Socksの認証方法の修正

raise-isayan · Mar 11, 2023 · aa3a1d2 · aa3a1d2
1 parent e2c8ac0
commit aa3a1d2
Show file tree

Hide file tree

Showing 9 changed files with 218 additions and 108 deletions.
diff --git a/release/YaguraExtension-v3.0.jar b/release/YaguraExtension-v3.0.jar
diff --git a/src/main/java/extension/helpers/HttpUtil.java b/src/main/java/extension/helpers/HttpUtil.java
@@ -585,8 +585,8 @@ public static boolean isInetAddressByName(String hostName) {
     }
 
     public static Authenticator putAuthenticator(Authenticator authenticator) {
-        Authenticator current = Authenticator.getDefault();
-        Authenticator.setDefault(current);
-        return current;
+        Authenticator saveAuthenticator = Authenticator.getDefault();
+        Authenticator.setDefault(authenticator);
+        return saveAuthenticator;
     }
 }
diff --git a/src/main/java/okhttp/socks/SocksProxyAuthInterceptor.java b/src/main/java/okhttp/socks/SocksProxyAuthInterceptor.java
@@ -1,26 +1,27 @@
 package okhttp.socks;
 
 import java.io.IOException;
+import java.net.Authenticator;
 import java.net.PasswordAuthentication;
 import okhttp3.Interceptor;
 import okhttp3.Response;
 
 public class SocksProxyAuthInterceptor implements Interceptor {
+    private final PasswordAuthentication credentials;
 
-    private final PasswordAuthentication authentication;
-
-    public SocksProxyAuthInterceptor(PasswordAuthentication socksAuthentication) {
-        this.authentication = socksAuthentication;
+    public SocksProxyAuthInterceptor(PasswordAuthentication credentials) {
+        this.credentials = credentials;
     }
 
     @Override
-    public Response intercept(Chain chain) throws IOException {
-        SocksProxyAuthenticator.getInstance().setCredentials(this.authentication);
-        try {
-            return chain.proceed(chain.request());
-        } finally {
-            SocksProxyAuthenticator.clearCredentials();
+    public Response intercept(Interceptor.Chain chain) throws IOException {
+        synchronized(Authenticator.class) {
+            SocksProxyAuthenticator.getInstance().setCredentials(credentials);
+            try {
+                return chain.proceed(chain.request());
+            } finally {
+                SocksProxyAuthenticator.resetCredentials();
+            }
         }
     }
-
-}
+}
diff --git a/src/main/java/okhttp/socks/SocksProxyAuthenticator.java b/src/main/java/okhttp/socks/SocksProxyAuthenticator.java
@@ -1,37 +1,38 @@
 package okhttp.socks;
 
+import extension.helpers.HttpUtil;
 import java.net.Authenticator;
 import java.net.PasswordAuthentication;
 
 public class SocksProxyAuthenticator extends Authenticator {
-
     private final ThreadLocal<PasswordAuthentication> credentials = new ThreadLocal<>();
+    private final ThreadLocal<Authenticator> saveAuthenticator = new ThreadLocal<>();
 
-    private SocksProxyAuthenticator() {
-    }
+    private SocksProxyAuthenticator(){}
 
     private static class SingletonHolder {
         private static final SocksProxyAuthenticator instance = new SocksProxyAuthenticator();
     }
 
-    public static final SocksProxyAuthenticator getInstance() {
+    public static SocksProxyAuthenticator getInstance() {
         return SingletonHolder.instance;
     }
 
-    public void setCredentials(PasswordAuthentication socksAuthentication) {
+    public void setCredentials(PasswordAuthentication credentials) {
         SocksProxyAuthenticator authenticator = SocksProxyAuthenticator.getInstance();
-        Authenticator.setDefault(authenticator);
-        authenticator.credentials.set(socksAuthentication);
+        //Authenticator.setDefault(authenticator);
+        authenticator.saveAuthenticator.set(HttpUtil.putAuthenticator(authenticator));
+        authenticator.credentials.set(credentials);
     }
 
-    public static void clearCredentials() {
+    public static void resetCredentials() {
         SocksProxyAuthenticator authenticator = SocksProxyAuthenticator.getInstance();
-        Authenticator.setDefault(authenticator);
-        authenticator.credentials.set(null);
+        Authenticator.setDefault(authenticator.saveAuthenticator.get());
+        authenticator.credentials.remove();
     }
 
     @Override
     public PasswordAuthentication getPasswordAuthentication() {
         return credentials.get();
     }
-}
+}
diff --git a/src/main/java/yagura/model/HttpExtendProperty.java b/src/main/java/yagura/model/HttpExtendProperty.java
@@ -34,7 +34,7 @@ public enum AuthorizationType {
 
     private final CertificateItem clientCertificateItem = new CertificateItem();
 
-    private boolean ignoreValidateCertification = true;
+    private boolean ignoreValidateCertification = false;
 
