = stepNodes.get(step); if (!operationNodes.isArray()) { @@ -687,6 +749,13 @@ private void saveFilterState() { } private void clear() { + if(this.operationSteps < 10) { + increaseLaneNumber(10 - this.operationSteps); + } + else if(this.operationSteps > 10) { + decreaseLaneNumber(this.operationSteps - 10); + } + for (int step = 0; step < this.operationSteps; step++) { RecipeStepPanel stepPanel = (RecipeStepPanel) this.operationLines.getComponent(step); int laneIndex = step + 1; From 0a25261fab1ae92cdf11dbb3d43f955c979d344e Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 26 Aug 2024 15:56:58 +0200 Subject: [PATCH 13/36] Add Formatting Message Editor Tab --- src/main/java/burp/BurpExtender.java | 2 + ...onProvidedHttpRequestEditorFormatting.java | 73 +++++++++++++++++++ ...nProvidedHttpResponseEditorFormatting.java | 73 +++++++++++++++++++ ...MyHttpRequestEditorProviderFormatting.java | 28 +++++++ ...yHttpResponseEditorProviderFormatting.java | 28 +++++++ 5 files changed, 204 insertions(+) create mode 100644 src/main/java/burp/MyExtensionProvidedHttpRequestEditorFormatting.java create mode 100644 src/main/java/burp/MyExtensionProvidedHttpResponseEditorFormatting.java create mode 100644 src/main/java/burp/MyHttpRequestEditorProviderFormatting.java create mode 100644 src/main/java/burp/MyHttpResponseEditorProviderFormatting.java diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index 659e6df8..70fd68fc 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -26,6 +26,8 @@ public void initialize(MontoyaApi api) { api.http().registerHttpHandler(new CstcHttpHandler(view)); api.userInterface().registerSuiteTab(extensionName, view); api.userInterface().registerHttpRequestEditorProvider(new MyHttpRequestEditorProvider(view)); + api.userInterface().registerHttpRequestEditorProvider(new MyHttpRequestEditorProviderFormatting(view)); + api.userInterface().registerHttpResponseEditorProvider(new MyHttpResponseEditorProviderFormatting(view)); if (!api.burpSuite().version().edition().equals(BurpSuiteEdition.COMMUNITY_EDITION)) { PersistedObject persistence = api.persistence().extensionData(); diff --git a/src/main/java/burp/MyExtensionProvidedHttpRequestEditorFormatting.java b/src/main/java/burp/MyExtensionProvidedHttpRequestEditorFormatting.java new file mode 100644 index 00000000..16b12960 --- /dev/null +++ b/src/main/java/burp/MyExtensionProvidedHttpRequestEditorFormatting.java @@ -0,0 +1,73 @@ +package burp; + +import burp.api.montoya.MontoyaApi; +import burp.api.montoya.core.ByteArray; +import burp.api.montoya.http.message.HttpRequestResponse; +import burp.api.montoya.http.message.requests.HttpRequest; +import burp.api.montoya.ui.Selection; +import burp.api.montoya.ui.editor.EditorOptions; +import burp.api.montoya.ui.editor.RawEditor; +import burp.api.montoya.ui.editor.extension.EditorCreationContext; +import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor; +import de.usd.cstchef.Utils.MessageType; +import de.usd.cstchef.view.View; + +import java.awt.*; + +public class MyExtensionProvidedHttpRequestEditorFormatting implements ExtensionProvidedHttpRequestEditor +{ + private final RawEditor requestEditor; + private HttpRequestResponse requestResponse; + private final MontoyaApi api; + private final View view; + + MyExtensionProvidedHttpRequestEditorFormatting(EditorCreationContext creationContext, View view) + { + this.api = BurpUtils.getInstance().getApi(); + this.view = view; + requestEditor = api.userInterface().createRawEditor(EditorOptions.READ_ONLY); + } + + @Override + public HttpRequest getRequest() + { + return requestResponse.request(); + } + + @Override + public void setRequestResponse(HttpRequestResponse requestResponse) + { + ByteArray result = view.getFormatRecipePanel().bake(requestResponse.request().toByteArray(), MessageType.REQUEST); + this.requestEditor.setContents(result); + } + + @Override + public boolean isEnabledFor(HttpRequestResponse requestResponse) + { + return requestResponse.request() != null; + } + + @Override + public String caption() + { + return "CSTC Formatting"; + } + + @Override + public Component uiComponent() + { + return requestEditor.uiComponent(); + } + + @Override + public Selection selectedData() + { + return requestEditor.selection().isPresent() ? requestEditor.selection().get() : null; + } + + @Override + public boolean isModified() + { + return requestEditor.isModified(); + } +} \ No newline at end of file diff --git a/src/main/java/burp/MyExtensionProvidedHttpResponseEditorFormatting.java b/src/main/java/burp/MyExtensionProvidedHttpResponseEditorFormatting.java new file mode 100644 index 00000000..8fb880b7 --- /dev/null +++ b/src/main/java/burp/MyExtensionProvidedHttpResponseEditorFormatting.java @@ -0,0 +1,73 @@ +package burp; + +import burp.api.montoya.MontoyaApi; +import burp.api.montoya.core.ByteArray; +import burp.api.montoya.http.message.HttpRequestResponse; +import burp.api.montoya.http.message.responses.HttpResponse; +import burp.api.montoya.ui.Selection; +import burp.api.montoya.ui.editor.EditorOptions; +import burp.api.montoya.ui.editor.RawEditor; +import burp.api.montoya.ui.editor.extension.EditorCreationContext; +import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpResponseEditor; +import de.usd.cstchef.Utils.MessageType; +import de.usd.cstchef.view.View; + +import java.awt.*; + +public class MyExtensionProvidedHttpResponseEditorFormatting implements ExtensionProvidedHttpResponseEditor +{ + private final RawEditor responseEditor; + private HttpRequestResponse requestResponse; + private final MontoyaApi api; + private final View view; + + MyExtensionProvidedHttpResponseEditorFormatting(EditorCreationContext creationContext, View view) + { + this.api = BurpUtils.getInstance().getApi(); + this.view = view; + responseEditor = api.userInterface().createRawEditor(EditorOptions.READ_ONLY); + } + + @Override + public HttpResponse getResponse() + { + return requestResponse.response(); + } + + @Override + public void setRequestResponse(HttpRequestResponse requestResponse) + { + ByteArray result = view.getFormatRecipePanel().bake(requestResponse.response().toByteArray(), MessageType.RESPONSE); + this.responseEditor.setContents(result); + } + + @Override + public boolean isEnabledFor(HttpRequestResponse requestResponse) + { + return requestResponse.response() != null; + } + + @Override + public String caption() + { + return "CSTC Formatting"; + } + + @Override + public Component uiComponent() + { + return responseEditor.uiComponent(); + } + + @Override + public Selection selectedData() + { + return responseEditor.selection().isPresent() ? responseEditor.selection().get() : null; + } + + @Override + public boolean isModified() + { + return responseEditor.isModified(); + } +} \ No newline at end of file diff --git a/src/main/java/burp/MyHttpRequestEditorProviderFormatting.java b/src/main/java/burp/MyHttpRequestEditorProviderFormatting.java new file mode 100644 index 00000000..80620390 --- /dev/null +++ b/src/main/java/burp/MyHttpRequestEditorProviderFormatting.java @@ -0,0 +1,28 @@ +package burp; + +import burp.api.montoya.core.ToolType; +import burp.api.montoya.ui.editor.extension.EditorCreationContext; +import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor; +import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider; +import de.usd.cstchef.view.View; + +class MyHttpRequestEditorProviderFormatting implements HttpRequestEditorProvider +{ + private final View view; + + MyHttpRequestEditorProviderFormatting(View view){ + this.view = view; + } + + @Override + public ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreationContext creationContext) + { + // everywhere but in CSTC itself + if(!creationContext.toolSource().isFromTool(ToolType.EXTENSIONS)) { + return new MyExtensionProvidedHttpRequestEditorFormatting(creationContext, view); + } + else { + return null; + } + } +} \ No newline at end of file diff --git a/src/main/java/burp/MyHttpResponseEditorProviderFormatting.java b/src/main/java/burp/MyHttpResponseEditorProviderFormatting.java new file mode 100644 index 00000000..96f442fe --- /dev/null +++ b/src/main/java/burp/MyHttpResponseEditorProviderFormatting.java @@ -0,0 +1,28 @@ +package burp; + +import burp.api.montoya.core.ToolType; +import burp.api.montoya.ui.editor.extension.EditorCreationContext; +import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpResponseEditor; +import burp.api.montoya.ui.editor.extension.HttpResponseEditorProvider; +import de.usd.cstchef.view.View; + +class MyHttpResponseEditorProviderFormatting implements HttpResponseEditorProvider +{ + private final View view; + + MyHttpResponseEditorProviderFormatting(View view){ + this.view = view; + } + + @Override + public ExtensionProvidedHttpResponseEditor provideHttpResponseEditor(EditorCreationContext creationContext) + { + // everywhere but in CSTC itself + if(!creationContext.toolSource().isFromTool(ToolType.EXTENSIONS)) { + return new MyExtensionProvidedHttpResponseEditorFormatting(creationContext, view); + } + else { + return null; + } + } +} \ No newline at end of file From 9d19dd1669ae548dcada25bc2f8bc24d72da462c Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Tue, 27 Aug 2024 11:11:17 +0200 Subject: [PATCH 14/36] Fix empty identifier --- .../java/de/usd/cstchef/operations/setter/HttpXmlSetter.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java index 582a4e51..30599387 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java @@ -24,12 +24,13 @@ import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.responses.HttpResponse; import de.usd.cstchef.Utils.MessageType; +import de.usd.cstchef.operations.Operation; import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.view.ui.VariableTextField; import de.usd.cstchef.operations.OperationCategory; @OperationInfos(name = "Set HTTP XML", category = OperationCategory.SETTER, description = "Set a XML parameter to the specified value.\nUse XPath Syntax.") -public class HttpXmlSetter extends SetterOperation { +public class HttpXmlSetter extends Operation { private VariableTextField path; private VariableTextField value; @@ -117,7 +118,7 @@ public void createUI() { this.addUIElement("Path", this.path); this.addUIElement("Value", this.value); - this.addUIElement(null, this.addIfNotPresent); + this.addUIElement(null, this.addIfNotPresent, "checkbox1"); } } From f6467a1ec043aeb5a095a1546727f1839864de9d Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 2 Sep 2024 18:15:12 +0200 Subject: [PATCH 15/36] Add button icons --- res/collapse_all.png | Bin 0 -> 373 bytes res/expand_all.png | Bin 0 -> 342 bytes .../java/de/usd/cstchef/view/RecipePanel.java | 10 ++++++++-- 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100755 res/collapse_all.png create mode 100755 res/expand_all.png diff --git a/res/collapse_all.png b/res/collapse_all.png new file mode 100755 index 0000000000000000000000000000000000000000..73e6a1c998bf5b88564394844362fa2f8821fe74 GIT binary patch literal 373 zcmV-*0gC>KP)bj--=pvhQs&JM-SYm2H|ts~kvrlGJa6P*NLs1U7X@RkkeY7We?Vz=Q3B zq!I8E;aS>V0^9@#W8fZmwtdKRdmxPvX2s4nxym-M1=4e_$_g!aO3Ess6~qHcNgcw_ z@)z(9Bu!cF0UKZk%xwQi8UTxku9fZ8ZCW2)n!nzJY$#rW7@_eFWZsiS2!?R)68bauYZK6U1D4 T$vzvl00000NkvXXu0mjfJ&=_G literal 0 HcmV?d00001 diff --git a/res/expand_all.png b/res/expand_all.png new file mode 100755 index 0000000000000000000000000000000000000000..0f332f5b7b8a171089a8d52183123bcac3e9b21f GIT binary patch literal 342 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VXMsm#F_5wXVa5+Ble~a}k|nMY zCBgY=CFO}lsSM@i<$9TU*~Q6;1*v-ZMd`EO*+>BuJ@#~Q46*2aIz`uy#ZkcRe)B{R zzNSM90#rCQJ!C0nk?CS-K2Y3X_~Wa>u?OEdvI7$WI`}WoK68L?w{u%di~h3TVWcoUQ>5cOvwDr_YZbW zbFiN9oV#H1q%F)254PWXI7RC2rvm}ARL=G{tdT!e^z_f+g*|Mmw%#gxvmpBZH@@ex k^`8Iv;;W_q{gnUB9C9?L_;W;20?@k*p00i_>zopr02?