Skip to content

Commit

Permalink
updated deprecated protocol name (#77)
Browse files Browse the repository at this point in the history
* updated deprecated protocol name

* fix parsing

* fix test

---------

Co-authored-by: Doğan Can Bakır <dogancanbakir@protonmail.com>
  • Loading branch information
princechaddha and dogancanbakir authored Oct 24, 2023
1 parent 7a07d08 commit df10691
Show file tree
Hide file tree
Showing 9 changed files with 82 additions and 68 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,6 @@ out/

# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
hs_err_pid*

.vscode
.devcontainer
36 changes: 18 additions & 18 deletions src/main/java/burp/BurpExtender.java
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ private IContextMenuFactory createContextMenuFactory(GeneralSettings generalSett
case IContextMenuInvocation.CONTEXT_PROXY_HISTORY: {
final String[] requests = Arrays.stream(selectedMessages).map(IHttpRequestResponse::getRequest).map(extensionHelpers::bytesToString).toArray(String[]::new);

final Requests templateRequests = new Requests();
final Http templateRequests = new Http();
templateRequests.setRaw(requests);
menuItems = new ArrayList<>(List.of(createContextMenuItem(() -> generateTemplate(generalSettings, targetUrl, templateRequests), GENERATE_CONTEXT_MENU_TEXT)));

Expand Down Expand Up @@ -189,7 +189,7 @@ private JMenuItem createIntruderTemplateMenuItem(GeneralSettings generalSettings
requestModifier.insert(startSelectionIndex, TemplateUtils.INTRUDER_PAYLOAD_MARKER);
requestModifier.insert(endSelectionIndex + 1, TemplateUtils.INTRUDER_PAYLOAD_MARKER);

generateIntruderTemplate(generalSettings, targetUrl, requestModifier.toString(), Requests.AttackType.batteringram);
generateIntruderTemplate(generalSettings, targetUrl, requestModifier.toString(), Http.AttackType.batteringram);
}, "Generate Intruder Template");
} else {
generateIntruderTemplateMenuItem = null;
Expand All @@ -203,7 +203,7 @@ private static TemplateGeneratorTabContainer getTemplateGeneratorContainerInstan

private static Set<JMenuItem> createAddRequestToTabContextMenuItems(GeneralSettings generalSettings, String[] requests) {
return createAddToTabContextMenuItems(generalSettings, template -> {
final Consumer<Requests> firstRequestConsumer = firstRequest -> firstRequest.addRaw(requests);
final Consumer<Http> firstRequestConsumer = firstRequest -> firstRequest.addRaw(requests);
createContextMenuActionHandlingMultiRequests(template, requests, firstRequestConsumer, "request");
});
}
Expand All @@ -216,7 +216,7 @@ private static Optional<Map.Entry<String, Component>> getTabComponentByName(JTab
}

private JMenuItem createTemplateWithHttpRequestContextMenuItem(GeneralSettings generalSettings, byte[] requestBytes, URL targetUrl) {
final Requests requests = new Requests();
final Http requests = new Http();
requests.setRaw(requestBytes);
return createContextMenuItem(() -> generateTemplate(generalSettings, targetUrl, requests), GENERATE_CONTEXT_MENU_TEXT);
}
Expand Down Expand Up @@ -244,22 +244,22 @@ private List<JMenuItem> createMenuItemsFromHttpResponse(GeneralSettings generalS

private static Set<JMenuItem> createAddMatcherToTabContextMenuItems(GeneralSettings generalSettings, TemplateMatcher contentMatcher, String[] httpRequest) {
return createAddToTabContextMenuItems(generalSettings, template -> {
final Consumer<Requests> firstRequestConsumer = firstRequest -> {
final Consumer<Http> firstRequestConsumer = firstRequest -> {
final List<TemplateMatcher> matchers = firstRequest.getMatchers();
firstRequest.setMatchers(Utils.createNewList(matchers, contentMatcher));
};
createContextMenuActionHandlingMultiRequests(template, httpRequest, firstRequestConsumer, "matcher");
});
}

private static void createContextMenuActionHandlingMultiRequests(Template template, String[] httpRequests, Consumer<Requests> firstTemplateRequestConsumer, String errorMessageContext) {
final List<Requests> requests = template.getRequests();
private static void createContextMenuActionHandlingMultiRequests(Template template, String[] httpRequests, Consumer<Http> firstTemplateRequestConsumer, String errorMessageContext) {
final List<Http> requests = template.getHttp();

