admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:1.0
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
...
compare: admin:2.5
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

105 Commits
1.0 ... 2.5

Author SHA1 Message Date
gh0stkey
e68619d1c2 Version: 2.5 Update 2023-10-12 21:38:27 +08:00
gh0stkey
dd08ffaaa2 Update 2023-10-09 14:26:03 +08:00
gh0stkey
d9aeda4cc3 Update README.md 2023-10-09 14:25:14 +08:00
gh0stkey
e1c05ba10d Version: 2.4.7 Update 2023-09-28 01:48:51 +08:00
gh0stkey
6a17064b3a Version: 2.4.7 Update 2023-09-28 01:42:09 +08:00
gh0stkey
e698bb1caa Version: 2.4.7 Update 2023-09-28 01:23:36 +08:00
gh0stkey
a69503ca3d Version: 2.4.7 Update 2023-09-27 23:55:02 +08:00
AnonymousUser
d590d4a70e Version: 2.4.6 Update 2023-02-22 17:36:50 +08:00
AnonymousUser
548339fa58 Version: 2.4.6 Update 2023-02-22 17:25:55 +08:00
AnonymousUser
df4496d4fd Version: 2.4.5 Update 2022-12-18 16:12:16 +08:00
AnonymousUser
48e355ac54 Update 2022-12-18 15:09:28 +08:00
AnonymousUser
b784aa1425 Version: 2.4.4 Update 2022-09-26 18:49:35 +08:00
AnonymousUser
440b3b1504 Version: 2.4.3 Update 2022-09-20 10:33:00 +08:00
ᴋᴇʏ
a8f1798c7b Update README.md 2022-07-25 10:56:33 +08:00
AnonymousUser
225ee471ec Version: 2.4.2 Update 2022-07-15 10:12:34 +08:00
AnonymousUser
5097124867 Version: 2.4.1 Update 2022-06-29 16:05:51 +08:00
AnonymousUser
7e0e3054be Version: 2.4.1 Update 2022-06-29 15:17:42 +08:00
ᴋᴇʏ
17a84fc19e Update README.md 2022-06-24 11:11:27 +08:00
ᴋᴇʏ
1573d563eb Update README.md 2022-06-23 22:31:39 +08:00
ᴋᴇʏ
515f7b33f0 Update README.md 2022-06-23 22:26:51 +08:00
AnonymousUser
1dc510d576 Version: 2.4 Update 2022-06-23 15:48:22 +08:00
AnonymousUser
f401214524 Version: 2.4 Update 2022-06-23 15:34:22 +08:00
ᴋᴇʏ
7ebba02200 Update README.md 2022-06-22 10:26:36 +08:00
AnonymousUser
93f5c73aac Update 2022-06-22 10:20:44 +08:00
AnonymousUser
60b261d6ef Update 2022-06-21 17:06:45 +08:00
AnonymousUser
c84ebf3a9d Version: 2.3 Update 2022-05-27 13:29:32 +08:00
AnonymousUser
15f84028bb Version: 2.2.3 Update 2022-05-12 11:00:55 +08:00
AnonymousUser
1238e536d1 Version: 2.2.2 Update 2022-05-04 23:17:24 +08:00
AnonymousUser
5d23a68c0e Version: 2.2.2 Update 2022-05-04 22:51:58 +08:00
AnonymousUser
d7f04526b4 Version: 2.2.2 Update 2022-05-04 22:48:44 +08:00
AnonymousUser
acff96ed7b Version: 2.2.2 Update 2022-05-04 22:47:28 +08:00
AnonymousUser
350c093162 Update 2022-05-04 20:50:53 +08:00
AnonymousUser
0d3d4f88e9 Version: 2.2.1 Update 2022-04-21 10:50:10 +08:00
AnonymousUser
37ca315aba Version: 2.2 Update 2022-04-08 17:25:35 +08:00
AnonymousUser
241247a4a0 Version: 2.2 Update 2022-04-08 17:21:40 +08:00
AnonymousUser
08bfb69fce Version: 2.1.6 Update 2022-03-31 13:54:12 +08:00
