Skip to content

Commit

Permalink
## [0.0.7] - 2024-03-12
Browse files Browse the repository at this point in the history 
### Added

- JWT Tab was added for testing purposes
- Default keys dictionary

### Changed

- Response body was removed from token parser logic due to performance issues
  • Loading branch information
Doge committed Mar 12, 2024
1 parent a2fc0c8 commit 98c37a0
Show file tree
Hide file tree
Showing 24 changed files with 370 additions and 111 deletions.
11 changes: 11 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# Changelog

## [0.0.7] - 2024-03-12

### Added

- JWT Tab was added for testing purposes
- Default keys dictionary

### Changed

- Response body was removed from token parser logic due to performance issues

## [0.0.6] - 2024-02-06

### Added
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ found [here](https://github.com/blackberry/jwt-editor) and [here](https://github

* Ensure that Java JDK 17 or newer is installed
* From root of project, run the command `./gradlew jar`
* This should place the JAR file `token-library-0.0.6.jar` within the `build/libs` directory
* This should place the JAR file `token-library-0.0.7.jar` within the `build/libs` directory
* This can be loaded into Burp by navigating to the `Extensions` tab, `Installed` sub-tab, clicking `Add` and loading
the JAR file
* This BApp is using the newer Montoya API so it's best to use the latest version of Burp (try the earlier adopter
Expand Down
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ plugins {
}

group = 'one.d4d'
version = '0.0.6'
version = '0.0.7'
description = 'token-signer'

repositories {
Expand Down
1 change: 1 addition & 0 deletions src/main/java/burp/config/SignerConfig.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package burp.config;

import com.google.gson.annotations.Expose;
import one.d4d.sessionless.itsdangerous.crypto.Signers;

import java.util.EnumSet;
import java.util.Set;
Expand Down
5 changes: 0 additions & 5 deletions src/main/java/burp/config/Signers.java
View file

This file was deleted.