@r-~a#s literal 0 HcmV?d00001 diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index b841be6c..74f7230f 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -23,6 +23,7 @@ import java.util.TimerTask; import javax.swing.BorderFactory; +import javax.swing.ImageIcon; import javax.swing.JButton; import javax.swing.JCheckBox; import javax.swing.JComponent; @@ -94,6 +95,9 @@ public class RecipePanel extends JPanel implements ChangeListener { private JLabel inactiveWarning; + private static ImageIcon expandIcon = new ImageIcon(Operation.class.getResource("/expand_all.png")); + private static ImageIcon collapseIcon = new ImageIcon(Operation.class.getResource("/collapse_all.png")); + public RecipePanel(BurpOperation operation, MessageType messageType) { this.operation = operation; @@ -137,7 +141,8 @@ public void textChanged() { }); JPanel btnContainer = new JPanel(); - JButton expandAll = new JButton("+"); + JButton expandAll = new JButton(); + expandAll.setIcon(expandIcon); expandAll.setToolTipText("Expand all operations"); expandAll.addActionListener(new ActionListener() { @Override @@ -145,7 +150,8 @@ public void actionPerformed(ActionEvent arg0) { operationsTree.expandAll(); } }); - JButton collapseAll = new JButton("-"); + JButton collapseAll = new JButton(); + collapseAll.setIcon(collapseIcon); collapseAll.setToolTipText("Collapse all operations"); collapseAll.addActionListener(new ActionListener() { @Override From 4dda8d5899264d6b4bb2dac1ed59dc62cc34ea29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 06:12:21 +0000 Subject: [PATCH 16/36] Bump com.fasterxml.jackson.core:jackson-core from 2.17.2 to 2.18.0 Bumps [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) from 2.17.2 to 2.18.0. - [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.17.2...jackson-core-2.18.0) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 245d5159..c1322db7 100644 --- a/pom.xml +++ b/pom.xml @@ -35,7 +35,7 @@ com.fasterxml.jackson.core jackson-core - 2.17.2 + 2.18.0 From 44770e075b03b08cb85c64363fe1a6ddbf0b6b0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Sep 2024 06:12:23 +0000 Subject: [PATCH 17/36] Bump com.fasterxml.jackson.core:jackson-databind from 2.17.2 to 2.18.0 Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.17.2 to 2.18.0. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 245d5159..59603f40 100644 --- a/pom.xml +++ b/pom.xml @@ -41,7 +41,7 @@ com.fasterxml.jackson.core jackson-databind - 2.17.2 + 2.18.0 From 32355b2aada652bc59b6fcf13aa9a97f5ed98964 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 06:18:11 +0000 Subject: [PATCH 18/36] Bump org.apache.maven.plugins:maven-surefire-plugin from 3.4.0 to 3.5.1 Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.4.0 to 3.5.1. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.4.0...surefire-3.5.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 245d5159..feeaae7a 100644 --- a/pom.xml +++ b/pom.xml @@ -103,7 +103,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.4.0 + 3.5.1 false true From 71083e507df5fe9b9bff76607f3b5d8c951edd1c Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 7 Oct 2024 05:19:18 -0400 Subject: [PATCH 19/36] Refactor operation logic --- src/main/java/de/usd/cstchef/Utils.java | 92 ++++++++++++++++++- .../operations/setter/HttpXmlSetter.java | 82 ++--------------- 2 files changed, 96 insertions(+), 78 deletions(-) diff --git a/src/main/java/de/usd/cstchef/Utils.java b/src/main/java/de/usd/cstchef/Utils.java index ec28fe4c..6306b53e 100644 --- a/src/main/java/de/usd/cstchef/Utils.java +++ b/src/main/java/de/usd/cstchef/Utils.java @@ -8,6 +8,7 @@ import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; +import java.io.StringWriter; import java.net.URISyntaxException; import java.time.ZonedDateTime; import java.util.ArrayList; @@ -20,6 +21,23 @@ import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; +import javax.xml.xpath.XPath; +import javax.xml.xpath.XPathConstants; +import javax.xml.xpath.XPathFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; @@ -121,6 +139,7 @@ import de.usd.cstchef.operations.setter.HttpSetCookie; import de.usd.cstchef.operations.setter.HttpSetUri; import de.usd.cstchef.operations.setter.HttpXmlSetter; +import de.usd.cstchef.operations.setter.XmlSetter; import de.usd.cstchef.operations.setter.JsonSetter; import de.usd.cstchef.operations.setter.LineSetter; import de.usd.cstchef.operations.signature.JWTDecode; @@ -257,6 +276,75 @@ public static ByteArray jsonSetter(ByteArray input, String key, String value, bo return ByteArray.byteArray(document.jsonString()); } + public static ByteArray xmlSetter(ByteArray input, String path, String value, boolean addIfNotPresent) throws Exception { + + if(path.trim().isEmpty()) { + return input; + } + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + // XXE prevention as per https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html + dbf.setFeature("http://xml.org/sax/features/external-general-entities", false); + dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + dbf.setXIncludeAware(false); + dbf.setExpandEntityReferences(false); + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + + Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(input.getBytes())); + doc.getDocumentElement().normalize(); + + Element toAdd; + + XPath xPath = XPathFactory.newInstance().newXPath(); + NodeList nodeList; + + Node disableEscaping = doc.createProcessingInstruction(StreamResult.PI_DISABLE_OUTPUT_ESCAPING, "&"); + // make sure disableEscaping is always the first child of the document element so the whole doc is escaped + doc.getDocumentElement().getParentNode().insertBefore(disableEscaping, doc.getDocumentElement().getParentNode().getFirstChild()); + + try { + nodeList = (NodeList) xPath.compile(path).evaluate(doc, XPathConstants.NODESET); + } + catch(Exception e) { + throw new IllegalArgumentException("Invalid XPath Syntax."); + } + + for(int i = 0; i < nodeList.getLength(); i++) { + nodeList.item(i).setTextContent(value); + } + + if(nodeList.getLength() == 0 && addIfNotPresent) { + if(path.matches(".*/@[a-zA-Z0-9-_.]*")) { + nodeList = (NodeList) xPath.compile(path.replaceAll("/@[a-zA-Z0-9-_.]*$", "")).evaluate(doc, XPathConstants.NODESET); + for(int i = 0; i < nodeList.getLength(); i++) { + ((Element) nodeList.item(i)).setAttribute(path.split("@")[path.split("@").length - 1], value); + } + } + else { + nodeList = (NodeList) xPath.compile(path.replaceAll("/[a-zA-Z0-9-_.]