STRLCPY/autorize

Merge pull request #10 from Quitten/master
```
Autorize upgrade - Version 1.5
```
HannahLaw-Portswigger committed with GitHub 3 years ago

1ff1a869

2 parents
75f8c1aa
b250ef21

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

BappDescription.html

		skipped 8 lines
9	9
10	10		<p>It is also possible to repeat every request without any
11	11		cookies in order to detect authentication vulnerabilities in
12		-	addiction to authorization ones.</p>
	12	+	addition to authorization ones.</p>
13	13
14	14		<p>The plugin works without any configuration, but is also highly
15	15		customizable, allowing configuration of the granularity of the authorization
		skipped 7 lines
23	23		<li>Enforced! - Green color</li>
24	24		<li>Is enforced??? (please configure enforcement detector) - Yellow color</li>
25	25		</ol>
	26	+

■ ■ ■ ■ ■ ■

BappManifest.bmf

		skipped 1 lines
2	2		ExtensionType: 2
3	3		Name: Autorize
4	4		RepoName: autorize
5		-	ScreenVersion: 1.4
	5	+	ScreenVersion: 1.5
6	6		SerialVersion: 18
7	7		MinPlatformVersion: 0
8	8		ProOnly: False
		skipped 5 lines

■ ■ ■ ■ ■ ■

README.md

		skipped 17 lines
18	18		2. Open the configuration tab (Autorize -> Configuration).
19	19		3. Get your low-privileged user authorization token header (Cookie / Authorization) and copy it into the textbox containing the text "Insert injected header here".
20	20		Note: Headers inserted here will be replaced if present or added if not.
21		-	4. Uncheck "Check unauthenticated" if the authentication test is not required (request without any cookies, to check for authentication enforcement in addiction to authorization enforcement with the cookies of low-privileged user)
	21	+	4. Uncheck "Check unauthenticated" if the authentication test is not required (request without any cookies, to check for authentication enforcement in addition to authorization enforcement with the cookies of low-privileged user)
22	22		5. Check "Intercept requests from Repeater" to also intercept the requests that are sent through the Repeater.
23	23		6. Click on "Intercept is off" to start intercepting the traffic in order to allow Autorize to check for authorization enforcement.
24	24		7. Open a browser and configure the proxy settings so the traffic will be passed to Burp.
		skipped 20 lines
45	45		For example, if there is a request enforcement status that is detected as "Authorization enforced??? (please configure enforcement detector)" it is possible to investigate the modified/original/unauthenticated response and see that the modified response body includes the string "You are not authorized to perform action", so you can add a filter with the fingerprint value "You are not authorized to perform action", so Autorize will look for this fingerprint and will automatically detect that authorization is enforced. It is possible to do the same by defining content-length filter or fingerprint in headers.
46	46
47	47		# Interception Filters
48		-	The interception filter allows you configure what domains you want to be intercepted by Autorize plugin, you can determine by blacklist/whitelist/regex or items in Burp's scope in order to avoid unnesseary domains to be intercepted by Autorize and work more organized.
	48	+	The interception filter allows you configure what domains you want to be intercepted by Autorize plugin, you can determine by blacklist/whitelist/regex or items in Burp's scope in order to avoid unnecessary domains to be intercepted by Autorize and work more organized.
49	49
50	50		Example of interception filters (Note that there is default filter to avoid scripts and images):
51	51		![alt tag](https://raw.githubusercontent.com/Quitten/Autorize/master/interceptionFilters.png)
52	52
53	53
54	54		# Authors
55		-	- Barak Tawily, Application Security Expert
	55	+	- Barak Tawily, CTO @ [enso.security](https://enso.security/) by day, [Application Security Researcher](https://quitten.github.io/) by night
56	56

