From 548315e1639c8f42b2de3507eb24c6cfad283de8 Mon Sep 17 00:00:00 2001 From: gh0stkey <24655118+gh0stkey@users.noreply.github.com> Date: Thu, 16 Nov 2023 19:33:38 +0800 Subject: [PATCH] Version: 2.5.8 Update --- src/main/java/burp/BurpExtender.java | 67 +++++----- .../core/processor/DataProcessingUnit.java | 2 +- .../burp/core/processor/MessageProcessor.java | 114 +++++++++++------- src/main/java/burp/rule/utils/RuleTool.java | 2 - src/main/java/burp/ui/board/Databoard.java | 9 +- src/main/java/burp/ui/board/MessagePanel.java | 4 +- 6 files changed, 110 insertions(+), 88 deletions(-) diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index 97cfe64..708089e 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -9,7 +9,6 @@ import burp.ui.board.MessagePanel; import java.beans.PropertyChangeEvent; import java.beans.PropertyChangeListener; import java.net.URL; -import java.security.NoSuchAlgorithmException; import java.util.*; import javax.swing.*; import java.awt.*; @@ -39,7 +38,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito new ConfigLoader(); - String version = "2.5.7"; + String version = "2.5.8"; callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version)); // 定义输出 @@ -140,46 +139,41 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito } if (Objects.equals(host, "")) { - List requestTmpHeaders = helpers.analyzeRequest(content).getHeaders(); - host = requestTmpHeaders.get(1).split(":")[1].trim(); + host = helpers.analyzeRequest(content).getUrl().getHost(); } List> result = null; - try { - result = messageProcessor.processMessage(helpers, content, messageIsRequest, true, host); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - - String resComment = ""; - String resColor = ""; String originalColor = messageInfo.getHighlight(); String originalComment = messageInfo.getComment(); - if (result != null && !result.isEmpty() && result.size() > 0) { - List colorList = new ArrayList<>(); + if (!messageIsRequest) { + try { + result = messageProcessor.processMessage(helpers, messageInfo, host, true); - if (originalColor != null) { - colorList.add(originalColor); + if (result != null && !result.isEmpty() && result.size() > 0) { + List colorList = new ArrayList<>(); + + if (originalColor != null) { + colorList.add(originalColor); + } + + colorList.add(result.get(0).get("color")); + String resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList)); + messageInfo.setHighlight(resColor); + + String addComment = String.join(", ", result.get(1).get("comment")); + String allComment = !Objects.equals(originalComment, "") ? String.format("%s, %s", originalComment, addComment) : addComment; + String resComment = mergeComment(allComment); + messageInfo.setComment(resComment); + + messagePanel.add(messageInfo, resComment, String.valueOf(content.length), resColor); + } + } catch (Exception e) { + e.printStackTrace(); } - - colorList.add(result.get(0).get("color")); - resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList)); - messageInfo.setHighlight(resColor); - - String addComment = String.join(", ", result.get(1).get("comment")); - String allComment = !Objects.equals(originalComment, "") ? String.format("%s, %s", originalComment, addComment) : addComment; - resComment = mergeComment(allComment); - messageInfo.setComment(resComment); } - String endComment = resComment.isEmpty() ? originalComment : resComment; - String endColor = resColor.isEmpty() ? originalColor : resColor; - - if (!messageIsRequest && !Objects.equals(endComment, "") && !Objects.equals(endColor, "")) { - messagePanel.add(messageInfo, endComment, String.valueOf(content.length), endColor); - } } } @@ -250,9 +244,13 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito List> result = null; try { - result = messageProcessor.processMessage(helpers, content, isRequest, false, ""); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); + if (isRequest) { + result = messageProcessor.processRequestMessage(helpers, content, "", false); + } else { + result = messageProcessor.processResponseMessage(helpers, content, "", false); + } + } catch (Exception e) { + e.printStackTrace(); } if (result != null && !result.isEmpty()) { @@ -264,6 +262,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito } return true; } + return false; } diff --git