WebSocket Logging Tool対応

Author: isayan

Readme-ja.md

@@ -1,4 +1,4 @@
-Burp suite 拡張 YaguraExtender
+Burp suite 拡張 YaguraExtension
 =============
 
 Language/[English](Readme.md)
@@ -46,13 +46,13 @@ gradlew release
 * v2023.1.2以上 (http://www.portswigger.net/burp/)
 
 ### 開発環境
-* NetBeans 20 (https://netbeans.apache.org/)
+* NetBeans 22 (https://netbeans.apache.org/)
 * Gradle 7.6 (https://gradle.org/)
 * asciidoc (http://asciidoc.org/)
 
 ## 必須ライブラリ
 ビルドには別途 [BurpExtensionCommons](https://github.com/raise-isayan/BurpExtensionCommons) のライブラリを必要とします。
-* BurpExtensionCommons v3.0.x
+* BurpExtensionCommons v3.2.x
 
 ### 利用ライブラリ
 

Readme.md

@@ -1,4 +1,4 @@
-Burp suite Extension YaguraExtender
+Burp suite Extension YaguraExtension
 =============
 
 Language/[日本語](Readme-ja.md)
@@ -46,13 +46,13 @@ gradlew release
 * v2023.1.2 or higher (http://www.portswigger.net/burp/)
 
 ### Development environment
-* NetBeans 20 (https://netbeans.apache.org/)
+* NetBeans 22 (https://netbeans.apache.org/)
 * Gradle 7.6 (https://gradle.org/)
 * asciidoc (http://asciidoc.org/)
 
 ## Required library
 Building requires a [BurpExtensionCommons](https://github.com/raise-isayan/BurpExtensionCommons) library.
-* BurpExtensionCommons v3.0.x
+* BurpExtensionCommons v3.2.x
 
 ## Use Library
 * Apache common codec (https://commons.apache.org/proper/commons-codec/)

gradle.properties

@@ -1,4 +1,4 @@
 netbeans.org-netbeans-modules-javascript2-requirejs.enabled=true
 release_version_major=3.1
-release_version_minor=3.2
+release_version_minor=3.3
 netbeans.license=mit

release/YaguraExtension-v3.1.jar

@@ -41,6 +41,14 @@
 import burp.api.montoya.proxy.websocket.ProxyWebSocketCreationHandler;
 import burp.api.montoya.ui.editor.extension.ExtensionProvidedWebSocketMessageEditor;
 import burp.api.montoya.ui.editor.extension.WebSocketMessageEditorProvider;
+import burp.api.montoya.websocket.BinaryMessage;
+import burp.api.montoya.websocket.BinaryMessageAction;
+import burp.api.montoya.websocket.Direction;
+import burp.api.montoya.websocket.MessageHandler;
+import burp.api.montoya.websocket.TextMessage;
+import burp.api.montoya.websocket.TextMessageAction;
+import burp.api.montoya.websocket.WebSocketCreated;
+import burp.api.montoya.websocket.WebSocketCreatedHandler;
 import java.awt.Component;
 import java.awt.event.MouseAdapter;
 import java.awt.event.MouseEvent;
@@ -1825,27 +1833,65 @@ private HttpMessage replaceProxyMessage(
 
     }
 
-    protected final class WebSocketCreationHander implements ProxyWebSocketCreationHandler {
+    protected final class WebSocketCreationHander implements ProxyWebSocketCreationHandler, WebSocketCreatedHandler {
 
         private final MontoyaApi api;
 
         public WebSocketCreationHander(MontoyaApi api) {
             this.api = api;
             api.proxy().registerWebSocketCreationHandler(this);
+            api.websockets().registerWebSocketCreatedHandler(this);
         }
 
         @Override
         public void handleWebSocketCreation(ProxyWebSocketCreation proxyWebSocketCreation) {
-            proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(new WebSocktHander(api, proxyWebSocketCreation));
+            proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(new WebSocktProxyMessageHander(api, proxyWebSocketCreation));
+        }
+
+        @Override
+        public void handleWebSocketCreated(WebSocketCreated webSocketCreated) {
+            webSocketCreated.webSocket().registerMessageHandler(new WebSocktMessageHander(api, webSocketCreated));
         }
 