*$", "")).evaluate(doc, XPathConstants.NODESET); + for(int i = 0; i < nodeList.getLength(); i++) { + toAdd = doc.createElement(path.split("/")[path.split("/").length - 1]); + toAdd.setTextContent(value); + nodeList.item(i).appendChild(toAdd); + } + } + } + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); + // XXE prevention + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + + Transformer xformer = transformerFactory.newTransformer(); + xformer.setOutputProperty(OutputKeys.INDENT, "no"); + xformer.setOutputProperty(OutputKeys.DOCTYPE_PUBLIC, "yes"); + + StringWriter output = new StringWriter(); + xformer.transform(new DOMSource(doc), new StreamResult(output)); + return ByteArray.byteArray(output.toString()); + } + public static Class[] getOperationsBurp() { ZipInputStream zip = null; List> operations = new ArrayList>(); @@ -310,7 +398,7 @@ public static Class[] getOperationsDevOutgoingFormatting() HttpMultipartSetter.class, HttpPostExtractor.class, HttpPostSetter.class, PlainRequest.class, HttpSetBody.class, HttpSetCookie.class, HttpSetUri.class, HttpUriExtractor.class, HttpXmlExtractor.class, - HttpXmlSetter.class, HtmlEncode.class, HtmlDecode.class, Inflate.class, + HttpXmlSetter.class, XmlSetter.class, HtmlEncode.class, HtmlDecode.class, Inflate.class, JsonExtractor.class, JsonSetter.class, JWTDecode.class, JWTSign.class, Length.class, LineExtractor.class, LineSetter.class, MD2.class, MD4.class, MD5.class, Mean.class, Median.class, @@ -339,7 +427,7 @@ public static Class[] getOperationsDevIncoming() { GetVariable.class, Gost.class, GUnzip.class, Gzip.class, Hmac.class, HttpBodyExtractor.class, HttpCookieExtractor.class, HttpHeaderExtractor.class, HttpHeaderSetter.class, HttpJsonExtractor.class, HttpJsonSetter.class, HttpMultipartExtractor.class, HttpMultipartSetter.class, PlainRequest.class, - HttpSetBody.class, HttpSetCookie.class, HttpXmlExtractor.class, HttpXmlSetter.class, HtmlEncode.class, + HttpSetBody.class, HttpSetCookie.class, HttpXmlExtractor.class, HttpXmlSetter.class, XmlSetter.class, HtmlEncode.class, HtmlDecode.class, Inflate.class, JsonExtractor.class, JsonSetter.class, JWTDecode.class, JWTSign.class, Length.class, LineExtractor.class, LineSetter.class, MD2.class, MD4.class, MD5.class, Mean.class, Median.class, Multiply.class, MultiplyList.class, NoOperation.class, NumberCompare.class, Prefix.class, RandomNumber.class, diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java index 30599387..1561b8e5 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java @@ -1,28 +1,11 @@ package de.usd.cstchef.operations.setter; -import java.io.ByteArrayInputStream; -import java.io.StringWriter; - import javax.swing.JCheckBox; -import javax.xml.XMLConstants; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.transform.OutputKeys; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; -import javax.xml.xpath.XPath; -import javax.xml.xpath.XPathConstants; -import javax.xml.xpath.XPathFactory; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; import burp.api.montoya.core.ByteArray; -import burp.api.montoya.http.message.HttpMessage; import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.responses.HttpResponse; +import de.usd.cstchef.Utils; import de.usd.cstchef.Utils.MessageType; import de.usd.cstchef.operations.Operation; import de.usd.cstchef.operations.Operation.OperationInfos; @@ -46,64 +29,11 @@ protected ByteArray perform(ByteArray input, MessageType messageType) throws Exc return input; } - if (messageType == MessageType.REQUEST || messageType == MessageType.RESPONSE) { - - HttpMessage httpMessage; - httpMessage = messageType == MessageType.REQUEST ? HttpRequest.httpRequest(input) : HttpResponse.httpResponse(input); - - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setNamespaceAware(true); - dbf.setXIncludeAware(false); - // XXE - dbf.setExpandEntityReferences(false); - dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - - Document doc = messageType == MessageType.REQUEST ? dbf.newDocumentBuilder().parse(new ByteArrayInputStream(factory.createHttpRequest(input).bodyToString().getBytes())) : - dbf.newDocumentBuilder().parse(new ByteArrayInputStream(factory.createHttpResponse(input).bodyToString().getBytes())); - doc.getDocumentElement().normalize(); - - Element toAdd; - - XPath xPath = XPathFactory.newInstance().newXPath(); - NodeList nodeList; - - try { - nodeList = (NodeList) xPath.compile(p).evaluate(doc, XPathConstants.NODESET); - } - catch(Exception e) { - throw new IllegalArgumentException("Invalid XPath Syntax."); - } - - for(int i = 0; i < nodeList.getLength(); i++) { - nodeList.item(i).setTextContent(v); - } - - if(nodeList.getLength() == 0 && addIfNotPresent.isSelected()) { - if(p.matches(".*/@[a-zA-Z0-9-_.]*")) { - nodeList = (NodeList) xPath.compile(p.replaceAll("/@[a-zA-Z0-9-_.]*$", "")).evaluate(doc, XPathConstants.NODESET); - for(int i = 0; i < nodeList.getLength(); i++) { - ((Element) nodeList.item(i)).setAttribute(p.split("@")[p.split("@").length - 1], v); - } - } - else { - nodeList = (NodeList) xPath.compile(p.replaceAll("/[a-zA-Z0-9-_.]*$", "")).evaluate(doc, XPathConstants.NODESET); - for(int i = 0; i < nodeList.getLength(); i++) { - toAdd = doc.createElement(p.split("/")[p.split("/").length - 1]); - toAdd.setTextContent(v); - nodeList.item(i).appendChild(toAdd); - } - } - } - - TransformerFactory transformerFactory = TransformerFactory.newInstance(); - transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - - Transformer xformer = transformerFactory.newTransformer(); - xformer.setOutputProperty(OutputKeys.INDENT, "no"); - - StringWriter output = new StringWriter(); - xformer.transform(new DOMSource(doc), new StreamResult(output)); - return messageType == MessageType.REQUEST ? ((HttpRequest)httpMessage).withBody(output.toString()).toByteArray() : ((HttpResponse)httpMessage).withBody(output.toString()).toByteArray(); + if(messageType == MessageType.REQUEST || messageType == MessageType.RESPONSE) { + return HttpRequest.httpRequest(input).withBody(Utils.xmlSetter(HttpRequest.httpRequest(input).body(), p, v, addIfNotPresent.isSelected())).toByteArray(); + } + else if(messageType == MessageType.RESPONSE) { + return HttpResponse.httpResponse(input).withBody(Utils.xmlSetter(HttpResponse.httpResponse(input).body(), p, v, addIfNotPresent.isSelected())).toByteArray(); } else { return parseRawMessage(input); From 8871c974dfb62782a0843940631c93a3470b4193 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 7 Oct 2024 05:19:44 -0400 Subject: [PATCH 20/36] Add XmlSetter operation --- .../cstchef/operations/setter/XmlSetter.java | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 src/main/java/de/usd/cstchef/operations/setter/XmlSetter.java diff --git a/src/main/java/de/usd/cstchef/operations/setter/XmlSetter.java b/src/main/java/de/usd/cstchef/operations/setter/XmlSetter.java new file mode 100644 index 00000000..16151ecc --- /dev/null +++ b/src/main/java/de/usd/cstchef/operations/setter/XmlSetter.java @@ -0,0 +1,44 @@ +package de.usd.cstchef.operations.setter; + +import javax.swing.JCheckBox; + +import burp.api.montoya.core.ByteArray; +import de.usd.cstchef.Utils; +import de.usd.cstchef.Utils.MessageType; +import de.usd.cstchef.operations.Operation; +import de.usd.cstchef.operations.Operation.OperationInfos; +import de.usd.cstchef.view.ui.VariableTextField; +import de.usd.cstchef.operations.OperationCategory; + +@OperationInfos(name = "Set XML", category = OperationCategory.SETTER, description = "Set a XML parameter to the specified value.