Merge branch 'master' of https://github.com/hackvertor/hackvertor

PortSwigger · Jul 20, 2023 · f78c18a · f78c18a
2 parents f16409f + f16c9dc
commit f78c18a
Show file tree

Hide file tree

Showing 17 changed files with 321 additions and 147 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -6,19 +6,40 @@ name: Java CI with Maven
 on:
   push:
     branches: [ master ]
+    tags:
+      - 'v*'
   pull_request:
     branches: [ master ]
+    tags:
+      - 'v*'
 
 jobs:
   build:
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
-      with:
-        java-version: 1.8
-    - name: Build with Maven
-      run: mvn -B package --file pom.xml
+      - uses: actions/checkout@v3
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'oracle'
+          java-version: '17'
+          cache: 'gradle'
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+      - name: Build with Gradle
+        run: ./gradlew build
+      - name: Creating the jar file
+        run: ./gradlew jar
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          path: ./releases/*.jar
+          name: Downloadable Extension File
+      - name: Release
+        uses: hackvertor/[email protected]
+        with:
+          tag: "latest_hackvertor_release"
+          allowUpdates: true
+          artifacts: "releases/*.jar"
diff --git a/.gitignore b/.gitignore
@@ -4,9 +4,10 @@ bin/
 build/
 target/
 out/
+/releases/
 #intellij
 .idea/
 .classpath/
 .project/
 /build/
-/.gradle/
+/.gradle/
diff --git a/BappManifest.bmf b/BappManifest.bmf
@@ -2,12 +2,12 @@ Uuid: 65033cbd2c344fbabe57ac060b5dd100
 ExtensionType: 1
 Name: Hackvertor
 RepoName: hackvertor
-ScreenVersion: 1.7.38
+ScreenVersion: 1.7.49
 SerialVersion: 41
 MinPlatformVersion: 0
 ProOnly: False
 Author: Portswigger Web Security - Gareth Heyes
 ShortDescription: Converts data using a tag-based configuration to apply various encoding and escaping operations.
-EntryPoint: build/libs/hackvertor-all.jar
-BuildCommand: ./gradlew fatJar
+EntryPoint: releases/hackvertor-all.jar
+BuildCommand: ./gradlew jar
 SupportedProducts: Pro, Community
diff --git a/build.gradle b/build.gradle
@@ -12,25 +12,25 @@ repositories {
 
 dependencies {
     implementation 'net.portswigger.burp.extender:burp-extender-api:1.7.22'
-    implementation 'commons-codec:commons-codec:1.10'
-    implementation 'org.apache.commons:commons-lang3:3.7'
-    implementation 'org.unbescape:unbescape:1.1.5.RELEASE'
-    implementation 'org.bouncycastle:bcpkix-jdk15on:1.60'
-    implementation 'com.auth0:java-jwt:3.4.0'
-    implementation 'org.json:json:20190722'
-    implementation 'commons-io:commons-io:2.6'
+    implementation 'commons-codec:commons-codec:1.15'
+    implementation 'org.apache.commons:commons-lang3:3.12.0'
+    implementation 'org.unbescape:unbescape:1.1.6.RELEASE'
+    implementation 'org.bouncycastle:bcpkix-jdk15on:1.70'
+    implementation 'com.auth0:java-jwt:4.3.0'
+    implementation 'org.json:json:20230227'
+    implementation 'commons-io:commons-io:2.11.0'
     implementation 'org.apache.commons:commons-compress:1.22'
     implementation 'org.brotli:dec:0.1.2'
-    implementation 'org.python:jython-standalone:2.7.0'
+    implementation 'org.python:jython-standalone:2.7.3b1'
     implementation 'bsf:bsf:2.4.0'
     implementation 'org.apache-extras.beanshell:bsh:2.0b6'
-    implementation 'org.codehaus.groovy:groovy-all:3.0.7'
+    implementation 'org.codehaus.groovy:groovy-all:3.0.16'
     implementation 'com.eclipsesource.j2v8:j2v8_macosx_x86_64:4.6.0'
     implementation 'com.github.javafaker:javafaker:1.0.2'
-    implementation 'com.fifesoft:rsyntaxtextarea:3.2.2'
+    implementation 'com.fifesoft:rsyntaxtextarea:3.3.1'
     implementation 'com.fifesoft:autocomplete:3.3.1'
-    testImplementation 'junit:junit:4.13.1'
-    testImplementation 'org.junit.jupiter:junit-jupiter:5.7.1'
+    testImplementation 'junit:junit:4.13.2'
+    testImplementation 'org.junit.jupiter:junit-jupiter:5.9.2'
 }
 
 sourceSets {
@@ -44,21 +44,19 @@ sourceSets {
     }
 }
 
-task fatJar(type: Jar) {
-    baseName = project.name + '-all'
+jar{
     duplicatesStrategy = DuplicatesStrategy.EXCLUDE
+    archivesBaseName = project.name + '-all'
     from {
-        configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
-        configurations.compileClasspath.collect { it.isDirectory() ? it : zipTree(it) }
-    } {
-        exclude 'META-INF/MANIFEST.MF'
-        exclude 'META-INF/*.SF'
-        exclude 'META-INF/*.DSA'
-        exclude 'META-INF/*.RSA'
+        (configurations.runtimeClasspath).collect { it.isDirectory() ? it : zipTree(it) }
+    }{
+        exclude "META-INF/*.SF"
+        exclude "META-INF/*.DSA"
+        exclude "META-INF/*.RSA"
+        exclude "META-INF/*.txt"
     }
-    with jar
 }
 
