diff --git a/src/main/java/com/gdssecurity/handlers/BTPHttpResponseHandler.java b/src/main/java/com/gdssecurity/handlers/BTPHttpResponseHandler.java index 37d3fc3..674a371 100644 --- a/src/main/java/com/gdssecurity/handlers/BTPHttpResponseHandler.java +++ b/src/main/java/com/gdssecurity/handlers/BTPHttpResponseHandler.java @@ -24,6 +24,7 @@ import burp.api.montoya.proxy.http.ProxyResponseReceivedAction; import burp.api.montoya.proxy.http.ProxyResponseToBeSentAction; import com.gdssecurity.helpers.BTPConstants; +import com.gdssecurity.providers.BTPContextMenuItemsProvider; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; @@ -79,7 +80,49 @@ public ProxyResponseReceivedAction handleResponseReceived(InterceptedResponse in return ProxyResponseReceivedAction.continueWith(interceptedResponse); } else { body.remove("availableTransports"); - body.put("availableTransports", this.modifiedTransports); + + modifiedTransports = new JSONArray(); + boolean wsText = BTPContextMenuItemsProvider.getBoolean(_montoya, "WebSockets: Text", false); + boolean wsBinary = BTPContextMenuItemsProvider.getBoolean(_montoya, "WebSockets: Binary", false); + boolean ssText = BTPContextMenuItemsProvider.getBoolean(_montoya, "ServerSentEvents: Text", true); + boolean lpText = BTPContextMenuItemsProvider.getBoolean(_montoya, "LongPolling: Text", true); + boolean lpBinary = BTPContextMenuItemsProvider.getBoolean(_montoya, "LongPolling: Binary", true); + + if (wsText||wsBinary) { + JSONObject ws = new JSONObject(); + ws.append("transport", "WebSockets"); + JSONArray formats = new JSONArray(); + if (wsText) { + formats.put("Text"); + } + if (wsBinary) { + formats.put("Binary"); + } + ws.put("transferFormats", formats); + modifiedTransports.put(ws); + } + if (ssText) { + JSONObject ss = new JSONObject(); + ss.append("transport", "ServerSentEvents"); + JSONArray formats = new JSONArray(); + formats.put("Text"); + ss.put("TransferFormats", formats); + modifiedTransports.put(ss); + } + if (lpText||lpBinary) { + JSONObject lp = new JSONObject(); + lp.append("transport", "LongPolling"); + JSONArray formats = new JSONArray(); + if (lpText) { + formats.put("Text"); + } + if (lpBinary) { + formats.put("Binary"); + } + lp.put("transferFormats", formats); + modifiedTransports.put(lp); + } + body.put("availableTransports", modifiedTransports); return ProxyResponseReceivedAction.continueWith(interceptedResponse.withBody(body.toString())); } } diff --git a/src/main/java/com/gdssecurity/providers/BTPContextMenuItemsProvider.java b/src/main/java/com/gdssecurity/providers/BTPContextMenuItemsProvider.java index 546b3e0..db3068b 100644 --- a/src/main/java/com/gdssecurity/providers/BTPContextMenuItemsProvider.java +++ b/src/main/java/com/gdssecurity/providers/BTPContextMenuItemsProvider.java @@ -25,7 +25,13 @@ import com.gdssecurity.helpers.BTPConstants; import javax.swing.*; +import javax.swing.event.PopupMenuEvent; +import javax.swing.event.PopupMenuListener; import java.awt.*; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.awt.event.MouseAdapter; +import java.awt.event.MouseEvent; import java.util.ArrayList; import java.util.List; @@ -74,9 +80,62 @@ public List provideMenuItems(ContextMenuEvent event) { this.sendSelectionToBTP(selection); }); menuItems.add(sendToBTP); + + JMenuItem downGradeOptions = new JMenuItem(); + downGradeOptions.setText("Downgrade Options"); + downGradeOptions.addActionListener(e -> { + showCheckBoxDialog(); + }); + menuItems.add(downGradeOptions); + return menuItems; } + public void showCheckBoxDialog() { + // Create a new JDialog + JDialog dialog = new JDialog((JFrame) null, "Select Options", true); + dialog.setDefaultCloseOperation(JDialog.DISPOSE_ON_CLOSE); + dialog.setLayout(new BorderLayout()); + dialog.setSize(300, 200); + + // Create a panel to hold checkboxes + JPanel checkBoxPanel = new JPanel(); + checkBoxPanel.setLayout(new BoxLayout(checkBoxPanel, BoxLayout.Y_AXIS)); + + //actionlistener for checkboxes + ActionListener checkBoxListener = new ActionListener() { + public void actionPerformed(ActionEvent e) { + JCheckBoxMenuItem selectedMenuItem = (JCheckBoxMenuItem) e.getSource(); + String optionText = selectedMenuItem.getText(); + + _montoya.persistence().extensionData().setBoolean(optionText, selectedMenuItem.isSelected()); + + if (selectedMenuItem.isSelected()) { + _logging.logToOutput(optionText + " is selected."); + } else { + _logging.logToOutput(optionText + " is unselected."); + } + } + }; + + for (String option : List.of("WebSockets: Text", "WebSockets: Binary", + "ServerSentEvents: Text", "LongPolling: Text", "LongPolling: Binary")) { + JCheckBoxMenuItem checkBoxMenuItem = new JCheckBoxMenuItem(option, getBoolean(_montoya, option, false)); + checkBoxMenuItem.addActionListener(checkBoxListener); + + checkBoxPanel.add(checkBoxMenuItem); + } + + dialog.add(checkBoxPanel); + dialog.setVisible(true); + } + + public static boolean getBoolean(MontoyaApi montoya, String key, boolean defaultValue) { + Boolean returnValue = montoya.persistence().extensionData().getBoolean(key); + if (returnValue == null) return defaultValue; + return returnValue; + } + /** * Handles the selection of "Send body to BTP tab" menu option * Sends the body from the selected request/response to editor of BTP tab