├── .gitignore ├── .travis.yml ├── doc └── apidocs │ ├── package-list │ ├── burp │ ├── package-frame.html │ ├── package-use.html │ ├── class-use │ │ └── BurpExtender.html │ └── package-tree.html │ ├── script.js │ ├── de │ └── rub │ │ └── nds │ │ └── burp │ │ ├── espresso │ │ ├── package-frame.html │ │ ├── attacker │ │ │ ├── package-frame.html │ │ │ └── package-use.html │ │ ├── scanner │ │ │ ├── package-frame.html │ │ │ └── package-use.html │ │ ├── gui │ │ │ ├── attacker │ │ │ │ ├── package-frame.html │ │ │ │ ├── util │ │ │ │ │ ├── package-frame.html │ │ │ │ │ └── package-use.html │ │ │ │ ├── saml │ │ │ │ │ └── package-frame.html │ │ │ │ └── package-use.html │ │ │ ├── package-frame.html │ │ │ └── class-use │ │ │ │ └── UITab.html │ │ ├── editor │ │ │ ├── package-frame.html │ │ │ ├── saml │ │ │ │ ├── package-frame.html │ │ │ │ └── package-use.html │ │ │ ├── package-use.html │ │ │ └── class-use │ │ │ │ └── Editor.html │ │ ├── package-use.html │ │ └── class-use │ │ │ └── HttpMarker.html │ │ └── utilities │ │ ├── listeners │ │ ├── saml │ │ │ ├── package-frame.html │ │ │ └── package-use.html │ │ └── package-frame.html │ │ ├── package-frame.html │ │ ├── table │ │ └── package-frame.html │ │ ├── protocols │ │ └── package-frame.html │ │ └── class-use │ │ ├── Encoding.html │ │ ├── XMLHelper.html │ │ └── Compression.html │ ├── overview-frame.html │ ├── index.html │ └── deprecated-list.html ├── BappManifest.bmf ├── license_header.txt ├── BappDescription.html ├── src ├── main │ └── java │ │ └── de │ │ └── rub │ │ └── nds │ │ └── burp │ │ ├── utilities │ │ ├── listeners │ │ │ ├── CodeListenerControllerType.java │ │ │ ├── events │ │ │ │ ├── SamlCodeEvent.java │ │ │ │ ├── SigAlgoCodeEvent.java │ │ │ │ └── SignatureCodeEvent.java │ │ │ ├── ICodeListener.java │ │ │ ├── AbstractCodeEvent.java │ │ │ └── CodeListenerController.java │ │ ├── attacks │ │ │ └── signatureFaking │ │ │ │ └── exceptions │ │ │ │ ├── SignatureFakingException.java │ │ │ │ └── CertificateHandlerException.java │ │ ├── EncodingType.java │ │ ├── table │ │ │ ├── xsw │ │ │ │ ├── TableEntry.java │ │ │ │ └── TableModel.java │ │ │ └── ssoHistory │ │ │ │ ├── TableMouseListener.java │ │ │ │ ├── TableDB.java │ │ │ │ ├── Table.java │ │ │ │ └── TableHelper.java │ │ ├── protocols │ │ │ └── xmlenc │ │ │ │ ├── AsymmetricAlgorithm.java │ │ │ │ └── SymmetricAlgorithm.java │ │ ├── ParameterUtilities.java │ │ ├── Compression.java │ │ ├── ByteArrayHelper.java │ │ └── Logging.java │ │ └── espresso │ │ └── gui │ │ ├── attacker │ │ ├── IAttack.java │ │ ├── saml │ │ │ └── UISigWrapAttack.java │ │ ├── util │ │ │ └── PayloadBean.java │ │ ├── UIError.form │ │ └── UIError.java │ │ ├── UITab.java │ │ └── UIMain.java └── test │ └── java │ └── de │ └── rub │ └── nds │ └── burp │ └── utilities │ ├── ByteArrayHelperTest.java │ ├── protocols │ └── xmlenc │ │ ├── AlgorithmTest.java │ │ └── XmlEncryptionHelperTest.java │ ├── table │ ├── TableTest.java │ ├── TableDBTest.java │ └── TableHelperTest.java │ └── EncodingTest.java └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | dependency-reduced-pom.xml 2 | *.log 3 | nbactions.xml 4 | nb-configuration.xml 5 | pom.xml.next 6 | pom.xml.releaseBackup 7 | pom.xml.tag 8 | pom.xml.versionsBackup 9 | release.properties 10 | *.swo 11 | *.swp 12 | target/ 13 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: java 2 | 3 | sudo: false 4 | 5 | jdk: 6 | - oraclejdk8 7 | # - oraclejdk7 8 | # - openjdk7 9 | 10 | #branches: 11 | # only: 12 | # - master 13 | 14 | notifications: 15 | email: 16 | recipients: 17 | - christian.mainka@hackmanit.de 18 | -------------------------------------------------------------------------------- /doc/apidocs/package-list: -------------------------------------------------------------------------------- 1 | burp 2 | de.rub.nds.burp.espresso.editor 3 | de.rub.nds.burp.espresso.editor.saml 4 | de.rub.nds.burp.espresso.gui 5 | de.rub.nds.burp.espresso.gui.attacker 6 | de.rub.nds.burp.espresso.gui.attacker.saml 7 | de.rub.nds.burp.espresso.gui.attacker.util 8 | de.rub.nds.burp.espresso.scanner 9 | de.rub.nds.burp.utilities 10 | de.rub.nds.burp.utilities.listeners 11 | de.rub.nds.burp.utilities.listeners.saml 12 | de.rub.nds.burp.utilities.protocols 13 | de.rub.nds.burp.utilities.table 14 | -------------------------------------------------------------------------------- /BappManifest.bmf: -------------------------------------------------------------------------------- 1 | Uuid: e1d08d4ab1ea4c17be3431d7d2b20b30 2 | ExtensionType: 1 3 | Name: EsPReSSO 4 | RepoName: espresso 5 | ScreenVersion: 3.3.1 6 | SerialVersion: 5 7 | MinPlatformVersion: 0 8 | ProOnly: False 9 | Author: Tim Guenther, Christian Mainka, Vladislav Mladenov, Nurullah Erinola, Juraj Somorovsky, Nils Engelbertz, David Herring 10 | ShortDescription: Processes and recognizes single sign-on protocols. 11 | EntryPoint: target/EsPReSSO-3.3.1-jar-with-dependencies.jar 12 | BuildCommand: mvn package -DskipTests=true -Dmaven.javadoc.skip=true -B 13 | -------------------------------------------------------------------------------- /license_header.txt: -------------------------------------------------------------------------------- 1 | EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 2 | Copyright (C) ${year} ${owner} 3 | 4 | This program is free software; you can redistribute it and/or modify it under 5 | the terms of the GNU General Public License as published by the Free Software 6 | Foundation; either version 2 of the License, or (at your option) any later 7 | version. 8 | 9 | This program is distributed in the hope that it will be useful, but WITHOUT 10 | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 11 | FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 12 | details. 13 | 14 | You should have received a copy of the GNU General Public License along with 15 | this program; if not, write to the Free Software Foundation, Inc., 51 16 | Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 | -------------------------------------------------------------------------------- /doc/apidocs/burp/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | burp (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

burp

14 |
15 |

Classes

16 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /doc/apidocs/script.js: -------------------------------------------------------------------------------- 1 | function show(type) 2 | { 3 | count = 0; 4 | for (var key in methods) { 5 | var row = document.getElementById(key); 6 | if ((methods[key] & type) != 0) { 7 | row.style.display = ''; 8 | row.className = (count++ % 2) ? rowColor : altColor; 9 | } 10 | else 11 | row.style.display = 'none'; 12 | } 13 | updateTabs(type); 14 | } 15 | 16 | function updateTabs(type) 17 | { 18 | for (var value in tabs) { 19 | var sNode = document.getElementById(tabs[value][0]); 20 | var spanNode = sNode.firstChild; 21 | if (value == type) { 22 | sNode.className = activeTableTab; 23 | spanNode.innerHTML = tabs[value][1]; 24 | } 25 | else { 26 | sNode.className = tableTab; 27 | spanNode.innerHTML = "" + tabs[value][1] + ""; 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso

14 |
15 |

Classes

16 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/attacker/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.attacker (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.attacker

14 |
15 |

Classes

16 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/scanner/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.scanner (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.scanner

14 |
15 |

Classes

16 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/gui/attacker/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.gui.attacker (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.gui.attacker

14 |
15 |

Classes

16 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /BappDescription.html: -------------------------------------------------------------------------------- 1 |

This extension processes and recognizes single sign-on protocols.

2 | 3 |

Detecting

4 |

Supported Protocols:

5 | 14 | 15 |

Attacking

16 | 21 | 22 |

Beautifier

23 | 29 | 30 |

Editors/Viewers

31 | 35 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/listeners/saml/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.utilities.listeners.saml (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.utilities.listeners.saml

14 |
15 |

Classes

16 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/gui/attacker/util/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.gui.attacker.util (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.gui.attacker.util

14 |
15 |

Classes

16 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/editor/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.editor (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.editor

14 |
15 |

Classes

16 | 20 |
21 | 22 | 23 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/editor/saml/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.editor.saml (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.editor.saml

14 |
15 |

Classes

16 | 21 |
22 | 23 | 24 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/listeners/CodeListenerControllerType.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.listeners; 20 | 21 | /** 22 | * @author Nurullah Erinola 23 | */ 24 | public enum CodeListenerControllerType { 25 | 26 | SAML("SAML"), 27 | SIGNATURE("SIGNATURE"); 28 | 29 | private CodeListenerControllerType(String type) { 30 | this.type = type; 31 | } 32 | 33 | private final String type; 34 | 35 | public String getType() { 36 | return type; 37 | } 38 | 39 | } -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/attacks/signatureFaking/exceptions/SignatureFakingException.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.attacks.signatureFaking.exceptions; 20 | 21 | /** 22 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 23 | */ 24 | public class SignatureFakingException 25 | extends Exception 26 | { 27 | 28 | public SignatureFakingException( String message ) 29 | { 30 | super( message ); 31 | } 32 | 33 | public SignatureFakingException( Exception e ) 34 | { 35 | super( e ); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/attacks/signatureFaking/exceptions/CertificateHandlerException.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.attacks.signatureFaking.exceptions; 20 | 21 | /** 22 | * @author Juraj Somorovsky - juraj.somorovsky@rub.de 23 | */ 24 | public class CertificateHandlerException 25 | extends Exception 26 | { 27 | 28 | public CertificateHandlerException( String message ) 29 | { 30 | super( message ); 31 | } 32 | 33 | public CertificateHandlerException( Exception e ) 34 | { 35 | super( e ); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/gui/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.gui (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.gui

14 |
15 |

Classes

16 | 23 |
24 | 25 | 26 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.utilities (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.utilities

