Skip to content

Commit

Permalink
Merge pull request #23 from NetSPI/sort-signed-headers
Browse files Browse the repository at this point in the history 
Signed headers list is now sorted
  • Loading branch information
@AndreyRainchik
AndreyRainchik authored Dec 3, 2019
2 parents afd115b + 69e7976 commit b02e81e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 10 deletions.
8 changes: 0 additions & 8 deletions .idea/modules.xml
View file

This file was deleted.

5 changes: 3 additions & 2 deletions src/main/java/burp/Utility.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ public static byte[] signRequest(IHttpRequestResponse messageInfo,
pw.println("Warning: SignedHeader '" + signedHeader + "' does not exist in request headers.");
}
}
String signedHeadersSorted = String.join(";", signedHeaderList);
//pw.println(canonicalHeaders.toString());
byte[] request = messageInfo.getRequest();
String body = "";
Expand Down Expand Up @@ -216,7 +217,7 @@ public static byte[] signRequest(IHttpRequestResponse messageInfo,
//canonicalQueryString = canonicalQueryString.replace(":","%3A").replace("/","%2F").replace(" ", "%20");

String canonicalRequest = requestInfo.getMethod() + '\n' + encodedCanonicalUri + '\n' + canonicalQueryString + '\n' +
canonicalHeaders +'\n' + signedHeaders + '\n' + payloadHash;
canonicalHeaders +'\n' + signedHeadersSorted + '\n' + payloadHash;
String credScope = dateStampString + '/' + region + '/' + service + '/' + "aws4_request";
String algorithm = "AWS4-HMAC-SHA256";

Expand All @@ -228,7 +229,7 @@ public static byte[] signRequest(IHttpRequestResponse messageInfo,
String signature = DatatypeConverter.printHexBinary(HmacSHA256(stringToSign, signingKey));

newHeaders.add("Authorization: " + algorithm + ' ' + "Credential=" + accessKey + '/' + credScope + ", " + "SignedHeaders=" +
signedHeaders + ", " + "Signature=" + signature.toLowerCase());
signedHeadersSorted + ", " + "Signature=" + signature.toLowerCase());
newHeaders.add("X-Amz-Date: " + amzdate);
if(!newHeaders.get(0).matches(notUnicode)) {
char[] chars = newHeaders.get(0).toCharArray();
Expand Down

0 comments on commit b02e81e

Please sign in to comment.