View Javadoc
1   package com.jsql.view.swing.panel.preferences;
2   
3   import com.jsql.view.swing.panel.PanelPreferences;
4   import com.jsql.view.swing.panel.preferences.listener.SpinnerMouseWheelListener;
5   import com.jsql.view.swing.text.JPopupTextField;
6   import com.jsql.view.swing.text.listener.DocumentListenerEditing;
7   import com.jsql.view.swing.util.MediatorHelper;
8   import org.apache.commons.lang3.StringUtils;
9   
10  import javax.swing.*;
11  import java.awt.*;
12  import java.awt.event.ActionListener;
13  import java.util.Arrays;
14  import java.util.stream.Stream;
15  
16  public class PanelConnection extends JPanel {
17  
18      public static final String CHECKBOX_IS_FOLLOWING_REDIRECTION = "checkboxIsFollowingRedirection";
19  
20      private final JCheckBox checkboxIsFollowingRedirection = new JCheckBox("Follow redirection", MediatorHelper.model().getMediatorUtils().preferencesUtil().isFollowingRedirection());
21      private final JCheckBox checkboxIsHttp2Disabled = new JCheckBox("Disable HTTP/2", MediatorHelper.model().getMediatorUtils().preferencesUtil().isHttp2Disabled());
22      private final JCheckBox checkboxIsNotTestingConnection = new JCheckBox("Disable connection test", MediatorHelper.model().getMediatorUtils().preferencesUtil().isNotTestingConnection());
23      private final JCheckBox checkboxIsNotProcessingCookies = new JCheckBox("Disable session cookies", MediatorHelper.model().getMediatorUtils().preferencesUtil().isNotProcessingCookies());
24      private final JCheckBox checkboxIsProcessingCsrf = new JCheckBox("Process CSRF token (search for XSRF-TOKEN/.../_csrf ; then set X-XSRF-TOKEN/.../_csrf)", MediatorHelper.model().getMediatorUtils().preferencesUtil().isProcessingCsrf());
25      private final JCheckBox checkboxIsLimitingThreads = new JCheckBox("Limit processing threads:", MediatorHelper.model().getMediatorUtils().preferencesUtil().isLimitingThreads());
26      private final JCheckBox checkboxIsConnectionTimeout = new JCheckBox("Set timeout:", MediatorHelper.model().getMediatorUtils().preferencesUtil().isConnectionTimeout());
27      private final JCheckBox checkboxIsUnicodeDecodeDisabled = new JCheckBox("Disable Unicode decoding in response", MediatorHelper.model().getMediatorUtils().preferencesUtil().isUnicodeDecodeDisabled());
28      private final JCheckBox checkboxIsUrlDecodeDisabled = new JCheckBox("Disable URL decoding in response", MediatorHelper.model().getMediatorUtils().preferencesUtil().isUrlDecodeDisabled());
29      
30      private final JSpinner spinnerLimitingThreads = new JSpinner();
31      private final JSpinner spinnerConnectionTimeout = new JSpinner();
32      
33      private final JCheckBox checkboxIsCsrfUserTag = new JCheckBox("Additional custom CSRF token to check:", MediatorHelper.model().getMediatorUtils().preferencesUtil().isCsrfUserTag());
34      private final JTextField textfieldCustomCsrfInputToken = new JPopupTextField(StringUtils.EMPTY, MediatorHelper.model().getMediatorUtils().preferencesUtil().csrfUserTag()).getProxy();
35      private final JTextField textfieldCustomCsrfOutputToken = new JPopupTextField(StringUtils.EMPTY, MediatorHelper.model().getMediatorUtils().preferencesUtil().csrfUserTagOutput()).getProxy();
36      
37      public PanelConnection(PanelPreferences panelPreferences) {
38          this.checkboxIsFollowingRedirection.setToolTipText(
39              "<html>HTTP 3XX response indicates page's location has changed.<br>" +
40              "Redirect automatically to the new location.</html>"
41          );
42          this.checkboxIsHttp2Disabled.setToolTipText("<html>Some website works with HTTP/1.1 only.<br>Disable HTTP/2 in favor of HTTP/1.1.</html>");
43          this.checkboxIsUnicodeDecodeDisabled.setToolTipText(
44              "<html>Unicode entities \\uXXXX are decoded to raw characters by default.<br>" +
45              "Check to disable this behavior.</html>"
46          );
47          this.checkboxIsUrlDecodeDisabled.setToolTipText(
48              "<html>URL entities %XX are decoded to raw characters by default.<br>" +
49              "Check to disable this behavior.</html>"
50          );
51          this.checkboxIsNotTestingConnection.setToolTipText(
52              "<html>Connectivity to target is checked first to stop when target is dead, like with 404 Not Found.<br>"
53              + "Check option to process with injection whatever problem exists.</html>"
54          );
55          this.checkboxIsNotProcessingCookies.setToolTipText(
56              "<html>Cookies persist data between connections.<br>" +
57              "Sometimes persisted data like user's session is messing with injection and have to be ignored.</html>"
58          );
59          this.checkboxIsLimitingThreads.setToolTipText(
