From a4a3b6fc5696ea943d6d8b4b713dbee8b0da9658 Mon Sep 17 00:00:00 2001 From: user Date: Sat, 23 Jul 2022 15:02:46 -0400 Subject: [PATCH 1/4] Add GOST3412 (Kuznechik) support Add bouncycastle dependepcy for GOST encryption --- build.gradle | 2 ++ src/main/java/burp/AES_Killer.form | 2 +- src/main/java/burp/AES_Killer.java | 13 +++++++------ src/main/java/burp/BurpExtender.java | 17 ++++++++++++++--- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/build.gradle b/build.gradle index d23e216..490aa27 100644 --- a/build.gradle +++ b/build.gradle @@ -11,10 +11,12 @@ repositories { dependencies { implementation 'net.portswigger.burp.extender:burp-extender-api:2.1' + implementation 'org.bouncycastle:bcprov-jdk15on:1.68' } jar { from { configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } } + exclude("META-INF/BC1024KE.DSA","META-INF/BC1024KE.SF","META-INF/BC2048KE.DSA","META-INF/BC2048KE.SF") } \ No newline at end of file diff --git a/src/main/java/burp/AES_Killer.form b/src/main/java/burp/AES_Killer.form index 550cb7d..bcb6404 100644 --- a/src/main/java/burp/AES_Killer.form +++ b/src/main/java/burp/AES_Killer.form @@ -102,7 +102,7 @@ - + diff --git a/src/main/java/burp/AES_Killer.java b/src/main/java/burp/AES_Killer.java index b251781..7c85eb2 100644 --- a/src/main/java/burp/AES_Killer.java +++ b/src/main/java/burp/AES_Killer.java @@ -254,7 +254,7 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { .addComponent(jButton1, javax.swing.GroupLayout.PREFERRED_SIZE, 222, javax.swing.GroupLayout.PREFERRED_SIZE)) .addComponent(jTextField7)) .addComponent(jLabel8)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 434, Short.MAX_VALUE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 430, Short.MAX_VALUE) .addComponent(jPanel12, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addGap(18, 18, 18) .addComponent(jPanel10, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) @@ -292,7 +292,7 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { jLabel1.setText("Select Encryption"); - jComboBox1.setModel(new javax.swing.DefaultComboBoxModel(new String[] { "AES/CBC/PKCS5Padding", "AES/ECB/PKCS5Padding" })); + jComboBox1.setModel(new javax.swing.DefaultComboBoxModel(new String[] { "AES/CBC/PKCS5Padding", "AES/ECB/PKCS5Padding", "GOST3412-2015/ECB/PKCS7Padding" })); jComboBox1.setName("encryption_type"); // NOI18N jLabel2.setText("Secret Key (Base64 Encoded)"); @@ -403,14 +403,15 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { jTextField3.setName("req_parameter"); // NOI18N - buttonGroup3.add(jCheckBox6); + //buttonGroup3.add(jCheckBox6); jCheckBox6.setText("Override Complete request body (After decrypting - Form)"); jCheckBox6.setName("override_req"); // NOI18N - buttonGroup3.add(jCheckBox16); + //buttonGroup3.add(jCheckBox16); jCheckBox16.setText("Override Complete request body (After decrypting - JSON)"); jCheckBox16.setName("override_req"); // NOI18N + javax.swing.GroupLayout jPanel7Layout = new javax.swing.GroupLayout(jPanel7); jPanel7.setLayout(jPanel7Layout); jPanel7Layout.setHorizontalGroup( @@ -461,7 +462,7 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { jTextField4.setName("req_parameter"); // NOI18N - buttonGroup4.add(jCheckBox7); + //buttonGroup4.add(jCheckBox7); jCheckBox7.setText("Override Complete response body (After decrypting - Form)"); jCheckBox7.setName("override_res"); // NOI18N jCheckBox7.addActionListener(new java.awt.event.ActionListener() { @@ -473,7 +474,7 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { buttonGroup1.add(jCheckBox15); jCheckBox15.setText("Ignore Response"); - buttonGroup4.add(jCheckBox17); + //buttonGroup4.add(jCheckBox17); jCheckBox17.setText("Override Complete response body (After decrypting - JSON)"); jCheckBox17.setName("override_res"); // NOI18N jCheckBox17.addActionListener(new java.awt.event.ActionListener() { diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index f4f0d2a..aa3dbb2 