1 package com.jsql.view.swing.panel.preferences;
2
3 import com.jsql.view.swing.panel.PanelPreferences;
4 import com.jsql.view.swing.panel.preferences.listener.SpinnerMouseWheelListener;
5 import com.jsql.view.swing.text.JPopupTextField;
6 import com.jsql.view.swing.text.listener.DocumentListenerEditing;
7 import com.jsql.view.swing.util.MediatorHelper;
8
9 import javax.swing.*;
10 import java.awt.*;
11 import java.awt.event.ActionListener;
12 import java.util.Arrays;
13 import java.util.stream.Stream;
14
15 public class PanelConnection extends JPanel {
16
17 private final JCheckBox checkboxIsFollowingRedirection = new JCheckBox("Follow redirection", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isFollowingRedirection());
18 private final JCheckBox checkboxIsHttp2Disabled = new JCheckBox("Disable HTTP/2", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isHttp2Disabled());
19 private final JCheckBox checkboxIsNotTestingConnection = new JCheckBox("Disable connection test", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isNotTestingConnection());
20 private final JCheckBox checkboxIsNotProcessingCookies = new JCheckBox("Disable session cookies", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isNotProcessingCookies());
21 private final JCheckBox checkboxIsProcessingCsrf = new JCheckBox("Process CSRF token (search for XSRF-TOKEN/.../_csrf ; then set X-XSRF-TOKEN/.../_csrf)", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isProcessingCsrf());
22 private final JCheckBox checkboxIsLimitingThreads = new JCheckBox("Limit processing threads:", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isLimitingThreads());
23 private final JCheckBox checkboxIsConnectionTimeout = new JCheckBox("Set timeout:", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isConnectionTimeout());
24 private final JCheckBox checkboxIsUnicodeDecodeDisabled = new JCheckBox("Disable Unicode decoding in response", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isUnicodeDecodeDisabled());
25 private final JCheckBox checkboxIsUrlDecodeDisabled = new JCheckBox("Disable Url decoding in response", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isUrlDecodeDisabled());
26
27 private final JSpinner spinnerLimitingThreads = new JSpinner();
28 private final JSpinner spinnerConnectionTimeout = new JSpinner();
29
30 private final JCheckBox checkboxIsCsrfUserTag = new JCheckBox("Custom CSRF:", MediatorHelper.model().getMediatorUtils().getPreferencesUtil().isCsrfUserTag());
31 private final JTextField textfieldCustomCsrfInputToken = new JPopupTextField(MediatorHelper.model().getMediatorUtils().getPreferencesUtil().csrfUserTag()).getProxy();
32 private final JTextField textfieldCustomCsrfOutputToken = new JPopupTextField(MediatorHelper.model().getMediatorUtils().getPreferencesUtil().csrfUserTagOutput()).getProxy();
33
34 public PanelConnection(PanelPreferences panelPreferences) {
35 this.checkboxIsFollowingRedirection.setToolTipText(
36 "<html>HTTP 3XX response indicates page's location has changed.<br>" +
37 "Redirect automatically to the new location.</html>"
38 );
39 this.checkboxIsHttp2Disabled.setToolTipText("<html>Some website works with HTTP/1.1 only.<br>Disable HTTP/2 in favor of HTTP/1.1.</html>");
40 this.checkboxIsUnicodeDecodeDisabled.setToolTipText(
41 "<html>Unicode entities \\uXXXX are decoded to raw characters by default.<br>" +
42 "Check to disable this behavior.</html>"
43 );
44 this.checkboxIsUrlDecodeDisabled.setToolTipText(
45 "<html>Url entities %XX are decoded to raw characters by default.<br>" +
46 "Check to disable this behavior.</html>"
47 );
48 this.checkboxIsNotTestingConnection.setToolTipText(
49 "<html>Connectivity to target is checked first to stop when target is dead, like with 404 Not Found.<br>"
50 + "Check option to process with injection whatever problem exists.</html>"
51 );
