Using the Burp Suite to test a Web Service that is consumed in a Salesforce app

The following steps can be used to run the Burp Suite scanner against a Web service that is consumed in a Salesforce app via callouts.

The basic idea is to:

1. import the Web Service WSDL into SOAP UI,
2. configure SOAP UI to use the Burp Proxy,
3. use SOAP UI to simulate the SOAP requests for typical use cases, This will require updating the sample requests generated in SOAP UI to represent those made from Salesforce under normal usage.
4. select the requests to scan from the Burp Target, Site map tabs

Get a Burp Suite License

ISV partners can submit a Burp License Request.

Install and run Burp

I put the Burp jar file and license txt file in a directory and started it with the following in a batch file:

java -jar -Xmx1024m burpsuite_pro_v1.5.04.jar

See Also: Getting Started With Burp Suite

Configure Burp

Turn “Intercept” (Proxy->Intercept) off within Burp.

Configure SOAP UI to use the Burp Proxy

File > Preferences > Proxy Settings:

127.0.0.1:8080
You can find the Burp Proxy details Under Proxy > Options > Proxy Listeners

You may need to installed Burp's generated CA Certificate into the Trusted Root Certification Authorities tab if using SSL. See Installing Burp's CA Certificate. If not configured you get the following error message in Soap UI "Error getting response; javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated."

For SoapUI to pickup the new cert:

1. Go to the path: C:\Program Files (x86)\SmartBear\SoapUI-5.0.0\jre\lib\security
2. Export the Burp CA Certificate using Proxy > Options > CA certificate... > Export: Certificate in DER format.
3. Use the Java keytool executable to import the certificate:
   "C:\Program Files (x86)\Java\jdk1.7.0_67\bin\keytool.exe" -import -alias burp -file "C:\WhereYouExportedTheDerCertificate\PortSwiggerCA.cer" -keystore cacerts
4. The keystore password will be:
   changeit

Use SOAP UI to simulate the web requests that Salesforce would make to the web service

This will require you to update the sample requests that SOAP UI generates for each of the web methods with realistic request data. Try to mimic the calls that Salesforce will be making.

When the SOAP UI requests are submitted Burp will record them under the Target > Site map tab.

Start the Burp Scanner

Under the Target > Site map tab select the request nodes or host/branch that you want to scan. If it was a website you would usually do an "Spider this branch" at this point. Start the Scanner for the branches by selecting "Actively scan this branch".

Under the Scanner > Scan Queue tab the requests will appear and be processed. The output will start appearing under the Scanner > Results tab.

Export the Burp Scanner Results

Under the Scanner > Scan Queue tab select the results of interest then right click and select "Report selected issues"

The Printer-friendly version with hyperlinks works well for both screen reading and printing. Defaults can be used for the remaining steps. Ensure you save the report in a file with the ".html" extension.

---

See Also:

• Burp Suite Tutorial Video
• Force.com cloud security Burp Suite
• Burp Suite User Forum - SoapUI with Burp

Windows Phone 8 project update fails with "reference cannot be removed from the project because it is always referenced by the compiler"

When using Visual Studio 2012 to upgrade an existing WP7.1 project to WP8 the process failed with the message:

Upgrade to the project could not be completed. This reference cannot be removed from the project because it is always referenced by the compiler.

Followed by:

Upgrade to the project could not be completed. Error HRESULT E_FAIL has been returned from a call to a COM component.

I found the solution in the post Upgrade Windows Phone 7.1 project to Windows Phone 8?

My project was missing the reference to System.Core.dll before attempting the upgrade. The was a reference to mscorlib.dll.

For some unknown reason attempting to add the System.Core reference to the project from Visual Studio didn't work. It would check in the add dialog but wouldn't then be present in the list of references.

In the end I needed to manually add the reference to the project via notepad.

After that the reference appeared as required in Visual Studio and the upgrade to the Windows Phone 8 project succeeded.

A mock Windows Phone Microsoft.Devices.Sensors.Motion API for emulator support

The Windows Phone 7/8 emulators provide accelerometer support, but not support for the Microsoft.Devices.Sensors.Motion API.

I've created MotionWrapper and MockMotionReading classes that can provide fake data when using the emulator in debug mode. When you switch to a real device or a release build it reverts to an underlying Motion instance.

At this stage the MockMotionReading only varies the pitch, roll, and yaw and then calculates the corresponding RotationMatrix and Quaternion. The Gravity vector is left unchanged.

Ideally I'd like to use the accelerometer data to determine a Gravity vector so it could be varied during testing.