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -8,11 +8,15 @@ import java.awt.Component; import java.io.PrintWriter; import java.net.URL; +import java.security.Security; import java.util.List; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; +import org.bouncycastle.jce.provider.BouncyCastleProvider; + + /** * * @author n00b @@ -21,7 +25,7 @@ public class BurpExtender implements IBurpExtender, ITab, IHttpListener, IProxyL public String ExtensionName = "AES Killer"; public String TabName = "AES Killer"; - public String _Header = "AES: Killer"; + public String _Header = "Aes: Killer"; AES_Killer _aes_killer; public IBurpExtenderCallbacks callbacks; @@ -138,8 +142,12 @@ public String do_0bff(String _paramString) { public String do_decrypt(String _enc_str){ try{ + Security.addProvider(new BouncyCastleProvider()); cipher = Cipher.getInstance(this._enc_type); - sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES"); + //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES"); + //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"GOST3412-2015"); + String alg = this._enc_type.split("/")[0]; + sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),alg); if (this._exclude_iv){ cipher.init(Cipher.DECRYPT_MODE, sec_key); @@ -163,7 +171,10 @@ public String do_decrypt(String _enc_str){ public String do_encrypt(String _dec_str){ try{ cipher = Cipher.getInstance(this._enc_type); - sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES"); + //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"GOST3412-2015"); + //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES"); + String alg = this._enc_type.split("/")[0]; + sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),alg); if (this._exclude_iv){ cipher.init(Cipher.ENCRYPT_MODE, sec_key); From f7c143a8223834544f2bd81ebceac76377ec8566 Mon Sep 17 00:00:00 2001 From: user Date: Sat, 23 Jul 2022 15:18:25 -0400 Subject: [PATCH 2/4] Add saving state to burpproject file Add additional tab (AESKiller Decoder) to packet viewers: scanner logs, logger++, etc... - It is useful to view in cleartext fuzzing results --- build.gradle | 1 + src/main/java/burp/AES_Killer.java | 104 ++++++++++++++++++++- src/main/java/burp/BurpExtender.java | 135 +++++++++++++++++++++++---- 3 files changed, 221 insertions(+), 19 deletions(-) diff --git a/build.gradle b/build.gradle index 490aa27..6aa9cac 100644 --- a/build.gradle +++ b/build.gradle @@ -12,6 +12,7 @@ repositories { dependencies { implementation 'net.portswigger.burp.extender:burp-extender-api:2.1' implementation 'org.bouncycastle:bcprov-jdk15on:1.68' + implementation 'com.google.code.gson:gson:2.7' } jar { diff --git a/src/main/java/burp/AES_Killer.java b/src/main/java/burp/AES_Killer.java index 7c85eb2..294fe55 100644 --- a/src/main/java/burp/AES_Killer.java +++ b/src/main/java/burp/AES_Killer.java @@ -5,9 +5,19 @@ */ package burp; +import java.io.IOException; +import java.lang.reflect.Type; import java.net.URL; +import java.util.HashMap; +import java.util.Map; import javax.swing.JOptionPane; +import com.google.gson.Gson; +import com.google.gson.reflect.TypeToken; + + + + /** * * @author n00b @@ -22,9 +32,10 @@ public class AES_Killer extends javax.swing.JPanel { public AES_Killer(BurpExtender _b) { this._burpObj = _b; + //this.callbacks = _b.callbacks; initComponents(); - - + + //_b.callbacks. this.jCheckBox9.setSelected(true); this.jCheckBox10.setSelected(true); @@ -37,6 +48,89 @@ public AES_Killer(BurpExtender _b) { this.jCheckBox12.setEnabled(false); } + private void loadConfig(){ + + String AesKillerConfig = _burpObj.callbacks.loadExtensionSetting("AES_Killer_Data"); + + try { + Gson gson = new Gson(); + Type confMapType = new TypeToken>() { + }.getType(); + Map map = gson.fromJson(AesKillerConfig, confMapType); + + + jTextField1.setText(map.get("jTextField1").toString()); + jTextField2.setText(map.get("jTextField2").toString()); + jTextField3.setText(map.get("jTextField3").toString()); + jTextField4.setText(map.get("jTextField4").toString()); + jTextField5.setText(map.get("jTextField5").toString()); + jTextField6.setText(map.get("jTextField6").toString()); + jTextField7.setText(map.get("jTextField7").toString()); + + jCheckBox1.setSelected(Boolean.parseBoolean(map.get("jCheckBox1").toString())); + jCheckBox2.setSelected(Boolean.parseBoolean(map.get("jCheckBox2").toString())); + jCheckBox3.setSelected(Boolean.parseBoolean(map.get("jCheckBox3").toString())); + jCheckBox4.setSelected(Boolean.parseBoolean(map.get("jCheckBox4").toString())); + jCheckBox5.setSelected(Boolean.parseBoolean(map.get("jCheckBox5").toString())); + jCheckBox6.setSelected(Boolean.parseBoolean(map.get("jCheckBox6").toString())); + jCheckBox7.setSelected(Boolean.parseBoolean(map.get("jCheckBox7").toString())); + jCheckBox8.setSelected(Boolean.parseBoolean(map.get("jCheckBox8").toString())); + jCheckBox13.setSelected(Boolean.parseBoolean(map.get("jCheckBox13").toString())); + jCheckBox14.setSelected(Boolean.parseBoolean(map.get("jCheckBox14").toString())); + jCheckBox15.setSelected(Boolean.parseBoolean(map.get("jCheckBox15").toString())); + jCheckBox16.setSelected(Boolean.parseBoolean(map.get("jCheckBox16").toString())); + jCheckBox17.setSelected(Boolean.parseBoolean(map.get("jCheckBox17").toString())); + + jComboBox1.setSelectedItem(map.get("jComboBox1")); + _burpObj.callbacks.printOutput(AesKillerConfig); + _burpObj.callbacks.printOutput("AESKiller config loaded !"); + } catch (RuntimeException e) { + _burpObj.callbacks.printError(e.toString()); + _burpObj.callbacks.printOutput("Error load AESKiller config !"); + } + + } + + private void saveConfig(){ + try { + Object obj = this; + Map map = new HashMap<>(); + // Convert a map having list of values. + map.put("jTextField7", jTextField7.getText()); + map.put("jCheckBox8", jCheckBox8.isSelected()); + map.put("jCheckBox13", jCheckBox13.isSelected()); + map.put("jCheckBox14", jCheckBox14.isSelected()); + map.put("jComboBox1", jComboBox1.getSelectedItem()); + map.put("jTextField1", jTextField1.getText()); + map.put("jTextField2", jTextField2.getText()); + map.put("jCheckBox1", jCheckBox1.isSelected()); + map.put("jTextField5", jTextField5.getText()); + map.put("jTextField6", jTextField6.getText()); + map.put("jCheckBox2", jCheckBox2.isSelected()); + map.put("jCheckBox3", jCheckBox3.isSelected()); + map.put("jTextField3", jTextField3.getText()); + map.put("jCheckBox6", jCheckBox6.isSelected()); + map.put("jCheckBox16", jCheckBox16.isSelected()); + map.put("jCheckBox4", jCheckBox4.isSelected()); + map.put("jCheckBox5", jCheckBox5.isSelected()); + map.put("jTextField4", jTextField4.getText()); + map.put("jCheckBox7", jCheckBox7.isSelected()); + map.put("jCheckBox15", jCheckBox15.isSelected()); + map.put("jCheckBox17", jCheckBox17.isSelected()); + + String AesKillerConfig = new Gson().toJson(map); + + _burpObj.callbacks.saveExtensionSetting("AES_Killer_Data", AesKillerConfig); + _burpObj.callbacks.printOutput(AesKillerConfig); + _burpObj.callbacks.printOutput("AESKiller config saved !"); + } + catch (RuntimeException e) { + _burpObj.callbacks.printError(e.toString()); + //this.callbacks.printOutput(e.toString()); + } + } + + /** * This method is called from within the constructor to initialize the form. * WARNING: Do NOT modify this code. The content of this method is always @@ -576,6 +670,8 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { jSplitPane1.setRightComponent(jPanel11); add(jSplitPane1); + + loadConfig(); }// //GEN-END:initComponents public Boolean is_string_empty(String _str){ @@ -742,7 +838,9 @@ private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRS // Change Enable / Disable Button this.jButton2.setEnabled(false); this.jButton1.setEnabled(true); - + + saveConfig(); + JOptionPane.showMessageDialog(this, "AES Killer started !!!"); }//GEN-LAST:event_jButton2ActionPerformed diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index aa3dbb2..52a31d9 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -17,11 +17,13 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; + + /** * * @author n00b */ -public class BurpExtender implements IBurpExtender, ITab, IHttpListener, IProxyListener { +public class BurpExtender implements IBurpExtender, ITab, IHttpListener, IProxyListener, IMessageEditorTabFactory { public String ExtensionName = "AES Killer"; public String TabName = "AES Killer"; @@ -75,6 +77,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { _aes_killer = new AES_Killer(this); this.callbacks.addSuiteTab(this); + this.callbacks.registerMessageEditorTabFactory(this); this.stdout.println("AES_Killer Installed !!!"); } @@ -146,7 +149,7 @@ public String do_decrypt(String _enc_str){ cipher = Cipher.getInstance(this._enc_type); //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES"); //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"GOST3412-2015"); - String alg = this._enc_type.split("/")[0]; + String alg = this._enc_type.split("/")[0]; sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),alg); if (this._exclude_iv){ @@ -171,10 +174,10 @@ public String do_decrypt(String _enc_str){ public String do_encrypt(String _dec_str){ try{ cipher = Cipher.getInstance(this._enc_type); + String alg = this._enc_type.split("/")[0]; + sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),alg); //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"GOST3412-2015"); //sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),"AES"); - String alg = this._enc_type.split("/")[0]; - sec_key = new SecretKeySpec(this.helpers.base64Decode(this._secret_key),alg); if (this._exclude_iv){ cipher.init(Cipher.ENCRYPT_MODE, sec_key); @@ -376,9 +379,6 @@ else if(this._is_res_param){ } } - - - @Override public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { if (messageIsRequest) { @@ -473,13 +473,116 @@ else if(this._is_res_param){ } } - - - - - - - - - + @Override + public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) + { + // create a new instance of our custom editor tab + return new AESDecoderTab(controller, editable, this._is_req_body, this._is_req_param, this._req_param); + } + + class AESDecoderTab implements IMessageEditorTab + { + private boolean editable; + + + private ITextEditor txtInput; + private byte[] currentMessage; + + public AESDecoderTab(IMessageEditorController controller, boolean editable, boolean is_req_body, + boolean is_req_param, String[] req_param) + { + this.editable = editable; + + // create an instance of Burp's text editor, to display our deserialized data + txtInput = callbacks.createTextEditor(); + txtInput.setEditable(editable); + } + + // + // implement IMessageEditorTab + // + + @Override + public String getTabCaption() + { + return "AESKiller Decoder"; + } + + @Override + public Component getUiComponent() + { + return txtInput.getComponent(); + } + + @Override + public boolean isEnabled(byte[] content, boolean isRequest) + { + // enable this tab for requests + return isRequest; + } + + @Override + public void setMessage(byte[] content, boolean isRequest) + { + if (content == null) + { + // clear our display + txtInput.setText(null); + txtInput.setEditable(false); + } + else { + if (isRequest) { + IRequestInfo reqInfo = helpers.analyzeRequest(content); + //String URL = reqInfo.getUrl().toString(); + List headers = reqInfo.getHeaders(); + //if (_host.contains(get_host(URL))) { + //if ((Base64InputTab)this.this$0._is_req_body) { + if (BurpExtender.this._is_req_body) { + // decrypting request body + String tmpreq = content.toString(); + String messageBody = new String(tmpreq.substring(reqInfo.getBodyOffset())).trim(); + String decValue = do_decrypt(messageBody); + txtInput.setText(decValue.getBytes()); + txtInput.setEditable(editable); + } else if (BurpExtender.this._is_req_param) { + byte[] _request = content; + if (reqInfo.getContentType() == IRequestInfo.CONTENT_TYPE_JSON) { + _request = update_req_params_json(_request, headers, BurpExtender.this._req_param, false); + } else { + _request = update_req_params(_request, headers, BurpExtender.this._req_param, false); + } + txtInput.setText(_request); + txtInput.setEditable(editable); + } else { + return; + } + + //} + + + } + } + + } + + @Override + public byte[] getMessage() + { + return null; + } + + @Override + public boolean isModified() + { + return txtInput.isTextModified(); + } + + @Override + public byte[] getSelectedData() + { + return txtInput.getSelectedText(); + } + } + + } From 8dd884877d64b5ace71874dc9847e27389733bff Mon Sep 17 00:00:00 2001 From: virusvfv <41779447+virusvfv@users.noreply.github.com> Date: Wed, 3 Aug 2022 12:03:43 -0400 Subject: [PATCH 3/4] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fa8c5ce..242d6a9 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ - The IProxyListener decrypt requests and encrypt responses, and an IHttpListener than encrypt requests and decrypt responses. - Burp sees the decrypted traffic, including Repeater, Intruder and Scanner, but the client/mobile app and server see the encrypted version. -***NOTE:*** Currently support `AES/CBC/PKCS5Padding` && `AES/ECB/PKCS5Padding` encryption/decryption. +***NOTE:*** Currently support `AES/CBC/PKCS5Padding` && `AES/ECB/PKCS5Padding` && `GOST3412/EBC/PKCS7Padding`encryption/decryption. ### How it works - Require **Secret Key** and **Initialize Vector** which can be obtained by using aes-hook.js and frida-hook.py or by reversing the application (For iOS please use Frida iOS Hook to get AES Secret Key and IV) From 4628dd3c4d08e65cbf7f7800af2b0a085a99be2a Mon Sep 17 00:00:00 2001 From: user Date: Wed, 3 Aug 2022 12:22:12 -0400 Subject: [PATCH 4/4] 1. Correct AESKiller Editor Tab 2. Add AESKillerTab on/off checkbox to options 3. Change "Host URL" behaviour: now U can type site.com (without http:// prefix) and AESKiller will work on api.site.com, web.site.com, etc 4. Disable MessageBox about AESKiller start/stop --- src/main/java/burp/AES_Killer.java | 67 ++++++++++++++++++++++------ src/main/java/burp/BurpExtender.java | 57 ++++++++++++++++++----- 2 files changed, 100 insertions(+), 24 deletions(-) diff --git a/src/main/java/burp/AES_Killer.java b/src/main/java/burp/AES_Killer.java index 294fe55..e75ea08 100644 --- a/src/main/java/burp/AES_Killer.java +++ b/src/main/java/burp/AES_Killer.java @@ -80,6 +80,8 @@ private void loadConfig(){ jCheckBox15.setSelected(Boolean.parseBoolean(map.get("jCheckBox15").toString())); jCheckBox16.setSelected(Boolean.parseBoolean(map.get("jCheckBox16").toString())); jCheckBox17.setSelected(Boolean.parseBoolean(map.get("jCheckBox17").toString())); + jCheckBox18.setSelected(Boolean.parseBoolean(map.get("jCheckBox18").toString())); + //jCheckBox19.setSelected(Boolean.parseBoolean(map.get("jCheckBox19").toString())); jComboBox1.setSelectedItem(map.get("jComboBox1")); _burpObj.callbacks.printOutput(AesKillerConfig); @@ -117,6 +119,8 @@ private void saveConfig(){ map.put("jCheckBox7", jCheckBox7.isSelected()); map.put("jCheckBox15", jCheckBox15.isSelected()); map.put("jCheckBox17", jCheckBox17.isSelected()); + map.put("jCheckBox18", jCheckBox18.isSelected()); + //map.put("jCheckBox19", jCheckBox19.isSelected()); String AesKillerConfig = new Gson().toJson(map); @@ -164,6 +168,8 @@ private void initComponents() { jCheckBox8 = new javax.swing.JCheckBox(); jCheckBox13 = new javax.swing.JCheckBox(); jCheckBox14 = new javax.swing.JCheckBox(); + jCheckBox18 = new javax.swing.JCheckBox(); + //jCheckBox19 = new javax.swing.JCheckBox(); jPanel4 = new javax.swing.JPanel(); jPanel5 = new javax.swing.JPanel(); jLabel1 = new javax.swing.JLabel(); @@ -304,6 +310,10 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { jCheckBox14.setText("URL encode/decode"); + jCheckBox18.setText("Req/Resp tab"); + + //jCheckBox19.setText("Response tab"); + javax.swing.GroupLayout jPanel12Layout = new javax.swing.GroupLayout(jPanel12); jPanel12.setLayout(jPanel12Layout); jPanel12Layout.setHorizontalGroup( @@ -314,18 +324,27 @@ public void actionPerformed(java.awt.event.ActionEvent evt) { .addComponent(jCheckBox8) .addComponent(jCheckBox14) .addComponent(jCheckBox13)) + .addGroup(jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jCheckBox18)) + //.addComponent(jCheckBox19)) .