-
-
Notifications
You must be signed in to change notification settings - Fork 240
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: 5ubterranean <[email protected]>
- Loading branch information
5ubterranean
committed
Oct 18, 2024
1 parent
c3f2e2b
commit ce23285
Showing
1 changed file
with
200 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,200 @@ | ||
#This script adds some junk data to the selected request and sends it to a new requester tab | ||
#Script created to work as https://github.com/assetnote/nowafpls | ||
#Written by @5ubterranean_ | ||
#If you want to put a Custom Size select "Custom" as the size | ||
|
||
import java.awt.event; | ||
|
||
import json | ||
import re | ||
from org.parosproxy.paros.view import AbstractFrame | ||
from javax.swing import JLabel | ||
from javax.swing import JMenuBar | ||
from javax.swing import JMenu | ||
from javax.swing import JMenuItem | ||
from javax.swing import JFrame | ||
from javax.swing import JTextField | ||
from javax.swing import JButton | ||
from javax.swing import JComboBox | ||
requester = control.getExtensionLoader().getExtension("ExtensionRequester") | ||
|
||
#Checks generated with IA will check the Content-type header first | ||
def is_json(Ctype, text): | ||
if "application/json" in Ctype: | ||
return True | ||
try: | ||
json.loads(text) | ||
return True | ||
except: | ||
return False | ||
|
||
def is_xml(Ctype, xml_string): | ||
if "application/xml" in Ctype: | ||
return True | ||
|
||
if xml_string[0] != "<" or xml_string[-1] != ">": | ||
return False | ||
|
||
# Remove leading and trailing whitespace | ||
xml_string = xml_string.strip() | ||
|
||
# Check if the string starts with XML declaration (optional) | ||
xml_declaration_pattern = r'^\s*<\?xml\s+version="1\.0"\s*\?>' | ||
if re.match(xml_declaration_pattern, xml_string): | ||
# Remove the XML declaration from the string | ||
xml_string = re.sub(xml_declaration_pattern, '', xml_string) | ||
|
||
# Check for well-formedness | ||
# A simplistic approach to check if tags are properly nested and closed | ||
tag_pattern = r'</?([a-zA-Z_][\w.-]*)\s*[^>]*>' | ||
tags = re.findall(tag_pattern, xml_string) | ||
|
||
stack = [] | ||
print(tags) | ||
#Checks if tag appears twice (open and close), will fail with autoclosing tags | ||
for tag in tags: | ||
if tag not in stack: | ||
stack.append(tag) | ||
else: | ||
stack.remove(tag) | ||
|
||
# Check if stack is empty at the end | ||
print(stack) | ||
return len(stack) == 0 | ||
|
||
def is_http_post_form(Ctype, text): | ||
if "application/x-www-form-urlencoded" in Ctype: | ||
return True | ||
# Simple check for key=value pairs. This is a basic check and may not cover all cases. | ||
return bool(re.match(r'^(?:[^\s=&]+=[^\s=&]+)(?:&[^\s=&]+=[^\s=&]+)*$', text)) | ||
|
||
def is_multipart_data(Ctype, text): | ||
|
||
if "multipart/form-data" in Ctype: | ||
return True | ||
# Check if the text has the typical structure of multipart/form-data | ||
boundary_pattern = r'--([a-zA-Z0-9]+)' | ||
parts = text.split('\n') | ||
|
||
if len(parts) < 2: | ||
return False | ||
|
||
for part in parts: | ||
if re.search(boundary_pattern, part): | ||
return True | ||
return False | ||
|
||
def check_format(Ctype, text): | ||
if is_json(Ctype, text): | ||
return "JSON" | ||
elif is_xml(Ctype, text): | ||
return "XML" | ||
elif is_http_post_form(Ctype, text): | ||
return "POST FORM" | ||
elif is_multipart_data(Ctype, text): | ||
return "MULTIPART DATA" | ||
|
||
def padXML(HTTPBody, padding): | ||
padBody = "<!--" + "a" * (padding - 7) + "-->" + HTTPBody | ||
return padBody | ||
|
||
def padJSON(HTTPBody, padding): | ||
padBody = '{"junk":"' + "0" * (padding - 10) + '"' + ',' + HTTPBody[1:len(HTTPBody)] | ||