60              "<html>Various tasks are processed in parallel to save time.<br>"
61              + "Target that detects too much calls during a period can close the connection,<br>"
62              + "in that case it helps lowering threads or keeping a single thread.</html>"
63          );
64          this.checkboxIsConnectionTimeout.setToolTipText("End connection when target takes this long to answer, it can be lowered down to save time in some cases.");
65          this.checkboxIsProcessingCsrf.setToolTipText(
66              "<html>Search for common CSRF tokens in response header and body.<br>" +
67              "Inject back the value in the query, header and request body.</html>"
68          );
69          
70          var panelConnectionTimeout = new JPanel();
71          panelConnectionTimeout.setLayout(new BoxLayout(panelConnectionTimeout, BoxLayout.X_AXIS));
72          panelConnectionTimeout.add(new JLabel("Close connection after "));
73          panelConnectionTimeout.add(this.spinnerConnectionTimeout);
74          panelConnectionTimeout.add(new JLabel(" s ; default 15s"));
75          panelConnectionTimeout.setMaximumSize(new Dimension(125, this.spinnerConnectionTimeout.getPreferredSize().height));
76          int countConnectionTimeout = MediatorHelper.model().getMediatorUtils().preferencesUtil().countConnectionTimeout();
77          var spinnerConnectionModel = new SpinnerNumberModel(
78              countConnectionTimeout <= 0 ? 15 : countConnectionTimeout,
79              1,
80              30,
81              1
82          );
83          this.spinnerConnectionTimeout.setModel(spinnerConnectionModel);
84          this.spinnerConnectionTimeout.addMouseWheelListener(new SpinnerMouseWheelListener());
85          this.spinnerConnectionTimeout.addChangeListener(e -> panelPreferences.getActionListenerSave().actionPerformed(null));
86  
87          var panelThreadCount = new JPanel();
88          panelThreadCount.setLayout(new BoxLayout(panelThreadCount, BoxLayout.X_AXIS));
89          panelThreadCount.add(new JLabel("Use "));
90          panelThreadCount.add(this.spinnerLimitingThreads);
91          panelThreadCount.add(new JLabel(" thread(s) ; default 5 threads"));
92          panelThreadCount.setMaximumSize(new Dimension(125, this.spinnerLimitingThreads.getPreferredSize().height));
93          int countLimitingThreads = MediatorHelper.model().getMediatorUtils().preferencesUtil().countLimitingThreads();
94          var spinnerNumberModel = new SpinnerNumberModel(
95              countLimitingThreads <= 0 ? 10 : countLimitingThreads,
96              1,
97              100,
98              1
99          );
100         this.spinnerLimitingThreads.setModel(spinnerNumberModel);
101         this.spinnerLimitingThreads.addMouseWheelListener(new SpinnerMouseWheelListener());
102         this.spinnerLimitingThreads.addChangeListener(e -> panelPreferences.getActionListenerSave().actionPerformed(null));
103 
104         this.checkboxIsCsrfUserTag.setToolTipText(
105             "<html>Process custom CSRF.<br>" +
106             "Read value from input token and write value to output token.</html>"
107         );
108 
109         var panelCsrfUserTagInput = new JPanel();
110         panelCsrfUserTagInput.setLayout(new BoxLayout(panelCsrfUserTagInput, BoxLayout.LINE_AXIS));
111         panelCsrfUserTagInput.add(new JLabel("Input token name to search "));
112         panelCsrfUserTagInput.add(this.textfieldCustomCsrfInputToken);
113         panelCsrfUserTagInput.setMaximumSize(new Dimension(450, this.textfieldCustomCsrfInputToken.getPreferredSize().height));
114 
115         var panelCsrfUserTagOutput = new JPanel();
116         panelCsrfUserTagOutput.setLayout(new BoxLayout(panelCsrfUserTagOutput, BoxLayout.LINE_AXIS));
117         panelCsrfUserTagOutput.add(new JLabel("Output token name to set "));
118         panelCsrfUserTagOutput.add(this.textfieldCustomCsrfOutputToken);
119         panelCsrfUserTagOutput.setMaximumSize(new Dimension(450, this.textfieldCustomCsrfInputToken.getPreferredSize().height));
120 
121         this.textfieldCustomCsrfInputToken.getDocument().addDocumentListener(new DocumentListenerEditing() {
122             @Override
123             public void process() {
124                 panelPreferences.getActionListenerSave().actionPerformed(null);
125             }
126         });
127         this.textfieldCustomCsrfOutputToken.getDocument().addDocumentListener(new DocumentListenerEditing() {
128             @Override
129             public void process() {
130                 panelPreferences.getActionListenerSave().actionPerformed(null);
131             }
132         });
133         
134         ActionListener actionListenerNotProcessingCookies = actionEvent -> {
