admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version: 3.3.1 Update

Browse Source
This commit is contained in:
gh0stkey
2024-08-12 10:34:26 +08:00
parent a7e0a2a6ce
commit 4f0401347c
11 changed files with 194 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/hae/Config.java
View File

@@ -10,6 +10,8 @@ public class Config {
public static String host = "gh0st.cn"; public static String host = "gh0st.cn";
public static String status = "404";
public static String[] scope = new String[]{ public static String[] scope = new String[]{
"any", "any",
"any header", "any header",

2
src/main/java/hae/HaE.java
View File

@@ -18,7 +18,7 @@ public class HaE implements BurpExtension {
@Override @Override
public void initialize(MontoyaApi api) { public void initialize(MontoyaApi api) {
// 设置扩展名称 // 设置扩展名称
String version = "3.3"; String version = "3.3.1";
api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version)); api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 加载扩展后输出的项目信息 // 加载扩展后输出的项目信息

74
src/main/java/hae/component/board/Databoard.java
View File

@@ -13,9 +13,11 @@ import hae.utils.project.model.HaeFileContent;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
import javax.swing.*; import javax.swing.*;
import javax.swing.border.TitledBorder;
import javax.swing.event.DocumentEvent; import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener; import javax.swing.event.DocumentListener;
import javax.swing.filechooser.FileNameExtensionFilter; import javax.swing.filechooser.FileNameExtensionFilter;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableColumnModel; import javax.swing.table.TableColumnModel;
import javax.swing.table.TableModel; import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter; import javax.swing.table.TableRowSorter;
@@ -49,8 +51,8 @@ public class Databoard extends JPanel {
private SwingWorker<Map<String, List<String>>, Void> handleComboBoxWorker; private SwingWorker<Map<String, List<String>>, Void> handleComboBoxWorker;
private SwingWorker<Void, Void> applyHostFilterWorker; private SwingWorker<Void, Void> applyHostFilterWorker;
private SwingWorker<List<String>, Void> exportActionWorker; private SwingWorker<List<Object[]>, Void> exportActionWorker;
private SwingWorker<List<String>, Void> importActionWorker; private SwingWorker<List<Object[]>, Void> importActionWorker;
public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) { public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api; this.api = api;
@@ -193,11 +195,11 @@ public class Databoard extends JPanel {
private void handleComboBoxAction(ActionEvent e) { private void handleComboBoxAction(ActionEvent e) {
if (!isMatchHost && hostComboBox.getSelectedItem() != null) { if (!isMatchHost && hostComboBox.getSelectedItem() != null) {
progressBar.setVisible(true);
setProgressBar(true);
String selectedHost = hostComboBox.getSelectedItem().toString(); String selectedHost = hostComboBox.getSelectedItem().toString();
if (getHostByList().contains(selectedHost)) { if (getHostByList().contains(selectedHost)) {
progressBar.setVisible(true);
setProgressBar(true);
hostTextField.setText(selectedHost); hostTextField.setText(selectedHost);
if (handleComboBoxWorker != null && !handleComboBoxWorker.isDone()) { if (handleComboBoxWorker != null && !handleComboBoxWorker.isDone()) {
@@ -385,9 +387,9 @@ public class Databoard extends JPanel {
exportActionWorker.cancel(true); exportActionWorker.cancel(true);
} }
exportActionWorker = new SwingWorker<List<String>, Void>() { exportActionWorker = new SwingWorker<List<Object[]>, Void>() {
@Override @Override
protected List<String> doInBackground() { protected List<Object[]> doInBackground() {
