Update for Montoya V1

nccgroup · Jan 24, 2023 · 7aaf1bf · 7aaf1bf
1 parent 1d97ff6
commit 7aaf1bf
Show file tree

Hide file tree

Showing 15 changed files with 183 additions and 198 deletions.
diff --git a/build.gradle b/build.gradle
@@ -14,9 +14,9 @@ repositories {
 }
 
 dependencies {
-    implementation 'net.portswigger.burp.extensions:montoya-api:0.10.1'
+    implementation 'net.portswigger.burp.extensions:montoya-api:1.0.0'
     implementation 'org.swinglabs:swingx:1.6.1'
-    implementation 'com.github.CoreyD97:Burp-Montoya-Utilities:896a540db7'
+    implementation 'com.github.CoreyD97:Burp-Montoya-Utilities:8501f80f05'
     implementation 'org.elasticsearch.client:elasticsearch-rest-high-level-client:7.15.2'
     implementation 'org.apache.httpcomponents:httpclient:4.5.13'
     implementation 'org.apache.commons:commons-text:1.10.0'

diff --git a/src/main/java/com/nccgroup/loggerplusplus/LoggerContextMenuFactory.java b/src/main/java/com/nccgroup/loggerplusplus/LoggerContextMenuFactory.java
@@ -14,6 +14,7 @@
 import org.apache.commons.text.StringEscapeUtils;
 
 import javax.swing.*;
+import java.awt.*;
 import java.awt.event.ActionEvent;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -28,7 +29,7 @@ public LoggerContextMenuFactory(){
     }
 
     @Override
-    public List<JMenuItem> provideMenuItems(ContextMenuEvent event) {
+    public List<Component> provideMenuItems(ContextMenuEvent event) {
         JMenuItem filterMenu = new JMenu("Logger++");
 
         //We're handling a message editor context menu
@@ -42,29 +43,29 @@ public List<JMenuItem> provideMenuItems(ContextMenuEvent event) {
         switch (event.invocationType()){
             case MESSAGE_EDITOR_REQUEST:
             case MESSAGE_VIEWER_REQUEST: {
-                target = requestResponse.getRequestResponse().httpRequest();
+                target = requestResponse.requestResponse().request();
                 try {
                     if (selectedRange.startIndexInclusive() <= target.bodyOffset()) {
                         context = LogEntryField.REQUEST_HEADERS;
                     } else {
                         context = LogEntryField.REQUEST_BODY;
                     }
-                    selectedBytes = Arrays.copyOfRange(target.asBytes().getBytes(), selectedRange.startIndexInclusive(),
+                    selectedBytes = Arrays.copyOfRange(target.toByteArray().getBytes(), selectedRange.startIndexInclusive(),
                             selectedRange.endIndexExclusive());
                 }catch (NullPointerException nPException){ return null; }
                 break;
             }
 
             case MESSAGE_EDITOR_RESPONSE:
             case MESSAGE_VIEWER_RESPONSE: {
-                target = requestResponse.getRequestResponse().httpResponse();
+                target = requestResponse.requestResponse().response();
                 try {
                     if (selectedRange.startIndexInclusive() <= target.bodyOffset()) {
                         context = LogEntryField.RESPONSE_HEADERS;
                     } else {
                         context = LogEntryField.RESPONSE_BODY;
                     }
-                    selectedBytes = Arrays.copyOfRange(target.asBytes().getBytes(), selectedRange.startIndexInclusive(),
+                    selectedBytes = Arrays.copyOfRange(target.toByteArray().getBytes(), selectedRange.startIndexInclusive(),
                             selectedRange.endIndexExclusive());
                 } catch (NullPointerException nPException) {
                     return null;

diff --git a/src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java b/src/main/java/com/nccgroup/loggerplusplus/LoggerPlusPlus.java
@@ -88,7 +88,7 @@ public void initialize(MontoyaApi montoya) {
         montoya.userInterface().registerSuiteTab(NAME, mainViewController.getUiComponent());
 
         montoya.http().registerHttpHandler(logProcessor.getHttpHandler());
-        montoya.proxy().registerResponseHandler(logProcessor.getProxyHttpResponseHandler());
+        montoya.proxy().registerResponseHandler(logProcessor.getProxyResponseHandler());
 
         //Add menu item to Burp's frame menu.
         Frame rootFrame = null;

diff --git a/src/main/java/com/nccgroup/loggerplusplus/exports/HarSerializer.java b/src/main/java/com/nccgroup/loggerplusplus/exports/HarSerializer.java
@@ -1,7 +1,7 @@
 package com.nccgroup.loggerplusplus.exports;
 
