GET requests with bodies won't be truncated

AndreyRainchik · AndreyRainchik · commit ddd9ed27e380 · 2020-04-23T16:12:44.000-05:00
diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java
@@ -470,7 +470,8 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
 
                 java.util.List<String> headers = request.getHeaders();
 
-                if (headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("x-amz-date")))) {
+                if (headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("x-amz-date"))) &&
+                        headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("authorization")))) {
                     String[] profile = this.profiles.get(Menu.getEnabledProfile());
                     byte[] signedRequest;
                     if (dynamicRegionAndService.isSelected()) {
diff --git a/src/main/java/burp/Utility.java b/src/main/java/burp/Utility.java
@@ -102,7 +102,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo,
         String notUnicode = "[^\\u0000-\\u007F]+";
         String payloadHash;
 
-        if (!requestInfo.getMethod().equals("GET")){
+        if (!requestInfo.getMethod().equals("GET") || requestInfo.getBodyOffset() > 0){
 
             int bodyOffset = requestInfo.getBodyOffset();
             body = hexToString(bytesToHex(Arrays.copyOfRange(request, bodyOffset, request.length)));
@@ -119,6 +119,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo,
                 }
                 body = sanitize;
             }
+            pw.println(Base64.getEncoder().encodeToString(body.getBytes("utf-8")));
             payloadHash = Hashing.sha256().hashString(body, StandardCharsets.UTF_8).toString().toLowerCase();
 
         } else {
@@ -273,7 +274,7 @@ private static String getSignedHeaders(String authHeader){
             signedHeaders = matcher.group(1);
         }
 
-        return  signedHeaders;
+        return signedHeaders;
 
     }
     private static String bytesToHex(byte[] bytes) {

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo,`
`102`	`102`	`String notUnicode = "[^\\u0000-\\u007F]+";`
`103`	`103`	`String payloadHash;`
`104`	`104`
`105`		`- if (!requestInfo.getMethod().equals("GET")){`
	`105`	`+ if (!requestInfo.getMethod().equals("GET") \|\| requestInfo.getBodyOffset() > 0){`
`106`	`106`
`107`	`107`	`int bodyOffset = requestInfo.getBodyOffset();`
`108`	`108`	`body = hexToString(bytesToHex(Arrays.copyOfRange(request, bodyOffset, request.length)));`
`@@ -119,6 +119,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo,`
`119`	`119`	`}`
`120`	`120`	`body = sanitize;`
`121`	`121`	`}`
	`122`	`+ pw.println(Base64.getEncoder().encodeToString(body.getBytes("utf-8")));`
`122`	`123`	`payloadHash = Hashing.sha256().hashString(body, StandardCharsets.UTF_8).toString().toLowerCase();`
`123`	`124`
`124`	`125`	`} else {`
`@@ -273,7 +274,7 @@ private static String getSignedHeaders(String authHeader){`
`273`	`274`	`signedHeaders = matcher.group(1);`
`274`	`275`	`}`
`275`	`276`
`276`		`- return signedHeaders;`
	`277`	`+ return signedHeaders;`
`277`	`278`
`278`	`279`	`}`
`279`	`280`	`private static String bytesToHex(byte[] bytes) {`