Skip to content

Commit

Permalink
## [v1.2.0] - 2024-07-27
Browse files Browse the repository at this point in the history
### Added
- new feature:  Added [DecodeVectorInjector](https://github.com/gdgd009xcd/AutoMacroBuilderForZAP/wiki/1.8.-encoded-parameter-injector) which enabled to decode URLencoded/base64ed parameter value for scanning or pentesting.
### Changed
- bugfix: Fixed an issue with JTextPane-like text areas where visual components such as the CR icon were lost after editing the content.

Signed-off-by: gdgd009xcd <patsz.g1owq@gmail.com>
  • Loading branch information
gdgd009xcd committed Jul 27, 2024
1 parent 0099079 commit 3e43746
Show file tree
Hide file tree
Showing 201 changed files with 5,406 additions and 595 deletions.
6 changes: 6 additions & 0 deletions addOns/automacrobuilder/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,12 @@ All notable changes to this add-on will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## [v1.2.0] - 2024-07-27
### Added
- new feature: Added [DecodeVectorInjector](https://github.com/gdgd009xcd/AutoMacroBuilderForZAP/wiki/1.8.-encoded-parameter-injector) which enabled to decode URLencoded/base64ed parameter value for scanning or pentesting.
### Changed
- bugfix: Fixed an issue with JTextPane-like text areas where visual components such as the CR icon were lost after editing the content.

## [v1.1.20] - 2024-04-17
### Changed
- maintenance: Removed unused classes (related to "Tamper" GUI)
Expand Down
38 changes: 36 additions & 2 deletions addOns/automacrobuilder/automacrobuilder.gradle.kts
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import org.zaproxy.gradle.addon.AddOnStatus

version = "1.1.20"
version = "1.2.0"
description = "AutoMacroBuilder for ZAP"

tasks.withType<JavaCompile> {
Expand Down Expand Up @@ -64,9 +64,43 @@ zapAddOn {
author.set("gdgd009xcd")
url.set("https://gdgd009xcd.github.io/AutoMacroBuilderForZAP/")
repo.set("https://github.com/gdgd009xcd/AutoMacroBuilderForZAP")


helpSet {
baseName.set("help%LC%.helpset")
// ${zapAddOn.addOnId.get()} is the subproject folder name "automacrobuilder" in addOns project folder.
val resourcesPath = "org.zaproxy.zap.extension.${zapAddOn.addOnId.get()}.zap.resources."
println("resourcesPath:" + resourcesPath)
// helpset root src path is "src/main/javahelp". you must put helpsets under this directory.
//
// baseName and localToken are used for determinating javahelp helpset(.hs) file path
// In English (default) locale, %LC% token is convert to ""
// ${resourcesPath}help.helpset.hs
// In ja_JP locale, %LC% token is convert to "_ja_JP" then helpset file path is:
// ${resourcesPath}help_ja_JP.helpset_ja_JP.hs
// * if you use %LC% locale token, then you must provide "all" locale specific helpset files for ZAP.
// otherwise you may remove %LC% to support any locale helpset in English only.
// * if you comment out this helpSet function entirely,
// zaproxy expects the help directory to be in the following path:
//
// ${resourcesPath}/help
// help_ja_JP
// ...
// ${resourcesPath} == org.zaproxy.zap.extension.automacrobuilder.zap.resources.
// == [this addon's Extension package name].resources.
// ** Extension package name is the package name of this addon's Extension class file inherit from ExtensionAdaptor
// e.g. The package name of ExtensionAutoMacroBuilder class.
//
//
// ** this help directory hierarchy will be used for providing localization help by crowdin in the future.
//
// ----locale supported helpset configurations.---
baseName.set("${resourcesPath}help%LC%.helpset")
localeToken.set("%LC%")
// ---- no locale supported(English only) configurations.---
//baseName.set("${resourcesPath}help.helpset")
//localeToken.set("")
}


}
}
Original file line number Diff line number Diff line change
Expand Up @@ -33,84 +33,16 @@ public class PRequest extends ParseHTTPHeaders {
private static org.apache.logging.log4j.Logger LOGGER4J =
org.apache.logging.log4j.LogManager.getLogger();

// @Deprecated(since = "1.2", forRemoval = true) 20240229 since no need hold chunks in this PRequest.
private List<RequestChunk> chunks = null;
// @Deprecated(since = "1.2", forRemoval = true) 20240229 since no need hold doctext in this PRequest.
private String doctext = null;

public PRequest(String h, int p, boolean ssl, byte[] _binmessage, Encode _pageenc) {
super(h, p, ssl, _binmessage, _pageenc);
}

