Version: 3.3.2 Update
This commit is contained in:
gh0stkey
@@ -12,6 +12,8 @@ public class Config {
|
|||||||
|
|
||||||
public static String status = "404";
|
public static String status = "404";
|
||||||
|
|
||||||
|
public static String boundary = "\n\t\n";
|
||||||
|
|
||||||
public static String[] scope = new String[]{
|
public static String[] scope = new String[]{
|
||||||
"any",
|
"any",
|
||||||
"any header",
|
"any header",
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ public class HaE implements BurpExtension {
|
|||||||
@Override
|
@Override
|
||||||
public void initialize(MontoyaApi api) {
|
public void initialize(MontoyaApi api) {
|
||||||
// 设置扩展名称
|
// 设置扩展名称
|
||||||
String version = "3.3.1";
|
String version = "3.3.2";
|
||||||
api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
||||||
|
|
||||||
// 加载扩展后输出的项目信息
|
// 加载扩展后输出的项目信息
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
package hae.component.config;
|
package hae.component;
|
||||||
|
|
||||||
import burp.api.montoya.MontoyaApi;
|
import burp.api.montoya.MontoyaApi;
|
||||||
import hae.component.rule.Rules;
|
import hae.component.rule.Rules;
|
||||||
@@ -387,7 +387,6 @@ public class Config extends JPanel {
|
|||||||
|
|
||||||
private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField) {
|
private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField) {
|
||||||
String addTextFieldText = addTextField.getText();
|
String addTextFieldText = addTextField.getText();
|
||||||
api.logging().logToOutput(addTextFieldText);
|
|
||||||
if (!addTextFieldText.equals(defaultText)) {
|
if (!addTextFieldText.equals(defaultText)) {
|
||||||
addDataToTable(addTextFieldText, model);
|
addDataToTable(addTextFieldText, model);
|
||||||
}
|
}
|
||||||
@@ -3,7 +3,6 @@ package hae.component;
|
|||||||
import burp.api.montoya.MontoyaApi;
|
import burp.api.montoya.MontoyaApi;
|
||||||
import hae.component.board.Databoard;
|
import hae.component.board.Databoard;
|
||||||
import hae.component.board.message.MessageTableModel;
|
import hae.component.board.message.MessageTableModel;
|
||||||
import hae.component.config.Config;
|
|
||||||
import hae.component.rule.Rules;
|
import hae.component.rule.Rules;
|
||||||
import hae.utils.ConfigLoader;
|
import hae.utils.ConfigLoader;
|
||||||
|
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ import hae.component.board.message.MessageTableModel.MessageTable;
|
|||||||
import hae.component.board.table.Datatable;
|
import hae.component.board.table.Datatable;
|
||||||
import hae.instances.http.utils.RegularMatcher;
|
import hae.instances.http.utils.RegularMatcher;
|
||||||
import hae.utils.ConfigLoader;
|
import hae.utils.ConfigLoader;
|
||||||
|
import hae.utils.UIEnhancer;
|
||||||
import hae.utils.project.ProjectProcessor;
|
import hae.utils.project.ProjectProcessor;
|
||||||
import hae.utils.project.model.HaeFileContent;
|
import hae.utils.project.model.HaeFileContent;
|
||||||
import hae.utils.string.StringProcessor;
|
import hae.utils.string.StringProcessor;
|
||||||
@@ -54,6 +55,8 @@ public class Databoard extends JPanel {
|
|||||||
private SwingWorker<List<Object[]>, Void> exportActionWorker;
|
private SwingWorker<List<Object[]>, Void> exportActionWorker;
|
||||||
private SwingWorker<List<Object[]>, Void> importActionWorker;
|
private SwingWorker<List<Object[]>, Void> importActionWorker;
|
||||||
|
|
||||||
|
private final String defaultText = "Please enter the host";
|
||||||
|
|
||||||
public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
|
public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
|
||||||
this.api = api;
|
this.api = api;
|
||||||
this.configLoader = configLoader;
|
this.configLoader = configLoader;
|
||||||
