Example 6 with IgnoreMessageException
use of com.jsql.model.exception.IgnoreMessageException in project jsql-injection by ron190.
the class ActionCoder method transform.
private void transform(String labelMethodMenu) {
String nameMethod = labelMethodMenu.replace("Hash to ", "");
String result;
String textInput = this.coderManager.getTextInput().getText();
if ("".equals(textInput) && !Arrays.asList(new String[] { "Md2", "Md4", "Md5", "Sha-1", "Sha-256", "Sha-384", "Sha-512", "Mysql" }).contains(nameMethod)) {
result = "<span style=\"color:red;\">Empty string to convert</span>";
} else if (Arrays.asList(new String[] { "Md2", "Md5", "Sha-1", "Sha-256", "Sha-384", "Sha-512" }).contains(nameMethod)) {
try {
MessageDigest md = MessageDigest.getInstance(nameMethod);
String passwordString = new String(textInput.toCharArray());
byte[] passwordByte = passwordString.getBytes();
md.update(passwordByte, 0, passwordByte.length);
byte[] encodedPassword = md.digest();
String encodedPasswordInString = StringUtil.digestToHexString(encodedPassword);
result = encodedPasswordInString;
} catch (NoSuchAlgorithmException e) {
result = String.format("<span style=\"color:red;\">Digest algorithm %s not found</span>", nameMethod);
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Md4".contains(nameMethod)) {
MessageDigest md = new DigestMD4();
String passwordString = new String(textInput.toCharArray());
byte[] passwordByte = passwordString.getBytes();
md.update(passwordByte, 0, passwordByte.length);
byte[] encodedPassword = md.digest();
String encodedPasswordInString = StringUtil.digestToHexString(encodedPassword);
result = encodedPasswordInString;
} else if ("Adler32".contains(nameMethod)) {
result = Adler32.generateAdler32(textInput);
} else if ("Crc16".contains(nameMethod)) {
result = Crc16.generateCRC16(textInput);
} else if ("Crc32".contains(nameMethod)) {
byte[] bytes = textInput.getBytes();
Checksum checksum = new CRC32();
checksum.update(bytes, 0, bytes.length);
long lngChecksum = checksum.getValue();
result = Long.toString(lngChecksum);
} else if ("Crc64".contains(nameMethod)) {
result = Crc64.generateCRC64(textInput.getBytes());
} else if ("Mysql".equals(nameMethod)) {
try {
MessageDigest md = MessageDigest.getInstance("sha-1");
String password = new String(textInput.toCharArray());
byte[] passwordBytes = password.getBytes();
md.update(passwordBytes, 0, passwordBytes.length);
byte[] hashSHA1 = md.digest();
String stringSHA1 = StringUtil.digestToHexString(hashSHA1);
String passwordSHA1 = new String(StringUtil.hexstr(stringSHA1).toCharArray());
byte[] passwordSHA1Bytes = passwordSHA1.getBytes();
md.update(passwordSHA1Bytes, 0, passwordSHA1Bytes.length);
byte[] hashSHA1SH1 = md.digest();
String mysqlHash = StringUtil.digestToHexString(hashSHA1SH1);
result = mysqlHash;
} catch (NoSuchAlgorithmException e) {
result = "<span style=\"color:red;\">Digest algorithm sha-1 not found</span>";
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Encode to Hex".equalsIgnoreCase(nameMethod)) {
try {
result = Hex.encodeHexString(textInput.getBytes(StandardCharsets.UTF_8.name())).trim();
} catch (UnsupportedEncodingException e) {
result = String.format("<span style=\"color:red;\">Encoding to Hex error: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Decode from Hex".equalsIgnoreCase(nameMethod)) {
try {
result = new String(Hex.decodeHex(textInput.toCharArray()), StandardCharsets.UTF_8.name());
} catch (Exception e) {
result = String.format("<span style=\"color:red;\">Decoding from Hex error: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Encode to Hex(zipped)".equalsIgnoreCase(nameMethod)) {
try {
result = Hex.encodeHexString(StringUtil.compress(textInput).getBytes(StandardCharsets.UTF_8.name())).trim();
} catch (Exception e) {
result = String.format("<span style=\"color:red;\">Encoding to Hex(zipped) error: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Decode from Hex(zipped)".equalsIgnoreCase(nameMethod)) {
try {
result = StringUtil.decompress(new String(Hex.decodeHex(textInput.toCharArray()), StandardCharsets.UTF_8.name()));
} catch (Exception e) {
result = String.format("<span style=\"color:red;\">Decoding from Hex(zipped) error: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Encode to Base64(zipped)".equalsIgnoreCase(nameMethod)) {
try {
result = StringUtil.base64Encode(StringUtil.compress(textInput));
} catch (IOException e) {
result = String.format("<span style=\"color:red;\">Encoding to Base64(zipped) error: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Decode from Base64(zipped)".equalsIgnoreCase(nameMethod)) {
try {
result = StringUtil.decompress(StringUtil.base64Decode(textInput));
} catch (IOException e) {
result = String.format("<span style=\"color:red;\">Decoding from Base64(zipped) error: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Encode to Base64".equalsIgnoreCase(nameMethod)) {
result = StringUtil.base64Encode(textInput);
} else if ("Decode from Base64".equalsIgnoreCase(nameMethod)) {