135             this.checkboxIsProcessingCsrf.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
136             this.textfieldCustomCsrfInputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
137             this.textfieldCustomCsrfOutputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
138             this.checkboxIsCsrfUserTag.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
139             panelPreferences.getActionListenerSave().actionPerformed(null);
140         };
141         this.checkboxIsNotProcessingCookies.addActionListener(actionListenerNotProcessingCookies);
142         
143         this.textfieldCustomCsrfInputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
144         this.textfieldCustomCsrfOutputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
145         this.checkboxIsProcessingCsrf.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
146         this.checkboxIsCsrfUserTag.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
147 
148         Stream.of(
149             this.checkboxIsFollowingRedirection,
150             this.checkboxIsHttp2Disabled,
151             this.checkboxIsUnicodeDecodeDisabled,
152             this.checkboxIsUrlDecodeDisabled,
153             this.checkboxIsNotTestingConnection,
154             this.checkboxIsProcessingCsrf,
155             this.checkboxIsCsrfUserTag,
156             this.checkboxIsNotProcessingCookies,
157             this.checkboxIsLimitingThreads,
158             this.checkboxIsConnectionTimeout
159         )
160         .forEach(button -> button.addActionListener(panelPreferences.getActionListenerSave()));
161         
162         this.checkboxIsFollowingRedirection.setName(PanelConnection.CHECKBOX_IS_FOLLOWING_REDIRECTION);
163         this.checkboxIsHttp2Disabled.setName("checkboxIsHttp2Disabled");
164         this.checkboxIsUnicodeDecodeDisabled.setName("checkboxIsUnicodeDecodeDisabled");
165         this.checkboxIsUrlDecodeDisabled.setName("checkboxIsUrlDecodeDisabled");
166         this.checkboxIsNotTestingConnection.setName("checkboxIsNotTestingConnection");
167         this.checkboxIsProcessingCsrf.setName("checkboxIsProcessingCsrf");
168         this.checkboxIsCsrfUserTag.setName("checkboxIsCsrfUserTag");
169         this.checkboxIsNotProcessingCookies.setName("checkboxIsNotProcessingCookies");
170         this.checkboxIsLimitingThreads.setName("checkboxIsLimitingThreads");
171         this.checkboxIsConnectionTimeout.setName("checkboxIsConnectionTimeout");
172 
173         var labelOrigin = new JLabel("<html><b>Network settings</b></html>");
174         var labelSessionManagement = new JLabel("<html><br /><b>Session and Cookie management</b></html>");
175         Arrays.asList(labelOrigin, labelSessionManagement)
176         .forEach(label -> label.setBorder(PanelGeneral.MARGIN));
177 
178         var groupLayout = new GroupLayout(this);
179         this.setLayout(groupLayout);
180 
181         groupLayout.setHorizontalGroup(
182             groupLayout
183             .createSequentialGroup()
184             .addGroup(
185                 groupLayout
186                 .createParallelGroup(GroupLayout.Alignment.LEADING, false)
187                 .addComponent(labelOrigin)
188                 .addComponent(this.checkboxIsFollowingRedirection)
189                 .addComponent(this.checkboxIsHttp2Disabled)
190                 .addComponent(this.checkboxIsUnicodeDecodeDisabled)
191                 .addComponent(this.checkboxIsUrlDecodeDisabled)
192                 .addComponent(this.checkboxIsNotTestingConnection)
193                 .addComponent(this.checkboxIsLimitingThreads)
194                 .addComponent(panelThreadCount)
195                 .addComponent(this.checkboxIsConnectionTimeout)
196                 .addComponent(panelConnectionTimeout)
197                 .addComponent(labelSessionManagement)
198                 .addComponent(this.checkboxIsNotProcessingCookies)
199                 .addComponent(this.checkboxIsProcessingCsrf)
200                 .addComponent(this.checkboxIsCsrfUserTag)
201                 .addComponent(panelCsrfUserTagInput)
202                 .addComponent(panelCsrfUserTagOutput)
203             )
204         );
205 
206         groupLayout.setVerticalGroup(
207             groupLayout
208             .createSequentialGroup()
209             .addGroup(
210                 groupLayout
211                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
212                 .addComponent(labelOrigin)
213             )
214             .addGroup(
215                 groupLayout
216                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
217                 .addComponent(this.checkboxIsFollowingRedirection)
218             )
219             .addGroup(
220                 groupLayout