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) ); jPanel12Layout.setVerticalGroup( jPanel12Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(jPanel12Layout.createSequentialGroup() - .addContainerGap() - .addComponent(jCheckBox8) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(jCheckBox14) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addComponent(jCheckBox13) - .addContainerGap()) + .addGroup(jPanel12Layout.createSequentialGroup() + .addContainerGap() + .addComponent(jCheckBox8) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(jCheckBox14) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(jCheckBox13)) + .addGroup(jPanel12Layout.createSequentialGroup() + .addContainerGap() + .addComponent(jCheckBox18) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + //.addComponent(jCheckBox19) + .addContainerGap()) + ); javax.swing.GroupLayout jPanel6Layout = new javax.swing.GroupLayout(jPanel6); @@ -684,15 +703,16 @@ public Boolean is_string_empty(String _str){ public Boolean validate_host(){ String _url = this.jTextField7.getText().trim(); - if(is_string_empty(_url)){ JOptionPane.showMessageDialog(this, "Please provide a Host URL !!!"); return false; } + if(is_string_empty(_url)){ JOptionPane.showMessageDialog(this, "Please provide a part of Host domain !!!"); return false; } try{ URL abc = new URL(_url); this._burpObj._host = abc.getHost(); return true; }catch (Exception ex){ - JOptionPane.showMessageDialog(this, "Please provide a valid Host URL (e.g https://abc.com) !!!"); - return false; + //JOptionPane.showMessageDialog(this, "Please provide a part of Host domain (e.g abc.com) !!!"); + this._burpObj._host = _url; + return true; } } @@ -748,6 +768,19 @@ public Boolean validate_debug_mode(){ } return true; } + + public Boolean validate_req_tab(){ + if(this.jCheckBox18.isSelected()){ + this._burpObj._req_tab = true; + return true; + }else { + this._burpObj._req_tab = false; + return false; + } + //return false; + } + + public Boolean validate_request_params(){ if(this.jCheckBox2.isSelected()){ @@ -825,7 +858,11 @@ private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRS // Validate Debug Mode validate_debug_mode(); - + + //Validate request / response tabs + //validate_resp_tab(); + validate_req_tab(); + // Validate Request if(!validate_request_params()) { return; } @@ -841,7 +878,7 @@ private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRS saveConfig(); - JOptionPane.showMessageDialog(this, "AES Killer started !!!"); + //JOptionPane.showMessageDialog(this, "AES Killer started !!!"); }//GEN-LAST:event_jButton2ActionPerformed @@ -856,7 +893,7 @@ private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRS this.jButton2.setEnabled(true); this.jButton1.setEnabled(false); - JOptionPane.showMessageDialog(this, "AES Killer stopped !!!"); + //JOptionPane.showMessageDialog(this, "AES Killer stopped !!!"); }//GEN-LAST:event_jButton1ActionPerformed private void jCheckBox17ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBox17ActionPerformed @@ -935,6 +972,8 @@ private void jButton4ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRS private javax.swing.JCheckBox jCheckBox15; private javax.swing.JCheckBox jCheckBox16; private javax.swing.JCheckBox jCheckBox17; + private javax.swing.JCheckBox jCheckBox18; + //private javax.swing.JCheckBox jCheckBox19; private javax.swing.JCheckBox jCheckBox2; private javax.swing.JCheckBox jCheckBox3; private javax.swing.JCheckBox