ConcurrentHashMap<String, Map<String, List<String>>> dataMap = Config.globalDataMap; ConcurrentHashMap<String, Map<String, List<String>>> dataMap = Config.globalDataMap;
return exportData(selectedHost, exportDir, dataMap); return exportData(selectedHost, exportDir, dataMap);
} }
@@ -395,11 +397,9 @@ public class Databoard extends JPanel {
@Override @Override
protected void done() { protected void done() {
try { try {
List<String> taskStatusList = get(); List<Object[]> taskStatusList = get();
if (!taskStatusList.isEmpty()) { if (!taskStatusList.isEmpty()) {
String exportStatusMessage = String.format("Exported File List Status:\n%s", String.join("\n", taskStatusList)); JOptionPane.showMessageDialog(Databoard.this, generateTaskStatusPane(taskStatusList), "Info", JOptionPane.INFORMATION_MESSAGE);
JOptionPane.showMessageDialog(Databoard.this, generateTaskStatusPane(exportStatusMessage), "Info", JOptionPane.INFORMATION_MESSAGE);
} }
} catch (Exception ignored) { } catch (Exception ignored) {
} }
@@ -409,17 +409,36 @@ public class Databoard extends JPanel {
exportActionWorker.execute(); exportActionWorker.execute();
} }
private JScrollPane generateTaskStatusPane(String message) { private JScrollPane generateTaskStatusPane(List<Object[]> dataList) {
JTextArea textArea = new JTextArea(message); String[] columnNames = {"#", "Filename", "Status"};
textArea.setEditable(false); DefaultTableModel taskStatusTableModel = new DefaultTableModel(columnNames, 0);
textArea.setLineWrap(true); JTable taskStatusTable = new JTable(taskStatusTableModel);
JScrollPane scrollPane = new JScrollPane(textArea);
scrollPane.setPreferredSize(new Dimension(400, 200)); for (Object[] data : dataList) {
int rowCount = taskStatusTable.getRowCount();
int id = rowCount > 0 ? (Integer) taskStatusTable.getValueAt(rowCount - 1, 0) + 1 : 1;
Object[] rowData = new Object[data.length + 1];
rowData[0] = id;
System.arraycopy(data, 0, rowData, 1, data.length);
taskStatusTableModel.addRow(rowData);
}
TableRowSorter<DefaultTableModel> sorter = new TableRowSorter<>(taskStatusTableModel);
taskStatusTable.setRowSorter(sorter);
JScrollPane scrollPane = new JScrollPane(taskStatusTable);
scrollPane.setBorder(new TitledBorder("Task status"));
scrollPane.setPreferredSize(new Dimension(500, 300));
int paneWidth = scrollPane.getPreferredSize().width;
taskStatusTable.getColumnModel().getColumn(0).setPreferredWidth((int) (paneWidth * 0.1));
taskStatusTable.getColumnModel().getColumn(1).setPreferredWidth((int) (paneWidth * 0.7));
taskStatusTable.getColumnModel().getColumn(2).setPreferredWidth((int) (paneWidth * 0.2));
return scrollPane; return scrollPane;
} }
private List<String> exportData(String selectedHost, String exportDir, Map<String, Map<String, List<String>>> dataMap) { private List<Object[]> exportData(String selectedHost, String exportDir, Map<String, Map<String, List<String>>> dataMap) {
return dataMap.entrySet().stream() return dataMap.entrySet().stream()
.filter(entry -> selectedHost.equals("*") || StringProcessor.matchesHostPattern(entry.getKey(), selectedHost)) .filter(entry -> selectedHost.equals("*") || StringProcessor.matchesHostPattern(entry.getKey(), selectedHost))
.filter(entry -> !entry.getKey().contains("*")) .filter(entry -> !entry.getKey().contains("*"))
@@ -428,7 +447,7 @@ public class Databoard extends JPanel {
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
private String exportEntry(Map.Entry<String, Map<String, List<String>>> entry, String exportDir) { private Object[] exportEntry(Map.Entry<String, Map<String, List<String>>> entry, String exportDir) {
String key = entry.getKey(); String key = entry.getKey();
