crash.software
Projects
Pull Requests
Issues
Builds
sensitive-discoverer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY sensitive-discoverer Commits f85c38e9
🤬

  • Fix multiple regex finder inside HTTP response and update regex

  • Loading...
  • KevCosta committed 3 years ago
    f85c38e9
    1 parent f9212513
  • ■ ■ ■ ■ ■
    README.md
    skipped 3 lines
    4 4   
    5 5  Burp Suite is a useful tool used to do web application security testing. While Burp Suite provides a lot of
    6 6  functionalities, it does not offer the opportunity to scan for particular pattern or file extension inside HTTP messages
    7  -and is very tedius to check every message manually.
     7 +and is very tedious to check every message manually.
    8 8  CYS4-SensitiveDiscoverer is a Burp Suite tool used to extract Regular Expression or File Extension form HTTP response automatically or
    9 9  at the end of all tests or during the test. The plugin will be available with a pre-defined set of Regular Expression
    10  -and File Extension, but the you can choose which of them activate or deacvtivate and also create your own lists.
     10 +and File Extension, but then you can choose which of them activate or deactivate and also create your own lists.
     11 + 
     12 +## How to compile from source code
     13 + 
     14 +The extension was compiled with IntelliJ 2021.2.2, with OpenJDK version 16.0.1.
     15 + 
     16 +The BApp could be compiled with a Maven by following the below steps:
     17 + 
     18 +1. View > Tool Windows > Maven
     19 +2. On the new right panel expand the Lifecycle folder
     20 +3. Double-click on install
     21 + 
     22 +Using Maven configuration will be generated a .jar file that will include all the dependencies.
     23 + 
    11 24   
    12 25  ## Installation
    13 26   
    skipped 6 lines
    20 33   
    21 34  ## Usage
    22 35   
    23  -The default configuration has a list of regural expression and file extension. To see the predefined list go to Options
     36 +The default configuration has a list of regular expression and file extension. To see the predefined list go to Options
    24 37  TAB. Here you can choose which of them activate or not or you can choose to insert your own regular expression or file
    25 38  extension. For both of them there are a list of actions to interact with them The actions are:
    26 39   
    skipped 13 lines
    40 53   
    41 54  ## Credits
    42 55   
    43  -CYS4 was born in 2015 from a collaboration with an Israeli company in the world of Cyber Security, then detaching its team ensuring the focus on innovation and quality towards a national context.
     56 +CYS4 was born in 2015 from a collaboration with an Israeli company in the world of Cyber Security, then detaching its team ensuring the focus on innovation and quality towards a national context.
    44 57   
    45 58  Check out our [blog](https://blog.cys4.com/) for more information.
    46 59   
    skipped 6 lines
  • ■ ■ ■ ■ ■
    src/main/java/cys4/resources/regex.json
    skipped 261 lines
    262 262   {
    263 263   "active": true,
    264 264   "description": "Google Cloud API Key",
    265  - "regular_expression": "AIza[0-9A-Za-z\\\\-_]{35}"
     265 + "regular_expression": "AIza[0-9A-Za-z\\\\\\-\\_]{35}"
    266 266   },
    267 267   {
    268 268   "active": true,
    skipped 247 lines
    516 516   },
    517 517   {
    518 518   "active": true,
    519  - "description": "Authorization Bearer",
     519 + "description": "Authorization Bearer - 1",
    520 520   "regular_expression": "Bearer\\s[\\d|a-f]{8}-([\\d|a-f]{4}-){3}[\\d|a-f]{12}"
    521 521   },
    522 522   {
    skipped 5 lines
    528 528   "active": true,
    529 529   "description": "Authorization Basic",
    530 530   "regular_expression": "Basic\\s[a-zA-Z0-9+\\/]+\\=*"
     531 + },
     532 + {
     533 + "active": true,
     534 + "description": "Authorization Bearer - 2",
     535 + "regular_expression": "Bearer\\s[A-Za-z0-9\\-_=]+\\.[A-Za-z0-9\\-_=]+(\\.[A-Za-z0-9\\-_.+/=]+)?"
    531 536   }
    532 537  ]
     538 +]
  • ■ ■ ■ ■ ■ ■
    src/main/java/cys4/scanner/BurpLeaksScanner.java
    skipped 88 lines
    89 89   Pattern regex_pattern = Pattern.compile(regex);
    90 90   Matcher regex_matcher = regex_pattern.matcher(responseBody);
    91 91   
    92  - if (regex_matcher.find()) {
     92 + while (regex_matcher.find()) {
    93 93   // create a new log entry with the message details
    94  - addLogEntry(httpProxyItem, entry.getDescription() + " - " + entry.getRegex(), regex_matcher.group(0));
     94 + addLogEntry(httpProxyItem, entry.getDescription() + " - " + entry.getRegex(), regex_matcher.group());
    95 95   }
    96 96   
    97 97   }
    skipped 52 lines
  • ■ ■ ■ ■ ■
    target/classes/regex.json
    skipped 261 lines
    262 262   {
    263 263   "active": true,
    264 264   "description": "Google Cloud API Key",
    265  - "regular_expression": "AIza[0-9A-Za-z\\\\-_]{35}"
     265 + "regular_expression": "AIza[0-9A-Za-z\\\\\\-\\_]{35}"
    266 266   },
    267 267   {
    268 268   "active": true,
    skipped 247 lines
    516 516   },
    517 517   {
    518 518   "active": true,
    519  - "description": "Authorization Bearer",
     519 + "description": "Authorization Bearer - 1",
    520 520   "regular_expression": "Bearer\\s[\\d|a-f]{8}-([\\d|a-f]{4}-){3}[\\d|a-f]{12}"
    521 521   },
    522 522   {
    skipped 5 lines
    528 528   "active": true,
    529 529   "description": "Authorization Basic",
    530 530   "regular_expression": "Basic\\s[a-zA-Z0-9+\\/]+\\=*"
     531 + },
     532 + {
     533 + "active": true,
     534 + "description": "Authorization Bearer - 2",
     535 + "regular_expression": "Bearer\\s[A-Za-z0-9\\-_=]+\\.[A-Za-z0-9\\-_=]+(\\.[A-Za-z0-9\\-_.+/=]+)?"
    531 536   }
    532 537  ]
     538 +]
Please wait...
Page is in error, reload to recover