Skip to content

Commit

Permalink
Make Intruder payload processor signing algorithm configurable.
Browse files Browse the repository at this point in the history
  • Loading branch information
@DolphFlynn
DolphFlynn committed Feb 15, 2024
1 parent 91f8726 commit 7ebf05a
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 11 deletions.
8 changes: 3 additions & 5 deletions src/main/java/burp/intruder/JWSPayloadProcessor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@

import static burp.intruder.FuzzLocation.PAYLOAD;
import static com.blackberry.jwteditor.model.jose.JOSEObjectFinder.parseJOSEObject;
import static org.apache.commons.lang3.StringUtils.isNotEmpty;

public class JWSPayloadProcessor implements PayloadProcessor {
private final Logging logging;
Expand Down Expand Up @@ -61,9 +60,7 @@ public PayloadProcessingResult processPayload(PayloadData payloadData) {
}

private Optional<Key> loadKey() {
String keyId = intruderConfig.signingKeyId();

if (isNotEmpty(keyId)) {
if (!intruderConfig.resign()) {
return Optional.empty();
}

Expand All @@ -87,7 +84,8 @@ private JWS createJWS(Base64URL header, Base64URL payload, Base64URL originalSig
Optional<JWS> result = Optional.empty();

try {
result = Optional.of(JWSFactory.sign(key, key.getSigningAlgorithms()[0], header, payload));
// TODO - update alg within header
result = Optional.of(JWSFactory.sign(key, intruderConfig.signingAlgorithm(), header, payload));
} catch (SigningException ex) {
logging.logToError("Failed to sign JWS: " + ex);
}
Expand Down
16 changes: 15 additions & 1 deletion src/main/java/com/blackberry/jwteditor/view/config/ConfigView.form
View file
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@
<text value="Intruder"/>
</properties>
</component>
<grid id="23fd" layout-manager="GridLayoutManager" row-count="4" column-count="3" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<grid id="23fd" layout-manager="GridLayoutManager" row-count="5" column-count="3" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="0" left="0" bottom="0" right="0"/>
<constraints>
<grid row="2" column="0" row-span="3" col-span="2" vsize-policy="3" hsize-policy="3" anchor="9" fill="0" indent="0" use-parent-layout="false"/>
Expand Down Expand Up @@ -254,6 +254,20 @@
<text value=""/>
</properties>
</component>
<component id="2c6" class="javax.swing.JLabel">
<constraints>
<grid row="4" column="1" row-span="1" col-span="1" vsize-policy="0" hsize-policy="0" anchor="8" fill="0" indent="0" use-parent-layout="false"/>
</constraints>
<properties>
<text value="Signing Algorithm:"/>
</properties>
</component>
<component id="734f8" class="javax.swing.JComboBox" binding="comboBoxIntruderSigningAlg">
<constraints>
<grid row="4" column="2" row-span="1" col-span="1" vsize-policy="0" hsize-policy="2" anchor="8" fill="1" indent="0" use-parent-layout="false"/>
</constraints>
<properties/>
</component>
</children>
</grid>
<grid id="5df6b" layout-manager="GridLayoutManager" row-count="1" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
Expand Down
50 changes: 45 additions & 5 deletions src/main/java/com/blackberry/jwteditor/view/config/ConfigView.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
import com.blackberry.jwteditor.model.keys.KeysModel;
import com.blackberry.jwteditor.model.keys.KeysModelListener.SimpleKeysModelListener;
import com.blackberry.jwteditor.view.utils.DocumentAdapter;
import com.nimbusds.jose.JWSAlgorithm;

import javax.swing.*;
import java.awt.*;
Expand All @@ -40,6 +41,7 @@

public class ConfigView {
private final IntruderConfig intruderConfig;
private final KeysModel keysModel;

private JPanel mainPanel;
private JCheckBox checkBoxHighlightJWT;
Expand All @@ -58,7 +60,7 @@ public class ConfigView {
private JPanel intruderPanel;
private JLabel spacerLabel;
private JCheckBox resignIntruderJWS;
private KeysModel keysModel;
private JComboBox comboBoxIntruderSigningAlg;

