1 package com.jsql.view.swing.panel.preferences;
2
3 import com.jsql.view.swing.panel.PanelPreferences;
4 import com.jsql.view.swing.panel.preferences.listener.SpinnerMouseWheelListener;
5 import com.jsql.view.swing.text.JPopupTextField;
6 import com.jsql.view.swing.text.listener.DocumentListenerEditing;
7 import com.jsql.view.swing.util.MediatorHelper;
8 import org.apache.commons.lang3.StringUtils;
9
10 import javax.swing.*;
11 import java.awt.*;
12 import java.awt.event.ActionListener;
13 import java.util.Arrays;
14 import java.util.stream.Stream;
15
16 public class PanelConnection extends JPanel {
17
18 public static final String CHECKBOX_IS_FOLLOWING_REDIRECTION = "checkboxIsFollowingRedirection";
19
20 private final JCheckBox checkboxIsFollowingRedirection = new JCheckBox("Follow redirection", MediatorHelper.model().getMediatorUtils().preferencesUtil().isFollowingRedirection());
21 private final JCheckBox checkboxIsHttp2Disabled = new JCheckBox("Disable HTTP/2", MediatorHelper.model().getMediatorUtils().preferencesUtil().isHttp2Disabled());
22 private final JCheckBox checkboxIsNotTestingConnection = new JCheckBox("Disable connection test", MediatorHelper.model().getMediatorUtils().preferencesUtil().isNotTestingConnection());
23 private final JCheckBox checkboxIsNotProcessingCookies = new JCheckBox("Disable session cookies", MediatorHelper.model().getMediatorUtils().preferencesUtil().isNotProcessingCookies());
24 private final JCheckBox checkboxIsProcessingCsrf = new JCheckBox("Process CSRF token (search for XSRF-TOKEN/.../_csrf ; then set X-XSRF-TOKEN/.../_csrf)", MediatorHelper.model().getMediatorUtils().preferencesUtil().isProcessingCsrf());
25 private final JCheckBox checkboxIsLimitingThreads = new JCheckBox("Limit processing threads:", MediatorHelper.model().getMediatorUtils().preferencesUtil().isLimitingThreads());
26 private final JCheckBox checkboxIsConnectionTimeout = new JCheckBox("Set timeout:", MediatorHelper.model().getMediatorUtils().preferencesUtil().isConnectionTimeout());
27 private final JCheckBox checkboxIsUnicodeDecodeDisabled = new JCheckBox("Disable Unicode decoding in response", MediatorHelper.model().getMediatorUtils().preferencesUtil().isUnicodeDecodeDisabled());
28 private final JCheckBox checkboxIsUrlDecodeDisabled = new JCheckBox("Disable URL decoding in response", MediatorHelper.model().getMediatorUtils().preferencesUtil().isUrlDecodeDisabled());
29
30 private final JSpinner spinnerLimitingThreads = new JSpinner();
31 private final JSpinner spinnerConnectionTimeout = new JSpinner();
32
33 private final JCheckBox checkboxIsCsrfUserTag = new JCheckBox("Additional custom CSRF token to check:", MediatorHelper.model().getMediatorUtils().preferencesUtil().isCsrfUserTag());
34 private final JTextField textfieldCustomCsrfInputToken = new JPopupTextField(StringUtils.EMPTY, MediatorHelper.model().getMediatorUtils().preferencesUtil().csrfUserTag()).getProxy();
35 private final JTextField textfieldCustomCsrfOutputToken = new JPopupTextField(StringUtils.EMPTY, MediatorHelper.model().getMediatorUtils().preferencesUtil().csrfUserTagOutput()).getProxy();
36
37 public PanelConnection(PanelPreferences panelPreferences) {
38 this.checkboxIsFollowingRedirection.setToolTipText(
39 "<html>HTTP 3XX response indicates page's location has changed.<br>" +
40 "Redirect automatically to the new location.</html>"
41 );
42 this.checkboxIsHttp2Disabled.setToolTipText("<html>Some website works with HTTP/1.1 only.<br>Disable HTTP/2 in favor of HTTP/1.1.</html>");
43 this.checkboxIsUnicodeDecodeDisabled.setToolTipText(
44 "<html>Unicode entities \\uXXXX are decoded to raw characters by default.<br>" +
45 "Check to disable this behavior.</html>"
46 );
47 this.checkboxIsUrlDecodeDisabled.setToolTipText(
48 "<html>URL entities %XX are decoded to raw characters by default.<br>" +
49 "Check to disable this behavior.</html>"
50 );
51 this.checkboxIsNotTestingConnection.setToolTipText(