MotionWrapper

/// <summary>
    /// Provides Windows Phone applications information about the device’s orientation and motion.
    /// </summary>
    public class MotionWrapper //: SensorBase<MotionReading> // No public constructors, nice one.
    {
        private Motion motion;

        public event EventHandler<SensorReadingEventArgs<MockMotionReading>> CurrentValueChanged;

        #region Properties
        /// <summary>
        /// Gets or sets the preferred time between Microsoft.Devices.Sensors.SensorBase<TSensorReading>.CurrentValueChanged events.
        /// </summary>
        public virtual TimeSpan TimeBetweenUpdates
        {
            get
            {
                return motion.TimeBetweenUpdates;
            }
            set
            {
                motion.TimeBetweenUpdates = value;
            }
        }

        /// <summary>
        /// Gets or sets whether the device on which the application is running supports the sensors required by the Microsoft.Devices.Sensors.Motion class.
        /// </summary>
        public static bool IsSupported
        {
            get
            {
#if(DEBUG)
                return true;
#else
                return Motion.IsSupported;
#endif

            }
        }
        #endregion

        #region Constructors
        protected MotionWrapper()
        {
        }

        protected MotionWrapper(Motion motion)
        {
            this.motion = motion;
            this.motion.CurrentValueChanged += motion_CurrentValueChanged;
        }
        #endregion

        /// <summary>
        /// Get an instance of the MotionWrappper that supports the Motion API
        /// </summary>
        /// <returns></returns>
        public static MotionWrapper Instance()
        {
#if(DEBUG)
            if (!Motion.IsSupported)
            {
                return new MockMotionWrapper();
            }
#endif
            return new MotionWrapper(new Motion());
        }

        /// <summary>
        /// The value from the underlying Motion API has changed. Relay it on within a MockMotionReading.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void motion_CurrentValueChanged(object sender, SensorReadingEventArgs<MotionReading> e)
        {
            var f = new SensorReadingEventArgs<MockMotionReading>();
            f.SensorReading = new MockMotionReading(e.SensorReading);
   RaiseValueChangedEvent(sender, f);
        }

        protected void RaiseValueChangedEvent(object sender, SensorReadingEventArgs<MockMotionReading> e)
        {
            if (CurrentValueChanged != null)
            {
                CurrentValueChanged(this, e);
            }
        }

        /// <summary>
        /// Starts acquisition of data from the sensor.
        /// </summary>
        public virtual void Start()
        {
            motion.Start();
        }

        /// <summary>
        /// Stops acquisition of data from the sensor.
        /// </summary>
        public virtual void Stop()
        {
            motion.Stop();
        }
    }

MockMotionWrapper

/// <summary>
    /// Provides Windows Phone applications mock information about the device’s orientation and motion.
    /// </summary>
    public class MockMotionWrapper : MotionWrapper
    {
        /// <summary>
        /// Use a timer to trigger simulated data updates.
        /// </summary>
        private DispatcherTimer timer;

        private MockMotionReading lastCompassReading = new MockMotionReading(true);

        #region Properties
        /// <summary>
        /// Gets or sets the preferred time between Microsoft.Devices.Sensors.SensorBase<TSensorReading>.CurrentValueChanged events.
        /// </summary>
        public override TimeSpan TimeBetweenUpdates
        {
            get
            {
                return timer.Interval;
            }
            set
            {
                timer.Interval = value;
            }
        }
        #endregion

        #region Constructors
        public MockMotionWrapper()
        {
            timer = new DispatcherTimer();
            timer.Interval = TimeSpan.FromMilliseconds(30);
            timer.Tick += new EventHandler(timer_Tick);
        }
        #endregion

        void timer_Tick(object sender, EventArgs e)
        {
            var reading = new Microsoft.Devices.Sensors.SensorReadingEventArgs<MockMotionReading>();
            lastCompassReading = new MockMotionReading(lastCompassReading);
            reading.SensorReading = lastCompassReading;

            //if (lastCompassReading.HeadingAccuracy > 20)
            //{
            //    RaiseValueChangedEvent(this, new CalibrationEventArgs());
            //}

            RaiseValueChangedEvent(this, reading);
        }

        /// <summary>
        /// Starts acquisition of data from the sensor.
        /// </summary>
        public override void Start()
        {
            timer.Start();
        }

        /// <summary>
        /// Stops acquisition of data from the sensor.
        /// </summary>
        public override void Stop()
        {
            timer.Stop();
        }

    }

MockMotionReading

//Microsoft.Devices.Sensors.MotionReading
    /// <summary>
    /// Contains information about the orientation and movement of the device.
    /// </summary>
    public struct MockMotionReading : Microsoft.Devices.Sensors.ISensorReading
    {
        public static bool RequiresCalibration = false;

        #region Properties
        /// <summary>
        /// Gets the attitude (yaw, pitch, and roll) of the device, in radians.
        /// </summary>
        public MockAttitudeReading Attitude { get; internal set; }