2 changes: 1 addition & 1 deletion src/main/java/burp/proxy/ProxyHttpMessageHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ public ProxyRequestToBeSentAction handleRequestToBeSent(InterceptedRequest inter
public ProxyResponseReceivedAction handleResponseReceived(InterceptedResponse interceptedResponse) {
annotationsModifier.updateAnnotationsIfApplicable(
interceptedResponse.annotations(),
interceptedResponse.toByteArray(),
interceptedResponse.toByteArray().subArray(0, interceptedResponse.bodyOffset()),
interceptedResponse.cookies(),
null);
return ProxyResponseReceivedAction.continueWith(interceptedResponse);
Expand Down
88 changes: 87 additions & 1 deletion src/main/java/one/d4d/sessionless/forms/EditorTab.form
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<grid id="27dc6" binding="mainPanel" layout-manager="GridLayoutManager" row-count="1" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="5" left="5" bottom="5" right="5"/>
<constraints>
<xy x="20" y="20" width="500" height="613"/>
<xy x="20" y="20" width="500" height="650"/>
</constraints>
<properties/>
<border type="none"/>
Expand Down Expand Up @@ -604,6 +604,92 @@
</grid>
</children>
</grid>
<grid id="762a3" layout-manager="GridLayoutManager" row-count="4" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="0" left="0" bottom="0" right="0"/>
<constraints>
<tabbedpane title-resource-bundle="strings" title-key="jsonwebsignature_tab_label"/>
</constraints>
<properties/>
<border type="empty"/>
<children>
<grid id="f4c6b" layout-manager="GridLayoutManager" row-count="1" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="0" left="0" bottom="0" right="0"/>
<constraints>
<grid row="0" column="0" row-span="1" col-span="1" vsize-policy="3" hsize-policy="3" anchor="0" fill="3" indent="0" use-parent-layout="false"/>
</constraints>
<properties/>
<border type="line" title-resource-bundle="strings" title-key="jsonwebsignature_header_label">
<color color="-7763575"/>
</border>
<children>
<scrollpane id="5921" class="org.fife.ui.rtextarea.RTextScrollPane">
<constraints>
<grid row="0" column="0" row-span="1" col-span="1" vsize-policy="3" hsize-policy="3" anchor="0" fill="3" indent="0" use-parent-layout="false"/>
</constraints>
<properties/>
<border type="none"/>
<children>
<component id="28acb" class="org.fife.ui.rsyntaxtextarea.RSyntaxTextArea" binding="textAreaJSONWebSignatureHeader" custom-create="true">
<constraints/>
<properties>
<currentLineHighlightColor color="-1"/>
</properties>
</component>
</children>
</scrollpane>
</children>
</grid>
<grid id="f026e" layout-manager="GridLayoutManager" row-count="1" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="0" left="0" bottom="0" right="0"/>
<constraints>
<grid row="1" column="0" row-span="1" col-span="1" vsize-policy="3" hsize-policy="3" anchor="0" fill="3" indent="0" use-parent-layout="false"/>
</constraints>
<properties/>
<border type="line" title-resource-bundle="strings" title-key="jsonwebsignature_payload_label">
<color color="-7763575"/>
</border>
<children>
<scrollpane id="5e103" class="org.fife.ui.rtextarea.RTextScrollPane">
<constraints>
<grid row="0" column="0" row-span="1" col-span="1" vsize-policy="3" hsize-policy="3" anchor="0" fill="3" indent="0" use-parent-layout="false"/>
</constraints>
<properties/>
<border type="none"/>
<children>
<component id="69288" class="org.fife.ui.rsyntaxtextarea.RSyntaxTextArea" binding="textAreaJSONWebSignaturePayload" custom-create="true">
<constraints/>
<properties>
<currentLineHighlightColor color="-1"/>
</properties>
</component>
</children>
</scrollpane>
</children>
</grid>
<grid id="6267f" binding="panelJSONWebSignature" custom-create="true" layout-manager="GridLayoutManager" row-count="1" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="0" left="0" bottom="0" right="0"/>
<constraints>
<grid row="2" column="0" row-span="1" col-span="1" vsize-policy="3" hsize-policy="3" anchor="0" fill="3" indent="0" use-parent-layout="false"/>
</constraints>
<properties/>
<border type="line" title-resource-bundle="strings" title-key="jsonwebsignature_label">
<color color="-7763575"/>
</border>
<children/>
</grid>
<grid id="4ecfb" binding="panelJSONWebSeparator" custom-create="true" layout-manager="GridLayoutManager" row-count="1" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="0" left="0" bottom="0" right="0"/>
<constraints>
<grid row="3" column="0" row-span="1" col-span="1" vsize-policy="3" hsize-policy="3" anchor="0" fill="3" indent="0" use-parent-layout="false"/>
</constraints>
<properties/>
<border type="line" title-resource-bundle="strings" title-key="jsonwebsignature_separator_label">
<color color="-7763575"/>
</border>
<children/>
</grid>
</children>
</grid>
<grid id="9e45d" layout-manager="GridLayoutManager" row-count="3" column-count="1" same-size-horizontally="false" same-size-vertically="false" hgap="-1" vgap="-1">
<margin top="0" left="0" bottom="0" right="0"/>
<constraints>
Expand Down
89 changes: 78 additions & 11 deletions src/main/java/one/d4d/sessionless/forms/EditorTab.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import burp.api.montoya.ui.Selection;
import burp.api.montoya.ui.editor.extension.ExtensionProvidedEditor;
import burp.config.SignerConfig;
import one.d4d.sessionless.forms.utils.FormUtils;
import one.d4d.sessionless.hexcodearea.HexCodeAreaFactory;
import one.d4d.sessionless.presenter.EditorPresenter;
import one.d4d.sessionless.presenter.PresenterStore;
Expand All @@ -29,12 +30,13 @@
import static org.exbin.deltahex.EditationAllowed.READ_ONLY;

