Create copy of HttpRequest

CompassSecurity · May 8, 2024 · c4bf152 · c4bf152
1 parent 1527b2b
commit c4bf152
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/src/main/java/BurpExtension/JWTScanCheck.java b/src/main/java/BurpExtension/JWTScanCheck.java
@@ -56,13 +56,13 @@ public AuditResult activeAudit(HttpRequestResponse baseRequestResponse, AuditIns
             api.logging().logToError("No JWT found.");
         }
 
-        HttpRequest checkRequestNoSig = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.removeSignature(origJwt)));
+        HttpRequest checkRequestNoSig = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.removeSignature(origJwt))).withService(baseRequestResponse.httpService());
         HttpRequestResponse checkRequestResponseNoSig = api.http().sendRequest(checkRequestNoSig);
         if (checkRequestResponseNoSig.response().statusCode() == 200){
             api.siteMap().add(JwtAuditIssues.withoutSignature(baseRequestResponse.request().url(), checkRequestResponseNoSig));
         }
 
-        HttpRequest checkRequestSig = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.wrongSignature(origJwt)));
+        HttpRequest checkRequestSig = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.wrongSignature(origJwt))).withService(baseRequestResponse.httpService());
         HttpRequestResponse checkRequestResponseSig = api.http().sendRequest(checkRequestSig);
         if (checkRequestResponseSig.response().statusCode() == 200){
             api.siteMap().add(JwtAuditIssues.invalidSignature(baseRequestResponse.request().url(), checkRequestResponseSig));
@@ -71,26 +71,26 @@ public AuditResult activeAudit(HttpRequestResponse baseRequestResponse, AuditIns
         this.permute("none", "");
 
         for(int i = 0; i< algoList.size(); i++) {
-            HttpRequest checkRequestNone = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.algNone(origJwt, algoList.get(i))));
+            HttpRequest checkRequestNone = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.algNone(origJwt, algoList.get(i)))).withService(baseRequestResponse.httpService());
             HttpRequestResponse checkRequestResponseNone = api.http().sendRequest(checkRequestNone);
             if (checkRequestResponseNone.response().statusCode() == 200) {
                 api.siteMap().add(JwtAuditIssues.getAlgNone(baseRequestResponse.request().url(), checkRequestResponseNone));
             }
         }
 
-        HttpRequest checkRequestEmpty = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.emptyPassword(origJwt)));
+        HttpRequest checkRequestEmpty = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.emptyPassword(origJwt))).withService(baseRequestResponse.httpService());
         HttpRequestResponse checkRequestResponseEmpty = api.http().sendRequest(checkRequestEmpty);
         if (checkRequestResponseEmpty.response().statusCode() == 200){
             api.siteMap().add(JwtAuditIssues.emptyPassword(baseRequestResponse.request().url(), checkRequestResponseEmpty));
         }
 
-        HttpRequest checkRequestEcdsa = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.invalidEcdsa(origJwt)));
+        HttpRequest checkRequestEcdsa = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.invalidEcdsa(origJwt))).withService(baseRequestResponse.httpService());
         HttpRequestResponse checkRequestResponseEcdsa = api.http().sendRequest(checkRequestEcdsa);
         if (checkRequestResponseEcdsa.response().statusCode() == 200){
             api.siteMap().add(JwtAuditIssues.invalidEcdsa(baseRequestResponse.request().url(), checkRequestResponseEcdsa));
         }
 
-        HttpRequest checkRequestJwks = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.jwksInjection(origJwt)));
+        HttpRequest checkRequestJwks = auditInsertionPoint.buildHttpRequestWithPayload(byteArray(jwtModifier.jwksInjection(origJwt))).withService(baseRequestResponse.httpService());
         HttpRequestResponse checkRequestResponseJwks = api.http().sendRequest(checkRequestJwks);
         if (checkRequestResponseJwks.response().statusCode() == 200){
             api.siteMap().add(JwtAuditIssues.jwksInjection(baseRequestResponse.request().url(), checkRequestResponseJwks));