First commit on Doyensec repo

Author: ikkisoft

.gitignore

@@ -0,0 +1,43 @@
+# Package Files #
+*.jar
+*.war
+*.ear
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+#ant specific
+dist/
+build/
+build.xml
+ 
+#netbeans specific
+core
+nbproject/*
+libs/*
+manifest.mf
+.jacocoverage/
+coverage/
+ 
+#java specific
+*.class
+ 
+#general swap/backup files
+*.so
+*.log
+*.out
+*~
+*.swp
+*.DS_Store
+*.lock
+
+#idea specific
+.classpath
+.project
+.settings
+.idea
+.metadata
+*.iml
+*.ipr
+**/*~
+/target/

README.md

@@ -0,0 +1,92 @@
+# libajp13 - A complete AJPv1.3 Java library
+
+**libajp13** is a fully featured open source library implementing the Apache JServ Protocol version 1.3 (ajp13), based on the [Apache Protocol Reference](https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html).
+
+The library has been developed from Espen Wiborg's [ajp_client](https://github.com/espenhw/ajp-client), licensed under the Apache License 2.0. At this point, most of the code has been refactored and improved to support *all* AJP13 packet types.  
+
+![AJP13 in Wireshark](http://i.imgur.com/e9wTKDS.png "AJP13 in Wireshark")
+
+As of 02/27/2017, the JaCoCoverage analysis of project "libajp13" reports: 
+![Test Code Coverage](http://i.imgur.com/ADD_HERE_TCOVERAGE.png"Test Code Coverage")
+
+### Issues
+This implementation is derived from Dan Milstein's reversing work, based on Tomcat 3.x AJP code. If you've discovered a bug, please open an issue in Github.
+
+### How To Use it
+The following code examples show how to use *libajp13*. 
+
+For more details, please refer to the official [JavaDoc](http://doyensec.github.io/libajp13/).
+
+_CPing and CPong_
+```java
+//Create a CPing message
+AjpMessage msg = new CPingMessage();
+//Send the content of the packet - msg.getBytes()
+[...]
+AjpMessage reply = AjpReader.parseMessage(gotBytes);
+if (reply instanceof CPongMessage) {
+  System.out.println("[OK] Valid CPong");
+}
+```
+_Shutdown_
+```java
+AjpMessage msg = new ShutdownMessage();
+```
+
+_EndResponse with session reuse set to 'true'_
+```java
+AjpMessage msg = new EndResponseMessage(true);
+```
+
+_SendBodyChunkMessage_
+```java
+AjpMessage msg = new SendBodyChunkMessage("ABCD".getBytes());
+```
+
+_SendHeadersMessage_
+```java
+List<Pair<String, String>> headers = new LinkedList<>();
+headers.add(Pair.make("Content-Type","text/html; charset=utf-8"));
+AjpMessage msg = new SendHeadersMessage(200,"OK",headers);
+```
+
+_GetBodyChunkMessage_
+```java
+AjpMessage msg = new GetBodyChunkMessage(10);
+```
+
+_BodyMessage_
+```java
+AjpMessage msg = new BodyMessage("MyStringSentAsBytes".getBytes());
+```
+
+_ForwardRequestMessage to build a simple GET request_
+```java
+List<Pair<String, String>> headers = new LinkedList<>();
+headers.add(Pair.make("Content-Type","text/html; charset=utf-8"));
+AjpMessage msg = new ForwardRequestMessage(2, new URL("http://127.0.0.1/"), headers, null);
+```
+
+_ForwardRequestMessage using ForwardRequestMessageGetBuilder_
+```java
+AjpMessage msg = ForwardRequestMessage.ForwardRequestMessageGetBuilder(new URL("http://192.168.1.1/log/"));
+```
+
+_ForwardRequestMessage to build a PUT request with custom headers and attributes_
+```java
+List<Pair<String, String>> headers = new LinkedList<>();
+headers.add(Pair.make("Content-Type","text/html; charset=utf-8"));
+headers.add(Pair.make("CustomHeaderName","CustomHeaderValue"));
+List<Pair<String, String>> attributes = new LinkedList<>();
+attributes.add(Pair.make("jvm_route","3131212"));
+attributes.add(Pair.make("custom_attribute","custom_value"));
+AjpMessage msg = new ForwardRequestMessage(5, "HTTP/1.0", "/api/", "127.0.0.1", "localhost", "127.0.0.1", 8009, true, headers, attributes);
+``` 
+
+### Useful links
+* https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
+* https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/coyote/ajp/Constants.html
+* https://github.com/kohsuke/ajp-client
+* http://isu.ifmo.ru/docs/IAS904/web.904/q20202/protocol/AJPv21.html
+* http://en.wikipedia.org/wiki/Apache_JServ_Protocol
+* https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html

