Skip to content

Commit

Permalink
Refactor HTTP Cookie Extractor
Browse files Browse the repository at this point in the history
  • Loading branch information
felixb1515 committed Dec 12, 2024
1 parent a800a07 commit a81e47b
Show file tree
Hide file tree
Showing 4 changed files with 74 additions and 37 deletions.
20 changes: 13 additions & 7 deletions src/main/java/burp/objects/CstcHttpRequest.java
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ else if(contentType.equals("application/x-www-form-urlencoded")) {
}
}

throw new IllegalArgumentException("Input is not a vlaid request");
throw new IllegalArgumentException("Input is not a valid request");
}
case XML:
String postBody = request.split("\n\n")[1].trim();
Expand Down Expand Up @@ -137,6 +137,18 @@ public String url() {
return url;
}

@Override
public boolean hasHeader(String name) {
try {
headerValue(name);
}
catch(IllegalArgumentException e) {
return false;
}

return true;
}

@Override
public boolean isInScope() {
// TODO Auto-generated method stub
Expand Down Expand Up @@ -227,12 +239,6 @@ public boolean hasHeader(HttpHeader header) {
throw new UnsupportedOperationException("Unimplemented method 'hasHeader'");
}

@Override
public boolean hasHeader(String name) {
// TODO Auto-generated method stub
throw new UnsupportedOperationException("Unimplemented method 'hasHeader'");
}

@Override
public boolean hasHeader(String name, String value) {
// TODO Auto-generated method stub
Expand Down
28 changes: 14 additions & 14 deletions src/main/java/burp/objects/CstcHttpResponse.java
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ public ByteArray body() {
@Override
public List<Cookie> cookies() {
List<Cookie> cookieList = new ArrayList<>();
String cookies = new String();

byte[] responseBytes = this.httpResponse.getBytes();
String response = new String(responseBytes);
Expand All @@ -53,16 +52,11 @@ public List<Cookie> cookies() {
for(String line : responseLines) {
String[] header = line.split(": ");
if(header[0].equals("Set-Cookie")) {
cookies = header[1];
String[] cookie = header[1].split("=");
cookieList.add(new CstcCookie(cookie[0], cookie[1]));
}
}

for(String cookie : cookies.split("; ")) {
String[] c = cookie.split("=");
Cookie cc = new CstcCookie(c[0], c[1]);
cookieList.add(cc);
}

return cookieList;
}

Expand Down Expand Up @@ -90,6 +84,18 @@ public String bodyToString() {
return response.split("\n\n")[1];
}

@Override
public String cookieValue(String name) {
List<Cookie> cookies = this.cookies();
for(Cookie c : cookies) {
if(c.name().equals(name)) {
return c.value();
}
}

return null;
}

@Override
public short statusCode() {
// TODO Auto-generated method stub
Expand All @@ -114,12 +120,6 @@ public Cookie cookie(String name) {
throw new UnsupportedOperationException("Unimplemented method 'cookie'");
}

@Override
public String cookieValue(String name) {
// TODO Auto-generated method stub
throw new UnsupportedOperationException("Unimplemented method 'cookieValue'");
}

@Override
public boolean hasCookie(String name) {
// TODO Auto-generated method stub
Expand Down
Original file line number Diff line number Diff line change
@@ -1,15 +1,19 @@
package de.usd.cstchef.operations.extractors;

import java.util.List;

import org.bouncycastle.util.Arrays;

import burp.BurpExtender;
import burp.BurpUtils;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.http.message.Cookie;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.objects.CstcByteArray;
import burp.objects.CstcHttpRequest;
import de.usd.cstchef.Utils;
import de.usd.cstchef.Utils.MessageType;
import de.usd.cstchef.operations.Operation;
Expand All @@ -26,22 +30,45 @@ public class HttpCookieExtractor extends Operation {
protected ByteArray perform(ByteArray input, MessageType messageType) throws Exception {

String cookieName = cookieNameField.getText();
if( cookieName.length() == 0 )
return factory.createByteArray(0);

if(messageType == MessageType.REQUEST){
if(input.toString().isEmpty() || cookieName.isEmpty()) return factory.createByteArray("");

if(messageType == MessageType.REQUEST) {
HttpRequest request = factory.createHttpRequest(input);
return checkNull(Utils.httpRequestCookieExtractor(request, cookieName));

// has Cookie header
if(request.hasHeader("Cookie")) {
String cookieHeaderValue = request.headerValue("Cookie");
// has this particular cookie set
if(cookieHeaderValue.contains(cookieName + "=")) {
String[] cookies = cookieHeaderValue.split("; ");
cookieHeaderValue = "";
for(String cookie : cookies) {
String[] c = cookie.split("=");
if(c[0].equals(cookieName)) {
return factory.createByteArray(c[1]);
}
}
}
else {
throw new IllegalArgumentException("Parameter name not found.");
}
}

throw new IllegalArgumentException("Parameter name not found.");

}
else if(messageType == MessageType.RESPONSE){
HttpResponse response = factory.createHttpResponse(input);
for(Cookie c : response.cookies()){
if(c.name().equals(cookieName))
return factory.createByteArray(checkNull(c.value()));
else if(messageType == MessageType.RESPONSE) {
String cookie = factory.createHttpResponse(input).cookieValue(cookieName);

if(cookie == null) {
throw new IllegalArgumentException("Parameter name not found.");
}
else {
return factory.createByteArray(cookie);
}
return factory.createByteArray(0);
}
else{
else {
return parseRawMessage(input);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,8 @@ public void setup() {
String resIn1 = """
HTTP/2 200 Ok
Header1: a
Set-Cookie: cookie1=value1; cookie2=value2
Set-Cookie: cookie1=value1
Set-Cookie: cookie2=value2
""";
String resOut1 = "value1";
Expand All @@ -112,7 +113,8 @@ public void setup() {
String resIn2 = """
HTTP/2 200 Ok
Header1: b
Set-Cookie: cookie1=value1; cookie2=value2
Set-Cookie: cookie1=value1
Set-Cookie: cookie2=value2
""";
String resOut2 = "value2";
Expand All @@ -123,18 +125,20 @@ public void setup() {
String resIn3 = """
HTTP/2 200 Ok
Header1: c
Set-Cookie: cookie1=value1; cookie2=value2
Set-Cookie: cookie1=value1
Set-Cookie: cookie2=value2
""";
String resOut3 = "";
String resCookie3 = "cookie3";
Triplet<String, String, Boolean> resTriplet3 = new Triplet<String,String,Boolean>(resOut3, resCookie3, false);
Triplet<String, String, Boolean> resTriplet3 = new Triplet<String,String,Boolean>(resOut3, resCookie3, true);

// empty cookieName
String resIn4 = """
HTTP/2 200 Ok
Header1: d
Set-Cookie: cookie1=value1; cookie2=value2
Set-Cookie: cookie1=value1
Set-Cookie: cookie2=value2
""";
String resOut4 = "";
Expand Down

0 comments on commit a81e47b

Please sign in to comment.