Minor fixes

PortSwigger · Jul 26, 2024 · f5bcd98 · f5bcd98
1 parent 3f486dd
commit f5bcd98
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 19 deletions.
diff --git a/src/main/java/net/portswigger/burp/extensions/BypassBotDetection.java b/src/main/java/net/portswigger/burp/extensions/BypassBotDetection.java
@@ -2,6 +2,8 @@
 
 import burp.api.montoya.BurpExtension;
 import burp.api.montoya.MontoyaApi;
+import net.portswigger.burp.extensions.beens.Browsers;
+import net.portswigger.burp.extensions.beens.MatchAndReplace;
 
 import javax.swing.*;
 import java.util.concurrent.BlockingQueue;
@@ -32,13 +34,8 @@ public void initialize(MontoyaApi montoyaApi) {
             });
             // warming up
             Utilities.log(Utilities.getResourceString("loading"));
-            String project_settings = Utilities.readResourceForClass("/project_options.json", BypassBotDetection.class);
-            SwingUtilities.invokeAndWait(() -> {
-                if(project_settings!=null) {
-                    Utilities.importProject(project_settings);
-                }
-            });
-            Utilities.loadTLSSettings();
+            Utilities.updateTLSSettings(Constants.BROWSERS_PROTOCOLS.get(Browsers.FIREFOX.name), Constants.BROWSERS_CIPHERS.get(Browsers.FIREFOX.name));
+            Utilities.updateProxySettings(MatchAndReplace.create(Browsers.FIREFOX));
 
 
         } catch (Exception e) {

diff --git a/src/main/java/net/portswigger/burp/extensions/TLSContextMenuItemsProvider.java b/src/main/java/net/portswigger/burp/extensions/TLSContextMenuItemsProvider.java
@@ -65,8 +65,8 @@ public List<Component> provideMenuItems(ContextMenuEvent contextMenuEvent) {
 
 
     public void addTLSCiphers(Browsers browser){
-        Utilities.updateTLSSettings(Constants.BROWSERS_PROTOCOLS.get(browser.name), Constants.BROWSERS_CIPHERS.get(browser.name));
-        Utilities.updateProxySettings(MatchAndReplace.create(browser));
+        Utilities.updateTLSSettingsSync(Constants.BROWSERS_PROTOCOLS.get(browser.name), Constants.BROWSERS_CIPHERS.get(browser.name));
+        Utilities.updateProxySettingsSync(MatchAndReplace.create(browser));
     }
     public void addManualSettings(String negotiation){
         Utilities.importProject(negotiation);

diff --git a/src/main/java/net/portswigger/burp/extensions/TriggerCipherGuesser.java b/src/main/java/net/portswigger/burp/extensions/TriggerCipherGuesser.java
@@ -2,6 +2,8 @@
 
 import burp.api.montoya.core.Annotations;
 import burp.api.montoya.http.message.HttpRequestResponse;
+import net.portswigger.burp.extensions.beens.Browsers;
+import net.portswigger.burp.extensions.beens.MatchAndReplace;
 
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
@@ -67,7 +69,8 @@ public void run() {
                         Utilities.log(e.getMessage());
                     }
                     finally {
-                        Utilities.loadTLSSettings();
+                        Utilities.updateTLSSettingsSync(Constants.BROWSERS_PROTOCOLS.get(Browsers.FIREFOX.name), Constants.BROWSERS_CIPHERS.get(Browsers.FIREFOX.name));
+                        Utilities.updateProxySettingsSync(MatchAndReplace.create(Browsers.FIREFOX));
                     }
                 }
             });

diff --git a/src/main/java/net/portswigger/burp/extensions/Utilities.java b/src/main/java/net/portswigger/burp/extensions/Utilities.java
@@ -12,10 +12,12 @@
 import com.google.gson.Gson;
 import net.portswigger.burp.extensions.beens.*;
 
+import javax.swing.*;
 import java.io.BufferedReader;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.InetAddress;
+import java.net.URI;
 import java.net.URL;
 import java.util.List;
 import java.util.Optional;
@@ -53,14 +55,28 @@ static void updateTLSSettings(String[] protocols, String[] ciphers) {
         String serializedTLSSettings = gson.toJson(currentTLSSettings);
         importProject(serializedTLSSettings);
     }
-
-    static void importProject(String serializedSettings) {
-        montoyaApi.burpSuite().importProjectOptionsFromJson(serializedSettings);
+    static void updateProxySettingsSync(MatchAndReplace rule) {
+        String proxy = montoyaApi.burpSuite().exportProjectOptionsAsJson("proxy.match_replace_rules");
+        ProxySettings currentProxySettings = gson.fromJson(proxy, ProxySettings.class);
+        ProxySettings changedProxySettings = currentProxySettings.toggleMatchAndReplace(rule);
+        String serializedProxySettings = gson.toJson(changedProxySettings);
+        montoyaApi.burpSuite().importProjectOptionsFromJson(serializedProxySettings);
+    }
+    static void updateTLSSettingsSync(String[] protocols, String[] ciphers) {
+        String project_settings = montoyaApi.burpSuite().exportProjectOptionsAsJson("project_options");
+        TLSSettings currentTLSSettings = gson.fromJson(project_settings, TLSSettings.class);
+        currentTLSSettings.addProtocols(protocols);
+        currentTLSSettings.addCiphers(ciphers);
+        String serializedTLSSettings = gson.toJson(currentTLSSettings);
+        montoyaApi.burpSuite().importProjectOptionsFromJson(serializedTLSSettings);
     }
 
-    static void warmTLSSettings() {
-        String project_settings = Utilities.readResourceForClass("/project_options.json", Utilities.class);
-        montoyaApi.burpSuite().importProjectOptionsFromJson(project_settings);
+    static void importProject(String serializedSettings) {
+        try {
+            SwingUtilities.invokeAndWait(() -> {
+                montoyaApi.burpSuite().importProjectOptionsFromJson(serializedSettings);
+            });
+        } catch (Exception ignored){}
     }
 
 
@@ -99,7 +115,7 @@ public static String readResourceForClass(final String fileName, Class clazz) {
 
     public static boolean doesHostExist(String urlString) {
         try {
-            URL url = new URL(urlString);
+            URI url = new URI(urlString);
             String host = url.getHost();
             InetAddress address = InetAddress.getByName(host);
             return address != null;
@@ -126,7 +142,7 @@ static HttpRequestResponse attemptRequest(HttpRequestResponse requestResponse, S
     }
 
     static boolean compareResponses(HttpRequestResponse baseRequest, HttpRequestResponse comparableResponse) {
-        if (baseRequest.response() == null || comparableResponse == null) return false;
+        if (baseRequest.response() == null || comparableResponse.response() == null) return false;
         double P = 0.1;
         int b = 0;
         int c = 0;

diff --git a/src/main/resources/strings.properties b/src/main/resources/strings.properties
@@ -3,5 +3,5 @@ greetings=Bypass bot detection started
 error=Extension failed with exception!
 menu_brute_force=Brute force ciphers
 preferences=net.portswigger.burp.extensions.bypass.bot.detection
-loading=Loading custom Settings -> Network -> TLS Negotiation. Unload the extension to restore defaults!
+loading=Loading custom Settings -> Network -> TLS Negotiation -> Use custom protocols and ciphers. Unload the extension to restore defaults!
 negotiation=Bypass!