\nUse XPath Syntax.") +public class XmlSetter extends Operation { + + private VariableTextField path; + private VariableTextField value; + private JCheckBox addIfNotPresent; + + @Override + protected ByteArray perform(ByteArray input, MessageType messageType) throws Exception { + + String p = this.path.getText(); + String v = this.value.getText(); + + if(p.trim().isEmpty()) { + return input; + } + + return Utils.xmlSetter(input, p, v, addIfNotPresent.isSelected()); + } + + @Override + public void createUI() { + this.path = new VariableTextField(); + this.value = new VariableTextField(); + this.addIfNotPresent = new JCheckBox("Add if not present"); + + this.addUIElement("Path", this.path); + this.addUIElement("Value", this.value); + this.addUIElement(null, this.addIfNotPresent, "checkbox1"); + } + +} From d8932d40e962ab3731e101c2d5f23584b204df07 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 7 Oct 2024 05:26:43 -0400 Subject: [PATCH 21/36] Fix if condition --- .../java/de/usd/cstchef/operations/setter/HttpXmlSetter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java index 1561b8e5..f16a7e63 100644 --- a/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java +++ b/src/main/java/de/usd/cstchef/operations/setter/HttpXmlSetter.java @@ -29,7 +29,7 @@ protected ByteArray perform(ByteArray input, MessageType messageType) throws Exc return input; } - if(messageType == MessageType.REQUEST || messageType == MessageType.RESPONSE) { + if(messageType == MessageType.REQUEST) { return HttpRequest.httpRequest(input).withBody(Utils.xmlSetter(HttpRequest.httpRequest(input).body(), p, v, addIfNotPresent.isSelected())).toByteArray(); } else if(messageType == MessageType.RESPONSE) { From 2cf628ecbae53da4e4191915e4207b11cbd736e0 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Tue, 8 Oct 2024 02:48:59 -0400 Subject: [PATCH 22/36] Fix add/remove lane buttons position --- res/minus.png | Bin 0 -> 173 bytes res/plus.png | Bin 0 -> 215 bytes .../java/de/usd/cstchef/view/RecipePanel.java | 78 +++++++++++------- 3 files changed, 47 insertions(+), 31 deletions(-) create mode 100755 res/minus.png create mode 100755 res/plus.png diff --git a/res/minus.png b/res/minus.png new file mode 100755 index 0000000000000000000000000000000000000000..5c8b54e9d5d979895ffdf572a3c08d2b7ad38700 GIT binary patch literal 173 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VXMsm#F_4}N!i?I#S5E*kBuiW) zN`mv#O3D+9QW?t2%k?tzvWt@w3sUv+i_&MmvylQSvhs9s46*1<{`3F8J+mpJaHy}e zX~7kTPYm2|Nmdl9LQ#5U{Emefkw#jp0vGz%G#^?S^!O9 N@O1TaS?83{1OV(OGcf=F literal 0 HcmV?d00001 diff --git a/res/plus.png b/res/plus.png new file mode 100755 index 0000000000000000000000000000000000000000..fb02ee567c0ab37a61966e91c5a5fb7068259171 GIT binary patch literal 215 zcmeAS@N?(olHy`uVBq!ia0vp^A|TAc1|)ksWqE-VXMsm#F_4}N!i?I#S5E*kBuiW) zN`mv#O3D+9QW?t2%k?tzvWt@w3sUv+i_&MmvylQSO7V1Y46*2aJK376!GVYMeuqMZ ztbWqoQ<|C{)kJ3i%{hz#piZ+oD944$rjF6*2U FngE>IM$iBN literal 0 HcmV?d00001 diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index 74f7230f..2efc5fb8 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -98,6 +98,12 @@ public class RecipePanel extends JPanel implements ChangeListener { private static ImageIcon expandIcon = new ImageIcon(Operation.class.getResource("/expand_all.png")); private static ImageIcon collapseIcon = new ImageIcon(Operation.class.getResource("/collapse_all.png")); + private static ImageIcon plusIcon = new ImageIcon(Operation.class.getResource("/plus.png")); + private static ImageIcon minusIcon = new ImageIcon(Operation.class.getResource("/minus.png")); + + private JButton addLaneButton = new JButton(); + private JButton removeLaneButton = new JButton(); + public RecipePanel(BurpOperation operation, MessageType messageType) { this.operation = operation; @@ -174,34 +180,6 @@ public void actionPerformed(ActionEvent arg0) { // create active operations (middle) panel LayoutPanel activeOperationsPanel = new LayoutPanel("Recipe"); - // button to add lanes - JButton addLaneButton = new JButton("Plus"); - activeOperationsPanel.addActionComponent(addLaneButton); - addLaneButton.addActionListener(new ActionListener() { - - @Override - public void actionPerformed(ActionEvent e) { - if(operationSteps < 100) { - increaseLaneNumber(1); - } - } - - }); - - // button to remove lanes - JButton removeLaneButton = new JButton("Minus"); - activeOperationsPanel.addActionComponent(removeLaneButton); - removeLaneButton.addActionListener(new ActionListener() { - - @Override - public void actionPerformed(ActionEvent e) { - if(operationSteps > 1) { - decreaseLaneNumber(1); - } - } - - }); - inactiveWarning = new JLabel(this.operation.toString() + " Operations currently inactive!"); inactiveWarning.setForeground(Color.RED); inactiveWarning.setFont(inactiveWarning.getFont().deriveFont(inactiveWarning.getFont().getStyle() | Font.BOLD)); @@ -327,6 +305,47 @@ public void actionPerformed(ActionEvent arg0) { operationLines.add(dummyPanel, gbc); // this is the magic!11!! + JScrollPane activeOperationsScrollPane = new JScrollPane(operationLines, JScrollPane.VERTICAL_SCROLLBAR_NEVER, + JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED); + activeOperationsPanel.add(activeOperationsScrollPane); + + // button to add lanes + addLaneButton.setIcon(plusIcon); + + GridBagConstraints btnConstrainsts = new GridBagConstraints(); + btnConstrainsts.gridheight = 1; + btnConstrainsts.gridwidth = 1; + btnConstrainsts.anchor = GridBagConstraints.NORTHEAST; + + operationLines.add(addLaneButton, btnConstrainsts, 0); + addLaneButton.