52 "<html>Connectivity to target is checked first to stop when target is dead, like with 404 Not Found.<br>"
53 + "Check option to process with injection whatever problem exists.</html>"
54 );
55 this.checkboxIsNotProcessingCookies.setToolTipText(
56 "<html>Cookies persist data between connections.<br>" +
57 "Sometimes persisted data like user's session is messing with injection and have to be ignored.</html>"
58 );
59 this.checkboxIsLimitingThreads.setToolTipText(
60 "<html>Various tasks are processed in parallel to save time.<br>"
61 + "Target that detects too much calls during a period can close the connection,<br>"
62 + "in that case it helps lowering threads or keeping a single thread.</html>"
63 );
64 this.checkboxIsConnectionTimeout.setToolTipText("End connection when target takes this long to answer, it can be lowered down to save time in some cases.");
65 this.checkboxIsProcessingCsrf.setToolTipText(
66 "<html>Search for common CSRF tokens in response header and body.<br>" +
67 "Inject back the value in the query, header and request body.</html>"
68 );
69
70 var panelConnectionTimeout = new JPanel();
71 panelConnectionTimeout.setLayout(new BoxLayout(panelConnectionTimeout, BoxLayout.X_AXIS));
72 panelConnectionTimeout.add(new JLabel("Close connection after "));
73 panelConnectionTimeout.add(this.spinnerConnectionTimeout);
74 panelConnectionTimeout.add(new JLabel(" s ; default 15s"));
75 panelConnectionTimeout.setMaximumSize(new Dimension(125, this.spinnerConnectionTimeout.getPreferredSize().height));
76 int countConnectionTimeout = MediatorHelper.model().getMediatorUtils().preferencesUtil().countConnectionTimeout();
77 var spinnerConnectionModel = new SpinnerNumberModel(
78 countConnectionTimeout <= 0 ? 15 : countConnectionTimeout,
79 1,
80 30,
81 1
82 );
83 this.spinnerConnectionTimeout.setModel(spinnerConnectionModel);
84 this.spinnerConnectionTimeout.addMouseWheelListener(new SpinnerMouseWheelListener());
85 this.spinnerConnectionTimeout.addChangeListener(e -> panelPreferences.getActionListenerSave().actionPerformed(null));
86
87 var panelThreadCount = new JPanel();
88 panelThreadCount.setLayout(new BoxLayout(panelThreadCount, BoxLayout.X_AXIS));
89 panelThreadCount.add(new JLabel("Use "));
90 panelThreadCount.add(this.spinnerLimitingThreads);
91 panelThreadCount.add(new JLabel(" thread(s) ; default 5 threads"));
92 panelThreadCount.setMaximumSize(new Dimension(125, this.spinnerLimitingThreads.getPreferredSize().height));
93 int countLimitingThreads = MediatorHelper.model().getMediatorUtils().preferencesUtil().countLimitingThreads();
94 var spinnerNumberModel = new SpinnerNumberModel(
95 countLimitingThreads <= 0 ? 10 : countLimitingThreads,
96 1,
97 100,
98 1
99 );
100 this.spinnerLimitingThreads.setModel(spinnerNumberModel);
101 this.spinnerLimitingThreads.addMouseWheelListener(new SpinnerMouseWheelListener());
102 this.spinnerLimitingThreads.addChangeListener(e -> panelPreferences.getActionListenerSave().actionPerformed(null));
103
104 this.checkboxIsCsrfUserTag.setToolTipText(
105 "<html>Process custom CSRF.<br>" +
106 "Read value from input token and write value to output token.</html>"
107 );
108
109 var panelCsrfUserTagInput = new JPanel();
110 panelCsrfUserTagInput.setLayout(new BoxLayout(panelCsrfUserTagInput, BoxLayout.LINE_AXIS));
111 panelCsrfUserTagInput.add(new JLabel("Input token name to search "));
112 panelCsrfUserTagInput.add(this.textfieldCustomCsrfInputToken);
113 panelCsrfUserTagInput.setMaximumSize(new Dimension(450, this.textfieldCustomCsrfInputToken.getPreferredSize().height));
114
115 var panelCsrfUserTagOutput = new JPanel();
116 panelCsrfUserTagOutput.setLayout(new BoxLayout(panelCsrfUserTagOutput, BoxLayout.LINE_AXIS));
117 panelCsrfUserTagOutput.add(new JLabel("Output token name to set "));
118 panelCsrfUserTagOutput.add(this.textfieldCustomCsrfOutputToken);
119 panelCsrfUserTagOutput.setMaximumSize(new Dimension(450, this.textfieldCustomCsrfInputToken.getPreferredSize().height));
