From f5bcd9832f0697f80f38e1e6b419a0c705f6653b Mon Sep 17 00:00:00 2001 From: d4d Date: Fri, 26 Jul 2024 13:59:54 +0100 Subject: [PATCH] Minor fixes --- .../burp/extensions/BypassBotDetection.java | 11 +++---- .../TLSContextMenuItemsProvider.java | 4 +-- .../burp/extensions/TriggerCipherGuesser.java | 5 ++- .../burp/extensions/Utilities.java | 32 ++++++++++++++----- src/main/resources/strings.properties | 2 +- 5 files changed, 35 insertions(+), 19 deletions(-) diff --git a/src/main/java/net/portswigger/burp/extensions/BypassBotDetection.java b/src/main/java/net/portswigger/burp/extensions/BypassBotDetection.java index 4c2d08f..ddc9e42 100644 --- a/src/main/java/net/portswigger/burp/extensions/BypassBotDetection.java +++ b/src/main/java/net/portswigger/burp/extensions/BypassBotDetection.java @@ -2,6 +2,8 @@ import burp.api.montoya.BurpExtension; import burp.api.montoya.MontoyaApi; +import net.portswigger.burp.extensions.beens.Browsers; +import net.portswigger.burp.extensions.beens.MatchAndReplace; import javax.swing.*; import java.util.concurrent.BlockingQueue; @@ -32,13 +34,8 @@ public void initialize(MontoyaApi montoyaApi) { }); // warming up Utilities.log(Utilities.getResourceString("loading")); - String project_settings = Utilities.readResourceForClass("/project_options.json", BypassBotDetection.class); - SwingUtilities.invokeAndWait(() -> { - if(project_settings!=null) { - Utilities.importProject(project_settings); - } - }); - Utilities.loadTLSSettings(); + Utilities.updateTLSSettings(Constants.BROWSERS_PROTOCOLS.get(Browsers.FIREFOX.name), Constants.BROWSERS_CIPHERS.get(Browsers.FIREFOX.name)); + Utilities.updateProxySettings(MatchAndReplace.create(Browsers.FIREFOX)); } catch (Exception e) { diff --git a/src/main/java/net/portswigger/burp/extensions/TLSContextMenuItemsProvider.java b/src/main/java/net/portswigger/burp/extensions/TLSContextMenuItemsProvider.java index f3d47a3..bd934e5 100644 --- a/src/main/java/net/portswigger/burp/extensions/TLSContextMenuItemsProvider.java +++ b/src/main/java/net/portswigger/burp/extensions/TLSContextMenuItemsProvider.java @@ -65,8 +65,8 @@ public List provideMenuItems(ContextMenuEvent contextMenuEvent) { public void addTLSCiphers(Browsers browser){ - Utilities.updateTLSSettings(Constants.BROWSERS_PROTOCOLS.get(browser.name), Constants.BROWSERS_CIPHERS.get(browser.name)); - Utilities.updateProxySettings(MatchAndReplace.create(browser)); + Utilities.updateTLSSettingsSync(Constants.BROWSERS_PROTOCOLS.get(browser.name), Constants.BROWSERS_CIPHERS.get(browser.name)); + Utilities.updateProxySettingsSync(MatchAndReplace.create(browser)); } public void addManualSettings(String negotiation){ Utilities.importProject(negotiation); diff --git a/src/main/java/net/portswigger/burp/extensions/TriggerCipherGuesser.java b/src/main/java/net/portswigger/burp/extensions/TriggerCipherGuesser.java index 45d425c..0d8ba15 100644 --- a/src/main/java/net/portswigger/burp/extensions/TriggerCipherGuesser.java +++ b/src/main/java/net/portswigger/burp/extensions/TriggerCipherGuesser.java @@ -2,6 +2,8 @@ import burp.api.montoya.core.Annotations; import burp.api.montoya.http.message.HttpRequestResponse; +import net.portswigger.burp.extensions.beens.Browsers; +import net.portswigger.burp.extensions.beens.MatchAndReplace; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; @@ -67,7 +69,8 @@ public void run() { Utilities.log(e.getMessage()); } finally { - Utilities.loadTLSSettings(); + Utilities.updateTLSSettingsSync(Constants.BROWSERS_PROTOCOLS.get(Browsers.FIREFOX.name), Constants.BROWSERS_CIPHERS.get(Browsers.FIREFOX.name)); + Utilities.updateProxySettingsSync(MatchAndReplace.create(Browsers.FIREFOX)); } } }); diff --git a/src/main/java/net/portswigger/burp/extensions/Utilities.java b/src/main/java/net/portswigger/burp/extensions/Utilities.java index 403804a..35955e7 100644 --- a/src/main/java/net/portswigger/burp/extensions/Utilities.java +++ b/src/main/java/net/portswigger/burp/extensions/Utilities.java @@ -12,10 +12,12 @@ import com.google.gson.Gson; import net.portswigger.burp.extensions.beens.