src/com/doyensec/ajp13/AbstractAjpMessage.java

@@ -0,0 +1,130 @@
+/*
+ * libajp13 - AbstractAjpMessage.java
+ *
+ * Copyright (c) 2017 Luca Carettoni - Doyensec LLC. 
+ * Copyright (c) 2010 Espen Wiborg
+ *
+ * Licensed under the Apache License, Version 2.0
+ */
+package com.doyensec.ajp13;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+
+/**
+ * Partial implementation of the AJP message; all AJP messages extend this class
+ */
+public abstract class AbstractAjpMessage implements AjpMessage
+{
+
+    private final ByteArrayOutputStream bos;
+
+    AbstractAjpMessage(int packetType)
+    {
+        bos = new ByteArrayOutputStream();
+
+        if (packetType == Constants.PACKET_TYPE_DATA
+                || packetType == Constants.PACKET_TYPE_FORWARD_REQUEST
+                || packetType == Constants.PACKET_TYPE_SHUTDOWN
+                || packetType == Constants.PACKET_TYPE_PING
+                || packetType == Constants.PACKET_TYPE_CPING) {
+            bos.write(Constants.AJP_TAG_REQ, 0, Constants.AJP_TAG_REQ.length);
+        } else {
+            bos.write(Constants.AJP_TAG_RESP, 0, Constants.AJP_TAG_RESP.length);
+        }
+        // Write two bytes as placeholder for the length
+        bos.write(0);
+        bos.write(0);
+        // Exception for the request body packet type
+        if (packetType != Constants.PACKET_TYPE_DATA) {
+            bos.write(packetType);
+        }
+    }
+
+    /**
+     * Write an AJP message to a given OutputStream
+     *
+     * @param OutputStream Destination output stream
+     * @throws IOException
+     */
+    @Override
+    public void writeTo(OutputStream out) throws IOException
+    {
+        out.write(getBytes());
+        out.flush();
+    }
+
+    /**
+     * Returns the byte array of the current AJPMessage instance
+     *
+     * @return The AJP packet as array of bytes
+     */
+    @Override
+    public final byte[] getBytes()
+    {
+        byte[] bytes = bos.toByteArray();
+        int length = bytes.length - 4;
+        if (length == -1) {
+            bytes[2] = -1;
+            bytes[3] = -1;
+        } else {
+            bytes[2] = (byte) ((length & 0xff00) >> 8);
+            bytes[3] = (byte) (length & 0x00ff);
+        }
+        return bytes;
+    }
+
+    /*
+     * Four data types:
+     * Byte - a single byte
+     * Boolean - a single byte (1=true, 0=false)
+     * Integer - two bytes (from 0 to 2^16)
+     * String - variable sized string (2 bytes for size + X bytes string + \0)
+     */
+    void writeByte(int b)
+    {
+        bos.write(b);
+    }
+
+    void writeBytes(byte[] ba) throws IOException
+    {
+        bos.write(ba);
+    }
+
+    void writeInt(int i)
+    {
+        bos.write((i & 0xff00) >> 8);
+        bos.write(i & 0x00ff);
+    }
+
+    void writeBoolean(boolean b)
+    {
+        bos.write(b ? 1 : 0);
+    }
+
+    /*
+     * @param s the string to write in the specific message
+     * @param term whether or not append the null-byte terminator
+     */
+    void writeString(String s, boolean term)
+    {
+        if (s == null) {
+            bos.write(0);
+        } else {
+            // size (2 bytes) + string + \0
+            writeInt(s.length());
+            try {
+                byte[] buf = s.getBytes("UTF-8");
+                bos.write(buf, 0, buf.length);
+                //From my experiments, the bodyMessage packet doesn't contain the string terminator (mistake?)
+                if (term) {
+                    bos.write('\0');
+                }
+            } catch (UnsupportedEncodingException ex) {
+                System.out.println("[!] AbstractAjpMessage UnsupportedEncodingException: " + ex.getLocalizedMessage());
+            }
+        }
+    }
+}

src/com/doyensec/ajp13/AjpMessage.java

@@ -0,0 +1,27 @@
+/*
+ * libajp13 - AjpMessage.java
+ *
+ * Copyright (c) 2017 Luca Carettoni - Doyensec LLC. 
+ * Copyright (c) 2010 Espen Wiborg
+ *
+ * Licensed under the Apache License, Version 2.0
+ */
+package com.doyensec.ajp13;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * Generic interface for all AJP messages (requests and responses)
+ */
+public interface AjpMessage
+{
+
+    byte[] getBytes(); //returns the raw bytes
+
+    void writeTo(OutputStream out) throws IOException; //writes to a given outputstream
+
+    String getName(); //returns a meaningful name for the packet type
+
+    String getDescription(); //returns a description for the packet type, with actual field values
+}