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if(operationSteps < 100) { + increaseLaneNumber(1); + } + + // scroll max to the right if a lane is added. invokeLater because the maximum needs to be updated in the event queue first + SwingUtilities.invokeLater(() -> activeOperationsScrollPane.getHorizontalScrollBar().setValue(activeOperationsScrollPane.getHorizontalScrollBar().getMaximum())); + } + + }); + + // button to remove lanes + removeLaneButton.setIcon(minusIcon); + operationLines.add(removeLaneButton, btnConstrainsts, 0); + removeLaneButton.addActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + if(operationSteps > 1) { + decreaseLaneNumber(1); + } + } + + }); + for (int i = operationSteps; i > 0; i--) { RecipeStepPanel opPanel = new RecipeStepPanel("Lane " + String.valueOf(i), this); operationLines.add(opPanel, co, 0); @@ -337,9 +356,6 @@ public void actionPerformed(ActionEvent arg0) { panel.addMouseMotionListener(moma); } - JScrollPane activeOperationsScrollPane = new JScrollPane(operationLines, JScrollPane.VERTICAL_SCROLLBAR_NEVER, - JScrollPane.HORIZONTAL_SCROLLBAR_AS_NEEDED); - activeOperationsPanel.add(activeOperationsScrollPane); JSplitPane opsInOut = new JSplitPane(); opsInOut.setResizeWeight(0.5); From 75d34212d6842f5ea7453ae6fac01607fca8e067 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Mon, 14 Oct 2024 11:33:22 -0400 Subject: [PATCH 23/36] Bump artifact actions from v2 to v4 --- .github/workflows/develop.yml | 2 +- .github/workflows/master.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index 6189c146..d4dbdc22 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -40,7 +40,7 @@ jobs: run: mvn -B package --file pom.xml - name: Archive generated JAR file - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: cstc-develop-artifact path: target/CSTC-* diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index ddd6a804..d9d103a9 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -40,7 +40,7 @@ jobs: run: mvn -B package --file pom.xml - name: Archive generated JAR file - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: cstc-master-artifact path: target/CSTC-* From 02ac09bcea6d0a05780d95bdfb4e75e44d5ff9a8 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Tue, 15 Oct 2024 16:40:19 -0400 Subject: [PATCH 24/36] Fix race condition on variables --- src/main/java/burp/BurpExtender.java | 1 + .../java/de/usd/cstchef/view/RecipePanel.java | 36 +++++++++++++++++-- src/main/java/de/usd/cstchef/view/View.java | 6 ++++ 3 files changed, 41 insertions(+), 2 deletions(-) diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index 70fd68fc..af42759d 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -52,6 +52,7 @@ private void restoreFilterState(PersistedObject persistence) { try { BurpUtils.getInstance().setFilterState(new ObjectMapper().readValue(persistence.getString("FilterState"), FilterState.class)); RequestFilterDialog.getInstance().updateFilterSettings(); + view.preventRaceConditionOnVariables(); } catch (Exception e) { Logger.getInstance().log( "Could not restore the filter state. If this is the first time using CSTC in a project, you can ignore this message. " + e.getMessage()); diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index 2efc5fb8..dcad4377 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -104,6 +104,9 @@ public class RecipePanel extends JPanel implements ChangeListener { private JButton addLaneButton = new JButton(); private JButton removeLaneButton = new JButton(); + private JCheckBox bakeCheckBox = new JCheckBox("Auto bake"); + private JButton bakeButton = new JButton("Bake"); + public RecipePanel(BurpOperation operation, MessageType messageType) { this.operation = operation; @@ -200,6 +203,7 @@ public void actionPerformed(ActionEvent e) { RequestFilterDialog.getInstance().getFilterMask(BurpOperation.INCOMING), RequestFilterDialog.getInstance().getFilterMask(BurpOperation.OUTGOING)); } + BurpUtils.getInstance().getView().preventRaceConditionOnVariables(); BurpUtils.getInstance().getView().updateInactiveWarnings(); if (!BurpUtils.getInstance().getApi().burpSuite().version().edition() .equals(BurpSuiteEdition.COMMUNITY_EDITION)) { @@ -208,7 +212,6 @@ public void actionPerformed(ActionEvent e) { } }); - JButton bakeButton = new JButton("Bake"); bakeButton.setEnabled(!autoBake); activeOperationsPanel.addActionComponent(bakeButton); bakeButton.addActionListener(new ActionListener() { @@ -255,7 +258,6 @@ public void actionPerformed(ActionEvent arg0) { } }); - JCheckBox bakeCheckBox = new JCheckBox("Auto bake"); bakeCheckBox.setSelected(this.autoBake); activeOperationsPanel.addActionComponent(bakeCheckBox); bakeCheckBox.addActionListener(new ActionListener() { @@ -377,6 +379,36 @@ public void actionPerformed(ActionEvent e) { startAutoBakeTimer(); } + public void disableAutobakeIfFilterActive() { + for(Boolean b : BurpUtils.getInstance().getFilterState().getIncomingFilterSettings().values()) { + if(b) { + this.bakeCheckBox.setSelected(false); + this.bakeButton.setEnabled(true); + this.bakeCheckBox.setEnabled(false); + this.bakeCheckBox.setToolTipText("Auto bake is disabled if Filter is active."); + return; + } + else if(!this.bakeCheckBox.isEnabled() && !b) { + this.bakeCheckBox.setEnabled(true); + this.bakeCheckBox.setToolTipText(""); + } + } + + for(Boolean b : BurpUtils.getInstance().getFilterState().getOutgoingFilterSettings().values()) { + if(b) { + this.bakeCheckBox.setSelected(false); + this.bakeButton.setEnabled(true); + this.bakeCheckBox.setEnabled(false); + this.bakeCheckBox.setToolTipText("Auto bake is disabled if Filter is active."); + return; + } + else if(!this.bakeCheckBox.isEnabled() && !b) { + this.bakeCheckBox.setEnabled(true); + this.bakeCheckBox.setToolTipText(""); + } + } + } + private void increaseLaneNumber(int number) { this.operationSteps += number; diff --git a/src/main/java/de/usd/cstchef/view/View.java b/src/main/java/de/usd/cstchef/view/View.java index b24947db..d2cec15a 100644 --- a/src/main/java/de/usd/cstchef/view/View.java +++ b/src/main/java/de/usd/cstchef/view/View.java @@ -77,4 +77,10 @@ public void updateInactiveWarnings() { outgoingRecipePanel.hideInactiveWarning(); } } + + public void preventRaceConditionOnVariables() { + incomingRecipePanel.disableAutobakeIfFilterActive(); + outgoingRecipePanel.disableAutobakeIfFilterActive(); + formatRecipePanel.disableAutobakeIfFilterActive(); + } } From 299eb3fcc9bacc1af2cbff9a0c09d1a49acd7efa Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Thu, 24 Oct 2024 04:08:21 -0400 Subject: [PATCH 25/36] Refactor button icons --- res/collapse_all.png | Bin 373 -> 349 bytes res/expand_all.png | Bin 342 -> 362 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/res/collapse_all.png b/res/collapse_all.png index 73e6a1c998bf5b88564394844362fa2f8821fe74..cb4376fca36c14488ded18e05d523ec8a89eb4a9 100755 GIT binary patch delta 280 zcmV+z0q6ep0^I_TD+>jo000G{0o%&73z0S_e*o%9L_t(Ijn&mHP6R;^1>n~s#*dom zdNm;!7J*qo)*%MRF*pGZxBv#l2?!