Map<String, List<String>> ruleMap = entry.getValue(); Map<String, List<String>> ruleMap = entry.getValue();
@@ -442,7 +461,7 @@ public class Databoard extends JPanel {
.collect(Collectors.toMap( .collect(Collectors.toMap(
messageEntry -> messageEntry, messageEntry -> messageEntry,
messageEntry -> StringProcessor.getRandomUUID(), messageEntry -> StringProcessor.getRandomUUID(),
(existing, replacement) -> existing // 在冲突时保留现有的映射 (existing, replacement) -> existing
)); ));
Map<String, Map<String, Object>> httpMap = processEntries( Map<String, Map<String, Object>> httpMap = processEntries(
@@ -463,7 +482,7 @@ public class Databoard extends JPanel {
String filename = String.format("%s/%s-%s.hae", exportDir, StringProcessor.getCurrentTime(), hostName); String filename = String.format("%s/%s-%s.hae", exportDir, StringProcessor.getCurrentTime(), hostName);
boolean createdStatus = projectProcessor.createHaeFile(filename, key, ruleMap, urlMap, httpMap); boolean createdStatus = projectProcessor.createHaeFile(filename, key, ruleMap, urlMap, httpMap);
return String.format("Filename: %s, Status: %s", filename, createdStatus); return new Object[]{filename, createdStatus};
} }
@@ -507,9 +526,9 @@ public class Databoard extends JPanel {
importActionWorker.cancel(true); importActionWorker.cancel(true);
} }
importActionWorker = new SwingWorker<List<String>, Void>() { importActionWorker = new SwingWorker<List<Object[]>, Void>() {
@Override @Override
protected List<String> doInBackground() { protected List<Object[]> doInBackground() {
List<String> filesWithExtension = findFilesWithExtension(new File(exportDir), ".hae"); List<String> filesWithExtension = findFilesWithExtension(new File(exportDir), ".hae");
return filesWithExtension.stream() return filesWithExtension.stream()
.map(Databoard.this::importData) .map(Databoard.this::importData)
@@ -519,10 +538,9 @@ public class Databoard extends JPanel {
@Override @Override
protected void done() { protected void done() {
try { try {
List<String> taskStatusList = get(); List<Object[]> taskStatusList = get();
if (!taskStatusList.isEmpty()) { if (!taskStatusList.isEmpty()) {
String importStatusMessage = "Imported File List Status:\n" + String.join("\n", taskStatusList); JOptionPane.showMessageDialog(Databoard.this, generateTaskStatusPane(taskStatusList), "Info", JOptionPane.INFORMATION_MESSAGE);
JOptionPane.showMessageDialog(Databoard.this, generateTaskStatusPane(importStatusMessage), "Info", JOptionPane.INFORMATION_MESSAGE);
} }
} catch (Exception ignored) { } catch (Exception ignored) {
} }
@@ -532,7 +550,7 @@ public class Databoard extends JPanel {
importActionWorker.execute(); importActionWorker.execute();
} }
private String importData(String filename) { private Object[] importData(String filename) {
ExecutorService executor = Executors.newFixedThreadPool(Runtime.getRuntime().availableProcessors() * 2); ExecutorService executor = Executors.newFixedThreadPool(Runtime.getRuntime().availableProcessors() * 2);
HaeFileContent haeFileContent = projectProcessor.readHaeFile(filename); HaeFileContent haeFileContent = projectProcessor.readHaeFile(filename);
@@ -568,7 +586,7 @@ public class Databoard extends JPanel {
} }
} }
return String.format("Filename: %s, Status: %s", filename, readStatus); return new Object[]{filename, readStatus};
} }
private List<String> findFilesWithExtension(File directory, String extension) { private List<String> findFilesWithExtension(File directory, String extension) {
@@ -648,6 +666,8 @@ public class Databoard extends JPanel {
} }
messageTableModel.deleteByHost(host); messageTableModel.deleteByHost(host);
hostTextField.setText("");
} }
} }
} }