AnonymousUser
a6d5f3a204 Version: 2.1.5 Update 2022-02-25 13:22:14 +08:00
AnonymousUser
c4d8743fe3 Version: 2.1.4 Update 2022-02-21 09:31:03 +08:00
AnonymousUser
903077c830 Version: 2.1.3 Update 2022-01-11 14:46:25 +08:00
AnonymousUser
daddf15af2 Version: 2.1.2 Update 2021-10-23 00:06:48 +08:00
AnonymousUser
e747011ec0 Version: 2.1.2 Update 2021-10-23 00:00:20 +08:00
AnonymousUser
f7b2e99eb2 Version: 2.1.2 Update 2021-10-22 22:46:42 +08:00
AnonymousUser
59cd0a88b9 Update 2021-10-22 21:58:45 +08:00
AnonymousUser
b16cbf5b60 Update 2021-10-22 21:57:11 +08:00
AnonymousUser
4ef766dd82 Version: 2.1.1 Update 2021-10-21 23:42:15 +08:00
AnonymousUser
5d9f590977 Version: 2.1 Update 2021-09-12 15:23:54 +08:00
AnonymousUser
5c326d3ca6 Version: 2.0.7 Update 2021-09-07 22:09:42 +08:00
ᴋᴇʏ
62edae0ab4 Merge pull request #28 from gh0stkey/add-license-1 
Create LICENSE
 2021-08-16 11:01:05 +08:00
ᴋᴇʏ
562378873c Create LICENSE 2021-08-16 11:00:53 +08:00
AnonymousUser
5f62e9653f update 2021-08-01 15:00:12 +08:00
AnonymousUser
3fc1869a7b Version: 2.0.6 Update 2021-07-13 15:10:25 +08:00
AnonymousUser
43fbc46b65 Version: 2.0.5 Fixed Bug 2021-07-06 18:33:11 +08:00
AnonymousUser
00a4a835b2 Update 2021-06-25 12:41:25 +08:00
AnonymousUser
f872dadf46 Version: 2.0.4 Fixed Bug 2021-06-14 23:06:03 +08:00
0chen
15bbb9f1a0 修复一处bug 
close #18
感谢#18 问题已经修复
 2021-06-14 15:33:22 +08:00
AnonymousUser
89f3f6cf09 Version 2.0.3 Fixed Match Scope Bug 2021-06-12 15:24:19 +08:00
AnonymousUser
cf9f434ff8 Version 2.0.3 Fixed Match Scope Bug 2021-06-12 15:19:39 +08:00
AnonymousUser
37a907d6df Version: 2.0.2 Fixed UI BUG 2021-06-11 18:27:14 +08:00
AnonymousUser
83e5da2f7e Version: 2.0.2 Fixed UI BUG 2021-06-11 18:25:36 +08:00
AnonymousUser
e43a96b8ad Version: 2.0.1 Fixed bug 2021-06-11 12:36:30 +08:00
AnonymousUser
a7112ad297 Version: 2.0 Update 2021-06-11 08:22:45 +08:00
AnonymousUser
efc7a2d7e3 Version: 2.0 Update 2021-06-10 23:20:46 +08:00
AnonymousUser
0cfebb8464 Version: 2.0 Update 2021-06-10 23:02:51 +08:00
AnonymousUser
2b4e56ea8c Version: 2.0 Update 2021-06-10 22:59:27 +08:00
AnonymousUser
4bdb576448 Add Public Rules 2020-12-11 23:55:11 +08:00
Key
e7a7f823df Merge pull request #11 from PortSwigger/master 
BApp
 2020-12-04 23:02:57 +08:00
PortSwigger Support
a0d33f8c58 1.5.1 update 2020-12-04 14:51:33 +00:00
Uthman Eqbal
72511d9f14 Merge pull request #7 from gh0stkey/master 
HaE 1.5.1
 2020-12-04 12:02:26 +00:00
Uthman Eqbal
2336a49023 Merge branch 'master' into master 2020-12-04 12:02:16 +00:00
AnonymousUser
d89bec65e3 Update 2020-12-04 19:52:36 +08:00
AnonymousUser
2239ca1e90 Update 2020-12-04 19:48:22 +08:00
AnonymousUser
27fbf465b7 update 2020-12-04 16:00:40 +08:00
