Improve integrity of requests. Test.

Fixes #6 of the original NetSPI/BurpExtractor project.

Author: ilatypov

.gitignore

@@ -1,2 +1,4 @@
-.gradle/
-build/
+.gradle
+build
+settings.xml
+

build.gradle

@@ -2,29 +2,43 @@ apply plugin: 'java'
 
 repositories {
     mavenCentral()
+    maven { url 'https://oss.sonatype.org/content/repositories/snapshots' }
 }
 
-dependencies {
-    compile 'net.portswigger.burp.extender:burp-extender-api:1.7.22'
-    compile 'com.google.code.gson:gson:2.8.6'
+apply plugin: 'jacoco'
+
+// https://github.com/gradle/gradle/issues/15038
+jacoco {
+    toolVersion = '0.8.7-SNAPSHOT'
 }
 
-sourceSets {
-    main {
-        java {
-            srcDir 'src'
-        }
-        resources {
-            srcDir 'resources'
-        }
+jacocoTestReport {
+    reports {
+        xml.enabled = true
+        html.enabled = true
     }
 }
 
 targetCompatibility = '1.8'
 sourceCompatibility = '1.8'
 
+check.dependsOn jacocoTestReport
+
+dependencies {
+    implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.22'
+    implementation 'com.google.code.gson:gson:2.8.6'
+    testImplementation 'junit:junit:4.12'
+    // https://github.com/mockito/mockito/issues/1419
+    testImplementation 'org.mockito:mockito-core:2.23.4'
+}
+
 task fatJar(type: Jar) {
-    baseName = project.name + '-all'
-    from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
+    archiveBaseName = project.name + '-all'
+    from { configurations.compileClasspath.collect { it.isDirectory() ? it : zipTree(it) } }
     with jar
 }
+
+tasks.withType(JavaCompile) {
+    options.encoding = 'UTF-8'
+    options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
+}

