Merge pull request #28 from AndreyRainchik/master

GET requests with bodies won't be truncated

src/main/java/burp/BurpExtender.java

@@ -470,7 +470,8 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
 
                 java.util.List<String> headers = request.getHeaders();
 
-                if (headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("x-amz-date")))) {
+                if (headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("x-amz-date"))) &&
+                        headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("authorization")))) {
                     String[] profile = this.profiles.get(Menu.getEnabledProfile());
                     byte[] signedRequest;
                     if (dynamicRegionAndService.isSelected()) {

src/main/java/burp/Utility.java

@@ -102,7 +102,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo,
         String notUnicode = "[^\\u0000-\\u007F]+";
         String payloadHash;
 
-        if (!requestInfo.getMethod().equals("GET")){
+        if (!requestInfo.getMethod().equals("GET") || requestInfo.getBodyOffset() > 0){
 
             int bodyOffset = requestInfo.getBodyOffset();
             body = hexToString(bytesToHex(Arrays.copyOfRange(request, bodyOffset, request.length)));
@@ -119,6 +119,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo,
                 }
                 body = sanitize;
             }
+            pw.println(Base64.getEncoder().encodeToString(body.getBytes("utf-8")));
             payloadHash = Hashing.sha256().hashString(body, StandardCharsets.UTF_8).toString().toLowerCase();
 
         } else {
@@ -273,7 +274,7 @@ private static String getSignedHeaders(String authHeader){
             signedHeaders = matcher.group(1);
         }
 
-        return  signedHeaders;
+        return signedHeaders;
 
     }
     private static String bytesToHex(byte[] bytes) {