27
src/main/java/hae/component/board/message/MessageTableModel.java
View File

@@ -435,7 +435,7 @@ public class MessageTableModel extends AbstractTableModel {
public class MessageTable extends JTable { public class MessageTable extends JTable {
private MessageEntry messageEntry; private MessageEntry messageEntry;
private SwingWorker<Object, Void> currentWorker; private SwingWorker<ByteArray[], Void> currentWorker;
private int lastSelectedIndex = -1; private int lastSelectedIndex = -1;
private final HttpRequestEditor requestEditor; private final HttpRequestEditor requestEditor;
private final HttpResponseEditor responseEditor; private final HttpResponseEditor responseEditor;
@@ -450,16 +450,13 @@ public class MessageTableModel extends AbstractTableModel {
public void changeSelection(int row, int col, boolean toggle, boolean extend) { public void changeSelection(int row, int col, boolean toggle, boolean extend) {
super.changeSelection(row, col, toggle, extend); super.changeSelection(row, col, toggle, extend);
requestEditor.setRequest(HttpRequest.httpRequest("Loading..."));
responseEditor.setResponse(HttpResponse.httpResponse("Loading..."));
if (currentWorker != null && !currentWorker.isDone()) { if (currentWorker != null && !currentWorker.isDone()) {
currentWorker.cancel(true); currentWorker.cancel(true);
} }
currentWorker = new SwingWorker<>() { currentWorker = new SwingWorker<>() {
@Override @Override
protected Void doInBackground() { protected ByteArray[] doInBackground() {
int selectedIndex = convertRowIndexToModel(row); int selectedIndex = convertRowIndexToModel(row);
if (lastSelectedIndex != selectedIndex) { if (lastSelectedIndex != selectedIndex) {
lastSelectedIndex = selectedIndex; lastSelectedIndex = selectedIndex;
@@ -470,14 +467,28 @@ public class MessageTableModel extends AbstractTableModel {
ByteArray requestByte = httpRequestResponse.request().toByteArray(); ByteArray requestByte = httpRequestResponse.request().toByteArray();
ByteArray responseByte = httpRequestResponse.response().toByteArray(); ByteArray responseByte = httpRequestResponse.response().toByteArray();
requestEditor.setRequest(HttpRequest.httpRequest(messageEntry.getRequestResponse().httpService(), requestByte)); ByteArray[] httpByteArray = new ByteArray[2];
responseEditor.setResponse(HttpResponse.httpResponse(responseByte)); httpByteArray[0] = requestByte;
httpByteArray[1] = responseByte;
return httpByteArray;
} }
return null; return null;
} }
@Override
protected void done() {
try {
ByteArray[] retByteArray = get();
if (retByteArray != null) {
requestEditor.setRequest(HttpRequest.httpRequest(messageEntry.getRequestResponse().httpService(), retByteArray[0]));
responseEditor.setResponse(HttpResponse.httpResponse(retByteArray[1]));
}
} catch (Exception ignored) {
}
}
}; };
currentWorker.execute(); currentWorker.execute();
} }
} }

2
src/main/java/hae/component/board/table/AIPower.java
View File

@@ -34,7 +34,7 @@ public class AIPower {
public AIPower(MontoyaApi api, ConfigLoader configLoader, String aiModel, String aiBaseUrl, String[] apiKey) { public AIPower(MontoyaApi api, ConfigLoader configLoader, String aiModel, String aiBaseUrl, String[] apiKey) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api); this.httpUtils = new HttpUtils(api, configLoader);
this.aiModel = aiModel; this.aiModel = aiModel;
this.aiBaseUrl = aiBaseUrl; this.aiBaseUrl = aiBaseUrl;

