Skip to content

Commit

Permalink
Merge branch 'dev' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
@mattebit
mattebit committed Sep 14, 2023
2 parents ab99a47 + cff9297 commit b7dee0c
Show file tree
Hide file tree
Showing 66 changed files with 8,618 additions and 7,566 deletions.
28 changes: 21 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
# MIG-T Pentesting Tool

MIG-T Pentesting Tool is a plugin for BurpSuite that helps security testers automate their testing activities. It allows the tester to define automations to edit or check correctnees of HTTP messages. It integrates an automated browser used to simulate user actions on a webpage, to trigger specific messages. It uses MIG-L language to define tests to be executed by MIG-T<br>

## Quickstart

<details>
<summary>Details</summary>
We suggest you to download the lastest release of the tool from the release page, otherwise you can compile the last version from the source code by following the steps described in the "how to compile the plugin" section.
Expand All @@ -10,15 +12,17 @@ We suggest you to download the lastest release of the tool from the release page

1. download from the release page the last version of the tool select the one which ends with `with-dependencies`, or compile the source code.
2. Download the last version of [Burp Suite Community Edition](https://portswigger.net/burp/releases/community/latest)
3. Start Burp and go in the *Exstensions* tab
4. Press *Add* button
5. In the *Extension file (.jar)* select the tool jar you downloaded before
3. Start Burp and go in the _Exstensions_ tab
4. Press _Add_ button
5. In the _Extension file (.jar)_ select the tool jar you downloaded before
6. Now the plugin should be loaded, go to the "MIG-T" tab

## Download and add browser driver

Depending on the browser you want to use (firefox or chrome), you will need to specify the corresponding driver. Note that you have to download the driver for the corresponding browser version

To download the driver go to:

- [Driver for chrome](https://chromedriver.chromium.org/home)
- [Driver for firefox](https://github.com/mozilla/geckodriver/releases)

Expand All @@ -43,6 +47,7 @@ If you want to see the entire history of the messages go to "proxy" tab in Burp,
</details><br>

## How to compile the plugin

The project is based on maven, you have two ways of compiling it

### With IntelliJ IDEA
Expand All @@ -53,6 +58,7 @@ The folder tool is an intelliJ project, if you open it with intelliJ IDEA it sho
</details><br>

### Without IntelliJ IDEA

<details>
<summary>Details</summary>
You don't need to use IDEA to compile the project, you can install maven, go to the project direcotry `tool` mentioned before and type
Expand All @@ -72,20 +78,23 @@ Two jar will be generated:
```

You have to use the jar that has "-with-dependencies" in its name, the other will not work in burp.

</details><br>

## Documentation

You can find the documentation about the language used by the tool in the `doc/` folder. The documentation about the code is not yet finished, but all the functions are documented in the code.

## Known Bugs

- Sometimes when re-executing a suite of active tests, the messages are not edited. Restart the plugin
- On windows, the re-signing of the SAML messages sometimes will fail
- On windows, the re-signing of the SAML messages sometimes will fail

# External / Related projects

Extended in the context of the industrial collaboration with IPZS and Futuro&Conoscenza

# License

```
Copyright 2023, Fondazione Bruno Kessler
Expand All @@ -104,7 +113,12 @@ limitations under the License.

Developed within [Security & Trust](https://st.fbk.eu/) Research Unit at [Fondazione Bruno Kessler](https://www.fbk.eu/en/) (Italy)

## Other software licenses
### SAMLRaider License
## Other software

### SAMLRaider

Some parts of the tool that manages SAML certificates has been built by using portions of SAMLRaider code (https://github.com/CompassSecurity/SAMLRaider).

### nimbus-jose-jwt

https://connect2id.com/products/nimbus-jose-jwt
461 changes: 335 additions & 126 deletions doc/language.md
View file

Large diffs are not rendered by default.

238 changes: 119 additions & 119 deletions doc/progress_tracker.md
View file

Large diffs are not rendered by default.