     }
 
-    protected final class WebSocktHander implements ProxyMessageHandler {
+    protected final class WebSocktMessageHander implements MessageHandler {
+        private final MontoyaApi api;
+        private final WebSocketCreated webSocketCreated;
+
+        public WebSocktMessageHander(MontoyaApi api, WebSocketCreated webSocketCreated) {
+            this.api = api;
+            this.webSocketCreated = webSocketCreated;
+        }
+
+        @Override
+        public TextMessageAction handleTextMessage(TextMessage textMessage) {
+            // WebSockt 出力
+            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog()) {
+                ToolSource toolSource = webSocketCreated.toolSource();
+                logging.writeWebSocketToolMessage(toolSource.toolType(), webSocketCreated, textMessage);
+            }
+            return TextMessageAction.continueWith(textMessage);
+        }
+
+        @Override
+        public BinaryMessageAction handleBinaryMessage(BinaryMessage binaryMessage) {
+            // WebSockt 出力
+            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog()) {
+                ToolSource toolSource = webSocketCreated.toolSource();
+                logging.writeWebSocektToolMessage(toolSource.toolType(), webSocketCreated, binaryMessage);
+            }
+            return BinaryMessageAction.continueWith(binaryMessage);
+        }
+
+    }
+
+
+    protected final class WebSocktProxyMessageHander implements ProxyMessageHandler {
         private final MontoyaApi api;
         private final ProxyWebSocketCreation proxyWebSocketCreation;
 
-        public WebSocktHander(MontoyaApi api, ProxyWebSocketCreation proxyWebSocketCreation) {
+        public WebSocktProxyMessageHander(MontoyaApi api, ProxyWebSocketCreation proxyWebSocketCreation) {
             this.api = api;
             this.proxyWebSocketCreation = proxyWebSocketCreation;
             proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(this);
@@ -1854,35 +1900,39 @@ public WebSocktHander(MontoyaApi api, ProxyWebSocketCreation proxyWebSocketCreat
         @Override
         public TextMessageReceivedAction handleTextMessageReceived(InterceptedTextMessage interceptedTextMessage) {
             // WebSockt 出力
-            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog()) {
-                logging.writeWebSocktFinalMessage(proxyWebSocketCreation, interceptedTextMessage);
+            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog() &&
+                    interceptedTextMessage.direction() == Direction.SERVER_TO_CLIENT) {
+                logging.writeWebSocketFinalMessage(this.proxyWebSocketCreation, interceptedTextMessage);
             }
             return TextMessageReceivedAction.continueWith(interceptedTextMessage);
         }
 
         @Override
         public TextMessageToBeSentAction handleTextMessageToBeSent(InterceptedTextMessage interceptedTextMessage) {
             // WebSockt 出力
-            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog()) {
-                logging.writeWebSocktFinalMessage(proxyWebSocketCreation, interceptedTextMessage);
+            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog() &&
+                    interceptedTextMessage.direction() == Direction.CLIENT_TO_SERVER) {
+                logging.writeWebSocketFinalMessage(proxyWebSocketCreation, interceptedTextMessage);
             }
             return TextMessageToBeSentAction.continueWith(interceptedTextMessage);
         }
 
         @Override
         public BinaryMessageReceivedAction handleBinaryMessageReceived(InterceptedBinaryMessage interceptedBinaryMessage) {
             // WebSockt 出力
-            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog()) {
-                logging.writeWebSocktFinalMessage(proxyWebSocketCreation, interceptedBinaryMessage);
+            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog() &&
+                    interceptedBinaryMessage.direction() == Direction.SERVER_TO_CLIENT) {
+                logging.writeWebSocketFinalMessage(proxyWebSocketCreation, interceptedBinaryMessage);
             }
             return BinaryMessageReceivedAction.continueWith(interceptedBinaryMessage);
         }
 
         @Override
         public BinaryMessageToBeSentAction handleBinaryMessageToBeSent(InterceptedBinaryMessage interceptedBinaryMessage) {
             // WebSockt 出力
-            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog()) {
-                logging.writeWebSocktFinalMessage(proxyWebSocketCreation, interceptedBinaryMessage);
+            if (getProperty().getLoggingProperty().isAutoLogging() && getProperty().getLoggingProperty().isWebSocketLog() &&
+                    interceptedBinaryMessage.direction() == Direction.CLIENT_TO_SERVER) {
+                logging.writeWebSocketFinalMessage(proxyWebSocketCreation, interceptedBinaryMessage);
             }
             return BinaryMessageToBeSentAction.continueWith(interceptedBinaryMessage);
         }

src/main/java/burp/BurpExtension.java

@@ -36,16 +36,20 @@ public static String getProxyLogMessageName() {
         return "proxy-message.log";
     }
 
-    public static String getWebSocketLogMessageName() {
-        return "websocket-message.log";
+    public static String getToolLogName(String toolName) {
+        return String.format("burp_tool_%s.log", toolName);
     }
 
-    public static String getWebSocketLogFinalMessageName() {
-        return "websocket-final-message.log";
+    public static String getWebSocketToolLogName(String toolName) {
+        return String.format("websocket_tool_%s.log", toolName);
     }
 
-    public static String getToolLogName(String toolName) {
-        return String.format("burp_tool_%s.log", toolName);
+//    public static String getWebSocketLogMessageName() {
+//        return "websocket-message.log";
+//    }
+
+    public static String getWebSocketLogFinalMessageName() {
+        return "websocket-final-message.log";
     }
 
 }