■ ■ ■ ■ ■ ■

authorization/authorization.py

		skipped 1 lines
2	2		# -- coding: utf-8 --
3	3
4	4		import sys
	5	+	reload(sys)
	6	+
	7	+	sys.setdefaultencoding('utf8')
5	8		sys.path.append("..")
6	9
7		-	from helpers.http import getCookieFromMessage, isStatusCodesReturned, makeMessage, makeRequest, getResponseContentLength, IHttpRequestResponseImplementation
	10	+	from helpers.http import get_authorization_header_from_message, get_cookie_header_from_message, isStatusCodesReturned, makeMessage, makeRequest, getResponseContentLength, IHttpRequestResponseImplementation
8	11		from gui.table import LogEntry, UpdateTableEDT
9	12		from javax.swing import SwingUtilities
10	13		from java.net import URL
		skipped 12 lines
23	26		return True
24	27		return False
25	28
26		-	def handle_cookies_feature(self, messageInfo):
27		-	cookies = getCookieFromMessage(self, messageInfo)
	29	+	def capture_last_cookie_header(self, messageInfo):
	30	+	cookies = get_cookie_header_from_message(self, messageInfo)
28	31		if cookies:
29		-	self.lastCookies = cookies
30		-	self.fetchButton.setEnabled(True)
	32	+	self.lastCookiesHeader = cookies
	33	+	self.fetchCookiesHeaderButton.setEnabled(True)
31	34
32		-	def isToolValid(self, toolFlag):
	35	+	def capture_last_authorization_header(self, messageInfo):
	36	+	authorization = get_authorization_header_from_message(self, messageInfo)
	37	+	if authorization:
	38	+	self.lastAuthorizationHeader = authorization
	39	+	self.fetchAuthorizationHeaderButton.setEnabled(True)
	40	+
	41	+
	42	+	def valid_tool(self, toolFlag):
33	43		return (toolFlag == self._callbacks.TOOL_PROXY or
34		-	(toolFlag == self._callbacks.TOOL_REPEATER and
35		-	self.interceptRequestsfromRepeater.isSelected()))
	44	+	(toolFlag == self._callbacks.TOOL_REPEATER and
	45	+	self.interceptRequestsfromRepeater.isSelected()))
36	46
37	47		def handle_304_status_code_prevention(self, messageIsRequest, messageInfo):
38	48		should_prevent = False
		skipped 19 lines
58	68
59	69		def message_passed_interception_filters(self, messageInfo):
60	70		urlString = str(self._helpers.analyzeRequest(messageInfo).getUrl())
	71	+	reqInfo = self._helpers.analyzeRequest(messageInfo)
	72	+	reqBodyBytes = messageInfo.getRequest()[reqInfo.getBodyOffset():]
	73	+	bodyStr = self._helpers.bytesToString(reqBodyBytes)
	74	+
	75	+	resInfo = self._helpers.analyzeResponse(messageInfo.getResponse())
	76	+	resBodyBytes = messageInfo.getResponse()[resInfo.getBodyOffset():]
	77	+	resStr = self._helpers.bytesToString(resBodyBytes)
	78	+
61	79		message_passed_filters = True
62	80		for i in range(0, self.IFList.getModel().getSize()):
63	81		if self.IFList.getModel().getElementAt(i).split(":")[0] == "Scope items only":
		skipped 19 lines
83	101		if not re.search(regex_string, urlString, re.IGNORECASE) is None:
84	102		message_passed_filters = False
85	103
86		-	if self.IFList.getModel().getElementAt(i).split(":")[0] == "URL Not Contains (regex)":
87		-	regex_string = self.IFList.getModel().getElementAt(i)[26:]
88		-	if not re.search(regex_string, urlString, re.IGNORECASE) is None:
	104	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body contains (simple string)":
	105	+	if self.IFList.getModel().getElementAt(i)[40:] not in bodyStr:
	106	+	message_passed_filters = False
	107	+
	108	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body contains (regex)":
	109	+	regex_string = self.IFList.getModel().getElementAt(i)[32:]
	110	+	if re.search(regex_string, bodyStr, re.IGNORECASE) is None:
	111	+	message_passed_filters = False
	112	+
	113	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body NOT contains (simple string)":
	114	+	if self.IFList.getModel().getElementAt(i)[44:] in bodyStr:
	115	+	message_passed_filters = False
	116	+
	117	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Request Body Not contains (regex)":
	118	+	regex_string = self.IFList.getModel().getElementAt(i)[36:]
	119	+	if not re.search(regex_string, bodyStr, re.IGNORECASE) is None:
	120	+	message_passed_filters = False
	121	+
	122	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body contains (simple string)":
	123	+	if self.IFList.getModel().getElementAt(i)[41:] not in resStr:
	124	+	message_passed_filters = False
	125	+
	126	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body contains (regex)":
	127	+	regex_string = self.IFList.getModel().getElementAt(i)[33:]
	128	+	if re.search(regex_string, resStr, re.IGNORECASE) is None:
	129	+	message_passed_filters = False
	130	+
	131	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body NOT contains (simple string)":
	132	+	if self.IFList.getModel().getElementAt(i)[45:] in resStr:
	133	+	message_passed_filters = False
	134	+
	135	+	if self.IFList.getModel().getElementAt(i).split(":")[0] == "Response Body Not contains (regex)":
	136	+	regex_string = self.IFList.getModel().getElementAt(i)[37:]
	137	+	if not re.search(regex_string, resStr, re.IGNORECASE) is None:
89	138		message_passed_filters = False
90	139
91	140		if self.IFList.getModel().getElementAt(i).split(":")[0] == "Only HTTP methods (newline separated)":
		skipped 16 lines
108	157		if tool_needs_to_be_ignored(self, toolFlag):
109	158		return
110	159
111		-	handle_cookies_feature(self, messageInfo)
	160	+	capture_last_cookie_header(self, messageInfo)
	161	+	capture_last_authorization_header(self, messageInfo)
112	162
113		-	if self.intercept and isToolValid(self, toolFlag):
	163	+	if (self.intercept and valid_tool(self, toolFlag) or toolFlag == "AUTORIZE"):
114	164		handle_304_status_code_prevention(self, messageIsRequest, messageInfo)
