CSTC Not Changing/Modifying Another Extensions Requests - but tab shows it is #32
Comments
|
I thought i should also mention now that I thought I had it working, CSTC tab is showing modification to binary content in the file uploads which invalidates all of my payloads.
|
|
Hi 👋 First of all, thanks for reporting :) The Issue
I guess this is the point. CSTC currently does not modify traffic that is created from the extender tool. public RequestFilterDialog() {
this.filterSettings = new LinkedHashMap<>();
this.filterSettings.put(new Filter("Proxy", IBurpExtenderCallbacks.TOOL_PROXY), false);
this.filterSettings.put(new Filter("Repeater", IBurpExtenderCallbacks.TOOL_REPEATER), false);
this.filterSettings.put(new Filter("Spider", IBurpExtenderCallbacks.TOOL_SPIDER), false);
this.filterSettings.put(new Filter("Scanner", IBurpExtenderCallbacks.TOOL_SCANNER), false);
this.filterSettings.put(new Filter("Intruder", IBurpExtenderCallbacks.TOOL_INTRUDER), false);The fix should be simple. Just adding a new Filter with name Trivia:Concerning TokenJar, it is actually funny that it works with this extension, as this was probably not intended by the author. If you look at the code that modifies the HTTP messages you can find the following: public void processHttpMessage(int toolFlag, boolean isRequest, IHttpRequestResponse message){
//EXIT, it was already proccessed by PROXY
if (toolFlag == IBurpExtenderCallbacks.TOOL_PROXY)
return;
//EXIT if Master Enable button is disabled
if (dataModel.getMasterEnable()==false)
return;
if (dataModel.getMasterIntruder()==false && toolFlag == IBurpExtenderCallbacks.TOOL_INTRUDER)
return;
if (dataModel.getMasterRepeater()==false && toolFlag == IBurpExtenderCallbacks.TOOL_REPEATER)
return;
if (isRequest){
processRequestMessage(message);
} else {
processResponseMessage(message);
}As you can see, the code only covers the cases The other IssueThe other issue you reported with the binary content occurs probably because your Project settings are wrong. Wrong in this context means, that you have configured |
Finally added a fix for issue #32, which adds the Extender to the available filtermasks.
|
Hi just wondering if you were doing a release anytime soon? I am actually working on an engagement right now where i could really use this. Thanks! (i'm referring to the application of transformations to extender requests) |
|
Just used the dev build and followed your instructions and I don't see the Extensions as an option in the filter. I kicked off a scan that uses Active++ Extension and also saw in the logger that CSTC isn't making changes whereas in other areas selected it is. So i can confirm it is not apply changes to Extensions currently in dev. |
Not too soon, but we will prepare a new release for this year. Currently some other projects have priority, but I guess in October we can release a new version.
I cannot reproduce this. Make sure to remove the CSTC version installed via BApp Store and to import the correct manually build jar file (
Launching a scan with ActiveScan++ enabled shows the header being added for both, ordinary scanner requests as well as extender requests:
Please let me know whether this works for you. If this is a bug, we need to determine it's root cause before we can prepare a new release :) |
|
Just reproducted again, I removed the CSTC extension. I ran the three commands from your instructions, and the BUILD says successful, then I open Burp add the extension manually using the jar file. I don't see any errors anywhere. I have attached the maven build log at the bottom in a text file and provided screenshots. I am on BurpSuite Professional v2021.6.2 on Kali linux - Linux 5.10.0-kali9-amd64 1 SMP Debian 5.10.46-1kali1 (2021-06-25) x86_64 GNU/Linux java --version Please let me know if there is anything else you need.
|
If you mean the three instructions from the $ git clone https://github.com/usdAG/cstc.git
$ cd cstc
$ git checkout develop
$ mvn package |
|
That was definitely the problem, i screwed up and didn't do the git checkout develop part |
|
Hi, sorry for the long silence 👋 |
Hello. Love the tool first of all.
I am doing some testing using the upload scanner extension and token jar extension for a site that allows file uploads that are then uploaded to an S3 bucket and retrieveable with an AWSv4 signed URL. So this is a fairly complicated endeavor and I've been struggling to get this to work with a file upload, preflight request to retrieve the download link, and then the redownload requester so that upload scanner can have full visitibility into what is working and what isn't. While this is occurring tokenjar is successfully monitoring all inbound requests and modifying the authorization bearer tokens that i have in each request for upload scanner. After spending a lot of time seeing that CSTC was showing that it was seeing AND modifying my test requests in the configuration tab of the upload scanner (using CSTC tab) - i was convinced that it was working with the checkmark for the Filter option being selected for "Scanner" (I initially thought it needed an "Extender" checkbox). But after spending all of this time trying to figure it out i chained burp to another upstream burp proxy and found out that it was working in those cases - because I had the Filter set for proxy in CSTC In the upstream Burp proxy instance where i had CSTC configured.
Long story short, it does not appear that CSTC is working for all requests but it sure would be handy if it did. Not sure what is being done differently in what an extension like tokenjar is doing https://portswigger.net/bappstore/d9e05bf81c8f4bae8a5b0b01955c5578 but CSTC is missing some for other extensions??
The text was updated successfully, but these errors were encountered: