search

synopsys-sig / ATOR-Burp

78 stars 33 forks source link

ATOR failing to pull Access Token and replace Auth. Bearer in Request. #16

Open CGuiri opened 2 years ago

CGuiri commented 2 years ago

Attempting to pull the access token from the request below:

HTTP/2 200 OK
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Date: Fri, 19 Nov 2021 21:38:13 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json; charset=utf-8
Vary: Origin
Vary: X-Origin
Vary: Referer
Server: scaffolding on HTTPServer2
Content-Length: 1372
X-Xss-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

{
  "access_token": "ya29.a0ARrdaM-xZscNDMYR6LZ5xSoAAPUIWkKd5-9Nd4mwBCoyBDhoAnGjmYUm9Y0FtQ49p3OXp2u-0_Dupw10N0uls6Vi75Blc10GdN2WoGufXEIciPWdoxAfkg-b-1FuvOlxGjCgouoOBC_NFMaZgwD5xmwMncuyJHoOFYPtmQ",
  "expires_in": 3599,
  "scope": "[REDACTED]"
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjAzMmIyZWYzZDJjMjgwNjE1N2Y4YTliOWY0ZWY3Nzk4MzRmODVhZGEiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIzMjU1NTk0MDU1OS5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsImF1ZCI6IjMyNTU1OTQwNTU5LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwic3ViIjoiMTAyOTA1MDgxMDg0MTQyMjk1MTA5IiwiaGQiOiJjZnBlbnRlc3QwMi5jb20iLCJlbWFpbCI6InJpZ2dpbnNAY2ZwZW50ZXN0MDIuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiI1cnlvMjcwQ2xxTVpWWWtvUDJ3NVB3IiwiaWF0IjoxNjM3MzU3ODkzLCJleHAiOjE2MzczNjE0OTN9.Gr2yDCZ_OYnBd51VEyKX27H4wZGPwhbG9QgaSQUfrdgFSSqkkzPVtMw_WFPKFHlkpN27iwZskn9yOQc716PVjoXsDZ94kfZHpGqOQ05mVHc_3QJ4dVh2sNH-s3w8vftyXFYw4XyqpwICc9bCUT5spVIBqRuoLQyIrj_yXjpchtZ7nzMn5gvr2zJmTRuUXghGJmO04RI-mSdRCNEmJnB1nvKPyjWOznndjnYVTCYpsllTMcivpd9T-_bI67EInnJ_Zmq3vzDcUHgK_tRpatGY_GTjXGb5NpNQjxXeTNrNafKoumidh2ITe0naQ3cKUctRtSD9H-vcs-hRT2NJIuGrjA"
}

I have tried using the following setup guides for the ATOR plugin: https://www.synopsys.com/blogs/software-security/ator-burp-plugin-login-sequences/ https://medium.com/@kashwathkumar/authentication-token-obtain-and-replace-ator-burp-plugin-fast-and-reliable-plugin-to-handle-b19e3621c6a7 https://www.youtube.com/watch?v=h1p2rvooTL0&t=6s&ab_channel=ashwathkumar

Also tried various filters to see if it was an issue with the pattern in the setup process. Additionally, I have deduced that in the Logger for the plugin that the Token auth Request is being made successfully, but the new access_token is not dropping into the Request. I attempted to use a longer string to the left and right of the From Selection filter, but still no success. Any suggestions would be most appreciated.