34
src/main/java/hae/component/config/Config.java
View File

@@ -27,24 +27,23 @@ public class Config extends JPanel {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final Rules rules; private final Rules rules;
private JTextField addTextField;
private final String defaultText = "Enter a new item"; private final String defaultText = "Enter a new item";
private final GridBagConstraints constraints = new GridBagConstraints();
public Config(MontoyaApi api, ConfigLoader configLoader, Rules rules) { public Config(MontoyaApi api, ConfigLoader configLoader, Rules rules) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.rules = rules; this.rules = rules;
constraints.weightx = 1.0;
constraints.fill = GridBagConstraints.HORIZONTAL;
initComponents(); initComponents();
} }
private void initComponents() { private void initComponents() {
setLayout(new BorderLayout()); setLayout(new BorderLayout());
GridBagConstraints constraints = new GridBagConstraints();
constraints.weightx = 1.0;
constraints.fill = GridBagConstraints.HORIZONTAL;
JPanel ruleInfoPanel = new JPanel(new GridBagLayout()); JPanel ruleInfoPanel = new JPanel(new GridBagLayout());
ruleInfoPanel.setBorder(new EmptyBorder(10, 15, 5, 15)); ruleInfoPanel.setBorder(new EmptyBorder(10, 15, 5, 15));
@@ -67,7 +66,7 @@ public class Config extends JPanel {
constraints.gridx = 1; constraints.gridx = 1;
JTabbedPane configTabbedPanel = new JTabbedPane(); JTabbedPane configTabbedPanel = new JTabbedPane();
String[] settingMode = new String[]{"Exclude suffix", "Block host"}; String[] settingMode = new String[]{"Exclude suffix", "Block host", "Exclude status"};
JPanel settingPanel = createConfigTablePanel(settingMode, "Setting"); JPanel settingPanel = createConfigTablePanel(settingMode, "Setting");
JPanel scopePanel = getScopePanel(); JPanel scopePanel = getScopePanel();
JScrollPane scopeScrollPane = new JScrollPane(scopePanel); JScrollPane scopeScrollPane = new JScrollPane(scopePanel);
@@ -148,6 +147,12 @@ public class Config extends JPanel {
configLoader.setBlockHost(values); configLoader.setBlockHost(values);
} }
} }
if (selected.equals("Exclude status")) {
if (!values.equals(configLoader.getExcludeStatus()) && !values.isEmpty()) {
configLoader.setExcludeStatus(values);
}
}
} }
}; };
} }
@@ -166,6 +171,10 @@ public class Config extends JPanel {
if (selected.equals("Block host")) { if (selected.equals("Block host")) {
addDataToTable(configLoader.getBlockHost().replaceAll("\\|", "\r\n"), model); addDataToTable(configLoader.getBlockHost().replaceAll("\\|", "\r\n"), model);
} }
if (selected.equals("Exclude status")) {
addDataToTable(configLoader.getExcludeStatus().replaceAll("\\|", "\r\n"), model);
}
} }
}; };
} }
@@ -211,6 +220,10 @@ public class Config extends JPanel {
} }
private JPanel createConfigTablePanel(String[] mode, String type) { private JPanel createConfigTablePanel(String[] mode, String type) {
GridBagConstraints constraints = new GridBagConstraints();
constraints.weightx = 1.0;
constraints.fill = GridBagConstraints.HORIZONTAL;
JPanel settingPanel = new JPanel(new BorderLayout()); JPanel settingPanel = new JPanel(new BorderLayout());
DefaultTableModel model = new DefaultTableModel(); DefaultTableModel model = new DefaultTableModel();
@@ -255,7 +268,7 @@ public class Config extends JPanel {
constraints.gridy = 4; constraints.gridy = 4;
buttonPanel.add(clearButton, constraints); buttonPanel.add(clearButton, constraints);
addTextField = new JTextField(); JTextField addTextField = new JTextField();
UIEnhancer.setTextFieldPlaceholder(addTextField, defaultText); UIEnhancer.setTextFieldPlaceholder(addTextField, defaultText);
inputPanelB.add(addTextField, BorderLayout.CENTER); inputPanelB.add(addTextField, BorderLayout.CENTER);
@@ -266,13 +279,13 @@ public class Config extends JPanel {
settingPanel.add(inputPanel, BorderLayout.CENTER); settingPanel.add(inputPanel, BorderLayout.CENTER);
addButton.addActionListener(e -> addActionPerformed(e, model)); addButton.addActionListener(e -> addActionPerformed(e, model, addTextField));
addTextField.addKeyListener(new KeyAdapter() { addTextField.addKeyListener(new KeyAdapter() {
@Override @Override
public void keyPressed(KeyEvent e) { public void keyPressed(KeyEvent e) {
if (e.getKeyCode() == KeyEvent.VK_ENTER) { if (e.getKeyCode() == KeyEvent.VK_ENTER) {
addActionPerformed(null, model); addActionPerformed(null, model, addTextField);
} }
} }
}); });
@@ -372,8 +385,9 @@ public class Config extends JPanel {
configLoader.setScope(String.join("|", HaEScope)); configLoader.setScope(String.join("|", HaEScope));
} }
private void addActionPerformed(ActionEvent e, DefaultTableModel model) { private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField) {
String addTextFieldText = addTextField.getText(); String addTextFieldText = addTextField.getText();
api.logging().logToOutput(addTextFieldText);
if (!addTextFieldText.equals(defaultText)) { if (!addTextFieldText.equals(defaultText)) {
addDataToTable(addTextFieldText, model); addDataToTable(addTextFieldText, model);
} }

