From ebe55341edc0b1b8961ab920e7267344252f45c7 Mon Sep 17 00:00:00 2001 From: mattebit Date: Thu, 17 Aug 2023 12:24:49 +0200 Subject: [PATCH] Fixed bug in check + better test results --- tool/src/main/java/migt/BurpExtender.java | 26 +++++++++------- tool/src/main/java/migt/Check.java | 6 ++-- tool/src/main/java/migt/GUI.java | 6 ++-- tool/src/main/java/migt/HTTPReqRes.java | 6 ++-- tool/src/main/java/migt/Operation.java | 38 ++--------------------- tool/src/main/java/migt/Test.java | 16 +++++----- tool/src/main/java/migt/Tools.java | 12 ------- 7 files changed, 34 insertions(+), 76 deletions(-) diff --git a/tool/src/main/java/migt/BurpExtender.java b/tool/src/main/java/migt/BurpExtender.java index 167e78c..dd1bc20 100644 --- a/tool/src/main/java/migt/BurpExtender.java +++ b/tool/src/main/java/migt/BurpExtender.java @@ -97,7 +97,12 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa String port = proxy_message.getListenerInterface().split(":")[1]; IHttpRequestResponse messageInfo = proxy_message.getMessageInfo(); - HTTPReqRes message = new HTTPReqRes(messageInfo, helpers, messageIsRequest); + HTTPReqRes message = new HTTPReqRes( + messageInfo, + helpers, + messageIsRequest, + proxy_message.getMessageReference() + ); if (mainPane.ACTIVE_ENABLED) { if (!port.equals(mainPane.act_active_op.session_port)) { @@ -118,18 +123,10 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa boolean matchMessage = message.matches_msg_type(msg_type); if (matchMessage) { - Operation.MatchedMessage m = new Operation.MatchedMessage( - message, - HTTPReqRes.instances, - msg_type.msg_to_process_is_request, - !msg_type.msg_to_process_is_request, - false); - mainPane.act_active_op.matchedMessages.add(m); - // If the operation's action is an intercept if (Objects.requireNonNull(mainPane.act_active_op.getAction()) == Operation.Action.INTERCEPT) { try { - processMatchedMsg(msg_type, messageInfo); + processMatchedMsg(msg_type, messageInfo, message); if (mainPane.act_active_op.then != null & mainPane.act_active_op.then == Operation.Then.DROP) { proxy_message.setInterceptAction(IInterceptedProxyMessage.ACTION_DROP); @@ -157,10 +154,15 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa } } + /** + * @param msg_type the message type to be used + * @param messageInfo the original intercepted messageInfo to being able to edit the message + * @param message a custom parsed message to be used in opeations + */ private void processMatchedMsg(MessageType msg_type, - IHttpRequestResponse messageInfo) { + IHttpRequestResponse messageInfo, + HTTPReqRes message) { messageInfo.setHighlight("red"); - HTTPReqRes message = new HTTPReqRes(messageInfo, helpers, msg_type.msg_to_process_is_request); mainPane.act_active_op.helpers = helpers; mainPane.act_active_op.api.message = message; diff --git a/tool/src/main/java/migt/Check.java b/tool/src/main/java/migt/Check.java index df01521..2947cef 100644 --- a/tool/src/main/java/migt/Check.java +++ b/tool/src/main/java/migt/Check.java @@ -229,7 +229,7 @@ private boolean execute_http(HTTPReqRes message, val = m.group(); val = val.trim(); } else { - return false; + //return false; // TODO: check if correct, is not present? } return do_check(val); @@ -357,9 +357,9 @@ public boolean do_check(String val_to_check) { } break; case IS_PRESENT: - return true; // if it gets to this, the searched param is already found + return !val_to_check.isEmpty(); // if it gets to this, the searched param is already found case IS_NOT_PRESENT: - return false; + return val_to_check.isEmpty(); case IS_IN: return value_list.contains(val_to_check); // TODO check case IS_NOT_IN: diff --git