115	165
116	166		if not messageIsRequest:
		skipped 10 lines
127	177		if message_passed_interception_filters(self, messageInfo):
128	178		checkAuthorization(self, messageInfo,self._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(),self.doUnauthorizedRequest.isSelected())
129	179
130		-	def sendRequestToAutorizeWork(self, messageInfo):
	180	+	def send_request_to_autorize(self, messageInfo):
131	181		if messageInfo.getResponse() is None:
132	182		message = makeMessage(self, messageInfo,False,False)
133	183		requestResponse = makeRequest(self, messageInfo, message)
		skipped 19 lines
153	203
154	204		response = requestResponse.getResponse()
155	205		for filter in filters:
156		-	if str(filter).startswith("Status code equals: "):
	206	+	filter = self._helpers.bytesToString(bytes(filter))
	207	+	if filter.startswith("Status code equals: "):
157	208		statusCode = filter[20:]
158	209		if andEnforcementCheck:
159	210		if auth_enforced and not isStatusCodesReturned(self, requestResponse, statusCode):
		skipped 2 lines
162	213		if not auth_enforced and isStatusCodesReturned(self, requestResponse, statusCode):
163	214		auth_enforced = True
164	215
165		-	if str(filter).startswith("Headers (simple string): "):
	216	+	if filter.startswith("Headers (simple string): "):
166	217		if andEnforcementCheck:
167	218		if auth_enforced and not filter[25:] in self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()]):
168	219		auth_enforced = False
		skipped 1 lines
170	221		if not auth_enforced and filter[25:] in self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()]):
171	222		auth_enforced = True
172	223
173		-	if str(filter).startswith("Headers (regex): "):
	224	+	if filter.startswith("Headers (regex): "):
174	225		regex_string = filter[17:]
175	226		p = re.compile(regex_string, re.IGNORECASE)
176	227		if andEnforcementCheck:
		skipped 3 lines
180	231		if not auth_enforced and p.search(self._helpers.bytesToString(requestResponse.getResponse()[0:analyzedResponse.getBodyOffset()])):
181	232		auth_enforced = True
182	233
183		-	if str(filter).startswith("Body (simple string): "):
	234	+	if filter.startswith("Body (simple string): "):
184	235		if andEnforcementCheck:
185	236		if auth_enforced and not filter[22:] in self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():]):
186	237		auth_enforced = False
		skipped 1 lines
188	239		if not auth_enforced and filter[22:] in self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():]):
189	240		auth_enforced = True
190	241
191		-	if str(filter).startswith("Body (regex): "):
	242	+	if filter.startswith("Body (regex): "):
192	243		regex_string = filter[14:]
193	244		p = re.compile(regex_string, re.IGNORECASE)
194	245		if andEnforcementCheck:
		skipped 3 lines
198	249		if not auth_enforced and p.search(self._helpers.bytesToString(requestResponse.getResponse()[analyzedResponse.getBodyOffset():])):
199	250		auth_enforced = True
200	251
201		-	if str(filter).startswith("Full response (simple string): "):
	252	+	if filter.startswith("Full response (simple string): "):
202	253		if andEnforcementCheck:
203	254		if auth_enforced and not filter[31:] in self._helpers.bytesToString(requestResponse.getResponse()):
204	255		auth_enforced = False
		skipped 1 lines
206	257		if not auth_enforced and filter[31:] in self._helpers.bytesToString(requestResponse.getResponse()):
207	258		auth_enforced = True
208	259
209		-	if str(filter).startswith("Full response (regex): "):
	260	+	if filter.startswith("Full response (regex): "):
210	261		regex_string = filter[23:]
211	262		p = re.compile(regex_string, re.IGNORECASE)
212	263		if andEnforcementCheck:
		skipped 3 lines
216	267		if not auth_enforced and p.search(self._helpers.bytesToString(requestResponse.getResponse())):
217	268		auth_enforced = True
218	269
219		-	if str(filter).startswith("Full response length: "):
	270	+	if filter.startswith("Full response length: "):
220	271		if andEnforcementCheck:
221	272		if auth_enforced and not str(len(response)) == filter[22:].strip():
222	273		auth_enforced = False
		skipped 4 lines
227	278
228	279		def checkBypass(self, oldStatusCode, newStatusCode, oldContentLen,
229	280		newContentLen, filters, requestResponse, andOrEnforcement):
230		-
231	281		if oldStatusCode == newStatusCode:
232		-	if oldContentLen == newContentLen:
233		-	return self.BYPASSSED_STR
234		-	# If no enforcement detectors are set and the HTTP response is the same, the impression is yellow
235	282		auth_enforced = 0
236		-
237	283		if len(filters) > 0:
238	284		auth_enforced = auth_enforced_via_enforcement_detectors(self, filters, requestResponse, andOrEnforcement)
239		-
240	285		if auth_enforced:
241	286		return self.ENFORCED_STR
	287	+	elif oldContentLen == newContentLen:
	288	+	return self.BYPASSSED_STR
242	289		else:
243	290		return self.IS_ENFORCED_STR
244		-
245	291		else:
246	292		return self.ENFORCED_STR
247	293
		skipped 40 lines
288	334		self.currentRequestNumber = self.currentRequestNumber + 1
289	335		self._lock.release()
290	336
	337	+	def checkAuthorizationV2(self, messageInfo):
	338	+	checkAuthorization(self, messageInfo, self._extender._helpers.analyzeResponse(messageInfo.getResponse()).getHeaders(), self._extender.doUnauthorizedRequest.isSelected())
291	339
	340	+	def retestAllRequests(self):
	341	+	for i in range(self.tableModel.getRowCount()):
	342	+	logEntry = self._log.get(self.logTable.convertRowIndexToModel(i))
	343	+	handle_message(self, "AUTORIZE", False, logEntry._originalrequestResponse)