{D&VeAAJB;fykdV&9EbBMj2r6m&CH1;e1xYZo z7m`PkQ2H7G$T{CidL+3JqB3QD>l`4B<~rQj|@lGh=GlVKPx=Xw5i_j5@H z`(P=hr|KC7Ng#O-piL=Vsr1{o;8bG<|Ir+hd?mT62Iib^Bt4JgxG4qyZhe{AhncNw et*>e);0L8=mm?y?4CVj;002ovPDHLk0$_s7_IsNE delta 304 zcmV-00nh&30`&rrD+>ua000R(0q|s!N|81ve*pqXL_t(Ijm?xHZvsISgufvrxjF=* z4kV(c3LL?a)bLNJM4qhVXVewbR3J#|>Q0g(%1^*mAO>?>j!m0Q?vA9BY_jidGCT9$ zzLjm7M5`P~dXm&{giul&cmy_eNL98h=@$3^y1;|&gQOAg65(0eUIN?%2V>wKc(#4W ze{*{vjSyzV&NjKqHn0WKbFRt?Eq6-FDxnp`14&68!qD;;@D3zRS?&QFU|414D zi-@k3?bUCV0dyAsFDzdMFsws%-Di`}@~5P<4q-8RwvUqLz^kOh_9DON4wy!GGTRwk z;d2PPyav93e$}QFHMD&M-hheieXLf08sWln6F31A#9VsGJ{z_G0000jo000G{0o%&73z0S`fA>j5K~y-6?a@C<15pqL@b3*4i(p8# z$i5xrA(nRjAs)m7Sa^Y)#uHe207;e3!V?5i?7pqUPGJXj#>OZKnCyl{Quvkgm>-Y% zoSC7|P@1NP%zU~SWLb9Xz2|K~$IK_H`p`7Z4S;tddQ{cBBuOd}Iq!n0>dcuLnE6aq zfA0Y_L^Ljn;@NwD1mLy{Xl4_)xM7~>BLMqlSx&kjt8u-T(yInw@3)5#!casm+8{B; zr;VV93;#LRVM^#nR qtw0euAfly~&Fl@pTCn$0J^|4UWSEJ*4oyM;0000ua000R(0q|s!N|81wf8$9+K~y-6<&-T>1VIo+--D4z4uZm< zP$USl;RJI89Et>kz;l2x`1K&h;P(h?QD9Jr57V2>zz(}ZhJ=JKsic0=ue-WBZ4#!` z&ZM*zP~BG#y9M<`-7Wr1ooz)dEnfm}z-fuEfp_4j#0}6SVUtw_daLdMbM*l@2F{Z_ zd5vwk>YVgSeFkoTvm}pWVLf1h-l_LVUWOK^HBhf9Es|VRpR?b=ik3h-kmn0 Date: Thu, 24 Oct 2024 05:51:17 -0400 Subject: [PATCH 26/36] Refactor button icons --- res/minus.png | Bin 173 -> 184 bytes res/plus.png | Bin 215 -> 255 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/res/minus.png b/res/minus.png index 5c8b54e9d5d979895ffdf572a3c08d2b7ad38700..93c88e501f043953714b6d417a178de97fe95736 100755 GIT binary patch delta 91 zcmV-h0Hpt|0k{E>D+>h{000FR0e69~xsf&~0Y#Bt89=&#l$4Y$6BCmJF`EDV`}gA6 xvuB5q#V}mR$jC@^*1@KhaWw0V8aNyc1OV#C5GNiaN$UUr002ovPDHLkV1iYWBkceH delta 80 zcmdnNxR!B(HaEj$1_p-7jM~3fPnc+?!DuxxUeeUe(ar4`Lz2n=|NrZm1KErW3<@Sb k& diff --git a/res/plus.png b/res/plus.png index fb02ee567c0ab37a61966e91c5a5fb7068259171..0e6b503924cea760e386ad197055ba1744539aef 100755 GIT binary patch delta 184 zcmV;p07w7V0sjGzD+>h{000FR0e69~xsf&~e~d{)K~y-6-IKu$!Y~X)`ClD^#H+Mo z4@P7S4lEKPhG_k{R#1T}Mwd0mqyRv6~J6dx&34NA4+p!=u+JM mB1v+Iu%V&sN&kP?T=)iZ#VR_xh8n{F0000UV0001!0W15fkdZbhd1OgMK~y-6?UOqSfItid--sZ19WP?N zr}T6dHnDa;kcAW}oGz~z@*$X+B3VLhzi Date: Tue, 29 Oct 2024 06:18:49 +0000 Subject: [PATCH 27/36] Bump com.fasterxml.jackson.core:jackson-core from 2.18.0 to 2.18.1 Bumps [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) from 2.18.0 to 2.18.1. - [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.18.0...jackson-core-2.18.1) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 75daf23e..7a51aa43 100644 --- a/pom.xml +++ b/pom.xml @@ -35,7 +35,7 @@ com.fasterxml.jackson.core jackson-core - 2.18.0 + 2.18.1 From 9c2ed4fc03922343f5df8ef01bce2dee0af44ed1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 06:18:52 +0000 Subject: [PATCH 28/36] Bump com.fasterxml.jackson.core:jackson-databind from 2.18.0 to 2.18.1 Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.18.0 to 2.18.1. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 75daf23e..e47473e1 100644 --- a/pom.xml +++ b/pom.xml @@ -41,7 +41,7 @@ com.fasterxml.jackson.core jackson-databind - 2.18.0 + 2.18.1 From 8b76b34cf44a308571777b09355a2be29722ddc6 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Wed, 30 Oct 2024 17:08:33 +0100 Subject: [PATCH 29/36] Fix space distribution in Formatting tab --- .../java/de/usd/cstchef/view/RecipePanel.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index dcad4377..4721d575 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -3,6 +3,7 @@ import java.awt.BorderLayout; import java.awt.Color; import java.awt.Component; +import java.awt.Dimension; import java.awt.Font; import java.awt.GridBagConstraints; import java.awt.GridBagLayout; @@ -127,6 +128,13 @@ public RecipePanel(BurpOperation operation, MessageType messageType) { inputText = new BurpEditorWrapper(controllerOrig, messageType, this); inputPanel.add(inputText.uiComponent()); + /* + * This is necessary to have the distribution of space in all of the three RecipePanels uniform. + * Request and Response Editor have different default sizes than the Raw Editor. + */ + inputPanel.setPreferredSize(new Dimension(248, 0)); + inputPanel.setMinimumSize(new Dimension(248, 0)); + // create output panel JPanel outputPanel = new LayoutPanel("Output"); outputText = new BurpEditorWrapper(controllerMod, messageType, this); @@ -176,6 +184,10 @@ public void actionPerformed(ActionEvent arg0) { JPanel operationsPanel = new LayoutPanel("Operations"); operationsPanel.add(searchTreePanel); operationsPanel.setBackground(Color.WHITE); + + operationsPanel.setPreferredSize(new Dimension(100, 0)); + operationsPanel.setMinimumSize(new Dimension(100, 0)); + inOut.setTopComponent(inputPanel); inOut.setBottomComponent(outputPanel); inOut.setResizeWeight(0.5); @@ -193,6 +205,10 @@ public void actionPerformed(ActionEvent arg0) { JButton filters = new JButton("Filter"); if(this.operation != BurpOperation.FORMAT) activeOperationsPanel.addActionComponent(filters); + + activeOperationsPanel.setPreferredSize(new Dimension(393, 0)); + activeOperationsPanel.setMinimumSize(new Dimension(393, 0)); + filters.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent e) { @@ -360,7 +376,7 @@ public void actionPerformed(ActionEvent e) { JSplitPane opsInOut = new JSplitPane(); - opsInOut.setResizeWeight(0.5); + opsInOut.setResizeWeight(0.7); opsInOut.setLeftComponent(activeOperationsPanel); opsInOut.setRightComponent(inOut); From 3db9c14f9dfacaf407906226f4b88cd52ad7fe55 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Wed, 30 Oct 2024 18:25:04 +0100 Subject: [PATCH 30/36] Rename Epoch operations --- .../de/usd/cstchef/operations/datetime/TimestampOffset.java | 2 +- .../java/de/usd/cstchef/operations/datetime/UnixTimestamp.