public abstract class EditorTab implements ExtensionProvidedEditor {
public static final int TAB_DANGEROUSE = 0;
public static final int TAB_DANGEROUS = 0;
public static final int TAB_EXPRESS = 1;
public static final int TAB_OAUTH = 2;
public static final int TAB_TORNADO = 3;
public static final int TAB_RUBY = 4;
public static final int TAB_UNKNOWN = 5;
public static final int TAB_JWT = 5;
public static final int TAB_UNKNOWN = 6;
private static final int MAX_JOSE_OBJECT_STRING_LENGTH = 68;
final EditorPresenter presenter;
private final RstaFactory rstaFactory;
Expand Down Expand Up @@ -75,11 +77,17 @@ public abstract class EditorTab implements ExtensionProvidedEditor {
private JPanel panelRubySeparator;
private RSyntaxTextArea textAreaRubyMessage;
private RSyntaxTextArea textAreaRubySignature;
private JPanel panelJSONWebSignature;
private JPanel panelJSONWebSeparator;
private RSyntaxTextArea textAreaJSONWebSignatureHeader;
private RSyntaxTextArea textAreaJSONWebSignaturePayload;
private CodeArea codeAreaDangerousSignature;
private CodeArea codeAreaDangerousSeparator;
private CodeArea codeAreaOAuthSignature;
private CodeArea codeAreaTornadoSignature;
private CodeArea codeAreaRubySeparator;
private CodeArea codeAreaJWTSignature;
private CodeArea codeAreaJWTSeparator;
private CodeArea codeAreaUnknownSeparator;

EditorTab(
Expand Down Expand Up @@ -133,6 +141,8 @@ public void changedUpdate(DocumentEvent e) {
textAreaTornadoValue.getDocument().addDocumentListener(documentListener);
textAreaRubyMessage.getDocument().addDocumentListener(documentListener);
textAreaRubySignature.getDocument().addDocumentListener(documentListener);
textAreaJSONWebSignatureHeader.getDocument().addDocumentListener(documentListener);
textAreaJSONWebSignaturePayload.getDocument().addDocumentListener(documentListener);
textAreaUnknownStringMessage.getDocument().addDocumentListener(documentListener);
textAreaUnknownStringSignature.getDocument().addDocumentListener(documentListener);

Expand All @@ -145,6 +155,8 @@ public void changedUpdate(DocumentEvent e) {
codeAreaOAuthSignature.addDataChangedListener(presenter::componentChanged);
codeAreaTornadoSignature.addDataChangedListener(presenter::componentChanged);
codeAreaRubySeparator.addDataChangedListener(presenter::componentChanged);
codeAreaJWTSignature.addDataChangedListener(presenter::componentChanged);
codeAreaJWTSeparator.addDataChangedListener(presenter::componentChanged);
codeAreaUnknownSeparator.addDataChangedListener(presenter::componentChanged);

comboBoxSignedToken.addActionListener(e -> presenter.onSelectionChanged());
Expand Down Expand Up @@ -222,7 +234,7 @@ public void setExpressSignature(String text) {
}

public byte[] getOAuthSignature() {
return Utils.getCodeAreaData(codeAreaOAuthSignature);
return FormUtils.getCodeAreaData(codeAreaOAuthSignature);
}

public void setOAuthSignature(byte[] signature) {
Expand Down Expand Up @@ -254,15 +266,15 @@ public void setTornadoTimestamp(String parameter) {
}

public byte[] getTornadoSignature() {
return Utils.getCodeAreaData(codeAreaTornadoSignature);
return FormUtils.getCodeAreaData(codeAreaTornadoSignature);
}

public void setTornadoSignature(byte[] signature) {
codeAreaTornadoSignature.setData(new ByteArrayEditableData(signature));
}

public byte[] getDangerousSignature() {
return Utils.getCodeAreaData(codeAreaDangerousSignature);
return FormUtils.getCodeAreaData(codeAreaDangerousSignature);
}

public void setDangerousSignature(byte[] signature) {
Expand All @@ -286,7 +298,7 @@ public void setOAuthTimestamp(String timestamp) {
}

public byte[] getDangerousSeparator() {
return Utils.getCodeAreaData(codeAreaDangerousSeparator);
return FormUtils.getCodeAreaData(codeAreaDangerousSeparator);
}

public void setDangerousSeparator(byte[] separator) {
Expand Down Expand Up @@ -334,13 +346,45 @@ public void setRubySignature(String signature) {
}

public byte[] getRubySeparator() {
return Utils.getCodeAreaData(codeAreaRubySeparator);
return FormUtils.getCodeAreaData(codeAreaRubySeparator);
}

public void setRubySeparator(byte[] separator) {
codeAreaRubySeparator.setData(new ByteArrayEditableData(separator));
}

public String getJWTHeader() {
return textAreaJSONWebSignatureHeader.getText();
}

public void setJWTHeader(String text) {
textAreaJSONWebSignatureHeader.setText(text);
}

