Giter Club home page Giter Club logo

Comments (6)

illnino avatar illnino commented on August 29, 2024 1

Spot on. Thanks.

from burp-cph.

elespike avatar elespike commented on August 29, 2024

Hi, @illnino

It should work without an infinite loop. Just add a tab that watches for /authorize and submits the second request to /authorize.

from burp-cph.

illnino avatar illnino commented on August 29, 2024

Mock Server

const express = require('express')
const app = express()
const port = 3000
const bodyParser = require('body-parser');

app.use(bodyParser.json())

app.get('/', (req, res) => res.send('Hello World!'))

app.listen(port, () => console.log(`Example app listening on port ${port}!`))

app.post('/', function (req, res) {
  res.send('Got a POST request')
})

app.post('/authenticate', function (req, res) {

  obj = JSON.stringify(req.headers)

  // authorization checking
  if (!JSON.parse(obj).authorization) {
    //  it should be generated dynamically
    res.json({
      "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
    })
  } else{
    //  it should be generated dynamically
    jwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
    if (JSON.parse(obj).authorization === jwt) {
          
        req_body = JSON.stringify(req.body)
        req_jwt = JSON.parse(req_body)['jwt']

        if(req_jwt === jwt){
            res.json({"authenticated": "true"})
        } else{
          res.status(403).send({ error: "Invalid jwt in body." });
        }


    } else {
      res.status(403).send({ error: "Invalid jwt in header." });
    }
  }

  
})

My config

twice.json.txt

My request in Repeater

POST /authenticate HTTP/1.1
authorization: ###
Content-Type: application/json
User-Agent: PostmanRuntime/7.17.1
Accept: */*
Cache-Control: no-cache
Postman-Token: a7718c11-e72d-47be-a1f9-3a25de807bb5
Host: 127.0.0.1:3000
Accept-Encoding: gzip, deflate
Content-Length: 58
Connection: close

{"jwt": "###", "username": "nino", "password": "password"}

It returns

{"error":"Invalid jwt in header."}

If I press issue button, go back to repeater, and issue a new request. I got
image

{"error":"Invalid jwt in body."}

Moreover, I dont understand why jwt in the post body didnt get updated.

image

I appreciate your help.

from burp-cph.

elespike avatar elespike commented on August 29, 2024

Ah, I see you have to update it in two places. That does make it trickier, but you were really close, well done!

I've only had to make minor changes to your config:

  1. I adjusted the cache tab scope to only work on responses containing "jwt" (so that it wouldn't cache the request from Repeater)
  2. Your Repeater request had a space after "jwt":, but the regular expression in the update body tab wasn't accounting for that, so I added the potential space ( ?) to the expression.

Here's your modified config which worked with your mock server and Repeater request:
twice_fixed.json.txt

from burp-cph.

illnino avatar illnino commented on August 29, 2024

Thanks for your quick reply.

Problem

I found a tiny problem. The first request sent from repeater would not get the expected response. I had to send a 2nd request in repeater

image

1st request
image

2nd request
image

Reproduction steps

  1. Start a new burp
  2. Import your config
  3. Construct a request in repeater as follows
POST /authenticate HTTP/1.1
authorization: ###
Content-Type: application/json
User-Agent: PostmanRuntime/7.17.1
Accept: */*
Cache-Control: no-cache
Postman-Token: a7718c11-e72d-47be-a1f9-3a25de807bb5
Host: 127.0.0.1:3000
Accept-Encoding: gzip, deflate
Content-Length: 58
Connection: close

{"jwt": "###", "username": "nino", "password": "password"}
  1. Press send once
  2. Press send 2nd time

from burp-cph.

elespike avatar elespike commented on August 29, 2024

I won't be able to verify this until tomorrow, but I think the tab order may be the issue here.

Try moving the update body tab before the update header tab, so that the empty request to /authenticate gets issued beforehand.

from burp-cph.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.