/**
* create instance
* pass argument chunkdoc, extract doctext from chunkdoc
*
* @Deprecated 20240229 since no need hold chunks/doctext in this PRequest.
*
* @param h
* @param p
* @param ssl
* @param _binmessage
* @param _pageenc
* @param chunkdoc
*/
@Deprecated(since = "1.2", forRemoval = true)
PRequest(
String h,
int p,
boolean ssl,
byte[] _binmessage,
Encode _pageenc,
StyledDocumentWithChunk chunkdoc) {
super(h, p, ssl, _binmessage, _pageenc);
if (chunkdoc != null) {
chunks = chunkdoc.getRequestChunks();
doctext = chunkdoc.getPlaceHolderStyleText();
}
}

public PRequest newRequestWithRemoveSpecialChars(String regex) { // remove section chars
byte[] binmessage = getByteMessage();
String isomessage = new String(binmessage, StandardCharsets.ISO_8859_1);
String defaultregex = "[§]";
if (regex != null && !regex.isEmpty()) {
defaultregex = regex;
}
String rawmessage = isomessage.replaceAll(defaultregex, "");
String host = getHost();
int port = getPort();
boolean isSSL = isSSL();
Encode penc = getPageEnc();
return new PRequest(
host, port, isSSL, rawmessage.getBytes(StandardCharsets.ISO_8859_1), penc);
}

@Override
public PRequest clone() {
PRequest nobj = (PRequest) super.clone();
nobj.chunks = ListDeepCopy.listDeepCopyRequestChunk(this.chunks);
return nobj;
}

/**
* Get List<RequestChunk> which is parsed request contents representation
*
* @Deprecated 20240229 since no need hold chunks/doctext in this PRequest.
*
* @return
*/
@Deprecated(since = "1.2", forRemoval = true)
public List<RequestChunk> getRequestChunks() {
if (this.chunks == null) {
String theaders = getHeaderOnly();
byte[] tbodies = getBodyBytes();
String tcontent_type = getHeader("Content-Type");
this.chunks = getRequestChunks(theaders, tbodies, tcontent_type);
}
return this.chunks;
}

/**
* generate List<RequestChunk> which is parsed request contents representation
* @return
Expand All @@ -124,28 +56,6 @@ public List<RequestChunk> generateRequestChunks() {
return chunks;
}

/**
* set doc text from StyledDocumentWithChunks(representating for PRequest)
*
* @Deprecated 20240229 since no need hold chunks/doctext in this PRequest.
*
* @param doc
*/
@Deprecated(since = "1.2", forRemoval = true)
public void setDocText(StyledDocumentWithChunk doc) {
this.doctext = doc.getPlaceHolderStyleText();
}

/**
* @Deprecated 20240229 since no need hold chunks/doctext in this PRequest.
*
* @return
*/
@Deprecated(since = "1.2", forRemoval = true)
public String getDocText() {
return this.doctext;
}

/**
* get PrimeHeader except tailing CRLF
*/
Expand Down Expand Up @@ -315,118 +225,4 @@ private List<RequestChunk> getRequestChunks(

return reqchunks;
}

/**
* update DocText and Chunks with specified chunks
*
* @Deprecated 20240229 since no need hold chunks/doctext in this PRequest.
*
* @param orgchunks
*/
@Deprecated(since = "1.2", forRemoval = true)
void updateDocAndChunks(List<RequestChunk> orgchunks) {

if (orgchunks == null) return;
// recreate this doctext and chunks from prequest.getBytes();
this.chunks = null;
this.doctext = null;
StyledDocumentWithChunk nouseddoc = new StyledDocumentWithChunk(this);