14 |
15 |

Classes

16 | 23 |
24 | 25 | 26 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/listeners/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.utilities.listeners (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.utilities.listeners

14 |
15 |

Interfaces

16 | 19 |

Classes

20 | 24 |
25 | 26 | 27 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/listeners/events/SamlCodeEvent.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.listeners.events; 20 | 21 | import de.rub.nds.burp.utilities.listeners.AbstractCodeEvent; 22 | 23 | /** 24 | * @author Nurullah Erinola 25 | */ 26 | public class SamlCodeEvent extends AbstractCodeEvent{ 27 | 28 | /** 29 | * Create a new SamlCodeEvent 30 | * @param source The origin of the event. 31 | * @param code The data (source code) to submit. 32 | */ 33 | public SamlCodeEvent(Object source, byte [] code) { 34 | super(source, code); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/listeners/events/SigAlgoCodeEvent.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.listeners.events; 20 | 21 | import de.rub.nds.burp.utilities.listeners.AbstractCodeEvent; 22 | 23 | /** 24 | * @author Nurullah Erinola 25 | */ 26 | public class SigAlgoCodeEvent extends AbstractCodeEvent{ 27 | 28 | /** 29 | * Create a new SigAlgoCodeEvent 30 | * @param source The origin of the event. 31 | * @param code The data (source code) to submit. 32 | */ 33 | public SigAlgoCodeEvent(Object source, byte[] code) { 34 | super(source, code); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/listeners/events/SignatureCodeEvent.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.listeners.events; 20 | 21 | import de.rub.nds.burp.utilities.listeners.AbstractCodeEvent; 22 | 23 | /** 24 | * @author Nurullah Erinola 25 | */ 26 | public class SignatureCodeEvent extends AbstractCodeEvent{ 27 | 28 | /** 29 | * Create a new SignatureCodeEvent 30 | * @param source The origin of the event. 31 | * @param code The data (source code) to submit. 32 | */ 33 | public SignatureCodeEvent(Object source, byte[] code) { 34 | super(source, code); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/espresso/gui/attacker/IAttack.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.espresso.gui.attacker; 20 | 21 | import de.rub.nds.burp.utilities.listeners.AbstractCodeEvent; 22 | import de.rub.nds.burp.utilities.listeners.ICodeListener; 23 | 24 | /** 25 | * The IAttack interface. 26 | * This interface must be implemented by every attack in the Attacker. 27 | * @author Tim Guenther 28 | */ 29 | public interface IAttack extends ICodeListener{ 30 | /** 31 | * Notify all registered listeners with the new code. 32 | * @param evt The new source code. 33 | */ 34 | public void notifyAllTabs(AbstractCodeEvent evt); 35 | } 36 | -------------------------------------------------------------------------------- /src/test/java/de/rub/nds/burp/utilities/ByteArrayHelperTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities; 20 | 21 | import org.junit.Test; 22 | import static org.junit.Assert.*; 23 | 24 | /** 25 | * 26 | */ 27 | public class ByteArrayHelperTest { 28 | 29 | /** 30 | * Test of hexStringToByteArray method, of class ByteArrayHelper. 31 | */ 32 | @Test 33 | public void testHexStringToByteArray() { 34 | String input = "00 11 22 33 44 55\n11\n\r"; 35 | byte[] result = ByteArrayHelper.hexStringToByteArray(input); 36 | assertArrayEquals(new byte[]{0, 17, 34, 51, 68, 85, 17}, result); 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /src/test/java/de/rub/nds/burp/utilities/protocols/xmlenc/AlgorithmTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.protocols.xmlenc; 20 | 21 | import org.junit.Test; 22 | import static org.junit.Assert.*; 23 | 24 | /** 25 | * 26 | */ 27 | public class AlgorithmTest { 28 | 29 | @Test 30 | public void testList() { 31 | String[] uris = SymmetricAlgorithm.getURIs(); 32 | assertNotNull(uris); 33 | assertNotNull(SymmetricAlgorithm.getByURI(uris[0])); 34 | uris = AsymmetricAlgorithm.getURIs(); 35 | assertNotNull(uris); 36 | assertNotNull(AsymmetricAlgorithm.getByURI(uris[0])); 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/table/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.utilities.table (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.utilities.table

14 |
15 |

Classes

16 | 23 |
24 | 25 | 26 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/gui/attacker/saml/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.espresso.gui.attacker.saml (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.espresso.gui.attacker.saml

14 |
15 |

Interfaces

16 | 19 |

Classes

20 | 25 |
26 | 27 | 28 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/listeners/ICodeListener.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.listeners; 20 | 21 | import java.util.EventListener; 22 | 23 | /** 24 | * The interface for all CodeListners. 25 | * @author Tim Guenther 26 | * @version 1.0 27 | */ 28 | public interface ICodeListener extends EventListener { 29 | /** 30 | * Is called every time new Code is available. 31 | * @param evt {@link de.rub.nds.burp.utilities.listeners.AbstractCodeEvent} The new source code. 32 | */ 33 | public void setCode(AbstractCodeEvent evt); 34 | /** 35 | * Set the listener for the editor. 36 | * @param listeners {@link de.rub.nds.burp.utilities.listeners.CodeListenerController} 37 | */ 38 | public void setListener(CodeListenerController listeners); 39 | } 40 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/EncodingType.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities; 20 | 21 | /** 22 | * @author Nurullah Erinola 23 | */ 24 | public enum EncodingType { 25 | 26 | UTF_7("UTF-7"), 27 | UTF_8("UTF-8"), 28 | UTF_16("UTF-16"), 29 | UTF_16BE("UTF-16BE"), 30 | UTF_16LE("UTF-16LE"); 31 | 32 | EncodingType(String encoding) { 33 | this.encoding = encoding; 34 | } 35 | 36 | private final String encoding; 37 | 38 | public String getEncoding() { 39 | return encoding; 40 | } 41 | 42 | public static EncodingType fromString(String encoding) { 43 | for(EncodingType type: EncodingType.values()) { 44 | if(type.encoding.equalsIgnoreCase(encoding)) { 45 | return type; 46 | } 47 | } 48 | return null; 49 | } 50 | 51 | } 52 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/listeners/AbstractCodeEvent.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.listeners; 20 | 21 | import java.util.EventObject; 22 | 23 | /** 24 | * Abstract Code Event 25 | * @author Tim Guenther 26 | * @version 1.0 27 | */ 28 | public abstract class AbstractCodeEvent extends EventObject{ 29 | 30 | private byte[] code; 31 | 32 | /** 33 | * Template to create a new CodeEvent. 34 | * @param source The origin of the event. 35 | * @param code The data (source code) to submit. 36 | */ 37 | public AbstractCodeEvent(Object source, byte[] code) { 38 | super(source); 39 | this.code = code; 40 | } 41 | 42 | /** 43 | * Get the Source Code. 44 | * @return The source code. 45 | */ 46 | public byte[] getCode(){ 47 | return code; 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/table/xsw/TableEntry.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table.xsw; 20 | 21 | /** 22 | * A table entry for the class Table. 23 | * 24 | * @author Nurullah Erinola 25 | */ 26 | public class TableEntry { 27 | 28 | private String xPath; 29 | private String currentValue; 30 | private String newValue; 31 | 32 | /** 33 | * Construct a new table entry. 34 | */ 35 | public TableEntry(String xPath, String currentValue, String newValue) { 36 | this.xPath = xPath; 37 | this.currentValue = currentValue; 38 | this.newValue = newValue; 39 | } 40 | 41 | public String getXPath() { 42 | return xPath; 43 | } 44 | 45 | public String getCurrentValue() { 46 | return currentValue; 47 | } 48 | 49 | public String getNewValue() { 50 | return newValue; 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/protocols/package-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | de.rub.nds.burp.utilities.protocols (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |

de.rub.nds.burp.utilities.protocols

14 |
15 |

Classes

16 | 26 |
27 | 28 | 29 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/table/ssoHistory/TableMouseListener.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table.ssoHistory; 20 | 21 | import java.awt.Point; 22 | import java.awt.event.MouseAdapter; 23 | import java.awt.event.MouseEvent; 24 | import javax.swing.JTable; 25 | 26 | /** 27 | * A mouse listener for a JTable component. 28 | * Copied from http://www.codejava.net/java-se/swing/jtable-popup-menu-example 29 | * @author www.codejava.neet 30 | * @version 1.0 31 | */ 32 | public class TableMouseListener extends MouseAdapter{ 33 | private JTable table; 34 | 35 | /** 36 | * Create a new TableMouseListener for a table. 37 | * @param table The table to listen to. 38 | */ 39 | public TableMouseListener(JTable table) { 40 | this.table = table; 41 | } 42 | 43 | /** 44 | * Activate if mouse is pressed. 45 | * @param event The event that is passed. 46 | */ 47 | @Override 48 | public void mousePressed(MouseEvent event) { 49 | // selects the row at which point the mouse is clicked 50 | Point point = event.getPoint(); 51 | int currentRow = table.rowAtPoint(point); 52 | table.setRowSelectionInterval(currentRow, currentRow); 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/espresso/gui/UITab.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.espresso.gui; 20 | 21 | import burp.IBurpExtenderCallbacks; 22 | import burp.ITab; 23 | import java.awt.Component; 24 | 25 | /** 26 | * An additional tab in Burp Suite 27 | * @author Tim Guenther 28 | * @version 1.0 29 | */ 30 | public class UITab implements ITab { 31 | 32 | //public UIPanel panel; 33 | private UIMain main; 34 | private final IBurpExtenderCallbacks callbacks; 35 | 36 | /** 37 | * Create a new Tab. 38 | * @param callbacks {@link burp.IBurpExtenderCallbacks} 39 | */ 40 | public UITab(IBurpExtenderCallbacks callbacks) { 41 | this.callbacks = callbacks; 42 | this.main = new UIMain(callbacks); 43 | callbacks.customizeUiComponent(main); 44 | callbacks.addSuiteTab(this); 45 | } 46 | 47 | /** 48 | * 49 | * @return Get the UI component that should be registered at the Burp Suite GUI. 50 | */ 51 | @Override 52 | public Component getUiComponent() { 53 | return main; 54 | } 55 | 56 | /** 57 | * 58 | * @return Get the UI component that should be registered at the Burp Suite GUI. 59 | */ 60 | public UIMain getUiMain(){ 61 | return main; 62 | } 63 | 64 | /** 65 | * 66 | * @return Get the Headline for the Tab. 67 | */ 68 | @Override 69 | public String getTabCaption() { 70 | return "EsPReSSO"; 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/protocols/xmlenc/AsymmetricAlgorithm.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.protocols.xmlenc; 20 | 21 | import java.util.Arrays; 22 | 23 | /** 24 | * 25 | * @author Juraj Somorovsky 26 | */ 27 | public enum AsymmetricAlgorithm { 28 | 29 | RSA("RSA/None/NoPadding", "Plain RSA encryption for testing purposes"), 30 | RSA_OAEP_MGF1P("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"), 31 | RSA_PKCS1_15("RSA/ECB/PKCS1Padding", "http://www.w3.org/2001/04/xmlenc#rsa-1_5"); 32 | 33 | private String javaName; 34 | 35 | private String uri; 36 | 37 | AsymmetricAlgorithm(String javaName, String uri) { 38 | this.javaName = javaName; 39 | this.uri = uri; 40 | } 41 | 42 | public static String[] getURIs() { 43 | return Arrays.stream(AsymmetricAlgorithm.values()).map(AsymmetricAlgorithm::getUri).toArray(String[]::new); 44 | } 45 | 46 | public static AsymmetricAlgorithm getByURI(String uri) { 47 | for(AsymmetricAlgorithm algo : AsymmetricAlgorithm.values()) { 48 | if(algo.getUri().equals(uri)) { 49 | return algo; 50 | } 51 | } 52 | throw new IllegalArgumentException(); 53 | } 54 | 55 | public String getJavaName() { 56 | return javaName; 57 | } 58 | 59 | public void setJavaName(String javaName) { 60 | this.javaName = javaName; 61 | } 62 | 63 | public String getUri() { 64 | return uri; 65 | } 66 | 67 | public void setUri(String uri) { 68 | this.uri = uri; 69 | } 70 | 71 | } 72 | -------------------------------------------------------------------------------- /doc/apidocs/overview-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Overview List (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 |
All Classes
14 |
15 |

