diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index e2add68..0ff6504 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -470,7 +470,8 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ java.util.List headers = request.getHeaders(); - if (headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("x-amz-date")))) { + if (headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("x-amz-date"))) && + headers.stream().anyMatch((str -> str.trim().toLowerCase().contains("authorization")))) { String[] profile = this.profiles.get(Menu.getEnabledProfile()); byte[] signedRequest; if (dynamicRegionAndService.isSelected()) { diff --git a/src/main/java/burp/Utility.java b/src/main/java/burp/Utility.java index c206bba..0e5730a 100644 --- a/src/main/java/burp/Utility.java +++ b/src/main/java/burp/Utility.java @@ -102,7 +102,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo, String notUnicode = "[^\\u0000-\\u007F]+"; String payloadHash; - if (!requestInfo.getMethod().equals("GET")){ + if (!requestInfo.getMethod().equals("GET") || requestInfo.getBodyOffset() > 0){ int bodyOffset = requestInfo.getBodyOffset(); body = hexToString(bytesToHex(Arrays.copyOfRange(request, bodyOffset, request.length))); @@ -119,6 +119,7 @@ static byte[] signRequest(IHttpRequestResponse messageInfo, } body = sanitize; } + pw.println(Base64.getEncoder().encodeToString(body.getBytes("utf-8"))); payloadHash = Hashing.sha256().hashString(body, StandardCharsets.UTF_8).toString().toLowerCase(); } else { @@ -273,7 +274,7 @@ private static String getSignedHeaders(String authHeader){ signedHeaders = matcher.group(1); } - return signedHeaders; + return signedHeaders; } private static String bytesToHex(byte[] bytes) {