221                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
222                 .addComponent(this.checkboxIsHttp2Disabled)
223             )
224             .addGroup(
225                 groupLayout
226                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
227                 .addComponent(this.checkboxIsUnicodeDecodeDisabled)
228             )
229             .addGroup(
230                 groupLayout
231                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
232                 .addComponent(this.checkboxIsUrlDecodeDisabled)
233             )
234             .addGroup(
235                 groupLayout
236                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
237                 .addComponent(this.checkboxIsNotTestingConnection)
238             )
239             .addGroup(
240                 groupLayout
241                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
242                 .addComponent(this.checkboxIsLimitingThreads)
243             )
244             .addGroup(
245                 groupLayout
246                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
247                 .addComponent(panelThreadCount)
248             )
249             .addGroup(
250                 groupLayout
251                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
252                 .addComponent(this.checkboxIsConnectionTimeout)
253             )
254             .addGroup(
255                 groupLayout
256                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
257                 .addComponent(panelConnectionTimeout)
258             )
259 
260             .addGroup(
261                 groupLayout
262                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
263                 .addComponent(labelSessionManagement)
264             )
265             .addGroup(
266                 groupLayout
267                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
268                 .addComponent(this.checkboxIsNotProcessingCookies)
269             )
270             .addGroup(
271                 groupLayout
272                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
273                 .addComponent(this.checkboxIsProcessingCsrf)
274             )
275             .addGroup(
276                 groupLayout
277                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
278                 .addComponent(this.checkboxIsCsrfUserTag)
279             )
280             .addGroup(
281                 groupLayout
282                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
283                 .addComponent(panelCsrfUserTagInput)
284             )
285             .addGroup(
286                 groupLayout
287                 .createParallelGroup(GroupLayout.Alignment.BASELINE)
288                 .addComponent(panelCsrfUserTagOutput)
289             )
290         );
291     }
292 
293     
294     // Getter and setter
295     
296     public JCheckBox getCheckboxIsFollowingRedirection() {
297         return this.checkboxIsFollowingRedirection;
298     }
299     
300     public JCheckBox getCheckboxIsHttp2Disabled() {
301         return this.checkboxIsHttp2Disabled;
302     }
303     
304     public JCheckBox getCheckboxIsUnicodeDecodeDisabled() {
305         return this.checkboxIsUnicodeDecodeDisabled;
306     }
307     
308     public JCheckBox getCheckboxIsUrlDecodeDisabled() {
309         return this.checkboxIsUrlDecodeDisabled;
310     }
311     
312     public JCheckBox getCheckboxIsNotTestingConnection() {
313         return this.checkboxIsNotTestingConnection;
314     }
315     
316     public JCheckBox getCheckboxIsNotProcessingCookies() {
317         return this.checkboxIsNotProcessingCookies;
318     }
319     
320     public JCheckBox getCheckboxIsProcessingCsrf() {
321         return this.checkboxIsProcessingCsrf;
322     }
323     
324     public JCheckBox getCheckboxIsLimitingThreads() {
325         return this.checkboxIsLimitingThreads;
326     }
327     
328     public JSpinner getSpinnerLimitingThreads() {
329         return this.spinnerLimitingThreads;
330     }
331     
332     public JCheckBox getCheckboxIsConnectionTimeout() {
333         return this.checkboxIsConnectionTimeout;
334     }
335     
336     public JSpinner getSpinnerConnectionTimeout() {
337         return this.spinnerConnectionTimeout;
338     }
339     
340     public JCheckBox getCheckboxIsCsrfUserTag() {
341         return this.checkboxIsCsrfUserTag;
342     }
343     
344     public JTextField getTextfieldCsrfUserTag() {
345         return this.textfieldCustomCsrfInputToken;
346     }
347     
348     public JTextField getTextfieldCsrfUserTagOutput() {
349         return this.textfieldCustomCsrfOutputToken;
350     }
351 }