-import burp.api.montoya.http.message.cookies.Cookie;
-import burp.api.montoya.http.message.headers.HttpHeader;
+import burp.api.montoya.http.message.Cookie;
+import burp.api.montoya.http.message.HttpHeader;
 import burp.api.montoya.http.message.params.HttpParameter;
 import burp.api.montoya.http.message.params.HttpParameterType;
 import burp.api.montoya.http.message.requests.HttpRequest;

diff --git a/src/main/java/com/nccgroup/loggerplusplus/grepper/GrepperController.java b/src/main/java/com/nccgroup/loggerplusplus/grepper/GrepperController.java
@@ -1,9 +1,8 @@
 package com.nccgroup.loggerplusplus.grepper;
 
-import burp.api.montoya.core.Annotations;
+import burp.api.montoya.core.Marker;
 import burp.api.montoya.core.Range;
 import burp.api.montoya.http.message.HttpRequestResponse;
-import burp.api.montoya.http.message.MarkedHttpRequestResponse;
 import com.coreyd97.BurpExtenderUtilities.Preferences;
 import com.nccgroup.loggerplusplus.LoggerPlusPlus;
 import com.nccgroup.loggerplusplus.logentry.LogEntry;
@@ -60,15 +59,15 @@ public void reset() { //TODO SwingWorker
         }
     }
 
-    public MarkedHttpRequestResponse addMarkers(HttpRequestResponse requestResponse, List<GrepResults.Match> matches) {
-        List<Range> requestMarkers = new ArrayList<>(), responseMarkers = new ArrayList<>();
+    public HttpRequestResponse addMarkers(HttpRequestResponse requestResponse, List<GrepResults.Match> matches) {
+        List<Marker> requestMarkers = new ArrayList<>(), responseMarkers = new ArrayList<>();
         for (GrepResults.Match match : matches) {
-            Range marker = Range.range(match.startIndex, match.endIndex);
+            Marker marker = Marker.marker(match.startIndex, match.endIndex);
             if (match.isRequest) requestMarkers.add(marker);
             else responseMarkers.add(marker);
         }
 
-        return requestResponse.withMarkers(requestMarkers, responseMarkers);
+        return requestResponse.withRequestMarkers(requestMarkers).withResponseMarkers(responseMarkers);
     }
 
     public void beginSearch(final Pattern pattern, final boolean inScopeOnly, final boolean searchRequests, final boolean searchResponses) {

diff --git a/src/main/java/com/nccgroup/loggerplusplus/imports/LoggerImport.java b/src/main/java/com/nccgroup/loggerplusplus/imports/LoggerImport.java
@@ -19,9 +19,12 @@
 import burp.api.montoya.http.message.HttpRequestResponse;
 import burp.api.montoya.http.message.requests.HttpRequest;
 import burp.api.montoya.http.message.responses.HttpResponse;
+import burp.api.montoya.utilities.Base64DecodingOptions;
+import burp.api.montoya.utilities.Base64Utils;
 import com.nccgroup.loggerplusplus.LoggerPlusPlus;
 import com.nccgroup.loggerplusplus.logview.processor.EntryImportWorker;
 import lombok.extern.log4j.Log4j2;
+import org.apache.logging.log4j.util.Base64Util;
 
 import javax.swing.*;
 import java.io.BufferedReader;
@@ -90,10 +93,10 @@ public static ArrayList<HttpRequestResponse> importWStalker() {
                 String[] v = line.split(","); // Format: "base64(request),base64(response),url"
 
                 String url = v[3];
-                Base64.Decoder b64Decoder = LoggerPlusPlus.montoya.utilities().base64Utils().getDecoder();
+                Base64Utils b64Decoder = LoggerPlusPlus.montoya.utilities().base64Utils();
                 HttpService httpService = HttpService.httpService(url);
-                HttpRequest httpRequest = HttpRequest.httpRequest(httpService, ByteArray.byteArray(b64Decoder.decode(v[0])));
-                HttpResponse httpResponse = HttpResponse.httpResponse(ByteArray.byteArray(b64Decoder.decode(v[1])));
+                HttpRequest httpRequest = HttpRequest.httpRequest(httpService, b64Decoder.decode(v[0], Base64DecodingOptions.URL));
+                HttpResponse httpResponse = HttpResponse.httpResponse(b64Decoder.decode(v[1], Base64DecodingOptions.URL));
                 HttpRequestResponse requestResponse = HttpRequestResponse.httpRequestResponse(httpRequest, httpResponse);
 
                 requests.add(requestResponse);

diff --git a/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java b/src/main/java/com/nccgroup/loggerplusplus/logentry/LogEntry.java
@@ -15,9 +15,9 @@
 
