diff --git a/src/main/java/burp/ChildTab.java b/src/main/java/burp/ChildTab.java index 69dd5f2..9d61d6a 100644 --- a/src/main/java/burp/ChildTab.java +++ b/src/main/java/burp/ChildTab.java @@ -24,9 +24,11 @@ public class ChildTab implements IMessageEditorController, ActionListener { private final JPanel panel; public static boolean isEncoded; + public static boolean isGzCompressed; JButton goButton; JCheckBox base64CheckBox; + JCheckBox compressGzCheckBox; private final JComboBox payloadComboBox; @@ -67,6 +69,7 @@ public ChildTab(final IBurpExtenderCallbacks callbacks, JTabbedPane tabbedPane, serializeButton.addActionListener(ChildTab.this); base64CheckBox = new JCheckBox("Base64 Encode"); + compressGzCheckBox = new JCheckBox("Compress (GZip)"); String[] typeStrings = { "BeanShell1","CommonsBeanutilsCollectionsLogging1", "CommonsCollections1", "CommonsCollections2", "CommonsCollections3", "CommonsCollections4","Groovy1","Jdk7u21","Spring1"}; payloadComboBox = new JComboBox<>(typeStrings); @@ -76,6 +79,7 @@ public ChildTab(final IBurpExtenderCallbacks callbacks, JTabbedPane tabbedPane, topButtonPanel.add(goButton); topButtonPanel.add(serializeButton); topButtonPanel.add(base64CheckBox); + topButtonPanel.add(compressGzCheckBox); topButtonPanel.add(payloadComboBox); topButtonPanel.add(helpButton); @@ -138,12 +142,13 @@ private void serializeRequest() { // String[] command = Utilities.formatCommand(commandTextField.getText()); boolean isEncoded = base64CheckBox.isSelected(); + boolean isGzCompressed = compressGzCheckBox.isSelected(); String command = commandTextField.getText(); String payloadType = payloadComboBox.getSelectedItem().toString(); - byte[] httpMessage = Utilities.serializeRequest(message,selectedMessage,isEncoded,command,helpers,payloadType); + byte[] httpMessage = Utilities.serializeRequest(message,selectedMessage,isEncoded,isGzCompressed,command,helpers,payloadType); requestViewer.setMessage(httpMessage, true); diff --git a/src/main/java/burp/Utilities.java b/src/main/java/burp/Utilities.java index 179474c..2b0a53f 100644 --- a/src/main/java/burp/Utilities.java +++ b/src/main/java/burp/Utilities.java @@ -5,16 +5,19 @@ import ysoserial.Serializer; import ysoserial.payloads.ObjectPayload; +import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.Base64; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.util.zip.GZIPOutputStream; public class Utilities { - public static byte[] serializeRequest(byte[] message, byte[] selectedMessage, boolean isEncoded, String command, IExtensionHelpers helpers, String payloadType) { + public static byte[] serializeRequest(byte[] message, byte[] selectedMessage, boolean isEncoded, boolean isGzCompressed, String command, IExtensionHelpers helpers, String payloadType) { int selectedOffset = 0; int endingOffset = 0; @@ -40,6 +43,22 @@ public static byte[] serializeRequest(byte[] message, byte[] selectedMessage, bo byte[] endingArray = Arrays.copyOfRange(message, endingOffset, message.length); byte[] exploitArray = getExploitPayload(payloadType, command); + + if (isGzCompressed) { + ChildTab.isGzCompressed = true; + try { + ByteArrayOutputStream gzOsBytes = new ByteArrayOutputStream(); + GZIPOutputStream gzOs = new GZIPOutputStream(gzOsBytes); + gzOs.write(exploitArray); + gzOs.close(); + exploitArray = gzOsBytes.toByteArray(); + } catch (IOException ioe) { + System.err.println("Error while compressing payload"); + ioe.printStackTrace(); + } + } else { + ChildTab.isGzCompressed = false; + } ChildTab.selectedMessage = exploitArray;