Packages

16 | 31 |
32 |

 

33 | 34 | 35 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/espresso/gui/attacker/saml/UISigWrapAttack.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.espresso.gui.attacker.saml; 20 | 21 | import de.rub.nds.burp.espresso.gui.attacker.saml.xsw.UISigWrapAttackInit; 22 | import de.rub.nds.burp.espresso.gui.attacker.saml.xsw.UISigWrapExec; 23 | import de.rub.nds.burp.utilities.listeners.CodeListenerController; 24 | import javax.swing.JTabbedPane; 25 | 26 | /** 27 | * The Signature Wrapping Attack 28 | * @author Nurullah Erinola 29 | * @version 1.0 30 | */ 31 | public class UISigWrapAttack extends JTabbedPane { 32 | 33 | private final String INIT = "Init Attack"; 34 | private final String EXECUTE = "Execute Attack"; 35 | 36 | private UISigWrapAttackInit uiInit; 37 | private UISigWrapExec uiExec; 38 | 39 | /** 40 | * Create new form UISigWrapAttackNew. 41 | */ 42 | public UISigWrapAttack(){ 43 | initComponents(); 44 | } 45 | 46 | private void initComponents() { 47 | uiExec = new UISigWrapExec(); 48 | uiInit = new UISigWrapAttackInit(uiExec); 49 | uiInit.setSwitchTabFunc((Integer i) -> selectTab(i)); 50 | // Add to pane 51 | this.add(INIT, uiInit); 52 | this.add(EXECUTE, uiExec); 53 | } 54 | 55 | /** 56 | * Set the listener for the editor. 57 | * @param listeners {@link de.rub.nds.burp.utilities.listeners.CodeListenerController} 58 | */ 59 | public void setListeners(CodeListenerController listeners){ 60 | uiInit.setListener(listeners); 61 | uiExec.setListener(listeners); 62 | } 63 | 64 | private void selectTab(int index) { 65 | this.setSelectedIndex(index); 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/espresso/gui/attacker/util/PayloadBean.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.espresso.gui.attacker.util; 20 | 21 | import java.beans.PropertyChangeListener; 22 | import java.beans.PropertyChangeSupport; 23 | import wsattacker.library.signatureWrapping.option.Payload; 24 | 25 | /** 26 | * PayloadBean 27 | * @author Christian Mainka 28 | * @version 1.0 29 | */ 30 | 31 | public class PayloadBean { 32 | 33 | private Payload payload; 34 | 35 | /** 36 | * Property of payload. 37 | */ 38 | public static final String PROP_PAYLOAD = "payload"; 39 | 40 | private transient final PropertyChangeSupport propertyChangeSupport = new PropertyChangeSupport(this); 41 | 42 | /** 43 | * Get the value of payload 44 | * 45 | * @return the value of payload 46 | */ 47 | public Payload getPayload() { 48 | return payload; 49 | } 50 | 51 | /** 52 | * Set the value of payload 53 | * 54 | * @param payload new value of payload 55 | */ 56 | public void setPayload(Payload payload) { 57 | Payload oldPayload = this.payload; 58 | this.payload = payload; 59 | propertyChangeSupport.firePropertyChange(PROP_PAYLOAD, oldPayload, payload); 60 | } 61 | 62 | /** 63 | * Add PropertyChangeListener. 64 | * 65 | * @param listener {@link java.beans.PropertyChangeListener} 66 | */ 67 | public void addPropertyChangeListener(PropertyChangeListener listener) { 68 | propertyChangeSupport.addPropertyChangeListener(listener); 69 | } 70 | 71 | /** 72 | * Remove PropertyChangeListener. 73 | * 74 | * @param listener {@link java.beans.PropertyChangeListener} 75 | */ 76 | public void removePropertyChangeListener(PropertyChangeListener listener) { 77 | propertyChangeSupport.removePropertyChangeListener(listener); 78 | } 79 | 80 | } -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/espresso/gui/UIMain.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.espresso.gui; 20 | 21 | import burp.IBurpExtenderCallbacks; 22 | import javax.swing.JTabbedPane; 23 | 24 | /** 25 | * The main window, the parent window for all tabs. 26 | * @author Tim Guenther 27 | * @version 1.0 28 | */ 29 | public class UIMain extends JTabbedPane{ 30 | private IBurpExtenderCallbacks callbacks; 31 | 32 | //GUI 33 | private UIHistory history; 34 | private UIOptions options; 35 | private UIHelp help; 36 | 37 | /** 38 | * Construct the main UI. 39 | * @param callbacks {@link burp.IBurpExtenderCallbacks}. 40 | */ 41 | public UIMain(IBurpExtenderCallbacks callbacks) { 42 | this.callbacks = callbacks; 43 | initComponents(); 44 | 45 | } 46 | /** 47 | * 48 | * @return Get the history tab. 49 | */ 50 | public UIHistory getHistory(){ 51 | return history; 52 | } 53 | 54 | /** 55 | * 56 | * @return Get the help tab. 57 | */ 58 | public UIHelp getHelp() { 59 | return help; 60 | } 61 | 62 | /** 63 | * 64 | * @return Get the options tab. 65 | */ 66 | public UIOptions getOptions() { 67 | return options; 68 | } 69 | 70 | private void initComponents(){ 71 | //register all components on the extension tab 72 | //sso history 73 | history = new UIHistory(callbacks); 74 | //options 75 | options = new UIOptions(callbacks); 76 | //help 77 | help = new UIHelp(); 78 | 79 | this.addTab("SSO History", history); 80 | this.addTab("Options", options); 81 | this.addTab("Help", help); 82 | 83 | // customize ui components 84 | callbacks.customizeUiComponent(this); 85 | } 86 | } 87 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/listeners/CodeListenerController.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.listeners; 20 | 21 | import javax.swing.event.EventListenerList; 22 | 23 | /** 24 | * CodeListener Controller 25 | * @author Tim Guenther 26 | * @version 1.0 27 | */ 28 | public class CodeListenerController { 29 | private EventListenerList listeners = new EventListenerList(); 30 | private CodeListenerControllerType type; 31 | 32 | /** 33 | * Default Constructor. 34 | * @param type 35 | */ 36 | public CodeListenerController(CodeListenerControllerType type){ 37 | this.type = type; 38 | } 39 | 40 | /** 41 | * Return the type of the listener {@link de.rub.nds.burp.utilities.listeners.ICodeListener} 42 | * @return The type of the listener. 43 | */ 44 | public CodeListenerControllerType getType() { 45 | return type; 46 | } 47 | 48 | /** 49 | * Add a new implementation of {@link de.rub.nds.burp.utilities.listeners.ICodeListener} 50 | * @param listener The new listener. 51 | */ 52 | public void addCodeListener(ICodeListener listener){ 53 | listeners.add(ICodeListener.class, listener); 54 | } 55 | 56 | /** 57 | * Remove the {@link de.rub.nds.burp.utilities.listeners.ICodeListener} 58 | * @param listener The listener to remove. 59 | */ 60 | public void removeCodeListener(ICodeListener listener){ 61 | listeners.remove(ICodeListener.class, listener); 62 | } 63 | 64 | /** 65 | * Notify all registered listeners with the new code. 66 | * @param event The event. 67 | */ 68 | public synchronized void notifyAll(AbstractCodeEvent event) 69 | { 70 | for (ICodeListener l : listeners.getListeners(ICodeListener.class)){ 71 | l.setCode(event); 72 | } 73 | } 74 | 75 | 76 | } 77 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/espresso/gui/attacker/UIError.form: -------------------------------------------------------------------------------- 1 | 2 | 3 |
4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 |
56 | -------------------------------------------------------------------------------- /src/test/java/de/rub/nds/burp/utilities/table/TableTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table; 20 | 21 | import de.rub.nds.burp.utilities.table.ssoHistory.TableHelper; 22 | import de.rub.nds.burp.utilities.table.ssoHistory.Table; 23 | import de.rub.nds.burp.utilities.table.ssoHistory.TableEntry; 24 | import java.util.ArrayList; 25 | import junit.framework.TestCase; 26 | 27 | /** 28 | * 29 | * @author Tim Guenther 30 | */ 31 | public class TableTest extends TestCase { 32 | 33 | public TableTest(String testName) { 34 | super(testName); 35 | } 36 | 37 | /** 38 | * Test of getName method, of class Table. 39 | */ 40 | public void testGetName() { 41 | System.out.println("getName"); 42 | String expResult = "testName"; 43 | Table instance = new Table(new TableHelper(null), expResult, "123"); 44 | String result = instance.getName(); 45 | assertTrue(expResult.equals(result)); 46 | } 47 | 48 | /** 49 | * Test of getTableHelper method, of class Table. 50 | */ 51 | public void testGetTableHelper() { 52 | System.out.println("getTableHelper"); 53 | TableHelper expResult = new TableHelper(null); 54 | Table instance = new Table(expResult, null, "123"); 55 | TableHelper result = instance.getTableHelper(); 56 | assertEquals(expResult, result); 57 | // TODO review the generated test code and remove the default call to fail. 58 | //fail("The test case is a prototype."); 59 | } 60 | 61 | /** 62 | * Test of getTableList method, of class Table. 63 | */ 64 | public void testGetTableList() { 65 | System.out.println("getTableList"); 66 | ArrayList expResult = new ArrayList(); 67 | Table instance = new Table(new TableHelper(expResult), null, "123"); 68 | ArrayList result = instance.getTableList(); 69 | assertEquals(expResult, result); 70 | // TODO review the generated test code and remove the default call to fail. 71 | //fail("The test case is a prototype."); 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/test/java/de/rub/nds/burp/utilities/table/TableDBTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table; 20 | 21 | import de.rub.nds.burp.utilities.table.ssoHistory.TableHelper; 22 | import de.rub.nds.burp.utilities.table.ssoHistory.Table; 23 | import de.rub.nds.burp.utilities.table.ssoHistory.TableDB; 24 | import java.util.ArrayList; 25 | import junit.framework.TestCase; 26 | 27 | /** 28 | * 29 | * @author Tim Guenther 30 | */ 31 | public class TableDBTest extends TestCase { 32 | 33 | public TableDBTest(String testName) { 34 | super(testName); 35 | } 36 | 37 | /** 38 | * Test of getTable method, of class TableDB. 39 | */ 40 | public void testGetTable_String() { 41 | System.out.println("getTable"); 42 | String id = "123"; 43 | Table expResult = new Table(new TableHelper(new ArrayList<>()),"testName",id); 44 | TableDB.addTable(expResult); 45 | Table result = TableDB.getTable(id); 46 | assertEquals(expResult.getID(), result.getID()); 47 | // TODO review the generated test code and remove the default call to fail. 48 | //fail("The test case is a prototype."); 49 | } 50 | 51 | /** 52 | * Test of getTable method, of class TableDB. 53 | */ 54 | public void testGetTable_int() { 55 | System.out.println("getTable"); 56 | int index = 0; 57 | Table expResult = new Table(new TableHelper(new ArrayList<>()),"testName","123"); 58 | TableDB.addTable(expResult); 59 | Table result = TableDB.getTable(index); 60 | assertEquals(expResult.getID(), result.getID()); 61 | // TODO review the generated test code and remove the default call to fail. 62 | //fail("The test case is a prototype."); 63 | } 64 | 65 | /** 66 | * Test of addTable method, of class TableDB. 