Skip to content

Commit c664328

Browse files
federicodottafedericodotta
committed
Added contextual menu
Bugfix in exploitation tab
1 parent 2e39062 commit c664328

1 file changed

Lines changed: 144 additions & 6 deletions

File tree

src/burp/BurpExtender.java

Lines changed: 144 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
import java.util.Iterator;
1818
import java.util.List;
1919
import java.util.Set;
20+
import java.util.StringTokenizer;
2021
import java.util.concurrent.TimeUnit;
2122

2223
import javax.swing.BoxLayout;
@@ -26,6 +27,7 @@
2627
import javax.swing.JLabel;
2728
import javax.swing.JMenuItem;
2829
import javax.swing.JPanel;
30+
import javax.swing.JPopupMenu;
2931
import javax.swing.JScrollPane;
3032
import javax.swing.JSeparator;
3133
import javax.swing.JSplitPane;
@@ -250,6 +252,19 @@ public void run()
250252
JScrollPane scrollRequestAreaManualTesting = new JScrollPane(requestAreaManualTesting);
251253
scrollRequestAreaManualTesting.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED);
252254
requestAreaManualTesting.setLineWrap(true);
255+
256+
// MENU
257+
JPopupMenu popupMenuManualTesting = new JPopupMenu();
258+
JMenuItem sendToRepeaterManualTesting = new JMenuItem("Send to Repeater");
259+
sendToRepeaterManualTesting.setActionCommand("sendRepeaterManualTesting");
260+
sendToRepeaterManualTesting.addActionListener(BurpExtender.this);
261+
popupMenuManualTesting.add(sendToRepeaterManualTesting);
262+
JMenuItem sendToExploitingManualTesting = new JMenuItem("Send to Exploitation tab");
263+
sendToExploitingManualTesting.setActionCommand("sendExploitingManualTesting");
264+
sendToExploitingManualTesting.addActionListener(BurpExtender.this);
265+
popupMenuManualTesting.add(sendToExploitingManualTesting);
266+
requestAreaManualTesting.setComponentPopupMenu(popupMenuManualTesting);
267+
// END MENU
253268

254269
JPanel buttonPanelManualTesting = new JPanel();
255270
buttonPanelManualTesting.setLayout(new BoxLayout(buttonPanelManualTesting, BoxLayout.X_AXIS));
@@ -339,6 +354,19 @@ public void run()
339354
JScrollPane scrollRequestAreaExploiting = new JScrollPane(requestAreaExploitingTop);
340355
scrollRequestAreaExploiting.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_AS_NEEDED);
341356
requestAreaExploitingTop.setLineWrap(true);
357+
358+
// MENU
359+
JPopupMenu popupMenuExploiting = new JPopupMenu();
360+
JMenuItem sendToRepeaterExploiting = new JMenuItem("Send to Repeater");
361+
sendToRepeaterExploiting.setActionCommand("sendRepeaterExploiting");
362+
sendToRepeaterExploiting.addActionListener(BurpExtender.this);
363+
popupMenuExploiting.add(sendToRepeaterExploiting);
364+
JMenuItem sendToManualTestingExploiting = new JMenuItem("Send to Manual Testing tab");
365+
sendToManualTestingExploiting.setActionCommand("sendManualTestingExploiting");
366+
sendToManualTestingExploiting.addActionListener(BurpExtender.this);
367+
popupMenuExploiting.add(sendToManualTestingExploiting);
368+
requestAreaExploitingTop.setComponentPopupMenu(popupMenuExploiting);
369+
// END MENU
342370

343371
JPanel buttonPanelExploiting = new JPanel();
344372
buttonPanelExploiting.setLayout(new BoxLayout(buttonPanelExploiting, BoxLayout.X_AXIS));
@@ -907,10 +935,54 @@ public void run() {
907935
};
908936
t.start();
909937

