diff --git a/src/main/java/de/usd/cstchef/Utils.java b/src/main/java/de/usd/cstchef/Utils.java index 87cb3ff..4d735c5 100644 --- a/src/main/java/de/usd/cstchef/Utils.java +++ b/src/main/java/de/usd/cstchef/Utils.java @@ -138,6 +138,7 @@ import de.usd.cstchef.operations.string.Suffix; import de.usd.cstchef.operations.string.Uppercase; import de.usd.cstchef.operations.string.Lowercase; +import de.usd.cstchef.operations.string.Concatenate; import de.usd.cstchef.operations.utils.Counter; import de.usd.cstchef.operations.utils.GetVariable; import de.usd.cstchef.operations.utils.NoOperation; @@ -287,33 +288,33 @@ public static Class[] getOperationsBurp() { @SuppressWarnings("unchecked") public static Class[] getOperationsDev() { return new Class[] { - Addition.class, AddKey.class, AesDecryption.class, AesEncryption.class, And.class, - Blake.class, Counter.class, DateTime.class, Deflate.class, DesDecryption.class, DesEncryption.class, - Divide.class, DivideList.class, DSTU7564.class, FromBase64.class, FromHex.class, - GetRequestBuilder.class, - GetVariable.class, Gost.class, GUnzip.class, Gzip.class, Hmac.class, - HttpBodyExtractor.class, HttpCookieExtractor.class, HttpGetExtractor.class, - HttpGetSetter.class, HttpHeaderExtractor.class, HttpHeaderSetter.class, - HttpJsonExtractor.class, HttpJsonSetter.class, HttpMethodExtractor.class, HttpMultipartExtractor.class, - HttpMultipartSetter.class, - HttpPostExtractor.class, HttpPostSetter.class, PlainRequest.class, HttpSetBody.class, - HttpSetCookie.class, HttpSetUri.class, HttpUriExtractor.class, HttpXmlExtractor.class, - HttpXmlSetter.class, HtmlEncode.class, HtmlDecode.class, Inflate.class, - JsonExtractor.class, JsonSetter.class, JWTDecode.class, JWTSign.class, Length.class, - LineExtractor.class, - LineSetter.class, MD2.class, MD4.class, MD5.class, Mean.class, Median.class, - Multiply.class, MultiplyList.class, NoOperation.class, NumberCompare.class, Prefix.class, - RandomNumber.class, RandomUUID.class, ReadFile.class, RegexExtractor.class, Reverse.class, - Replace.class, - RIPEMD.class, RsaDecryption.class, RsaEncryption.class, RsaSignature.class, SM2Signature.class, SM3.class, SM4Encryption.class, SM4Decryption.class, RegexMatch.class, - SetIfEmpty.class, SHA1.class, SHA2.class, SHA3.class, Skein.class, SplitAndSelect.class, - StaticString.class, StoreVariable.class, Sub.class, Substring.class, Uppercase.class, Lowercase.class, - Subtraction.class, - Suffix.class, Sum.class, StringContains.class, StringMatch.class, Tiger.class, - TimestampOffset.class, TimestampToDateTime.class, ToBase64.class, ToHex.class, UnixTimestamp.class, - UrlDecode.class, UrlEncode.class, - Whirlpool.class, WriteFile.class, XmlFullSignature.class, XmlMultiSignature.class, - Xor.class, SoapMultiSignature.class, Luhn.class + Addition.class, AddKey.class, AesDecryption.class, AesEncryption.class, And.class, + Blake.class, Counter.class, DateTime.class, Deflate.class, DesDecryption.class, DesEncryption.class, + Divide.class, DivideList.class, DSTU7564.class, FromBase64.class, FromHex.class, + GetRequestBuilder.class, + GetVariable.class, Gost.class, GUnzip.class, Gzip.class, Hmac.class, + HttpBodyExtractor.class, HttpCookieExtractor.class, HttpGetExtractor.class, + HttpGetSetter.class, HttpHeaderExtractor.class, HttpHeaderSetter.class, + HttpJsonExtractor.class, HttpJsonSetter.class, HttpMethodExtractor.class, HttpMultipartExtractor.class, + HttpMultipartSetter.class, + HttpPostExtractor.class, HttpPostSetter.class, PlainRequest.class, HttpSetBody.class, + HttpSetCookie.class, HttpSetUri.class, HttpUriExtractor.class, HttpXmlExtractor.class, + HttpXmlSetter.class, HtmlEncode.class, HtmlDecode.class, Inflate.class, + JsonExtractor.class, JsonSetter.class, JWTDecode.class, JWTSign.class, Length.class, + LineExtractor.class, + LineSetter.class, MD2.class, MD4.class, MD5.class, Mean.class, Median.class, + Multiply.class, MultiplyList.class, NoOperation.class, NumberCompare.class, Prefix.class, + RandomNumber.class, RandomUUID.class, ReadFile.class, RegexExtractor.class, Reverse.class, + Replace.class, + RIPEMD.class, RsaDecryption.class, RsaEncryption.class, RsaSignature.class, SM2Signature.class, SM3.class, SM4Encryption.class, SM4Decryption.class, RegexMatch.class, + SetIfEmpty.class, SHA1.class, SHA2.class, SHA3.class, Skein.class, SplitAndSelect.class, + StaticString.class, StoreVariable.class, Sub.class, Substring.class, Uppercase.class, Lowercase.class, + Subtraction.class, + Suffix.class, Sum.class, StringContains.class, StringMatch.class, Tiger.class, + TimestampOffset.class, TimestampToDateTime.class, ToBase64.class, ToHex.class, UnixTimestamp.class, + UrlDecode.class, UrlEncode.class, + Whirlpool.class, WriteFile.class, XmlFullSignature.class, XmlMultiSignature.class, + Xor.class, SoapMultiSignature.class, Luhn.class, Concatenate.class }; } diff --git a/src/main/java/de/usd/cstchef/operations/string/Concatenate.java b/src/main/java/de/usd/cstchef/operations/string/Concatenate.java new file mode 100644 index 0000000..d212503 --- /dev/null +++ b/src/main/java/de/usd/cstchef/operations/string/Concatenate.java @@ -0,0 +1,67 @@ +package de.usd.cstchef.operations.string; + +import burp.api.montoya.core.ByteArray; +import de.usd.cstchef.Utils.MessageType; +import de.usd.cstchef.VariableStore; +import de.usd.cstchef.operations.Operation; +import de.usd.cstchef.operations.OperationCategory; +import de.usd.cstchef.operations.Operation.OperationInfos; +import de.usd.cstchef.view.ui.VariableTextArea; +import de.usd.cstchef.view.ui.VariableTextField; + + +@OperationInfos(name = "Concatenate", category = OperationCategory.STRING, description = "Concatenate CSTC Input and/or your own. \"$input\" to work with CSTC Input.") +public class Concatenate extends Operation { + + protected VariableTextArea text; + protected VariableTextField delimiter; + + @Override + protected ByteArray perform(ByteArray input, MessageType messageType) throws Exception { + + String delim = delimiter.getText(); + VariableStore.getInstance().setVariable("input", input); + + String[] components = text.getText().split(delim); + String trimed; + byte[][] value = new byte[components.length][]; + for (int i = 0; i < components.length; i++) { + trimed = components[i].trim(); + + if (trimed.startsWith("$")) { + value[i] = VariableStore.getInstance().getVariable(trimed).getBytes(); + } else { + value[i] = trimed.getBytes(); + } + } + + return factory.createByteArray(flatten_array(value)); + } + + public void createUI() { + this.text = new VariableTextArea(); + this.addUIElement("Strings", this.text); + this.delimiter = new VariableTextField(); + this.addUIElement("Delimiter", this.delimiter); + } + + private byte[] flatten_array(byte[][] arrays){ + + // Calculate the total length of the concatenated array + int totalLength = 0; + for (byte[] array : arrays) { + totalLength += array.length; + } + + // Create the concatenated array + byte[] result = new byte[totalLength]; + int currentIndex = 0; + for (byte[] array : arrays) { + System.arraycopy(array, 0, result, currentIndex, array.length); + currentIndex += array.length; + } + + return result; + } + +}