■ ■ ■ ■ ■ ■

gui/configuration_tab.py

		skipped 7 lines
8	8		from javax.swing import JScrollPane
9	9		from javax.swing import JTabbedPane
10	10		from javax.swing import JOptionPane
	11	+	from javax.swing import JSplitPane
11	12		from javax.swing import JComboBox
12	13		from javax.swing import JTextArea
13	14		from javax.swing import JCheckBox
14	15		from javax.swing import JButton
15	16		from javax.swing import JPanel
	17	+	from javax.swing import JLabel
16	18
17	19		from table import UpdateTableEDT
18	20
		skipped 4 lines
23	25		def draw(self):
24	26		""" init configuration tab
25	27		"""
26		-
	28	+	self.DEFUALT_REPLACE_TEXT = "Cookie: Insert=injected; cookie=or;\nHeader: here"
27	29		self._extender.startButton = JToggleButton("Autorize is off",
28	30		actionPerformed=self.startOrStop)
29	31		self._extender.startButton.setBounds(10, 20, 230, 30)
		skipped 16 lines
46	48		self._extender.doUnauthorizedRequest.setBounds(280, 65, 300, 30)
47	49		self._extender.doUnauthorizedRequest.setSelected(True)
48	50
49		-	self._extender.saveHeadersButton = JButton("Save headers",
	51	+	self._extender.replaceQueryParam = JCheckBox("Replace query params", actionPerformed=self.replaceQueryHanlder)
	52	+	self._extender.replaceQueryParam.setBounds(280, 85, 300, 30)
	53	+	self._extender.replaceQueryParam.setSelected(False)
	54	+
	55	+	self._extender.saveHeadersButton = JButton("Add",
50	56		actionPerformed=self.saveHeaders)
51		-	self._extender.saveHeadersButton.setBounds(360, 115, 120, 30)
	57	+	self._extender.saveHeadersButton.setBounds(315, 115, 80, 30)
	58	+
	59	+	self._extender.removeHeadersButton = JButton("Remove",
	60	+	actionPerformed=self.removeHeaders)
	61	+	self._extender.removeHeadersButton.setBounds(400, 115, 80, 30)
52	62
53	63		savedHeadersTitles = self.getSavedHeadersTitles()
54	64		self._extender.savedHeadersTitlesCombo = JComboBox(savedHeadersTitles)
55	65		self._extender.savedHeadersTitlesCombo.addActionListener(SavedHeaderChange(self._extender))
56	66		self._extender.savedHeadersTitlesCombo.setBounds(10, 115, 300, 30)
57	67
58		-	self._extender.replaceString = JTextArea("Cookie: Insert=injected; cookie=or;\nHeader: here", 5, 30)
	68	+	self._extender.replaceString = JTextArea(self.DEFUALT_REPLACE_TEXT, 5, 30)
59	69		self._extender.replaceString.setWrapStyleWord(True)
60	70		self._extender.replaceString.setLineWrap(True)
61	71		scrollReplaceString = JScrollPane(self._extender.replaceString)
62	72		scrollReplaceString.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED)
63	73		scrollReplaceString.setBounds(10, 150, 470, 150)
64	74
65		-	self._extender.fetchButton = JButton("Fetch cookies from last request",
66		-	actionPerformed=self.fetchCookies)
67		-	self._extender.fetchButton.setEnabled(False)
68		-	self._extender.fetchButton.setBounds(10, 305, 250, 30)
	75	+	fromLastRequestLabel = JLabel("From last request:")
	76	+	fromLastRequestLabel.setBounds(10, 305, 250, 30)
	77	+
	78	+	self._extender.fetchCookiesHeaderButton = JButton("Fetch Cookies header",
	79	+	actionPerformed=self.fetchCookiesHeader)
	80	+	self._extender.fetchCookiesHeaderButton.setEnabled(False)
	81	+	self._extender.fetchCookiesHeaderButton.setBounds(10, 330, 220, 30)
	82	+
	83	+	self._extender.fetchAuthorizationHeaderButton = JButton("Fetch Authorization header",
	84	+	actionPerformed=self.fetchAuthorizationHeader)
	85	+	self._extender.fetchAuthorizationHeaderButton.setEnabled(False)
	86	+	self._extender.fetchAuthorizationHeaderButton.setBounds(260, 330, 220, 30)
69	87
70	88		self._extender.filtersTabs = JTabbedPane()
71	89		self._extender.filtersTabs = self._extender.filtersTabs
		skipped 7 lines
79	97		self._extender.filtersTabs.setSelectedIndex(2)
80	98		self._extender.filtersTabs.setBounds(0, 350, 2000, 700)
81	99
82		-	self._extender.pnl = JPanel()
83		-	self.pnl = self._extender.pnl
84		-	self.pnl.setBounds(0, 0, 1000, 1000)
85		-	self.pnl.setLayout(None)
86		-	self.pnl.add(self._extender.startButton)
87		-	self.pnl.add(self._extender.clearButton)
88		-	self.pnl.add(scrollReplaceString)
89		-	self.pnl.add(self._extender.saveHeadersButton)