a/tool/src/main/java/migt/GUI.java b/tool/src/main/java/migt/GUI.java index 8300d81..90a3305 100644 --- a/tool/src/main/java/migt/GUI.java +++ b/tool/src/main/java/migt/GUI.java @@ -1556,12 +1556,12 @@ public boolean isCellEditable(int row, int column) { int op_index = Integer.parseInt((String) testTable.getModel().getValueAt(testTable.getSelectedRow(), 0)); Operation op = testSuite.tests.get(resultTable.getSelectedRow()).operations.get(op_index); - for (Operation.MatchedMessage m : op.matchedMessages) { + for (HTTPReqRes m : op.matchedMessages) { if (m.index == index) { if (m.isRequest) { - messageViewer.setMessage(m.message.getRequest(), true); + messageViewer.setMessage(m.getRequest(), true); } else { - messageViewer.setMessage(m.message.getResponse(), false); + messageViewer.setMessage(m.getResponse(), false); } break; } diff --git a/tool/src/main/java/migt/HTTPReqRes.java b/tool/src/main/java/migt/HTTPReqRes.java index 7717ab6..d5aed22 100644 --- a/tool/src/main/java/migt/HTTPReqRes.java +++ b/tool/src/main/java/migt/HTTPReqRes.java @@ -19,6 +19,7 @@ */ public class HTTPReqRes implements Cloneable { static public int instances; + public Integer index = -1; // index of the message wrt the burp proxy public boolean isRequest = false; public boolean isResponse = false; public int body_offset_req; // identifies the index where the body ends in the request @@ -36,7 +37,6 @@ public class HTTPReqRes implements Cloneable { private List headers_req; // the headers of the request private List headers_resp; // the headers of the response - /** * Instantiate an HTTPReqRes element * @@ -82,7 +82,7 @@ public HTTPReqRes(IHttpRequestResponsePersisted message, IExtensionHelpers helpe * @param helpers an istance of the IExtensionHelpers * @param isRequest true if the message is a request, false otherwise */ - public HTTPReqRes(IHttpRequestResponse message, IExtensionHelpers helpers, Boolean isRequest) { + public HTTPReqRes(IHttpRequestResponse message, IExtensionHelpers helpers, Boolean isRequest, int index) { if (!isRequest) { this.isResponse = true; this.setResponse(message.getResponse()); @@ -90,6 +90,8 @@ public HTTPReqRes(IHttpRequestResponse message, IExtensionHelpers helpers, Boole this.body_offset_resp = helpers.analyzeRequest(message.getResponse()).getBodyOffset(); } + this.index = index; + // the request is always present in a IHTTPRequestResponse this.isRequest = true; this.setRequest(message.getRequest()); diff --git a/tool/src/main/java/migt/Operation.java b/tool/src/main/java/migt/Operation.java index e2dc502..d4d562f 100644 --- a/tool/src/main/java/migt/Operation.java +++ b/tool/src/main/java/migt/Operation.java @@ -27,7 +27,7 @@ public class Operation extends Module { public String replace_request_name; public String replace_response_name; public boolean isSessionOp = false; - public List matchedMessages; + public List matchedMessages; public byte[] processed_message; public IHttpService processed_message_service; // null if it is not changed public List log_messages; @@ -370,13 +370,7 @@ public void setAPI(Operation_API api) { this.api = api; // add the intercepted message to the matched messages to be displayed - matchedMessages.add(new Operation.MatchedMessage( - api.message, - 0, - api.is_request, - !api.is_request, - false - )); + matchedMessages.add(api.message); // updates the processed message from the api this.processed_message = api.message.build_message(api.is_request); @@ -511,33 +505,5 @@ public static Then fromString(String input) throws ParsingException { } } } - - /** - * Class to store the index and some information about matched messages (with regex or