52 this.checkboxIsNotProcessingCookies.setToolTipText(
53 "<html>Cookies persist data between connections.<br>" +
54 "Sometimes persisted data like user's session is messing with injection and have to be ignored.</html>"
55 );
56 this.checkboxIsLimitingThreads.setToolTipText(
57 "<html>Various tasks are processed in parallel to save time.<br>"
58 + "Target that detects too much calls during a period can close the connection,<br>"
59 + "in that case it helps lowering threads or keeping a single thread.</html>"
60 );
61 this.checkboxIsConnectionTimeout.setToolTipText("End connection when target takes this long to answer, it can be lowered down to save time in some cases.");
62 this.checkboxIsProcessingCsrf.setToolTipText(
63 "<html>Search for common CSRF tokens in response header and body.<br>" +
64 "Inject back the value in the query, header and request body.</html>"
65 );
66
67 var panelConnectionTimeout = new JPanel();
68 panelConnectionTimeout.setLayout(new BoxLayout(panelConnectionTimeout, BoxLayout.X_AXIS));
69 panelConnectionTimeout.add(new JLabel("Close connection after "));
70 panelConnectionTimeout.add(this.spinnerConnectionTimeout);
71 panelConnectionTimeout.add(new JLabel(" s ; default 15s"));
72 panelConnectionTimeout.setMaximumSize(new Dimension(125, this.spinnerConnectionTimeout.getPreferredSize().height));
73 int countConnectionTimeout = MediatorHelper.model().getMediatorUtils().getPreferencesUtil().countConnectionTimeout();
74 var spinnerConnectionModel = new SpinnerNumberModel(
75 countConnectionTimeout <= 0 ? 15 : countConnectionTimeout,
76 1,
77 30,
78 1
79 );
80 this.spinnerConnectionTimeout.setModel(spinnerConnectionModel);
81 this.spinnerConnectionTimeout.addMouseWheelListener(new SpinnerMouseWheelListener());
82 this.spinnerConnectionTimeout.addChangeListener(e -> panelPreferences.getActionListenerSave().actionPerformed(null));
83
84 var panelThreadCount = new JPanel();
85 panelThreadCount.setLayout(new BoxLayout(panelThreadCount, BoxLayout.X_AXIS));
86 panelThreadCount.add(new JLabel("Use "));
87 panelThreadCount.add(this.spinnerLimitingThreads);
88 panelThreadCount.add(new JLabel(" thread(s) ; default 5 threads"));
89 panelThreadCount.setMaximumSize(new Dimension(125, this.spinnerLimitingThreads.getPreferredSize().height));
90 int countLimitingThreads = MediatorHelper.model().getMediatorUtils().getPreferencesUtil().countLimitingThreads();
91 var spinnerNumberModel = new SpinnerNumberModel(
92 countLimitingThreads <= 0 ? 10 : countLimitingThreads,
93 1,
94 100,
95 1
96 );
97 this.spinnerLimitingThreads.setModel(spinnerNumberModel);
98 this.spinnerLimitingThreads.addMouseWheelListener(new SpinnerMouseWheelListener());
99 this.spinnerLimitingThreads.addChangeListener(e -> panelPreferences.getActionListenerSave().actionPerformed(null));
100
101 this.checkboxIsCsrfUserTag.setToolTipText(
102 "<html>Process custom CSRF.<br>" +
103 "Read value from input token and write value to output token.</html>"
104 );
105
106 var panelCsrfUserTagInput = new JPanel();
107 panelCsrfUserTagInput.setLayout(new BoxLayout(panelCsrfUserTagInput, BoxLayout.LINE_AXIS));
108 panelCsrfUserTagInput.add(new JLabel("Input token to find "));
109 panelCsrfUserTagInput.add(this.textfieldCustomCsrfInputToken);
110 panelCsrfUserTagInput.setMaximumSize(new Dimension(450, this.textfieldCustomCsrfInputToken.getPreferredSize().height));
111
112 var panelCsrfUserTagOutput = new JPanel();
113 panelCsrfUserTagOutput.setLayout(new BoxLayout(panelCsrfUserTagOutput, BoxLayout.LINE_AXIS));
114 panelCsrfUserTagOutput.add(new JLabel("Output token to write "));
115 panelCsrfUserTagOutput.add(this.textfieldCustomCsrfOutputToken);
116 panelCsrfUserTagOutput.setMaximumSize(new Dimension(450, this.textfieldCustomCsrfInputToken.getPreferredSize().height));
117
118 this.textfieldCustomCsrfInputToken.getDocument().addDocumentListener(new DocumentListenerEditing() {
119 @Override
