Version: 2.5.8 Update
This commit is contained in:
gh0stkey
@@ -9,7 +9,6 @@ import burp.ui.board.MessagePanel;
|
||||
import java.beans.PropertyChangeEvent;
|
||||
import java.beans.PropertyChangeListener;
|
||||
import java.net.URL;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.*;
|
||||
import javax.swing.*;
|
||||
import java.awt.*;
|
||||
@@ -39,7 +38,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
|
||||
new ConfigLoader();
|
||||
|
||||
String version = "2.5.7";
|
||||
String version = "2.5.8";
|
||||
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
||||
|
||||
// 定义输出
|
||||
@@ -140,23 +139,18 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
}
|
||||
|
||||
if (Objects.equals(host, "")) {
|
||||
List<String> requestTmpHeaders = helpers.analyzeRequest(content).getHeaders();
|
||||
host = requestTmpHeaders.get(1).split(":")[1].trim();
|
||||
host = helpers.analyzeRequest(content).getUrl().getHost();
|
||||
}
|
||||
|
||||
List<Map<String, String>> result = null;
|
||||
|
||||
try {
|
||||
result = messageProcessor.processMessage(helpers, content, messageIsRequest, true, host);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
String resComment = "";
|
||||
String resColor = "";
|
||||
String originalColor = messageInfo.getHighlight();
|
||||
String originalComment = messageInfo.getComment();
|
||||
|
||||
if (!messageIsRequest) {
|
||||
try {
|
||||
result = messageProcessor.processMessage(helpers, messageInfo, host, true);
|
||||
|
||||
if (result != null && !result.isEmpty() && result.size() > 0) {
|
||||
List<String> colorList = new ArrayList<>();
|
||||
|
||||
@@ -165,21 +159,21 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
}
|
||||
|
||||
colorList.add(result.get(0).get("color"));
|
||||
resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
|
||||
String resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
|
||||
messageInfo.setHighlight(resColor);
|
||||
|
||||
String addComment = String.join(", ", result.get(1).get("comment"));
|
||||
String allComment = !Objects.equals(originalComment, "") ? String.format("%s, %s", originalComment, addComment) : addComment;
|
||||
resComment = mergeComment(allComment);
|
||||
String resComment = mergeComment(allComment);
|
||||
messageInfo.setComment(resComment);
|
||||
|
||||
messagePanel.add(messageInfo, resComment, String.valueOf(content.length), resColor);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
String endComment = resComment.isEmpty() ? originalComment : resComment;
|
||||
String endColor = resColor.isEmpty() ? originalColor : resColor;
|
||||
|
||||
if (!messageIsRequest && !Objects.equals(endComment, "") && !Objects.equals(endColor, "")) {
|
||||
messagePanel.add(messageInfo, endComment, String.valueOf(content.length), endColor);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -250,9 +244,13 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
List<Map<String, String>> result = null;
|
||||
|
||||
try {
|
||||
result = messageProcessor.processMessage(helpers, content, isRequest, false, "");
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException(e);
|
||||
if (isRequest) {
|
||||
result = messageProcessor.processRequestMessage(helpers, content, "", false);
|
||||
} else {
|
||||
result = messageProcessor.processResponseMessage(helpers, content, "", false);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
if (result != null && !result.isEmpty()) {
|
||||
@@ -264,6 +262,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -132,7 +132,7 @@ public class DataProcessingUnit {
|
||||
tmpMap.put("data", dataStr);
|
||||
finalMap.put(nameAndSize, tmpMap);
|
||||
// 添加到全局变量中,便于Databoard检索
|
||||
if (!Objects.equals(host, "")) {
|
||||
if (!Objects.equals(host, "") && host != null) {
|
||||
List<String> dataList = Arrays.asList(dataStr.split("\n"));
|
||||
if (ConfigEntry.globalDataMap.containsKey(host)) {
|
||||
Map<String, List<String>> gRuleMap = new HashMap<>(ConfigEntry.globalDataMap.get(host));
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
package burp.core.processor;
|
||||
|
||||
import burp.IExtensionHelpers;
|
||||
import burp.IHttpRequestResponse;
|
||||
import burp.IRequestInfo;
|
||||
import burp.IResponseInfo;
|
||||
import burp.core.utils.MatchTool;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
@@ -12,16 +12,27 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class MessageProcessor {
|
||||
MatchTool matcher = new MatchTool();
|
||||
DataProcessingUnit dataProcessingUnit = new DataProcessingUnit();
|
||||
ColorProcessor colorProcessor = new ColorProcessor();
|
||||
private MatchTool matcher = new MatchTool();
|
||||
private DataProcessingUnit dataProcessingUnit = new DataProcessingUnit();
|
||||
private ColorProcessor colorProcessor = new ColorProcessor();
|
||||
|
||||
public List<Map<String, String>> processMessage(IExtensionHelpers helpers, byte[] content, boolean isRequest, boolean messageInfo, String host)
|
||||
throws NoSuchAlgorithmException {
|
||||
List<Map<String, String>> result = new ArrayList<>();
|
||||
public List<Map<String, String>> processMessage(IExtensionHelpers helpers, IHttpRequestResponse messageInfo, String host, boolean actionFlag) throws Exception {
|
||||
|
||||
byte[] requestByte = messageInfo.getRequest();
|
||||
byte[] responseByte = messageInfo.getResponse();
|
||||
|
||||
List<Map<String, String>> reqObj = processRequestMessage(helpers, requestByte, host, actionFlag);
|
||||
