bugfix JWT View

Author: isayan

release/YaguraExtender.jar

@@ -1,7 +1,7 @@
 # YaguraExtender build xml properties
 
 # version
-version=1.7.36.3
+version=1.7.36.4
 
 #lib
 asciidoctor-version=1.5.6

src/burp/release.properties

@@ -393,7 +393,7 @@ public static String toSmartDecode(String value, TransUtil.EncodePattern encodeP
                         decode = TransUtil.decodeSQLangQuote(value);
                         break;
                     case REGEX:
-                        // nothing
+                        decode = TransUtil.toRegexDecode(value);
                         break;
                     default:
                         break;
@@ -917,7 +917,7 @@ public static String toHtmlEncode(char c) {
         return buff.toString();
     }
 
-    public static String toRegexEscape(String input) {
+    public static String toRegexEncode(String input) {
         StringBuilder buff = new StringBuilder();
         int length = input.length();
         for (int i = 0; i < length; i++) {
@@ -960,7 +960,11 @@ public static String toRegexEscape(char ch) {
         }
         return buff.toString();
     }
-        
+
+    public static String toRegexDecode(String input) {
+        return input.replaceAll("\\\\([\\\\\\.\\+\\*\\?\\[\\^\\]\\$\\(\\)\\{\\}\\=\\!\\<\\>\\|\\:\\-])", "$1");
+    }
+    
     public static String toHtmlDecode(String input) {
         StringBuffer buff = new StringBuffer();
         Pattern p = Pattern.compile("(&(?:(#\\d+)|(#[xX][0-9a-fA-F]+)|(\\w+));)");

src/yagura/external/TransUtil.java

@@ -1,142 +1,45 @@
 package yagura.model;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import yagura.external.JsonUtil;
 
 /**
  *
  * @author isayan
  */
-public class JWTObject {
+public class JWTObject extends JWTToken {
 
-private final static Pattern PTN_JWT = Pattern.compile("(e(?:[0-9a-zA-Z_-]){10,})\\.(e(?:[0-9a-zA-Z_-]){2,})\\.((?:[0-9a-zA-Z_-]){20,})");
-
-public static boolean isJWTFormat(String value) {
-    Matcher m = PTN_JWT.matcher(value);
-    if (m.matches()) {
-        return true;    
-    }
-    return false;
-}
-
-public static boolean containsJWTFormat(String value) {
-    Matcher m = PTN_JWT.matcher(value);
-    if (m.find()) {
-        return true;    
-    }
-    return false;
-}
-
-public static String findJWTValue(String value) {
-    Matcher m = PTN_JWT.matcher(value);
-    if (m.find()) {
-        return m.group(0);    
-    }
-    return null;
-}
-
-
-public static JWTObject parseJWTObject(String value, boolean matches) {
-    JWTObject jwt = new JWTObject();
-    Matcher m = PTN_JWT.matcher(value);
-    boolean find = false;
-    if (matches)
-        find = m.matches();
-     else 
-        find = m.find();
-           
-    if (find) {
-        String header = m.group(1);
-        String payload = m.group(2);
-        String signature = m.group(3);    
-        JsonUtil.parse(decodeB64(header));
-        JsonUtil.parse(decodeB64(payload));
-        decodeB64(signature);
-        jwt.header = header;
-        jwt.payload = payload;
-        jwt.signature = signature;    
-    }
-    return jwt;
-}
-
-    private String header;
-    private String payload;
-    private String signature;
-
-    private static byte [] decodeB64Byte(String value) {
-      value = value.replace('-', '+');
-      value = value.replace('_', '/');
-      return Base64.getDecoder().decode(value);
-    }
-    
-    private static String decodeB64(String src) {
-      return new String(decodeB64Byte(src), StandardCharsets.UTF_8);
-    }
-
-    private static String encodeB64Byte(byte [] src) {
-      byte[] encoded = Base64.getEncoder().withoutPadding().encode(src);
-      String value = new String(encoded, StandardCharsets.US_ASCII);
-      value = value.replace('+', '-');
-      value = value.replace('/', '_');
-      return value;
+    public JWTObject(JWTToken token) {
+        super(token);
     }
 
-    private static String encodeB64(String src) {
-      return encodeB64Byte(src.getBytes(StandardCharsets.UTF_8));
-    }
-    
-    /**
-     * @return the header
-     */
-    public String getHeader() {
-        return header;
-    }
-
-    /**
+        /**
      * @return the header
      */
     public String getHeaderJSON(boolean pretty) {
         try {
-            return JsonUtil.prettyJSON(decodeB64(header), pretty);
+            return JsonUtil.prettyJSON(decodeB64(this.getHeader()), pretty);
         } catch (IOException ex) {
             return null;
         }
     }
-    
-    /**
-     * @return the payload
-     */
-    public String getPayload() {
-        return payload;
-    }
 
     /**
      * @return the payload
      */
     public String getPayloadJSON(boolean pretty) {
         try {
-            return JsonUtil.prettyJSON(decodeB64(payload), pretty);
+            return JsonUtil.prettyJSON(decodeB64(this.getPayload()), pretty);
         } catch (IOException ex) {
             return null;
         }
     }
 
-    /**
-     * @return the signature
-     */
-    public String getSignature() {
-        return signature;
-    }
-
     /**
      * @return the signature
      */
     public byte [] getSignatureByte() {
-        return decodeB64Byte(signature);
+        return decodeB64Byte(this.getSignature());
     }
 
 }