@@ -85,6 +88,7 @@ public class Databoard extends JPanel {
|
|||||||
menu.add(menuPanel);
|
menu.add(menuPanel);
|
||||||
|
|
||||||
hostTextField = new JTextField();
|
hostTextField = new JTextField();
|
||||||
|
UIEnhancer.setTextFieldPlaceholder(hostTextField, defaultText);
|
||||||
splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
|
splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
|
||||||
|
|
||||||
dataTabbedPane = new JTabbedPane(JTabbedPane.TOP);
|
dataTabbedPane = new JTabbedPane(JTabbedPane.TOP);
|
||||||
|
|||||||
@@ -9,6 +9,7 @@ import burp.api.montoya.ui.Selection;
|
|||||||
import burp.api.montoya.ui.editor.extension.EditorCreationContext;
|
import burp.api.montoya.ui.editor.extension.EditorCreationContext;
|
||||||
import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
|
import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
|
||||||
import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
|
import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
|
||||||
|
import hae.Config;
|
||||||
import hae.component.board.table.Datatable;
|
import hae.component.board.table.Datatable;
|
||||||
import hae.instances.http.utils.MessageProcessor;
|
import hae.instances.http.utils.MessageProcessor;
|
||||||
import hae.utils.ConfigLoader;
|
import hae.utils.ConfigLoader;
|
||||||
@@ -132,7 +133,7 @@ public class RequestEditor implements HttpRequestEditorProvider {
|
|||||||
Map<String, String> dataMap = result.get(0);
|
Map<String, String> dataMap = result.get(0);
|
||||||
if (dataMap != null && !dataMap.isEmpty()) {
|
if (dataMap != null && !dataMap.isEmpty()) {
|
||||||
dataMap.keySet().forEach(i -> {
|
dataMap.keySet().forEach(i -> {
|
||||||
String[] extractData = dataMap.get(i).split("\n");
|
String[] extractData = dataMap.get(i).split(Config.boundary);
|
||||||
Datatable dataPanel = new Datatable(api, configLoader, i, Arrays.asList(extractData));
|
Datatable dataPanel = new Datatable(api, configLoader, i, Arrays.asList(extractData));
|
||||||
tabbedPane.addTab(i, dataPanel);
|
tabbedPane.addTab(i, dataPanel);
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -29,7 +29,6 @@ public class HttpMessageHandler implements HttpHandler {
|
|||||||
private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> "");
|
private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> "");
|
||||||
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
|
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
|
||||||
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
|
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
|
||||||
private final ThreadLocal<HttpRequest> httpRequest = new ThreadLocal<>();
|
|
||||||
|
|
||||||
public HttpMessageHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
|
public HttpMessageHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
|
||||||
this.api = api;
|
this.api = api;
|
||||||
@@ -47,7 +46,6 @@ public class HttpMessageHandler implements HttpHandler {
|
|||||||
Annotations annotations = httpRequestToBeSent.annotations();
|
Annotations annotations = httpRequestToBeSent.annotations();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
httpRequest.set(httpRequestToBeSent);
|
|
||||||
host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url()));
|
host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url()));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage());
|
api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage());
|
||||||
@@ -77,11 +75,10 @@ public class HttpMessageHandler implements HttpHandler {
|
|||||||
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
|
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
|
||||||
annotations.setNotes(comment);
|
annotations.setNotes(comment);
|
||||||