final int requestSize = requests.size();
if (requestSize == 0) {
final Requests newRequest = new Requests();
final Http newRequest = new Http();
newRequest.setRaw(httpRequests);
template.setRequests(List.of(newRequest));
template.setHttp(List.of(newRequest));
} else {
if (requestSize > 1) {
JOptionPane.showMessageDialog(null, String.format("The %s will be added to the first request!", errorMessageContext), "Multiple requests present", JOptionPane.WARNING_MESSAGE);
Expand All @@ -286,9 +286,9 @@ private static Set<JMenuItem> createAddToTabContextMenuItems(GeneralSettings gen
private List<JMenuItem> generateIntruderTemplate(GeneralSettings generalSettings, URL targetUrl, String request) {
final List<JMenuItem> menuItems;
if (request.chars().filter(c -> c == TemplateUtils.INTRUDER_PAYLOAD_MARKER).count() <= 2) {
menuItems = List.of(createContextMenuItem(() -> generateIntruderTemplate(generalSettings, targetUrl, request, Requests.AttackType.batteringram), GENERATE_CONTEXT_MENU_TEXT));
menuItems = List.of(createContextMenuItem(() -> generateIntruderTemplate(generalSettings, targetUrl, request, Http.AttackType.batteringram), GENERATE_CONTEXT_MENU_TEXT));
} else {
menuItems = Arrays.stream(Requests.AttackType.values())
menuItems = Arrays.stream(Http.AttackType.values())
.map(attackType -> createContextMenuItem(() -> generateIntruderTemplate(generalSettings, targetUrl, request, attackType), GENERATE_CONTEXT_MENU_TEXT + " - " + attackType))
.collect(Collectors.toList());
}
Expand All @@ -308,26 +308,26 @@ private void generateTemplate(GeneralSettings generalSettings, TemplateMatcher c
final IResponseInfo responseInfo = helpers.analyzeResponse(responseBytes);
final int statusCode = responseInfo.getStatusCode();

final Requests requests = new Requests();
final Http requests = new Http();
requests.setRaw(requestBytes);
requests.setMatchers(contentMatcher, new Status(statusCode));

generateTemplate(generalSettings, targetUrl, requests);
}

private void generateIntruderTemplate(GeneralSettings generalSettings, URL targetUrl, String request, Requests.AttackType attackType) {
final Requests requests = new Requests();
private void generateIntruderTemplate(GeneralSettings generalSettings, URL targetUrl, String request, Http.AttackType attackType) {
final Http http = new Http();
final TransformedRequest intruderRequest = TemplateUtils.transformRequestWithPayloads(attackType, request);
requests.setTransformedRequest(intruderRequest);
http.setTransformedRequest(intruderRequest);

generateTemplate(generalSettings, targetUrl, requests);
generateTemplate(generalSettings, targetUrl, http);
}

private void generateTemplate(GeneralSettings generalSettings, URL targetUrl, Requests requests) {
private void generateTemplate(GeneralSettings generalSettings, URL targetUrl, Http http) {
final String author = generalSettings.getAuthor();
final Info info = new Info("Template Name", author, Info.Severity.info);

final Template template = new Template("template-id", info, requests);
final Template template = new Template("template-id", info, http);
final String normalizedTemplate = TemplateUtils.normalizeTemplate(YamlUtil.dump(template));

final NucleiGeneratorSettings nucleiGeneratorSettings = new NucleiGeneratorSettings.Builder(generalSettings, targetUrl, normalizedTemplate)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ public static void main(String[] args) throws Exception {
" author: forgedhallpass\n" +
" name: Template Name\n" +
" severity: info\n" +
"requests:\n" +
"http:\n" +
" - raw:\n" +
" - |\n" +
" GET / HTTP/1.1\n" +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
import java.util.stream.Stream;

@YamlPropertyOrder({"raw", "attack", "payloads", "matchers-condition", "matchers"})
public class Requests {
public class Http {

public enum MatchersCondition {
and, or
Expand Down
16 changes: 8 additions & 8 deletions src/main/java/io/projectdiscovery/nuclei/model/Template.java
Original file line number Diff line number Diff line change
Expand Up @@ -32,23 +32,23 @@
import java.util.List;

@SuppressWarnings({"unused", "FieldCanBeLocal"})
@YamlPropertyOrder({"id", "info", "requests"})
@YamlPropertyOrder({"id", "info", "http"})
public class Template {

