update

2020-03-24 18:15:37 +08:00
parent 14b43d9625
commit 7863d9640d
20 changed files with 418 additions and 2 deletions
--- a/HaE/HaE.py
+++ b/HaE/HaE.py
@@ -0,0 +1,233 @@
 # -*- coding:utf-8 -*-
 # Author: Vulkey_Chen
 # Blog: gh0st.cn
 # Team: MSTSEC
 import json, re, jsbeautifier
 from burp import IBurpExtender, ITab, IHttpListener, IMessageEditorTabFactory, IMessageEditorTab
 from javax.swing import JPanel, JLabel, JButton, JTextArea, JTextField, JCheckBox, JTabbedPane, JScrollPane, SwingConstants
 from java.awt import BorderLayout
 from java.io import PrintWriter
 # color list
 colors = ['red', 'orange', 'yellow', 'green', 'cyan', 'blue', 'pink', 'magenta', 'gray']
 # config
 configFile = "config.json"
 # 获取配置文件内容
 def getConfig():
    config = ""
    with open(configFile, 'r') as content:
        config = json.load(content)
    return config
 # 寻找内容
 def findContent(info, message):
    info = getConfig()
    results = {}
    for i in info:
        regex = re.compile(info[i]['regex'])
        regexRes = regex.findall(message)
        if regexRes != []:
            results[i] = ','.join(list(set(regexRes)))
    return results
 class BurpExtender(IBurpExtender, ITab,IHttpListener, IMessageEditorTabFactory):
    def registerExtenderCallbacks(self, callbacks):
        self._callbacks = callbacks
        self._helpers = callbacks.getHelpers()
        callbacks.setExtensionName("HaE(Highlighter and Extractor)")
        self._stdout = PrintWriter(callbacks.getStdout(), True)
        callbacks.registerHttpListener(self)
        callbacks.registerMessageEditorTabFactory(self)
        print 'HaE(Highlighter and Extractor)\nAuthor: Vulkey_Chen\nBlog: gh0st.cn\nTeam: MSTSEC'
        self._callbacks.customizeUiComponent(self.getUiComponent())
        self._callbacks.addSuiteTab(self)
        self.endColors = []
    def getTabCaption(self):
        return 'HaE'
    def createNewInstance(self, controller, editable):
        return MarkINFOTab(self, controller, editable)
    def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
        if messageIsRequest:
            return
        content = messageInfo.getResponse()
        r = self._helpers.analyzeResponse(content)
        msg = content[r.getBodyOffset():].tostring()
        # msg 为响应正文信息
        info = getConfig()
        results = findContent(info, msg)
        colorList = []
        if results != {}:
            for i in results:
                if info[i]['highlight'] == 1 :
                    if info[i]['color'] == 'red':
                        messageInfo.setHighlight(info[i]['color'])
                        break
                    else:
                        colorList.append(info[i]['color'])
            if not messageInfo.getHighlight():
                colorsList = [colors.index(i) for i in colorList]
                colorsList.sort()
                # print(colorsList)
                self.helper(colorsList)
                endColor = [colors.index(x) for x in self.endColors]
                # print(endColor)
                messageInfo.setHighlight(colors[min(endColor)])
    # 颜色升级
    def helper(self, mylist):
        l = len(mylist)
        i = 0
        stack = []
        while i < l:
            if not stack:
                stack.append(mylist[i])
                i += 1
            else:
                if mylist[i] != stack[-1]:
                    stack.append(mylist[i])
                    i += 1
                else:
                    stack[-1] -= 1
                    i += 1
        if len(stack) == len(set(stack)):
            self.endColors = [colors[i] for i in stack]
        else:
            self.helper(stack)
    def addConfig(self, event):
        nameText = self.nameTextField.getText()
        regexText = self.regexTextField.getText()
        colorText = self.colorTextField.getText()
        isHighlight = int(self.highlightCheckBox.isSelected())
        isExtract = int(self.extractCheckBox.isSelected())
        if colorText in colors:
            with open(configFile, 'r+') as content:
                dicts = json.load(content)
                # 解决r+写入问题
                content.seek(0,0)
                content.truncate()
                if nameText in dicts:
                    self.tipString.setText("Name is existed!")