*; +import javax.swing.*; import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.net.InetAddress; +import java.net.URI; import java.net.URL; import java.util.List; import java.util.Optional; @@ -53,14 +55,28 @@ static void updateTLSSettings(String[] protocols, String[] ciphers) { String serializedTLSSettings = gson.toJson(currentTLSSettings); importProject(serializedTLSSettings); } - - static void importProject(String serializedSettings) { - montoyaApi.burpSuite().importProjectOptionsFromJson(serializedSettings); + static void updateProxySettingsSync(MatchAndReplace rule) { + String proxy = montoyaApi.burpSuite().exportProjectOptionsAsJson("proxy.match_replace_rules"); + ProxySettings currentProxySettings = gson.fromJson(proxy, ProxySettings.class); + ProxySettings changedProxySettings = currentProxySettings.toggleMatchAndReplace(rule); + String serializedProxySettings = gson.toJson(changedProxySettings); + montoyaApi.burpSuite().importProjectOptionsFromJson(serializedProxySettings); + } + static void updateTLSSettingsSync(String[] protocols, String[] ciphers) { + String project_settings = montoyaApi.burpSuite().exportProjectOptionsAsJson("project_options"); + TLSSettings currentTLSSettings = gson.fromJson(project_settings, TLSSettings.class); + currentTLSSettings.addProtocols(protocols); + currentTLSSettings.addCiphers(ciphers); + String serializedTLSSettings = gson.toJson(currentTLSSettings); + montoyaApi.burpSuite().importProjectOptionsFromJson(serializedTLSSettings); } - static void warmTLSSettings() { - String project_settings = Utilities.readResourceForClass("/project_options.json", Utilities.class); - montoyaApi.burpSuite().importProjectOptionsFromJson(project_settings); + static void importProject(String serializedSettings) { + try { + SwingUtilities.invokeAndWait(() -> { + montoyaApi.burpSuite().importProjectOptionsFromJson(serializedSettings); + }); + } catch (Exception ignored){} } @@ -99,7 +115,7 @@ public static String readResourceForClass(final String fileName, Class clazz) { public static boolean doesHostExist(String urlString) { try { - URL url = new URL(urlString); + URI url = new URI(urlString); String host = url.getHost(); InetAddress address = InetAddress.getByName(host); return address != null; @@ -126,7 +142,7 @@ static HttpRequestResponse attemptRequest(HttpRequestResponse requestResponse, S } static boolean compareResponses(HttpRequestResponse baseRequest, HttpRequestResponse comparableResponse) { - if (baseRequest.response() == null || comparableResponse == null) return false; + if (baseRequest.response() == null || comparableResponse.response() == null) return false; double P = 0.1; int b = 0; int c = 0; diff --git a/src/main/resources/strings.properties b/src/main/resources/strings.properties index 0fea0d1..6e086fc 100644 --- a/src/main/resources/strings.properties +++ b/src/main/resources/strings.properties @@ -3,5 +3,5 @@ greetings=Bypass bot detection started error=Extension failed with exception! menu_brute_force=Brute force ciphers preferences=net.portswigger.burp.extensions.bypass.bot.detection -loading=Loading custom Settings -> Network -> TLS Negotiation. Unload the extension to restore defaults! +loading=Loading custom Settings -> Network -> TLS Negotiation -> Use custom protocols and ciphers. Unload the extension to restore defaults! negotiation=Bypass! \ No newline at end of file