        /// <summary>
        ///  Gets the linear acceleration of the device, in gravitational units.
        /// </summary>
        public Vector3 DeviceAcceleration { get; internal set; }

        /// <summary>
        /// Gets the rotational velocity of the device, in radians per second.
        /// </summary>
        public Vector3 DeviceRotationRate { get; internal set; }

        /// <summary>
        /// Gets the gravity vector associated with the Microsoft.Devices.Sensors.MotionReading.
        /// </summary>
        public Vector3 Gravity { get; internal set; }

        /// <summary>
        /// Gets a timestamp indicating the time at which the accelerometer reading was
        ///     taken. This can be used to correlate readings across sensors and provide
        ///     additional input to algorithms that process raw sensor data.
        /// </summary>
        public DateTimeOffset Timestamp { get; internal set; }
        #endregion

        #region Constructors

        /// <summary>
        /// Initialize an instance from an actual MotionReading
        /// </summary>
        /// <param name="cr"></param>
        public MockMotionReading(MotionReading cr)
            : this()
        {
            this.Attitude = new MockAttitudeReading(cr.Attitude);
            this.DeviceAcceleration = cr.DeviceAcceleration;
            this.DeviceRotationRate = cr.DeviceRotationRate;
            this.Gravity = cr.Gravity;
            this.Timestamp = cr.Timestamp;
        }

        /// <summary>
        /// Create an instance initialized with testing data
        /// </summary>
        /// <param name="test"></param>
        public MockMotionReading(bool test) 
            : this()
        {
            float pitch = 0.01f;
            float roll = 0.02f;
            float yaw = 0.03f;

            this.Attitude = new MockAttitudeReading()
            {
                Pitch = pitch,
                Roll = roll,
                Yaw = yaw,
                RotationMatrix = Matrix.CreateFromYawPitchRoll(yaw, pitch, roll),  
                Quaternion = Quaternion.CreateFromYawPitchRoll(yaw, pitch, roll), 

                Timestamp = DateTimeOffset.Now
            };

            // TODO: pull data from the Accelerometer
            this.Gravity = new Vector3(0, 0, 1f);
        }

        /// <summary>
        /// Create a new mock instance based on the previous mock instance
        /// </summary>
        /// <param name="lastCompassReading"></param>
        public MockMotionReading(MockMotionReading lastCompassReading)
            : this()
        {
            // Adjust the pitch, roll, and yaw as required.

            // -90 to 90 deg
            float pitchDegrees = MathHelper.ToDegrees(lastCompassReading.Attitude.Pitch) - 0.5f;
            //pitchDegrees = ((pitchDegrees + 90) % 180) - 90;

            // -90 to 90 deg
            float rollDegrees = MathHelper.ToDegrees(lastCompassReading.Attitude.Roll);
            //rollDegrees = ((rollDegrees + 90) % 180) - 90;

            // 0 to 360 deg
            float yawDegrees = MathHelper.ToDegrees(lastCompassReading.Attitude.Yaw) + 0.5f;
            //yawDegrees = yawDegrees % 360;

            float pitch = MathHelper.ToRadians(pitchDegrees);
            float roll = MathHelper.ToRadians(rollDegrees);
            float yaw = MathHelper.ToRadians(yawDegrees);

            this.Attitude = new MockAttitudeReading()
            {
                Pitch = pitch,
                Roll = roll,
                Yaw = yaw,
                RotationMatrix = Matrix.CreateFromYawPitchRoll(yaw, pitch, roll),
                Quaternion = Quaternion.CreateFromYawPitchRoll(yaw, pitch, roll),
                
                Timestamp = DateTimeOffset.Now
            };
            
            this.DeviceAcceleration = lastCompassReading.DeviceAcceleration;
            this.DeviceRotationRate = lastCompassReading.DeviceRotationRate;
            this.Gravity = lastCompassReading.Gravity;
            Timestamp = DateTime.Now;

        }
        #endregion



    }

MockAttitudeReading

public struct MockAttitudeReading : ISensorReading
    {
        public MockAttitudeReading(AttitudeReading attitudeReading) : this()
        {
            Pitch = attitudeReading.Pitch;
            Quaternion = attitudeReading.Quaternion;
            Roll = attitudeReading.Roll;
            RotationMatrix = attitudeReading.RotationMatrix;
            Timestamp = attitudeReading.Timestamp;
            Yaw = attitudeReading.Yaw;
        }

        /// <summary>
        /// Gets the pitch of the attitude reading in radians.
        /// </summary>
        public float Pitch { get; set; }
        
        /// <summary>
        /// Gets the quaternion representation of the attitude reading.
        /// </summary>
        public Quaternion Quaternion { get; set; }
        