26
src/main/java/hae/instances/editor/RequestEditor.java
View File

@@ -12,6 +12,7 @@ import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
import hae.component.board.table.Datatable; import hae.component.board.table.Datatable;
import hae.instances.http.utils.MessageProcessor; import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
import javax.swing.*; import javax.swing.*;
@@ -37,6 +38,7 @@ public class RequestEditor implements HttpRequestEditorProvider {
private static class Editor implements ExtensionProvidedHttpRequestEditor { private static class Editor implements ExtensionProvidedHttpRequestEditor {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final EditorCreationContext creationContext; private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor; private final MessageProcessor messageProcessor;
private HttpRequestResponse requestResponse; private HttpRequestResponse requestResponse;
@@ -47,6 +49,7 @@ public class RequestEditor implements HttpRequestEditorProvider {
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) { public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.creationContext = creationContext; this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api);
} }
@@ -69,16 +72,10 @@ public class RequestEditor implements HttpRequestEditorProvider {
try { try {
String host = StringProcessor.getHostByUrl(request.url()); String host = StringProcessor.getHostByUrl(request.url());
if (!host.isEmpty()) { if (!host.isEmpty()) {
String[] hostList = configLoader.getBlockHost().split("\\|");
boolean isBlockHost = isBlockHost(hostList, host);
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
String toolType = creationContext.toolSource().toolType().toolName(); String toolType = creationContext.toolSource().toolType().toolName();
boolean isToolScope = configLoader.getScope().contains(toolType); boolean matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
boolean matches = suffixList.contains(request.fileExtension().toLowerCase()) || isBlockHost || !isToolScope; if (!matches) {
if (!matches && !request.bodyToString().equals("Loading...")) {
this.dataList = messageProcessor.processRequest("", request, false); this.dataList = messageProcessor.processRequest("", request, false);
return isListHasData(this.dataList); return isListHasData(this.dataList);
} }
@@ -121,19 +118,6 @@ public class RequestEditor implements HttpRequestEditorProvider {
} }
} }
public static boolean isBlockHost(String[] hostList, String host) {
boolean isBlockHost = false;
for (String hostName : hostList) {
String cleanedHost = StringProcessor.replaceFirstOccurrence(hostName, "*.", "");
if (hostName.contains("*.") && StringProcessor.matchFromEnd(host, cleanedHost)) {
isBlockHost = true;
} else if (host.equals(hostName) || hostName.equals("*")) {
isBlockHost = true;
}
}
return isBlockHost;
}
public static boolean isListHasData(List<Map<String, String>> dataList) { public static boolean isListHasData(List<Map<String, String>> dataList) {
if (dataList != null && !dataList.isEmpty()) { if (dataList != null && !dataList.isEmpty()) {
Map<String, String> dataMap = dataList.get(0); Map<String, String> dataMap = dataList.get(0);

14
src/main/java/hae/instances/editor/ResponseEditor.java
View File

@@ -13,11 +13,11 @@ import burp.api.montoya.ui.editor.extension.HttpResponseEditorProvider;
import hae.component.board.table.Datatable; import hae.component.board.table.Datatable;
import hae.instances.http.utils.MessageProcessor; import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
import javax.swing.*; import javax.swing.*;
import java.awt.*; import java.awt.*;
import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@@ -38,6 +38,7 @@ public class ResponseEditor implements HttpResponseEditorProvider {
private static class Editor implements ExtensionProvidedHttpResponseEditor { private static class Editor implements ExtensionProvidedHttpResponseEditor {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final EditorCreationContext creationContext; private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor; private final MessageProcessor messageProcessor;
private HttpRequestResponse requestResponse; private HttpRequestResponse requestResponse;
@@ -48,6 +49,7 @@ public class ResponseEditor implements HttpResponseEditorProvider {
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) { public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.creationContext = creationContext; this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api);
} }
@@ -75,20 +77,14 @@ public class ResponseEditor implements HttpResponseEditorProvider {
try { try {
String host = StringProcessor.getHostByUrl(request.url()); String host = StringProcessor.getHostByUrl(request.url());
if (!host.isEmpty()) { if (!host.isEmpty()) {
String[] hostList = configLoader.getBlockHost().split("\\|");
boolean isBlockHost = RequestEditor.isBlockHost(hostList, host);
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
String toolType = creationContext.toolSource().toolType().toolName(); String toolType = creationContext.toolSource().toolType().toolName();
boolean isToolScope = configLoader.getScope().contains(toolType); matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
matches = suffixList.contains(request.fileExtension().toLowerCase()) || isBlockHost || !isToolScope;
} }
} catch (Exception ignored) { } catch (Exception ignored) {
} }
} }
if (!matches && !response.bodyToString().equals("Loading...")) { if (!matches) {
this.dataList = messageProcessor.processResponse("", response, false); this.dataList = messageProcessor.processResponse("", response, false);
return RequestEditor.isListHasData(this.dataList); return RequestEditor.isListHasData(this.dataList);
} }