     /**
      * @return the useClientCertificate
@@ -253,7 +253,7 @@ public void setProperties(Properties prop) {
         this.httpClientType = HttpClientType.valueOf(prop.getProperty("useHttpClient", HttpClientType.BURP.name()));
 
         this.clientCertificateItem.setProperties(prop);
-        this.ignoreValidateCertification = Boolean.parseBoolean(prop.getProperty("ignoreValidateCertification", StringUtil.toString(Boolean.TRUE)));
+        this.ignoreValidateCertification = Boolean.parseBoolean(prop.getProperty("ignoreValidateCertification", StringUtil.toString(Boolean.FALSE)));
 
         this.authorizationType = AuthorizationType.valueOf(prop.getProperty("authorizationType", AuthorizationType.NONE.name()));
         this.authorizationUser = prop.getProperty("authorizationUser", "");

diff --git a/src/main/java/yagura/model/SendToServer.java b/src/main/java/yagura/model/SendToServer.java
@@ -414,8 +414,7 @@ public void connectFailed(URI uri, SocketAddress sa, IOException ex) {
     }
 
     protected void sendToServerUseOkHttpClient(HttpRequestResponse messageInfo, HttpExtendProperty extendProp) {
-        Runnable sendTo;
-        sendTo = new Runnable() {
+        Runnable sendTo = new Runnable() {
 
             @Override
             public void run() {

diff --git a/src/test/java/extension/burp/BurpUtilTest.java b/src/test/java/extension/burp/BurpUtilTest.java
@@ -1,10 +1,6 @@
 package extension.burp;
 
-import burp.api.montoya.MontoyaApi;
-import burp.api.montoya.burpsuite.BurpSuite;
-import burp.api.montoya.core.BurpSuiteEdition;
-import burp.api.montoya.core.Version;
-import extension.burp.montoya.MontoyaApiAdapter;
+import extension.burp.montoya.BurpVersionTest;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.junit.jupiter.api.AfterAll;
@@ -13,8 +9,6 @@
 import static org.junit.jupiter.api.Assertions.*;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
-import org.mockito.Mockito;
-import org.mockito.MockitoAnnotations;
 
 /**
  *
@@ -147,9 +141,55 @@ public void testCompareSuiteVersion() {
             BurpVersion suite = new BurpVersion("Burp Suite Community Edition v2023.2.1-19050 ");
             assertEquals(1, suite.compareTo(SUPPORT_MIN_VERSION));
         }
+        {
+            BurpVersion suite = new BurpVersion("Burp Suite Professional v2023.1.1- ");
+            assertEquals(-1, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion("Burp Suite Professional v2023.1.2- ");
+            assertEquals(0, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion("Burp Suite Professional v2023.1.3- ");
+            assertEquals(1, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
 
     }
 
+    @Test
+    public void testCompareSuiteMontoyaVersion() {
+        System.out.println("testCompareSuiteMontoyaVersion");
+        final BurpVersion SUPPORT_MIN_VERSION = new BurpVersion("Burp Suite Support v2023.1.2");
+        {
+            BurpVersion suite = new BurpVersion(BurpVersionTest.BURP_2023_1_1_VERSION_COMMUNITY);
+            assertEquals(-1, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion(BurpVersionTest.BURP_2023_1_2_VERSION_COMMUNITY);
+            assertEquals(0, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion(BurpVersionTest.BURP_2023_1_3_VERSION_COMMUNITY);
+            assertEquals(1, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion(BurpVersionTest.BURP_2023_2_1_VERSION_COMMUNITY);
+            assertEquals(1, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion(BurpVersionTest.BURP_2023_1_1_VERSION_PRO);
+            assertEquals(-1, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion(BurpVersionTest.BURP_2023_1_2_VERSION_PRO);
+            assertEquals(0, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+        {
+            BurpVersion suite = new BurpVersion(BurpVersionTest.BURP_2023_1_3_VERSION_PRO);
+            assertEquals(1, suite.compareTo(SUPPORT_MIN_VERSION));
+        }
+    }
+
     @Test
     public void testCompareMinor() {
         System.out.println("testCompareMinor");

diff --git a/src/test/java/extension/burp/montoya/BurpVersionTest.java b/src/test/java/extension/burp/montoya/BurpVersionTest.java
@@ -26,38 +26,89 @@ public BurpVersionTest() {
     private MontoyaApi mockApi;
     private BurpSuite burpSuteApi;
 
-    private static final Version BURP_2020_9_5_VERSION_FREE = new  MontoyaApiAdapter.VersionAdapter(
+    public static final Version BURP_2020_9_5_VERSION_FREE = new  MontoyaApiAdapter.VersionAdapter(
             "Burp Suite Community Edition",
             "2020",
             "9.5",
             "16933",
             BurpSuiteEdition.COMMUNITY_EDITION
     );
 