120 public void process() {
121 panelPreferences.getActionListenerSave().actionPerformed(null);
122 }
123 });
124 this.textfieldCustomCsrfOutputToken.getDocument().addDocumentListener(new DocumentListenerEditing() {
125 @Override
126 public void process() {
127 panelPreferences.getActionListenerSave().actionPerformed(null);
128 }
129 });
130
131 ActionListener actionListenerNotProcessingCookies = actionEvent -> {
132 this.checkboxIsProcessingCsrf.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
133 this.textfieldCustomCsrfInputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
134 this.textfieldCustomCsrfOutputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
135 this.checkboxIsCsrfUserTag.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
136 panelPreferences.getActionListenerSave().actionPerformed(null);
137 };
138 this.checkboxIsNotProcessingCookies.addActionListener(actionListenerNotProcessingCookies);
139
140 this.textfieldCustomCsrfInputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
141 this.textfieldCustomCsrfOutputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
142 this.checkboxIsProcessingCsrf.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
143 this.checkboxIsCsrfUserTag.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
144
145 Stream.of(
146 this.checkboxIsFollowingRedirection,
147 this.checkboxIsHttp2Disabled,
148 this.checkboxIsUnicodeDecodeDisabled,
149 this.checkboxIsUrlDecodeDisabled,
150 this.checkboxIsNotTestingConnection,
151 this.checkboxIsProcessingCsrf,
152 this.checkboxIsCsrfUserTag,
153 this.checkboxIsNotProcessingCookies,
154 this.checkboxIsLimitingThreads,
155 this.checkboxIsConnectionTimeout
156 )
157 .forEach(button -> button.addActionListener(panelPreferences.getActionListenerSave()));
158
159 this.checkboxIsFollowingRedirection.setName("checkboxIsFollowingRedirection");
160 this.checkboxIsHttp2Disabled.setName("checkboxIsHttp2Disabled");
161 this.checkboxIsUnicodeDecodeDisabled.setName("checkboxIsUnicodeDecodeDisabled");
162 this.checkboxIsUrlDecodeDisabled.setName("checkboxIsUrlDecodeDisabled");
163 this.checkboxIsNotTestingConnection.setName("checkboxIsNotTestingConnection");
164 this.checkboxIsProcessingCsrf.setName("checkboxIsProcessingCsrf");
165 this.checkboxIsCsrfUserTag.setName("checkboxIsCsrfUserTag");
166 this.checkboxIsNotProcessingCookies.setName("checkboxIsNotProcessingCookies");
167 this.checkboxIsLimitingThreads.setName("checkboxIsLimitingThreads");
168 this.checkboxIsConnectionTimeout.setName("checkboxIsConnectionTimeout");
169
170 var labelOrigin = new JLabel("<html><b>Network settings</b></html>");
171 var labelSessionManagement = new JLabel("<html><br /><b>Session and Cookie management</b></html>");
172 Arrays.asList(labelOrigin, labelSessionManagement)
173 .forEach(label -> label.setBorder(PanelGeneral.MARGIN));
174
175 var groupLayout = new GroupLayout(this);
176 this.setLayout(groupLayout);
177
178 groupLayout.setHorizontalGroup(
179 groupLayout
180 .createSequentialGroup()
181 .addGroup(
182 groupLayout
183 .createParallelGroup(GroupLayout.Alignment.LEADING, false)
184 .addComponent(labelOrigin)
185 .addComponent(this.checkboxIsFollowingRedirection)
186 .addComponent(this.checkboxIsHttp2Disabled)
187 .addComponent(this.checkboxIsUnicodeDecodeDisabled)
188 .addComponent(this.checkboxIsUrlDecodeDisabled)
189 .addComponent(this.checkboxIsNotTestingConnection)
190 .addComponent(this.checkboxIsLimitingThreads)
191 .addComponent(panelThreadCount)
192 .addComponent(this.checkboxIsConnectionTimeout)
193 .addComponent(panelConnectionTimeout)
194 .addComponent(labelSessionManagement)
195 .addComponent(this.checkboxIsNotProcessingCookies)
196 .addComponent(this.checkboxIsProcessingCsrf)
197 .addComponent(this.checkboxIsCsrfUserTag)
198 .addComponent(panelCsrfUserTagInput)
199 .addComponent(panelCsrfUserTagOutput)
200 )
201 );
202