76
src/main/java/hae/instances/http/HttpMessageHandler.java
View File

@@ -7,20 +7,20 @@ import burp.api.montoya.http.handler.*;
import burp.api.montoya.http.message.HttpRequestResponse; import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.requests.HttpRequest;
import hae.component.board.message.MessageTableModel; import hae.component.board.message.MessageTableModel;
import hae.instances.editor.RequestEditor;
import hae.instances.http.utils.MessageProcessor; import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
import javax.swing.*; import javax.swing.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
public class HttpMessageHandler implements HttpHandler { public class HttpMessageHandler implements HttpHandler {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final MessageTableModel messageTableModel; private final MessageTableModel messageTableModel;
private final MessageProcessor messageProcessor; private final MessageProcessor messageProcessor;
@@ -29,12 +29,12 @@ public class HttpMessageHandler implements HttpHandler {
private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> ""); private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> "");
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new); private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new); private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
private final ThreadLocal<Boolean> matches = ThreadLocal.withInitial(() -> false);
private final ThreadLocal<HttpRequest> httpRequest = new ThreadLocal<>(); private final ThreadLocal<HttpRequest> httpRequest = new ThreadLocal<>();
public HttpMessageHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) { public HttpMessageHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.messageTableModel = messageTableModel; this.messageTableModel = messageTableModel;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api);
} }
@@ -49,20 +49,6 @@ public class HttpMessageHandler implements HttpHandler {
try { try {
httpRequest.set(httpRequestToBeSent); httpRequest.set(httpRequestToBeSent);
host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url())); host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url()));
String[] hostList = configLoader.getBlockHost().split("\\|");
boolean isBlockHost = RequestEditor.isBlockHost(hostList, host.get());
String toolType = httpRequestToBeSent.toolSource().toolType().toolName();
boolean isToolScope = configLoader.getScope().contains(toolType);
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
matches.set(suffixList.contains(httpRequestToBeSent.fileExtension().toLowerCase()) || isBlockHost || !isToolScope);
if (!matches.get()) {
List<Map<String, String>> result = messageProcessor.processRequest(host.get(), httpRequestToBeSent, true);
setColorAndCommentList(result);
}
} catch (Exception e) { } catch (Exception e) {
api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage()); api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage());
} }
@@ -73,33 +59,43 @@ public class HttpMessageHandler implements HttpHandler {
@Override @Override
public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived httpResponseReceived) { public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived httpResponseReceived) {
Annotations annotations = httpResponseReceived.annotations(); Annotations annotations = httpResponseReceived.annotations();
HttpRequest request = httpResponseReceived.initiatingRequest();
HttpRequestResponse requestResponse = HttpRequestResponse.httpRequestResponse(request, httpResponseReceived);
String toolType = httpResponseReceived.toolSource().toolType().toolName();
if (!matches.get()) { boolean matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
List<Map<String, String>> result = messageProcessor.processResponse(host.get(), httpResponseReceived, true);
setColorAndCommentList(result);
// 设置高亮颜色和注释
if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
annotations.setHighlightColor(HighlightColor.highlightColor(color));
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
annotations.setNotes(comment);
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived); if (!matches) {
try {
setColorAndCommentList(messageProcessor.processRequest(host.get(), request, true));
setColorAndCommentList(messageProcessor.processResponse(host.get(), httpResponseReceived, true));
// 添加到Databoard // 设置高亮颜色和注释
String method = httpRequest.get().method(); if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
String url = httpRequest.get().url(); String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
String status = String.valueOf(httpResponseReceived.statusCode()); annotations.setHighlightColor(HighlightColor.highlightColor(color));
String length = String.valueOf(httpResponseReceived.toByteArray().length()); String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
annotations.setNotes(comment);
// 后台提交,防止线程阻塞 HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived);
new SwingWorker<Void, Void>() {
@Override // 添加到Databoard
protected Void doInBackground() { String method = httpRequest.get().method();
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, "", ""); String url = httpRequest.get().url();
return null; String status = String.valueOf(httpResponseReceived.statusCode());
} String length = String.valueOf(httpResponseReceived.toByteArray().length());
}.run();
// 后台提交,防止线程阻塞
new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() {
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, "", "");
return null;
}
}.run();
}
} catch (Exception e) {
api.logging().logToError("handleHttpResponseReceived: " + e.getMessage());
} }
} }