result = StringUtil.base64Decode(textInput);
} else if ("Encode to Html".equalsIgnoreCase(nameMethod)) {
result = StringEscapeUtils.escapeHtml4(textInput).replace("<", "<").replace(">", ">").replace("&", "&");
} else if ("Encode to Html (decimal)".equalsIgnoreCase(nameMethod)) {
result = StringUtil.decimalHtmlEncode(textInput).replace("<", "<").replace(">", ">").replace("&", "&");
} else if ("Decode from Html".equalsIgnoreCase(nameMethod)) {
result = StringEscapeUtils.unescapeHtml4(textInput).replace("<", "<").replace(">", ">");
} else if ("Encode to Url".equalsIgnoreCase(nameMethod)) {
try {
result = URLEncoder.encode(textInput, StandardCharsets.UTF_8.name());
} catch (UnsupportedEncodingException e) {
result = String.format("<span style=\"color:red;\">Encoding to UTF-8 failed: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else if ("Decode from Url".equalsIgnoreCase(nameMethod)) {
// Fix #16068: IllegalArgumentException on URLDecoder.decode() when input contains %
try {
result = URLDecoder.decode(textInput, StandardCharsets.UTF_8.name());
} catch (IllegalArgumentException | UnsupportedEncodingException e) {
result = String.format("<span style=\"color:red;\">Decoding failed: %s</span>", e.getMessage());
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
} else {
result = "<span style=\"color:red;\">Unsupported encoding or decoding method</span>";
}
this.coderManager.getResult().setText(String.format("<html><span style=\"font-family:'Ubuntu Mono'\">%s</span></html>", result));
}
Also used :
CRC32(java.util.zip.CRC32)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Checksum(java.util.zip.Checksum)
DigestMD4(com.jsql.view.swing.bruteforce.DigestMD4)
MessageDigest(java.security.MessageDigest)
Example 7 with IgnoreMessageException
use of com.jsql.model.exception.IgnoreMessageException in project jsql-injection by ron190.
the class ConnectionUtil method fixJcifsTimeout.
/**
* Fix a bug introduced by authentication library jcifs which ignore
* default timeout of connection.
* Use reflectivity to set connectTimeout and readTimeout attributs.
* @param connection whose default timeout attributs will be set
*/
public static void fixJcifsTimeout(HttpURLConnection connection) {
Class<?> classConnection = connection.getClass();
boolean connectionIsWrapped = true;
Field privateFieldURLConnection = null;
try {
privateFieldURLConnection = classConnection.getDeclaredField("connection");
} catch (Exception e) {
// Ignore Fix
connectionIsWrapped = false;
// Ignore
IgnoreMessageException exceptionIgnored = new IgnoreMessageException(e);
LOGGER.trace(exceptionIgnored, exceptionIgnored);
}
if (connectionIsWrapped) {
try {
privateFieldURLConnection.setAccessible(true);
URLConnection privateURLConnection = (URLConnection) privateFieldURLConnection.get(connection);
Class<?> classURLConnectionPrivate = privateURLConnection.getClass();
final Class<?> parentClass = classURLConnectionPrivate.getSuperclass();
if (parentClass == HttpsURLConnection.class) {
return;
}
Field privateFieldConnectTimeout = classURLConnectionPrivate.getDeclaredField("connectTimeout");
privateFieldConnectTimeout.setAccessible(true);
privateFieldConnectTimeout.setInt(privateURLConnection, ConnectionUtil.getTimeout());
Field privateFieldReadTimeout = classURLConnectionPrivate.getDeclaredField("readTimeout");
privateFieldReadTimeout.setAccessible(true);
privateFieldReadTimeout.setInt(privateURLConnection, ConnectionUtil.getTimeout());
} catch (Exception e) {
LOGGER.warn("Fix jcifs timeout failed: " + e.getMessage(), e);
}
}
}
Also used :
Field(java.lang.reflect.Field)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
InjectionFailureException(com.jsql.model.exception.InjectionFailureException)
IgnoreMessageException(com.jsql.model.exception.IgnoreMessageException)
IOException(java.io.IOException)
ProtocolException(java.net.ProtocolException)
HttpURLConnection(java.net.HttpURLConnection)
SpnegoHttpURLConnection(net.sourceforge.spnego.SpnegoHttpURLConnection)
URLConnection(java.net.URLConnection)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
Aggregations
IgnoreMessageException (com.jsql.model.exception.IgnoreMessageException)7
InjectionFailureException (com.jsql.model.exception.InjectionFailureException)3
IOException (java.io.IOException)3
Field (java.lang.reflect.Field)2
ProtocolException (java.net.ProtocolException)2
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)2
BadLocationException (javax.swing.text.BadLocationException)2
Request (com.jsql.model.bean.util.Request)1
StoppedByUserSlidingException (com.jsql.model.exception.StoppedByUserSlidingException)1
DigestMD4 (com.jsql.view.swing.bruteforce.DigestMD4)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
HttpURLConnection (java.net.HttpURLConnection)1
URLConnection (java.net.URLConnection)1
MessageDigest (java.security.MessageDigest)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CRC32 (java.util.zip.CRC32)1
Checksum (java.util.zip.Checksum)1
SpnegoHttpURLConnection (net.sourceforge.spnego.SpnegoHttpURLConnection)1
