Version: 3.3.1 Update
This commit is contained in:
gh0stkey
@@ -12,6 +12,7 @@ import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
|
||||
import hae.component.board.table.Datatable;
|
||||
import hae.instances.http.utils.MessageProcessor;
|
||||
import hae.utils.ConfigLoader;
|
||||
import hae.utils.http.HttpUtils;
|
||||
import hae.utils.string.StringProcessor;
|
||||
|
||||
import javax.swing.*;
|
||||
@@ -37,6 +38,7 @@ public class RequestEditor implements HttpRequestEditorProvider {
|
||||
private static class Editor implements ExtensionProvidedHttpRequestEditor {
|
||||
private final MontoyaApi api;
|
||||
private final ConfigLoader configLoader;
|
||||
private final HttpUtils httpUtils;
|
||||
private final EditorCreationContext creationContext;
|
||||
private final MessageProcessor messageProcessor;
|
||||
private HttpRequestResponse requestResponse;
|
||||
@@ -47,6 +49,7 @@ public class RequestEditor implements HttpRequestEditorProvider {
|
||||
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
|
||||
this.api = api;
|
||||
this.configLoader = configLoader;
|
||||
this.httpUtils = new HttpUtils(api, configLoader);
|
||||
this.creationContext = creationContext;
|
||||
this.messageProcessor = new MessageProcessor(api);
|
||||
}
|
||||
@@ -69,16 +72,10 @@ public class RequestEditor implements HttpRequestEditorProvider {
|
||||
try {
|
||||
String host = StringProcessor.getHostByUrl(request.url());
|
||||
if (!host.isEmpty()) {
|
||||
String[] hostList = configLoader.getBlockHost().split("\\|");
|
||||
boolean isBlockHost = isBlockHost(hostList, host);
|
||||
|
||||
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
|
||||
String toolType = creationContext.toolSource().toolType().toolName();
|
||||
boolean isToolScope = configLoader.getScope().contains(toolType);
|
||||
boolean matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
|
||||
|
||||
boolean matches = suffixList.contains(request.fileExtension().toLowerCase()) || isBlockHost || !isToolScope;
|
||||
|
||||
if (!matches && !request.bodyToString().equals("Loading...")) {
|
||||
if (!matches) {
|
||||
this.dataList = messageProcessor.processRequest("", request, false);
|
||||
return isListHasData(this.dataList);
|
||||
}
|
||||
@@ -121,19 +118,6 @@ public class RequestEditor implements HttpRequestEditorProvider {
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean isBlockHost(String[] hostList, String host) {
|
||||
boolean isBlockHost = false;
|
||||
for (String hostName : hostList) {
|
||||
String cleanedHost = StringProcessor.replaceFirstOccurrence(hostName, "*.", "");
|
||||
if (hostName.contains("*.") && StringProcessor.matchFromEnd(host, cleanedHost)) {
|
||||
isBlockHost = true;
|
||||
} else if (host.equals(hostName) || hostName.equals("*")) {
|
||||
isBlockHost = true;
|
||||
}
|
||||
}
|
||||
return isBlockHost;
|
||||
}
|
||||
|
||||
public static boolean isListHasData(List<Map<String, String>> dataList) {
|
||||
if (dataList != null && !dataList.isEmpty()) {
|
||||
Map<String, String> dataMap = dataList.get(0);
|
||||
|
||||
@@ -13,11 +13,11 @@ import burp.api.montoya.ui.editor.extension.HttpResponseEditorProvider;
|
||||
import hae.component.board.table.Datatable;
|
||||
import hae.instances.http.utils.MessageProcessor;
|
||||
import hae.utils.ConfigLoader;
|
||||
import hae.utils.http.HttpUtils;
|
||||
import hae.utils.string.StringProcessor;
|
||||
|
||||
import javax.swing.*;
|
||||
import java.awt.*;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@@ -38,6 +38,7 @@ public class ResponseEditor implements HttpResponseEditorProvider {
|
||||
private static class Editor implements ExtensionProvidedHttpResponseEditor {
|
||||
private final MontoyaApi api;
|
||||
private final ConfigLoader configLoader;
|
||||
private final HttpUtils httpUtils;
|
||||
private final EditorCreationContext creationContext;
|
||||
private final MessageProcessor messageProcessor;
|
||||
private HttpRequestResponse requestResponse;
|
||||
@@ -48,6 +49,7 @@ public class ResponseEditor implements HttpResponseEditorProvider {
|
||||
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
|
||||
this.api = api;
|
||||
this.configLoader = configLoader;
|
||||
this.httpUtils = new HttpUtils(api, configLoader);
|
||||
this.creationContext = creationContext;
|
||||
this.messageProcessor = new MessageProcessor(api);
|
||||
}
|
||||
@@ -75,20 +77,14 @@ public class ResponseEditor implements HttpResponseEditorProvider {
|
||||
try {
|
||||
String host = StringProcessor.getHostByUrl(request.url());
|
||||
if (!host.isEmpty()) {
|
||||
String[] hostList = configLoader.getBlockHost().split("\\|");
|
||||
boolean isBlockHost = RequestEditor.isBlockHost(hostList, host);
|
||||
|
||||
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
|
||||
String toolType = creationContext.toolSource().toolType().toolName();
|
||||
boolean isToolScope = configLoader.getScope().contains(toolType);
|
||||
|
||||
matches = suffixList.contains(request.fileExtension().toLowerCase()) || isBlockHost || !isToolScope;
|
||||
matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
|
||||
}
|
||||
} catch (Exception ignored) {
|
||||
}
|
||||
}
|
||||
|
||||
if (!matches && !response.bodyToString().equals("Loading...")) {
|
||||
if (!matches) {
|
||||
this.dataList = messageProcessor.processResponse("", response, false);
|
||||
return RequestEditor.isListHasData(this.dataList);
|
||||
}
|
||||
|
||||
@@ -7,20 +7,20 @@ import burp.api.montoya.http.handler.*;
|
||||
import burp.api.montoya.http.message.HttpRequestResponse;