 import burp.api.montoya.core.ToolType;
 import burp.api.montoya.http.HttpService;
-import burp.api.montoya.http.MimeType;
-import burp.api.montoya.http.message.cookies.Cookie;
-import burp.api.montoya.http.message.headers.HttpHeader;
+import burp.api.montoya.http.message.Cookie;
+import burp.api.montoya.http.message.HttpHeader;
+import burp.api.montoya.http.message.MimeType;
 import burp.api.montoya.http.message.params.HttpParameter;
 import burp.api.montoya.http.message.params.HttpParameterType;
 import burp.api.montoya.http.message.requests.HttpRequest;
@@ -414,15 +414,15 @@ private Status processResponse() {
 		if (responseBodyLength < maxRespSize) {
 			//Only title match HTML files. Prevents expensive regex running on e.g. binary downloads.
 			if (this.responseInferredMimeType == MimeType.HTML) {
-				Matcher titleMatcher = Globals.HTML_TITLE_PATTERN.matcher(response.bodyAsString());
+				Matcher titleMatcher = Globals.HTML_TITLE_PATTERN.matcher(response.bodyToString());
 				if (titleMatcher.find()) {
 					this.title = titleMatcher.group(1);
 				}
 			}
 
 			ReflectionController reflectionController = LoggerPlusPlus.instance.getReflectionController();
 			reflectedParameters = request.parameters().parallelStream()
-					.filter(parameter -> !reflectionController.isParameterFiltered(parameter) && reflectionController.validReflection(response.bodyAsString(), parameter))
+					.filter(parameter -> !reflectionController.isParameterFiltered(parameter) && reflectionController.validReflection(response.bodyToString(), parameter))
 					.map(HttpParameter::name).collect(Collectors.toList());
 
 //			this.requestResponse = LoggerPlusPlus.montoya.saveBuffersToTempFiles(requestResponse);
@@ -431,7 +431,7 @@ private Status processResponse() {
 			ReflectionController reflectionController = LoggerPlusPlus.instance.getReflectionController();
 			reflectedParameters = request.parameters().parallelStream()
 					.filter(parameter -> !reflectionController.isParameterFiltered(parameter)
-							&& reflectionController.validReflection(new String(response.asBytes().getBytes(), 0, bodyOffset), parameter))
+							&& reflectionController.validReflection(response.bodyToString(), parameter))
 					.map(HttpParameter::name).collect(Collectors.toList());
 
 			//Trim the response down to a maximum size, but at least keep the headers!
@@ -499,11 +499,11 @@ private Status processResponse() {
 	}
 
 	public byte[] getRequestBytes() {
-		return this.request.asBytes().getBytes();
+		return this.request.toByteArray().getBytes();
 	}
 
 	public byte[] getResponseBytes() {
-		return response.asBytes().getBytes();
+		return response.toByteArray().getBytes();
 	}
 
 	public void setReqestTime(Date requestTime) {
@@ -639,12 +639,12 @@ public Object getValueByKey(LogEntryField columnName) {
 				case REFLECTION_COUNT:
 					return reflectedParameters.size();
 				case REQUEST_BODY: // request
-					return request.bodyAsString();
+					return request.bodyToString();
 				case REQUEST_BODY_LENGTH:
 					return request.body().length();
 //							.substring(request.length - requestBodyLength);
 				case RESPONSE_BODY: // response
-					return response.bodyAsString();
+					return response.bodyToString();
 				case RESPONSE_BODY_LENGTH:
 					return response.body().length();
 				case RTT:

diff --git a/src/main/java/com/nccgroup/loggerplusplus/logview/MultipleLogEntryMenu.java b/src/main/java/com/nccgroup/loggerplusplus/logview/MultipleLogEntryMenu.java
@@ -2,9 +2,12 @@
 
