Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Check for responses starting with "token". Avoid rewriting X-Authori… #5

Merged
merged 1 commit into from
Dec 14, 2018
Merged

Check for responses starting with "token". Avoid rewriting X-Authori… #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@

// JAVA_HOME=c:/jdk8 gradle --no-daemon assemble

plugins {
id 'java'
}

repositories {
// jcenter()
maven {
url "${artifactory_url}"
credentials {
username = "${artifactory_user}"
password = "${artifactory_password}"
}
}
}

sourceSets {
main {
java {
srcDirs = ['src']
}
}
}

82 changes: 38 additions & 44 deletions src/burp/BurpExtender.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,17 @@
package burp;
// vim: et:ts=4:sts=4:sw=4:fileencoding=utf-8

import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.Random;
import java.util.TimeZone;
import java.text.SimpleDateFormat;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.MessageDigest;
//import org.apache.commons.lang.StringEscapeUtils;


public class BurpExtender implements burp.IBurpExtender, burp.IHttpListener
{
private burp.IExtensionHelpers helpers;
private PrintWriter stdout;
private PrintWriter stderr;

private int counter = 0;
private String nextToken = "";
private int nextTokenLen = 0;

//
// implement IBurpExtender
Expand Down Expand Up @@ -52,6 +39,7 @@ public void registerExtenderCallbacks(burp.IBurpExtenderCallbacks callbacks)
public void processHttpMessage(int toolFlag, boolean messageIsRequest, burp.IHttpRequestResponse messageInfo)
{
boolean updated = false;
String[] checks = new String[]{ "{\"access_token\":\"", "{\"token\":\"" };

// only process requests
if (messageIsRequest) {
Expand All @@ -65,34 +53,31 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, burp.IHtt
// get the request body
String reqBody = request.substring(iRequest.getBodyOffset());


String uri = "";
String httpmethod = "";
String hash = "";


//Get all the data needed
httpmethod = headers.get(0).split(" ")[0];
uri = headers.get(0).split(" ")[1];

String[] pieces = headers.get(0).split(" ", 3);
String httpmethod = pieces[0];
String uri = pieces[1];

//Update Token Logic
if (!nextToken.equals("")) {

//Code for updating a token in a Header
//log old header & update new header
for (int i = 0; i < headers.size(); i++)
{
String H = headers.get(i);

if (H.contains("Authorization:")) {
hash = H.split(" ")[2];
stdout.println("Authorization header used to be: " + hash);
H = "Authorization: Bearer " + nextToken;
if (H.toLowerCase().startsWith("authorization:")) {
pieces = H.split(" ", 3);
if (pieces[1].toLowerCase().equals("bearer")) {
String hash = pieces[2];
int hashLen = hash.length();
stdout.println("Replacing " + (hashLen < 8 ? hash : hash.substring(0, 4) + "..." + hash.substring(hashLen - 4, hashLen))
+ " with " + (nextTokenLen < 8 ? nextToken : nextToken.substring(0, 4) + "..." + nextToken.substring(nextTokenLen - 4, nextTokenLen)));
H = pieces[0] + " " + pieces[1] + " " + nextToken;
headers.set(i, H);
updated = true;
break;
}
}

headers.set(i, H);
updated = true;
}

//helpers.updateParameter should work here, but you can't update the iParmaeter using helpers
Expand All @@ -112,16 +97,20 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, burp.IHtt
}

if (updated) {
/*
stdout.println("-----Request Before Plugin Update-------");
stdout.println(helpers.bytesToString(messageInfo.getRequest()));
stdout.println("-----end output-------");
*/

byte[] message = helpers.buildHttpMessage(headers, reqBody.getBytes());
messageInfo.setRequest(message);

/*
stdout.println("-----Request After Plugin Update-------");
stdout.println(helpers.bytesToString(messageInfo.getRequest()));
stdout.println("-----end output-------");
*/
}
}
else//it's a response - grab a new token
Expand All @@ -132,17 +121,22 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, burp.IHtt

//start at {"access_token":"
//end at "
if (response.contains("{\"access_token\":\"")) {
//get next csrf token
String startMatch = "{\"access_token\":\"";
String endMatch = "\"";
int tokenStartIndex = response.indexOf(startMatch) + startMatch.length();
int tokenEndIndex = response.indexOf(endMatch, tokenStartIndex+1);
stdout.println("tokenStartIndex: " + tokenStartIndex);
stdout.println("tokenEndIndex: " + tokenEndIndex);
nextToken = response.substring(tokenStartIndex, tokenEndIndex);
stdout.println("grabbed token: " + nextToken);

for (String check: checks) {
if (response.contains(check)) {
//get next csrf token
String startMatch = check;
String endMatch = "\"";
int tokenStartIndex = response.indexOf(startMatch) + startMatch.length();
int tokenEndIndex = response.indexOf(endMatch, tokenStartIndex+1);
/*
stdout.println("tokenStartIndex: " + tokenStartIndex);
stdout.println("tokenEndIndex: " + tokenEndIndex);
*/
nextToken = response.substring(tokenStartIndex, tokenEndIndex);
nextTokenLen = nextToken.length();
// stdout.println("grabbed token: " + nextToken);
break;
}
}
}
}
Expand Down