Skip to content

Commit

Permalink
ReSign v2.2
Browse files Browse the repository at this point in the history
Add TimeStamp Support
  • Loading branch information
bit4 committed Dec 26, 2016
1 parent c8aa16a commit 7073430
Show file tree
Hide file tree
Showing 39 changed files with 32 additions and 15 deletions.
11 changes: 11 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,17 @@ finally, chose how to combine parameters.
- 增加支持多行删除。
- 修复“发送到 Resign”中的URL编码问题。


## ReSign v2.2 Change log ##

- Support timestamp in parameter value ,basing on current system time.
- Optimized log format.


- 支持时间戳形式的参数值,通过获取当前系统时间实现。
- 优化了log输出格式。


## issue and contribute ##

any issue and contribute are welcomed。
Expand Down
1 change: 0 additions & 1 deletion bin/.gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
/burp/
/custom/
Binary file modified bin/burp/BurpExtender$1.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender$2.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender$3.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender$4.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender$5.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender$6.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender$7.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender$8.class
Binary file not shown.
Binary file modified bin/burp/BurpExtender.class
Binary file not shown.
Binary file added bin/custom/CAESOperator.class
Binary file not shown.
Binary file added bin/custom/CAESOperator_AES_256.class
Binary file not shown.
Binary file added bin/custom/CBase64$Coder.class
Binary file not shown.
Binary file added bin/custom/CBase64$Decoder.class
Binary file not shown.
Binary file added bin/custom/CBase64$Encoder.class
Binary file not shown.
Binary file added bin/custom/CBase64.class
Binary file not shown.
Binary file added bin/custom/CGUI$1.class
Binary file not shown.
Binary file added bin/custom/CGUI$10.class
Binary file not shown.
Binary file added bin/custom/CGUI$2.class
Binary file not shown.
Binary file added bin/custom/CGUI$3.class
Binary file not shown.
Binary file added bin/custom/CGUI$4.class
Binary file not shown.
Binary file added bin/custom/CGUI$5.class
Binary file not shown.
Binary file added bin/custom/CGUI$6.class
Binary file not shown.
Binary file added bin/custom/CGUI$7.class
Binary file not shown.
Binary file added bin/custom/CGUI$8.class
Binary file not shown.
Binary file added bin/custom/CGUI$9.class
Binary file not shown.
Binary file added bin/custom/CGUI.class
Binary file not shown.
Binary file added bin/custom/CMD5.class
Binary file not shown.
Binary file added bin/custom/CMapSort.class
Binary file not shown.
Binary file added bin/custom/CRecalculater.class
Binary file not shown.
Binary file added bin/custom/CSHA1.class
Binary file not shown.
Binary file added bin/custom/CString2Other.class
Binary file not shown.
Binary file added bin/custom/CUnicodeDecoder.class
Binary file not shown.
Binary file added bin/custom/MapKeyComparator.class
Binary file not shown.
Binary file added bin/custom/MapKeyComparatorDesc.class
Binary file not shown.
Binary file added bin/custom/MapValueComparator.class
Binary file not shown.
Binary file added bin/custom/MapValueComparatorDesc.class
Binary file not shown.
35 changes: 21 additions & 14 deletions src/burp/BurpExtender.java
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.awt.GridBagConstraints;
import java.awt.GridBagLayout;
import java.awt.Insets;
import java.awt.PageAttributes.OriginType;

import javax.swing.SwingConstants;
import javax.swing.SwingUtilities;
Expand Down Expand Up @@ -82,7 +83,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, ITab, IContex
public JPanel contentPane;
private final ButtonGroup buttonGroup = new ButtonGroup();
private final ButtonGroup buttonGroup1 = new ButtonGroup();
public String extenderName = "Resign v2.1 by bit4";
public String extenderName = "Resign v2.2 by bit4";
private JTextField textFieldParaConnector;
public JLabel lblOrderMethod;