@YamlProperty
private String id;
@YamlProperty
private Info info;
@YamlProperty
private List<Requests> requests;
private List<Http> http;

public Template() {
}

public Template(String id, Info info, Requests... requests) {
public Template(String id, Info info, Http... http) {
this.id = id;
this.info = info;
this.requests = Arrays.asList(requests);
this.http = Arrays.asList(http);
}

public String getId() {
Expand All @@ -63,11 +63,11 @@ public Info getInfo() {
return this.info;
}

public List<Requests> getRequests() {
return this.requests;
public List<Http> getHttp() {
return this.http;
}

public void setRequests(List<Requests> requests) {
this.requests = requests;
public void setHttp(List<Http> http) {
this.http = http;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -25,25 +25,25 @@

package io.projectdiscovery.nuclei.model.util;

import io.projectdiscovery.nuclei.model.Requests;
import io.projectdiscovery.nuclei.model.Http;

import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;

public class TransformedRequest {

private final Requests.AttackType attackType;
private final Http.AttackType attackType;
private final String request;
private final Map<String, List<String>> parameters;

public TransformedRequest(Requests.AttackType attackType, String request, Map<String, List<String>> parameters) {
public TransformedRequest(Http.AttackType attackType, String request, Map<String, List<String>> parameters) {
this.attackType = attackType;
this.request = request;
this.parameters = new LinkedHashMap<>(parameters);
}

public Requests.AttackType getAttackType() {
public Http.AttackType getAttackType() {
return this.attackType;
}

Expand Down
49 changes: 30 additions & 19 deletions src/main/java/io/projectdiscovery/nuclei/util/TemplateUtils.java
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
package io.projectdiscovery.nuclei.util;

import io.projectdiscovery.nuclei.model.Binary;
import io.projectdiscovery.nuclei.model.Requests;
import io.projectdiscovery.nuclei.model.Http;
import io.projectdiscovery.nuclei.model.TemplateMatcher;
import io.projectdiscovery.nuclei.model.Word;
import io.projectdiscovery.nuclei.model.util.TransformedRequest;
Expand All @@ -45,7 +45,8 @@ public final class TemplateUtils {
public static final String PAYLOAD_START_MARKER = "{{";
public static final String PAYLOAD_END_MARKER = "}}";

private static final Pattern INTRUDER_PAYLOAD_PATTERN = Pattern.compile(String.format("(%1$s.*?%1$s)", INTRUDER_PAYLOAD_MARKER), Pattern.DOTALL);
private static final Pattern INTRUDER_PAYLOAD_PATTERN = Pattern
.compile(String.format("(%1$s.*?%1$s)", INTRUDER_PAYLOAD_MARKER), Pattern.DOTALL);

private static final String BASE_PAYLOAD_PARAMETER_NAME = "param";

Expand All @@ -55,20 +56,24 @@ private TemplateUtils() {
public static String normalizeTemplate(String yamlTemplate) {
String result = yamlTemplate;

for (String fieldName : Arrays.asList("info", "requests", "extractors")) {
for (String fieldName : Arrays.asList("info", "http", "extractors")) {
result = addNewLineBeforeProperty(result, fieldName);
}

result = result.contains("matchers-condition: ") ? addNewLineBeforeProperty(result, "matchers-condition", Utils.getEnumValues(Requests.MatchersCondition.class))
: addNewLineBeforeProperty(result, "matchers");
result = result.contains("matchers-condition: ")
? addNewLineBeforeProperty(result, "matchers-condition",
Utils.getEnumValues(Http.MatchersCondition.class))
: addNewLineBeforeProperty(result, "matchers");

result = result.contains("attack: ") ? addNewLineBeforeProperty(result, "attack", Utils.getEnumValues(Requests.AttackType.class))
: addNewLineBeforeProperty(result, "payloads");
result = result.contains("attack: ")
? addNewLineBeforeProperty(result, "attack", Utils.getEnumValues(Http.AttackType.class))
: addNewLineBeforeProperty(result, "payloads");

return result;
}

public static TemplateMatcher createContentMatcher(byte[] responseBytes, int bodyOffset, int[] selectionBounds, Function<byte[], String> byteToStringFunction) {
public static TemplateMatcher createContentMatcher(byte[] responseBytes, int bodyOffset, int[] selectionBounds,
Function<byte[], String> byteToStringFunction) {
final int fromIndex = selectionBounds[0];
final int toIndex = selectionBounds[1];