258 changes: 57 additions & 201 deletions templates/msg_def_template.json
View file
Original file line number Diff line number Diff line change
@@ -1,211 +1,67 @@
{
"message_types": [
"message_types": [
{
"name": "authorization request",
"is request": true,
"response name": "authorization response",
"checks": [
{
"name": "authorization request",
"is request": true,
"response name": "authorization response",
"checks": [
{
"in": "url",
"check param": "response_type",
"is present": "true"
}
]
},
{
"name": "token request",
"is request": true,
"response name": "token response",
"checks": [
{
"in": "url",
"check param": "code",
"is present": "true"
}
]
},
{
"name": "coda landing request",
"is request": true,
"response name": "coda landing response",
"checks": [
{
"in": "url",
"check": "/welcome",
"is present": "true"
},
{
"in": "head",
"check param": "Host",
"is": "coda.io"
}
]
},
{
"name": "saml request",
"is request": true,
"checks": [
{
"in": "url",
"check param": "SAMLRequest",
"is present": true
}
]
},
{
"name": "saml response",
"is request": true,
"checks": [
{
"in": "body",
"check param": "SAMLResponse",
"is present": true
}
]
},
{
"name": "fb_login",
"is request": true,
"response name": "fb_login_resp",
"checks": [
{
"in": "url",
"check": "/auth/facebook-login-callback",
"is present": true
},
{
"in": "url",
"check param": "code",
"is present": true
}
]
},
{
"name": "fb_sso",
"is request": true,
"checks": [
{
"in": "url",
"check": "login.php",
"is present": true
},
{
"in": "head",
"check param": "Host",
"contains": "facebook"
}
]
},
{
"name": "nytimes_settings_page",
"is request": true,
"checks": [
{
"in": "url",
"check": "/seg/settings",
"is present": true
},
{
"in": "head",
"check param": "Host",
"contains": "nytimes"
}
]
},
{
"name": "nytimes_accoun_info_req",
"is request": true,
"response name": "nytimes_account_info_resp",
"checks": [
{
"in": "url",
"check": "/svc/account/query",
"is present": true
},
{
"in": "head",
"check param": "Host",
"contains": "nytimes"
},
{
"in": "body",
"check": "getSettingsPageInfo",
"is present": true
}
]
},
"in": "url",
"check param": "response_type",
"is present": "true"
}
]
},
{
"name": "token request",
"is request": true,
"response name": "token response",
"checks": [
{
"name": "fb_acc_link_confirm_req",
"is request": true,
"response name": "fb_acc_link_confirm_resp",
"checks": [
{
"in": "url",
"check": "/dialog/oauth",
"is present": true
},
{
"in": "head",
"check param": "Host",
"contains": "facebook.com"
}
]
},
"in": "url",
"check param": "code",
"is present": "true"
}
]
},
{
"name": "saml request",
"is request": true,
"checks": [
{
"name": "linking_url",
"is request": true,
"checks": [
{
"in": "url",
"check param": "code",
"is present": true
},
{
"in": "head",
"check param": "Referer",
"contains": "facebook.com"
}
]
},
"in": "url",
"check param": "SAMLRequest",
"is present": true
}
]
},
{
"name": "saml response",
"is request": true,
"checks": [
{
"name": "message_insert_point",
"is request": true,
"checks": [
{
"in": "url",
"check": "insertmessagehere",
"is present": "true"
}
]
},
"in": "body",
"check param": "SAMLResponse",
"is present": true
}
]
},
{
"name": "fb_login",
"is request": true,
"response name": "fb_login_resp",
"checks": [
{
"name": "association_link_req",
"is request": true,
"response name": "association_link_resp",
"checks": [
{
"in": "url",
"check": "dialog/oauth?",
"is present": "true"
},
{
"in": "head",
"check param": "Host",
"contains": "facebook.com"
}
]
"in": "url",
"check": "/auth/facebook-login-callback",
"is present": true
},
{
"name": "association_inter_link_res",
"is request": false,
"request name": "association_inter_link_req",
"checks": [
{
"in": "head",
"check": "dialog/oauth?",
"is present": true
}
]
"in": "url",
"check param": "code",
"is present": true
}
]
]
}
]
}
7 changes: 4 additions & 3 deletions .gitignore → tool/.gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@ cmake-build-*/
# IntelliJ
out/

# Build files
target/

# mpeltonen/sbt-idea plugin
.idea_modules/

Expand All @@ -74,6 +77,4 @@ fabric.properties
.idea/httpRequests

# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser

/tool/target/*
.idea/caches/build_file_checksums.ser
13 changes: 0 additions & 13 deletions tool/.idea/compiler.xml
View file

This file was deleted.

Loading

0 comments on commit b7dee0c

Please sign in to comment.