public ConfigView(BurpConfig burpConfig, UserInterface userInterface, boolean isProVersion, KeysModel keysModel) {
this.keysModel = keysModel;
Expand Down Expand Up @@ -87,7 +89,15 @@ public ConfigView(BurpConfig burpConfig, UserInterface userInterface, boolean is
comboBoxPayloadPosition.addActionListener(e -> intruderConfig.setFuzzLocation((FuzzLocation) comboBoxPayloadPosition.getSelectedItem()));

updateSigningKeyList();
comboBoxIntruderSigningKeyId.addActionListener(e -> intruderConfig.setSigningKeyId((String) comboBoxIntruderSigningKeyId.getSelectedItem()));
comboBoxIntruderSigningKeyId.addActionListener(e -> {
String newSigningKeyId = (String) comboBoxIntruderSigningKeyId.getSelectedItem();

if (!intruderConfig.signingKeyId().equals(newSigningKeyId)) {
intruderConfig.setSigningKeyId(newSigningKeyId);
updateSigningAlgorithmList();
}
});
comboBoxIntruderSigningAlg.addActionListener(e -> intruderConfig.setSigningAlgorithm((JWSAlgorithm) comboBoxIntruderSigningAlg.getSelectedItem()));
resignIntruderJWS.addActionListener(e -> intruderConfig.setResign(resignIntruderJWS.isSelected()));
keysModel.addKeyModelListener(new SimpleKeysModelListener(this::updateSigningKeyList));

Expand Down Expand Up @@ -117,34 +127,64 @@ public ConfigView(BurpConfig burpConfig, UserInterface userInterface, boolean is
private void updateSigningKeyList() {
List<Key> signingKeys = keysModel.getSigningKeys();
String[] signingKeyIds = signingKeys.stream().map(Key::getID).toArray(String[]::new);
String selectedSigningId = intruderConfig.signingKeyId();
String modelSelectedSigningId = intruderConfig.signingKeyId();

String viewSelectedKeyId = (String) comboBoxIntruderSigningKeyId.getSelectedItem();
comboBoxIntruderSigningKeyId.setModel(new DefaultComboBoxModel<>(signingKeyIds));

if (signingKeys.isEmpty()) {
resignIntruderJWS.setSelected(false);
resignIntruderJWS.setEnabled(false);
comboBoxIntruderSigningKeyId.setEnabled(false);
comboBoxIntruderSigningAlg.setEnabled(false);
intruderConfig.setResign(false);
intruderConfig.setSigningKeyId(null);
} else {
resignIntruderJWS.setEnabled(true);
comboBoxIntruderSigningKeyId.setEnabled(true);
comboBoxIntruderSigningAlg.setEnabled(true);

Optional<Key> selectedKey = signingKeys.stream()
.filter(k -> k.getID().equals(selectedSigningId))
.filter(k -> k.getID().equals(modelSelectedSigningId))
.findFirst();


if (selectedKey.isPresent()) {
Key key = selectedKey.get();

resignIntruderJWS.setSelected(intruderConfig.resign());
comboBoxIntruderSigningKeyId.setSelectedItem(selectedKey.get());
comboBoxIntruderSigningKeyId.setSelectedItem(key.getID());

if (!modelSelectedSigningId.equals(viewSelectedKeyId)) {
comboBoxIntruderSigningAlg.setModel(new DefaultComboBoxModel(key.getSigningAlgorithms()));
comboBoxIntruderSigningAlg.setSelectedIndex(0);
}
} else {
resignIntruderJWS.setSelected(false);
comboBoxIntruderSigningKeyId.setSelectedIndex(0);

Key key = signingKeys.get(0);
comboBoxIntruderSigningAlg.setModel(new DefaultComboBoxModel(key.getSigningAlgorithms()));
}
}
}

private void updateSigningAlgorithmList() {
Key key = keysModel.getSigningKeys().stream()
.filter(k -> k.getID().equals(intruderConfig.signingKeyId()))
.findFirst()
.orElseThrow();

JWSAlgorithm[] signingAlgorithms = key.getSigningAlgorithms();
comboBoxIntruderSigningAlg.setModel(new DefaultComboBoxModel(signingAlgorithms));

if (signingAlgorithms.length > 0) {
JWSAlgorithm algorithm = signingAlgorithms[0];
comboBoxIntruderSigningAlg.setSelectedItem(algorithm);
intruderConfig.setSigningAlgorithm(algorithm);
}
}

/**
* Custom list cell renderer to color rows of combo box drop down list.
*/
Expand Down

0 comments on commit 7ebf05a

Please sign in to comment.