From e9f3e0f42f504cad568415e217586d6236825089 Mon Sep 17 00:00:00 2001 From: ddwightx Date: Mon, 18 Apr 2022 22:34:38 -0400 Subject: [PATCH] Added function to set the Rule Response in scripts. Removed Then Break from being callable from scripts due to it not having effect in this context. Fix for using using lone variables tags in number based fields. Improved console.log/err printing in script. --- build.gradle | 11 ++++++----- docs/ScriptingLibrary.md | 18 ++++++++++++------ gradlew | 2 +- .../reshaper/burp/core/rules/RulesEngine.java | 2 -- .../burp/core/rules/thens/ThenRunScript.java | 5 ++++- .../thens/entities/script/ConsoleObj.java | 18 ++++++++++++++++-- .../thens/entities/script/ReshaperObj.java | 16 +++++++++++++++- .../burp/core/vars/VariableString.java | 2 +- 8 files changed, 55 insertions(+), 19 deletions(-) diff --git a/build.gradle b/build.gradle index bab84e1..d2637ec 100644 --- a/build.gradle +++ b/build.gradle @@ -3,7 +3,7 @@ plugins { } group 'com.synfron.reshaper.burp' -version '1.8.1' +version '1.8.2' targetCompatibility = '15' sourceCompatibility = '15' @@ -16,19 +16,19 @@ dependencies { testImplementation 'junit:junit:4.13.2' testImplementation 'org.mockito:mockito-core:4.2.0' implementation 'org.apache.httpcomponents:httpclient:4.5.13' - implementation 'org.mozilla:rhino:1.7.13' + implementation 'org.mozilla:rhino:1.7.14' implementation 'cat.inspiracio:rhino-js-engine:1.7.10' implementation 'org.apache.commons:commons-text:1.9' implementation 'commons-io:commons-io:2.11.0' implementation 'org.apache.commons:commons-lang3:3.12.0' implementation 'net.jodah:expiringmap:0.5.10' - implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.1' + implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.2.2' implementation 'com.miglayout:miglayout-swing:11.0' implementation 'org.jsoup:jsoup:1.14.3' - implementation 'com.jayway.jsonpath:json-path:2.6.0' + implementation 'com.jayway.jsonpath:json-path:2.7.0' implementation 'net.portswigger.burp.extender:burp-extender-api:2.3' implementation 'org.rypt:f8:1.1-RC1' - implementation 'org.apache.commons:commons-csv:1.8' + implementation 'org.apache.commons:commons-csv:1.9.0' implementation files('libs/htmlchardet-1.0.2.1.jar') compileOnly 'org.projectlombok:lombok:1.18.22' annotationProcessor 'org.projectlombok:lombok:1.18.22' @@ -36,6 +36,7 @@ dependencies { jar { from { + duplicatesStrategy(DuplicatesStrategy.EXCLUDE) configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } } } diff --git a/docs/ScriptingLibrary.md b/docs/ScriptingLibrary.md index 7da3a9e..6a0e136 100644 --- a/docs/ScriptingLibrary.md +++ b/docs/ScriptingLibrary.md @@ -35,6 +35,18 @@ value - The new value. Get all [Message Value](MessageValues.html) keys. +#### setRuleResponse(ruleResponse) + +Set whether further processing of Thens or Rules should continue after this script finishes executing. This provides the same functionality as Then Break. + +Continue - Continue processing as normal.
+BreakThens - Skip running any further Thens of the current Rule.
+BreakRules - Skip running any further Thens and Rules for this event. + +Parameters: + +ruleResponse - "Continue" | "BreakThens" | "BreakRules" + #### runThen(thenType, thenData) Run a Then action. @@ -59,12 +71,6 @@ BuildHttpMessage destinationVariableName: string } ``` -Break -``` -{ - breakType: "Continue" | "BreakThens" | "BreakRules" -} -``` Delete Value ``` { diff --git a/gradlew b/gradlew index 4f906e0..744e882 100644 --- a/gradlew +++ b/gradlew @@ -72,7 +72,7 @@ case "`uname`" in Darwin* ) darwin=true ;; - MINGW* ) + MSYS* | MINGW* ) msys=true ;; NONSTOP* ) diff --git a/src/main/java/synfron/reshaper/burp/core/rules/RulesEngine.java b/src/main/java/synfron/reshaper/burp/core/rules/RulesEngine.java index cd4bcd6..5ba3359 100644 --- a/src/main/java/synfron/reshaper/burp/core/rules/RulesEngine.java +++ b/src/main/java/synfron/reshaper/burp/core/rules/RulesEngine.java @@ -7,8 +7,6 @@ import synfron.reshaper.burp.core.rules.whens.When; import synfron.reshaper.burp.core.utils.Log; -import java.util.List; - public class RulesEngine { @Getter diff --git a/src/main/java/synfron/reshaper/burp/core/rules/thens/ThenRunScript.java b/src/main/java/synfron/reshaper/burp/core/rules/thens/ThenRunScript.java index c0609e7..1f55dc0 100644 --- a/src/main/java/synfron/reshaper/burp/core/rules/thens/ThenRunScript.java +++ b/src/main/java/synfron/reshaper/burp/core/rules/thens/ThenRunScript.java @@ -17,6 +17,7 @@ public class