67 | */ 68 | public void testAddTable() { 69 | System.out.println("addTable"); 70 | Table t = null; 71 | assertTrue(TableDB.addTable(t)); 72 | // TODO review the generated test code and remove the default call to fail. 73 | //fail("The test case is a prototype."); 74 | } 75 | 76 | } 77 | -------------------------------------------------------------------------------- /src/test/java/de/rub/nds/burp/utilities/table/TableHelperTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table; 20 | 21 | import de.rub.nds.burp.utilities.table.ssoHistory.TableHelper; 22 | import de.rub.nds.burp.utilities.table.ssoHistory.TableEntry; 23 | import burp.IHttpRequestResponsePersisted; 24 | import java.util.ArrayList; 25 | import junit.framework.TestCase; 26 | 27 | /** 28 | * 29 | * @author Tim Guenther 30 | */ 31 | public class TableHelperTest extends TestCase { 32 | 33 | public TableHelperTest(String testName) { 34 | super(testName); 35 | } 36 | 37 | /** 38 | * Test of getTableList method, of class TableHelper. 39 | */ 40 | public void testGetTableList() { 41 | System.out.println("getTableList"); 42 | ArrayList expResult = new ArrayList(); 43 | TableHelper instance = new TableHelper(expResult); 44 | ArrayList result = instance.getTableList(); 45 | assertEquals(expResult, result); 46 | // TODO review the generated test code and remove the default call to fail. 47 | //fail("The test case is a prototype."); 48 | } 49 | 50 | /** 51 | * Test of getRowCount method, of class TableHelper. 52 | */ 53 | public void testGetRowCount() { 54 | System.out.println("getRowCount"); 55 | TableHelper instance = new TableHelper(new ArrayList()); 56 | int expResult = 0; 57 | int result = instance.getRowCount(); 58 | assertEquals(expResult, result); 59 | // TODO review the generated test code and remove the default call to fail. 60 | //fail("The test case is a prototype."); 61 | } 62 | 63 | /** 64 | * Test of getColumnCount method, of class TableHelper. 65 | */ 66 | public void testGetColumnCount() { 67 | System.out.println("getColumnCount"); 68 | TableHelper instance = new TableHelper(new ArrayList()); 69 | int expResult = 9; 70 | int result = instance.getColumnCount(); 71 | assertEquals(expResult, result); 72 | // TODO review the generated test code and remove the default call to fail. 73 | // fail("The test case is a prototype."); 74 | } 75 | 76 | } 77 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/ParameterUtilities.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities; 20 | 21 | import burp.IParameter; 22 | import java.util.List; 23 | import java.util.Set; 24 | 25 | /** 26 | * Functions to search parameter lists. 27 | * @author Christian Mainka 28 | * @version 1.0 29 | */ 30 | 31 | final public class ParameterUtilities { 32 | 33 | /** 34 | * Search for the first appearance of a parameter in the list. 35 | * @param parameterList A list of parameters with string names. 36 | * @param parameterName The name of the parameter. 37 | * @return true if the list contains the name otherwise false. 38 | */ 39 | public static boolean parameterListContainsParameterName(List parameterList, String parameterName) { 40 | boolean result = false; 41 | for (IParameter p : parameterList) { 42 | if (parameterName.equals(p.getName())) { 43 | result = true; 44 | break; 45 | } 46 | } 47 | return result; 48 | } 49 | 50 | /** 51 | * Search for the first appearance of a parameter in the list. 52 | * @param parameterList A list of parameters with string names. 53 | * @param parameterNames A set of names for parameters. 54 | * @return true if the list contains of of the given names otherwise false. 55 | */ 56 | public static boolean parameterListContainsParameterName(List parameterList, Set parameterNames) { 57 | boolean result = false; 58 | for (IParameter p : parameterList) { 59 | if (parameterNames.contains(p.getName())) { 60 | result = true; 61 | break; 62 | } 63 | } 64 | return result; 65 | } 66 | 67 | /** 68 | * Search for the first appearance of a parameter in the list. 69 | * @param parameterList A list of parameters with string names. 70 | * @param parameterName The name of the parameter. 71 | * @return The first parameter with the given name found in the 72 | * parameter list, or null, if parameterName is not found. 73 | */ 74 | public static IParameter getFirstParameterByName(List parameterList, String parameterName) { 75 | IParameter result = null; 76 | for (IParameter p : parameterList) { 77 | if (parameterName.equals(p.getName())) { 78 | result = p; 79 | break; 80 | } 81 | } 82 | return result; 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /doc/apidocs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | EsPReSSO 1.0 API 8 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | <noscript> 69 | <div>JavaScript is disabled on your browser.</div> 70 | </noscript> 71 | <h2>Frame Alert</h2> 72 | <p>This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client. Link to <a href="overview-summary.html">Non-frame version</a>.</p> 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/Compression.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities; 20 | 21 | import java.io.ByteArrayOutputStream; 22 | import java.io.IOException; 23 | import java.util.zip.DataFormatException; 24 | import java.util.zip.Deflater; 25 | import java.util.zip.Inflater; 26 | 27 | /** 28 | * Functions to decompress and compress Base64 content with zip deflate/inflate. 29 | * @author Christian Mainka 30 | * @version 1.0 31 | */ 32 | 33 | // Thanks to 34 | // http://qupera.blogspot.de/2013/02/howto-compress-and-uncompress-java-byte.html 35 | public class Compression { 36 | 37 | /** 38 | * Compress given bytes with zip deflate. 39 | * @param data The content to compress. 40 | * @throws IOException For the ByteArrayOutputStream(). 41 | * @return The compressed content. 42 | */ 43 | 44 | public static byte[] compress(byte[] data) throws IOException { 45 | Deflater deflater = new Deflater(9, Boolean.TRUE); 46 | deflater.setInput(data); 47 | 48 | ByteArrayOutputStream outputStream = new ByteArrayOutputStream(data.length); 49 | 50 | deflater.finish(); 51 | byte[] buffer = new byte[1024]; 52 | while (!deflater.finished()) { 53 | int count = deflater.deflate(buffer); // returns the generated code... index 54 | outputStream.write(buffer, 0, count); 55 | } 56 | outputStream.close(); 57 | byte[] output = outputStream.toByteArray(); 58 | 59 | deflater.end(); 60 | 61 | return output; 62 | } 63 | 64 | /** 65 | * Decompress given bytes with zip inflate. 66 | * @param data The content to decompress. 67 | * @throws IOException For the ByteArrayOutputStream(). 68 | * @throws DataFormatException For the Inflater(). 69 | * @return The decompressed content. 70 | */ 71 | 72 | public static byte[] decompress(byte[] data) throws IOException, DataFormatException { 73 | Inflater inflater = new Inflater(Boolean.TRUE); 74 | inflater.setInput(data); 75 | 76 | ByteArrayOutputStream outputStream = new ByteArrayOutputStream(data.length); 77 | byte[] buffer = new byte[1024]; 78 | int count; 79 | do { 80 | count = inflater.inflate(buffer); 81 | outputStream.write(buffer, 0, count); 82 | } while (count != 0); 83 | outputStream.close(); 84 | byte[] output = outputStream.toByteArray(); 85 | 86 | inflater.end(); 87 | 88 | return output; 89 | } 90 | } 91 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/table/ssoHistory/TableDB.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table.ssoHistory; 20 | 21 | import java.util.ArrayList; 22 | 23 | /** 24 | * A database for all Tables. 25 | * @author Tim Guenther 26 | * @version 1.0 27 | */ 28 | public abstract class TableDB { 29 | 30 | //Tables - add a new table for each 31 | private final static ArrayList tableList = new ArrayList
(); 32 | 33 | /** 34 | * Get the table by name. 35 | * @param id The name of the table. 36 | * @return The table with the given name, otherwise null. 37 | */ 38 | public static Table getTable(String id){ 39 | for(Table t : tableList){ 40 | if(t.getID().equals(id)){ 41 | return t; 42 | } 43 | } 44 | return null; 45 | } 46 | 47 | /** 48 | * Get the table by index. 49 | * @param index Index of the table. 50 | * @return The table at the position of the index. 51 | */ 52 | public static Table getTable(int index){ 53 | return tableList.get(index); 54 | } 55 | 56 | /** 57 | * Add new table to the list. 58 | * @param t The new table. 59 | * @return True if successfully, false otherwise. 60 | */ 61 | public static boolean addTable(Table t){ 62 | try{ 63 | tableList.add(t); 64 | } catch (Exception e) { 65 | return false; 66 | } 67 | return true; 68 | } 69 | 70 | /** 71 | * Remove the a table. 72 | * @param t The table. 73 | * @return True if table is removed, false otherwise. 74 | */ 75 | public static boolean removeTable(Table t){ 76 | try{ 77 | tableList.remove(t); 78 | } catch (Exception e) { 79 | return false; 80 | } 81 | return true; 82 | } 83 | 84 | /** 85 | * Remove all tables 86 | * @return True if all tables are removed. 87 | */ 88 | public static boolean clear(){ 89 | try{ 90 | tableList.clear(); 91 | } catch (Exception e) { 92 | return false; 93 | } 94 | return true; 95 | } 96 | 97 | /** 98 | * Get the count of the tables 99 | * @return The count. 100 | */ 101 | public static int size(){ 102 | return tableList.size(); 103 | } 104 | } 105 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/espresso/gui/attacker/UIError.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.espresso.gui.attacker; 20 | 21 | /** 22 | * The Error UI. 23 | * Should be displayed for an when an error in a UI happens as a fallback. 24 | * @author Tim Guenther 25 | * @version 1.0 26 | */ 27 | public class UIError extends javax.swing.JPanel { 28 | 29 | private String link = "GitHub"; 30 | 31 | /** 32 | * Creates new form UIError 33 | */ 34 | public UIError() { 35 | initComponents(); 36 | } 37 | 38 | /** 39 | * This method is called from within the constructor to initialize the form. 40 | * WARNING: Do NOT modify this code. The content of this method is always 41 | * regenerated by the Form Editor. 42 | */ 43 | @SuppressWarnings("unchecked") 44 | // //GEN-BEGIN:initComponents 45 | private void initComponents() { 46 | 47 | jScrollPane1 = new javax.swing.JScrollPane(); 48 | errorTextArea = new javax.swing.JTextArea(); 49 | 50 | errorTextArea.setEditable(false); 51 | errorTextArea.setColumns(20); 52 | errorTextArea.setRows(5); 53 | errorTextArea.setText("Sorry, an error happend!\n\nPlease review error message under the tab /Extender/Error.