                elif not(isHighlight or isExtract):
                    self.tipString.setText("Highlight or Extract?")
                else:
                    dicts[nameText] = {"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}
                    content.write(jsbeautifier.beautify(json.dumps(dicts)))
                    #print(dicts)
                    self.tipString.setText("Save Successfully!")
        else:
            self.tipString.setText("Not in colors list.")
    def reloadConfig(self, event):
        with open(configFile, 'r') as content:
            self.configTextArea.setText(content.read())
    def getUiComponent(self):
        self.HaEPanel = JPanel()
        self.HaEPanel.setBorder(None)
        self.HaEPanel.setLayout(BorderLayout(0, 0))
        self.panel = JPanel()
        self.HaEPanel.add(self.panel, BorderLayout.NORTH)
        self.panel.setLayout(BorderLayout(0, 0))
        self.tabbedPane = JTabbedPane(JTabbedPane.TOP)
        self.panel.add(self.tabbedPane, BorderLayout.CENTER)
        self.setPanel = JPanel()
        self.tabbedPane.addTab("Set", None, self.setPanel, None)
        self.setPanel.setLayout(BorderLayout(0, 0))
        self.setPanel_1 = JPanel()
        self.setPanel.add(self.setPanel_1, BorderLayout.NORTH)
        self.nameString = JLabel("Name")
        self.setPanel_1.add(self.nameString)
        self.nameTextField = JTextField()
        self.setPanel_1.add(self.nameTextField)
        self.nameTextField.setColumns(10)
        self.regexString = JLabel("Regex")
        self.setPanel_1.add(self.regexString)
        self.regexTextField = JTextField()
        self.setPanel_1.add(self.regexTextField)
        self.regexTextField.setColumns(10)
        self.extractCheckBox = JCheckBox("Extract")
        self.setPanel_1.add(self.extractCheckBox)
        self.highlightCheckBox = JCheckBox("Highlight")
        self.setPanel_1.add(self.highlightCheckBox)
        self.setPanel_2 = JPanel()
        self.setPanel.add(self.setPanel_2)
        self.colorString = JLabel("Color")
        self.setPanel_2.add(self.colorString)
        self.colorTextField = JTextField()
        self.setPanel_2.add(self.colorTextField)
        self.colorTextField.setColumns(5)
        self.addBottun = JButton("Add", actionPerformed=self.addConfig)
        self.setPanel_2.add(self.addBottun)
        self.tipString = JLabel("");
        self.setPanel_2.add(self.tipString)
        self.configPanel = JPanel()
        self.tabbedPane.addTab("Config", None, self.configPanel, None)
        self.configPanel.setLayout(BorderLayout(0, 0))
        self.configString = JLabel("This is config file content.")