a/src/main/java/burp/core/processor/DataProcessingUnit.java b/src/main/java/burp/core/processor/DataProcessingUnit.java index 647e822..38e805c 100644 --- a/src/main/java/burp/core/processor/DataProcessingUnit.java +++ b/src/main/java/burp/core/processor/DataProcessingUnit.java @@ -132,7 +132,7 @@ public class DataProcessingUnit { tmpMap.put("data", dataStr); finalMap.put(nameAndSize, tmpMap); // 添加到全局变量中,便于Databoard检索 - if (!Objects.equals(host, "")) { + if (!Objects.equals(host, "") && host != null) { List dataList = Arrays.asList(dataStr.split("\n")); if (ConfigEntry.globalDataMap.containsKey(host)) { Map> gRuleMap = new HashMap<>(ConfigEntry.globalDataMap.get(host)); diff --git a/src/main/java/burp/core/processor/MessageProcessor.java b/src/main/java/burp/core/processor/MessageProcessor.java index 1972b53..d5c057d 100644 --- a/src/main/java/burp/core/processor/MessageProcessor.java +++ b/src/main/java/burp/core/processor/MessageProcessor.java @@ -1,10 +1,10 @@ package burp.core.processor; import burp.IExtensionHelpers; +import burp.IHttpRequestResponse; import burp.IRequestInfo; import burp.IResponseInfo; import burp.core.utils.MatchTool; -import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -12,53 +12,78 @@ import java.util.List; import java.util.Map; public class MessageProcessor { - MatchTool matcher = new MatchTool(); - DataProcessingUnit dataProcessingUnit = new DataProcessingUnit(); - ColorProcessor colorProcessor = new ColorProcessor(); + private MatchTool matcher = new MatchTool(); + private DataProcessingUnit dataProcessingUnit = new DataProcessingUnit(); + private ColorProcessor colorProcessor = new ColorProcessor(); - public List> processMessage(IExtensionHelpers helpers, byte[] content, boolean isRequest, boolean messageInfo, String host) - throws NoSuchAlgorithmException { - List> result = new ArrayList<>(); + public List> processMessage(IExtensionHelpers helpers, IHttpRequestResponse messageInfo, String host, boolean actionFlag) throws Exception { + + byte[] requestByte = messageInfo.getRequest(); + byte[] responseByte = messageInfo.getResponse(); + + List> reqObj = processRequestMessage(helpers, requestByte, host, actionFlag); + List> resObj = processResponseMessage(helpers, responseByte, host, actionFlag); + + List> mergedList = new ArrayList<>(reqObj); + mergedList.addAll(resObj); + + return mergedList; + } + + public List> processRequestMessage(IExtensionHelpers helpers, byte[] content, String host, boolean actionFlag) throws Exception { Map> obj; - if (isRequest) { - IRequestInfo requestInfo = helpers.analyzeRequest(content); - List requestTmpHeaders = requestInfo.getHeaders(); - String requestHeaders = String.join("\n", requestTmpHeaders); + IRequestInfo requestInfo = helpers.analyzeRequest(content); + List requestTmpHeaders = requestInfo.getHeaders(); + String requestHeaders = String.join("\n", requestTmpHeaders); - try { - String urlString = requestTmpHeaders.get(0).split(" ")[1]; - urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString; - if (matcher.matchUrlSuffix(urlString)) { - return result; - } - } catch (Exception e) { - return result; + try { + String urlString = requestTmpHeaders.get(0).split(" ")[1]; + urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString; + if (matcher.matchUrlSuffix(urlString)) { + return null; } - - int requestBodyOffset = requestInfo.getBodyOffset(); - byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length); - obj = dataProcessingUnit.matchContentByRegex(content, requestHeaders, requestBody, "request", host); - } else { - IResponseInfo responseInfo = helpers.analyzeResponse(content); - try { - String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType().toLowerCase()); - String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType().toLowerCase()); - if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) { - return result; - } - } catch (Exception e) { - return result; - } - List responseTmpHeaders = responseInfo.getHeaders(); - String responseHeaders = String.join("\n", responseTmpHeaders); - int responseBodyOffset = responseInfo.getBodyOffset(); - byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length); - obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host); + } catch (Exception e) { + e.printStackTrace(); + return null; } + int