admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version: 2.6.1 Update

Browse Source
This commit is contained in:
gh0stkey
2024-03-22 15:34:14 +08:00
parent 3a536a52de
commit ad1a14b27e
3 changed files with 57 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/burp/BurpExtender.java
View File

@@ -36,7 +36,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
new ConfigLoader(); new ConfigLoader();
String version = "2.6"; String version = "2.6.1";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version)); callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出 // 定义输出

56
src/main/java/burp/core/processor/DataProcessingUnit.java
View File

@@ -177,6 +177,7 @@ public class DataProcessingUnit {
Matcher matcher = createPatternMatcher(f_regex, content, sensitive); Matcher matcher = createPatternMatcher(f_regex, content, sensitive);
retList.addAll(extractMatches(s_regex, format, sensitive, matcher)); retList.addAll(extractMatches(s_regex, format, sensitive, matcher));
} else { } else {
// DFA不支持格式化输出因此不关注format
String newContent = content; String newContent = content;
String newFirstRegex = f_regex; String newFirstRegex = f_regex;
if (!sensitive) { if (!sensitive) {
@@ -184,7 +185,7 @@ public class DataProcessingUnit {
newFirstRegex = f_regex.toLowerCase(); newFirstRegex = f_regex.toLowerCase();
} }
AutomatonMatcher autoMatcher = createAutomatonMatcher(newFirstRegex, newContent); AutomatonMatcher autoMatcher = createAutomatonMatcher(newFirstRegex, newContent);
retList.addAll(extractMatches(s_regex, format, autoMatcher, content)); retList.addAll(extractMatches(s_regex, autoMatcher, content));
} }
return retList; return retList;
} }
@@ -195,21 +196,27 @@ public class DataProcessingUnit {
matches.addAll(getFormatString(matcher, format)); matches.addAll(getFormatString(matcher, format));
} else { } else {
while (matcher.find()) { while (matcher.find()) {
matcher = createPatternMatcher(s_regex, matcher.group(1), sensitive); String matchContent = matcher.group(1);
matches.addAll(getFormatString(matcher, format)); if (!matchContent.isEmpty()) {
matcher = createPatternMatcher(s_regex, matchContent, sensitive);
matches.addAll(getFormatString(matcher, format));
}
} }
} }
return matches; return matches;
} }
private List<String> extractMatches(String s_regex, String format, AutomatonMatcher autoMatcher, String content) { private List<String> extractMatches(String s_regex, AutomatonMatcher autoMatcher, String content) {
List<String> matches = new ArrayList<>(); List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) { if (s_regex.isEmpty()) {
matches.addAll(getFormatString(autoMatcher, format, content)); matches.addAll(getFormatString(autoMatcher, content));
} else { } else {
while (autoMatcher.find()) { while (autoMatcher.find()) {
autoMatcher = createAutomatonMatcher(s_regex, getSubString(content, autoMatcher.group())); String s = autoMatcher.group();
matches.addAll(getFormatString(autoMatcher, format, content)); if (!s.isEmpty()) {
autoMatcher = createAutomatonMatcher(s_regex, getSubString(content, s));
matches.addAll(getFormatString(autoMatcher, content));
}
} }
} }
return matches; return matches;
@@ -220,25 +227,29 @@ public class DataProcessingUnit {
List<String> stringList = new ArrayList<>(); List<String> stringList = new ArrayList<>();
while (matcher.find()) { while (matcher.find()) {
Object[] params = indexList.stream().map(i -> { if (!matcher.group(1).isEmpty()) {
if (matcher.group(i+1) != null) { Object[] params = indexList.stream().map(i -> {
return matcher.group(i+1); if (!matcher.group(i+1).isEmpty()) {
} return matcher.group(i+1);
return ""; }
}).toArray(); return "";
stringList.add(MessageFormat.format(reorderIndex(format), params)); }).toArray();
stringList.add(MessageFormat.format(reorderIndex(format), params));
}
} }
return stringList; return stringList;
} }
public List<String> getFormatString(AutomatonMatcher matcher, String format, String content) { public List<String> getFormatString(AutomatonMatcher matcher, String content) {
List<Integer> indexList = parseIndexesFromString(format);
List<String> stringList = new ArrayList<>(); List<String> stringList = new ArrayList<>();
while (matcher.find()) { while (matcher.find()) {
Object[] params = indexList.stream().map(i -> getSubString(content, matcher.group(i))).toArray(); String s = matcher.group(0);
stringList.add(MessageFormat.format(reorderIndex(format), params)); if (!s.isEmpty()) {
stringList.add(getSubString(content, s));
}
} }
return stringList; return stringList;
@@ -262,14 +273,19 @@ public class DataProcessingUnit {
Matcher matcher = pattern.matcher(input); Matcher matcher = pattern.matcher(input);
while (matcher.find()) { while (matcher.find()) {
indexes.add(Integer.valueOf(matcher.group(1))); String index = matcher.group(1);
if (!index.isEmpty()) {
indexes.add(Integer.valueOf(index));
}
} }
return indexes; return indexes;
} }
private String getSubString(String content, String s) { private String getSubString(String content, String s) {
int startIndex = content.toLowerCase().indexOf(s); byte[] contentByte = BurpExtender.helpers.stringToBytes(content);
byte[] sByte = BurpExtender.helpers.stringToBytes(s);
int startIndex = BurpExtender.helpers.indexOf(contentByte, sByte, false, 1, contentByte.length);
int endIndex = startIndex + s.length(); int endIndex = startIndex + s.length();
return content.substring(startIndex, endIndex); return content.substring(startIndex, endIndex);
} }

30
src/main/java/burp/core/processor/MessageProcessor.java
View File

@@ -1,5 +1,6 @@
package burp.core.processor; package burp.core.processor;
import burp.BurpExtender;
import burp.IExtensionHelpers; import burp.IExtensionHelpers;
import burp.IHttpRequestResponse; import burp.IHttpRequestResponse;
import burp.IRequestInfo; import burp.IRequestInfo;
@@ -79,20 +80,29 @@ public class MessageProcessor {
Map<String, Map<String, Object>> obj; Map<String, Map<String, Object>> obj;
IResponseInfo responseInfo = helpers.analyzeResponse(content); IResponseInfo responseInfo = helpers.analyzeResponse(content);
try {
String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType().toLowerCase());
String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType().toLowerCase());
if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) {
return null;
}
} catch (Exception e) {
e.printStackTrace();
return null;
}
List<String> responseTmpHeaders = responseInfo.getHeaders(); List<String> responseTmpHeaders = responseInfo.getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders); String responseHeaders = String.join("\n", responseTmpHeaders);
int responseBodyOffset = responseInfo.getBodyOffset(); int responseBodyOffset = responseInfo.getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length); byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
if (responseBody.length > 1) {
try {
// TODO: 需要加入文件头校验来排除静态二进制文件
String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType());
String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType());
if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType))
{
return null;
}
} catch (Exception e) {
e.printStackTrace();
return null;
}
} else {
return null;
}
obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host); obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host);
return getDataList(obj, actionFlag); return getDataList(obj, actionFlag);