ThenRunScript extends Then { public RuleResponse perform(IEventInfo eventInfo) { boolean hasError = false; + RuleResponse ruleResponse = RuleResponse.Continue; try { Dispatcher dispatcher = new Dispatcher(); dispatcher.setMaxExecutionSeconds(maxExecutionSeconds); @@ -29,13 +30,15 @@ public RuleResponse perform(IEventInfo eventInfo) { 1, null )); + + ruleResponse = (RuleResponse)dispatcher.getDataBag().getOrDefault("ruleResponse", ruleResponse); } catch (Exception e) { hasError = true; throw e; } finally { if (eventInfo.getDiagnostics().isEnabled()) eventInfo.getDiagnostics().logValue(this, hasError, script); } - return RuleResponse.Continue; + return ruleResponse; } @Override diff --git a/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ConsoleObj.java b/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ConsoleObj.java index 607cfb6..3570514 100644 --- a/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ConsoleObj.java +++ b/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ConsoleObj.java @@ -1,13 +1,27 @@ package synfron.reshaper.burp.core.rules.thens.entities.script; +import org.mozilla.javascript.ScriptableObject; import synfron.reshaper.burp.core.utils.Log; +import java.util.Arrays; +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + public class ConsoleObj { public void log(Object... args) { - Log.get().withMessage("Script Log").withPayload(args.length == 1 ? args[0] : args).log(); + List values = getConsoleWritable(args); + Log.get().withMessage("Script Log").withPayload(values.size() == 1 ? values.get(0) : values).log(); } public void error(Object... args) { - Log.get().withMessage("Script Log").withPayload(args.length == 1 ? args[0] : args).logErr(); + List values = getConsoleWritable(args); + Log.get().withMessage("Script Log").withPayload(values.size() == 1 ? values.get(0) : values).logErr(); + } + + private List getConsoleWritable(Object[] values) { + return Arrays.stream(values) + .map(value -> value instanceof ScriptableObject ? Objects.toString(value) : value) + .collect(Collectors.toList()); } } diff --git a/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ReshaperObj.java b/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ReshaperObj.java index 2478375..b9cd7f0 100644 --- a/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ReshaperObj.java +++ b/src/main/java/synfron/reshaper/burp/core/rules/thens/entities/script/ReshaperObj.java @@ -8,6 +8,7 @@ import synfron.reshaper.burp.core.messages.MessageValue; import synfron.reshaper.burp.core.messages.MessageValueHandler; import synfron.reshaper.burp.core.rules.RuleOperationType; +import synfron.reshaper.burp.core.rules.RuleResponse; import synfron.reshaper.burp.core.rules.thens.Then; import synfron.reshaper.burp.core.rules.thens.ThenType; import synfron.reshaper.burp.core.utils.GetItemPlacement; @@ -112,7 +113,6 @@ public String runThen(String thenType, NativeObject thenData) { ThenType.DeleteValue, ThenType.DeleteVariable, ThenType.Drop, - ThenType.Break, ThenType.Log, ThenType.ParseHttpMessage, ThenType.SendRequest, @@ -138,5 +138,19 @@ public String runThen(String thenType, NativeObject thenData) { Then then = (Then)Serializer.deserialize(thenDataJson, thenClass); return then.perform((IEventInfo)Dispatcher.getCurrent().getDataBag().get("eventInfo")).toString(); } + + public void setRuleResponse(String ruleResponse) { + switch (ruleResponse.toUpperCase()) { + case "CONTINUE": + Dispatcher.getCurrent().getDataBag().put("ruleResponse", RuleResponse.Continue); + break; + case "BREAKTHENS": + Dispatcher.getCurrent().getDataBag().put("ruleResponse", RuleResponse.BreakThens); + break; + case "BREAKRULES": + Dispatcher.getCurrent().getDataBag().put("ruleResponse", RuleResponse.BreakRules); + break; + } + } } } diff --git a/src/main/java/synfron/reshaper/burp/core/vars/VariableString.java b/src/main/java/synfron/reshaper/burp/core/vars/VariableString.java index 24243eb..21142bc 100644 --- a/src/main/java/synfron/reshaper/burp/core/vars/VariableString.java +++ b/src/main/java/synfron/reshaper/burp/core/vars/VariableString.java @@ -250,7 +250,7 @@ public static boolean isPotentialInt(String formattedString) { return false; } String strippedText = formattedString.replaceAll(String.format("\\{\\{(%s):(.+?)\\}\\}", String.join("|", VariableSource.getSupportedNames())), ""); - return TextUtils.isInt(strippedText); + return TextUtils.isInt(strippedText) || strippedText.isEmpty(); } public static boolean hasTag(String text) {