90		-	self.pnl.add(self._extender.savedHeadersTitlesCombo)
91		-	self.pnl.add(self._extender.fetchButton)
92		-	self.pnl.add(self._extender.autoScroll)
93		-	self.pnl.add(self._extender.interceptRequestsfromRepeater)
94		-	self.pnl.add(self._extender.ignore304)
95		-	self.pnl.add(self._extender.prevent304)
96		-	self.pnl.add(self._extender.doUnauthorizedRequest)
97		-	self.pnl.add(self._extender.filtersTabs)
	100	+	self.config_pnl = JPanel()
	101	+	self.config_pnl.setBounds(0, 0, 1000, 1000)
	102	+	self.config_pnl.setLayout(None)
	103	+	self.config_pnl.add(self._extender.startButton)
	104	+	self.config_pnl.add(self._extender.clearButton)
	105	+	self.config_pnl.add(scrollReplaceString)
	106	+	self.config_pnl.add(fromLastRequestLabel)
	107	+	self.config_pnl.add(self._extender.saveHeadersButton)
	108	+	self.config_pnl.add(self._extender.removeHeadersButton)
	109	+	self.config_pnl.add(self._extender.savedHeadersTitlesCombo)
	110	+	self.config_pnl.add(self._extender.fetchCookiesHeaderButton)
	111	+	self.config_pnl.add(self._extender.fetchAuthorizationHeaderButton)
	112	+	self.config_pnl.add(self._extender.autoScroll)
	113	+	self.config_pnl.add(self._extender.interceptRequestsfromRepeater)
	114	+	self.config_pnl.add(self._extender.ignore304)
	115	+	self.config_pnl.add(self._extender.prevent304)
	116	+	self.config_pnl.add(self._extender.doUnauthorizedRequest)
	117	+	self.config_pnl.add(self._extender.replaceQueryParam)
	118	+
	119	+	self._extender._cfg_splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
	120	+	self._extender._cfg_splitpane.setResizeWeight(0.5)
	121	+	self._extender._cfg_splitpane.setBounds(0, 0, 1000, 1000)
	122	+	self._extender._cfg_splitpane.setRightComponent(self._extender.filtersTabs)
	123	+	self._extender._cfg_splitpane.setLeftComponent(self.config_pnl)
98	124
99	125		def startOrStop(self, event):
100	126		if self._extender.startButton.getText() == "Autorize is off":
		skipped 12 lines
113	139		SwingUtilities.invokeLater(UpdateTableEDT(self._extender,"delete",0, oldSize - 1))
114	140		self._extender._lock.release()
115	141
	142	+	def replaceQueryHanlder(self, event):
	143	+	if self._extender.replaceQueryParam.isSelected():
	144	+	self._extender.replaceString.setText("paramName=paramValue")
	145	+	else:
	146	+	self._extender.replaceString.setText(self.DEFUALT_REPLACE_TEXT)
	147	+
116	148		def saveHeaders(self, event):
117	149		savedHeadersTitle = JOptionPane.showInputDialog("Please provide saved headers title:")
118	150		self._extender.savedHeaders.append({'title': savedHeadersTitle, 'headers': self._extender.replaceString.getText()})
119	151		self._extender.savedHeadersTitlesCombo.setModel(DefaultComboBoxModel(self.getSavedHeadersTitles()))
120	152		self._extender.savedHeadersTitlesCombo.getModel().setSelectedItem(savedHeadersTitle)
121	153
	154	+	def removeHeaders(self, event):
	155	+	model = self._extender.savedHeadersTitlesCombo.getModel()
	156	+	selectedItem = model.getSelectedItem()
	157	+	if selectedItem == "Temporary headers":
	158	+	return
	159	+
	160	+	delObject = None
	161	+	for savedHeaderObj in self._extender.savedHeaders:
	162	+	if selectedItem == savedHeaderObj['title']:
	163	+	delObject = savedHeaderObj
	164	+	self._extender.savedHeaders.remove(delObject)
	165	+	model.removeElement(selectedItem)
	166	+
122	167		def getSavedHeadersTitles(self):
123	168		titles = []
124	169		for savedHeaderObj in self._extender.savedHeaders:
125	170		titles.append(savedHeaderObj['title'])
126	171		return titles
127	172
128		-	def fetchCookies(self, event):
129		-	if self._extender.lastCookies:
130		-	self._extender.replaceString.setText(self._extender.lastCookies)
	173	+	def fetchCookiesHeader(self, event):
	174	+	if self._extender.lastCookiesHeader:
	175	+	self._extender.replaceString.setText(self._extender.lastCookiesHeader)
	176	+
	177	+	def fetchAuthorizationHeader(self, event):
	178	+	if self._extender.lastAuthorizationHeader:
	179	+	self._extender.replaceString.setText(self._extender.lastAuthorizationHeader)
131	180
132	181		class SavedHeaderChange(ActionListener):
133	182		def __init__(self, extender):
		skipped 8 lines