requestBodyOffset = requestInfo.getBodyOffset(); + byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length); + obj = dataProcessingUnit.matchContentByRegex(content, requestHeaders, requestBody, "request", host); + + return getDataList(obj, actionFlag); + } + + public List> processResponseMessage(IExtensionHelpers helpers, byte[] content, String host, boolean actionFlag) throws Exception { + Map> obj; + + IResponseInfo responseInfo = helpers.analyzeResponse(content); + try { + String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType().toLowerCase()); + String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType().toLowerCase()); + if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) { + return null; + } + } catch (Exception e) { + e.printStackTrace(); + return null; + } + List responseTmpHeaders = responseInfo.getHeaders(); + String responseHeaders = String.join("\n", responseTmpHeaders); + int responseBodyOffset = responseInfo.getBodyOffset(); + byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length); + obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host); + + return getDataList(obj, actionFlag); + } + + private List> getDataList(Map> obj, boolean actionFlag) { + List> highlightList = new ArrayList<>(); + List> extractList = new ArrayList<>(); + if (obj.size() > 0) { - if (messageInfo) { + if (actionFlag) { List> resultList = dataProcessingUnit.extractColorsAndComments(obj); List colorList = resultList.get(0); List commentList = resultList.get(1); @@ -70,13 +95,14 @@ public class MessageProcessor { Map commentMap = new HashMap() {{ put("comment", String.join(", ", commentList)); }}; - result.add(colorMap); - result.add(commentMap); + highlightList.add(colorMap); + highlightList.add(commentMap); } } else { - result.add(dataProcessingUnit.extractDataFromMap(obj)); + extractList.add(dataProcessingUnit.extractDataFromMap(obj)); } } - return result; + + return actionFlag ? highlightList : extractList; } } diff --git a/src/main/java/burp/rule/utils/RuleTool.java b/src/main/java/burp/rule/utils/RuleTool.java index cb0363d..f4d049c 100644 --- a/src/main/java/burp/rule/utils/RuleTool.java +++ b/src/main/java/burp/rule/utils/RuleTool.java @@ -1,8 +1,6 @@ package burp.rule.utils; import burp.*; -import burp.config.ConfigEntry; -import burp.config.ConfigLoader; import java.io.FileOutputStream; import java.net.URL; import java.util.Arrays; diff --git a/src/main/java/burp/ui/board/Databoard.java b/src/main/java/burp/ui/board/Databoard.java index 7a11801..1ece01c 100644 --- a/src/main/java/burp/ui/board/Databoard.java +++ b/src/main/java/burp/ui/board/Databoard.java @@ -301,9 +301,6 @@ public class Databoard extends JPanel { for (Map.Entry>> entry : dataMap.entrySet()) { JTabbedPane newTabbedPane = new JTabbedPane(); newTabbedPane.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT); - if (currentWorker != null && !currentWorker.isDone()) { - currentWorker.cancel(true); - } for (Map.Entry> entrySet : entry.getValue().entrySet()) { currentWorker = new SwingWorker() { @@ -322,8 +319,10 @@ public class Databoard extends JPanel { if (!isCancelled()) { try { Object[] result = (Object[]) get(); - newTabbedPane.addTab(result[0].toString(), (DatatablePanel) result[1]); - dataTabbedPane.addTab(entry.getKey(), newTabbedPane); + SwingUtilities.invokeLater(() -> { + newTabbedPane.addTab(result[0].toString(), (DatatablePanel) result[1]); + dataTabbedPane.addTab(entry.getKey(), newTabbedPane); + }); } catch (Exception e) { e.printStackTrace(); } diff --git a/src/main/java/burp/ui/board/MessagePanel.java b/src/main/java/burp/ui/board/MessagePanel.java index 65f52b3..46fba32 100644 --- a/src/main/java/burp/ui/board/MessagePanel.java +++ b/src/main/java/burp/ui/board/MessagePanel.java @@ -329,8 +329,8 @@ public class MessagePanel extends AbstractTableModel implements IMessageEditorCo byte[] reqByteB = reqResMessage.getRequest(); byte[] resByteB = reqResMessage.getResponse(); try { - // 采用匹配数据结果比对 - if (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA))) { + // 通过URL、请求和响应报文、匹配数据内容,多维度进行对比 + if ((entry.getUrl().toString().equals(url.toString()) || (Arrays.equals(reqByteB, reqByteA) || Arrays.equals(resByteB, resByteA))) && (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA)))) { isDuplicate = true; break; }