16
src/main/java/hae/utils/ConfigLoader.java
View File

@@ -147,11 +147,15 @@ public class ConfigLoader {
} }
public String getBlockHost() { public String getBlockHost() {
return getValueFromConfig("blockHost", Config.host); return getValueFromConfig("BlockHost", Config.host);
} }
public String getExcludeSuffix() { public String getExcludeSuffix() {
return getValueFromConfig("excludeSuffix", Config.suffix); return getValueFromConfig("ExcludeSuffix", Config.suffix);
}
public String getExcludeStatus() {
return getValueFromConfig("ExcludeStatus", Config.status);
} }
public String getScope() { public String getScope() {
@@ -189,11 +193,15 @@ public class ConfigLoader {
} }
public void setExcludeSuffix(String excludeSuffix) { public void setExcludeSuffix(String excludeSuffix) {
setValueToConfig("excludeSuffix", excludeSuffix); setValueToConfig("ExcludeSuffix", excludeSuffix);
} }
public void setBlockHost(String blockHost) { public void setBlockHost(String blockHost) {
setValueToConfig("blockHost", blockHost); setValueToConfig("BlockHost", blockHost);
}
public void setExcludeStatus(String status) {
setValueToConfig("ExcludeStatus", status);
} }
public void setScope(String scope) { public void setScope(String scope) {

51
src/main/java/hae/utils/http/HttpUtils.java
View File

@@ -1,16 +1,24 @@
package hae.utils.http; package hae.utils.http;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.HttpService; import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.requests.HttpTransformation; import burp.api.montoya.http.message.requests.HttpTransformation;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.utilities.RandomUtils; import burp.api.montoya.utilities.RandomUtils;
import hae.utils.ConfigLoader;
import hae.utils.string.StringProcessor;
import java.util.Arrays;
import java.util.List;
public class HttpUtils { public class HttpUtils {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader;
public HttpUtils(MontoyaApi api) { public HttpUtils(MontoyaApi api, ConfigLoader configLoader) {
this.api = api; this.api = api;
this.configLoader = configLoader;
} }
public HttpRequest generateRequestByMultipartUploadMethod(String url, String name, String filename, String content) { public HttpRequest generateRequestByMultipartUploadMethod(String url, String name, String filename, String content) {
@@ -28,15 +36,40 @@ public class HttpUtils {
return baseRequest; return baseRequest;
} }
public HttpRequest generateRequestByJsonMethod(String url, String data) {
HttpRequest baseRequest = HttpRequest.httpRequestFromUrl(url).withTransformationApplied(HttpTransformation.TOGGLE_METHOD);
HttpService baseService = baseRequest.httpService();
String requestString = baseRequest.toString().replace("application/x-www-form-urlencoded", "application/json");
baseRequest = HttpRequest.httpRequest(baseService, requestString).withBody(data);
return baseRequest;
}
public HttpRequest generateRequestByDeleteMethod(String url) { public HttpRequest generateRequestByDeleteMethod(String url) {
return HttpRequest.httpRequestFromUrl(url).withMethod("DELETE"); return HttpRequest.httpRequestFromUrl(url).withMethod("DELETE");
} }
public boolean verifyHttpRequestResponse(HttpRequestResponse requestResponse, String toolType) {
HttpRequest request = requestResponse.request();
HttpResponse response = requestResponse.response();
String host = StringProcessor.getHostByUrl(request.url());
String[] hostList = configLoader.getBlockHost().split("\\|");
boolean isBlockHost = isBlockHost(hostList, host);
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
boolean isExcludeSuffix = suffixList.contains(request.fileExtension().toLowerCase());
boolean isToolScope = !configLoader.getScope().contains(toolType);
List<String> statusList = Arrays.asList(configLoader.getExcludeStatus().split("\\|"));
boolean isExcludeStatus = statusList.contains(String.valueOf(response.statusCode()));
return isExcludeSuffix || isBlockHost || isToolScope || isExcludeStatus;
}
private boolean isBlockHost(String[] hostList, String host) {
boolean isBlockHost = false;
for (String hostName : hostList) {
String cleanedHost = StringProcessor.replaceFirstOccurrence(hostName, "*.", "");
if (hostName.contains("*.") && StringProcessor.matchFromEnd(host, cleanedHost)) {
isBlockHost = true;
} else if (host.equals(hostName) || hostName.equals("*")) {
isBlockHost = true;
}
}
return isBlockHost;
}
} }