        self.configString.setHorizontalAlignment(SwingConstants.CENTER)
        self.configPanel.add(self.configString, BorderLayout.NORTH)
        self.configTextArea = JTextArea()
        self.configTextArea.setEnabled(False)
        self.configTextArea.setTabSize(4)
        self.configTextArea.setLineWrap(True)
        self.configTextArea.setRows(20)
        self.configPanel.add(self.configTextArea, BorderLayout.SOUTH)
        self.scrollPane = JScrollPane(self.configTextArea)
        self.configPanel.add(self.scrollPane, BorderLayout.SOUTH)
        self.reloadButton = JButton("Reload", actionPerformed=self.reloadConfig)
        self.configPanel.add(self.reloadButton, BorderLayout.CENTER)
        return self.HaEPanel
 class MarkINFOTab(IMessageEditorTab):
    def __init__(self, extender, controller, editable):
        self._extender = extender
        self._helpers = extender._helpers
        self._editable = editable
        self._txtInput = extender._callbacks.createTextEditor()
        self._txtInput.setEditable(editable)
    def getTabCaption(self):
        return "MarkINFO"
    def getUiComponent(self):
        return self._txtInput.getComponent()
    # 非响应 没有匹配到不返回Tab标签页
    def isEnabled(self, content, isRequest):
        r = self._helpers.analyzeResponse(content)
        msg = content[r.getBodyOffset():].tostring()
        info = getConfig()
        if not isRequest:
            content = findContent(info, msg)
            if content != {}:
                for i in content:
                    if info[i]['extract'] == 1 :
                        return True
    # 设置Tab的内容
    def setMessage(self, content, isRequest):
        # 判断是否有内容
        if content:
            if not isRequest:
                r = self._helpers.analyzeResponse(content)
                msg = content[r.getBodyOffset():].tostring()
                info = getConfig()
                contents = findContent(info, msg)
                result = ""
                for i in contents:
                    if info[i]['extract'] == 1 :
                        result += "[{}] {}\n".format(i,contents[i])
                self._txtInput.setText(result)
        else:
            return False
--- a/HaE/config.json
+++ b/HaE/config.json
@@ -0,0 +1,26 @@
 {
    "Email": {
        "color": "yellow",
        "highlight": 1,
        "regex": "[\\w-]+(?:\\.[\\w-]+)*@(?:[\\w](?:[\\w-]*[\\w])?\\.)+[\\w](?:[\\w-]*[\\w])?",
        "extract": 1
    },
    "Chinese IDCard": {
        "color": "orange",
        "highlight": 1,
        "regex": "[1-9]\\d{5}(?:19|20)\\d\\d(?:0[1-9]|1[012])(?:0[1-9]|[12]\\d|3[01])\\d{3}(?:\\d|X)",
        "extract": 1
    },
    "Chinese Mobile": {
        "color": "yellow",
        "highlight": 1,
        "regex": "[^0-9]+(1[3-9]\\d{9})[^0-9]+",
        "extract": 1
    },
    "Internal IP Address": {
        "color": "yellow",
        "highlight": 1,
        "regex": "(?:10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})|(?:172\\.(?:(?:1[6-9])|(?:2\\d)|(?:3[01]))\\.\\d{1,3}\\.\\d{1,3})|(?:192\\.168\\.\\d{1,3}\\.\\d{1,3})",
        "extract": 1
    }
 }
--- a/README.md
+++ b/README.md
@@ -1,2 +1,159 @@
-# HaE
+# HaE - 信息高亮与提取者
-HaE - BurpSuite Highlighter and Extractor
+
 ## 前言
 HaE（Highlight and Extractor），是基于MarkINFO插件（地址：https://github.com/gh0stkey/BurpSuite-Extender-MarkInfo ）的基础进行重构。
 用处：
 - 高亮标记请求，针对高亮的请求进行深度挖掘
 - 敏感信息泄露发现
 ## 设计想法
 语言：Python
 ![-w902](images/15845160387850.jpg)
 功能：
 - 自定义正则
 - 自定义高亮颜色
 - 自定义高亮或提取
 ## 设计过程
 ### 可视化界面
 UI设计（基于Eclipse可视化设计），基于Java Swing
 ![-w1143](images/15845162741518.jpg)
 然后将Java代码转换为Python代码即可（**有很多坑～**）
 使用BurpSuite接口：`ITab`创建Tab
 ![-w1276](images/15845160114052.jpg)
 ### 高亮颜色
 将BurpSuite的所有高亮颜色集成：（仅支持：`red, orange, yellow, green, cyan, blue, pink, magenta, gray`）
 ![-w96](images/15844769689459.jpg)
 ![-w518](images/15845164967615.jpg)
 ### 配置文件格式
 选用JSON格式，格式为
 ```
 name: {"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}
 ```
 ### 颜色优先级和升级
 定义Colors变量：
 `colors = ['red', 'orange', 'yellow', 'green', 'cyan', 'blue', 'pink', 'magenta', 'gray']`
 利用下标的方式进行优先级排序，当满足2个同颜色条件则以优先级顺序上升颜色。（例如：**两个正则，颜色为橘黄色，该请求两个正则都匹配到了，那么将升级为红色**）
 ## 使用方法
 贴一些案例，仅供参考，还有更多玩法，可以自我琢磨～
 ### 环境设置
 进入Extender - Options - Python Environment
 ![-w840](images/15845168078333.jpg)
 载入Jython的Jar包以及载入python的包路径。
 加载插件，选择HaE.py文件：
 ![-w858](images/15845168915243.jpg)
 加载成功：
 ![-w743](images/15845169108559.jpg)
 ### RUN IT
 #### 添加自定义正则
 ```
 名字：Email
 正则：[\\w-]+(?:\\.[\\w-]+)*@(?:[\\w](?:[\\w-]*[\\w])?\\.)+[\\w](?:[\\w-]*[\\w])?
