From bee8be0134e659e2b0bb7a626b1690f61553851a Mon Sep 17 00:00:00 2001 From: Ohpe <704560+ohpe@users.noreply.github.com> Date: Fri, 18 Oct 2024 14:51:41 +0200 Subject: [PATCH] add: customContent replacement in request.Body --- core/proxy/handler.go | 50 ++++++++++++++++++++++++++++++++++++++++ docs/config/transform.md | 7 ++++++ session/config.go | 3 +++ 3 files changed, 60 insertions(+) diff --git a/core/proxy/handler.go b/core/proxy/handler.go index 96afd5a..e2bf881 100644 --- a/core/proxy/handler.go +++ b/core/proxy/handler.go @@ -5,12 +5,14 @@ import ( "bytes" "encoding/json" "fmt" + "io" "io/ioutil" "net/http" "net/url" "regexp" "strconv" "strings" + "unicode/utf8" "github.com/evilsocket/islazy/tui" . "github.com/logrusorgru/aurora" @@ -134,6 +136,54 @@ func (muraena *MuraenaProxy) RequestProcessor(request *http.Request) (err error) request.Header.Set("User-Agent", sess.Config.Transform.Request.UserAgent) } + // + // BODY + // + // Transform body + if len(sess.Config.Transform.Request.CustomContent) > 0 { + + // Make sure the content type is not binary + + if request.Body != nil { + r := request.Body + buf, err := ioutil.ReadAll(r) + if err != nil { + log.Error("unable to transform request body: %s", err) + goto skip + } + err = request.Body.Close() + if err != nil { + log.Error("unable to transform request body: %s", err) + goto skip + } + + defer r.Close() + + // CustomContent is an [][]string containing the following: + // [0] is the string to be replaced + // [1] is the string to replace with + // Example: [["foo", "bar"], ["bar", "foo"]] + if !utf8.Valid(buf) { + log.Debug("skip binary content from request body replacement in %s", request.URL.Path) + goto skip + } + + bodyString := string(buf) + for _, cc := range sess.Config.Transform.Request.CustomContent { + bodyString = strings.Replace(bodyString, cc[0], cc[1], -1) + } + + request.Body = io.NopCloser(bytes.NewReader([]byte(bodyString))) + request.ContentLength = int64(len(bodyString)) + request.Header.Set("Content-Length", strconv.Itoa(len(bodyString))) + + } + } + +skip: + { + } + // // HEADERS // diff --git a/docs/config/transform.md b/docs/config/transform.md index cbd3ebc..ac46257 100644 --- a/docs/config/transform.md +++ b/docs/config/transform.md @@ -54,6 +54,13 @@ Commonly headers to transform include: - `Origin` - `X-Forwarded-For` +#### `customContent` +`customContent` defines a list of content transformation rules to be applied to body. + +The rules are defined as a list of pairs, where the first element is the search string and the second element is the +replacement string. `customContent` works by searching for the `search` string in the response content and replacing it +with the `replace` string. + #### `remove` ##### `headers` diff --git a/session/config.go b/session/config.go index 834400e..83430b5 100644 --- a/session/config.go +++ b/session/config.go @@ -85,6 +85,9 @@ type Configuration struct { // Headers list to consider for the transformation Headers []string `toml:"headers"` + // CustomContent Transformations + CustomContent [][]string `toml:"customContent"` + Remove struct { Headers []string `toml:"headers"` } `toml:"remove"`