Move to Github

.gitignore

@@ -0,0 +1,9 @@
+.DS_Store
+.gradle
+build
+src/test/resources/changed.xlsx
+testServer/**/*.xls*
+./*.xlsx
+./*.xls
+TODO.md
+.idea

README.md

@@ -0,0 +1,104 @@
+# Sheet Intruder
+```
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡤⠐⠢⠀⠀⠀⠀⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡠⠉⠀⠀⠀⠱⠀⠀⠀⠀⠀
+⠀⠀⠀⣀⣀⣤⣤⣤⣶⣶⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣮⣑⠡⡀⡀⠀⢀⡇⠀⠀⠀⠀
+⢰⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⢰⣶⣶⣶⣶⣶⣶⣶⣶⣶⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣿⣄⠈⣌⠪⡄⢰⢡⠀⠀⠀⠀
+⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠈⠉⠉⣿⣿⡟⠉⠉⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢿⣾⣀⠈⢂⠃⡈⠘⣄⠀⠀⠀
+⢸⣿⣿⣏⠉⠙⣿⣿⠉⠉⣿⣿⣿⠀⠀⢠⣤⣤⣿⣿⣧⣤⣤⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢘⣿⣷⣄⠤⢢⠁⡠⠂⠢⡀⠀
+⢸⣿⣿⣿⣆⠀⠸⠃⢀⣾⣿⣿⣿⠀⠀⠸⠿⠿⣿⣿⡿⠿⠿⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⠏⣸⡿⠟⣾⠓⠉⡖⠀⠀⠈⢂
+⢸⣿⣿⣿⣿⠆⠀⠀⢾⣿⣿⣿⣿⠀⠀⠀⠀⠀⣿⣿⡇⠀⠀⣿⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣆⡏⢸⠟⠀⣾⠀⠈⢡⡠⠂⠀⠈
+⢸⣿⣿⣿⠏⠀⣰⡄⠀⢿⣿⣿⣿⠀⠀⢰⣶⣶⣿⣿⣷⣶⣶⣿⣿⡇⠀⠀⠀⣦⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡼⡀⡇⢈⠐⠠⡟⠀⠀⢞⡿⢅⠄⢀
+⢸⣿⣿⣃⣀⣰⣿⣷⣀⣀⣻⣿⣿⠀⠀⠘⠛⠛⣿⣿⡟⠛⠛⣿⣿⡇⠀⠀⠀⠹⣿⣷⣦⡀⠀⠀⠀⠀⠀⠀⠀⠀⢀⠜⠊⢛⡃⠘⠀⠀⡇⠀⡈⠶⠄⠒⠂⡔
+⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⢀⣀⣀⣿⣿⣧⣀⣀⣿⣿⡇⠀⠀⠀⠀⠘⣿⣿⣿⣷⣄⣀⠀⠤⡠⡤⠒⠫⠱⠀⣼⠧⠀⠀⠀⢁⠠⢱⠤⠒⠒⣠⠇
+⠸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠸⠿⠿⠿⠿⠿⠿⠿⠿⠿⠃⠀⠀⠀⠀⠀⠘⢿⣿⣿⣿⣾⡷⡋⣞⠔⡣⠎⠙⠂⠘⠒⠲⡖⡒⠒⡶⢙⠀⠈⠉⣸⠀
+⠀⠀⠀⠉⠉⠛⠛⠛⠿⠿⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠻⣿⣿⡿⣿⣿⣯⠪⡖⠤⠤⠔⣀⣤⡃⠀⠀⡁⠀⣀⠄⠊⡜⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠛⢿⡌⠙⢿⣾⡫⠅⠂⠉⠀⠀⠁⠪⢁⠈⠉⠀⠀⣸⠀⠀
+⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠚⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠉⠀⠀
+```
+
+
+_Make Excel Fuzzing Simpler_
+
+## Introduction
+
+Sheet Intruder is a Burp Suite extension designed to simplify the process of fuzzing for Excel file uploads.
+It works by representing the content of an Excel file as a tag, which can then be integrated into various locations.
+This tag then allows configuration such as replacements for fuzzing targets.
+
+## Features
+
+- Seamless Integration: Sheet Intruder seamlessly integrates into Burp Suite's Intruder, Scanner, and Repeater tools,
+  allowing for efficient and comprehensive Excel file manipulation during different stages of testing.
+
+- Both .xls and .xlsx file formats are supported
+
+- Value Replacement Mode: Use the `<$SheetIntruder>` tag to define value replacements within the Excel file. This
+  mode allows you to search for specific values within cells and replace them with desired substitutions.
+
+- Cell Replacement Mode: Use the `<$SheetIntruderCell>` tag to perform cell-based replacements. You can replace cells
+  either by referencing their cell number (e.g., "A1", "B1") or by specifying cell ranges (e.g., "A1:B12", "CustomSheet!
+  A1:D5").
+
+## Workflow
+
+1. Choose your Excel file (.xls and .xlsx supported)
+2. The selected file is loaded into the extension
+3. In Repeater, Proxy, Scanner or Intruder you are now able to include the tags described below
+4. Before sending the request the provided Excel file is read and the requested modifications made
+
+### Value Replacement Mode Tag
+This mode searches for specific values within cells and replaces them with the desired substitutions in the Excel file.
+
+```
+<$SheetIntruder>
+{
+    "valueToReplace": "replacement",
+    "valueToReplace2": "replacement2"
+}
+</$SheetIntruder>
+```
+
+
+### Cell Replacement Mode Tag
+This mode replaces cells referenced by their cell number with the given substitution.
+Examples:
+
+```
+<$SheetIntruderCell>
+{
+   "A1": "replacement",
+   "B1": "replacement2"
+}
+</$SheetIntruderCell>
+
+<$SheetIntruderCell>
+{
+   "A1": "replacement",
+   "CustomSheet!B21": "otherSheetB21"
+}
+</$SheetIntruderCell>
+
+<$SheetIntruderCell>
+{
+   "A1:B12": "rangeReplacement",
+   "CustomSheet!A1:D5": "otherSheetRange"
+}
+</$SheetIntruderCell>
+
+```
+
+--- 
+
+### Building from source
+```
+$ gradle build shadowJar
+```
+
+### Testing
+A test server is provided and can be built using the docker file. It's only purpose is to simulate a file upload,
+and store the uploaded files for diagnostics.
+```bash
+$ docker build -t sheetintruder-testserver:latest .
+$ docker run -p 5000:5000 -v $(pwd):/output sheetintruder-testserver
+```

build.gradle

@@ -0,0 +1,36 @@
+plugins {
+    id 'com.github.johnrengelman.shadow' version '7.1.2'
+    id 'java'
+}
+
+
+group 'ch.redguard'
+version '1.0.0'
+
+repositories {
+    mavenLocal()
+    mavenCentral()
+}
+
+dependencies {
+    // https://mvnrepository.com/artifact/com.google.code.gson/gson
+    implementation group: 'com.google.code.gson', name: 'gson', version: '2.10.1'
+
+    compileOnly 'net.portswigger.burp.extensions:montoya-api:2023.10.3'
+    testImplementation 'net.portswigger.burp.extensions:montoya-api:2023.10.3'
+
+    implementation('org.apache.poi:poi:5.2.4')
+    implementation('org.apache.poi:poi-ooxml:5.2.4')
+
+    testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.0'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.0'
+}
+
+shadowJar {
+    mergeServiceFiles()
+    archiveClassifier = 'all'
+}
+
+test {
+    useJUnitPlatform()
+}

gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists