ATOR V3 - OTP Support

README.md

@@ -96,7 +96,16 @@ Idea : Record the Tiredful application request in BURP, configure the ATOR exten
 8. Do the Step7 again and check the flow
     - This time extender will not invoke the steps because existing token is valid and so it uses that.
 
-
+## ATOR v3
+1. Base 64 encode/decode feature is added. This can be used in extraction layer.
+2. OTP validation support
+   - mysms.com app needs to be configure for this feature. Register your mobile number with this application. And use the API key, password, sendername, key and phonenumber on ATOR Settings panel.
+3. [CONFIG](config/v3)
+    - 3 apps are used here to showcase the demo. 
+    - All the config files are shared. Take this as a reference and import it to get an understanding of how we can configure ATOR.
+    - This gives you an idea about how ATOR-v3 plugin solves the authentication issue which varies from simple to complex scenario's (OAuth based)
+4. [V3 Binary](bin/ATOR-v3.0.0.jar)
+    - Please take this binary file for ATOR-v3 plugin.
 ## Built With
 
 * [SWING](https://javadoc.scijava.org/Java7/javax/swing/package-summary.html) - Used to add panel

config/v3/ator-export-demo1/app.text

@@ -0,0 +1,5 @@
+https://app.binder.com.au/
+
+This application is used to show this simple flow.
+- Login username and password should sent as ATOR Macro. And extract session token as base64 encode
+- Use that extraction in all subsequent requests.

config/v3/ator-export-demo1/export.json

@@ -0,0 +1,63 @@
+{
+    "errorConditionReplacement": {
+        "TriggerCondition": {
+            "MainCondition": "condition-1",
+            "multipleerrorcondition": []
+        },
+        "ErrorConditionReplacementList": [
+            {
+                "headerName": "Authorization:",
+                "selectedText": "ZNNlYTBmYTctODc5MC00YzAxLTg3NGQtNmRlYTY2ZWFhOWU2",
+                "ExtractionName": "session_token_res1",
+                "stopString": "Og==",
+                "startString": "asic ",
+                "Name": "rep_session_token_res1"
+            }
+        ]
+    },
+    "obtainToken": {
+        "Ator": [
+            {
+                "Comment": null,
+                "httpServiceport": 443,
+                "request": "POST \/authentication\/Sessions HTTP\/2\r\nHost: api.binder.works\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko\/20100101 Firefox\/102.0\r\nAccept: application\/json, text\/plain, *\/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application\/json;charset=utf-8\r\nContent-Length: 72\r\nOrigin: https:\/\/app.binder.com.au\r\nDnt: 1\r\nReferer: https:\/\/app.binder.com.au\/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nTe: trailers\r\n\r\n{\"username\":\"[email protected]\",\"clearTextPassword\":\"LasVegas123**\"}",
+                "Highlight": null,
+                "response": "HTTP\/2 201 Created\r\nDate: Wed, 04 Oct 2023 10:52:51 GMT\r\nContent-Type: application\/json; charset=utf-8\r\nContent-Length: 256\r\nCache-Control: no-store, must-revalidate, no-cache\r\nPragma: no-cache\r\nExpires: Wed, 04 Oct 2023 10:52:51 GMT\r\nServer: Microsoft-IIS\/10.0\r\nAccess-Control-Allow-Origin: https:\/\/app.binder.com.au\r\nAccess-Control-Allow-Credentials: true\r\nX-Aspnet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n{\r\n  \"SessionToken\": \"fcea0fa7-8790-4c01-874d-6dea66eaa9e6\",\r\n  \"UserId\": \"619011bc-caf5-47c9-b10f-503286bcff1d\",\r\n  \"Username\": \"Manikandan\",\r\n  \"_EdocxUserId\": \"9101800000000007208\",\r\n  \"_NetworkName\": \"\",\r\n  \"_NetworkId\": \"\",\r\n  \"_NetworkPayload\": \"\"\r\n}",
+                "Host": "https:\/\/api.binder.works:443",
+                "Method": "POST",
+                "httpServiceprotocol": "https",
+                "MsgID": 1,
+                "URL": "\/authentication\/Sessions",
+                "httpServicehost": "api.binder.works"
+            }
+        ],
+        "Replacement": [],
+        "Extraction": [
+            {
+                "isUrlDecode": "Base64 Encode",
+                "selectedtext": "fcea0fa7-8790-4c01-874d-6dea66eaa9e6",
+                "stopString": "\",\r  ",
+                "startString": "SessionToken\": \"",
+                "MsgID": "1",
+                "Name": "session_token_res1"
+            }
+        ]
+    },
+    "errorCondition": {
+        "request": "PATCH \/authentication\/CurrentUser HTTP\/2\r\nHost: api.binder.works\r\nUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko\/20100101 Firefox\/102.0\r\nAccept: application\/json, text\/plain, *\/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nAuthorization: Basic ZNNlYTBmYTctODc5MC00YzAxLTg3NGQtNmRlYTY2ZWFhOWU2Og==\r\nSilentfail: false\r\nContent-Type: application\/json;charset=utf-8\r\nContent-Length: 60\r\nOrigin: https:\/\/app.binder.com.au\r\nDnt: 1\r\nReferer: https:\/\/app.binder.com.au\/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nTe: trailers\r\n\r\n{\"Name\":\"ManikandanTest\",\"Email\":\"\",\"Username\":\"Manikandan\"}",
+        "highlight": null,
+        "protocol": "https",
+        "port": 443,
+        "response": "HTTP\/2 440 Login Timeout\r\nDate: Wed, 04 Oct 2023 15:59:45 GMT\r\nContent-Type: application\/json; charset=utf-8\r\nContent-Length: 80\r\nCache-Control: private\r\nServer: Microsoft-IIS\/10.0\r\nAccess-Control-Allow-Origin: https:\/\/app.binder.com.au\r\nAccess-Control-Allow-Credentials: true\r\nX-Aspnet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nX-Frame-Options: SAMEORIGIN\r\n\r\n\"Session token dÃ\u0093ea0fa7-8790-4c01-874d-6dea66eaa9e6 is invalid or unrecognised\"",
+        "host": "api.binder.works",
+        "errorconditionlist": [
+            {
+                "Category": "Status Code",
+                "Description": "ATOR will get trigger if Status Code as 440 in network flows",
+                "Value": "440",
+                "Name": "condition-1"
+            }
+        ],
+        "comment": null
+    }
+}

config/v3/ator-export-demo2/app.text

@@ -0,0 +1,7 @@
+https://www.catawiki.com
+
+This application is used two-step login sequence
+- Username and password has been passed as login sequence.
+- Two requests is been part of ATOR macro. 
+- Response of #req1 has to be extracted and replaced on #req2.
+- Response of #req2 has to be extracted and kept that token in-memory.