|
|
||||||
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived);
|
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(request, httpResponseReceived);
|
||||||
|
|
||||||
// 添加到Databoard
|
String method = request.method();
|
||||||
String method = httpRequest.get().method();
|
String url = request.url();
|
||||||
String url = httpRequest.get().url();
|
|
||||||
String status = String.valueOf(httpResponseReceived.statusCode());
|
String status = String.valueOf(httpResponseReceived.statusCode());
|
||||||
String length = String.valueOf(httpResponseReceived.toByteArray().length());
|
String length = String.valueOf(httpResponseReceived.toByteArray().length());
|
||||||
|
|
||||||
@@ -92,7 +89,7 @@ public class HttpMessageHandler implements HttpHandler {
|
|||||||
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, "", "");
|
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, "", "");
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}.run();
|
}.execute();
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
api.logging().logToError("handleHttpResponseReceived: " + e.getMessage());
|
api.logging().logToError("handleHttpResponseReceived: " + e.getMessage());
|
||||||
|
|||||||
@@ -92,7 +92,7 @@ public class RegularMatcher {
|
|||||||
|
|
||||||
if (!result.isEmpty()) {
|
if (!result.isEmpty()) {
|
||||||
tmpMap.put("color", color);
|
tmpMap.put("color", color);
|
||||||
String dataStr = String.join("\n", result);
|
String dataStr = String.join(Config.boundary, result);
|
||||||
tmpMap.put("data", dataStr);
|
tmpMap.put("data", dataStr);
|
||||||
|
|
||||||
String nameAndSize = String.format("%s (%s)", name, result.size());
|
String nameAndSize = String.format("%s (%s)", name, result.size());
|
||||||
|
|||||||
@@ -77,8 +77,10 @@ public class ConfigLoader {
|
|||||||
|
|
||||||
public void initConfig() {
|
public void initConfig() {
|
||||||
Map<String, Object> r = new LinkedHashMap<>();
|
Map<String, Object> r = new LinkedHashMap<>();
|
||||||
r.put("excludeSuffix", getExcludeSuffix());
|
r.put("ExcludeSuffix", getExcludeSuffix());
|
||||||
r.put("blockHost", getBlockHost());
|
r.put("BlockHost", getBlockHost());
|
||||||
|
r.put("ExcludeStatus", getExcludeStatus());
|
||||||
|
r.put("HaEScope", getScope());
|
||||||
try {
|
try {
|
||||||
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
|
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
|
||||||
yaml.dump(r, ws);
|
yaml.dump(r, ws);
|
||||||
@@ -162,10 +164,10 @@ public class ConfigLoader {
|
|||||||
return getValueFromConfig("HaEScope", Config.scopeOptions);
|
return getValueFromConfig("HaEScope", Config.scopeOptions);
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getValueFromConfig(String name, String value) {
|
private String getValueFromConfig(String name, String defaultValue) {
|
||||||
File yamlSetting = new File(configFilePath);
|
File yamlSetting = new File(configFilePath);
|
||||||
if (!yamlSetting.exists() || !yamlSetting.isFile()) {
|
if (!yamlSetting.exists() || !yamlSetting.isFile()) {
|
||||||
return value;
|
return defaultValue;
|
||||||
}
|
}
|
||||||
|
|
||||||
try (InputStream inorder = Files.newInputStream(Paths.get(configFilePath))) {
|
try (InputStream inorder = Files.newInputStream(Paths.get(configFilePath))) {
|
||||||
@@ -177,7 +179,7 @@ public class ConfigLoader {
|
|||||||
} catch (Exception ignored) {
|
} catch (Exception ignored) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return value;
|
return defaultValue;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setAlibabaAIAPIKey(String apiKey) {
|
public void setAlibabaAIAPIKey(String apiKey) {
|
||||||
|
|||||||
@@ -26,12 +26,11 @@ public class HttpUtils {
|
|||||||
|
|
||||||
