Skip to content
This repository has been archived by the owner on Dec 15, 2023. It is now read-only.

Call same url twice with different parameter #40

Closed
illnino opened this issue Sep 17, 2019 · 6 comments
Closed

Call same url twice with different parameter #40

illnino opened this issue Sep 17, 2019 · 6 comments
Assignees
@elespike
Labels
question

Comments

@illnino
Copy link

illnino commented Sep 17, 2019

It is not a bug, but an inquiry.

Can i accomplish below with CPH?

Scenario

To authenticate, a user is required to call /authenticate twice.

POST /authenticate

HTTP 200

{"jwt": [this_is_your_token]}

POST /authenticate

{"jwt": [this_is_your_token], "username": "nino", "password": "password"}


HTTP 200

{"authenticated": "true"}

Before a user sends out username & password, he is required to call the same endpoint without any parameter to obtain a jwt.

If we add a tab to capture request that match /authenticate, it seems it would have infinite loop.

Does CPH support this type of request? Thanks.
@elespike
Copy link
Owner

Hi, @illnino

It should work without an infinite loop. Just add a tab that watches for /authorize and submits the second request to /authorize.

@illnino
Copy link
Author

illnino commented Sep 18, 2019
edited
Loading

Mock Server

const express = require('express')
const app = express()
const port = 3000
const bodyParser = require('body-parser');

app.use(bodyParser.json())

app.get('/', (req, res) => res.send('Hello World!'))

app.listen(port, () => console.log(`Example app listening on port ${port}!`))

app.post('/', function (req, res) {
  res.send('Got a POST request')
})

app.post('/authenticate', function (req, res) {

  obj = JSON.stringify(req.headers)

  // authorization checking
  if (!JSON.parse(obj).authorization) {
    //  it should be generated dynamically
    res.json({
      "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
    })
  } else{
    //  it should be generated dynamically
    jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
    if (JSON.parse(obj).authorization === jwt) {
          
        req_body = JSON.stringify(req.body)
        req_jwt = JSON.parse(req_body)['jwt']

        if(req_jwt === jwt){
            res.json({"authenticated": "true"})
        } else{
          res.status(403).send({ error: "Invalid jwt in body." });
        }


    } else {
      res.status(403).send({ error: "Invalid jwt in header." });
    }
  }

  
})

My config

twice.json.txt

My request in Repeater

POST /authenticate HTTP/1.1
authorization: ###
Content-Type: application/json
User-Agent: PostmanRuntime/7.17.1
Accept: */*
Cache-Control: no-cache
Postman-Token: a7718c11-e72d-47be-a1f9-3a25de807bb5
Host: 127.0.0.1:3000
Accept-Encoding: gzip, deflate
Content-Length: 58
Connection: close

{"jwt": "###", "username": "nino", "password": "password"}

It returns

{"error":"Invalid jwt in header."}

If I press issue button, go back to repeater, and issue a new request. I got
image

{"error":"Invalid jwt in body."}

Moreover, I dont understand why jwt in the post body didnt get updated.

image

I appreciate your help.

@elespike
Copy link
Owner

Ah, I see you have to update it in two places. That does make it trickier, but you were really close, well done!

I've only had to make minor changes to your config:

  1. I adjusted the cache tab scope to only work on responses containing "jwt" (so that it wouldn't cache the request from Repeater)
  2. Your Repeater request had a space after "jwt":, but the regular expression in the update body tab wasn't accounting for that, so I added the potential space ( ?) to the expression.

Here's your modified config which worked with your mock server and Repeater request:
twice_fixed.json.txt

@elespike elespike self-assigned this Sep 18, 2019
@illnino
Copy link
Author

illnino commented Sep 18, 2019

Thanks for your quick reply.

Problem

I found a tiny problem. The first request sent from repeater would not get the expected response. I had to send a 2nd request in repeater

image

1st request
image

2nd request
image

Reproduction steps

  1. Start a new burp
  2. Import your config
  3. Construct a request in repeater as follows
POST /authenticate HTTP/1.1
authorization: ###
Content-Type: application/json
User-Agent: PostmanRuntime/7.17.1
Accept: */*
Cache-Control: no-cache
Postman-Token: a7718c11-e72d-47be-a1f9-3a25de807bb5
Host: 127.0.0.1:3000
Accept-Encoding: gzip, deflate
Content-Length: 58
Connection: close

{"jwt": "###", "username": "nino", "password": "password"}
  1. Press send once
  2. Press send 2nd time

@elespike
Copy link
Owner

I won't be able to verify this until tomorrow, but I think the tab order may be the issue here.

Try moving the update body tab before the update header tab, so that the empty request to /authenticate gets issued beforehand.

@illnino
Copy link
Author

illnino commented Sep 19, 2019

Spot on. Thanks.

@illnino illnino closed this as completed Sep 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@elespike elespike

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@illnino @elespike