From 84ad22500822d9de12b69e5f6dd319d2d3e30505 Mon Sep 17 00:00:00 2001 From: Dolph Flynn <96876199+DolphFlynn@users.noreply.github.com> Date: Thu, 11 Jul 2024 18:39:52 +0100 Subject: [PATCH] Respect ProxyConfig when highlighting JWT's (Thanks to @serate-actual). --- .../java/burp/proxy/AnnotationsModifier.java | 10 +- .../api/montoya/core/FakeAnnotations.java | 54 ++++++++++ .../api/montoya/utilities/FakeByteUtils.java | 63 ++++++++++++ .../burp/proxy/AnnotationsModifierTest.java | 99 +++++++++++++++++++ 4 files changed, 223 insertions(+), 3 deletions(-) create mode 100644 src/test/java/burp/api/montoya/core/FakeAnnotations.java create mode 100644 src/test/java/burp/api/montoya/utilities/FakeByteUtils.java create mode 100644 src/test/java/burp/proxy/AnnotationsModifierTest.java diff --git a/src/main/java/burp/proxy/AnnotationsModifier.java b/src/main/java/burp/proxy/AnnotationsModifier.java index 8f24707..99dc614 100644 --- a/src/main/java/burp/proxy/AnnotationsModifier.java +++ b/src/main/java/burp/proxy/AnnotationsModifier.java @@ -36,12 +36,16 @@ class AnnotationsModifier { } void updateAnnotationsIfApplicable(Annotations annotations, ByteArray data) { - String message = byteUtils.convertToString(data.getBytes()); - updateAnnotationsIfApplicable(annotations, message); + if (proxyConfig.highlightJWT()) { + String message = byteUtils.convertToString(data.getBytes()); + updateAnnotationsIfApplicable(annotations, message); + } } void updateAnnotationsIfApplicable(Annotations annotations, String message) { - updateAnnotations(annotations, message); + if (proxyConfig.highlightJWT()) { + updateAnnotations(annotations, message); + } } private void updateAnnotations(Annotations annotations, String messageString) { diff --git a/src/test/java/burp/api/montoya/core/FakeAnnotations.java b/src/test/java/burp/api/montoya/core/FakeAnnotations.java new file mode 100644 index 0000000..3d8a696 --- /dev/null +++ b/src/test/java/burp/api/montoya/core/FakeAnnotations.java @@ -0,0 +1,54 @@ +/* +Author : Dolph Flynn + +Copyright 2024 Dolph Flynn + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package burp.api.montoya.core; + +public class FakeAnnotations implements Annotations { + private String notes; + private HighlightColor highlightColor; + + @Override + public String notes() { + return notes; + } + + @Override + public void setNotes(String notes) { + this.notes = notes; + } + + @Override + public HighlightColor highlightColor() { + return highlightColor; + } + + @Override + public void setHighlightColor(HighlightColor highlightColor) { + this.highlightColor = highlightColor; + } + + @Override + public Annotations withNotes(String s) { + throw new UnsupportedOperationException(); + } + + @Override + public Annotations withHighlightColor(HighlightColor highlightColor) { + throw new UnsupportedOperationException(); + } +} diff --git a/src/test/java/burp/api/montoya/utilities/FakeByteUtils.java b/src/test/java/burp/api/montoya/utilities/FakeByteUtils.java new file mode 100644 index 0000000..c5c8110 --- /dev/null +++ b/src/test/java/burp/api/montoya/utilities/FakeByteUtils.java @@ -0,0 +1,63 @@ +/* +Author : Dolph Flynn + +Copyright 2024 Dolph Flynn + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package burp.api.montoya.utilities; + +import static java.nio.charset.StandardCharsets.UTF_8; + +public class FakeByteUtils implements ByteUtils{ + @Override + public int indexOf(byte[] bytes, byte[] bytes1) { + throw new UnsupportedOperationException(); + } + + @Override + public int indexOf(byte[] bytes, byte[] bytes1, boolean b) { + throw new UnsupportedOperationException(); + } + + @Override + public int indexOf(byte[] bytes, byte[] bytes1, boolean b, int i, int i1) { + throw new UnsupportedOperationException(); + } + + @Override + public int countMatches(byte[] bytes, byte[] bytes1) { + throw new UnsupportedOperationException(); + } + + @Override + public int countMatches(byte[] bytes, byte[] bytes1, boolean b) { + throw new UnsupportedOperationException(); + } + + @Override + public int countMatches(byte[] bytes, byte[] bytes1, boolean b, int i, int i1) { + throw new UnsupportedOperationException(); + } + + @Override + public String convertToString(byte[] bytes) { + return new String(bytes, UTF_8); + } + + @Override + public byte[] convertFromString(String s) { + throw new UnsupportedOperationException(); + } +} diff --git a/src/test/java/burp/proxy/AnnotationsModifierTest.java b/src/test/java/burp/proxy/AnnotationsModifierTest.java new file mode 100644 index 0000000..1e64814 --- /dev/null +++ b/src/test/java/burp/proxy/AnnotationsModifierTest.java @@ -0,0 +1,99 @@ +/* +Author : Dolph Flynn + +Copyright 2024 Dolph Flynn + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package burp.proxy; + +import burp.api.montoya.core.Annotations; +import burp.api.montoya.core.FakeAnnotations; +import burp.api.montoya.core.FakeByteArray; +import burp.api.montoya.utilities.ByteUtils; +import burp.api.montoya.utilities.FakeByteUtils; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.MethodSource; + +import java.util.stream.Stream; + +import static burp.proxy.HighlightColor.GREEN; +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.params.provider.Arguments.arguments; + +class AnnotationsModifierTest { + private final ProxyConfig config = new ProxyConfig(); + private final ByteUtils byteUtils = new FakeByteUtils(); + private final AnnotationsModifier annotationsModifier = new AnnotationsModifier(config, byteUtils); + + private static Stream data() { + return Stream.of( + arguments("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJUZXN0In0.Nabf3xakZubPnCzHT-fx0vG1iuNPeJKuSzHxUiQKf-8", "1 JWTs, 0 JWEs"), + arguments("eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiQTEyOEtXIn0.H3X6mT5HLgcFfzLoe4ku6Knhh9Ofv1eL.qF5-N_7K8VQ4yMSz.WXUNY6eg5fR4tc8Hqf5XDRM9ALGwcQyYG4IYwwg8Ctkx1UuxoV7t6UnemjzCj2sOYUqi3KYpDzrKVJpzokz0vcIem4lFe5N_ds8FAMpW0GSF9ePA8qvV99WaP0N2ECVPmgihvL6qwNhdptlLKtxcOpE41U5LnU22voPK55VF4_1j0WmTgWgZ7DwLDysp6EIDjrrt-DY.febBmP71KADmKRVfeSnv_g", "0 JWTs, 1 JWEs") + ); + } + + @MethodSource("data") + @ParameterizedTest + void givenJWTStrings_whenHighlightJWTTrue_thenCommentAndHighlightUpdated(String data, String expectedComment) { + Annotations annotations = new FakeAnnotations(); + config.setHighlightColor(GREEN); + config.setHighlightJWT(true); + + annotationsModifier.updateAnnotationsIfApplicable(annotations, data); + + assertThat(annotations.highlightColor()).isEqualTo(GREEN.burpColor); + assertThat(annotations.notes()).isEqualTo(expectedComment); + } + + @MethodSource("data") + @ParameterizedTest + void givenJWTBytes_whenHighlightJWTTrue_thenCommentAndHighlightUpdated(String data, String expectedComment) { + Annotations annotations = new FakeAnnotations(); + config.setHighlightColor(GREEN); + config.setHighlightJWT(true); + + annotationsModifier.updateAnnotationsIfApplicable(annotations, new FakeByteArray(data)); + + assertThat(annotations.highlightColor()).isEqualTo(GREEN.burpColor); + assertThat(annotations.notes()).isEqualTo(expectedComment); + } + + @MethodSource("data") + @ParameterizedTest + void givenJWTStrings_whenHighlightJWTFalse_thenCommentAndHighlightNotSet(String data, String expectedComment) { + Annotations annotations = new FakeAnnotations(); + config.setHighlightColor(GREEN); + config.setHighlightJWT(false); + + annotationsModifier.updateAnnotationsIfApplicable(annotations, data); + + assertThat(annotations.highlightColor()).isNull(); + assertThat(annotations.notes()).isNull(); + } + + @MethodSource("data") + @ParameterizedTest + void givenJWTBytes_whenHighlightJWTFalse_thenCommentAndHighlightNotSet(String data, String expectedComment) { + Annotations annotations = new FakeAnnotations(); + config.setHighlightColor(GREEN); + config.setHighlightJWT(false); + + annotationsModifier.updateAnnotationsIfApplicable(annotations, new FakeByteArray(data)); + + assertThat(annotations.highlightColor()).isNull(); + assertThat(annotations.notes()).isNull(); + } +} \ No newline at end of file