/******************* * Wrapper for generateBinaryPayload which base 64 encodes the resulting * buffer. * * @param payloadBuffer The original payload buffer to modify with the given command line. * @param cmdOffset The offset into the buffer where the command line should begin. * @param cmdLine The command line to place in the buffer. * @param unicode True if the command line buffer expects a unicode string, false for ASCII. * @return The payload buffer passed in to the method containing the given command line and base64 encoded. ******************/ protected String generateBase64BinaryPayload(byte[] payloadBuffer, int cmdOffset, String cmdLine, boolean unicode) { return _helpers.base64Encode(generateBinaryPayload(payloadBuffer, cmdOffset, cmdLine, unicode)); }
public String getEncodedSAMLMessage(String message) { byte[] byteMessage; try { if (isWSSMessage) { if (isWSSUrlEncoded) { return URLEncoder.encode(message, "UTF-8"); } else { return message; } } byteMessage = message.getBytes("UTF-8"); if (isInflated) { try { byteMessage = httpHelpers.compress(byteMessage, isGZip); } catch (IOException e) { } } String base64Encoded = helpers.base64Encode(byteMessage); return URLEncoder.encode(base64Encoded, "UTF-8"); } catch (UnsupportedEncodingException e1) { } return null; }
/******************* * Register a payload consisting of raw bytes which should trigger an * exception if deserialized, along with a regex pattern that should match * the resulting exception to indicate a vulnerable target. * * @param payloadBytes The bytes that should trigger an exception when deserialized using the target library/API. * @param indicatorPattern A regex pattern to match the resulting exception and detect vulnerable targets. ******************/ protected void registerActiveScanExceptionPayload(byte[] payloadBytes, Pattern indicatorPattern) { _exceptionBasedPayloads.add(new ExceptionPayload(payloadBytes, indicatorPattern)); _exceptionBasedPayloads.add(new ExceptionPayload(_helpers.stringToBytes(_helpers.base64Encode(payloadBytes)), indicatorPattern)); }
/******************* * Register a new byte array indicator for passive detection of the target * library or API. * * Also generates a base 64 encoded string indicator. * * @param indicatorBytes The raw bytes to search for. * @param target The target to search (request or response). ******************/ protected void registerPassiveScanIndicator(byte[] indicatorBytes, IndicatorTarget target) { if (target == IndicatorTarget.REQUEST) { _passiveReqIndicators.add(new ScanIndicator(indicatorBytes)); _passiveReqIndicators.add(new ScanIndicator(generateBase64Pattern(_helpers.base64Encode(indicatorBytes)))); } else { _passiveResIndicators.add(new ScanIndicator(indicatorBytes)); _passiveResIndicators.add(new ScanIndicator(_helpers.base64Encode(indicatorBytes))); } }
/******************* * Register a payload consisting of raw bytes which should trigger an * exception if deserialized, along with a string that appears in the * exception that would indicate a vulnerable target. * * This method also generates a base 64 encoded payload. * * @param payloadBytes The bytes that should trigger an exception when deserialized using the target library/API. * @param indicatorStr A string that appears in the exception that can be used to detect vulnerable targets. ******************/ protected void registerActiveScanExceptionPayload(byte[] payloadBytes, String indicatorStr) { _exceptionBasedPayloads.add(new ExceptionPayload(payloadBytes, indicatorStr)); _exceptionBasedPayloads.add(new ExceptionPayload(_helpers.stringToBytes(_helpers.base64Encode(payloadBytes)), indicatorStr)); }
/** * * @param input The plain string. * @return Encoded SAML message. */ public String encodeSamlParam(byte[] input) throws IOException { if (rawEditor.getDeflateCheckBox().isSelected()) { input = Compression.compress(input); } if (rawEditor.getBase64CheckBox().isSelected()) { input = helpers.base64Encode(input).getBytes(); } if (rawEditor.getUrlCheckBox().isSelected()) { input = helpers.urlEncode(input); } return new String(input); }
private String encode(String vector) { byte[] tmp = vector.getBytes(); if (dialog.getEnflateChoice()) { try { tmp = Compression.compress(tmp); } catch (IOException ex) { Logging.getInstance().log(getClass(), "failed to compress param", Logging.ERROR); } } if (dialog.getBase64Choice()) { tmp = helpers.base64Encode(tmp).getBytes(); } if (dialog.getUrlChoice()) { tmp = helpers.urlEncode(tmp); } return new String(tmp); } }
@Override public List<IScanIssue> doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { String hash = DigestUtils.shaHex(helpers.base64Encode(baseRequestResponse.getRequest())); log.info("SSRF_HASH: " + hash); /** * Build new injection payload with provided DNS lookup server and provided Hash */ byte[] request = insertionPoint.buildRequest(helpers.stringToBytes(DNS_LOOKUP_SERVER.replace("{{HASH}}", hash))); IHttpRequestResponse requestResponse = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), request); requestedInsertionPoints.put(hash, requestResponse); /** * Result of request we'll try to find in DNS lookup server later */ return null; }
+ helpers.base64Encode(user + ":" + pwd));
@Test public void testPassiveScan() throws MalformedURLException { IBurpExtenderCallbacks callbacks = mock(IBurpExtenderCallbacks.class); IExtensionHelpers helpers = mock(IExtensionHelpersBase.class); IRequestInfo requestInfo = mock(IRequestInfo.class); IHttpRequestResponse baseRequestResponse = mock(IHttpRequestResponse.class); when(helpers.base64Encode(any(String.class))).thenCallRealMethod(); when(helpers.base64Encode(any(byte[].class))).thenCallRealMethod(); when(helpers.base64Decode(any(byte[].class))).thenCallRealMethod(); when(helpers.base64Decode(any(String.class))).thenCallRealMethod(); when(helpers.bytesToString(any(byte[].class))).thenCallRealMethod(); URL url = new URL("http://www.example.com/index.jsp"); when(callbacks.getHelpers()).thenReturn(helpers); when(helpers.analyzeRequest(baseRequestResponse)).thenReturn(requestInfo); when(requestInfo.getUrl()).thenReturn(url); String baseRequest = "GET / HTTP/1.0"; String baseResponse = "200 OK"; when(baseRequestResponse.getRequest()).thenReturn(baseRequest.getBytes()); when(baseRequestResponse.getResponse()).thenReturn(baseResponse.getBytes()); freddy.initialise(callbacks); freddy.doPassiveScan(baseRequestResponse); } }
payloadBytes = _helpers.stringToBytes(_helpers.base64Encode(generateCollaboratorBytePayload(p.getPayloadName(), collabId + "." + _collabContext.getCollaboratorServerLocation()))); if (payloadBytes == null) { throw new IllegalStateException("The module " + _targetName + " is flagged as RCE-capable " +