■ ■ ■ ■ ■ ■

gui/interception_filters.py

		skipped 32 lines
33	33		"URL Contains (regex): ",
34	34		"URL Not Contains (simple string): ",
35	35		"URL Not Contains (regex): ",
	36	+	"Request Body contains (simple string): ",
	37	+	"Request Body contains (regex): ",
	38	+	"Request Body NOT contains (simple string): ",
	39	+	"Request Body Not contains (regex): ",
	40	+	"Response Body contains (simple string): ",
	41	+	"Response Body contains (regex): ",
	42	+	"Response Body NOT contains (simple string): ",
	43	+	"Response Body Not contains (regex): ",
36	44		"Only HTTP methods (newline separated): ",
37	45		"Ignore HTTP methods (newline separated): ",
38	46		"Ignore spider requests: (Content is not required)",
		skipped 62 lines

■ ■ ■ ■ ■ ■

gui/menu.py

		skipped 6 lines
7	7		from javax.swing import JMenuItem
8	8		from java.awt.event import ActionListener
9	9
	10	+	from authorization.authorization import send_request_to_autorize
	11	+	from helpers.http import get_cookie_header_from_message, get_authorization_header_from_message
	12	+
10	13		from thread import start_new_thread
11	14
12	15		class MenuImpl(IContextMenuFactory):
		skipped 5 lines
18	21		if responses > 0:
19	22		ret = LinkedList()
20	23		requestMenuItem = JMenuItem("Send request to Autorize")
21		-	cookieMenuItem = JMenuItem("Send cookie to Autorize")
	24	+	cookieMenuItem = JMenuItem("Send Cookie header to Autorize")
	25	+	authMenuItem = JMenuItem("Send Authorziation header to Autorize")
22	26
23	27		for response in responses:
24	28		requestMenuItem.addActionListener(HandleMenuItems(self._extender,response, "request"))
25	29		cookieMenuItem.addActionListener(HandleMenuItems(self._extender, response, "cookie"))
	30	+	authMenuItem.addActionListener(HandleMenuItems(self._extender, response, "authorization"))
26	31		ret.add(requestMenuItem)
27	32		ret.add(cookieMenuItem)
	33	+	ret.add(authMenuItem)
28	34		return ret
29	35		return None
30	36
		skipped 5 lines
36	42
37	43		def actionPerformed(self, e):
38	44		if self._menuName == "request":
39		-	start_new_thread(self._extender.sendRequestToAutorizeWork,(self._messageInfo,))
	45	+	start_new_thread(send_request_to_autorize, (self._extender, self._messageInfo,))
40	46
41	47		if self._menuName == "cookie":
42		-	self._extender.replaceString.setText(self._extender.getCookieFromMessage(self._messageInfo))
	48	+	self._extender.replaceString.setText(get_cookie_header_from_message(self._extender, self._messageInfo))
	49	+
	50	+	if self._menuName == "authorization":
	51	+	self._extender.replaceString.setText(get_authorization_header_from_message(self._extender, self._messageInfo))
43	52

■ ■ ■ ■ ■ ■

gui/save_restore.py

		skipped 150 lines
151	151
152	152		lastRow = self._extender._log.size()
153	153		if lastRow > 0:
154		-	cookies = self._extender.getCookieFromMessage(self._extender._log.get(lastRow - 1)._requestResponse)
155		-	if cookies:
156		-	self._extender.lastCookies = cookies
157		-	self._extender.fetchButton.setEnabled(True)
	154	+	cookiesHeader = self._extender.get_cookie_header_from_message(self._extender._log.get(lastRow - 1)._requestResponse)
	155	+	if cookiesHeader:
	156	+	self._extender.lastCookiesHeader = cookiesHeader
	157	+	self._extender.fetchCookiesHeaderButton.setEnabled(True)
	158	+	authorizationHeader = self._extender.get_authorization_header_from_message(self._extender._log.get(lastRow - 1)._requestResponse)
	159	+	if authorizationHeader:
	160	+	self._extender.lastAuthorizationHeader = authorizationHeader
	161	+	self._extender.fetchAuthorizationHeaderButton.setEnabled(True)
	162	+
158	163