        /// <summary>
        /// Gets the roll of the attitude reading in radians.
        /// </summary>
        public float Roll { get; set; }
        
        /// <summary>
        /// Gets the matrix representation of the attitude reading.
        /// </summary>
        public Matrix RotationMatrix { get; set; }

        /// <summary>
        /// Gets a timestamp indicating the time at which the accelerometer reading was
        ///     taken. This can be used to correlate readings across sensors and provide
        ///     additional input to algorithms that process raw sensor data.
        /// </summary>
        public DateTimeOffset Timestamp { get; set; }
        
        /// <summary>
        /// Gets the yaw of the attitude reading in radians.
        /// </summary>
        public float Yaw { get; set; }
    }

See Also:

• StackOverflow: WP7: Convert Accelometer and Compass data to mock Motion API
• StackOverflow: Emulate Motion API on an emulator

Days between two DateTime values excluding weekends

Given two DateTime values in Apex, how many weekdays are there between the two?

Getting the total number of days is straight forward using Date.daysBetween(). Excluding the weekends requires a bit more work.

One possible solution is to just loop through all the dates between the two values and count any that aren't Saturday or Sunday. It's a bit crude and will be expensive if the dates are far apart. It should however work through pure brute force.

    public static Integer daysBetweenExcludingWeekends(Datetime startDate, Datetime endDate) {
        Integer i = 0;

        while (startDate < endDate) {
            if (startDate.format('EEE') != 'Sat' && startDate.format('EEE') != 'Sun') {
                i = i + 1;
            }
            startDate = startDate.addDays(1);
        }
          
        return i;
    }

See also:

• Salesforce StackExchange: Days between two DateTime values excluding weekends

Applying CSS to a Visualforce apex:selectOption

I had a customer requirement to put some CSS formatted labels on some radio buttons in a Visualforce page. The markup was already using an <apex:selectOption> within a <apex:selectRadio>. I didn't want to revert to raw HTML controls as there was a <apex:actionSupport> already in use.

Using the style or styleClass to apply the CSS to the selectOption didn't work as they were deprecated in Salesforce API version 17.0.

Instead I created a property in the controller that returned the required HTML markup and set itemEscaped="false" on the selectOption.

E.g.:

Page:

    <apex:selectRadio layout="pageDirection" value="{!controllerflag}" rendered="{!(!addingNew)}">
        <apex:actionSupport action="{!getData}" status="addItem" event="onclick" rerender="somePageBlock">
            <apex:param name="selectedId" value="{!elementId}"/>
        </apex:actionSupport>
        <apex:selectOption itemLabel="{!radioSelectLabel}" itemEscaped="false" itemValue="true" >
        </apex:selectOption>
    </apex:selectRadio>

Controller:

    public string radioSelectLabel {
        get {
            if (hasBeenCancelled) {
                return '<span style="color:red;">(Cancelled)</span>';
            }
            return 'Available';
        }
    }

Windows Phone 8 Emulator issues in Visual Studio 2012

I haven't had much luck to date getting up and running with the WP8 SDK for Visual Studio 2012. When I attempt to start the emulator I get the message:

The connection to the virtual machine has been lost. The virtual machine may have been turned off by another application. The Windows Phone Emulator must close.

After this has occurred, attempts to restart the emulator produce the following error:

The Windows Phone Emulator wasn't able to set some properties on the virtual machine:

Couldn't change Memory of the virtual machine: Error code 32775

I have a 64-bit Intel i7 processor with virtualization enabled in the bios. Hyper-V is installed. I have more than enough memory (32 GB).

---

Solution

I found my specific issue. The VPN software that I had installed was preventing the local VM connection, even when it wasn't actively running. Uninstalling it resolved the issue.

The response from the VPN provider indicated the issue was with the Layered Service Providers:

It seems the problem is with incompatibility of LSPs (Layered Service Providers) - [VPN Name] uses a LSP to redirect traffic as well as Hyper-V software.

See Also:

• (WP8) Emulator Troubleshooting Tips
• “Cannot connect to the virtual machine.” for new Hyper-V Virtual Machine

Salesforce convert Apex integer to long

A quick snippet after I came across the following when modifying some apex:

integer someId = 12345;
aMethodThatTakesALong(Long.valueOf(someId.format()));

Note the transition via an intermediate string to get to the long required by the method.

Usually Apex will implicitly convert an integer to a long if required. E.g.

Integer testInt = 12345;
Long testLong = testInt;
System.assertEquals(12345L, testLong);

In the case of the method parameter above you can either rely on the implicit casting or, where there may be other overrides available, explicitly cast the integer to a long. E.g.

integer someId = 12345;
aMethodThatTakesALong((long)someId);