\nIf you need help, write an issue on Github : https://github.com/RUB-NDS/BurpSSOExtension-Development/issues"); 54 | jScrollPane1.setViewportView(errorTextArea); 55 | 56 | javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); 57 | this.setLayout(layout); 58 | layout.setHorizontalGroup( 59 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 60 | .addGroup(layout.createSequentialGroup() 61 | .addContainerGap() 62 | .addComponent(jScrollPane1, javax.swing.GroupLayout.DEFAULT_SIZE, 791, Short.MAX_VALUE) 63 | .addContainerGap()) 64 | ); 65 | layout.setVerticalGroup( 66 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 67 | .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() 68 | .addContainerGap() 69 | .addComponent(jScrollPane1, javax.swing.GroupLayout.DEFAULT_SIZE, 276, Short.MAX_VALUE) 70 | .addContainerGap()) 71 | ); 72 | }// //GEN-END:initComponents 73 | 74 | 75 | // Variables declaration - do not modify//GEN-BEGIN:variables 76 | private javax.swing.JTextArea errorTextArea; 77 | private javax.swing.JScrollPane jScrollPane1; 78 | // End of variables declaration//GEN-END:variables 79 | } 80 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # EsPReSSO 2 | [![Build Status](https://travis-ci.org/RUB-NDS/BurpSSOExtension.svg?branch=master)](https://travis-ci.org/RUB-NDS/BurpSSOExtension) 3 | ![licence](https://img.shields.io/badge/License-GPLv2-brightgreen.svg) 4 | [![release](https://img.shields.io/badge/Release-v3.3.1-blue.svg)](https://github.com/RUB-NDS/BurpSSOExtension/releases) 5 | ![status](https://img.shields.io/badge/Status-beta-yellow.svg) 6 | 7 | ## Extension for Processing and Recognition of Single Sign-On Protocols 8 | 9 | The extension is based on the BurpSSO Extension, developed by the [Chair of Network and Data Security, Ruhr University 10 | Bochum](http://nds.rub.de/) and the [Hackmanit GmbH](http://hackmanit.de/). The extension is part of a bachelor thesis by [Tim Guenther](https://github.com/TimGuenther) at the [Ruhr-University Bochum](http://rub.de/) in cooperation with [Context Information Security Ltd.](http://contextis.com/). 11 | 12 | 13 | ## Features 14 | 15 | ### Detecting 16 | Supported Protocols: 17 | - [x] SAML 18 | - [x] OpenID 19 | - [x] OAuth 20 | - [x] BrowserId 21 | - [x] OpenID Connect 22 | - [x] Facebook Connect 23 | - [x] Microsoft Account 24 | 25 | ### Attacking 26 | - [x] WS-Attacker integration while intercepting SAML messages 27 | - [x] DTD-Attacker integration while intercepting SAML messages 28 | - [x] XML-Encryption-Attacker integration while intercepting SAML messages 29 | 30 | ### Beautifier 31 | - [x] Syntax Highlight 32 | - [x] Highlight SSO messages in proxy window and display the protocol type 33 | - [x] Show all recognized SSO messages in a history tab 34 | - [x] Context menu for 'Analyze SSO Protocol' 35 | 36 | ### Editors/Viewers 37 | - [x] View and edit SAML 38 | - [x] View JSON and JSON Web Token (JWT) 39 | 40 | ## Build 41 | ```bash 42 | $ mvn clean package 43 | ``` 44 | (Please start Burp with Java 1.8) 45 | 46 | ## Installation and Usage 47 | 48 | - Build the JAR file as described above, or download it from [releases](https://github.com/RUB-NDS/BurpSSOExtension/releases). 49 | - Load the JAR file from the target folder into Burp's Extender. (Start Burp with Java 1.8) 50 | - SSO messages are highlighted automatically in Burp's HTTP history (Proxy tab). 51 | - SAML, JSON and JWT editors and viewers attached automatically. 52 | - A SSO History, Options and Help can be found in a new tab called 'EsPReSSO'. 53 | 54 | ## Dependencies and Licences 55 | 56 | Dependency | Licence | Access Date | Link | Copyright (c) Date, Name | 57 | |-----------------|---------------------------------|-------------|-------------------------------------------------------------------|----------------------------------------------------------------------| 58 | | RSyntaxTextArea | modified BSD license | 20.09.2015 | https://github.com/bobbylight/RSyntaxTextArea | 2012, Robert Futrell | 59 | | json-simple | Apache License 2.0 | 20.09.2015 | https://code.google.com/p/json-simple/ | Unkown, Yidong Fang | 60 | | WSAttacker | GNU General Public License v2.0 | 20.09.2015 | https://github.com/RUB-NDS/WS-Attacker/ | 2012, Christain Mainka, Andreas Falkenberg, Jurai Somorovski, et al. | 61 | | junit | Eclipse Public License 1.0 | 12.03.2018 | https://github.com/junit-team/junit4 | Unkown, Erich Gamma and Kent Beck. | 62 | | jutf7 | MIT license | 12.03.2018 | https://sourceforge.net/projects/jutf7/ | 2011, Jaap Beetstra | 63 | | commons-io | Apache License 2.0 | 12.03.2018 | https://github.com/apache/commons-io | 2012, Scott Sanders, et al. | 64 | 65 | ## Tested with: 66 | - Java 1.8.0._151 67 | - Burp Suite 1.7.36 68 | - Ubuntu 16.04.3 LTS, amd64 69 | - Netbeans 8.2 70 | - Maven 3.3.9 71 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/ByteArrayHelper.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities; 20 | 21 | /** 22 | * 23 | */ 24 | public class ByteArrayHelper { 25 | 26 | /** 27 | * Converts a string with an even number of hexadecimal characters to a byte 28 | * array. 29 | * 30 | * @param input 31 | * hex string 32 | * @return byte array 33 | */ 34 | public static byte[] hexStringToByteArray(String input) { 35 | input = input.replaceAll("\\s", ""); 36 | if ((input == null) || (input.length() % 2 != 0)) { 37 | throw new IllegalArgumentException("The input must not be null and " 38 | + "shall have an even number of hexadecimal characters. Found: " + input); 39 | } 40 | byte[] output = new byte[input.length() / 2]; 41 | for (int i = 0; i < output.length; i++) { 42 | output[i] = (byte) ((Character.digit(input.charAt(i * 2), 16) << 4) + Character.digit( 43 | input.charAt(i * 2 + 1), 16)); 44 | } 45 | return output; 46 | } 47 | 48 | public static String bytesToHexString(byte[] array) { 49 | if (array == null) { 50 | array = new byte[0]; 51 | } 52 | boolean usePrettyPrinting = (array.length > 15); 53 | return bytesToHexString(array, usePrettyPrinting); 54 | } 55 | 56 | public static String bytesToHexString(byte[] array, boolean usePrettyPrinting) { 57 | if (array == null) { 58 | array = new byte[0]; 59 | } 60 | return bytesToHexString(array, usePrettyPrinting, false); 61 | } 62 | 63 | public static String bytesToHexString(byte[] array, boolean usePrettyPrinting, boolean initialNewLine) { 64 | StringBuilder result = new StringBuilder(); 65 | if (initialNewLine && usePrettyPrinting) { 66 | result.append("\n"); 67 | } 68 | for (int i = 0; i < array.length; i++) { 69 | if (i != 0) { 70 | if (usePrettyPrinting && (i % 16 == 0)) { 71 | result.append("\n"); 72 | } else { 73 | if (usePrettyPrinting && (i % 8 == 0)) { 74 | result.append(" "); 75 | } 76 | result.append(" "); 77 | } 78 | } 79 | byte b = array[i]; 80 | result.append(String.format("%02X", b)); 81 | } 82 | return result.toString(); 83 | } 84 | 85 | public static byte[] concatenate(final byte[]... arrays) { 86 | if (arrays == null || arrays.length == 0) { 87 | throw new IllegalArgumentException("The minimal number of parameters for this function is one"); 88 | } 89 | int length = 0; 90 | for (final byte[] a : arrays) { 91 | if (a != null) { 92 | length += a.length; 93 | } 94 | } 95 | byte[] result = new byte[length]; 96 | int currentOffset = 0; 97 | for (final byte[] a : arrays) { 98 | if (a != null) { 99 | System.arraycopy(a, 0, result, currentOffset, a.length); 100 | currentOffset += a.length; 101 | } 102 | } 103 | return result; 104 | } 105 | } 106 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/protocols/xmlenc/SymmetricAlgorithm.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.protocols.xmlenc; 20 | 21 | import java.util.Arrays; 22 | 23 | /** 24 | * 25 | * @author Juraj Somorovsky 26 | */ 27 | public enum SymmetricAlgorithm { 28 | 29 | AES128_CBC("AES/CBC/NoPadding", "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128), 30 | AES192_CBC("AES/CBC/NoPadding", "http://www.w3.org/2001/04/xmlenc#aes192-cbc", 192), 31 | AES256_CBC("AES/CBC/NoPadding", "http://www.w3.org/2001/04/xmlenc#aes256-cbc", 256), 32 | AES128_GCM("AES/GCM/NoPadding", "http://www.w3.org/2009/xmlenc11#aes128-gcm", 128), 33 | AES192_GCM("AES/GCM/NoPadding", "http://www.w3.org/2009/xmlenc11#aes192-gcm", 192), 34 | AES256_GCM("AES/GCM/NoPadding", "http://www.w3.org/2009/xmlenc11#aes256-gcm", 256), 35 | TRIPLEDES_CBC("DESede/CBC/NoPadding", "http://www.w3.org/2001/04/xmlenc#tripledes-cbc", 192); 36 | 37 | private String javaName; 38 | 39 | private String uri; 40 | 41 | private int keyLength; 42 | 43 | SymmetricAlgorithm(String javaName, String uri, int keyLength) { 44 | this.javaName = javaName; 45 | this.uri = uri; 46 | this.keyLength = keyLength; 47 | } 48 | 49 | public static String[] getURIs() { 50 | return Arrays.stream(SymmetricAlgorithm.values()).map(SymmetricAlgorithm::getUri).toArray(String[]::new); 51 | } 52 | 53 | public static SymmetricAlgorithm getByURI(String uri) { 54 | for(SymmetricAlgorithm algo : SymmetricAlgorithm.values()) { 55 | if(algo.getUri().equals(uri)) { 56 | return algo; 57 | } 58 | } 59 | throw new IllegalArgumentException(); 60 | } 61 | 62 | public String getJavaName() { 63 | return javaName; 64 | } 65 | 66 | public void setJavaName(String javaName) { 67 | this.javaName = javaName; 68 | } 69 | 70 | public String getUri() { 71 | return uri; 72 | } 73 | 74 | public int getKeyLength() { 75 | return keyLength; 76 | } 77 | 78 | public void setUri(String uri) { 79 | this.uri = uri; 80 | } 81 | 82 | public boolean isUsingGCMMode() { 83 | return (this == AES128_GCM || this == AES192_GCM || this == AES256_GCM); 84 | } 85 | 86 | public boolean isUsingPadding() { 87 | return (this == AES128_CBC || this == AES192_CBC || this == AES256_CBC || this == TRIPLEDES_CBC); 88 | } 89 | 90 | public int getIvLength() { 91 | switch (this) { 92 | case AES128_CBC: 93 | case AES192_CBC: 94 | case AES256_CBC: 95 | return 16; 96 | case AES128_GCM: 97 | case AES192_GCM: 98 | case AES256_GCM: 99 | return 12; 100 | default: 101 | return 8; 102 | } 103 | } 104 | 105 | public int getBlockSize() { 106 | if (this == TRIPLEDES_CBC) { 107 | return 8; 108 | } else { 109 | return 16; 110 | } 111 | } 112 | 113 | public String getSecretKeyAlgorithm() { 114 | if(this == TRIPLEDES_CBC) { 115 | return "TripleDES"; 116 | } else { 117 | return "AES"; 118 | } 119 | } 120 | 121 | } 122 | -------------------------------------------------------------------------------- /doc/apidocs/deprecated-list.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Deprecated List (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Deprecated API