■ ■ ■ ■ ■ ■

gui/table.py

		skipped 141 lines
142	142		return logEntry._enfocementStatusUnauthorized
143	143		return ""
144	144
145		-	# TODO:
146		-	# header black background white text
147		-	# columns borders per row black
148		-	# all header text centered
149		-	# all rows centered as well?
150		-	# change fonts of items
151		-	# bold text?
152		-
153		-	# implement custom header:
154		-	# JTable table = new JTable(…);
155		-	# JTableHeader header = table.getTableHeader();
156		-	# header.setDefaultRenderer(new HeaderRenderer(table));
157		-	# Custom header renderer:
158		-
159		-	# private static class HeaderRenderer implements TableCellRenderer {
160		-
161		-	# DefaultTableCellRenderer renderer;
162		-
163		-	# public HeaderRenderer(JTable table) {
164		-	# renderer = (DefaultTableCellRenderer)
165		-	# table.getTableHeader().getDefaultRenderer();
166		-	# renderer.setHorizontalAlignment(JLabel.CENTER);
167		-	# }
168		-
169		-	# @Override
170		-	# public Component getTableCellRendererComponent(
171		-	# JTable table, Object value, boolean isSelected,
172		-	# boolean hasFocus, int row, int col) {
173		-	# return renderer.getTableCellRendererComponent(
174		-	# table, value, isSelected, hasFocus, row, col);
175		-	# }
176		-	# }
177		-
178		-
179	145		class Table(JTable):
180	146		def __init__(self, extender):
181	147		self._extender = extender
		skipped 129 lines

■ ■ ■ ■ ■ ■

gui/tabs.py

		skipped 18 lines
19	19		from burp import ITab
20	20		from burp import IMessageEditorController
21	21
	22	+	from authorization.authorization import handle_message, retestAllRequests
	23	+
22	24		from thread import start_new_thread
23	25
24	26		from table import Table, LogEntry, TableRowFilter
		skipped 54 lines
79	81
80	82		retestSelecteditem = JMenuItem("Retest selected request")
81	83		retestSelecteditem.addActionListener(RetestSelectedRequest(self._extender))
	84	+
	85	+	retestAllitem = JMenuItem("Retest all requests")
	86	+	retestAllitem.addActionListener(RetestAllRequests(self._extender))
82	87
83	88		deleteSelectedItem = JMenuItem("Delete")
84	89		deleteSelectedItem.addActionListener(DeleteSelectedRequest(self._extender))
		skipped 4 lines
89	94		self._extender.menu.add(sendResponseMenu)
90	95		self._extender.menu.add(copyURLitem)
91	96		self._extender.menu.add(retestSelecteditem)
	97	+	self._extender.menu.add(retestAllitem)
92	98		# self.menu.add(deleteSelectedItem) disabling this feature until bug will be fixed.
93	99		message_editor = MessageEditor(self._extender)
94	100
		skipped 35 lines
130	136
131	137		self._extender.tabs.addTab("Request/Response Viewers", self._extender.requests_panel)
132	138
133		-	self._extender.tabs.addTab("Configuration", self._extender.pnl)
	139	+	self._extender.tabs.addTab("Configuration", self._extender._cfg_splitpane)
134	140		self._extender.tabs.setSelectedIndex(1)
135	141		self._extender._splitpane.setRightComponent(self._extender.tabs)
136	142
		skipped 11 lines
148	154		request = self._extender._currentlyDisplayedItem._requestResponse
149	155		host = request.getHttpService().getHost()
150	156		port = request.getHttpService().getPort()
	157	+	proto = request.getHttpService().getProtocol()
	158	+	secure = True if proto == "https" else False
151	159
152		-	self._callbacks.sendToRepeater(host, port, 1, request.getRequest(), "Autorize");
	160	+	self._callbacks.sendToRepeater(host, port, secure, request.getRequest(), "Autorize");
153	161
154	162		class SendResponseComparer(ActionListener):
155	163		def __init__(self, extender, callbacks):
		skipped 15 lines
171	179		self._extender = extender
172	180
173	181		def actionPerformed(self, e):
174		-	start_new_thread(self._extender.checkAuthorization, (self._extender._currentlyDisplayedItem._originalrequestResponse, self._extender._helpers.analyzeResponse(self._extender._currentlyDisplayedItem._originalrequestResponse.getResponse()).getHeaders(), self._extender.doUnauthorizedRequest.isSelected()))
	182	+	start_new_thread(handle_message, (self._extender, "AUTORIZE", False, self._extender._currentlyDisplayedItem._originalrequestResponse))
	183	+
	184	+	class RetestAllRequests(ActionListener):
	185	+	def __init__(self, extender):
	186	+	self._extender = extender
	187	+
	188	+	def actionPerformed(self, e):
	189	+	start_new_thread(retestAllRequests, (self._extender,))
	190	+
175	191
176	192		class DeleteSelectedRequest(ActionListener):
177	193		def __init__(self, extender):
178	194		self._extender = extender
179	195
180		-	def actionPerformed(self, e): # bug after first deletion!
	196	+	def actionPerformed(self, e):
	197	+	# TODO: Implement this function.
181	198		pass
182		-	# logBackup = self._extender._log[:]
183		-	# self._extender.clearList(self)
184		-	# self._extender._lock.acquire()
185		-	# print self._extender._currentlyDisplayedItem
186		-	# logBackup.remove(self._extender._currentlyDisplayedItem)
187		-	# self._extender._log = logBackup
188		-	# row = self._extender._log.size()
189		-	# start_new_thread(self._extender.UpdateTableEDT, (self._extender,"insert",row,row))
190		-	# SwingUtilities.invokeLater(UpdateTableEDT(self._extender,"delete",0, oldSize - 1))
191		-	# self._extender._lock.release()
192	199
193	200		class CopySelectedURL(ActionListener):
194	201		def __init__(self, extender):
		skipped 14 lines
209	216
210	217		class MessageEditor(IMessageEditorController):
211	218		def __init__(self, extender):
212		-	pass
	219	+	self._extender = extender
213	220
214	221		def getHttpService(self):
215	222		return self._extender._currentlyDisplayedItem.getHttpService()
		skipped 19 lines