910-
}
911-
912-
913-
938+
} else if(command.equals("sendRepeaterManualTesting")) {
939+
940+
callbacks.sendToRepeater(hostManualTesting.getText().trim(), Integer.parseInt(portManualTesting.getText().trim()), useHttpsManualTesting.isSelected(), requestAreaManualTesting.getText().getBytes(), null);
941+
942+
} else if(command.equals("sendExploitingManualTesting")) {
943+
944+
SwingUtilities.invokeLater(new Runnable() {
945+
946+
@Override
947+
public void run() {
948+
949+
hostExploiting.setText(hostManualTesting.getText().trim());
950+
portExploiting.setText(portManualTesting.getText().trim());
951+
if(useHttpsManualTesting.isSelected()) {
952+
useHttpsExploiting.setSelected(true);
953+
} else {
954+
useHttpsExploiting.setSelected(false);
955+
}
956+
requestAreaExploitingTop.setText(requestAreaManualTesting.getText());
957+
958+
}
959+
});
960+
961+
} else if(command.equals("sendRepeaterExploiting")) {
962+
963+
callbacks.sendToRepeater(hostExploiting.getText().trim(), Integer.parseInt(portExploiting.getText().trim()), useHttpsExploiting.isSelected(), requestAreaExploitingTop.getText().getBytes(), null);
964+
965+
} else if(command.equals("sendManualTestingExploiting")) {
966+
967+
SwingUtilities.invokeLater(new Runnable() {
968+
969+
@Override
970+
public void run() {
971+
972+
hostManualTesting.setText(hostExploiting.getText().trim());
973+
portManualTesting.setText(portExploiting.getText().trim());
974+
if(useHttpsExploiting.isSelected()) {
975+
useHttpsManualTesting.setSelected(true);
976+
} else {
977+
useHttpsManualTesting.setSelected(false);
978+
}
979+
requestAreaManualTesting.setText(requestAreaExploitingTop.getText());
980+
981+
}
982+
});
983+
984+
}
985+
914986

915987
}
916988

@@ -992,7 +1064,9 @@ public byte[] generateYsoserialPayload() {
9921064

9931065
try {
9941066

995-
String[] commandParts = requestAreaExploitingBottom.getText().trim().split(" ");
1067+
String[] commandParts = translateCommandline(requestAreaExploitingBottom.getText().trim());
1068+
for(int i=0;i<commandParts.length;i++)
1069+
stdout.println(commandParts[i]);
9961070

9971071
Runtime rt = Runtime.getRuntime();
9981072
String[] commands = {"java","-jar",pathYsoserial};
@@ -1093,7 +1167,7 @@ public void attackExploitation(int encoding) {
10931167

10941168
attackButtonExploiting.setEnabled(true);
10951169
attackBase64ButtonExploiting.setEnabled(true);
1096-
attackAsciiHexButtonExploiting.setEnabled(false);
1170+
attackAsciiHexButtonExploiting.setEnabled(true);
10971171

10981172
}
10991173

@@ -1271,6 +1345,70 @@ public byte[] getRequest() {
12711345
public byte[] getResponse() {
12721346
return currentExploitationRequestResponse.getResponse();
12731347
}
1348+
1349+
public static String[] translateCommandline(String toProcess) {
1350+
if(toProcess != null && toProcess.length() != 0) {
1351+
boolean normal = false;
1352+
boolean inQuote = true;
1353+
boolean inDoubleQuote = true;
1354+
byte state = 0;
1355+
StringTokenizer tok = new StringTokenizer(toProcess, "\"\' ", true);
1356+
ArrayList result = new ArrayList();
1357+
StringBuilder current = new StringBuilder();
1358+
boolean lastTokenHasBeenQuoted = false;
1359+
1360+
while(true) {
1361+
while(tok.hasMoreTokens()) {
1362+
String nextTok = tok.nextToken();
1363+
switch(state) {
1364+
case 1:
1365+
if("\'".equals(nextTok)) {
1366+
lastTokenHasBeenQuoted = true;
1367+
state = 0;
1368+
} else {
1369+
current.append(nextTok);
1370+
}
1371+
continue;
1372+
case 2:
1373+
if("\"".equals(nextTok)) {
1374+
lastTokenHasBeenQuoted = true;
1375+
state = 0;
1376+
} else {
1377+
current.append(nextTok);
1378+
}
1379+
continue;
1380+
}
1381+
1382+
if("\'".equals(nextTok)) {
1383+
state = 1;
1384+
} else if("\"".equals(nextTok)) {
1385+
state = 2;
1386+
} else if(" ".equals(nextTok)) {
1387+
if(lastTokenHasBeenQuoted || current.length() != 0) {
1388+
result.add(current.toString());
1389+
current.setLength(0);
1390+
}
1391+
} else {
1392+
current.append(nextTok);
1393+
}
1394+
1395+
lastTokenHasBeenQuoted = false;
1396+
}
1397+
1398+
if(lastTokenHasBeenQuoted || current.length() != 0) {
1399+
result.add(current.toString());
1400+
}
1401+
1402+
if(state != 1 && state != 2) {
1403+
return (String[])result.toArray(new String[result.size()]);
1404+
}
1405+
1406+
throw new RuntimeException("unbalanced quotes in " + toProcess);
1407+
}
1408+
} else {
1409+
return new String[0];
1410+
}
1411+
}
12741412

12751413

12761414
}

0 commit comments

Comments
 (0)