Could it be an encoding problem?

Nzoth9 commented 1 year ago

Hi, Burp Team! How are you? I'm making a custom extension. What I want to do is modify HttpHandler to remove all comments in HTML.

The following is a part of MyHttpHandler.java.

@Override
    public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived responseReceived) {
        if(!this.api.scope().isInScope(responseReceived.initiatingRequest().url())) {
            return continueWith(responseReceived);
        } else {
            if(responseReceived.inferredMimeType().toString() == "HTML") {
                List<String> matches = new ArrayList<>();
                try {
                    String content = new String(responseReceived.body().getBytes(), "utf-8"); // Any encoding issues?
                    Pattern pattern = Pattern.compile("(<!--.*?-->)|(<!--[\\w\\W\\n\\s]+?-->)", Pattern.DOTALL | Pattern.MULTILINE);
                    Matcher matcher = pattern.matcher(content);
                    if(matcher.find())
                    {
                        matches.add(matcher.group(0));
                    }
                    this.api.logging().logToOutput(matches.toString());
                    return continueWith(responseReceived);
                } catch (UnsupportedEncodingException e) {
                    this.api.logging().logToError(e.toString());
                }

Then it will output like this.

[<!--<div class="sub2" ng-cloak ng-show="is_sub2">
                <a href="/games/sadari" ><img src="/static/images/common/mini_top1.png" alt="ë¤ìëì¬ë¤ë¦¬"> ë¤ìëì¬ë¤ë¦¬</a><a href="/games/dari" ><img src="/static/images/common/mini_top2.png" alt="ë¤ìëë¤ë¦¬ë¤ë¦¬"> ë¤ìëë¤ë¦¬ë¤ë¦¬</a><a href="/games/racing"><img src="/static/images/common/mini_top3.png" alt="ë¤ìëë¬í½ì´"> ë¤ìëë¬í½ì´</a><a href="/games/power2"><img src="/static/images/common/mini_top4.png" alt="íìë³¼"> íìë³¼</a><a href="/games/power_sadari"><img src="/static/images/common/mini_top5.png" alt="íìì¬ë¤ë¦¬"> íìì¬ë¤ë¦¬</a><a href="/games/keno_sadari"><img src="/static/images/common/mini_top1.png" alt="í¤ë¸ì¬ë¤ë¦¬"> í¤ë¸ì¬ë¤ë¦¬</a><a href="/games/ball" ><img src="/static/images/common/mini_top11.png" alt="ê°ìì¶êµ¬"> ê°ìì¶êµ¬</a><a href="/games/dog"><img src="/static/images/common/mini_top10.png" alt="ê°ìê°ê²½ì£¼"> ê°ìê°ê²½ì£¼</a><a href="/games/soccer"><img src="/static/images/common/mini_top12.png" alt="ì¤í¬ëª½í¤"> ì¤í¬ëª½í¤</a>     
            </div>-->]

However, Java for testing matches well, as follows:

public class Example {
    public static void main(String[] args) {
        File file = new File("doc.html");
        char[] chars = null;
        try(FileReader fr = new FileReader(file))
        {
            chars = new char[(int) file.length()];
            fr.read(chars);
        } catch(IOException e) {
            e.printStackTrace();
        }

        String content = new String(chars);
        Pattern pattern = Pattern.compile("(<!--.*?-->)|(<!--[\\w\\W\\n\\s]+?-->)", Pattern.DOTALL | Pattern.MULTILINE);
        Matcher matcher = pattern.matcher(content);;

        while (matcher.find()) {
            System.out.println(matcher.group());
        }
    }
}

I think it's because of my lack of JAVA skills. All annotations are not imported. Do you know a good way? Have a good day! <3

Nzoth9 commented 1 year ago

This doesn't seem to be an issue with the Montoya API. In addition, there is some progress, so I close it. Sorry for the fuss.

Nzoth9 commented 1 year ago

Sorry for reopening this issue. I am trying to get all the matched parts as follows and get the index value with the indexOf function.

if(responseReceived.inferredMimeType().toString() == "HTML") {
                List<String> matches = new ArrayList<>();
                String content = null;
                try {
                    content = new String(responseReceived.body().getBytes(), "utf-8");
                    Pattern pattern = Pattern.compile("<!--.*?-->", Pattern.DOTALL | Pattern.MULTILINE);
                    Matcher matcher = pattern.matcher(content);
                    while(matcher.find()) { matches.add(matcher.group()); }
                } catch (UnsupportedEncodingException e) {
                    this.api.logging().logToError(e.toString());
                }
                for(int index=0; index<matches.size(); index++) {
                    this.logging.logToOutput(matches.get(index));
                    this.logging.logToOutput(String.format("%d", content.indexOf(index)));
                }
            } else {
                return continueWith(responseReceived);
            }

But maybe because of the encoding, only -1 is output.

Is there a function that can solve the encoding?

Hannah-PortSwigger commented 1 year ago

When you are using content.indexOf(index), you are looking for the first instance of index, which is a number.

Are you sure you don't want to be getting indexOf(matches.get(index))?

Nzoth9 commented 1 year ago

Hi, @Hannah-PortSwigger, Thank you for reply <3

PortSwigger / burp-extensions-montoya-api

Could it be an encoding problem? #31