admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update: Support request messages

Browse Source
This commit is contained in:
AnonymousUser
2020-11-11 03:09:32 +08:00
parent 8f18079ea6
commit 9cb5c93fd7
1 changed files with 90 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
burp/BurpExtender.java
View File

@@ -52,6 +52,8 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
private static String initConfigContent = "{\"Email\":{\"loaded\":true,\"highlight\":true,\"regex\":\"([\\\\w-]+(?:\\\\.[\\\\w-]+)*@(?:[\\\\w](?:[\\\\w-]*[\\\\w])?\\\\.)+[\\\\w](?:[\\\\w-]*[\\\\w])?)\",\"extract\":true,\"color\":\"yellow\"}}";
private static String endColor = "";
private static String[] colorArray = new String[] {"red", "orange", "yellow", "green", "cyan", "blue", "pink", "magenta", "gray"};
private static String[] scopeArray = new String[] {"response", "request"};
private static String[] actionArray = new String[] {"any", "extract", "highight"};
private static IMessageEditorTab HaETab;
private static PrintWriter stdout;
@@ -59,8 +61,10 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
// 设置插件名字
callbacks.setExtensionName("HaE - Highlighter and Extractor");
// 设置插件名字和版本
String version = "1.4";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
@@ -138,7 +142,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
panel_2.add(panel_1, BorderLayout.NORTH);
panel_1.setBorder(new TitledBorder(new EtchedBorder(EtchedBorder.LOWERED, null, null), "Actions", TitledBorder.LEADING, TitledBorder.TOP, null, new Color(0, 0, 0)));
JButton btnReloadRule = new JButton("Reload Rule");
JButton btnReloadRule = new JButton("Reload");
btnReloadRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
fillTable();
@@ -146,7 +150,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
});
panel_1.add(btnReloadRule);
JButton btnNewRule = new JButton("New Rule");
JButton btnNewRule = new JButton("New");
btnNewRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent arg0) {
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
@@ -155,14 +159,14 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
rules.add("New Rule");
rules.add("New Regex");
rules.add("red");
rules.add(true);
rules.add(true);
rules.add("response");
rules.add("any");
dtm.addRow(rules);
}
});
panel_1.add(btnNewRule);
JButton btnDeleteRule = new JButton("Delete Rule");
JButton btnDeleteRule = new JButton("Delete");
btnDeleteRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
int selectRows = table.getSelectedRows().length;
@@ -189,7 +193,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
new Object[][] {
},
new String[] {
"Loaded", "Name", "Regex", "Color", "isExtract", "isHighlight"
"Loaded", "Name", "Regex", "Color", "Scope", "Action"
}
));
scrollPane.setViewportView(table);
@@ -197,8 +201,8 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
table.getColumnModel().getColumn(2).setPreferredWidth(172);
table.getColumnModel().getColumn(3).setCellEditor(new DefaultCellEditor(new JComboBox(colorArray)));
table.getColumnModel().getColumn(0).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JComboBox(scopeArray)));
table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JComboBox(actionArray)));
JLabel lblNewLabel = new JLabel("@EvilChen Love YuChen.");
lblNewLabel.setHorizontalAlignment(SwingConstants.CENTER);
@@ -218,8 +222,8 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
jsonObj1.put("loaded", (boolean) dtm.getValueAt(i, 0));
jsonObj1.put("regex", (String) dtm.getValueAt(i, 2));
jsonObj1.put("color", (String) dtm.getValueAt(i, 3));
jsonObj1.put("extract", (boolean) dtm.getValueAt(i, 4));
jsonObj1.put("highlight", (boolean) dtm.getValueAt(i, 5));
jsonObj1.put("scope", (String) dtm.getValueAt(i, 4));
jsonObj1.put("action", (String) dtm.getValueAt(i, 5));
// 添加数据
jsonObj.put((String) dtm.getValueAt(i, 1), jsonObj1);
}
@@ -262,32 +266,34 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (!messageIsRequest && (toolFlag == 64 || toolFlag == 32 || toolFlag == 4)) {
byte[] content = messageInfo.getResponse();
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
JSONObject jsonObj = matchRegex(content);
if (jsonObj.length() > 0) {
List<String> colorList = new ArrayList<String>();
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString());
boolean isHighlight = jsonObj2.getBoolean("highlight");
if (isHighlight) {
colorList.add(jsonObj2.getString("color"));
