Merge pull request #96 from RUB-NDS/xsw

Improve Signature Wrapping Attacker

pom.xml

@@ -31,17 +31,11 @@
             <artifactId>json-simple</artifactId>
             <version>1.1.1</version>
         </dependency>
-        <!-- XML Utilities Library -->
-        <dependency>
-            <groupId>wsattacker.library</groupId>
-            <artifactId>XML_Utilities_Library</artifactId>
-            <version>1.7</version>
-        </dependency>
         <!-- Signature Wrapping Library -->
         <dependency>
-            <groupId>wsattacker.library</groupId>
-            <artifactId>Signature_Wrapping_Library</artifactId>
-            <version>1.7</version>
+            <groupId>com.github.rub-nds</groupId>
+            <artifactId>WS-Attacker-Library_Signature_Wrapping</artifactId>
+            <version>1.10</version>
         </dependency>
         <dependency>
             <groupId>org.jdesktop</groupId>
@@ -72,20 +66,18 @@
             <artifactId>bcprov-jdk16</artifactId>
             <version>140</version>
         </dependency>
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.9</version>
+            <type>jar</type>
+        </dependency>
     </dependencies>
 
     <repositories>
-        <!-- WS-Attacker Repository -->
         <repository>
-            <id>wsattacker-repos</id>
-            <name>wsattacker</name>
-            <url>https://repo.nds.rub.de/repository/wsattacker-repos/</url>
-            <releases>
-                <enabled>true</enabled>
-            </releases>
-            <snapshots>
-                <enabled>true</enabled>
-            </snapshots>
+            <id>jitpack.io</id>
+            <url>https://jitpack.io</url>
         </repository>
     </repositories>
 

src/main/java/burp/BurpExtender.java

@@ -23,7 +23,8 @@
 import de.rub.nds.burp.espresso.editor.JSONEditor;
 import de.rub.nds.burp.espresso.editor.JWTEditor;
 import de.rub.nds.burp.espresso.editor.saml.SAMLEditor;
-import de.rub.nds.burp.espresso.intruder.DTDPayloadFactory;
+import de.rub.nds.burp.espresso.intruder.dtd.DTDPayloadFactory;
+import de.rub.nds.burp.espresso.intruder.xsw.XSWPayloadFactory;
 import de.rub.nds.burp.utilities.Logging;
 import java.io.PrintWriter;
 import java.time.LocalTime;
@@ -90,6 +91,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
 
         //register Intruder payload generator
         callbacks.registerIntruderPayloadGeneratorFactory(new DTDPayloadFactory(callbacks));
+        callbacks.registerIntruderPayloadGeneratorFactory(new XSWPayloadFactory(callbacks));
 
         //Start logging
         Logging.getInstance().log(getClass(), "Init. complete.", Logging.INFO);

src/main/java/de/rub/nds/burp/espresso/editor/saml/UISourceViewer.java

@@ -83,7 +83,7 @@ private void initComponent(){
         }
         sp = new RTextScrollPane(textArea);
         sp.setHorizontalScrollBarPolicy(javax.swing.ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED);
-        checkBox = new JCheckBox("Softwraps for long lines");
+        checkBox = new JCheckBox("Enable Softwraps");
         checkBox.setSelected(false);
         checkBox.addActionListener(new ActionListener() {
             public void actionPerformed(ActionEvent ae) {

src/main/java/de/rub/nds/burp/espresso/gui/UIHistory.java

@@ -25,11 +25,11 @@
 import burp.IMessageEditorController;
 import de.rub.nds.burp.utilities.Logging;
 import de.rub.nds.burp.utilities.protocols.SSOProtocol;
-import de.rub.nds.burp.utilities.table.Table;
-import de.rub.nds.burp.utilities.table.TableDB;
-import de.rub.nds.burp.utilities.table.TableEntry;
-import de.rub.nds.burp.utilities.table.TableHelper;
-import de.rub.nds.burp.utilities.table.TableMouseListener;
+import de.rub.nds.burp.utilities.table.ssoHistory.Table;
+import de.rub.nds.burp.utilities.table.ssoHistory.TableDB;
+import de.rub.nds.burp.utilities.table.ssoHistory.TableEntry;
+import de.rub.nds.burp.utilities.table.ssoHistory.TableHelper;
+import de.rub.nds.burp.utilities.table.ssoHistory.TableMouseListener;
 import java.awt.Color;
 import java.awt.GridBagConstraints;
 import java.awt.GridBagLayout;

