admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fiexd bug: isLoaded

Browse Source
This commit is contained in:
AnonymousUser
2020-10-27 19:00:10 +08:00
parent 1df27ea121
commit edeb263712
3 changed files with 30 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -41,7 +41,7 @@ HaE supports three actions:
3. Color upgrade algorithm: **Two regulars expression, the colors are both orange, if the request are matched these, it will be upgraded to red.** 3. Color upgrade algorithm: **Two regulars expression, the colors are both orange, if the request are matched these, it will be upgraded to red.**
4. The configuration file format uses JSON format, the format is 4. The configuration file format uses JSON format, the format is
``` ```
{name: {"loaded": isLoaded:,"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}} {name: {"loaded": isLoaded,"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}}
``` ```
5. Built-in simple cache to reduce the stuttering phenomenon in the `multi-regular, big data scenario`. 5. Built-in simple cache to reduce the stuttering phenomenon in the `multi-regular, big data scenario`.

2
README_zh.md
View File

@@ -37,7 +37,7 @@ HaE支持三个动作
3. 颜色升级算法利用下标的方式进行优先级排序当满足2个同颜色条件则以优先级顺序上升颜色。例如**两个正则,颜色为橘黄色,该请求两个正则都匹配到了,那么将升级为红色** 3. 颜色升级算法利用下标的方式进行优先级排序当满足2个同颜色条件则以优先级顺序上升颜色。例如**两个正则,颜色为橘黄色,该请求两个正则都匹配到了,那么将升级为红色**
4. 简单的配置文件格式选用JSON格式格式为 4. 简单的配置文件格式选用JSON格式格式为
``` ```
{name: {"loaded": isLoaded:,"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}} {name: {"loaded": isLoaded,"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}}
``` ```
5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象。 5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象。

55
burp/BurpExtender.java
View File

@@ -271,8 +271,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
String name = k.next(); String name = k.next();
JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString()); JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString());
boolean isHighlight = jsonObj2.getBoolean("highlight"); boolean isHighlight = jsonObj2.getBoolean("highlight");
boolean isLoaded = jsonObj2.getBoolean("loaded"); if (isHighlight) {
if (isHighlight && isLoaded) {
colorList.add(jsonObj2.getString("color")); colorList.add(jsonObj2.getString("color"));
} }
} }
@@ -306,7 +305,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
@Override @Override
public boolean isEnabled(byte[] content, boolean isRequest) { public boolean isEnabled(byte[] content, boolean isRequest) {
// 这里需要过一次正则匹配决定是否开启Tab // 先判断是否是请求,再判断是否匹配到内容
if (!isRequest && matchRegex(content).length() != 0) { if (!isRequest && matchRegex(content).length() != 0) {
return true; return true;
} }
@@ -342,9 +341,8 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
String name = k.next(); String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString()); JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean isExtract = jsonObj1.getBoolean("extract"); boolean isExtract = jsonObj1.getBoolean("extract");
boolean isLoaded = jsonObj1.getBoolean("loaded"); if (isExtract) {
if (isExtract && isLoaded) { String tmpStr = String.format("[%s]\n%s\n\n", name, jsonObj1.getString("data")).intern();
String tmpStr = String.format("[%s] %s \n", name, jsonObj1.getString("data")).intern();
result += tmpStr; result += tmpStr;
} }
} }
@@ -354,6 +352,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
currentMessage = content; currentMessage = content;
} }
} }
private JSONObject matchRegex(byte[] content) { private JSONObject matchRegex(byte[] content) {
JSONObject tabContent = new JSONObject(); JSONObject tabContent = new JSONObject();
@@ -374,28 +373,30 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
boolean isLoaded = jsonObj1.getBoolean("loaded"); boolean isLoaded = jsonObj1.getBoolean("loaded");
String color = jsonObj1.getString("color"); String color = jsonObj1.getString("color");
List<String> result = new ArrayList<String>(); List<String> result = new ArrayList<String>();
if(isLoaded) {
Pattern pattern = Pattern.compile(regex); Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(contentString); Matcher matcher = pattern.matcher(contentString);
while (matcher.find()) { while (matcher.find()) {
// 添加匹配数据至list // 添加匹配数据至list
// 强制用户使用()包裹正则 // 强制用户使用()包裹正则
result.add(matcher.group(1)); result.add(matcher.group(1));
} }
// 去除重复内容 // 去除重复内容
HashSet tmpList = new HashSet(result); HashSet tmpList = new HashSet(result);
result.clear(); result.clear();
result.addAll(tmpList); result.addAll(tmpList);
if (!result.isEmpty()) { if (!result.isEmpty()) {
jsonData.put("highlight", isHighligth); jsonData.put("highlight", isHighligth);
jsonData.put("extract", isExtract); jsonData.put("extract", isExtract);
jsonData.put("color", color); jsonData.put("color", color);
jsonData.put("data", String.join(",", result)); jsonData.put("data", String.join("\n", result));
jsonData.put("loaded", isLoaded); jsonData.put("loaded", isLoaded);
// 初始化格式 // 初始化格式
tabContent.put(name, jsonData); tabContent.put(name, jsonData);
}
} }
} }
return tabContent; return tabContent;
} catch (Exception e) { } catch (Exception e) {