From e8cd64c876c427638b073d968b25c4744a7e1381 Mon Sep 17 00:00:00 2001 From: Eric Holub Date: Fri, 27 Dec 2024 11:54:45 -0700 Subject: [PATCH] one single check for injection points, can inject timestamps into path --- build.gradle | 2 +- .../TimestampHttpHandler.java | 261 +++++++++--------- 2 files changed, 132 insertions(+), 131 deletions(-) diff --git a/build.gradle b/build.gradle index 2965857..70ea9ee 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,7 @@ plugins { id 'java' } -version '1.4.0' +version '1.5.0' repositories { mavenLocal() diff --git a/src/main/java/ericholub/timestampinjector/TimestampHttpHandler.java b/src/main/java/ericholub/timestampinjector/TimestampHttpHandler.java index a989a09..80fa640 100644 --- a/src/main/java/ericholub/timestampinjector/TimestampHttpHandler.java +++ b/src/main/java/ericholub/timestampinjector/TimestampHttpHandler.java @@ -1,130 +1,131 @@ -package ericholub.timestampinjector; - -import burp.api.montoya.MontoyaApi; -import burp.api.montoya.core.Annotations; -import burp.api.montoya.core.HighlightColor; -import burp.api.montoya.http.handler.*; -import burp.api.montoya.http.message.requests.HttpRequest; -import burp.api.montoya.http.message.HttpHeader; -import burp.api.montoya.logging.Logging; -import java.util.Date; -import java.time.Instant; -import java.util.List; -import java.util.ArrayList; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; - -import static burp.api.montoya.http.handler.RequestToBeSentAction.continueWith; -import static burp.api.montoya.http.handler.ResponseReceivedAction.continueWith; -import static burp.api.montoya.http.message.params.HttpParameter.urlParameter; - -class TimestampHttpHandler implements HttpHandler { - - public TimestampInjector main; - - public TimestampHttpHandler(TimestampInjector main) { - this.main = main; - } - - - @Override - public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent requestToBeSent) { - Annotations annotations = requestToBeSent.annotations(); - Instant now = main.getCurrentInstantWithOffset(); - Date dateNow = Date.from(now); - - List headers = requestToBeSent.headers(); - String body = requestToBeSent.bodyToString(); - - HttpRequest finalRequest = (HttpRequest) requestToBeSent; - - for (int i = 0; i < headers.size(); i++) { - HttpHeader header = headers.get(i); - - ArrayList injPoints = checkContentForInjectionPoints(header.value()); - - if (injPoints.size() > 0) { - String headerMod = modifyRequestContent(header.value(), injPoints, now, dateNow); - printBeforeAfter("Header", header.toString(), header.name()+": "+headerMod); - finalRequest = finalRequest.withHeader(HttpHeader.httpHeader(header.name(),headerMod)); - } - } - - - ArrayList injPointsBody = checkContentForInjectionPoints(body); - if (injPointsBody.size() > 0) { - String reqBodyMod = modifyRequestContent(body, injPointsBody, now, dateNow); - printBeforeAfter("Body", body, reqBodyMod); - finalRequest = finalRequest.withBody(reqBodyMod); - } - - return continueWith(finalRequest, annotations); - } - - - @Override - public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived responseReceived) { - Annotations annotations = responseReceived.annotations(); - return continueWith(responseReceived, annotations); - } - - private ArrayList checkContentForInjectionPoints(String content) - { - String[] injectionPoints = {"UnixTimeS","UnixTimeMS","URLTimeStamp","TimeStamp"}; - ArrayList ret = new ArrayList(); - - for (int i=0; i injPoints, Instant now, Date dateNow) - { - String ret = content; - String formatedDate = main.formatDate(dateNow); - - if (injPoints.contains("UnixTimeS")) { - long unixTimeSeconds = now.getEpochSecond(); - String unixTimeSecondsString = Long.toString(unixTimeSeconds); - ret = ret.replaceAll("UnixTimeS", unixTimeSecondsString); - } - - if (injPoints.contains("UnixTimeMS")) { - long unixTimeMilliseconds = now.toEpochMilli(); - String unixTimeMilliSsecondsString = Long.toString(unixTimeMilliseconds); - ret = ret.replaceAll("UnixTimeMS", unixTimeMilliSsecondsString); - } - - if (injPoints.contains("URLTimeStamp") && formatedDate != null) { - try { - ret = ret.replaceAll("URLTimeStamp", URLEncoder.encode(formatedDate, "UTF-8")); - } catch (UnsupportedEncodingException e) { - main.log.logToError("Error URL-encoding value: " + ret); - } - } - - if (injPoints.contains("TimeStamp") && formatedDate != null) { - ret = ret.replaceAll("TimeStamp", formatedDate); - } - - return ret; - } - - private void printBeforeAfter(String callContent, String before, String after) - { - this.main.log.logToOutput("Modified: " + callContent); - this.main.log.logToOutput("Before: "); - this.main.log.logToOutput(before); - this.main.log.logToOutput("After: "); - this.main.log.logToOutput(after); - this.main.log.logToOutput("---------------------------------------\n"); - - } -} +package ericholub.timestampinjector; + +import burp.api.montoya.MontoyaApi; +import burp.api.montoya.core.Annotations; +import burp.api.montoya.core.HighlightColor; +import burp.api.montoya.http.handler.