Expand All @@ -104,7 +105,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
{//当加载插件的时候,会调用下面的方法。
stdout = new PrintWriter(callbacks.getStdout(), true);
//PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true); 这种写法是定义变量和实例化,这里的变量就是新的变量而不是之前class中的全局变量了。
stdout.println(extenderName+" https://github.com/bit4woo");
stdout.println(extenderName+" https://github.com/bit4woo\r\n");
//System.out.println("test"); 不会输出到burp的
this.callbacks = callbacks;
helpers = callbacks.getHelpers();
Expand All @@ -119,27 +120,31 @@ public void processHttpMessage(int toolFlag,boolean messageIsRequest,IHttpReques
{
if (toolFlag == (toolFlag&checkEnabledFor())){ //不同的toolflag代表了不同的burp组件 https://portswigger.net/burp/extender/api/constant-values.html#burp.IBurpExtenderCallbacks
if (messageIsRequest){ //对请求包进行处理
stdout.println("Origin Request:");
stdout.println(new String(messageInfo.getRequest()));
stdout.println("\r\n");
IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); //对消息体进行解析
byte getSignParaType = getSignParaType(analyzeRequest);

//*******************recalculate sign**************************//
if (getHost(analyzeRequest).equals(getHostFromUI()) && getSignParaType !=-1){//检查图形面板上的各种参数,都齐备了才进行。
byte[] new_Request = messageInfo.getRequest();
String str = combineString(getUpdatedParaBaseOnTable(analyzeRequest),getOnlyValueConfig(),getParaConnector());
stdout.println("Combined String:"+str);
//stdout.println("Combined String:"+str);
String newSign = calcSign(str);
stdout.println("New Sign:"+newSign); //输出到extender的UI窗口,可以让使用者有一些判断
//stdout.println("New Sign:"+newSign); //输出到extender的UI窗口,可以让使用者有一些判断
//更新参数
IParameter newPara = helpers.buildParameter(signPara, newSign, getSignParaType); //构造新的参数,如果参数是PARAM_JSON类型,这个方法是不适用的
new_Request = helpers.updateParameter(new_Request, newPara); //构造新的请求包,这里是方法一updateParameter
messageInfo.setRequest(new_Request);//设置最终新的请求包
//stdout.println(new String(messageInfo.getRequest()));
//stdout.print("\r\n");
/* to verify the updated result
for (IParameter para : helpers.analyzeRequest(messageInfo).getParameters()){
stdout.println(para.getValue());
}
*/
stdout.println("Changed Request:");
stdout.println(new String(messageInfo.getRequest()));
stdout.print("\r\n");
//to verify the updated result
// for (IParameter para : helpers.analyzeRequest(messageInfo).getParameters()){
// stdout.println(para.getValue());
// }

}
}
}
Expand Down Expand Up @@ -434,9 +439,11 @@ public void actionPerformed(ActionEvent e) {
textAreaFinalString.setText("error! sign parameter must be specified!");
}else{
String str = combineString(getParaFromTable(),getOnlyValueConfig(),getParaConnector());
if (str.contains("<timestamp>")){
str = str.replace("<timestamp>", Long.toString(System.currentTimeMillis()));//需要重新赋值,否则不会被更新
}
textAreaFinalString.setText(str);
}

}
});
GridBagConstraints gbc_button = new GridBagConstraints();
Expand Down Expand Up @@ -691,8 +698,8 @@ public Map<String, String> getUpdatedParaBaseOnTable(IRequestInfo analyzeRequest
Map<String,String> paraMap = getParaFromTable();
for (IParameter para:paras){
if (paraMap.keySet().contains(para.getName())){
if (paraMap.get(para.getName()).equals("<timestamp>")){
paraMap.put(para.getName(),Long.toString(System.currentTimeMillis()));
if (paraMap.get(para.getName()).contains("<timestamp>")){
paraMap.put(para.getName(), paraMap.get(para.getName()).replace("<timestamp>", Long.toString(System.currentTimeMillis())));
}else {
paraMap.put(para.getName(), para.getValue());
//stdout.println(para.getName()+":"+para.getValue());
Expand Down

0 comments on commit 7073430

Please sign in to comment.