75 |

Contents

76 |
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /src/test/java/de/rub/nds/burp/utilities/EncodingTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities; 20 | 21 | import java.io.IOException; 22 | import java.io.UnsupportedEncodingException; 23 | import java.net.URLDecoder; 24 | import java.util.Base64; 25 | import java.util.Base64.Decoder; 26 | import junit.framework.TestCase; 27 | 28 | /** 29 | * 30 | * @author ackbar 31 | */ 32 | public class EncodingTest extends TestCase { 33 | 34 | public EncodingTest(String testName) { 35 | super(testName); 36 | } 37 | 38 | 39 | /** 40 | * Test of isURLEncoded method, of class EncodingChecker. 41 | */ 42 | public void testIsURLEncoded() { 43 | System.out.println("isURLEncoded"); 44 | String data = "This%20is%20a%20test%20string%20with%20special%20chars%20like%20ths%3A%20%2f@%5E%26%2a%28%28%29%7B%7D%7B%3A%3B"; 45 | boolean result = Encoding.isURLEncoded(data); 46 | assertTrue(result); 47 | 48 | data = " /!@#$*()[]{}"; 49 | result = Encoding.isURLEncoded(data); 50 | assertFalse(result); 51 | } 52 | 53 | /** 54 | * Test of isBase64Encoded method, of class EncodingChecker. 55 | */ 56 | public void testIsBase64Encoded() { 57 | System.out.println("isBase64Encoded"); 58 | 59 | String data = "VGhpcyBpcyBhIHRlc3Qgc3RyaW5nIHdpdGggc3BlY2lhbCBjaGFycyBsaWtlIHRoczogL0BeJiooKCl7fXs6Ow=="; 60 | boolean result = Encoding.isBase64Encoded(data); 61 | assertTrue(result); 62 | 63 | String base64WithNewlines = "VGhpcyBpcyBhIHRlc3Qgc3RyaW5nIHdpd\r\nGggc3BlY2lhbCBjaGFycyBsaWtlIHRoczogL0BeJiooKCl\n7fXs6Ow=="; 64 | boolean resultBase64WithNewlines = Encoding.isBase64Encoded(base64WithNewlines); 65 | assertTrue(resultBase64WithNewlines); 66 | 67 | String data1 = "This is a test string with special chars like ths: /@^&*((){}{:;"; 68 | boolean result1 = Encoding.isBase64Encoded(data1); 69 | assertFalse(result1); 70 | 71 | String data2 = "This%20is%20a%20test%20string%20with%20special%20chars%20like%20ths%3A%20%2f@%5E%26%2a%28%28%29%7B%7D%7B%3A%3B"; 72 | boolean result2 = Encoding.isBase64Encoded(data2); 73 | assertFalse(result2); 74 | 75 | } 76 | 77 | /** 78 | * Test of isDeflated method, of class EncodingChecker. 79 | */ 80 | public void testIsDeflated() { 81 | System.out.println("isDeflated"); 82 | String data = "fZFba8MwDIX%2FStB7c11a19QpYaNQ2GCsl4e9DDdR2rDEziy79OfP9MI6BnsUOp%2BOdDSbn%2FouOKKhVisBSRhDgKrSdav2AjbrxYjBvJiR7Lt04KWzB%2FWGXw7JBh5UxC8dAc4oriW1xJXskbit%2BKp8eeZpGPPBaKsr3UFQEqGx3upRK3I9mhWaY1vhUtV4EuDNS2tNu3MWLwq%2Fxh%2FJQpsKz6sIaGRHCMHyScAHm%2BwaTOo8G0uZxslDlu8mdTOOMzaVjE0bL6NXSdQe8Qckcn40WamsAE%2Flo5iNknSdpDxPeRaHLJu%2BQ7C9JeTvgWse%2FAyb%2ByD%2Bz0HerofiYO3Ao8ijW206JKf2IQ1hpftIadPLbq0%2FUc2ie6PiWv7%2BQ%2FEN"; 83 | try { 84 | data = URLDecoder.decode(data, "ASCII"); 85 | } catch (UnsupportedEncodingException ex) { 86 | fail(ex.toString()); 87 | } 88 | Decoder d = Base64.getDecoder(); 89 | byte[] bin_data = d.decode(data); 90 | 91 | boolean result = false; 92 | try { 93 | result = Encoding.isDeflated(bin_data); 94 | } catch (IOException ex) { 95 | fail(ex.toString()); 96 | } 97 | 98 | assertTrue(result); 99 | } 100 | 101 | } 102 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/table/ssoHistory/Table.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table.ssoHistory; 20 | 21 | import de.rub.nds.burp.espresso.gui.UIHistory; 22 | import de.rub.nds.burp.utilities.protocols.SSOProtocol; 23 | import java.util.ArrayList; 24 | import java.util.Iterator; 25 | import javax.swing.JTable; 26 | 27 | /** 28 | * A Table for the SSOHistory. 29 | * @author Tim Guenther 30 | * @version 1.0 31 | */ 32 | public class Table extends JTable{ 33 | private TableHelper th; 34 | private ArrayList list; 35 | private String name; 36 | private String id; 37 | 38 | /** 39 | * Create a new Table. 40 | * @param th The helper to organise your table entries. 41 | * @param name The table name. 42 | * @param id The request id. 43 | */ 44 | public Table(TableHelper th, String name, String id) 45 | { 46 | super(th); 47 | this.th = th; 48 | this.list = th.getTableList(); 49 | this.name = name; 50 | this.id = id; 51 | } 52 | 53 | /** 54 | * Get the name. 55 | * @return The name of the table. 56 | */ 57 | public String getName(){ 58 | return name; 59 | } 60 | 61 | /** 62 | * Get the id of the table. 63 | * @return The request id of the table. 64 | */ 65 | public String getID(){ 66 | return id; 67 | } 68 | 69 | /** 70 | * Get the {@link TableHelper}. 71 | * @return The {@link TableHelper} related to the table. 72 | */ 73 | public TableHelper getTableHelper(){ 74 | return th; 75 | } 76 | 77 | /** 78 | * Get all {@link TableEntry}s 79 | * @return Get a list of table entries. 80 | */ 81 | public ArrayList getTableList(){ 82 | return list; 83 | } 84 | 85 | /** 86 | * Get the {@link TableEntry} at index i. 87 | * @param i The index. 88 | * @return {@link TableEntry} 89 | */ 90 | public TableEntry getTableEntry(int i){ 91 | return list.get(i); 92 | } 93 | 94 | /** 95 | * Controls the current displayed item in the detail view. 96 | * The item is displayed below the SSO history window. 97 | * @param row The current row. 98 | * @param col The current column. 99 | * @param toggle Should the entry be toggled. 100 | * @param extend Should the entry be extended. 101 | */ 102 | @Override 103 | public void changeSelection(int row, int col, boolean toggle, boolean extend) 104 | { 105 | // show the entry for the selected row 106 | TableEntry entry = list.get(row); 107 | UIHistory.requestViewer.setMessage(entry.getMessage().getRequest(), true); 108 | UIHistory.responseViewer.setMessage(entry.getMessage().getResponse(), false); 109 | UIHistory.currentlyDisplayedItem = entry.getMessage(); 110 | 111 | super.changeSelection(row, col, toggle, extend); 112 | } 113 | 114 | /** 115 | * Update the table the full history. 116 | */ 117 | public void update(){ 118 | SSOProtocol sso = list.get(0).getSSOProtocol(); 119 | ArrayList ssoList = sso.getProtocolFlow(); 120 | list.clear(); 121 | for (Iterator it = ssoList.iterator(); it.hasNext();) { 122 | sso = it.next(); 123 | th.addRow(sso.toTableEntry()); 124 | } 125 | } 126 | } 127 | -------------------------------------------------------------------------------- /doc/apidocs/burp/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package burp (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
burp