120
121 this.textfieldCustomCsrfInputToken.getDocument().addDocumentListener(new DocumentListenerEditing() {
122 @Override
123 public void process() {
124 panelPreferences.getActionListenerSave().actionPerformed(null);
125 }
126 });
127 this.textfieldCustomCsrfOutputToken.getDocument().addDocumentListener(new DocumentListenerEditing() {
128 @Override
129 public void process() {
130 panelPreferences.getActionListenerSave().actionPerformed(null);
131 }
132 });
133
134 ActionListener actionListenerNotProcessingCookies = actionEvent -> {
135 this.checkboxIsProcessingCsrf.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
136 this.textfieldCustomCsrfInputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
137 this.textfieldCustomCsrfOutputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
138 this.checkboxIsCsrfUserTag.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
139 panelPreferences.getActionListenerSave().actionPerformed(null);
140 };
141 this.checkboxIsNotProcessingCookies.addActionListener(actionListenerNotProcessingCookies);
142
143 this.textfieldCustomCsrfInputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
144 this.textfieldCustomCsrfOutputToken.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
145 this.checkboxIsProcessingCsrf.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
146 this.checkboxIsCsrfUserTag.setEnabled(!this.checkboxIsNotProcessingCookies.isSelected());
147
148 Stream.of(
149 this.checkboxIsFollowingRedirection,
150 this.checkboxIsHttp2Disabled,
151 this.checkboxIsUnicodeDecodeDisabled,
152 this.checkboxIsUrlDecodeDisabled,
153 this.checkboxIsNotTestingConnection,
154 this.checkboxIsProcessingCsrf,
155 this.checkboxIsCsrfUserTag,
156 this.checkboxIsNotProcessingCookies,
157 this.checkboxIsLimitingThreads,
158 this.checkboxIsConnectionTimeout
159 )
160 .forEach(button -> button.addActionListener(panelPreferences.getActionListenerSave()));
161
162 this.checkboxIsFollowingRedirection.setName(PanelConnection.CHECKBOX_IS_FOLLOWING_REDIRECTION);
163 this.checkboxIsHttp2Disabled.setName("checkboxIsHttp2Disabled");
164 this.checkboxIsUnicodeDecodeDisabled.setName("checkboxIsUnicodeDecodeDisabled");
165 this.checkboxIsUrlDecodeDisabled.setName("checkboxIsUrlDecodeDisabled");
166 this.checkboxIsNotTestingConnection.setName("checkboxIsNotTestingConnection");
167 this.checkboxIsProcessingCsrf.setName("checkboxIsProcessingCsrf");
168 this.checkboxIsCsrfUserTag.setName("checkboxIsCsrfUserTag");
169 this.checkboxIsNotProcessingCookies.setName("checkboxIsNotProcessingCookies");
170 this.checkboxIsLimitingThreads.setName("checkboxIsLimitingThreads");
171 this.checkboxIsConnectionTimeout.setName("checkboxIsConnectionTimeout");
172
173 var labelOrigin = new JLabel("<html><b>Network settings</b></html>");
174 var labelSessionManagement = new JLabel("<html><br /><b>Session and Cookie management</b></html>");
175 Arrays.asList(labelOrigin, labelSessionManagement)
176 .forEach(label -> label.setBorder(PanelGeneral.MARGIN));
177
178 var groupLayout = new GroupLayout(this);
179 this.setLayout(groupLayout);
180
181 groupLayout.setHorizontalGroup(
182 groupLayout
183 .createSequentialGroup()
184 .addGroup(
185 groupLayout
186 .createParallelGroup(GroupLayout.Alignment.LEADING, false)
187 .addComponent(labelOrigin)
188 .addComponent(this.checkboxIsFollowingRedirection)
189 .addComponent(this.checkboxIsHttp2Disabled)
190 .addComponent(this.checkboxIsUnicodeDecodeDisabled)
191 .addComponent(this.checkboxIsUrlDecodeDisabled)
192 .addComponent(this.checkboxIsNotTestingConnection)
193 .addComponent(this.checkboxIsLimitingThreads)
194 .addComponent(panelThreadCount)
195 .addComponent(this.checkboxIsConnectionTimeout)
196 .addComponent(panelConnectionTimeout)
197 .addComponent(labelSessionManagement)
198 .addComponent(this.checkboxIsNotProcessingCookies)
199 .addComponent(this.checkboxIsProcessingCsrf)
200 .addComponent(this.checkboxIsCsrfUserTag)
201 .addComponent(panelCsrfUserTagInput)
