Fixed bug in check + better test results

stfbk · Aug 17, 2023 · ebe5534 · ebe5534
1 parent feb6b17
commit ebe5534
Show file tree

Hide file tree

Showing 7 changed files with 34 additions and 76 deletions.
diff --git a/tool/src/main/java/migt/BurpExtender.java b/tool/src/main/java/migt/BurpExtender.java
@@ -97,7 +97,12 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
         String port = proxy_message.getListenerInterface().split(":")[1];
         IHttpRequestResponse messageInfo = proxy_message.getMessageInfo();
 
-        HTTPReqRes message = new HTTPReqRes(messageInfo, helpers, messageIsRequest);
+        HTTPReqRes message = new HTTPReqRes(
+                messageInfo,
+                helpers,
+                messageIsRequest,
+                proxy_message.getMessageReference()
+        );
 
         if (mainPane.ACTIVE_ENABLED) {
             if (!port.equals(mainPane.act_active_op.session_port)) {
@@ -118,18 +123,10 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
             boolean matchMessage = message.matches_msg_type(msg_type);
 
             if (matchMessage) {
-                Operation.MatchedMessage m = new Operation.MatchedMessage(
-                        message,
-                        HTTPReqRes.instances,
-                        msg_type.msg_to_process_is_request,
-                        !msg_type.msg_to_process_is_request,
-                        false);
-                mainPane.act_active_op.matchedMessages.add(m);
-
                 // If the operation's action is an intercept
                 if (Objects.requireNonNull(mainPane.act_active_op.getAction()) == Operation.Action.INTERCEPT) {
                     try {
-                        processMatchedMsg(msg_type, messageInfo);
+                        processMatchedMsg(msg_type, messageInfo, message);
                         if (mainPane.act_active_op.then != null &
                                 mainPane.act_active_op.then == Operation.Then.DROP) {
                             proxy_message.setInterceptAction(IInterceptedProxyMessage.ACTION_DROP);
@@ -157,10 +154,15 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
         }
     }
 
+    /**
+     * @param msg_type    the message type to be used
+     * @param messageInfo the original intercepted messageInfo to being able to edit the message
+     * @param message     a custom parsed message to be used in opeations
+     */
     private void processMatchedMsg(MessageType msg_type,
-                                   IHttpRequestResponse messageInfo) {
+                                   IHttpRequestResponse messageInfo,
+                                   HTTPReqRes message) {
         messageInfo.setHighlight("red");
-        HTTPReqRes message = new HTTPReqRes(messageInfo, helpers, msg_type.msg_to_process_is_request);
 
         mainPane.act_active_op.helpers = helpers;
         mainPane.act_active_op.api.message = message;

diff --git a/tool/src/main/java/migt/Check.java b/tool/src/main/java/migt/Check.java
@@ -229,7 +229,7 @@ private boolean execute_http(HTTPReqRes message,
                 val = m.group();
                 val = val.trim();
             } else {
-                return false;
+                //return false; // TODO: check if correct, is not present?
             }
 
             return do_check(val);
@@ -357,9 +357,9 @@ public boolean do_check(String val_to_check) {
                     }
                     break;
                 case IS_PRESENT:
-                    return true; // if it gets to this, the searched param is already found
+                    return !val_to_check.isEmpty(); // if it gets to this, the searched param is already found
                 case IS_NOT_PRESENT:
-                    return false;
+                    return val_to_check.isEmpty();
                 case IS_IN:
                     return value_list.contains(val_to_check); // TODO check
                 case IS_NOT_IN:

diff --git a/tool/src/main/java/migt/GUI.java b/tool/src/main/java/migt/GUI.java
@@ -1556,12 +1556,12 @@ public boolean isCellEditable(int row, int column) {
                 int op_index = Integer.parseInt((String) testTable.getModel().getValueAt(testTable.getSelectedRow(), 0));
 
                 Operation op = testSuite.tests.get(resultTable.getSelectedRow()).operations.get(op_index);
-                for (Operation.MatchedMessage m : op.matchedMessages) {
+                for (HTTPReqRes m : op.matchedMessages) {
                     if (m.index == index) {
                         if (m.isRequest) {
-                            messageViewer.setMessage(m.message.getRequest(), true);
+                            messageViewer.setMessage(m.getRequest(), true);
                         } else {
-                            messageViewer.setMessage(m.message.getResponse(), false);
+                            messageViewer.setMessage(m.getResponse(), false);
                         }
                         break;
                     }

diff --git a/tool/src/main/java/migt/HTTPReqRes.java b/tool/src/main/java/migt/HTTPReqRes.java
@@ -19,6 +19,7 @@
  */
 public class HTTPReqRes implements Cloneable {
     static public int instances;
+    public Integer index = -1; // index of the message wrt the burp proxy
     public boolean isRequest = false;
     public boolean isResponse = false;
     public int body_offset_req; // identifies the index where the body ends in the request
@@ -36,7 +37,6 @@ public class HTTPReqRes implements Cloneable {
     private List<String> headers_req; // the headers of the request
     private List<String> headers_resp; // the headers of the response
 
-
     /**
      * Instantiate an HTTPReqRes element
      *
@@ -82,14 +82,16 @@ public HTTPReqRes(IHttpRequestResponsePersisted message, IExtensionHelpers helpe
      * @param helpers   an istance of the IExtensionHelpers
      * @param isRequest true if the message is a request, false otherwise
      */
-    public HTTPReqRes(IHttpRequestResponse message, IExtensionHelpers helpers, Boolean isRequest) {
+    public HTTPReqRes(IHttpRequestResponse message, IExtensionHelpers helpers, Boolean isRequest, int index) {
         if (!isRequest) {
             this.isResponse = true;
             this.setResponse(message.getResponse());
             this.headers_resp = helpers.analyzeResponse(message.getResponse()).getHeaders();
             this.body_offset_resp = helpers.analyzeRequest(message.getResponse()).getBodyOffset();
         }
 