*; +import burp.api.montoya.http.message.requests.HttpRequest; +import burp.api.montoya.http.message.HttpHeader; +import burp.api.montoya.logging.Logging; +import java.util.Date; +import java.time.Instant; +import java.util.List; +import java.util.ArrayList; +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; + +import static burp.api.montoya.http.handler.RequestToBeSentAction.continueWith; +import static burp.api.montoya.http.handler.ResponseReceivedAction.continueWith; +import static burp.api.montoya.http.message.params.HttpParameter.urlParameter; + +class TimestampHttpHandler implements HttpHandler { + + public TimestampInjector main; + + public TimestampHttpHandler(TimestampInjector main) { + this.main = main; + } + + + @Override + public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent requestToBeSent) { + + String rawRequestString = requestToBeSent.toString(); + ArrayList injPoints = checkContentForInjectionPoints(rawRequestString); + + HttpRequest finalRequest = (HttpRequest) requestToBeSent; + Annotations annotations = requestToBeSent.annotations(); + + if (injPoints.size() > 0) { + + Instant now = main.getCurrentInstantWithOffset(); + Date dateNow = Date.from(now); + + List headers = requestToBeSent.headers(); + String body = requestToBeSent.bodyToString(); + String path = requestToBeSent.path(); + + for (int i = 0; i < headers.size(); i++) { + HttpHeader header = headers.get(i); + String headerMod = modifyRequestContent(header.value(), injPoints, now, dateNow); + finalRequest = finalRequest.withHeader(HttpHeader.httpHeader(header.name(),headerMod)); + } + + String reqBodyMod = modifyRequestContent(body, injPoints, now, dateNow); + finalRequest = finalRequest.withBody(reqBodyMod); + + String reqPathMod = modifyRequestContent(path, injPoints, now, dateNow); + finalRequest = finalRequest.withPath(reqPathMod); + + } + + return continueWith(finalRequest, annotations); + } + + + @Override + public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived responseReceived) { + Annotations annotations = responseReceived.annotations(); + return continueWith(responseReceived, annotations); + } + + private ArrayList checkContentForInjectionPoints(String content) + { + String[] injectionPoints = {"UnixTimeS","UnixTimeMS","URLTimeStamp","TimeStamp"}; + ArrayList ret = new ArrayList(); + + for (int i=0; i injPoints, Instant now, Date dateNow) + { + String ret = content; + String formatedDate = main.formatDate(dateNow); + + if (injPoints.contains("UnixTimeS")) { + long unixTimeSeconds = now.getEpochSecond(); + String unixTimeSecondsString = Long.toString(unixTimeSeconds); + ret = ret.replaceAll("UnixTimeS", unixTimeSecondsString); + } + + if (injPoints.contains("UnixTimeMS")) { + long unixTimeMilliseconds = now.toEpochMilli(); + String unixTimeMilliSsecondsString = Long.toString(unixTimeMilliseconds); + ret = ret.replaceAll("UnixTimeMS", unixTimeMilliSsecondsString); + } + + if (injPoints.contains("URLTimeStamp") && formatedDate != null) { + try { + ret = ret.replaceAll("URLTimeStamp", URLEncoder.encode(formatedDate, "UTF-8")); + } catch (UnsupportedEncodingException e) { + main.log.logToError("Error URL-encoding value: " + ret); + } + } + + if (injPoints.contains("TimeStamp") && formatedDate != null) { + ret = ret.replaceAll("TimeStamp", formatedDate); + } + + return ret; + } + + private void printBeforeAfter(String callContent, String before, String after) + { + this.main.log.logToOutput("Modified: " + callContent); + this.main.log.logToOutput("Before: "); + this.main.log.logToOutput(before); + this.main.log.logToOutput("After: "); + this.main.log.logToOutput(after); + this.main.log.logToOutput("---------------------------------------\n"); + + } +}