src/main/java/de/rub/nds/burp/espresso/gui/attacker/saml/UIPreview.form

@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<Form version="1.3" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JDialogFormInfo">
+  <Properties>
+    <Property name="defaultCloseOperation" type="int" value="2"/>
+  </Properties>
+  <SyntheticProperties>
+    <SyntheticProperty name="formSizePolicy" type="int" value="1"/>
+    <SyntheticProperty name="generateCenter" type="boolean" value="false"/>
+  </SyntheticProperties>
+  <AuxValues>
+    <AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="0"/>
+    <AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
+    <AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
+    <AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
+    <AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
+  </AuxValues>
+
+  <Layout>
+    <DimensionLayout dim="0">
+      <Group type="103" groupAlignment="0" attributes="0">
+          <Group type="102" attributes="0">
+              <EmptySpace max="-2" attributes="0"/>
+              <Group type="103" groupAlignment="0" attributes="0">
+                  <Component id="jButtonExit" max="32767" attributes="0"/>
+                  <Component id="rTextScrollPane" pref="972" max="32767" attributes="0"/>
+                  <Group type="102" alignment="0" attributes="0">
+                      <Component id="jLabel1" min="-2" max="-2" attributes="0"/>
+                      <EmptySpace max="32767" attributes="0"/>
+                      <Component id="jCheckBoxWrapLines" min="-2" max="-2" attributes="0"/>
+                  </Group>
+              </Group>
+              <EmptySpace max="-2" attributes="0"/>
+          </Group>
+      </Group>
+    </DimensionLayout>
+    <DimensionLayout dim="1">
+      <Group type="103" groupAlignment="0" attributes="0">
+          <Group type="102" alignment="0" attributes="0">
+              <EmptySpace min="-2" max="-2" attributes="0"/>
+              <Group type="103" groupAlignment="3" attributes="0">
+                  <Component id="jLabel1" alignment="3" min="-2" max="-2" attributes="0"/>
+                  <Component id="jCheckBoxWrapLines" alignment="3" min="-2" max="-2" attributes="0"/>
+              </Group>
+              <EmptySpace min="-2" max="-2" attributes="0"/>
+              <Component id="rTextScrollPane" pref="531" max="32767" attributes="0"/>
+              <EmptySpace min="-2" max="-2" attributes="0"/>
+              <Component id="jButtonExit" min="-2" max="-2" attributes="0"/>
+              <EmptySpace min="-2" max="-2" attributes="0"/>
+          </Group>
+      </Group>
+    </DimensionLayout>
+  </Layout>
+  <SubComponents>
+    <Container class="org.fife.ui.rtextarea.RTextScrollPane" name="rTextScrollPane">
+      <Properties>
+        <Property name="autoscrolls" type="boolean" value="true"/>
+        <Property name="lineNumbersEnabled" type="boolean" value="true"/>
+      </Properties>
+
+      <Layout class="org.netbeans.modules.form.compat2.layouts.support.JScrollPaneSupportLayout"/>
+      <SubComponents>
+        <Component class="org.fife.ui.rsyntaxtextarea.RSyntaxTextArea" name="rSyntaxTextArea">
+          <Properties>
+            <Property name="editable" type="boolean" value="false"/>
+            <Property name="columns" type="int" value="20"/>
+            <Property name="rows" type="int" value="5"/>
+            <Property name="codeFoldingEnabled" type="boolean" value="true"/>
+            <Property name="syntaxEditingStyle" type="java.lang.String" value="text/xml"/>
+          </Properties>
+        </Component>
+      </SubComponents>
+    </Container>
+    <Component class="javax.swing.JButton" name="jButtonExit">
+      <Properties>
+        <Property name="text" type="java.lang.String" value="Exit"/>
+      </Properties>
+      <Events>
+        <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jButtonExitActionPerformed"/>
+      </Events>
+    </Component>
+    <Component class="javax.swing.JLabel" name="jLabel1">
+      <Properties>
+        <Property name="text" type="java.lang.String" value="New attack vector:"/>
+      </Properties>
+    </Component>
+    <Component class="javax.swing.JCheckBox" name="jCheckBoxWrapLines">
+      <Properties>
+        <Property name="text" type="java.lang.String" value="Enable Softwraps"/>
+      </Properties>
+      <Events>
+        <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jCheckBoxWrapLinesActionPerformed"/>
+      </Events>
+    </Component>
+  </SubComponents>
+</Form>