202 .addComponent(panelCsrfUserTagOutput)
203 )
204 );
205
206 groupLayout.setVerticalGroup(
207 groupLayout
208 .createSequentialGroup()
209 .addGroup(
210 groupLayout
211 .createParallelGroup(GroupLayout.Alignment.BASELINE)
212 .addComponent(labelOrigin)
213 )
214 .addGroup(
215 groupLayout
216 .createParallelGroup(GroupLayout.Alignment.BASELINE)
217 .addComponent(this.checkboxIsFollowingRedirection)
218 )
219 .addGroup(
220 groupLayout
221 .createParallelGroup(GroupLayout.Alignment.BASELINE)
222 .addComponent(this.checkboxIsHttp2Disabled)
223 )
224 .addGroup(
225 groupLayout
226 .createParallelGroup(GroupLayout.Alignment.BASELINE)
227 .addComponent(this.checkboxIsUnicodeDecodeDisabled)
228 )
229 .addGroup(
230 groupLayout
231 .createParallelGroup(GroupLayout.Alignment.BASELINE)
232 .addComponent(this.checkboxIsUrlDecodeDisabled)
233 )
234 .addGroup(
235 groupLayout
236 .createParallelGroup(GroupLayout.Alignment.BASELINE)
237 .addComponent(this.checkboxIsNotTestingConnection)
238 )
239 .addGroup(
240 groupLayout
241 .createParallelGroup(GroupLayout.Alignment.BASELINE)
242 .addComponent(this.checkboxIsLimitingThreads)
243 )
244 .addGroup(
245 groupLayout
246 .createParallelGroup(GroupLayout.Alignment.BASELINE)
247 .addComponent(panelThreadCount)
248 )
249 .addGroup(
250 groupLayout
251 .createParallelGroup(GroupLayout.Alignment.BASELINE)
252 .addComponent(this.checkboxIsConnectionTimeout)
253 )
254 .addGroup(
255 groupLayout
256 .createParallelGroup(GroupLayout.Alignment.BASELINE)
257 .addComponent(panelConnectionTimeout)
258 )
259
260 .addGroup(
261 groupLayout
262 .createParallelGroup(GroupLayout.Alignment.BASELINE)
263 .addComponent(labelSessionManagement)
264 )
265 .addGroup(
266 groupLayout
267 .createParallelGroup(GroupLayout.Alignment.BASELINE)
268 .addComponent(this.checkboxIsNotProcessingCookies)
269 )
270 .addGroup(
271 groupLayout
272 .createParallelGroup(GroupLayout.Alignment.BASELINE)
273 .addComponent(this.checkboxIsProcessingCsrf)
274 )
275 .addGroup(
276 groupLayout
277 .createParallelGroup(GroupLayout.Alignment.BASELINE)
278 .addComponent(this.checkboxIsCsrfUserTag)
279 )
280 .addGroup(
281 groupLayout
282 .createParallelGroup(GroupLayout.Alignment.BASELINE)
283 .addComponent(panelCsrfUserTagInput)
284 )
285 .addGroup(
286 groupLayout
287 .createParallelGroup(GroupLayout.Alignment.BASELINE)
288 .addComponent(panelCsrfUserTagOutput)
289 )
290 );
291 }
292
293
294
295
296 public JCheckBox getCheckboxIsFollowingRedirection() {
297 return this.checkboxIsFollowingRedirection;
298 }
299
300 public JCheckBox getCheckboxIsHttp2Disabled() {
301 return this.checkboxIsHttp2Disabled;
302 }
303
304 public JCheckBox getCheckboxIsUnicodeDecodeDisabled() {
305 return this.checkboxIsUnicodeDecodeDisabled;
306 }
307
308 public JCheckBox getCheckboxIsUrlDecodeDisabled() {
309 return this.checkboxIsUrlDecodeDisabled;
310 }
311
312 public JCheckBox getCheckboxIsNotTestingConnection() {
313 return this.checkboxIsNotTestingConnection;
314 }
315
316 public JCheckBox getCheckboxIsNotProcessingCookies() {
317 return this.checkboxIsNotProcessingCookies;
318 }
319
320 public JCheckBox getCheckboxIsProcessingCsrf() {
321 return this.checkboxIsProcessingCsrf;
322 }
323
324 public JCheckBox getCheckboxIsLimitingThreads() {
325 return this.checkboxIsLimitingThreads;
326 }
327
328 public JSpinner getSpinnerLimitingThreads() {
329 return this.spinnerLimitingThreads;
330 }
331
332 public JCheckBox getCheckboxIsConnectionTimeout() {
333 return this.checkboxIsConnectionTimeout;
334 }
335
336 public JSpinner getSpinnerConnectionTimeout() {
337 return this.spinnerConnectionTimeout;
338 }
339
340 public JCheckBox getCheckboxIsCsrfUserTag() {
341 return this.checkboxIsCsrfUserTag;
342 }
343
344 public JTextField getTextfieldCsrfUserTag() {
345 return this.textfieldCustomCsrfInputToken;
346 }
347
348 public JTextField getTextfieldCsrfUserTagOutput() {
349 return this.textfieldCustomCsrfOutputToken;
350 }
351 }