URL decode support when doing replacement

fruh · Dec 17, 2016 · ba41021 · ba41021
1 parent 93d0a8d
commit ba41021
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 11 deletions.
diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java
@@ -49,6 +49,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IContextMenuF
     private JTextArea replaceStringField;
     private JComboBox<String> replaceType;
     private JTextField replaceNameStringField;
+    private JCheckBox replaceUrlDecodeCheckbox;
     private int msgId = 0;
     private int msgIdLogger = 0;
 
@@ -312,6 +313,11 @@ private void initGui() {
         replaceButtonsPane.add(new JLabel("Replace/Header name:"));
         replaceButtonsPane.add(replaceStringField);
 
+        replaceUrlDecodeCheckbox = new JCheckBox("", false);
+
+        replaceButtonsPane.add(new JLabel("URL decode:"));
+        replaceButtonsPane.add(replaceUrlDecodeCheckbox);
+
         repCreateButton = new JButton("Add");
         repCreateButton.setEnabled(false);
         repFromSelectionButton = new JButton("From selection");
@@ -660,6 +666,10 @@ public JTextField getReplaceNameStringField() {
         return replaceNameStringField;
     }
 
+    public JCheckBox getReplaceUrlDecodeCheckbox() {
+        return replaceUrlDecodeCheckbox;
+    }
+
     public MessagesTable getExtMessagesTable() {
         return extMessagesTable;
     }

diff --git a/src/burp/ConfigListener.java b/src/burp/ConfigListener.java
@@ -127,6 +127,8 @@ public void actionPerformed(ActionEvent actionEvent) {
                             extender.getExtractionTable().getSelectedRow());
                     Replace rep = new Replace(name, extender.getReplaceStringField().getText(),
                             extender.getReplaceType().getSelectedItem().toString(), ext);
+                    rep.setUrlDecode(extender.getReplaceUrlDecodeCheckbox().isSelected());
+
                     ext.getRepRefSet().add(name);
 
                     // set rep messageId and reference to msg

diff --git a/src/burp/Replace.java b/src/burp/Replace.java
@@ -14,6 +14,7 @@ public class Replace {
     public static String TYPE_ADD_LAST = "Add new header on last request";
     public static String TYPE_REP_HEADER_LAST = "Replace header on last request";
 
+    private boolean urlDecode = false;
     private String dataToPaste;
     private String replaceStr;
     private String id;
@@ -44,21 +45,13 @@ public void setReplaceStr(String replaceStr) {
         this.replaceStr = replaceStr;
     }
 
-//      public String replaceData(IHttpRequestResponse messageInfo, IExtensionHelpers helpers, PrintWriter stdout) {
     public String replaceData(String request, IExtensionHelpers helpers) {
-//        String request = new String(messageInfo.getRequest());
-
         if (type.equals(TYPE_REP_SEL) || type.equals(TYPE_REP_LAST)) {
             request = request.replace(replaceStr, dataToPaste);
         } else {
             IRequestInfo rqInfo = helpers.analyzeRequest(request.getBytes());
             List<String> headers = rqInfo.getHeaders();
 
-            //headers.add(replaceStr + ": " + dataToPaste);
-            // No ":" is added here, you should place it manually
-            //headers.add(replaceStr + dataToPaste);
-//            String urlDecodedDataToPaste = helpers.urlDecode(dataToPaste);
-
             if (type.equals(TYPE_REP_HEADER_LAST)){
                 for (Iterator<String> iterator = headers.iterator(); iterator.hasNext();){
                     String header = iterator.next();
@@ -68,8 +61,9 @@ public String replaceData(String request, IExtensionHelpers helpers) {
                 }
             }
 
-//            headers.add(replaceStr + urlDecodedDataToPaste);
-            headers.add(replaceStr + dataToPaste);
+            //headers.add(replaceStr + ": " + dataToPaste);
+            // No ":" is added here, you should place it manually
+            headers.add(replaceStr + (urlDecode ? helpers.urlDecode(dataToPaste) : dataToPaste));
 
             String msgBody = request.substring(rqInfo.getBodyOffset());
             request = new String(helpers.buildHttpMessage(headers, msgBody.getBytes()));
@@ -109,6 +103,14 @@ public Extraction getExt() {
         return ext;
     }
 
+    public boolean isUrlDecode() {
+        return urlDecode;
+    }
+
+    public void setUrlDecode(boolean urlDecode) {
+        this.urlDecode = urlDecode;
+    }
+
     @Override
     public String toString() {
         return "'" + id + "', '" + type + "', '" + replaceStr + "', '" + msgId + "'";

diff --git a/src/burp/ReplaceTable.java b/src/burp/ReplaceTable.java
@@ -23,6 +23,7 @@ public void changeSelection(int i, int i1, boolean b, boolean b1) {
 
             extender.getReplaceNameStringField().setText(rep.getId());
             extender.getReplaceStringField().setText(rep.getReplaceStr());
+            extender.getReplaceUrlDecodeCheckbox().setSelected(rep.isUrlDecode());
 
             int j;
             for (j = 0; j < extender.getReplaceType().getModel().getSize(); j++) {
@@ -40,4 +41,4 @@ public void setSelectionById(String id) {
 
         changeSelection(model.getRowById(id), 0, false, false);
     }
-}
+}