public String getJWTPayload() {
return textAreaJSONWebSignaturePayload.getText();
}

public void setJWTPayload(String text) {
textAreaJSONWebSignaturePayload.setText(text);
}

public byte[] getJWTSignature() {
return FormUtils.getCodeAreaData(codeAreaJWTSignature);
}

public void setJWTSignature(byte[] separator) {
codeAreaJWTSignature.setData(new ByteArrayEditableData(separator));
}

public byte[] getJWTSeparator() {
return FormUtils.getCodeAreaData(codeAreaJWTSeparator);
}

public void setJWTSeparator(byte[] separator) {
codeAreaJWTSeparator.setData(new ByteArrayEditableData(separator));
}

public String getUnknownMessage() {
return textAreaUnknownStringMessage.getText();
}
Expand All @@ -358,7 +402,7 @@ public void setUnknownSignature(String signature) {
}

public byte[] getUnknownSeparator() {
return Utils.getCodeAreaData(codeAreaUnknownSeparator);
return FormUtils.getCodeAreaData(codeAreaUnknownSeparator);
}

public void setUnknownSeparator(byte[] separator) {
Expand Down Expand Up @@ -391,11 +435,18 @@ private void createUIComponents() {
codeAreaTornadoSignature = hexCodeAreaFactory.build();
panelTornadoSignature.add(codeAreaTornadoSignature);


panelRubySeparator = new JPanel(new BorderLayout());
codeAreaRubySeparator = hexCodeAreaFactory.build();
panelRubySeparator.add(codeAreaRubySeparator);

panelJSONWebSignature = new JPanel(new BorderLayout());
codeAreaJWTSignature = hexCodeAreaFactory.build();
panelJSONWebSignature.add(codeAreaJWTSignature);

panelJSONWebSeparator = new JPanel(new BorderLayout());
codeAreaJWTSeparator = hexCodeAreaFactory.build();
panelJSONWebSeparator.add(codeAreaJWTSeparator);

panelUnknownStringSeparator = new JPanel(new BorderLayout());
codeAreaUnknownSeparator = hexCodeAreaFactory.build();
panelUnknownStringSeparator.add(codeAreaUnknownSeparator);
Expand Down Expand Up @@ -441,6 +492,8 @@ private void createUIComponents() {
textAreaTornadoValue = rstaFactory.buildDefaultTextArea();
textAreaRubyMessage = rstaFactory.buildDefaultTextArea();
textAreaRubySignature = rstaFactory.buildDefaultTextArea();
textAreaJSONWebSignatureHeader = rstaFactory.buildDefaultTextArea();
textAreaJSONWebSignaturePayload = rstaFactory.buildDefaultTextArea();
textAreaUnknownStringMessage = rstaFactory.buildDefaultTextArea();
textAreaUnknownStringSignature = rstaFactory.buildDefaultTextArea();
}
Expand All @@ -466,8 +519,8 @@ private void enableTabAtIndex(int index) {
}

public void setDangerousMode() {
mode = TAB_DANGEROUSE;
enableTabAtIndex(TAB_DANGEROUSE);
mode = TAB_DANGEROUS;
enableTabAtIndex(TAB_DANGEROUS);
buttonBruteForceAttack.setEnabled(editable);
buttonAttack.setEnabled(editable);
textAreaDangerousPayload.setEditable(editable);
Expand Down Expand Up @@ -536,6 +589,20 @@ public void setRubyMode() {
codeAreaRubySeparator.setEditationAllowed(editationAllowed);
}

public void setJWTMode() {
mode = TAB_JWT;
enableTabAtIndex(TAB_JWT);
buttonBruteForceAttack.setEnabled(editable);
buttonAttack.setEnabled(editable);

textAreaJSONWebSignatureHeader.setEditable(editable);
textAreaJSONWebSignaturePayload.setEditable(editable);

EditationAllowed editationAllowed = editable ? ALLOWED : READ_ONLY;
codeAreaJWTSignature.setEditationAllowed(editationAllowed);
codeAreaJWTSeparator.setEditationAllowed(editationAllowed);
}

public void setUnknownMode() {
mode = TAB_UNKNOWN;
enableTabAtIndex(TAB_UNKNOWN);
Expand Down
Loading

0 comments on commit 98c37a0

Please sign in to comment.