■ ■ ■ ■ ■ ■

helpers/http.py

		skipped 24 lines
25	25		headers = requestInfo.getHeaders()
26	26		if removeOrNot:
27	27		headers = list(headers)
28		-	removeHeaders = self.replaceString.getText()
	28	+	# flag for query
	29	+	queryFlag = self.replaceQueryParam.isSelected()
	30	+	if queryFlag:
	31	+	param = self.replaceString.getText().split("=")
	32	+	paramKey = param[0]
	33	+	paramValue = param[1]
	34	+	# ([\?&])test=.*?(?=[\s&])
	35	+	pattern = r"([\?&]){}=.*?(?=[\s&])".format(paramKey)
	36	+	patchedHeader = re.sub(pattern, r"\1{}={}".format(paramKey, paramValue), headers[0], count=1, flags=re.DOTALL)
	37	+	headers[0] = patchedHeader
	38	+	else:
	39	+	removeHeaders = self.replaceString.getText()
29	40
30		-	# Headers must be entered line by line i.e. each header in a new
31		-	# line
32		-	removeHeaders = [header for header in removeHeaders.split() if header.endswith(':')]
	41	+	# Headers must be entered line by line i.e. each header in a new
	42	+	# line
	43	+	removeHeaders = [header for header in removeHeaders.split() if header.endswith(':')]
33	44
34		-	for header in headers[:]:
35		-	for removeHeader in removeHeaders:
36		-	if header.startswith(removeHeader):
37		-	headers.remove(header)
	45	+	for header in headers[:]:
	46	+	for removeHeader in removeHeaders:
	47	+	if header.startswith(removeHeader):
	48	+	headers.remove(header)
38	49
39	50		if authorizeOrNot:
40	51		# simple string replace
		skipped 3 lines
44	55		if(v["type"] == "Headers (regex):") :
45	56		headers = map(lambda h: re.sub(v["regexMatch"], v["replace"], h), headers)
46	57
47		-	# fix missing carriage return on *NIX systems
48		-	replaceStringLines = self.replaceString.getText().split("\n")
	58	+	if not queryFlag:
	59	+	# fix missing carriage return on *NIX systems
	60	+	replaceStringLines = self.replaceString.getText().split("\n")
49	61
50		-	for h in replaceStringLines:
51		-	headers.append(h)
52		-
	62	+	for h in replaceStringLines:
	63	+	headers.append(h)
53	64
54	65		msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
55	66
		skipped 20 lines
76	87		def getResponseContentLength(self, response):
77	88		return len(response) - self._helpers.analyzeResponse(response).getBodyOffset()
78	89
79		-	def getCookieFromMessage(self, messageInfo):
	90	+	def get_cookie_header_from_message(self, messageInfo):
80	91		headers = list(self._helpers.analyzeRequest(messageInfo.getRequest()).getHeaders())
81	92		for header in headers:
82	93		if header.strip().lower().startswith("cookie:"):
	94	+	return header
	95	+	return None
	96	+
	97	+	def get_authorization_header_from_message(self, messageInfo):
	98	+	headers = list(self._helpers.analyzeRequest(messageInfo.getRequest()).getHeaders())
	99	+	for header in headers:
	100	+	if header.strip().lower().startswith("authorization:"):
83	101		return header
84	102		return None
85	103
		skipped 38 lines

■ ■ ■ ■ ■ ■

helpers/initiator.py

		skipped 18 lines
19	19
20	20		def init_constants(self):
21	21		self.contributors = ["Federico Dotta", "mgeeky", "Marcin Woloszyn", "jpginc"]
22		-	self._extender.version = 1.4
	22	+	self._extender.version = 1.5
23	23		self._extender._log = ArrayList()
24	24		self._extender._lock = Lock()
25	25
		skipped 2 lines
28	28		self._extender.ENFORCED_STR = "Enforced!"
29	29
30	30		self._extender.intercept = 0
31		-	self._extender.lastCookies = ""
	31	+	self._extender.lastCookiesHeader = ""
	32	+	self._extender.lastAuthorizationHeader = ""
	33	+
32	34		self._extender.currentRequestNumber = 1
33	35		self._extender.expanded_requests = 0
34	36
		skipped 44 lines

Merge pull request #10 from Quitten/master