package se.swende;

import burp.IBurpExtenderCallbacks;
import burp.IExtensionHelpers;
import burp.IHttpListener;
import burp.IHttpRequestResponse;
import burp.IHttpRequestResponseWithMarkers;
import burp.IHttpService;
import burp.IScanIssue;
import com.skjegstad.utils.BloomFilter;
import java.io.PrintStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:se/swende/ReferrerLogger.class */
public class ReferrerLogger implements IHttpListener {
    IExtensionHelpers helper;
    IBurpExtenderCallbacks mainframe;
    PrintStream out;
    PrintStream err;
    private double falsePositiveProbability;
    private int expectedNumberOfElements;
    private BloomFilter<String> reported;

    public ReferrerLogger(IBurpExtenderCallbacks iBurpExtenderCallbacks) {
        this.helper = null;
        this.falsePositiveProbability = 1.0E-4d;
        this.expectedNumberOfElements = 10000;
        this.reported = new BloomFilter<>(this.falsePositiveProbability, this.expectedNumberOfElements);
        this.mainframe = iBurpExtenderCallbacks;
        this.helper = this.mainframe.getHelpers();
        this.out = new PrintStream(iBurpExtenderCallbacks.getStdout());
        this.err = new PrintStream(iBurpExtenderCallbacks.getStderr());
    }

    public ReferrerLogger() {
        this.helper = null;
        this.falsePositiveProbability = 1.0E-4d;
        this.expectedNumberOfElements = 10000;
        this.reported = new BloomFilter<>(this.falsePositiveProbability, this.expectedNumberOfElements);
        this.out = System.out;
        this.out.println("Referer host| Fetched host| Accept header | Full ref url | Full fetched url");
    }

    public void runThroughHistory() {
        for (IHttpRequestResponse iHttpRequestResponse : this.mainframe.getProxyHistory()) {
            processHttpMessage(4, true, iHttpRequestResponse);
        }
    }

    public void processHttpMessage(int i, boolean z, IHttpRequestResponse iHttpRequestResponse) {
        if (z) {
            URL url = iHttpRequestResponse.getUrl();
            String str = "<N/A>";
            String str2 = "<N/A>";
            for (String str3 : this.helper.analyzeRequest(iHttpRequestResponse).getHeaders()) {
                if (str3.startsWith("Referer:")) {
                    str = str3.substring("Referer:".length()).toLowerCase().trim();
                } else if (str3.startsWith("Accept:")) {
                    str2 = str3.substring("Accept:".length()).toLowerCase().trim();
                }
            }
            if (str2 == null || !str2.startsWith("image/")) {
                try {
                    URL url2 = new URL(str);
                    if (url.getHost().equalsIgnoreCase(url2.getHost())) {
                        if (url2.getProtocol().equalsIgnoreCase(url.getProtocol())) {
                            return;
                        }
                    }
                    if (log(url2, url, str2)) {
                        return;
                    }
                    String str4 = new String(iHttpRequestResponse.getRequest());
                    LinkedList linkedList = new LinkedList();
                    linkedList.add(findMarkers(str4, "Referer: "));
                    linkedList.add(findMarkers(str4, "Accept: "));
                    IHttpRequestResponseWithMarkers applyMarkers = this.mainframe.applyMarkers(iHttpRequestResponse, (List) null, (List) null);
                    this.mainframe.addScanIssue(createIssue(url2, applyMarkers, applyMarkers.getUrl() + " was loaded with Accept-header " + str2));
                } catch (MalformedURLException e) {
                }
            }
        }
    }

    private int[] findMarkers(String str, String str2) {
        int indexOf = str.indexOf(str2);
        int indexOf2 = str.indexOf("\r\n", indexOf);
        int[] iArr = {0, 10};
        this.out.println("Marked " + indexOf + " - " + indexOf2 + " while searching for " + str2);
        return iArr;
    }

    private boolean log(URL url, URL url2, String str) {
        String str2 = "<N/A>";
        String str3 = "<N/A>";
        if (url != null) {
            str2 = url.getHost();
            str3 = url.toString();
        }
        String str4 = String.valueOf(str2) + "|" + url2.getHost() + " | " + str + " | " + str3 + " | " + url2;
        if (this.reported.contains((BloomFilter<String>) str4)) {
            return false;
        }
        this.reported.add((BloomFilter<String>) str4);
        this.out.println(str4);
        return true;
    }

    private IScanIssue createIssue(final URL url, final IHttpRequestResponseWithMarkers iHttpRequestResponseWithMarkers, String str) {
        return new IScanIssue() { // from class: se.swende.ReferrerLogger.1
            public URL getUrl() {
                ReferrerLogger.this.out.println("getUrl called");
                return url;
            }

            public String getSeverity() {
                ReferrerLogger.this.out.println("getSeverity called");
                return "Information";
            }

            public String getRemediationDetail() {
                return "Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfill, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.";
            }

            public String getRemediationBackground() {
                return null;
            }

            public String getProtocol() {
                ReferrerLogger.this.out.println("getProtocol called");
                return url.getProtocol();
            }

            public int getPort() {
                ReferrerLogger.this.out.println("getPort called");
                return url.getPort() == -1 ? url.getDefaultPort() : url.getPort();
            }

            public int getIssueType() {
                return 0;
            }

            public String getIssueName() {
                return "Potential cross-domain script include";
            }

            public String getIssueDetail() {
                StringBuilder sb = new StringBuilder("The page appears to include scripts from other domains. This was found via network monitoring of outgoing requests and checking the referer- and accept- headers. This may be a false positive. The following URLS were fetched:");
                sb.append("<ul>");
                sb.append("<li>" + ((Object) sb) + "</li>");
                sb.append("</ul>");
                return sb.toString();
            }

            public String getIssueBackground() {
                return "When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.  If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.";
            }

            public IHttpService getHttpService() {
                ReferrerLogger.this.out.println("getHTTPService called");
                return new IHttpService() { // from class: se.swende.ReferrerLogger.1.1
                    public String getProtocol() {
                        return this.getProtocol();
                    }

                    public int getPort() {
                        return this.getPort();
                    }

                    public String getHost() {
                        return this.getHost();
                    }
                };
            }

            public IHttpRequestResponse[] getHttpMessages() {
                ReferrerLogger.this.out.println("getHttpMessages called");
                return new IHttpRequestResponse[]{iHttpRequestResponseWithMarkers};
            }

            public String getHost() {
                return url.getHost();
            }

            public String getConfidence() {
                return "Tentative";
            }
        };
    }

    public static void main(String[] strArr) {
        System.out.println(String.valueOf(new BloomFilter(1.0E-4d, 10000).getBitSet().size() / 1024) + "k");
    }
}
