added burp headers for xsd requests

egru · egru · commit f02f427bc02f · 2016-04-06T11:48:34.000-05:00
diff --git a/src/main/java/burp/WSDLParser.java b/src/main/java/burp/WSDLParser.java
@@ -7,17 +7,12 @@
 import org.xml.sax.SAXException;
 
 import javax.swing.*;
-import javax.swing.ScrollPaneConstants;
 import javax.wsdl.WSDLException;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.ParserConfigurationException;
 import java.awt.*;
-import java.io.BufferedWriter;
-import java.io.File;
-import java.io.FileWriter;
 import java.io.IOException;
-import java.net.URL;
-import java.net.URLConnection;
+import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.concurrent.ExecutionException;
@@ -26,6 +21,7 @@ public class WSDLParser {
 
     private IExtensionHelpers helpers;
     private WSDLParserTab tab;
+    public static List<String> headers;
 
     public WSDLParser(IExtensionHelpers helpers, WSDLParserTab tab) {
         this.helpers = helpers;
@@ -55,17 +51,8 @@ public int parseWSDL(IHttpRequestResponse requestResponse, IBurpExtenderCallback
 
         }
 
-        int bodyOffset = responseInfo.getBodyOffset();
-
-        String body = new String(response, bodyOffset, response.length - bodyOffset);
-
-        File temp = createTempFile(body);
-        if (temp == null) {
-            JOptionPane.showMessageDialog(tab.getUiComponent().getParent(), "Not a WSDL", "Error", JOptionPane.ERROR_MESSAGE);
-            return -2;
-        }
-
         IRequestInfo request = helpers.analyzeRequest(requestResponse);
+        headers = request.getHeaders();
 
         String url = request.getUrl().toString();
 
@@ -79,8 +66,7 @@ public int parseWSDL(IHttpRequestResponse requestResponse, IBurpExtenderCallback
         }
         Wsdl parser;
         try {
-            URLConnection a = new URL(url.toString()).openConnection();
-            parser = Wsdl.parse(url.toString());
+            parser = Wsdl.parse(url);
         } catch (Exception e){
             StringBuilder sb = new StringBuilder();
             sb.append(e.getMessage());
@@ -103,9 +89,6 @@ public Dimension getPreferredSize() {
                     tab.getUiComponent().getParent(), jsp, "Error", JOptionPane.ERROR_MESSAGE);
             return -3;
         }
-        if (!temp.delete()){
-            System.out.println("Can't delete temp file");
-        }
 
         WSDLTab wsdltab = tab.createTab(requestName);
         List<QName> bindings;
@@ -158,30 +141,12 @@ public Dimension getPreferredSize() {
         return 0;
     }
 
-    private File createTempFile(String body) {
-        File temp = null;
-        if (!body.contains("definitions")) {
-            return null;
-        }
-        try {
-            temp = File.createTempFile("temp", ".wsdl");
-            BufferedWriter bw = new BufferedWriter(new FileWriter(temp));
-
-            bw.write(body);
-            bw.close();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-        return temp;
-    }
-
     private byte[] createRequest(IHttpRequestResponse requestResponse, SoapBuilder builder, SoapOperation operation) {
         SoapContext context = SoapContext.builder()
                 .alwaysBuildHeaders(true).exampleContent(true).typeComments(true).buildOptional(true).build();
         String message = builder.buildInputMessage(operation, context);
         String host = getHost(builder.getServiceUrls().get(0));
         String endpointURL = getEndPoint(builder.getServiceUrls().get(0), host);
-
         List<String> headers;
 
         headers = helpers.analyzeRequest(requestResponse).getHeaders();
@@ -199,9 +164,11 @@ private byte[] createRequest(IHttpRequestResponse requestResponse, SoapBuilder b
                 iter.remove();
             }
         }
+        headers.add("SOAPAction: " + operation.getOperationName());
         headers.add("Content-Type: text/xml;charset=UTF-8");
         headers.add("Host: " + host);
 
+
         return helpers.buildHttpMessage(headers, message.getBytes());
     }
 
diff --git a/src/main/java/com/ibm/wsdl/xml/WSDLReaderImpl.java b/src/main/java/com/ibm/wsdl/xml/WSDLReaderImpl.java
@@ -9,6 +9,9 @@
 import java.util.*;
 import javax.xml.namespace.*;
 import javax.xml.parsers.*;
+
+import burp.WSDLParser;
+import com.sun.xml.internal.ws.api.model.wsdl.WSDLModel;
 import org.w3c.dom.*;
 import org.xml.sax.*;
 import javax.wsdl.*;
@@ -410,7 +413,14 @@ protected Import parseImport(Element importEl,
               if (importedDef == null)
               {
                 URLConnection connection = new URL(url.toString()).openConnection();
-                connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11");
+                for(Iterator<String> i = WSDLParser.headers.iterator(); i.hasNext(); ) {
+                  String item = i.next();
+                  if (item.contains(":") && !item.contains("Accept-Encoding:")) {
+                    String headerName = item.split(":")[0];
+                    String headerValue = item.split(":")[1];
+                    connection.setRequestProperty(headerName, headerValue);
+                  }
+                }
                 connection.connect();
                 inputStream = connection.getInputStream();
 
@@ -808,7 +818,14 @@ protected ExtensibilityElement parseSchema( Class parentType,
   	  	    {
   	  	      // We haven't read this schema in before so do it now
               URLConnection connection = new URL(url.toString()).openConnection();
-              connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11");
+              for(Iterator<String> i = WSDLParser.headers.iterator(); i.hasNext(); ) {
+                String item = i.next();
+                if (item.contains(":") && !item.contains("Accept-Encoding:")) {
+                  String headerName = item.split(":")[0];
+                  String headerValue = item.split(":")[1];
+                  connection.setRequestProperty(headerName, headerValue);
+                }
+              }
               connection.connect();
               inputStream = connection.getInputStream();
 
@@ -2276,7 +2293,14 @@ public Definition readWSDL(String contextURI, String wsdlURI)
                        : null;
       URL url = StringUtils.getURL(contextURL, wsdlURI);
       URLConnection connection = new URL(url.toString()).openConnection();
-      connection.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.95 Safari/537.11");
+      for(Iterator<String> i = WSDLParser.headers.iterator(); i.hasNext(); ) {
+        String item = i.next();
+        if (item.contains(":") && !item.contains("Accept-Encoding:")) {
+          String headerName = item.split(":")[0];
+          String headerValue = item.split(":")[1];
+          connection.setRequestProperty(headerName, headerValue);
+        }
+      }
       connection.connect();
       InputStream inputStream = connection.getInputStream();
       InputSource inputSource = new InputSource(inputStream);
diff --git a/src/main/java/org/reficio/ws/legacy/SchemaUtils.java b/src/main/java/org/reficio/ws/legacy/SchemaUtils.java
@@ -243,7 +243,7 @@ public static void getSchemas(String wsdlUrl, Map<String, XmlObject> existing, S
             options.setErrorListener(errorList);
             options.setSaveSyntheticDocumentElement(new QName(Constants.XSD_NS, "schema"));
             XmlObject xmlObject;
-            if(wsdlUrl.contains("wsdl")){
+            if(wsdlUrl.toLowerCase().contains("wsdl")){
                 xmlObject = XmlObject.Factory.parse(new URL(wsdlUrl), options);
             } else {
                 xmlObject = SchemaDocument.Factory.parse(new URL(wsdlUrl), options);