 高亮颜色：red
 是否高亮和提取：是
 ```
 转到HaE标签页，进行设置，点击Add按钮即可添加
 ![-w1278](images/15845171413470.jpg)
 HaE - Config查看是否进行配置，点击Reload按钮：
 ![-w1277](images/15845172203307.jpg)
 #### 高亮请求
 在Proxy - HTTP History中可以看见高亮请求，响应标签页中含有`MarkINFO`标签，其中将匹配到的邮箱提取了出来
 ![-w1268](images/15845175423506.jpg)
 #### 正则优化（参考Demo）
 在正则匹配手机号、身份证号码的时候（纯数字类）会存在一些误报（这里匹配身份证号码无法进行校验，误报率很高），但手机号处理这一块可以解决：
 原正则：
 ```
 (1[3-9]\d{9})
 ```
 误报场景：`12315188888888123`，这时候会匹配到`15188888888`，而实际上这一段并不是手机号，所以完全可以修改正则为：
 ```
 [^0-9]+(1[3-9]\d{9})[^0-9]+
 ```
 也就是要求匹配的手机号前后不能为0-9的数字。
 ## 实战用法
 ### CMS指纹识别
 例如：识别Discuz，名字：CMS-Discuz，正则：`Powered by Discuz!`，高亮颜色：blue
 ![-w1272](images/15845485039330.jpg)
 Add保存到配置文件中：
 ![-w294](images/15845485770190.jpg)
 请求识别：
 ![-w1037](images/15845486471590.jpg)
 ### OSS对象存储信息泄露
 名字：INFO-OSS
 正则：`[A|a]ccess[K|k]ey[I|i]d|[A|a]ccess[K|k]ey[S|s]ecret`
 高亮颜色：cyan
 ![-w1002](images/15845490590739.jpg)
 Add保存到配置文件中：
 ![-w482](images/15845490802944.jpg)
 请求中识别并提取：
 ![-w1278](images/15845492243895.jpg)
--- a/images/15844769689459.jpg
+++ b/images/15844769689459.jpg
--- a/images/15845160114052.jpg
+++ b/images/15845160114052.jpg
--- a/images/15845160387850.jpg
+++ b/images/15845160387850.jpg
--- a/images/15845162741518.jpg
+++ b/images/15845162741518.jpg
--- a/images/15845164967615.jpg
+++ b/images/15845164967615.jpg
--- a/images/15845168078333.jpg
+++ b/images/15845168078333.jpg
--- a/images/15845168915243.jpg
+++ b/images/15845168915243.jpg
--- a/images/15845169108559.jpg
+++ b/images/15845169108559.jpg
--- a/images/15845171413470.jpg
+++ b/images/15845171413470.jpg
--- a/images/15845172203307.jpg
+++ b/images/15845172203307.jpg
--- a/images/15845175423506.jpg
+++ b/images/15845175423506.jpg
--- a/images/15845485039330.jpg
+++ b/images/15845485039330.jpg
--- a/images/15845485770190.jpg
+++ b/images/15845485770190.jpg
--- a/images/15845486471590.jpg
+++ b/images/15845486471590.jpg
--- a/images/15845490590739.jpg
+++ b/images/15845490590739.jpg
--- a/images/15845490802944.jpg
+++ b/images/15845490802944.jpg
--- a/images/15845492243895.jpg
+++ b/images/15845492243895.jpg