fix context menu viewer logic and example and readme

mr-m0nst3r · Apr 12, 2020 · 6b02a24 · 6b02a24
1 parent 33d8e6b
commit 6b02a24
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 42 deletions.
diff --git a/README.md b/README.md
@@ -46,20 +46,10 @@ class Burpy:
 
     def decrypt(self, header, body):
         '''
-        We usually use decrypt in two situations:
-        1- decrypt message that sent to the server
-        2- decrypt server response
-
-        So, it's necessary to make a check because the 2 situations are totally different in term of how burp should behave
+        You may want to add logic if the response differ from the request, for example in the request, the encrypted data is followed after "data=", but in the response, the whole response body is encrypted data, without "data="
         '''
-        if(header[0] != 'RESPONSE'):
-            # meaning the data is not from response, so we can set new http header and body
-            # header = magic(header)
-            # body = magic(body)
-        else:
-            # meaning the data comes from response, we can't and don't need to renew it, so we just display it using pop box
-            # so you can just do your magic to body param
-            # body = magic(body)
+        # header = magic(header)
+        # body = magic(body)
         return header, body
 
     def sign(self, header, body):

diff --git a/examples/aes_endec.py b/examples/aes_endec.py
@@ -26,8 +26,7 @@ def main(self, header, body):
         return header, body
 
     def encrypt(self, header, body):
-
-        if(header[0] != 'RESPONSE'):
+        if(self.apicode != ''):
             print "Encryption Called"
             self.apicode = re.search(r'.*api/(\d+)\.app', header[0]).group(1)
             self.head = body.split("&")[0][len('head='):]
@@ -46,16 +45,14 @@ def encrypt(self, header, body):
 
             ret_body = "head=" + self.head + "&" + body_param
             body = ret_body
-        else:
-            body = "response encryption not implemented"
 
 
 
         return header, body
 
     def decrypt(self, header, body):
 
-        if(header[0] != 'RESPONSE'):
+        if(self.apicode != ''):
             print "Decryption Called"
             self.apicode = re.search(r'.*api/(\d+)\.app', header[0]).group(1)
             self.head = body.split("&")[0][len('head='):]

diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java
@@ -965,9 +965,10 @@ public void run() {
 				} else {
 					selectedRequestOrResponse = selectedItems[0].getResponse();
 					IResponseInfo responseInfo = helpers.analyzeResponse(selectedRequestOrResponse);
+					headers = responseInfo.getHeaders();
 					String responseStr = new String(selectedRequestOrResponse);
-					headers = new ArrayList();
-					headers.add("RESPONSE");
+//					headers = new ArrayList();
+//					headers.add("RESPONSE");
 					body = responseStr.substring(responseInfo.getBodyOffset()).getBytes();
 				}
 
@@ -977,7 +978,8 @@ public void run() {
 				if (selectedInvocationContext == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST) {
 					newHttp = ArrayUtils.addAll(hexStringToByteArray(strToHexStr(s)));
 					selectedItems[0].setRequest(newHttp);
-				}else if (selectedInvocationContext == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_REQUEST) {
+				}else if (selectedInvocationContext == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_REQUEST ||
+					selectedInvocationContext == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_RESPONSE ) {
 					final String msg = s.substring(s.indexOf("\n\n")+2);
 					SwingUtilities.invokeLater(new Runnable() {
 
@@ -991,32 +993,33 @@ public void run() {
 							ta.setCaretPosition(0);
 							ta.setEditable(false);
 
-							JOptionPane.showMessageDialog(null, new JScrollPane(ta), "Custom invocation request", JOptionPane.INFORMATION_MESSAGE);
-
-						}
-
-					});
-				} else {
-					final String msg = s.substring(("RESPONSE").length()+2);
-
-					SwingUtilities.invokeLater(new Runnable() {
-
-						@Override
-						public void run() {
-
-							JTextArea ta = new JTextArea(10, 30);
-							ta.setText(msg);
-							ta.setWrapStyleWord(true);
-							ta.setLineWrap(true);
-							ta.setCaretPosition(0);
-							ta.setEditable(false);
-
-							JOptionPane.showMessageDialog(null, new JScrollPane(ta), "Custom invocation response", JOptionPane.INFORMATION_MESSAGE);
+							JOptionPane.showMessageDialog(null, new JScrollPane(ta), "Custom invocation", JOptionPane.INFORMATION_MESSAGE);
 
 						}
 
 					});
 				}
+//				else {
+//					final String msg = s.substring(("RESPONSE").length()+2);
+//
+//					SwingUtilities.invokeLater(new Runnable() {
+//
+//						@Override
+//						public void run() {
+//
+//							JTextArea ta = new JTextArea(10, 30);
+//							ta.setText(msg);
+//							ta.setWrapStyleWord(true);
+//							ta.setLineWrap(true);
+//							ta.setCaretPosition(0);
+//							ta.setEditable(false);
+//
+//							JOptionPane.showMessageDialog(null, new JScrollPane(ta), "Custom invocation response", JOptionPane.INFORMATION_MESSAGE);
+//
+//						}
+//
+//					});
+//				}
 
 			} catch (Exception e) {