-    private static final Version BURP_2020_9_5_VERSION_PRO = new  MontoyaApiAdapter.VersionAdapter(
-            "Burp Suite Professional Edition",
-            "2020",
-            "9.5",
-            "16933",
-            BurpSuiteEdition.PROFESSIONAL
+    public static final Version BURP_2023_1_1_VERSION_COMMUNITY = new MontoyaApiAdapter.VersionAdapter(
+            "Burp Suite Community Edition",
+            "2023",
+            "1.1",
+            "18663",
+            BurpSuiteEdition.COMMUNITY_EDITION
+    );
+
+    public static final Version BURP_2023_1_2_VERSION_COMMUNITY = new MontoyaApiAdapter.VersionAdapter(
+            "Burp Suite Community Edition",
+            "2023",
+            "1.2",
+            "18663",
+            BurpSuiteEdition.COMMUNITY_EDITION
     );
 
-    private static final Version BURP_2023_2_1_VERSION_COMMUNITY = new MontoyaApiAdapter.VersionAdapter(
+    public static final Version BURP_2023_1_3_VERSION_COMMUNITY = new MontoyaApiAdapter.VersionAdapter(
+            "Burp Suite Community Edition",
+            "2023",
+            "1.3",
+            "19254",
+            BurpSuiteEdition.COMMUNITY_EDITION
+    );
+
+    public static final Version BURP_2023_2_1_VERSION_COMMUNITY = new MontoyaApiAdapter.VersionAdapter(
             "Burp Suite Community Edition",
             "2023",
             "2.1",
-            "16933",
+            "19050",
+            BurpSuiteEdition.COMMUNITY_EDITION
+    );
+
+
+    public static final Version BURP_2023_2_2_VERSION_COMMUNITY = new MontoyaApiAdapter.VersionAdapter(
+            "Burp Suite Community Edition",
+            "2023",
+            "2.2",
+            "19276",
             BurpSuiteEdition.COMMUNITY_EDITION
     );
 
-    private static final Version BURP_2023_1_1_VERSION_PRO = new MontoyaApiAdapter.VersionAdapter(
+
+    public static final Version BURP_2020_9_5_VERSION_PRO = new  MontoyaApiAdapter.VersionAdapter(
+            "Burp Suite Professional Edition",
+            "2020",
+            "9.5",
+            "16933",
+            BurpSuiteEdition.PROFESSIONAL
+    );
+
+    public static final Version BURP_2023_1_1_VERSION_PRO = new MontoyaApiAdapter.VersionAdapter(
             "Burp Suite Professional",
             "2023",
             "1.1",
             "18663",
             BurpSuiteEdition.PROFESSIONAL
     );
 
+    public static final Version BURP_2023_1_2_VERSION_PRO = new MontoyaApiAdapter.VersionAdapter(
+            "Burp Suite Professional",
+            "2023",
+            "1.2",
+            "18945",
+            BurpSuiteEdition.PROFESSIONAL
+    );
+
+    public static final Version BURP_2023_1_3_VERSION_PRO = new MontoyaApiAdapter.VersionAdapter(
+            "Burp Suite Professional",
+            "2023",
+            "1.3",
+            "19254",
+            BurpSuiteEdition.PROFESSIONAL
+    );
+
+
     @BeforeAll
     public static void setUpClass() {
     }
@@ -121,16 +172,6 @@ public void testParseProersion() {
     @Test
     public void testSuiteMontoyaApiVersion() {
         System.out.println("testSuiteMontoyaApiVersion");
-        {
-            Mockito.when(this.mockApi.burpSuite().version()).thenReturn(BURP_2023_2_1_VERSION_COMMUNITY);
-            BurpVersion suite = new BurpVersion(this.mockApi);
-            assertEquals("Burp Suite Community Edition", suite.getProductName());
-            assertEquals("2023", suite.getMajor());
-            assertEquals(2023, suite.getMajorVersion());
-            assertEquals("2.1", suite.getMinor());
-            assertFalse(suite.isProfessional());
-            assertEquals("16933", suite.getBuild());
-        }
         {
             Mockito.when(this.mockApi.burpSuite().version()).thenReturn(BURP_2023_1_1_VERSION_PRO);
             BurpVersion suite = new BurpVersion(this.mockApi);
@@ -141,6 +182,16 @@ public void testSuiteMontoyaApiVersion() {
             assertTrue(suite.isProfessional());
             assertEquals("18663", suite.getBuild());
         }
+        {
+            Mockito.when(this.mockApi.burpSuite().version()).thenReturn(BURP_2023_2_1_VERSION_COMMUNITY);
+            BurpVersion suite = new BurpVersion(this.mockApi);
+            assertEquals("Burp Suite Community Edition", suite.getProductName());
+            assertEquals("2023", suite.getMajor());
+            assertEquals(2023, suite.getMajorVersion());
+            assertEquals("2.1", suite.getMinor());
+            assertFalse(suite.isProfessional());
+            assertEquals("19050", suite.getBuild());
+        }
     }
 
 }