src/main/java/de/rub/nds/burp/espresso/gui/attacker/saml/UIPreview.java

@@ -0,0 +1,137 @@
+/**
+ * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols.
+ * Copyright (C) 2015 Tim Guenther and Christian Mainka
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package de.rub.nds.burp.espresso.gui.attacker.saml;
+
+import javax.swing.JFrame;
+
+/**
+ * @author Nurullah Erinola
+ */
+public class UIPreview extends javax.swing.JDialog {
+
+    /**
+     * Creates new form UIPreview
+     */
+    public UIPreview(String message) {
+        super(new JFrame(), true);
+        initComponents();
+        // Set message
+        rSyntaxTextArea.setText(message);
+        rSyntaxTextArea.setCaretPosition(0);
+        rTextScrollPane.setLineNumbersEnabled(true);
+        // Show JDialog
+        setLocationRelativeTo(null);
+        setVisible(true);
+    }
+
+    /**
+     * This method is called from within the constructor to initialize the form.
+     * WARNING: Do NOT modify this code. The content of this method is always
+     * regenerated by the Form Editor.
+     */
+    @SuppressWarnings("unchecked")
+    // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
+    private void initComponents() {
+
+        rTextScrollPane = new org.fife.ui.rtextarea.RTextScrollPane();
+        rSyntaxTextArea = new org.fife.ui.rsyntaxtextarea.RSyntaxTextArea();
+        jButtonExit = new javax.swing.JButton();
+        jLabel1 = new javax.swing.JLabel();
+        jCheckBoxWrapLines = new javax.swing.JCheckBox();
+
+        setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
+
+        rTextScrollPane.setAutoscrolls(true);
+        rTextScrollPane.setLineNumbersEnabled(true);
+
+        rSyntaxTextArea.setEditable(false);
+        rSyntaxTextArea.setColumns(20);
+        rSyntaxTextArea.setRows(5);
+        rSyntaxTextArea.setCodeFoldingEnabled(true);
+        rSyntaxTextArea.setSyntaxEditingStyle("text/xml");
+        rTextScrollPane.setViewportView(rSyntaxTextArea);
+
+        jButtonExit.setText("Exit");
+        jButtonExit.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                jButtonExitActionPerformed(evt);
+            }
+        });
+
+        jLabel1.setText("New attack vector:");
+
+        jCheckBoxWrapLines.setText("Enable Softwraps");
+        jCheckBoxWrapLines.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                jCheckBoxWrapLinesActionPerformed(evt);
+            }
+        });
+
+        javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
+        getContentPane().setLayout(layout);
+        layout.setHorizontalGroup(
+            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+            .addGroup(layout.createSequentialGroup()
+                .addContainerGap()
+                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                    .addComponent(jButtonExit, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+                    .addComponent(rTextScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 972, Short.MAX_VALUE)
+                    .addGroup(layout.createSequentialGroup()
+                        .addComponent(jLabel1)
+                        .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+                        .addComponent(jCheckBoxWrapLines)))
+                .addContainerGap())
+        );
+        layout.setVerticalGroup(
+            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+            .addGroup(layout.createSequentialGroup()
+                .addContainerGap()
+                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+                    .addComponent(jLabel1)
+                    .addComponent(jCheckBoxWrapLines))
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                .addComponent(rTextScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 531, Short.MAX_VALUE)
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                .addComponent(jButtonExit)
+                .addContainerGap())
+        );
+
+        pack();
+    }// </editor-fold>//GEN-END:initComponents
+
+    private void jCheckBoxWrapLinesActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBoxWrapLinesActionPerformed
+        if (jCheckBoxWrapLines.isSelected()) {
+            rSyntaxTextArea.setLineWrap(true);
+        } else {
+            rSyntaxTextArea.setLineWrap(false);
+        }
+    }//GEN-LAST:event_jCheckBoxWrapLinesActionPerformed
+
+    private void jButtonExitActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButtonExitActionPerformed
+        this.dispose();
+    }//GEN-LAST:event_jButtonExitActionPerformed
+
+    // Variables declaration - do not modify//GEN-BEGIN:variables
+    private javax.swing.JButton jButtonExit;
+    private javax.swing.JCheckBox jCheckBoxWrapLines;
+    private javax.swing.JLabel jLabel1;
+    private org.fife.ui.rsyntaxtextarea.RSyntaxTextArea rSyntaxTextArea;
+    private org.fife.ui.rtextarea.RTextScrollPane rTextScrollPane;
+    // End of variables declaration//GEN-END:variables
+}

src/main/java/de/rub/nds/burp/espresso/gui/attacker/saml/UISAMLAttacker.java

@@ -50,11 +50,11 @@ public class UISAMLAttacker extends JPanel implements ItemListener{
     private JLabel descriptionLabel;
     private JPanel settingsContainer;
 
-    private UISigWrapAttack uiSigWrapAttack = null;
     private UISigFakeAttack uiSigFakeAttack = null;
     private UISigExcAttack uiSigExcAttack = null;
     private UIDTDAttack uiDTDAttack = null;
     private UIEncryptionAttack uiEncryptionAttack = null;
+    private UISigWrapAttack uiSigWrapAttack = null;
 
     /**
      * Create a new Attacker.
@@ -118,8 +118,8 @@ private void initComponents() {
                 .addComponent(descriptionLabel)
                 .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                 .addComponent(attackComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
-                .addGap(18, 18, 18)
-                .addComponent(settingsContainer, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+                .addGap(10, 10, 10)
+                .addComponent(settingsContainer, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
         );
 }
 
@@ -147,7 +147,7 @@ public void setEnabled(boolean enabled){
     public void setListeners(CodeListenerController listeners){
         uiSigExcAttack.setListener(listeners);
         uiSigFakeAttack.setListener(listeners);
-        uiSigWrapAttack.setListener(listeners);
+        uiSigWrapAttack.setListeners(listeners);
         uiDTDAttack.setListener(listeners);
         uiEncryptionAttack.setListener(listeners);
     }