Merge pull request #151 from usdAG/develop

Release v1.3.2

CHANGELOG.md

@@ -6,6 +6,24 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [1.3.2] - 2024-07-16
+
+### Added
+
+* Add operation JSON Beautifier
+* Add Sequencer filter option
+* Add GZIP operation option to set the compression level
+* Add comment function to operations and recipe lanes
+* Add editable lane names
+
+### Changed
+
+* Fix the emergence of null bytes when using variables
+* Fix GUI issues with using the operation Drag-and-Drop
+* Change the saved recipe structure and add CSTC version, operation comments, lane comments and lane names
+* Refactor operation button icons
+
+
 ## [1.3.1] - 2024-05-22
 
 ### Added

README.md

@@ -83,6 +83,15 @@ Take a look at our basic tutorial on [YouTube](https://www.youtube.com/watch?v=B
 **UPDATE:** Due to some incompatibility issues when installing *CSTC* via *BApp Store*, we had to switch to a new variable prefix.
 Variables from other *lanes* have now to be prefixed by ``$`` e.g. like ``$Outgoing_step1``.
 
+## FAQ
+
+### How does the CSTC interact with other Extensions?
+
+Requests and responses pass through the extensions in the order that they are listed, from top to bottom (as described [here](https://portswigger.net/burp/documentation/desktop/extensions/managing-extensions)).
+Depending on the extensions in use, it may make sense to adjust the position of the CSTC. If you want to process a request manipulated by the CSTC in another extension,
+the CSTC should be positioned above this extension. Conversely, the CSTC should be positioned below an extension if the CSTC is to work with the response processed by the extension in question.
+Currently the Burp Montoya API doesn't offer a way to change this order automatically, therefore the CSTC cannot influence the interaction with other extensions itself.
+
 ## Feedback
 
 We gladly appreciate all feedback, bug reports and feature requests.

pom.xml

@@ -4,7 +4,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.usd.CSTC</groupId>
 	<artifactId>CSTC</artifactId>
-	<version>1.3.1</version>
+	<version>1.3.2</version>
 	<name>CSTC</name>
 	<description>CSTC</description>
 
@@ -35,13 +35,13 @@
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-core</artifactId>
-			<version>2.17.1</version>
+			<version>2.17.2</version>
 		</dependency>
 
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.17.1</version>
+			<version>2.17.2</version>
 		</dependency>
 
 		<dependency>
@@ -85,6 +85,7 @@
 
 			<resource>
 				<directory>res</directory>
+				<filtering>true</filtering>
 			</resource>
 
 		</resources>
@@ -102,7 +103,7 @@
 			<plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.2.5</version>
+                <version>3.3.1</version>
                 <configuration>
         		  <trimStackTrace>false</trimStackTrace>
 				  <redirectTestOutputToFile>true</redirectTestOutputToFile>

res/version.properties

@@ -0,0 +1 @@
+version = ${project.version}

src/main/java/burp/BurpExtender.java

@@ -26,7 +26,6 @@ public void initialize(MontoyaApi api) {
         api.http().registerHttpHandler(new CstcHttpHandler(view));
         api.userInterface().registerSuiteTab(extensionName, view);
         api.userInterface().registerHttpRequestEditorProvider(new MyHttpRequestEditorProvider(view));
-        api.userInterface().registerHttpResponseEditorProvider(new MyHttpResponseEditorProvider(view));
 
         if (!api.burpSuite().version().edition().equals(BurpSuiteEdition.COMMUNITY_EDITION)) {
             PersistedObject persistence = api.persistence().extensionData();