}
}
if (colorList.size() != 0) {
colorUpgrade(getColorKeys(colorList));
String color = endColor;
messageInfo.setHighlight(color);
}
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
JSONObject jsonObj = new JSONObject();
if (messageIsRequest) {
byte[] content = messageInfo.getRequest();
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
jsonObj = matchRegex(content, "request", "highlight");
} else {
byte[] content = messageInfo.getResponse();
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
jsonObj = matchRegex(content, "response", "highlight");
}
List<String> colorList = highlightList(jsonObj);
if (colorList.size() != 0) {
colorUpgrade(getColorKeys(colorList));
String color = endColor;
messageInfo.setHighlight(color);
}
}
}
}
class MarkInfoTab implements IMessageEditorTab {
@@ -311,8 +317,9 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
// 先判断是否是请求,再判断是否匹配到内容
if (!isRequest && matchRegex(content).length() != 0) {
if (isRequest && matchRegex(content, "request", "extract").length() != 0) {
return true;
} else if (!isRequest && matchRegex(content, "response", "extract").length() != 0) {
return true;
}
return false;
@@ -343,29 +350,49 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
if (content.length > 0 && !isRequest) {
String result = "";
JSONObject jsonObj = matchRegex(content);
if (jsonObj.length() != 0) {
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean isExtract = jsonObj1.getBoolean("extract");
if (isExtract) {
String tmpStr = String.format("[%s]\n%s\n\n", name, jsonObj1.getString("data")).intern();
result += tmpStr;
}
if (content.length > 0) {
if (isRequest) {
JSONObject jsonObj = matchRegex(content, "request", "extract");
if (jsonObj.length() != 0) {
String result = extractString(jsonObj);
markInfoText.setText(result.getBytes());
}
} else {
JSONObject jsonObj = matchRegex(content, "response", "extract");
if (jsonObj.length() != 0) {
String result = extractString(jsonObj);
markInfoText.setText(result.getBytes());
}
}
markInfoText.setText(result.getBytes());
}
currentMessage = content;
}
}
private JSONObject matchRegex(byte[] content) {
private String extractString(JSONObject jsonObj) {
String result = "";
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
String tmpStr = String.format("[%s]\n%s\n\n", name, jsonObj1.getString("data")).intern();
result += tmpStr;
}
return result;
}
private List<String> highlightList(JSONObject jsonObj) {
List<String> colorList = new ArrayList<String>();
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString());
colorList.add(jsonObj2.getString("color"));
}
return colorList;
}
private JSONObject matchRegex(byte[] content, String scopeString, String actionString) {
JSONObject tabContent = new JSONObject();
// 正则匹配提取内容
try {
@@ -379,12 +406,13 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
JSONObject jsonData = new JSONObject();
String regex = jsonObj1.getString("regex");
boolean isHighligth = jsonObj1.getBoolean("highlight");
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isLoaded = jsonObj1.getBoolean("loaded");
String scope = jsonObj1.getString("scope");
String action = jsonObj1.getString("action");
String color = jsonObj1.getString("color");
List<String> result = new ArrayList<String>();
if(isLoaded) {
if(isLoaded && scope.equals(scopeString) && (action.equals(actionString) || action.equals("any"))) {
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(contentString);
while (matcher.find()) {
@@ -398,8 +426,6 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
result.addAll(tmpList);
if (!result.isEmpty()) {
jsonData.put("highlight", isHighligth);
jsonData.put("extract", isExtract);
jsonData.put("color", color);
jsonData.put("data", String.join("\n", result));
jsonData.put("loaded", isLoaded);
@@ -552,16 +578,16 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
boolean loaded = jsonObj1.getBoolean("loaded");
String regex = jsonObj1.getString("regex");
String color = jsonObj1.getString("color");
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isHighlight = jsonObj1.getBoolean("highlight");
String scope = jsonObj1.getString("scope");
String action = jsonObj1.getString("action");
// 填充数据
Vector rules = new Vector();
rules.add(loaded);
rules.add(name);
rules.add(regex);
rules.add(color);
rules.add(isExtract);
rules.add(isHighlight);
rules.add(scope);
rules.add(action);
dtm.addRow(rules);
}
}