Skip to content

Message Editor UI improvements#101

Open
intrudir wants to merge 19 commits intoCompassSecurity:masterfrom
intrudir:master
Open

Message Editor UI improvements#101
intrudir wants to merge 19 commits intoCompassSecurity:masterfrom
intrudir:master

Conversation

@intrudir
Copy link

@intrudir intrudir commented Feb 4, 2026
edited
Loading

Hi, I hit it with Claude Code for some UI improvements! So far I have just updated the message editor tab. Updates are below. More to come soon as i test and play around with some targets

UI Modernization & Build Improvements

Build System

  • Cross-platform builds — removed machine-specific org.gradle.java.home pin; builds now work on any OS without path edits
  • Gradle wrapper bumped to 9.2.1 — supports Java 21–25 out of the box
  • Java 21 toolchain — compiles against JDK 21 regardless of system default via Gradle toolchains

SAML Message Editor

  • Pretty-printed XML — SAML messages are auto-formatted with 2-space indentation on load instead of displaying as a single unreadable line
  • XML syntax highlighting — custom JTextPane-based highlighter colors tags, attributes, values, comments, CDATA, and processing instructions. Matches Burp dark/light theme automatically
  • Fully editable — edit the prettified XML directly; changes are re-encoded (base64/deflate/URL-encode) in the original format when you hit Send
  • Format XML button — re-indent the XML at any time during editing

Attack Panel

  • Compact layout — collapsed 5 bordered sections (~460px) into clean labeled rows (~195px), giving significantly more space to the XML editor
  • Section separators with bold labels for Message / Attacks / Signing
  • CVE and XML attacks on separate rows for clarity
  • Renamed "Send Certificate to SAML Raider Certificates" → "Store Certificate", moved under Signing
  • Help buttons replaced with compact ? icons
image
  • Live search bar — type to find, all matches highlighted, Enter/Shift+Enter to cycle through results, match counter (e.g. 1 / 12)
  • Lil arrows to move up/down on searched text
  • Soft wrap enable/disable
image
  • Modified the OOB payload pop up. now instead of asking for collab URL, you have the option of having burp handle collab, or use a custom domain.
image

Cleanup

  • Removed redundant "Parsed & Prettified" panel from SAML Message Info tab (the main editor now handles this)
  • Removed RSyntaxTextArea dependency (replaced with zero-dependency custom highlighter)
  • Updated screenshots in README

intrudir added 19 commits February 4, 2026 15:01
@intrudir
pin to Java 21
38b0f6c
@intrudir
Make builds cross-platform: remove org.gradle.java.home pin, enable t…
3383ea6 
…oolchain, bump wrapper to Gradle 9.2.1
@intrudir
Improve SAML editor: prettify XML on load + add syntax-highlighted XM…
422d92d 
…L editor
@intrudir
Add Format XML button to SAML Message panel
50a4b20
@intrudir
Fix editor editability and remove Parsed & Prettified section
ca71584 
- Remove applyThemeToComponent() call that broke RSyntaxTextArea key input
- Explicitly set editor as enabled and focusable
- Remove redundant Parsed & Prettified panel from SAML Message Info tab
@intrudir
Switch XML editor to Burp-native RawEditor
c504a11 
RSyntaxTextArea had key input issues inside Burp's Swing environment.
Replaced with a thin wrapper around Burp's own RawEditor which handles
theming, editability, and selection natively.  Prettification is preserved.
@intrudir
Restore XML syntax highlighting with RSyntaxTextArea
6a108ad 
Use plain JScrollPane instead of RTextScrollPane to avoid focus/input
conflicts in Burp's Swing environment.  Set thread context ClassLoader
during construction so RSyntaxTextArea can load its internal resources
through Burp's plugin ClassLoader.  Theme colors applied manually to
match Burp dark/light mode.
@intrudir
Replace RSyntaxTextArea with custom JTextPane XML highlighter
d2514e9 
RSyntaxTextArea breaks keyboard input inside Burp's Swing environment.
Replaced with a pure-Swing JTextPane + state-machine tokenizer that
colors XML tags, attributes, values, comments, CDATA, and PIs.
No external dependency — zero Swing/ClassLoader conflicts.

- Debounced highlighting (150ms) for smooth typing
- Dark/light theme support matching Burp
- Horizontal scroll (no line wrapping)
- Removed RSyntaxTextArea dependency from build
@intrudir
Add live search bar to XML editor
f6b202c 
Type to search — all matches highlighted, auto-scrolls to first match.
Enter = next match, Shift+Enter = previous, Escape = clear.
Match counter shows current position (e.g. 3 / 12).
@intrudir
Compact attack panel layout
2af437f 
Flatten all attack categories into 4 rows instead of 5 titled sections.
Replace verbose Help buttons with small '?' buttons.  Combine CVE and
XML attacks into one row.  Reduce panel preferred height from 460px to
130px — gives much more room to the XML editor.
@intrudir
Add row spacing and rename Send Certificate button
376c258 
Increase vertical gap between rows (2px → 6px) and padding around edges.
Rename 'Send Certificate to SAML Raider Certificates' → 'Store Certificate'.
@intrudir
Improve attack panel section clarity
641ab97 
Add bold section labels and horizontal separators between groups:
  Message | separator | XSW / CVE / XML | separator | Signing
Split CVE and XML into separate rows for clarity.
Move Store Certificate under Signing section where it belongs.
@intrudir
Update SAML Attacks screenshot in README
07c9d92
@intrudir
Update SAML Message Info screenshot in README
122efb7
@intrudir
Update README.md
31dd887
@intrudir
Update README.md
bf9eaf0
@intrudir
Add OOB domain dialog for XXE/XSLT attacks
e014c6e 
Replace plain text input with a dialog offering two options:
- 'Use Burp Collaborator' checkbox (auto-generates payload via API)
- 'OOB Domain' text field for custom domains (disabled when Collaborator
  is checked, enabled when unchecked)

Collaborator is selected by default.  Handles errors gracefully if
Collaborator is not available.  Used by both Test XXE and Test XSLT.
@intrudir
Disable Collaborator option on Burp Community Edition
f680114 
Check BurpSuiteEdition at runtime — if not Professional, the 'Use Burp
Collaborator' checkbox is unchecked and disabled with a tooltip explaining
why.  OOB Domain field is enabled by default on Community so the user
can enter a custom domain immediately.
@intrudir
Add search nav arrows and soft wrap toggle to XML editor
2fe3228 
- Previous/next match buttons (▲/▼) next to search field
- Soft wrap checkbox (visual only, no text modification)
- Wrap controls JTextPane viewport tracking, not document content
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@intrudir