-/*test {
-    useJUnitPlatform()
-}*/
+tasks.withType(Jar) {
+    destinationDirectory = file("$rootDir/releases/")
+}
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.0-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/src/main/java/burp/Base58.java b/src/main/java/burp/Base58.java
@@ -0,0 +1,75 @@
+package burp;
+
+import java.math.BigInteger;
+
+public class Base58 {
+    private static final char[] ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz".toCharArray();
+    private static final BigInteger BASE = BigInteger.valueOf(58);
+
+    public static String encode(byte[] input) {
+        if (input.length == 0) {
+            return "";
+        }
+
+        // Convert the input bytes to a BigInteger
+        BigInteger num = new BigInteger(1, input);
+
+        // Encode the BigInteger as base58
+        StringBuilder sb = new StringBuilder();
+        while (num.compareTo(BigInteger.ZERO) > 0) {
+            BigInteger[] qr = num.divideAndRemainder(BASE);
+            sb.append(ALPHABET[qr[1].intValue()]);
+            num = qr[0];
+        }
+
+        // Add leading '1' characters for each leading zero byte in the input
+        for (int i = 0; i < input.length && input[i] == 0; i++) {
+            sb.append(ALPHABET[0]);
+        }
+
+        return sb.reverse().toString();
+    }
+
+    public static byte[] decode(String input) {
+        if (input.length() == 0) {
+            return new byte[0];
+        }
+
+        // Convert the base58 input to a BigInteger
+        BigInteger num = BigInteger.ZERO;
+        for (int i = 0; i < input.length(); i++) {
+            char c = input.charAt(i);
+            int digit = -1;
+            for (int j = 0; j < ALPHABET.length; j++) {
+                if (ALPHABET[j] == c) {
+                    digit = j;
+                    break;
+                }
+            }
+            if (digit == -1) {
+                throw new IllegalArgumentException("Invalid character '" + c + "' at position " + i);
+            }
+            num = num.multiply(BASE).add(BigInteger.valueOf(digit));
+        }
+
+        // Convert the BigInteger to a byte array
+        byte[] bytes = num.toByteArray();
+
+        // Remove any leading zero bytes
+        if (bytes.length > 0 && bytes[0] == 0) {
+            byte[] tmp = new byte[bytes.length - 1];
+            System.arraycopy(bytes, 1, tmp, 0, tmp.length);
+            bytes = tmp;
+        }
+
+        // Add leading zero bytes for each leading '1' character in the input
+        int numZeros = 0;
+        for (int i = 0; i < input.length() && input.charAt(i) == ALPHABET[0]; i++) {
+            numZeros++;
+        }
+        byte[] result = new byte[numZeros + bytes.length];
+        System.arraycopy(bytes, 0, result, numZeros, bytes.length);
+
+        return result;
+    }
+}
diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java
@@ -2,11 +2,10 @@
 
 import burp.ui.ExtensionPanel;
 import burp.ui.HackvertorInput;
+import burp.ui.HackvertorMessageTab;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.fife.ui.rsyntaxtextarea.RSyntaxTextArea;
 import org.fife.ui.rsyntaxtextarea.SyntaxConstants;
-import org.fife.ui.rsyntaxtextarea.Theme;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -202,7 +201,7 @@ public void run() {
                 }
                 try {
                     hackvertor = new Hackvertor();
-	            	stdout.println("Hackvertor v1.7.38");
+	            	stdout.println("Hackvertor v1.7.49");
                     loadCustomTags();
                     loadGlobalVariables();
                     registerPayloadProcessors();
@@ -787,13 +786,13 @@ public void actionPerformed(ActionEvent e) {
 
                 try {
                     if (language.equals("JavaScript")) {
-                        output = javascript(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags());
+                        output = javascript(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags(), null);
                     } else if(language.equals("Python")){
-                        output = python(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags());
+                        output = python(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags(), null);
                     } else if(language.equals("Java")){
-                        output = java(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags());
+                        output = java(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags(), null);
                     } else if(language.equals("Groovy")){
-                        output = groovy(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags());
+                        output = groovy(new HashMap<>(), input, code, tagCodeExecutionKey, customTagOptions, hackvertor.getCustomTags(), null);
                     }
                 }catch (Exception ee){
                     ee.printStackTrace();
@@ -1062,6 +1061,7 @@ public void createCustomTag(String tagName, String language, String code, String
     public void extensionUnloaded() {
         hvShutdown = true;
         burpMenuBar.remove(hvMenuBar);
+        burpMenuBar.revalidate();
         burpMenuBar.repaint();
         callbacks.printOutput("Hackvertor unloaded");
     }
@@ -1082,9 +1082,9 @@ public int[] getHeaderOffsets(byte[] request, String header) {
         int end = request.length;
         while (i < end) {
             int line_start = i;
-            while (i < end && request[i++] != ' ') {
+            while (i < end && request[i++] != ':') {
             }
-            byte[] header_name = Arrays.copyOfRange(request, line_start, i - 2);
+            byte[] header_name = Arrays.copyOfRange(request, line_start, i - 1);
             int headerValueStart = i;
             while (i < end && request[i++] != '\n') {
             }
@@ -1111,7 +1111,7 @@ public byte[] setHeader(byte[] request, String header, String value) {
         ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
         try {
             outputStream.write(Arrays.copyOfRange(request, 0, offsets[1]));
-            outputStream.write(helpers.stringToBytes(value));
+            outputStream.write(helpers.stringToBytes(" " + value));
             outputStream.write(Arrays.copyOfRange(request, offsets[2], request.length));
             return outputStream.toByteArray();
         } catch (IOException e) {