check) in an operation - */ - public static class MatchedMessage { - HTTPReqRes message; - boolean isRequest = false; - boolean isResponse = false; - boolean isFail = false; - Integer index; - - /** - * Instantiates a MatchedMessage - * - * @param message the message - * @param index the index in the message list - * @param isRequest if it is a request - * @param isResponse if it is a response - * @param isFail if it made the test fail - */ - public MatchedMessage(HTTPReqRes message, Integer index, boolean isRequest, boolean isResponse, boolean isFail) { - this.message = message; - this.isResponse = isResponse; - this.isRequest = isRequest; - this.index = index; - this.isFail = isFail; - } - } } diff --git a/tool/src/main/java/migt/Test.java b/tool/src/main/java/migt/Test.java index ab6c2a4..66506a7 100644 --- a/tool/src/main/java/migt/Test.java +++ b/tool/src/main/java/migt/Test.java @@ -177,14 +177,14 @@ public List getRows() { int count = 0; for (Operation op : operations) { - for (Operation.MatchedMessage msg : op.matchedMessages) { + for (HTTPReqRes msg : op.matchedMessages) { String[] tmp = new String[]{ String.valueOf(count), String.valueOf(op.getMessageType()), "", op.getChecks().toString(), msg.index.toString(), - msg.isFail ? "failed" : "passed"}; + "-"}; // TODO: somehow put if the message made the test fail res.add(tmp); } count++; @@ -285,28 +285,28 @@ public void logTest(String log_folder) { "/operation_" + op_count + "_" + o.getMessageType(); - for (Operation.MatchedMessage m : o.matchedMessages) { - if (m.message != null) { - if (m.message.getRequest() != null) { + for (HTTPReqRes m : o.matchedMessages) { + if (m != null) { + if (m.getRequest() != null) { File log_message = new File(base_path + "_request.raw"); try { FileWriter fw = new FileWriter(log_message.getAbsoluteFile()); BufferedWriter bw = new BufferedWriter(fw); bw.write(header); - bw.write(new String(m.message.getRequest(), StandardCharsets.UTF_8)); + bw.write(new String(m.getRequest(), StandardCharsets.UTF_8)); bw.close(); } catch (IOException e) { e.printStackTrace(); } message_count++; } - if (m.message.getResponse() != null) { + if (m.getResponse() != null) { File log_message = new File(base_path + "_response.raw"); try { FileWriter fw = new FileWriter(log_message.getAbsoluteFile()); BufferedWriter bw = new BufferedWriter(fw); bw.write(header); - bw.write(new String(m.message.getResponse(), StandardCharsets.UTF_8)); + bw.write(new String(m.getResponse(), StandardCharsets.UTF_8)); bw.close(); } catch (IOException e) { e.printStackTrace(); diff --git a/tool/src/main/java/migt/Tools.java b/tool/src/main/java/migt/Tools.java index 76bea66..8e8be5d 100644 --- a/tool/src/main/java/migt/Tools.java +++ b/tool/src/main/java/migt/Tools.java @@ -36,15 +36,10 @@ public static boolean executePassiveTest(Test test, List msg_types) throws ParsingException { int i, j; boolean res = true; - boolean actisreq = false; - boolean actisresp = false; for (i = 0; i < messageList.size(); i++) { j = 0; while (j < test.operations.size() && res) { - actisreq = false; - actisresp = false; - Operation currentOP = test.operations.get(j); MessageType msg_type = MessageType.getFromList(msg_types, currentOP.getMessageType()); @@ -63,15 +58,8 @@ public static boolean executePassiveTest(Test test, } test.vars = currentOP.api.vars; - - actisreq = msg_type.msg_to_process_is_request; - actisresp = !msg_type.msg_to_process_is_request; j++; } - if (!res) { - test.operations.get(--j).matchedMessages.add(new Operation.MatchedMessage(messageList.get(i), i, actisreq, actisresp, true)); - break; - } } for (Operation op : test.operations) {