+        this.index = index;
+
         // the request is always present in a IHTTPRequestResponse
         this.isRequest = true;
         this.setRequest(message.getRequest());

diff --git a/tool/src/main/java/migt/Operation.java b/tool/src/main/java/migt/Operation.java
@@ -27,7 +27,7 @@ public class Operation extends Module {
     public String replace_request_name;
     public String replace_response_name;
     public boolean isSessionOp = false;
-    public List<MatchedMessage> matchedMessages;
+    public List<HTTPReqRes> matchedMessages;
     public byte[] processed_message;
     public IHttpService processed_message_service;  // null if it is not changed
     public List<IInterceptedProxyMessage> log_messages;
@@ -370,13 +370,7 @@ public void setAPI(Operation_API api) {
         this.api = api;
 
         // add the intercepted message to the matched messages to be displayed
-        matchedMessages.add(new Operation.MatchedMessage(
-                api.message,
-                0,
-                api.is_request,
-                !api.is_request,
-                false
-        ));
+        matchedMessages.add(api.message);
 
         // updates the processed message from the api
         this.processed_message = api.message.build_message(api.is_request);
@@ -511,33 +505,5 @@ public static Then fromString(String input) throws ParsingException {
             }
         }
     }
-
-    /**
-     * Class to store the index and some information about matched messages (with regex or check) in an operation
-     */
-    public static class MatchedMessage {
-        HTTPReqRes message;
-        boolean isRequest = false;
-        boolean isResponse = false;
-        boolean isFail = false;
-        Integer index;
-
-        /**
-         * Instantiates a MatchedMessage
-         *
-         * @param message    the message
-         * @param index      the index in the message list
-         * @param isRequest  if it is a request
-         * @param isResponse if it is a response
-         * @param isFail     if it made the test fail
-         */
-        public MatchedMessage(HTTPReqRes message, Integer index, boolean isRequest, boolean isResponse, boolean isFail) {
-            this.message = message;
-            this.isResponse = isResponse;
-            this.isRequest = isRequest;
-            this.index = index;
-            this.isFail = isFail;
-        }
-    }
 }
 
diff --git a/tool/src/main/java/migt/Test.java b/tool/src/main/java/migt/Test.java
@@ -177,14 +177,14 @@ public List<String[]> getRows() {
 
         int count = 0;
         for (Operation op : operations) {
-            for (Operation.MatchedMessage msg : op.matchedMessages) {
+            for (HTTPReqRes msg : op.matchedMessages) {
                 String[] tmp = new String[]{
                         String.valueOf(count),
                         String.valueOf(op.getMessageType()),
                         "",
                         op.getChecks().toString(),
                         msg.index.toString(),
-                        msg.isFail ? "failed" : "passed"};
+                        "-"}; // TODO: somehow put if the message made the test fail
                 res.add(tmp);
             }
             count++;
@@ -285,28 +285,28 @@ public void logTest(String log_folder) {
                     "/operation_" +
                     op_count +
                     "_" + o.getMessageType();
-            for (Operation.MatchedMessage m : o.matchedMessages) {
-                if (m.message != null) {
-                    if (m.message.getRequest() != null) {
+            for (HTTPReqRes m : o.matchedMessages) {
+                if (m != null) {
+                    if (m.getRequest() != null) {
                         File log_message = new File(base_path + "_request.raw");
                         try {
                             FileWriter fw = new FileWriter(log_message.getAbsoluteFile());
                             BufferedWriter bw = new BufferedWriter(fw);
                             bw.write(header);
-                            bw.write(new String(m.message.getRequest(), StandardCharsets.UTF_8));
+                            bw.write(new String(m.getRequest(), StandardCharsets.UTF_8));
                             bw.close();
                         } catch (IOException e) {
                             e.printStackTrace();
                         }
                         message_count++;
                     }
-                    if (m.message.getResponse() != null) {
+                    if (m.getResponse() != null) {
                         File log_message = new File(base_path + "_response.raw");
                         try {
                             FileWriter fw = new FileWriter(log_message.getAbsoluteFile());
                             BufferedWriter bw = new BufferedWriter(fw);
                             bw.write(header);
-                            bw.write(new String(m.message.getResponse(), StandardCharsets.UTF_8));
+                            bw.write(new String(m.getResponse(), StandardCharsets.UTF_8));
                             bw.close();
                         } catch (IOException e) {
                             e.printStackTrace();

diff --git a/tool/src/main/java/migt/Tools.java b/tool/src/main/java/migt/Tools.java
@@ -36,15 +36,10 @@ public static boolean executePassiveTest(Test test,
                                              List<MessageType> msg_types) throws ParsingException {
         int i, j;
         boolean res = true;
-        boolean actisreq = false;
-        boolean actisresp = false;
 
         for (i = 0; i < messageList.size(); i++) {
             j = 0;
             while (j < test.operations.size() && res) {
-                actisreq = false;
-                actisresp = false;
-
                 Operation currentOP = test.operations.get(j);
                 MessageType msg_type = MessageType.getFromList(msg_types, currentOP.getMessageType());
 
@@ -63,15 +58,8 @@ public static boolean executePassiveTest(Test test,
                 }
 
                 test.vars = currentOP.api.vars;
-
-                actisreq = msg_type.msg_to_process_is_request;
-                actisresp = !msg_type.msg_to_process_is_request;
                 j++;
             }
-            if (!res) {
-                test.operations.get(--j).matchedMessages.add(new Operation.MatchedMessage(messageList.get(i), i, actisreq, actisresp, true));
-                break;
-            }
         }
 
         for (Operation op : test.operations) {