jCheckBox4; diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index 52a31d9..2052e0d 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -55,6 +55,8 @@ public class BurpExtender implements IBurpExtender, ITab, IHttpListener, IProxyL public Boolean _ignore_response = false; public Boolean _do_off = false; public Boolean _url_enc_dec = false; + public Boolean _req_tab = false; + //public Boolean _resp_tab = false; public Boolean _is_req_body = false; public Boolean _is_res_body = false; public Boolean _is_req_param = false; @@ -291,7 +293,8 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa String URL = new String(reqInfo.getUrl().toString()); List headers = reqInfo.getHeaders(); - if(this._host.contains(get_host(URL))) { + //if(this._host.contains(get_host(URL))) { + if(URL.contains(this._host)) { if(this._is_req_body) { // decrypting request body @@ -333,7 +336,8 @@ else if(this._is_req_param){ String URL = new String(reqInfo.getUrl().toString()); List headers = resInfo.getHeaders(); - if(this._host.contains(this.get_host(URL))){ + //if(this._host.contains(this.get_host(URL))){ + if(URL.contains(this._host)) { if(!headers.contains(this._Header)){ return; } @@ -388,7 +392,8 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ if(!headers.contains(this._Header)){ return; } - if(this._host.contains(get_host(URL))){ + //if(this._host.contains(get_host(URL))){ + if(URL.contains(this._host)) { if(this._is_req_body) { String tmpreq = new String(messageInfo.getRequest()); String messageBody = new String(tmpreq.substring(reqInfo.getBodyOffset())).trim(); @@ -443,7 +448,8 @@ else if(this._is_req_param){ List headers = resInfo.getHeaders(); - if(this._host.contains(this.get_host(URL))){ + //if(this._host.contains(this.get_host(URL))){ + if(URL.contains(this._host)) { if(this._is_res_body){ // Complete Response Body decryption @@ -499,7 +505,7 @@ public AESDecoderTab(IMessageEditorController controller, boolean editable, bool } // - // implement IMessageEditorTab + // implement IMessageEditorTab // @Override @@ -518,7 +524,10 @@ public Component getUiComponent() public boolean isEnabled(byte[] content, boolean isRequest) { // enable this tab for requests - return isRequest; + if (BurpExtender.this._req_tab) { + return true; + } + return false; } @Override @@ -531,11 +540,15 @@ public void setMessage(byte[] content, boolean isRequest) txtInput.setEditable(false); } else { - if (isRequest) { + if (isRequest && BurpExtender.this._req_tab ) { IRequestInfo reqInfo = helpers.analyzeRequest(content); - //String URL = reqInfo.getUrl().toString(); + String URL = ""; List headers = reqInfo.getHeaders(); - //if (_host.contains(get_host(URL))) { + String[] tmp = reqInfo.getHeaders().get(1).split(" "); + if (tmp.length >1 ){ + URL = reqInfo.getHeaders().get(1).split(" ")[1]; + } + if (URL.contains(_host)) { //if ((Base64InputTab)this.this$0._is_req_body) { if (BurpExtender.this._is_req_body) { // decrypting request body @@ -557,10 +570,34 @@ public void setMessage(byte[] content, boolean isRequest) return; } - //} + } } + if (!isRequest && BurpExtender.this._req_tab ) { + IResponseInfo respInfo = helpers.analyzeResponse(content); + List headers = respInfo.getHeaders(); + if (BurpExtender.this._is_req_body) { + // decrypting response body + String tmpreq = content.toString(); + String messageBody = new String(tmpreq.substring(respInfo.getBodyOffset())).trim(); + String decValue = do_decrypt(messageBody); + txtInput.setText(decValue.getBytes()); + txtInput.setEditable(editable); + } else if (BurpExtender.this._is_req_param) { + byte[] _request = content; + + if (respInfo.getStatedMimeType().contains("JSON")) { + _request = update_req_params_json(_request, headers, BurpExtender.this._res_param, false); + } else { + _request = update_req_params(_request, headers, BurpExtender.this._res_param, false); + } + txtInput.setText(_request); + txtInput.setEditable(editable); + } else { + return; + } + } } }