src/main/java/burp/CstcHttpHandler.java

@@ -28,7 +28,6 @@ public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent reque
         if (BurpUtils.getInstance().getFilterState().shouldProcess(FilterState.BurpOperation.OUTGOING, requestToBeSent.toolSource())) {
             ByteArray request = requestToBeSent.toByteArray();
             ByteArray modifiedRequest = view.getOutgoingRecipePanel().bake(request, MessageType.REQUEST);
-            Logger.getInstance().log("modified request: \n" + new String(modifiedRequest.getBytes()));
             return continueWith(HttpRequest.httpRequest(modifiedRequest).withService(requestToBeSent.httpService()));
         }
         else{
@@ -41,7 +40,6 @@ public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived re
         if (BurpUtils.getInstance().getFilterState().shouldProcess(FilterState.BurpOperation.INCOMING, responseReceived.toolSource())) {
             ByteArray response = responseReceived.toByteArray();
             ByteArray modifiedResponse = view.getIncomingRecipePanel().bake(response, MessageType.RESPONSE);
-            Logger.getInstance().log("modified response: \n" + new String(modifiedResponse.getBytes()));
             return continueWith(HttpResponse.httpResponse(modifiedResponse));
         }
         else{

src/main/java/burp/MyExtensionProvidedHttpRequestEditor.java

@@ -2,8 +2,10 @@
 
 import burp.api.montoya.MontoyaApi;
 import burp.api.montoya.core.ByteArray;
+import burp.api.montoya.core.ToolType;
 import burp.api.montoya.http.message.HttpRequestResponse;
 import burp.api.montoya.http.message.requests.HttpRequest;
+import burp.api.montoya.repeater.Repeater;
 import burp.api.montoya.ui.Selection;
 import burp.api.montoya.ui.editor.EditorOptions;
 import burp.api.montoya.ui.editor.RawEditor;
@@ -23,9 +25,16 @@ public class MyExtensionProvidedHttpRequestEditor implements ExtensionProvidedHt
 
     MyExtensionProvidedHttpRequestEditor(EditorCreationContext creationContext, View view)
     {
-        this.api = BurpUtils.getInstance().getApi();
-        this.view = view;
-        requestEditor = api.userInterface().createRawEditor(EditorOptions.READ_ONLY);
+        if(creationContext.toolSource().isFromTool(ToolType.REPEATER)) {
+            this.api = BurpUtils.getInstance().getApi();
+            this.view = view;
+            requestEditor = api.userInterface().createRawEditor(EditorOptions.READ_ONLY);
+        }
+        else {
+            this.api = null;
+            this.view = null;
+            this.requestEditor = null;
+        }
     }
 
     @Override

src/main/java/de/usd/cstchef/Utils.java

@@ -59,6 +59,7 @@
 import de.usd.cstchef.operations.conditional.StringContains;
 import de.usd.cstchef.operations.conditional.StringMatch;
 import de.usd.cstchef.operations.dataformat.FromBase64;
+import de.usd.cstchef.operations.dataformat.JsonBeautifier;
 import de.usd.cstchef.operations.dataformat.FromHex;
 import de.usd.cstchef.operations.dataformat.HtmlDecode;
 import de.usd.cstchef.operations.dataformat.HtmlEncode;
@@ -217,8 +218,11 @@ public static HttpRequest addCookieToHttpRequest(HttpRequest request, Cookie coo
     }
 
     public static ByteArray insertAtOffset(ByteArray input, int start, int end, ByteArray newValue) {
-        ByteArray prefix = BurpUtils.subArray(input, 0, start);
-        ByteArray rest = BurpUtils.subArray(input, end, input.length());
+        ByteArray prefix = input.subArray(0, start);
+        ByteArray rest = input.subArray(0, 0);
+        if(end < input.length()) {
+            rest = input.subArray(end, input.length());
+        }
 