75 |
76 |
No usage of burp
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/table/xsw/TableModel.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table.xsw; 20 | 21 | import java.util.ArrayList; 22 | import javax.swing.table.AbstractTableModel; 23 | 24 | /** 25 | * Helper class for the class Table. 26 | * 27 | * @author Nurullah Erinola 28 | */ 29 | public class TableModel extends AbstractTableModel{ 30 | 31 | private ArrayList list; 32 | private String[] columnNames = {"xPath", "Current value", "New value"}; 33 | 34 | /** 35 | * Construct a new Table Helper 36 | */ 37 | public TableModel() { 38 | list = new ArrayList<>(); 39 | } 40 | 41 | /** 42 | * Get the table list. 43 | * @return The list saved during the construction. 44 | */ 45 | public ArrayList getTableList(){ 46 | return list; 47 | } 48 | 49 | public TableEntry getTableEntry(int row) { 50 | return list.get(row); 51 | } 52 | 53 | /** 54 | * Add a row to the list and the table. 55 | * @param entry The new row. 56 | */ 57 | public void addRow(TableEntry entry){ 58 | list.add(entry); 59 | int tmp = list.size()-1; 60 | fireTableRowsInserted(tmp, tmp); 61 | } 62 | 63 | /** 64 | * Remove all entries from the table list. 65 | */ 66 | public void clearAll(){ 67 | list.clear(); 68 | fireTableDataChanged(); 69 | } 70 | 71 | /** 72 | * Remove one entrie from the table list. 73 | * @param row The removed row. 74 | */ 75 | public void remove(int row){ 76 | list.remove(row); 77 | int tmp = list.size()-1; 78 | fireTableRowsDeleted(tmp, tmp); 79 | } 80 | 81 | /** 82 | * Get the number of rows. 83 | * @return Number of rows. 84 | */ 85 | @Override 86 | public int getRowCount() 87 | { 88 | return list.size(); 89 | } 90 | 91 | /** 92 | * 93 | * @return Number of columns. 94 | */ 95 | @Override 96 | public int getColumnCount() 97 | { 98 | return columnNames.length; 99 | } 100 | 101 | /** 102 | * Get the name of the column. 103 | * @param columnIndex Index of the column. 104 | * @return The name of the column. 105 | */ 106 | @Override 107 | public String getColumnName(int columnIndex) 108 | { 109 | return columnNames[columnIndex]; 110 | } 111 | 112 | /** 113 | * Get the class of the column. 114 | * @param columnIndex Index of the column. 115 | * @return The class of the column. 116 | */ 117 | @Override 118 | public Class getColumnClass(int columnIndex) 119 | { 120 | return String.class; 121 | } 122 | 123 | /** 124 | * Get the value at a position. 125 | * @param rowIndex The row. 126 | * @param columnIndex The column. 127 | * @return Value for the specified entry. Null if not found. 128 | */ 129 | @Override 130 | public Object getValueAt(int rowIndex, int columnIndex) 131 | { 132 | TableEntry entry = list.get(rowIndex); 133 | 134 | switch (columnIndex) 135 | { 136 | case 0: 137 | return entry.getXPath(); 138 | case 1: 139 | return entry.getCurrentValue(); 140 | case 2: 141 | return entry.getNewValue(); 142 | default: 143 | return null; 144 | } 145 | } 146 | 147 | @Override 148 | public boolean isCellEditable(int rowIndex, int columnIndex) { 149 | return false; 150 | } 151 | } 152 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/Logging.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities; 20 | 21 | import burp.BurpExtender; 22 | import de.rub.nds.burp.espresso.gui.UIOptions; 23 | import java.io.PrintWriter; 24 | import java.time.LocalTime; 25 | 26 | /** 27 | * The extension internal logging. 28 | * @author Tim Guenther 29 | * @version 1.0 30 | * 31 | * ATTENTION!
32 | * Based on the internal architecture of Burp Suite, the first called class is 33 | * {@link burp.BurpExtender}, this class initialises the {@link java.io.PrintWriter}. 34 | * So NEVER call the Logging before this initialisation. 35 | */ 36 | public class Logging { 37 | 38 | private static PrintWriter stdout = null; 39 | private static PrintWriter stderr = null; 40 | 41 | /** 42 | * {@value #ERROR} 43 | */ 44 | public static final int ERROR = 1; 45 | /** 46 | * {@value #INFO} 47 | */ 48 | public static final int INFO = 2; 49 | /** 50 | * {@value #DEBUG} 51 | */ 52 | public static final int DEBUG = 3; 53 | 54 | //Singleton Design Pattern. 55 | private Logging(){ 56 | stdout = BurpExtender.getStdOut(); 57 | stderr = BurpExtender.getStdErr(); 58 | } 59 | 60 | //Create a only one instace. 61 | private static class SingletonHolder { 62 | private static final Logging INSTANCE = new Logging(); 63 | } 64 | 65 | /** 66 | * Get the Instance of the Logger. 67 | * @return A Logging instance. 68 | */ 69 | public static Logging getInstance() { 70 | return SingletonHolder.INSTANCE; 71 | } 72 | 73 | /** 74 | * Log a specific message on a logging level. 75 | * @param c The calling class. 76 | * @param message The message to log. 77 | * @param log_type The logging type. ERROR = {@value #ERROR}, INFO = 78 | * {@value #INFO}, DEBUG = {@value #DEBUG} 79 | */ 80 | public void log(Class c, String message, int log_type){ 81 | LocalTime t = LocalTime.now(); 82 | String time = t.toString().substring(0, t.toString().length()-4); 83 | switch(log_type){ 84 | case ERROR: 85 | stdout.println("[E] "+time+" - ["+c.getName()+"]:\t"+"Error, see Errors tab."); 86 | stderr.println("[E] "+time+" - ["+c.getName()+"]:\t"+message); 87 | break; 88 | case INFO: 89 | if(UIOptions.getLoggingLevel() == 0 || UIOptions.getLoggingLevel() == 2){ 90 | stdout.println("[I] "+time+" - ["+c.getName()+"]:\t"+message); 91 | } 92 | break; 93 | case DEBUG: 94 | if(UIOptions.getLoggingLevel() == 1 || UIOptions.getLoggingLevel() == 2){ 95 | stdout.println("[D] "+time+" - ["+c.getName()+"]:\t"+message); 96 | } 97 | break; 98 | } 99 | } 100 | 101 | /** 102 | * Log an error on level ERROR. 103 | * @param c The calling class. 104 | * @param e The thrown exception. 105 | */ 106 | public void log(Class c, Exception e){ 107 | LocalTime t = LocalTime.now(); 108 | String time = t.toString().substring(0, t.toString().length()-4); 109 | StackTraceElement[] stacktrace = e.getStackTrace(); 110 | String trace = e.toString()+"\n"; 111 | for(StackTraceElement ste : stacktrace){ 112 | trace += "\t"+ste.toString()+"\n"; 113 | } 114 | stdout.println("[E] "+time+" - ["+c.getName()+"]:\t"+"Error, see Errors tab."); 115 | stderr.println("[E] "+time+" - ["+c.getName()+"]:\t"+trace); 116 | } 117 | } 118 | -------------------------------------------------------------------------------- /doc/apidocs/burp/class-use/BurpExtender.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Class burp.BurpExtender (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Class
burp.BurpExtender

75 |
76 |
No usage of burp.BurpExtender
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.espresso (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.espresso

75 |
76 |
No usage of de.rub.nds.burp.espresso
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/editor/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.espresso.editor (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.espresso.editor

75 |
76 |
No usage of de.rub.nds.burp.espresso.editor
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/scanner/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.espresso.scanner (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.espresso.scanner

75 |
76 |
No usage of de.rub.nds.burp.espresso.scanner
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/attacker/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.espresso.attacker (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.espresso.attacker

75 |
76 |
No usage of de.rub.nds.burp.espresso.attacker
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/editor/saml/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.espresso.editor.saml (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.espresso.editor.saml

75 |
76 |
No usage of de.rub.nds.burp.espresso.editor.saml
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/gui/attacker/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.espresso.gui.attacker (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.espresso.gui.attacker

75 |
76 |
No usage of de.rub.nds.burp.espresso.gui.attacker
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/listeners/saml/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.utilities.listeners.saml (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.utilities.listeners.saml

75 |
76 |
No usage of de.rub.nds.burp.utilities.listeners.saml
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/gui/attacker/util/package-use.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Package de.rub.nds.burp.espresso.gui.attacker.util (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Package
de.rub.nds.burp.espresso.gui.attacker.util

75 |
76 |
No usage of de.rub.nds.burp.espresso.gui.attacker.util
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /src/main/java/de/rub/nds/burp/utilities/table/ssoHistory/TableHelper.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.table.ssoHistory; 20 | 21 | import de.rub.nds.burp.utilities.Logging; 22 | import java.util.ArrayList; 23 | import javax.swing.table.AbstractTableModel; 24 | 25 | /** 26 | * Helper class for the class Table. 27 | * @author Tim Guenther 28 | * @version 1.0 29 | */ 30 | public class TableHelper extends AbstractTableModel{ 31 | 32 | private ArrayList list; 33 | private String[] colName = {"#","SSO Protocol","Host","Method","URL","Token","Time","Length","Comment"}; 34 | 35 | /** 36 | * Construct a new Table Helper 37 | * @param list A list of table entries. 38 | */ 39 | public TableHelper(ArrayList list) { 40 | this.list = list; 41 | } 42 | 43 | /** 44 | * Get the table list. 45 | * @return The list saved during the construction. 46 | */ 47 | public ArrayList getTableList(){ 48 | return list; 49 | } 50 | 51 | /** 52 | * Add a row to the list and the table. 53 | * @param entry The new row. 54 | * @return True if successfully, false otherwise. 55 | */ 56 | public boolean addRow(TableEntry entry){ 57 | try{ 58 | int row = list.size(); 59 | list.add(entry); 60 | fireTableRowsInserted(row,row); 61 | } catch(Exception e) { 62 | return false; 63 | } 64 | return true; 65 | } 66 | 67 | /** 68 | * Remove all entries from the table list. 69 | * @return True if all entries removed, false otherwise. 70 | */ 71 | public boolean clear(){ 72 | try{ 73 | list.clear(); 74 | fireTableDataChanged(); 75 | } catch(Exception e) { 76 | return false; 77 | } 78 | return true; 79 | } 80 | 81 | /** 82 | * Get the number of rows. 83 | * @return Number of rows. 84 | */ 85 | @Override 86 | public int getRowCount() 87 | { 88 | return list.size(); 89 | } 90 | 91 | /** 92 | * 93 | * @return Number of columns. (9) 94 | */ 95 | @Override 96 | public int getColumnCount() 97 | { 98 | return 9; 99 | } 100 | 101 | /** 102 | * Get the name of the column. 103 | * @param columnIndex Index of the column. 104 | * @return The name of the column. 105 | */ 106 | @Override 107 | public String getColumnName(int columnIndex) 108 | { 109 | try { 110 | return colName[columnIndex]; 111 | } catch (Exception e) { 112 | Logging.getInstance().log(getClass(), e); 113 | return ""; 114 | } 115 | } 116 | 117 | /** 118 | * Get the class of the column. 119 | * @param columnIndex Index of the column. 120 | * @return The class of the column. 121 | */ 122 | @Override 123 | public Class getColumnClass(int columnIndex) 124 | { 125 | return String.class; 126 | } 127 | 128 | /** 129 | * Get the value at a position. 130 | * @param rowIndex The row. 131 | * @param columnIndex The column. 132 | * @return Value for the specified entry. Null if not found. 133 | */ 134 | @Override 135 | public Object getValueAt(int rowIndex, int columnIndex) 136 | { 137 | TableEntry entry = list.get(rowIndex); 138 | 139 | switch (columnIndex) 140 | { 141 | case 0: 142 | return entry.getCounter(); 143 | case 1: 144 | return entry.getProtocol(); 145 | case 2: 146 | return entry.getHost(); 147 | case 3: 148 | return entry.getMethod(); 149 | case 4: 150 | return entry.getUrl(); 151 | case 5: 152 | return entry.getToken() ; 153 | case 6: 154 | return entry.getTime(); 155 | case 7: 156 | return entry.getLength(); 157 | case 8: 158 | return entry.getComment(); 159 | default: 160 | return null; 161 | } 162 | } 163 | } 164 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/class-use/Encoding.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Class de.rub.nds.burp.utilities.Encoding (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Class
de.rub.nds.burp.utilities.Encoding