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/de/usd/cstchef/operations/datetime/TimestampOffset.java b/src/main/java/de/usd/cstchef/operations/datetime/TimestampOffset.java index 2184cd5a..2e8c3af8 100644 --- a/src/main/java/de/usd/cstchef/operations/datetime/TimestampOffset.java +++ b/src/main/java/de/usd/cstchef/operations/datetime/TimestampOffset.java @@ -15,7 +15,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.view.ui.VariableTextField; -@OperationInfos(name = "Unix Timestamp Offset", category = OperationCategory.DATES, description = "Returns a Epoch timestamp shifted into future or past.") +@OperationInfos(name = "Unix/Epoch Timestamp Offset", category = OperationCategory.DATES, description = "Returns a Epoch timestamp shifted into future or past.") public class TimestampOffset extends Operation { private VariableTextField offsetTxt; diff --git a/src/main/java/de/usd/cstchef/operations/datetime/UnixTimestamp.java b/src/main/java/de/usd/cstchef/operations/datetime/UnixTimestamp.java index 7c4a65ab..26083753 100644 --- a/src/main/java/de/usd/cstchef/operations/datetime/UnixTimestamp.java +++ b/src/main/java/de/usd/cstchef/operations/datetime/UnixTimestamp.java @@ -8,7 +8,7 @@ import de.usd.cstchef.operations.Operation.OperationInfos; import de.usd.cstchef.operations.OperationCategory; -@OperationInfos(name = "Unix Timestamp", category = OperationCategory.DATES, description = "Returnes the current unix timestamp.") +@OperationInfos(name = "Unix/Epoch Timestamp", category = OperationCategory.DATES, description = "Returnes the current unix/epoch timestamp.") public class UnixTimestamp extends Operation { private JCheckBox milliBox; From 14f0f08729346b84a6ae2b3c00c40205b14d64b5 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Thu, 31 Oct 2024 09:09:13 +0100 Subject: [PATCH 31/36] Fix outputPanel size --- src/main/java/de/usd/cstchef/view/RecipePanel.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index 4721d575..b1c64b90 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -140,6 +140,9 @@ public RecipePanel(BurpOperation operation, MessageType messageType) { outputText = new BurpEditorWrapper(controllerMod, messageType, this); outputPanel.add(outputText.uiComponent()); + outputPanel.setPreferredSize(new Dimension(248, 0)); + outputPanel.setMinimumSize(new Dimension(248, 0)); + JPanel searchTreePanel = new JPanel(); searchTreePanel.setLayout(new BorderLayout()); PlaceholderTextField searchText = new PlaceholderTextField("Search"); From dd95049b772f4baec63d07e84fcc5c05bda1de04 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Thu, 31 Oct 2024 10:33:39 +0100 Subject: [PATCH 32/36] Bump dependency --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 75daf23e..e9746f08 100644 --- a/pom.xml +++ b/pom.xml @@ -28,8 +28,8 @@ org.bouncycastle - bcprov-jdk15on - 1.70 + bcprov-jdk18on + 1.78 From e535b6c5106d291a9f2a1183e28fff23e4efea04 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Thu, 31 Oct 2024 10:36:47 +0100 Subject: [PATCH 33/36] Fix return of Null Byte --- src/main/java/burp/BurpUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/burp/BurpUtils.java b/src/main/java/burp/BurpUtils.java index ce1cef66..da6fde99 100644 --- a/src/main/java/burp/BurpUtils.java +++ b/src/main/java/burp/BurpUtils.java @@ -60,7 +60,7 @@ public static boolean inBurp() { } public static ByteArray subArray(ByteArray array, int start, int end){ - return start == end ? ByteArray.byteArray(0) : array.subArray( start, end); + return start == end ? ByteArray.byteArrayOfLength(0) : array.subArray( start, end); } } From d9070ebc588d3706d98caeb06f04f37bf866d300 Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Thu, 31 Oct 2024 14:22:39 +0100 Subject: [PATCH 34/36] Fix boolean autoBake not set to false --- src/main/java/de/usd/cstchef/view/RecipePanel.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/de/usd/cstchef/view/RecipePanel.java b/src/main/java/de/usd/cstchef/view/RecipePanel.java index b1c64b90..8d567487 100644 --- a/src/main/java/de/usd/cstchef/view/RecipePanel.java +++ b/src/main/java/de/usd/cstchef/view/RecipePanel.java @@ -401,6 +401,7 @@ public void actionPerformed(ActionEvent e) { public void disableAutobakeIfFilterActive() { for(Boolean b : BurpUtils.getInstance().getFilterState().getIncomingFilterSettings().values()) { if(b) { + this.autoBake = false; this.bakeCheckBox.setSelected(false); this.bakeButton.setEnabled(true); this.bakeCheckBox.setEnabled(false); @@ -415,6 +416,7 @@ else if(!this.bakeCheckBox.isEnabled() && !b) { for(Boolean b : BurpUtils.getInstance().getFilterState().getOutgoingFilterSettings().values()) { if(b) { + this.autoBake = false; this.bakeCheckBox.setSelected(false); this.bakeButton.setEnabled(true); this.bakeCheckBox.setEnabled(false); From 9db70a50a34684a10cd94e01c561ff2a7f5768da Mon Sep 17 00:00:00 2001 From: Felix Buschbeck Date: Thu, 31 Oct 2024 16:32:22 +0100 Subject: [PATCH 35/36] Add version 1.3.4 --- CHANGELOG.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 55644480..64699821 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,33 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.3.4] - 2024-11-01 + +### Added + +* Add functionality to add or remove lanes +* Add CSTC Formatting Tab to Message Editor to view Formatting output +* Add Xml Setter Operation +* Add Strip Operation to remove leading or trailing whitespaces +* Add Collapse All / Expand All buttons to Operations Tree + +### Changed + +* Refactor Http Xml Setter Operation +* Disable Bake button when Autobake is enabled +* Refactor Operations Tree for Outgoing/Incoming/Formatting to not contain redundant operations + +### Removed + +* Remove Whitespace Operation + +### Fixed + +* Fix UI bug of shifted component layout in Formatting Tab +* Fix appearance of Null Bytes in various operations +* Fix possible Race Condition on stored variables with Autobake enabled and Filter active + + ## [1.3.3] - 2024-07-30 ### Fixed From e01d02135c3890a6cd76cdb83b1e8c0850c743de Mon Sep 17 00:00:00 2001 From: fhaag95 Date: Fri, 1 Nov 2024 08:52:36 +0100 Subject: [PATCH 36/36] Edit Changelog.md --- CHANGELOG.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 64699821..98d13aee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Add Xml Setter Operation * Add Strip Operation to remove leading or trailing whitespaces * Add Collapse All / Expand All buttons to Operations Tree +* Add Remove Whitespace Operation ### Changed @@ -22,10 +23,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Disable Bake button when Autobake is enabled * Refactor Operations Tree for Outgoing/Incoming/Formatting to not contain redundant operations -### Removed - -* Remove Whitespace Operation - ### Fixed * Fix UI bug of shifted component layout in Formatting Tab