         ByteArray output = prefix.withAppended(newValue).withAppended(rest);
         return output;
@@ -318,7 +322,7 @@ public static Class<? extends Operation>[] getOperationsDev() {
                 TimestampOffset.class, TimestampToDateTime.class, ToBase64.class, ToHex.class, UnixTimestamp.class,
                 UrlDecode.class, UrlEncode.class,
                 Whirlpool.class, WriteFile.class, XmlFullSignature.class, XmlMultiSignature.class,
-                Xor.class, SoapMultiSignature.class, Luhn.class, Concatenate.class
+                Xor.class, SoapMultiSignature.class, Luhn.class, Concatenate.class, JsonBeautifier.class
         };
     }
 

src/main/java/de/usd/cstchef/operations/Operation.java

@@ -9,6 +9,8 @@
 import java.awt.Font;
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
+import java.awt.event.MouseEvent;
+import java.awt.event.MouseListener;
 import java.io.EOFException;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
@@ -19,6 +21,7 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.swing.Action;
 import javax.swing.BorderFactory;
 import javax.swing.Box;
 import javax.swing.BoxLayout;
@@ -28,6 +31,7 @@
 import javax.swing.JComboBox;
 import javax.swing.JFileChooser;
 import javax.swing.JLabel;
+import javax.swing.JOptionPane;
 import javax.swing.JPanel;
 import javax.swing.JPasswordField;
 import javax.swing.JSpinner;
@@ -68,6 +72,8 @@ public abstract class Operation extends JPanel {
     private static ImageIcon disableIcon = new ImageIcon(Operation.class.getResource("/disable.png"));
     private static ImageIcon removeIcon = new ImageIcon(Operation.class.getResource("/remove.png"));
     private static ImageIcon helpIcon = new ImageIcon(Operation.class.getResource("/help.png"));
+    private static ImageIcon commentIcon = new ImageIcon(Operation.class.getResource("/comment.png"));
+    private static ImageIcon noCommentIcon = new ImageIcon(Operation.class.getResource("/no_comment.png"));
 
     private NotifyChangeListener notifyChangeListener;
 
@@ -80,6 +86,9 @@ public abstract class Operation extends JPanel {
     private Box contentBox;
     private Map<String, Component> uiElements;
 
+    private String comment;
+    private JButton commentBtn;
+
     private int operationSkip = 0;
     private int laneSkip = 0;
 
@@ -122,6 +131,19 @@ public Operation() {
         removeBtn.setToolTipText("Remove");
         JButton helpBtn = createIconButton(Operation.helpIcon);
         helpBtn.setToolTipText(opInfos.description());
+        commentBtn = createIconButton(noCommentIcon);
+
+        commentBtn.addActionListener(new ActionListener() {
+            public void actionPerformed(ActionEvent e) {
+                commentBtn.setToolTipText(getComment());
+                String comment = JOptionPane.showInputDialog("Edit comment:", commentBtn.getToolTipText());
+                commentBtn.setToolTipText(comment);
+                setComment(comment);
+                ImageIcon newIcon = comment.isEmpty() ? Operation.noCommentIcon : Operation.commentIcon;
+                commentBtn.setIcon(newIcon);
+            }
+        });
+
 
         disableBtn.addActionListener(new ActionListener() {
             @Override
@@ -162,6 +184,8 @@ public void actionPerformed(ActionEvent e) {
         header.add(titleLbl);
         header.add(Box.createHorizontalStrut(6));
         header.add(helpBtn);
+        header.add(Box.createHorizontalStrut(3));
+        header.add(commentBtn);
         header.add(Box.createHorizontalGlue());
         header.add(disableBtn);
         header.add(Box.createHorizontalStrut(3));
@@ -189,6 +213,18 @@ public void actionPerformed(ActionEvent e) {
         this.refreshColors();
     }
 
+    public String getComment() {
+        return this.comment;
+    }
+
+    public void setComment(String comment) {
+        if(comment != null) {
+            this.comment = comment;
+            commentBtn.setIcon(Operation.commentIcon);
+            commentBtn.setToolTipText(comment);
+        }
+    }
+
     public Map<String, Object> getState() {
         Map<String, Object> properties = new HashMap<>();
         for (String key : this.uiElements.keySet()) {