75 |
76 |
No usage of de.rub.nds.burp.utilities.Encoding
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/class-use/HttpMarker.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Class de.rub.nds.burp.espresso.HttpMarker (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Class
de.rub.nds.burp.espresso.HttpMarker

75 |
76 |
No usage of de.rub.nds.burp.espresso.HttpMarker
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/class-use/XMLHelper.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Class de.rub.nds.burp.utilities.XMLHelper (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Class
de.rub.nds.burp.utilities.XMLHelper

75 |
76 |
No usage of de.rub.nds.burp.utilities.XMLHelper
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/utilities/class-use/Compression.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Class de.rub.nds.burp.utilities.Compression (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Class
de.rub.nds.burp.utilities.Compression

75 |
76 |
No usage of de.rub.nds.burp.utilities.Compression
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/gui/class-use/UITab.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Class de.rub.nds.burp.espresso.gui.UITab (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Class
de.rub.nds.burp.espresso.gui.UITab

75 |
76 |
No usage of de.rub.nds.burp.espresso.gui.UITab
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | -------------------------------------------------------------------------------- /src/test/java/de/rub/nds/burp/utilities/protocols/xmlenc/XmlEncryptionHelperTest.java: -------------------------------------------------------------------------------- 1 | /** 2 | * EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. 3 | * Copyright (C) 2015 Tim Guenther and Christian Mainka 4 | * 5 | * This program is free software; you can redistribute it and/or modify it under 6 | * the terms of the GNU General Public License as published by the Free Software 7 | * Foundation; either version 2 of the License, or (at your option) any later 8 | * version. 9 | * 10 | * This program is distributed in the hope that it will be useful, but WITHOUT 11 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 12 | * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more 13 | * details. 14 | * 15 | * You should have received a copy of the GNU General Public License along with 16 | * this program; if not, write to the Free Software Foundation, Inc., 51 17 | * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | */ 19 | package de.rub.nds.burp.utilities.protocols.xmlenc; 20 | 21 | import de.rub.nds.burp.utilities.ByteArrayHelper; 22 | import java.security.Security; 23 | import java.util.Base64; 24 | import javax.crypto.Cipher; 25 | import org.bouncycastle.jce.provider.BouncyCastleProvider; 26 | import org.junit.Test; 27 | import static org.junit.Assert.*; 28 | 29 | /** 30 | * 31 | */ 32 | public class XmlEncryptionHelperTest { 33 | 34 | String certificate = "-----BEGIN CERTIFICATE-----\n" 35 | + "MIIDXTCCAkWgAwIBAgIJAIxP8J/SewB+MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" 36 | + "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" 37 | + "aWRnaXRzIFB0eSBMdGQwHhcNMTgwMzA0MTQ1MDQxWhcNMzExMTExMTQ1MDQxWjBF\n" 38 | + "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" 39 | + "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" 40 | + "CgKCAQEA7dt6PNOO7kHRNu+IiES/e70IX3QRpZGNrj2RTVWf66fRQVeFbnnwXFxn\n" 41 | + "QU4z+YI3mVNtnSd8wdox2kvz9tbSNO+GzMvJzoKGInXB5rAWnloUJ8+sEL/SZ1i0\n" 42 | + "M87k5/IBr+x1DQ23fOy0Q6CeTNkrC6KXKsOX+Mi5RQq+M1cVHmO4JhmGJUuJrdcG\n" 43 | + "VEzSSE0oDfOu++fCuArcDJtN/G5EBvkKVJUnOfR1/KaV0AkpI7RS2KgaYlMi2Hj/\n" 44 | + "dueH8DtUdlMXuQpCoByD3ZPlwVRJ1JZcRPFHTO4rmw620as4sixthkzHnQeTGnq/\n" 45 | + "etuKLX0UUSwCmOXdysGrKaOBACKgvwIDAQABo1AwTjAdBgNVHQ4EFgQU/cx/Xzz/\n" 46 | + "/TIUftk46Goyypegf2MwHwYDVR0jBBgwFoAU/cx/Xzz//TIUftk46Goyypegf2Mw\n" 47 | + "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAh824gQhX6vMlL85dcbcb\n" 48 | + "GPcuzwZASbTbdWaDTbSHbRW5Na5jiJo/eeSXmrFxj3G8Y5186rysIEsz0c0YlyIp\n" 49 | + "jF2kTjJrhWKzcGRVzBA07j3juXpJ2QA61ILoKjOIioebZSfy0pQ0VgIbEsA5BVzZ\n" 50 | + "SclOatoWM/WqgtlveyVKU5zjOMysf/HLf9qBPLLdB71vf/n1GYbLKAcH9X4HD5M+\n" 51 | + "zSLLPIRs0XFlGNXNJYR2ZojYk9ycLBsunwGYEflJRTMl+oQBPDOYMCemcxM3PWR8\n" 52 | + "dsVM3xBxbS3RxIt61mZr5xj4BBCsci49dhNcZ6rTqYMISFoY9D9rzQiBV4ULD+Wc\n" 53 | + "kQ==\n" 54 | + "-----END CERTIFICATE-----"; 55 | 56 | XmlEncryptionHelper xmlEncryptionHelper; 57 | 58 | public XmlEncryptionHelperTest() { 59 | xmlEncryptionHelper = new XmlEncryptionHelper(); 60 | xmlEncryptionHelper.setSymmetricKey(new byte[16]); 61 | } 62 | 63 | /** 64 | * Test of encryptKey method, of class XmlEncryptionHelper. 65 | * @throws java.lang.Exception 66 | */ 67 | @Test 68 | public void testEncryptKey() throws Exception { 69 | String result = xmlEncryptionHelper.encryptKey(certificate, AsymmetricAlgorithm.RSA_OAEP_MGF1P); 70 | assertNotNull(result); 71 | assertNotEquals("", result); 72 | } 73 | 74 | /** 75 | * Test of encryptKey method, of class XmlEncryptionHelper. 76 | * @throws java.lang.Exception 77 | */ 78 | @Test 79 | public void testEncryptKeyPlainRSA() throws Exception { 80 | byte[] key = new byte[]{0, 0, 0, 7}; 81 | xmlEncryptionHelper.setSymmetricKey(key); 82 | String result = xmlEncryptionHelper.encryptKey(certificate, AsymmetricAlgorithm.RSA); 83 | System.out.println(result); 84 | assertNotNull(result); 85 | assertNotEquals("", result); 86 | 87 | Security.addProvider(new BouncyCastleProvider()); 88 | Cipher cipher = Cipher.getInstance(AsymmetricAlgorithm.RSA.getJavaName()); 89 | cipher.init(Cipher.ENCRYPT_MODE, XmlEncryptionHelper.getPublicKey(certificate)); 90 | String expected = Base64.getEncoder().encodeToString(cipher.doFinal(key)); 91 | assertEquals(expected, result); 92 | } 93 | 94 | @Test 95 | public void testEncryptData() throws Exception { 96 | SymmetricAlgorithm algorithm = SymmetricAlgorithm.AES128_CBC; 97 | byte[] xml = "".getBytes(); 98 | byte[] padding = xmlEncryptionHelper.computePadding(xml, algorithm); 99 | byte[] data = ByteArrayHelper.concatenate(xml, padding); 100 | String result = xmlEncryptionHelper.encryptData(data, algorithm); 101 | assertNotNull(result); 102 | assertNotEquals("", result); 103 | } 104 | 105 | } 106 | -------------------------------------------------------------------------------- /doc/apidocs/burp/package-tree.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | burp Class Hierarchy (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Hierarchy For Package burp

75 | Package Hierarchies: 76 | 79 |
80 |
81 |

Class Hierarchy

82 |
    83 |
  • java.lang.Object 84 |
      85 |
    • burp.BurpExtender (implements burp.IBurpExtender, burp.IExtensionStateListener)
      • 86 |
    87 |
    • 88 |
89 |
90 | 91 |
92 | 93 | 94 |
Skip navigation links
95 | 96 | 97 | 98 | 108 |
109 |
110 |
    111 |
  • Prev
    • 112 |
  • Next
    • 113 |
114 | 118 | 121 |
122 | 132 |
133 | 134 | 135 |
136 | 137 |

Copyright © 2015/–2015. All rights reserved.

138 | 139 | 140 | -------------------------------------------------------------------------------- /doc/apidocs/de/rub/nds/burp/espresso/editor/class-use/Editor.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Uses of Class de.rub.nds.burp.espresso.editor.Editor (EsPReSSO 1.0 API) 8 | 9 | 10 | 11 | 12 | 13 | 23 | 26 | 27 |
28 | 29 | 30 |
Skip navigation links
31 | 32 | 33 | 34 | 44 |
45 |
46 |
    47 |
  • Prev
    • 48 |
  • Next
    • 49 |
50 | 54 | 57 |
58 | 68 |
69 | 70 | 71 |
72 | 73 |
74 |

Uses of Class
de.rub.nds.burp.espresso.editor.Editor

75 |
76 |
No usage of de.rub.nds.burp.espresso.editor.Editor
77 | 78 |
79 | 80 | 81 |
Skip navigation links
82 | 83 | 84 | 85 | 95 |
96 |
97 |
    98 |
  • Prev
    • 99 |
  • Next
    • 100 |
101 | 105 | 108 |
109 | 119 |
120 | 121 | 122 |
123 | 124 |

Copyright © 2015/–2015. All rights reserved.

125 | 126 | 127 | --------------------------------------------------------------------------------