Charset charset = getPageEnc().getIANACharset();
int npos = -1;
int cpos = 0;
int placebegin = 0;
while ((npos =
this.doctext.indexOf(
StyledDocumentWithChunk.CONTENTS_PLACEHOLDER_PREFIX, cpos))
!= -1) {
placebegin = npos;
cpos = npos + StyledDocumentWithChunk.CONTENTS_PLACEHOLDER_PREFIX.length();
int beginpos = cpos;
if ((npos =
this.doctext.indexOf(
StyledDocumentWithChunk.CONTENTS_PLACEHOLDER_SUFFIX, cpos))
!= -1) {
cpos = npos + StyledDocumentWithChunk.CONTENTS_PLACEHOLDER_SUFFIX.length();
int endpos = npos;
if (endpos - beginpos <= StyledDocumentWithChunk.PARTNO_MAXLEN) {
String partno = this.doctext.substring(beginpos, endpos).trim();
if (partno != null && partno.length() > 0) {
int pno = Integer.parseInt(partno);
if (pno > -1) {
Optional<RequestChunk> optorgchunk =
orgchunks.stream()
.filter(
c ->
c.getPartNo() == pno
&& (c.getChunkType()
== RequestChunk
.CHUNKTYPE
.CONTENTS
|| c.getChunkType()
== RequestChunk
.CHUNKTYPE
.CONTENTSIMG))
.findFirst();
RequestChunk orgchunk = optorgchunk.orElse(null);
Optional<RequestChunk> optnewchunk =
this.chunks.stream()
.filter(
c ->
c.getPartNo() == pno
&& (c.getChunkType()
== RequestChunk
.CHUNKTYPE
.CONTENTS
|| c.getChunkType()
== RequestChunk
.CHUNKTYPE
.CONTENTSIMG))
.findFirst();
RequestChunk newchunk = optnewchunk.orElse(null);
if (orgchunk != null && newchunk != null) {
ParmGenBinUtil newarray = new ParmGenBinUtil(newchunk.getBytes());
byte[] orgdata = orgchunk.getBytes();
int stp = -1;
int etp = 0;
if ((stp = newarray.indexOf(orgdata)) != -1) {
byte[] newdata = newarray.getBytes();
int newdatalen = newdata.length;
etp = stp + orgdata.length;
String prefix = "";
String suffix = "";
if (stp > 0) {
prefix = new String(newarray.subBytes(0, stp), charset);
}
if (etp < newdatalen) {
suffix =
new String(
newarray.subBytes(etp, newdatalen),
charset);
}
this.doctext =
this.doctext.substring(0, placebegin)
+ prefix
+ this.doctext.substring(placebegin, cpos)
+ suffix
+ this.doctext.substring(cpos);
cpos += prefix.length() + suffix.length();
LOGGER4J.debug(
"prefix["
+ prefix
+ "] chunk.len:"
+ orgchunk.getBytes().length
+ " suffix["
+ suffix
+ "]");
newchunk.setByte(orgchunk.getBytes());
newchunk.setChunkType(orgchunk.getChunkType());
}
}
}
}
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -961,7 +961,7 @@ public void sendToRepeater(int currentSelectedPos, int tabIndex) {
if ((pqr = getRequestResponseCurrentList(currentSelectedPos)) != null) {
StyledDocumentWithChunk doc = ui.getStyledDocumentOfSelectedMessageRequest();
if (doc != null) {
PRequest prequest = doc.reBuildPRequestFromDocTextAndChunks();
PRequest prequest = doc.reBuildPRequestFromDocTextAndChunksWithEncodeCustomTag();
if (prequest != null) {
pqr.updateRequest(
prequest.clone()); // update rlist with ui.MacroRequest contents.
Expand Down Expand Up @@ -990,7 +990,7 @@ public void sendToScanner(int currentSelectedPos, int tabIndex) {
if ((pqr = getRequestResponseCurrentList(currentSelectedPos)) != null) {
StyledDocumentWithChunk doc = ui.getStyledDocumentOfSelectedMessageRequest();
if (doc != null) {
PRequest prequest = doc.reBuildPRequestFromDocTextAndChunks();
PRequest prequest = doc.reBuildPRequestFromDocTextAndChunksWithEncodeCustomTag();
if (prequest != null) {
pqr.updateRequest(
prequest.clone()); // update rlist with ui.MacroRequest contents.
Expand All @@ -1015,7 +1015,7 @@ public void sendToIntruder(int currentSelectedPos, int tabIndex) {
if ((pqr = getRequestResponseCurrentList(currentSelectedPos)) != null) {
StyledDocumentWithChunk doc = ui.getStyledDocumentOfSelectedMessageRequest();
if (doc != null) {
PRequest prequest = doc.reBuildPRequestFromDocTextAndChunks();
PRequest prequest = doc.reBuildPRequestFromDocTextAndChunksWithEncodeCustomTag();
if (prequest != null) {
pqr.updateRequest(
prequest.clone()); // update rlist with ui.MacroRequest contents.
Expand Down Expand Up @@ -1364,6 +1364,10 @@ public int getRunningStepNo() {
return this.runningStepNo;
}

public void restoreOrigialToRequestList() {
this.rlist = ListDeepCopy.listDeepCopyPRequestResponse(this.originalrlist);
}




Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ public static int parseMinInt(String i) {
}

public static String escapeRegexChars(String _d) {
_d = _d.replaceAll("([\\+\\{\\}\\[\\]\\(\\)\\*\\.\\<\\>\\?\\^\\$])", "\\\\$1");
_d = _d.replaceAll("([\\\\\\+\\{\\}\\[\\]\\(\\)\\*\\.\\<\\>\\?\\^\\$])", "\\\\$1");
return _d;
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package org.zaproxy.zap.extension.automacrobuilder;

public class StartEndPosition {
public int start;
public int end;
public String styleName = null;
public String value = null;
public StartEndPosition(int start, int end) {
this.start = start;
this.end = end;
}
public StartEndPosition(int start, int end, String value) {
this.start = start;
this.end = end;
this.value = value;
}
}
Loading

0 comments on commit 3e43746

Please sign in to comment.