String boundary = api.utilities().randomUtils().randomString(32, RandomUtils.CharacterSet.ASCII_LETTERS);
|
String boundary = api.utilities().randomUtils().randomString(32, RandomUtils.CharacterSet.ASCII_LETTERS);
|
||||||
|
|
||||||
StringBuilder newBody = new StringBuilder();
|
String newBody = String.format("--%s\r\nContent-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n\r\n%s\r\n", boundary, name, filename, content) +
|
||||||
newBody.append(String.format("--%s\r\nContent-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n\r\n%s\r\n", boundary, name, filename, content));
|
String.format("--%s\r\nContent-Disposition: form-data; name=\"%s\"\r\n\r\n%s\r\n", boundary, "purpose", "file-extract") +
|
||||||
newBody.append(String.format("--%s\r\nContent-Disposition: form-data; name=\"%s\"\r\n\r\n%s\r\n", boundary, "purpose", "file-extract"));
|
"--" + boundary + "--\r\n";
|
||||||
newBody.append("--").append(boundary).append("--\r\n");
|
|
||||||
|
|
||||||
baseRequest = baseRequest.withUpdatedHeader("Content-Type", "multipart/form-data; boundary=" + boundary).withBody(newBody.toString());
|
baseRequest = baseRequest.withUpdatedHeader("Content-Type", "multipart/form-data; boundary=" + boundary).withBody(newBody);
|
||||||
|
|
||||||
return baseRequest;
|
return baseRequest;
|
||||||
}
|
}
|
||||||
@@ -44,7 +43,8 @@ public class HttpUtils {
|
|||||||
public boolean verifyHttpRequestResponse(HttpRequestResponse requestResponse, String toolType) {
|
public boolean verifyHttpRequestResponse(HttpRequestResponse requestResponse, String toolType) {
|
||||||
HttpRequest request = requestResponse.request();
|
HttpRequest request = requestResponse.request();
|
||||||
HttpResponse response = requestResponse.response();
|
HttpResponse response = requestResponse.response();
|
||||||
|
boolean retStatus = false;
|
||||||
|
try {
|
||||||
String host = StringProcessor.getHostByUrl(request.url());
|
String host = StringProcessor.getHostByUrl(request.url());
|
||||||
String[] hostList = configLoader.getBlockHost().split("\\|");
|
String[] hostList = configLoader.getBlockHost().split("\\|");
|
||||||
boolean isBlockHost = isBlockHost(hostList, host);
|
boolean isBlockHost = isBlockHost(hostList, host);
|
||||||
@@ -57,7 +57,11 @@ public class HttpUtils {
|
|||||||
List<String> statusList = Arrays.asList(configLoader.getExcludeStatus().split("\\|"));
|
List<String> statusList = Arrays.asList(configLoader.getExcludeStatus().split("\\|"));
|
||||||
boolean isExcludeStatus = statusList.contains(String.valueOf(response.statusCode()));
|
boolean isExcludeStatus = statusList.contains(String.valueOf(response.statusCode()));
|
||||||
|
|
||||||
return isExcludeSuffix || isBlockHost || isToolScope || isExcludeStatus;
|
retStatus = isExcludeSuffix || isBlockHost || isToolScope || isExcludeStatus;
|
||||||
|
} catch (Exception ignored) {
|
||||||
|
}
|
||||||
|
|
||||||
|
return retStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isBlockHost(String[] hostList, String host) {
|
private boolean isBlockHost(String[] hostList, String host) {
|
||||||
|
|||||||
@@ -237,15 +237,6 @@ rules:
|
|||||||
scope: response body
|
scope: response body
|
||||||
engine: dfa
|
engine: dfa
|
||||||
sensitive: false
|
sensitive: false
|
||||||
- name: HTML Notes
|
|
||||||
loaded: true
|
|
||||||
f_regex: (<!--.*?-->)
|
|
||||||
s_regex: ''
|
|
||||||
format: '{0}'
|
|
||||||
color: magenta
|
|
||||||
scope: response body
|
|
||||||
engine: nfa
|
|
||||||
sensitive: false
|
|
||||||
- name: Create Script
|
- name: Create Script
|
||||||
loaded: true
|
loaded: true
|
||||||
f_regex: (\{[^{}]*\}\s*\[[^\s]*\]\s*\+\s*"[^\s]*\.js")
|
f_regex: (\{[^{}]*\}\s*\[[^\s]*\]\s*\+\s*"[^\s]*\.js")
|
||||||
|
|||||||
Reference in New Issue
Block a user