return padBody | ||
|
||
def padFORM(HTTPBody, padding): | ||
padBody = "a=" + "0" * (padding - 2) + "&" + HTTPBody | ||
return padBody | ||
|
||
def padMultipart(cType, HTTPBody, padding): | ||
typeSplit = cType.split(";") | ||
i = 0 | ||
while i < len(typeSplit): | ||
if "boundary" in typeSplit[i]: | ||
boundary = typeSplit[i] | ||
break | ||
else: | ||
i = i + 1 | ||
padBody = "--" + boundary[10:len(boundary)] + "\n" + 'Content-Disposition: form-data; name="junk_data"' + "\n\n" + "0" * (padding - (len(boundary[10:len(boundary)]) + 48)) + "\n\n" + HTTPBody | ||
return padBody | ||
|
||
def invokeWith(msg): | ||
#Clonning request first to avoid making changes to the original request | ||
cloned = msg.cloneRequest() | ||
#Defines values for pop up box | ||
frame = JFrame("Junk size") | ||
frame.setLocation(100,100) | ||
frame.setSize(460,180) | ||
frame.setLayout(None) | ||
lbl1 = JLabel("Type: ") | ||
lbl1.setBounds(60,20,60,20) | ||
typelist = ["JSON","XML", "POST FORM","MULTIPART DATA"] | ||
txt1 = JComboBox(typelist) | ||
txt1.setBounds(130,20,200,20) | ||
lbl2 = JLabel("Size: ") | ||
lbl2.setBounds(60,50,60,20) | ||
choices = ["8 KB","16 KB", "32 KB","64 KB","128 KB","1024 KB","CUSTOM"] | ||
txt2 = JComboBox(choices) | ||
txt2.setBounds(130,50,200,20) | ||
lbl3 = JLabel("Custom: ") | ||
lbl3.setBounds(60,80,100,20) | ||
txt3 = JTextField(100) | ||
txt3.setBounds(130,80,200,20) | ||
|
||
def getValues(event): | ||
#Reading Size for the junk data | ||
if str(txt2.getSelectedItem()) == "8 KB": | ||
padSize = 8000 | ||
elif str(txt2.getSelectedItem()) == "16 KB": | ||
padSize = 16000 | ||
elif str(txt2.getSelectedItem()) == "32 KB": | ||
padSize = 32000 | ||
elif str(txt2.getSelectedItem()) == "64 KB": | ||
padSize = 64000 | ||
elif str(txt2.getSelectedItem()) == "128 KB": | ||
padSize = 128000 | ||
elif str(txt2.getSelectedItem()) == "1024 KB": | ||
padSize = 1024000 | ||
elif str(txt2.getSelectedItem()) == "CUSTOM": | ||
padSize = int(txt3.getText()) | ||
|
||
#Select content type according to what is selected on the combo box, done in case user changed the type due the autodetect failing | ||
contentFormat = txt1.getSelectedItem() | ||
|
||
#Create new body with the junk data added | ||
if contentFormat == "JSON": | ||
newBody = padJSON(cloned.getRequestBody().toString(), padSize) | ||
elif contentFormat == "XML": | ||
newBody = padXML(cloned.getRequestBody().toString(), padSize) | ||
elif contentFormat == "POST FORM": | ||
newBody = padFORM(cloned.getRequestBody().toString(), padSize) | ||
elif contentFormat == "MULTIPART DATA": | ||
Ctype = cloned.getRequestHeader().getHeader("Content-Type") | ||
newBody = padMultipart(Ctype, cloned.getRequestBody().toString(), padSize) | ||
cloned.setRequestBody(newBody) | ||
cloned.getRequestHeader().setContentLength(cloned.getRequestBody().length()) | ||
#Sends request to a new requester tab | ||
requester.newRequesterPane(cloned) | ||
#Closes pop up box | ||
frame.dispose() | ||
|
||
btn = JButton("Submit", actionPerformed = getValues) | ||
btn.setBounds(160,110,100,20) | ||
frame.add(lbl1) | ||
frame.add(txt1) | ||
frame.add(lbl2) | ||
frame.add(txt2) | ||
frame.add(lbl3) | ||
frame.add(txt3) | ||
frame.add(btn) | ||
frame.setVisible(True) | ||
Ctype = cloned.getRequestHeader().getHeader("Content-Type") | ||
contentFormat = check_format(Ctype, cloned.getRequestBody().toString()) | ||
if contentFormat == "JSON": | ||
txt1.setSelectedIndex(0) | ||
elif contentFormat == "XML": | ||
txt1.setSelectedIndex(1) | ||
elif contentFormat == "POST FORM": | ||
txt1.setSelectedIndex(2) | ||
elif contentFormat == "MULTIPART DATA": | ||
txt1.setSelectedIndex(3) |