List<Map<String, String>> resObj = processResponseMessage(helpers, responseByte, host, actionFlag);
|
||||
|
||||
List<Map<String, String>> mergedList = new ArrayList<>(reqObj);
|
||||
mergedList.addAll(resObj);
|
||||
|
||||
return mergedList;
|
||||
}
|
||||
|
||||
public List<Map<String, String>> processRequestMessage(IExtensionHelpers helpers, byte[] content, String host, boolean actionFlag) throws Exception {
|
||||
Map<String, Map<String, Object>> obj;
|
||||
|
||||
if (isRequest) {
|
||||
IRequestInfo requestInfo = helpers.analyzeRequest(content);
|
||||
List<String> requestTmpHeaders = requestInfo.getHeaders();
|
||||
String requestHeaders = String.join("\n", requestTmpHeaders);
|
||||
@@ -30,35 +41,49 @@ public class MessageProcessor {
|
||||
String urlString = requestTmpHeaders.get(0).split(" ")[1];
|
||||
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
|
||||
if (matcher.matchUrlSuffix(urlString)) {
|
||||
return result;
|
||||
return null;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
return result;
|
||||
e.printStackTrace();
|
||||
return null;
|
||||
}
|
||||
|
||||
int requestBodyOffset = requestInfo.getBodyOffset();
|
||||
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
|
||||
obj = dataProcessingUnit.matchContentByRegex(content, requestHeaders, requestBody, "request", host);
|
||||
} else {
|
||||
|
||||
return getDataList(obj, actionFlag);
|
||||
}
|
||||
|
||||
public List<Map<String, String>> processResponseMessage(IExtensionHelpers helpers, byte[] content, String host, boolean actionFlag) throws Exception {
|
||||
Map<String, Map<String, Object>> obj;
|
||||
|
||||
IResponseInfo responseInfo = helpers.analyzeResponse(content);
|
||||
try {
|
||||
String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType().toLowerCase());
|
||||
String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType().toLowerCase());
|
||||
if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) {
|
||||
return result;
|
||||
return null;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
return result;
|
||||
e.printStackTrace();
|
||||
return null;
|
||||
}
|
||||
List<String> responseTmpHeaders = responseInfo.getHeaders();
|
||||
String responseHeaders = String.join("\n", responseTmpHeaders);
|
||||
int responseBodyOffset = responseInfo.getBodyOffset();
|
||||
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
|
||||
obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host);
|
||||
|
||||
return getDataList(obj, actionFlag);
|
||||
}
|
||||
|
||||
private List<Map<String, String>> getDataList(Map<String, Map<String, Object>> obj, boolean actionFlag) {
|
||||
List<Map<String, String>> highlightList = new ArrayList<>();
|
||||
List<Map<String, String>> extractList = new ArrayList<>();
|
||||
|
||||
if (obj.size() > 0) {
|
||||
if (messageInfo) {
|
||||
if (actionFlag) {
|
||||
List<List<String>> resultList = dataProcessingUnit.extractColorsAndComments(obj);
|
||||
List<String> colorList = resultList.get(0);
|
||||
List<String> commentList = resultList.get(1);
|
||||
@@ -70,13 +95,14 @@ public class MessageProcessor {
|
||||
Map<String, String> commentMap = new HashMap<String, String>() {{
|
||||
put("comment", String.join(", ", commentList));
|
||||
}};
|
||||
result.add(colorMap);
|
||||
result.add(commentMap);
|
||||
highlightList.add(colorMap);
|
||||
highlightList.add(commentMap);
|
||||
}
|
||||
} else {
|
||||
result.add(dataProcessingUnit.extractDataFromMap(obj));
|
||||
extractList.add(dataProcessingUnit.extractDataFromMap(obj));
|
||||
}
|
||||
}
|
||||
return result;
|
||||
|
||||
return actionFlag ? highlightList : extractList;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package burp.rule.utils;
|
||||
|
||||
import burp.*;
|
||||
import burp.config.ConfigEntry;
|
||||
import burp.config.ConfigLoader;
|
||||
import java.io.FileOutputStream;
|
||||
import java.net.URL;
|
||||
import java.util.Arrays;
|
||||
|
||||
@@ -301,9 +301,6 @@ public class Databoard extends JPanel {
|
||||
for (Map.Entry<String, Map<String, List<String>>> entry : dataMap.entrySet()) {
|
||||
JTabbedPane newTabbedPane = new JTabbedPane();
|
||||
newTabbedPane.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
|
||||
if (currentWorker != null && !currentWorker.isDone()) {
|
||||
currentWorker.cancel(true);
|
||||
}
|
||||
|
||||
for (Map.Entry<String, List<String>> entrySet : entry.getValue().entrySet()) {
|
||||
currentWorker = new SwingWorker<Object, Void>() {
|
||||
@@ -322,8 +319,10 @@ public class Databoard extends JPanel {
|
||||
if (!isCancelled()) {
|
||||
try {
|
||||
Object[] result = (Object[]) get();
|
||||
SwingUtilities.invokeLater(() -> {
|
||||
newTabbedPane.addTab(result[0].toString(), (DatatablePanel) result[1]);
|
||||
dataTabbedPane.addTab(entry.getKey(), newTabbedPane);
|
||||
});
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
@@ -329,8 +329,8 @@ public class MessagePanel extends AbstractTableModel implements IMessageEditorCo
|
||||
byte[] reqByteB = reqResMessage.getRequest();
|
||||
byte[] resByteB = reqResMessage.getResponse();
|
||||
try {
|
||||
// 采用匹配数据结果比对
|
||||
if (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA))) {
|
||||
// 通过URL、请求和响应报文、匹配数据内容,多维度进行对比
|
||||
if ((entry.getUrl().toString().equals(url.toString()) || (Arrays.equals(reqByteB, reqByteA) || Arrays.equals(resByteB, resByteA))) && (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA)))) {
|
||||
isDuplicate = true;
|
||||
break;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user