203 groupLayout.setVerticalGroup(
204 groupLayout
205 .createSequentialGroup()
206 .addGroup(
207 groupLayout
208 .createParallelGroup(GroupLayout.Alignment.BASELINE)
209 .addComponent(labelOrigin)
210 )
211 .addGroup(
212 groupLayout
213 .createParallelGroup(GroupLayout.Alignment.BASELINE)
214 .addComponent(this.checkboxIsFollowingRedirection)
215 )
216 .addGroup(
217 groupLayout
218 .createParallelGroup(GroupLayout.Alignment.BASELINE)
219 .addComponent(this.checkboxIsHttp2Disabled)
220 )
221 .addGroup(
222 groupLayout
223 .createParallelGroup(GroupLayout.Alignment.BASELINE)
224 .addComponent(this.checkboxIsUnicodeDecodeDisabled)
225 )
226 .addGroup(
227 groupLayout
228 .createParallelGroup(GroupLayout.Alignment.BASELINE)
229 .addComponent(this.checkboxIsUrlDecodeDisabled)
230 )
231 .addGroup(
232 groupLayout
233 .createParallelGroup(GroupLayout.Alignment.BASELINE)
234 .addComponent(this.checkboxIsNotTestingConnection)
235 )
236 .addGroup(
237 groupLayout
238 .createParallelGroup(GroupLayout.Alignment.BASELINE)
239 .addComponent(this.checkboxIsLimitingThreads)
240 )
241 .addGroup(
242 groupLayout
243 .createParallelGroup(GroupLayout.Alignment.BASELINE)
244 .addComponent(panelThreadCount)
245 )
246 .addGroup(
247 groupLayout
248 .createParallelGroup(GroupLayout.Alignment.BASELINE)
249 .addComponent(this.checkboxIsConnectionTimeout)
250 )
251 .addGroup(
252 groupLayout
253 .createParallelGroup(GroupLayout.Alignment.BASELINE)
254 .addComponent(panelConnectionTimeout)
255 )
256
257 .addGroup(
258 groupLayout
259 .createParallelGroup(GroupLayout.Alignment.BASELINE)
260 .addComponent(labelSessionManagement)
261 )
262 .addGroup(
263 groupLayout
264 .createParallelGroup(GroupLayout.Alignment.BASELINE)
265 .addComponent(this.checkboxIsNotProcessingCookies)
266 )
267 .addGroup(
268 groupLayout
269 .createParallelGroup(GroupLayout.Alignment.BASELINE)
270 .addComponent(this.checkboxIsProcessingCsrf)
271 )
272 .addGroup(
273 groupLayout
274 .createParallelGroup(GroupLayout.Alignment.BASELINE)
275 .addComponent(this.checkboxIsCsrfUserTag)
276 )
277 .addGroup(
278 groupLayout
279 .createParallelGroup(GroupLayout.Alignment.BASELINE)
280 .addComponent(panelCsrfUserTagInput)
281 )
282 .addGroup(
283 groupLayout
284 .createParallelGroup(GroupLayout.Alignment.BASELINE)
285 .addComponent(panelCsrfUserTagOutput)
286 )
287 );
288 }
289
290
291
292
293 public JCheckBox getCheckboxIsFollowingRedirection() {
294 return this.checkboxIsFollowingRedirection;
295 }
296
297 public JCheckBox getCheckboxIsHttp2Disabled() {
298 return this.checkboxIsHttp2Disabled;
299 }
300
301 public JCheckBox getCheckboxIsUnicodeDecodeDisabled() {
302 return this.checkboxIsUnicodeDecodeDisabled;
303 }
304
305 public JCheckBox getCheckboxIsUrlDecodeDisabled() {
306 return this.checkboxIsUrlDecodeDisabled;
307 }
308
309 public JCheckBox getCheckboxIsNotTestingConnection() {
310 return this.checkboxIsNotTestingConnection;
311 }
312
313 public JCheckBox getCheckboxIsNotProcessingCookies() {
314 return this.checkboxIsNotProcessingCookies;
315 }
316
317 public JCheckBox getCheckboxIsProcessingCsrf() {
318 return this.checkboxIsProcessingCsrf;
319 }
320
321 public JCheckBox getCheckboxIsLimitingThreads() {
322 return this.checkboxIsLimitingThreads;
323 }
324
325 public JSpinner getSpinnerLimitingThreads() {
326 return this.spinnerLimitingThreads;
327 }
328
329 public JCheckBox getCheckboxIsConnectionTimeout() {
330 return this.checkboxIsConnectionTimeout;
331 }
332
333 public JSpinner getSpinnerConnectionTimeout() {
334 return this.spinnerConnectionTimeout;
335 }
336
337 public JCheckBox getCheckboxIsCsrfUserTag() {
338 return this.checkboxIsCsrfUserTag;
339 }
340
341 public JTextField getTextfieldCsrfUserTag() {
342 return this.textfieldCustomCsrfInputToken;
343 }
344
345 public JTextField getTextfieldCsrfUserTagOutput() {
346 return this.textfieldCustomCsrfOutputToken;
347 }
348 }