## [1.0.4] - 2024-05-02

### Changed - Code refactoring Signed-off-by: d4d <[email protected]>
d0ge · May 2, 2024 · 4f51bfa · 4f51bfa
1 parent 88c6dc7
commit 4f51bfa
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## [1.0.4] - 2024-05-02
+
+### Changed
+
+- Code refactoring
+
 ## [1.0.3] - 2024-04-25
 
 ### Added

diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ found [here](https://github.com/blackberry/jwt-editor) and [here](https://github
 
 * Ensure that Java JDK 17 or newer is installed
 * From root of project, run the command `./gradlew jar`
-* This should place the JAR file `sign-saboteur-1.0.3.jar` within the `build/libs` directory
+* This should place the JAR file `sign-saboteur-1.0.4.jar` within the `build/libs` directory
 * This can be loaded into Burp by navigating to the `Extensions` tab, `Installed` sub-tab, clicking `Add` and loading
   the JAR file
 * This BApp is using the newer Montoya API, so it's best to use the latest version of Burp (try the earlier adopter

diff --git a/build.gradle b/build.gradle
@@ -3,7 +3,7 @@ plugins {
 }
 
 group = 'one.d4d'
-version = '1.0.3'
+version = '1.0.4'
 description = 'sign-saboteur'
 
 repositories {

diff --git a/src/main/java/burp/SignSaboteurExtension.java b/src/main/java/burp/SignSaboteurExtension.java
@@ -96,7 +96,9 @@ public void initialize(MontoyaApi api) {
                 proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(proxyWsMessageHandler)
         );
 
-        ScannerHandler scannerHandler = new ScannerHandler(presenters, signerConfig);
-        scanner.registerScanCheck(scannerHandler);
+        if (isProVersion) {
+            ScannerHandler scannerHandler = new ScannerHandler(presenters, signerConfig);
+            scanner.registerScanCheck(scannerHandler);
+        }
     }
 }
diff --git a/src/main/java/burp/scanner/ScannerHandler.java b/src/main/java/burp/scanner/ScannerHandler.java
@@ -23,6 +23,9 @@
 
 import java.util.*;
 
+import static burp.api.montoya.scanner.ConsolidationAction.KEEP_BOTH;
+import static burp.api.montoya.scanner.ConsolidationAction.KEEP_EXISTING;
+
 public class ScannerHandler implements ScanCheck {
     private final ScannerPresenter presenter;
     private final SignerConfig signerConfig;
@@ -45,8 +48,8 @@ public AuditResult passiveAudit(HttpRequestResponse httpRequestResponse) {
     }
 
     @Override
-    public ConsolidationAction consolidateIssues(AuditIssue auditIssue, AuditIssue auditIssue1) {
-        return null;
+    public ConsolidationAction consolidateIssues(AuditIssue newIssue, AuditIssue existingIssue) {
+        return existingIssue.detail().equals(newIssue.detail()) ? KEEP_EXISTING : KEEP_BOTH;
     }
 
     private List<AuditIssue> getRequestAuditIssues(HttpRequestResponse requestResponse) {

diff --git a/src/test/java/RubySignedCookieTest.java b/src/test/java/RubySignedCookieTest.java
@@ -1,21 +1,14 @@
-import burp.api.montoya.core.ByteArray;
-import one.d4d.signsaboteur.itsdangerous.Algorithms;
 import one.d4d.signsaboteur.itsdangerous.Attack;
 import one.d4d.signsaboteur.itsdangerous.BruteForce;
-import one.d4d.signsaboteur.itsdangerous.model.MutableSignedToken;
 import one.d4d.signsaboteur.itsdangerous.model.RubySignedToken;
-import one.d4d.signsaboteur.itsdangerous.model.SignedToken;
-import one.d4d.signsaboteur.itsdangerous.model.SignedTokenObjectFinder;
 import one.d4d.signsaboteur.keys.SecretKey;
-import one.d4d.signsaboteur.utils.Utils;
-import org.apache.commons.lang3.StringUtils;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import java.security.spec.KeySpec;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
 
 public class RubySignedCookieTest {
 
@@ -92,7 +85,7 @@ void UnknownSignedDefaultRubySessionCookie32() {
     }
 
     @Test
-    void ActiveStorageBlodTest() {
+    void ActiveStorageBlobTest() {
         String secret = "645deb7dc7a12794104f5dbc61ae22037cd9b1def6a8ea4becb3761349a32d483717d56b91bd7e95a9190f4cab6ffa5f118baacf08ac3e1bc4a7a2c186011653";
         String salt = "ActiveStorage";
         String message = "eyJfcmFpbHMiOnsiZGF0YSI6eyJrZXkiOiJ2bnhzNmZsb2tpMWxhNjVkeTl3ODkwc2tzMHFhIiwiZGlzcG9zaXRpb24iOiJhdHRhY2htZW50OyBmaWxlbmFtZT1cInNlY3JldC50eHRcIjsgZmlsZW5hbWUqPVVURi04JydzZWNyZXQudHh0IiwiY29udGVudF90eXBlIjoidGV4dC9wbGFpbiIsInNlcnZpY2VfbmFtZSI6ImxvY2FsIn0sImV4cCI6IjIwMjQtMDQtMjRUMTY6MjQ6MzUuMjMzWiIsInB1ciI6ImJsb2Jfa2V5In19";

diff --git a/src/test/resources/salts b/src/test/resources/salts
@@ -13,4 +13,5 @@
 "signed cookie"
 "encrypted cookie"
 "signed encrypted cookie"
+"authenticated encrypted cookie"
 "a4fb52b0ccb302eaef92bda18fedf5c3"