 import burp.api.montoya.core.BurpSuiteEdition;
 import burp.api.montoya.http.message.HttpRequestResponse;
-import burp.api.montoya.scanner.BuiltInScanConfiguration;
-import burp.api.montoya.scanner.InvalidLauncherConfigurationException;
-import burp.api.montoya.scanner.Scan;
+import burp.api.montoya.http.message.requests.HttpRequest;
+import burp.api.montoya.scanner.AuditConfiguration;
+import burp.api.montoya.scanner.BuiltInAuditConfiguration;
+import burp.api.montoya.scanner.Crawl;
+import burp.api.montoya.scanner.CrawlConfiguration;
+import burp.api.montoya.scanner.audit.Audit;
 import com.nccgroup.loggerplusplus.LoggerPlusPlus;
 import com.nccgroup.loggerplusplus.exports.ContextMenuExportProvider;
 import com.nccgroup.loggerplusplus.exports.ExportController;
@@ -101,35 +104,20 @@ public void actionPerformed(ActionEvent actionEvent) {
         JMenuItem scanner = new JMenuItem(new AbstractAction("Crawl selected " + selectedEntries.size() + " urls") {
             @Override
             public void actionPerformed(ActionEvent actionEvent) {
-                Scan scan = LoggerPlusPlus.montoya.scanner().createScan();
-
-                for (LogEntry entry : selectedEntries) {
-                    scan.addRequestResponse(HttpRequestResponse.httpRequestResponse(entry.getRequest(), entry.getResponse()));
-                }
-
-                try {
-                    scan.startCrawl();
-                } catch (InvalidLauncherConfigurationException e) {
-                    log.error(e);
-                }
+                List<String> urls = selectedEntries.stream().map(logEntry -> logEntry.getUrl().toExternalForm()).toList();
+                CrawlConfiguration config = CrawlConfiguration.crawlConfiguration(urls.toArray(String[]::new));
+                Crawl crawl = LoggerPlusPlus.montoya.scanner().startCrawl(config);
             }
         });
         this.add(scanner);
 
         JMenuItem activeScan = new JMenuItem(new AbstractAction("Active scan selected " + selectedEntries.size() + " urls") {
             @Override
             public void actionPerformed(ActionEvent actionEvent) {
-                Scan scan = LoggerPlusPlus.montoya.scanner().createScan();
-                scan.addConfiguration(BuiltInScanConfiguration.ACTIVE_AUDIT_CHECKS);
-
-                for (LogEntry entry : selectedEntries) {
-                    scan.addRequestResponse(HttpRequestResponse.httpRequestResponse(entry.getRequest(), entry.getResponse()));
-                }
-
-                try {
-                    scan.startAudit();
-                } catch (InvalidLauncherConfigurationException e) {
-                    log.error(e);
+                AuditConfiguration auditConfiguration = AuditConfiguration.auditConfiguration(BuiltInAuditConfiguration.LEGACY_ACTIVE_AUDIT_CHECKS);
+                Audit scan = LoggerPlusPlus.montoya.scanner().startAudit(auditConfiguration);
+                for (LogEntry selectedEntry : selectedEntries) {
+                    scan.addRequestResponse(HttpRequestResponse.httpRequestResponse(selectedEntry.getRequest(), selectedEntry.getResponse()));
                 }
             }
         });
@@ -139,17 +127,10 @@ public void actionPerformed(ActionEvent actionEvent) {
         JMenuItem passiveScan = new JMenuItem(new AbstractAction("Passive scan selected " + selectedEntries.size() + " urls") {
             @Override
             public void actionPerformed(ActionEvent actionEvent) {
-                Scan scan = LoggerPlusPlus.montoya.scanner().createScan();
-                scan.addConfiguration(BuiltInScanConfiguration.PASSIVE_AUDIT_CHECKS);
-
-                for (LogEntry entry : selectedEntries) {
-                    scan.addRequestResponse(HttpRequestResponse.httpRequestResponse(entry.getRequest(), entry.getResponse()));
-                }
-
-                try {
-                    scan.startAudit();
-                } catch (InvalidLauncherConfigurationException e) {
-                    log.error(e);
+                AuditConfiguration auditConfiguration = AuditConfiguration.auditConfiguration(BuiltInAuditConfiguration.LEGACY_PASSIVE_AUDIT_CHECKS);
+                Audit scan = LoggerPlusPlus.montoya.scanner().startAudit(auditConfiguration);
+                for (LogEntry selectedEntry : selectedEntries) {
+                    scan.addRequestResponse(HttpRequestResponse.httpRequestResponse(selectedEntry.getRequest(), selectedEntry.getResponse()));
                 }
             }
         });
@@ -183,7 +164,7 @@ public void actionPerformed(ActionEvent actionEvent) {
             @Override
             public void actionPerformed(ActionEvent actionEvent) {
                 for (LogEntry entry : selectedEntries) {
-                    LoggerPlusPlus.montoya.comparer().sendToComparer(entry.getRequest().asBytes());
+                    LoggerPlusPlus.montoya.comparer().sendToComparer(entry.getRequest().toByteArray());
                 }
             }
         });
@@ -193,7 +174,7 @@ public void actionPerformed(ActionEvent actionEvent) {
             public void actionPerformed(ActionEvent actionEvent) {
                 for (LogEntry entry : selectedEntries) {
                     if (entry.isComplete()) { //Do not add entries without a response
-                        LoggerPlusPlus.montoya.comparer().sendToComparer(entry.getResponse().asBytes());
+                        LoggerPlusPlus.montoya.comparer().sendToComparer(entry.getResponse().toByteArray());
                     }
                 }
             }