out/artifacts/Burp_Extractor_jar/Burp_Extractor.jar

@@ -0,0 +1,131 @@
+package burp;
+
+import java.io.PrintWriter;
+import java.net.URL;
+
+public class Extractor implements IHttpListener {
+    private ExtractorMainTab extractorMainTab;
+    private IExtensionHelpers helpers;
+    private Logger logger;
+
+    public Extractor(ExtractorMainTab extractorMainTab, IBurpExtenderCallbacks callbacks) {
+        this.extractorMainTab = extractorMainTab;
+        this.helpers = callbacks.getHelpers();
+
+        this.logger = new Logger(new PrintWriter(callbacks.getStdout(), true));
+        // Logger.setLogLevel(Logger.INFO);
+    }
+
+    @Override
+    public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
+        if (messageIsRequest) {
+            logger.debug("Processing request...");
+            byte[] requestBytes = messageInfo.getRequest();
+            String request = this.helpers.bytesToString(requestBytes);
+
+            // Loop over each tab to perform whatever replacement is necessary
+            String extractedData;
+            boolean edited = false;
+            for (ExtractorTab extractorTab : this.extractorMainTab.getExtractorTabs()) {
+
+                // Determine if this message is in scope, and the user wants requests edited at this time
+                URL url = this.helpers.analyzeRequest(messageInfo.getHttpService(), requestBytes).getUrl();
+                if (extractorTab.requestIsInScope(url,
+                        messageInfo.getHttpService().getHost(),
+                        toolFlag) &&
+                        extractorTab.shouldModifyRequests()) {
+                    logger.debug("Request is in scope and Extractor tab is active.");
+
+                    // Check if we have the necessary components to do replacement
+                    String[] requestSelectionRegex = extractorTab.getRequestSelectionRegex();
+                    extractedData = extractorTab.getDataToInsert();
+                    if (!extractedData.equals("")
+                            && !requestSelectionRegex[0].equals("")
+                            && !requestSelectionRegex[1].equals("")) {
+                        logger.debug("Attempting replacement...");
+                        int[] selectionBounds = Utils.getSelectionBounds(request, requestSelectionRegex[0], requestSelectionRegex[1]);
+                        if (selectionBounds != null) {
+                            logger.info("Replacing request after regex \"" + requestSelectionRegex[0] + "\" with \"" + extractedData + "\"");
+                            int[] clHeaderBounds = Utils.getSelectionBounds(request, "(?i)\\r\\nContent-Length: ", "\\r\\n");
+                            int[] headersEndBounds = Utils.getSelectionBounds(request, "\\r\\n\\r\\n", "");
+                            // The following rewrite of the Content-Length
+                            // header aims at maintaining the integrity between
+                            // the header's claim and the rewritten content's
+                            // length. The Content-Length rewrite can still be
+                            // insufficient.  For example, the rewrite will not
+                            // fix the MIME parts of a request body that carry
+                            // own content length headers.  The Content-Length
+                            // rewrite will not fix the claimed length of a
+                            // chunk in a a chunked Transfer-Encoding.
+                            String dangerousContentLengthRewrite = null;
+                            if ((clHeaderBounds != null) && (headersEndBounds != null) &&
+                                    (clHeaderBounds[0] < headersEndBounds[0]) && (headersEndBounds[0] < selectionBounds[0])) {
+                                int origContentLength = Integer.parseInt(request.substring(clHeaderBounds[0],
+                                            clHeaderBounds[1]));
+                                int replacedLength = selectionBounds[1] - selectionBounds[0];
+                                int replacedContentLength = origContentLength - replacedLength + extractedData.length();
+                                if (origContentLength != replacedContentLength) {
+                                    logger.info("Updating Content-Length: " + origContentLength + " with " + replacedContentLength);
+                                    dangerousContentLengthRewrite = request.substring(0, clHeaderBounds[0]) + 
+                                        Integer.toString(replacedContentLength) +
+                                        request.substring(clHeaderBounds[1], selectionBounds[0]);
+                                }
+                            }
+                            String contentBeforeRewrite;
+                            if (dangerousContentLengthRewrite == null) {
+                                contentBeforeRewrite = request.substring(0, selectionBounds[0]);
+                            } else {
+                                contentBeforeRewrite = dangerousContentLengthRewrite;
+                            }
+                            request = contentBeforeRewrite
+                                    + extractedData
+                                    + request.substring(selectionBounds[1], request.length());
+                            edited = true;
+                            logger.debug("Finished replacement");
+                        }
+                    }
+                }
+            }
+            if (edited) {
+                messageInfo.setRequest(this.helpers.stringToBytes(request));
+            }
+        } else if (!messageIsRequest) {
+
+            logger.debug("Processing response...");
+            byte[] responseBytes = messageInfo.getResponse();
+            String response = this.helpers.bytesToString(responseBytes);
+
+            // Loop over each tab, and grab whatever data item is necessary
+            for (ExtractorTab extractorTab : this.extractorMainTab.getExtractorTabs()) {
+
+                // Check if message is in scope
+                IHttpService service = messageInfo.getHttpService();
+                URL url;
+                try {
+                    url = new URL(service.getProtocol(), service.getHost(), service.getPort(), "");
+                } catch(java.net.MalformedURLException e) {
+                    throw new RuntimeException(e);
+                }
+                if (extractorTab.responseIsInScope(url,
+                        service.getHost(),
+                        toolFlag)) {
+                    logger.debug("Response is in scope.");
+
+                    String[] responseSelectionRegex = extractorTab.getResponseSelectionRegex();
+
+                    // Grab text from response
+                    if (responseSelectionRegex[0] != "" && responseSelectionRegex[1] != "") {
+                        int[] selectionBounds = Utils.getSelectionBounds(response, responseSelectionRegex[0], responseSelectionRegex[1]);
+                        if (selectionBounds != null) {
+                            logger.info("Found a match in the response after regex \"" + responseSelectionRegex[0] + "\": \"" +
+                                    response.substring(selectionBounds[0], selectionBounds[1]) + "\"");
+                            extractorTab.setDataToInsert(response.substring(selectionBounds[0], selectionBounds[1]));
+                        }
+                    } else {
+                        logger.debug("Before and after regex not defined");
+                    }
+                }
+            }
+        }
+    }
+}

out/artifacts/Burp_Extractor_jar/token-extractor-all.jar

@@ -9,7 +9,7 @@
 import java.util.HashMap;
 
 public class ExtractorMainTab implements ITab {
-	private HashMap extractorTabMap;
+	private HashMap<Integer, ExtractorTab> extractorTabMap;
 	private ExtractorSelectorTab selectorTab;
 	private int tabNum = 0;
 	static int tabsRemoved = 0;