Expand All @@ -87,14 +92,15 @@ public static TemplateMatcher createContentMatcher(byte[] responseBytes, int bod
return contentMatcher;
}

public static TransformedRequest transformRequestWithPayloads(Requests.AttackType attackType, String request) {
public static TransformedRequest transformRequestWithPayloads(Http.AttackType attackType, String request) {
final Matcher matcher = INTRUDER_PAYLOAD_PATTERN.matcher(request);

return attackType == Requests.AttackType.batteringram ? handleBatteringRam(attackType, request, matcher)
: handleMultiPayloadAttackTypes(attackType, request, matcher);
return attackType == Http.AttackType.batteringram ? handleBatteringRam(attackType, request, matcher)
: handleMultiPayloadAttackTypes(attackType, request, matcher);
}

private static TransformedRequest handleMultiPayloadAttackTypes(Requests.AttackType attackType, String request, Matcher matcher) {
private static TransformedRequest handleMultiPayloadAttackTypes(Http.AttackType attackType, String request,
Matcher matcher) {
final Map<String, List<String>> payloadParameters = new LinkedHashMap<>();

final BiFunction<Integer, String, String> payloadFunction = (index, payloadParameter) -> {
Expand All @@ -107,18 +113,20 @@ private static TransformedRequest handleMultiPayloadAttackTypes(Requests.AttackT
return new TransformedRequest(attackType, transformedRequest, payloadParameters);
}

private static TransformedRequest handleBatteringRam(Requests.AttackType attackType, String request, Matcher matcher) {
private static TransformedRequest handleBatteringRam(Http.AttackType attackType, String request, Matcher matcher) {
final List<String> payloadParameters = new ArrayList<>();
final BiFunction<Integer, String, String> payloadFunction = (index, payloadParameter) -> {
payloadParameters.add(payloadParameter);
return BASE_PAYLOAD_PARAMETER_NAME;
};

final String transformedRequest = transformRawRequest(request, matcher, payloadFunction);
return new TransformedRequest(attackType, transformedRequest, Map.of(BASE_PAYLOAD_PARAMETER_NAME, payloadParameters));
return new TransformedRequest(attackType, transformedRequest,
Map.of(BASE_PAYLOAD_PARAMETER_NAME, payloadParameters));
}

private static String transformRawRequest(String request, Matcher matcher, BiFunction<Integer, String, String> payloadFunction) {
private static String transformRawRequest(String request, Matcher matcher,
BiFunction<Integer, String, String> payloadFunction) {
String transformedRequest = request;
int index = 1;
while (matcher.find()) {
Expand All @@ -127,7 +135,8 @@ private static String transformRawRequest(String request, Matcher matcher, BiFun

final String newParamName = payloadFunction.apply(index++, payloadParameter);

transformedRequest = transformedRequest.replace(group, PAYLOAD_START_MARKER + newParamName + PAYLOAD_END_MARKER);
transformedRequest = transformedRequest.replace(group,
PAYLOAD_START_MARKER + newParamName + PAYLOAD_END_MARKER);
}
return transformedRequest;
}
Expand All @@ -138,7 +147,8 @@ private static TemplateMatcher createWordMatcher(TemplateMatcher.Part selectionP
wordMatcher = new Word(selectedString.split(Utils.CRLF));
} else {
// TODO could make a config to enable the user to decide on the normalization
final String selectedStringWithNormalizedNewLines = selectedString.replaceAll(Utils.CRLF, String.valueOf(Utils.LF)).replace(Utils.CR, Utils.LF);
final String selectedStringWithNormalizedNewLines = selectedString
.replaceAll(Utils.CRLF, String.valueOf(Utils.LF)).replace(Utils.CR, Utils.LF);
final String[] words = selectedStringWithNormalizedNewLines.split(String.valueOf(Utils.LF));
wordMatcher = new Word(words);

Expand All @@ -156,9 +166,10 @@ private static String addNewLineBeforeProperty(String input, String propertyName

private static String addNewLineBeforeProperty(String input, String propertyName, List<String> values) {
final String valuesRegexOrExpression = values.isEmpty() ? ""
: String.format(" (?:%s)", String.join("|", values));
: String.format(" (?:%s)", String.join("|", values));

final Pattern pattern = Pattern.compile(String.format("(^\\s*%s:%s$)", propertyName, valuesRegexOrExpression), Pattern.MULTILINE);
final Pattern pattern = Pattern.compile(
String.format("(^\\s*%s:%s(\\n|$))", propertyName, valuesRegexOrExpression), Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(input);
while (matcher.find()) {
final String group = matcher.group(1);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ void testTemplateNormalization() {
" name: Template Name\n" +
" author: istvan\n" +
" severity: info\n" +
"requests:\n" +
"http:\n" +
"- raw:\n" +
" - |+\n" +
" GET / HTTP/1.1\n" +
Expand All @@ -58,7 +58,7 @@ void testTemplateNormalization() {
" author: istvan\n" +
" severity: info\n" +
"\n" +
"requests:\n" +
"http:\n" +
"- raw:\n" +
" - |+\n" +
" GET / HTTP/1.1\n" +
Expand Down
Loading

0 comments on commit df10691

Please sign in to comment.