|
||||
import burp.api.montoya.http.message.requests.HttpRequest;
|
||||
import hae.component.board.message.MessageTableModel;
|
||||
import hae.instances.editor.RequestEditor;
|
||||
import hae.instances.http.utils.MessageProcessor;
|
||||
import hae.utils.ConfigLoader;
|
||||
import hae.utils.http.HttpUtils;
|
||||
import hae.utils.string.StringProcessor;
|
||||
|
||||
import javax.swing.*;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class HttpMessageHandler implements HttpHandler {
|
||||
private final MontoyaApi api;
|
||||
private final ConfigLoader configLoader;
|
||||
private final HttpUtils httpUtils;
|
||||
private final MessageTableModel messageTableModel;
|
||||
private final MessageProcessor messageProcessor;
|
||||
|
||||
@@ -29,12 +29,12 @@ public class HttpMessageHandler implements HttpHandler {
|
||||
private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> "");
|
||||
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
|
||||
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
|
||||
private final ThreadLocal<Boolean> matches = ThreadLocal.withInitial(() -> false);
|
||||
private final ThreadLocal<HttpRequest> httpRequest = new ThreadLocal<>();
|
||||
|
||||
public HttpMessageHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
|
||||
this.api = api;
|
||||
this.configLoader = configLoader;
|
||||
this.httpUtils = new HttpUtils(api, configLoader);
|
||||
this.messageTableModel = messageTableModel;
|
||||
this.messageProcessor = new MessageProcessor(api);
|
||||
}
|
||||
@@ -49,20 +49,6 @@ public class HttpMessageHandler implements HttpHandler {
|
||||
try {
|
||||
httpRequest.set(httpRequestToBeSent);
|
||||
host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url()));
|
||||
|
||||
String[] hostList = configLoader.getBlockHost().split("\\|");
|
||||
boolean isBlockHost = RequestEditor.isBlockHost(hostList, host.get());
|
||||
|
||||
String toolType = httpRequestToBeSent.toolSource().toolType().toolName();
|
||||
boolean isToolScope = configLoader.getScope().contains(toolType);
|
||||
|
||||
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
|
||||
matches.set(suffixList.contains(httpRequestToBeSent.fileExtension().toLowerCase()) || isBlockHost || !isToolScope);
|
||||
|
||||
if (!matches.get()) {
|
||||
List<Map<String, String>> result = messageProcessor.processRequest(host.get(), httpRequestToBeSent, true);
|
||||
setColorAndCommentList(result);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage());
|
||||
}
|
||||
@@ -73,33 +59,43 @@ public class HttpMessageHandler implements HttpHandler {
|
||||
@Override
|
||||
public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived httpResponseReceived) {
|
||||
Annotations annotations = httpResponseReceived.annotations();
|
||||
HttpRequest request = httpResponseReceived.initiatingRequest();
|
||||
HttpRequestResponse requestResponse = HttpRequestResponse.httpRequestResponse(request, httpResponseReceived);
|
||||
String toolType = httpResponseReceived.toolSource().toolType().toolName();
|
||||
|
||||
if (!matches.get()) {
|
||||
List<Map<String, String>> result = messageProcessor.processResponse(host.get(), httpResponseReceived, true);
|
||||
setColorAndCommentList(result);
|
||||
// 设置高亮颜色和注释
|
||||
if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
|
||||
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
|
||||
annotations.setHighlightColor(HighlightColor.highlightColor(color));
|
||||
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
|
||||
annotations.setNotes(comment);
|
||||
boolean matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
|
||||
|
||||
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived);
|
||||
if (!matches) {
|
||||
try {
|
||||
setColorAndCommentList(messageProcessor.processRequest(host.get(), request, true));
|
||||
setColorAndCommentList(messageProcessor.processResponse(host.get(), httpResponseReceived, true));
|
||||
|
||||
// 添加到Databoard
|
||||
String method = httpRequest.get().method();
|
||||
String url = httpRequest.get().url();
|
||||
String status = String.valueOf(httpResponseReceived.statusCode());
|
||||
String length = String.valueOf(httpResponseReceived.toByteArray().length());
|
||||
// 设置高亮颜色和注释
|
||||
if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
|
||||
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
|
||||
annotations.setHighlightColor(HighlightColor.highlightColor(color));
|
||||
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
|
||||
annotations.setNotes(comment);
|
||||
|
||||
// 后台提交,防止线程阻塞
|
||||
new SwingWorker<Void, Void>() {
|
||||
@Override
|
||||
protected Void doInBackground() {
|
||||
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, "", "");
|
||||
return null;
|
||||
}
|
||||
}.run();
|
||||
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived);
|
||||
|
||||
// 添加到Databoard
|
||||
String method = httpRequest.get().method();
|
||||
String url = httpRequest.get().url();
|
||||
String status = String.valueOf(httpResponseReceived.statusCode());
|
||||
String length = String.valueOf(httpResponseReceived.toByteArray().length());
|
||||
|
||||
// 后台提交,防止线程阻塞
|
||||
new SwingWorker<Void, Void>() {
|
||||
@Override
|
||||
protected Void doInBackground() {
|
||||
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, "", "");
|
||||
return null;
|
||||
}
|
||||
}.run();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
api.logging().logToError("handleHttpResponseReceived: " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user