AnonymousUser
2879a1494c update 2020-12-04 02:46:19 +08:00
AnonymousUser
d9e0bf4714 Update: Customize HaE's Regex Engine 
Now you can customize HaE's regex engine: NFA/DFA, but the premise is that you need to test your regex is running ok under the engine you choose.
 2020-12-04 02:43:34 +08:00
AnonymousUser
170ed412b3 Add gitignore 2020-11-27 21:31:54 +08:00
PortSwigger Support
91009337c1 BApp update v1.5 2020-11-27 10:24:49 +00:00
Uthman Eqbal
a0127d75a9 Merge pull request #5 from gh0stkey/master 
HaE 1.5
 2020-11-27 09:17:41 +00:00
AnonymousUser
2ce57f8ee1 Rebuild code and add default filter. 2020-11-27 03:48:28 +08:00
AnonymousUser
7b5027a528 Update: Replace java.util.regex with jregex 2020-11-12 22:54:34 +08:00
PortSwigger Support
df0f4bd41b BApp update 2020-11-12 14:22:18 +00:00
HannahLaw-Portswigger
d0a61ba9ac Merge pull request #4 from gh0stkey/master 
HaE 1.4.1
 2020-11-12 11:26:34 +00:00
AnonymousUser
c632782bc6 Add Scope Column: any 2020-11-11 23:59:27 +08:00
AnonymousUser
503fea6f55 Update: Support request messages 2020-11-11 03:32:42 +08:00
AnonymousUser
db1f8b9cc9 Update 2020-11-11 03:22:31 +08:00
AnonymousUser
1e22b48001 Update 2020-11-11 03:15:12 +08:00
AnonymousUser
9cb5c93fd7 Update: Support request messages 2020-11-11 03:09:32 +08:00
AnonymousUser
8f18079ea6 Add Regular Expression [ Elasticsearch Unauthorized Access ] 2020-11-10 14:39:33 +08:00
AnonymousUser
ad8ebefb63 Update: Optimize speed 2020-10-27 19:38:58 +08:00
AnonymousUser
570fc1ed54 Update readme 2020-10-27 19:02:01 +08:00
AnonymousUser
edeb263712 Fiexd bug: isLoaded 2020-10-27 19:00:10 +08:00
PortSwigger Support
78628b03d1 BApp preparation 2020-10-08 10:06:10 +00:00
AnonymousUser
1df27ea121 Update: Gradle Project 2020-10-08 00:52:28 +08:00
AnonymousUser
94b3cee2ec Update: Gradle Project 2020-10-07 01:27:51 +08:00
AnonymousUser
6e5c60a738 Update: Gradle Project 2020-10-07 01:27:37 +08:00
AnonymousUser
91dc5f22f6 Update Readme 2020-10-06 23:33:01 +08:00
AnonymousUser
098b8e80d5 Fixed bug: fucntion colorUpgrade 2020-10-06 00:09:25 +08:00
AnonymousUser
405cb64dcf update 2020-09-23 19:43:02 +08:00
AnonymousUser
c073873405 update 2020-09-23 19:42:49 +08:00
AnonymousUser
ad486a41b3 update 2020-09-18 15:51:42 +08:00
AnonymousUser
ff2ea01ab1 Add Regex 2020-09-16 23:04:16 +08:00
AnonymousUser
4b7571c6c9 Add regexp 2020-09-16 18:43:54 +08:00
AnonymousUser
e72d46c458 Add regexp 2020-09-16 18:41:33 +08:00
AnonymousUser
4cd8f616b7 Add regexp 2020-09-16 18:41:23 +08:00
AnonymousUser
427dd68422 Fixed Bug 2020-09-14 20:25:47 +08:00
AnonymousUser
53af913f41 update 2020-09-14 18:55:49 +08:00
83 changed files with 2961 additions and 4564 deletions
Expand all files Collapse all files

7
.classpath
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="src" path="src"/>
<classpathentry kind="lib" path="lib/json.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>

137
.gitignore vendored Normal file
View File

@@ -0,0 +1,137 @@
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# AWS User-specific
.idea/**/aws.xml
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# SonarLint plugin
.idea/sonarlint/
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
### JetBrains+all Patch ###
# Ignore everything but code style settings and run configurations
# that are supposed to be shared within teams.
.idea/*
!.idea/codeStyles
!.idea/runConfigurations
### macOS ###
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### Gradle ###
.gradle
**/build/
!src/**/build/
# Ignore Gradle GUI config
gradle-app.setting
# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
!gradle-wrapper.jar
# Avoid ignore Gradle wrappper properties
!gradle-wrapper.properties
# Cache of project
.gradletasknamecache
# Eclipse Gradle plugin generated files
# Eclipse Core
.project
# JDT-specific (Eclipse Java Development Tools)
.classpath
# End of https://www.toptal.com/developers/gitignore/api/macos,gradle,jetbrains+all

17
.project
View File

@@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>HaE</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
</projectDescription>

201
LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

102
README.md
View File

@@ -1,87 +1,67 @@
# HaE - Highlighter and Extractor
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://gh0st.cn/HaE/">赋能白帽,高效作战!</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a>(中孚信息元亨实验室), 第二作者: <a href="https://github.com/0chencc">0chencc</a>(米斯特安全团队)</h5>
</div>
## 介绍
## 项目介绍
**HaE**是基于 `BurpSuite` 插件 `JavaAPI` 开发的请求高亮标记信息提取的辅助型插件
**HaE**是一个基于`BurpSuite Java插件API`开发的辅助型框架式插件旨在实现对HTTP消息的高亮标记信息提取。该插件通过自定义正则表达式匹配响应报文或请求报文,并对匹配成功的报文进行标记和提取
![-w1070](images/16000706401522.jpg)
随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
该插件可以通过自定义正则的方式匹配**响应报文**,可以自行决定符合该自定义正则匹配的相应请求是否需要高亮标记、信息提取
注:`HaE`的使用,对测试人员来说需要基本的正则表达式基础,由于`Java`正则表达式的库并没有`Python`的优雅或方便在使用正则的HaE要求使用者必须使用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
**注**: 要想灵活的使用`HaE`,你需要掌握正则表达式阅读、编写、修改能力;由于`Java`正则表达式的库并没有`Python`的优雅或方便所以HaE要求使用者必须用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
## 使用方法
插件装载`Extender - Extensions - Add - Select File - Next`
插件装载: `Extender - Extensions - Add - Select File - Next`
初次装载`HaE`初始化配置文件,默认配置文件内置一个正则:`Email`,初始化的配置文件会放在与`BurpSuite Jar`包同级目录下
初次装载`HaE`自动获取官方规则库`https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml`,配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下
![-w330](images/16000708493657.jpg)
1. Linux/Mac用户的配置文件目录`~/.config/HaE/`
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
除了初始化的配置文件外,还有`init.hae`,该文件用于存储配置文件路径;`HaE`支持自定义配置文件路径,你可以通过点击`Select File`按钮进行选择自定义配置文件。
## 优势特点
![-w477](images/16000710069404.jpg)
1. 精细配置:高度自由的配置选项,以满足各类精细化场景需求。
2. 分类标签:使用标签对规则进行分类,便于管理和组织规则。
3. 高亮标记在HTTP History页面通过颜色高亮和注释判断请求的价值。
4. 易读配置使用易读的YAML格式存储配置文件方便阅读和修改。
5. 数据集合:将匹配到的数据、请求和响应集中在数据面板中,提高测试和梳理效率。
6. 简洁可视清晰可视的界面设计更轻松地了解和配置HaE操作简单、使用便捷。
7. 颜色升级:内置颜色升级算法,避免“屠龙者终成恶龙”场景,突出最具价值的请求。
8. 实战规则:官方规则库是基于实战化场景总结输出,提升数据发现的有效性、精准性。
HaE支持三个动作
1. 重载规则Reload当你不使用HaE UI界面去修改配置文件内的规则时而是直接基于配置文件进行修改规则时可使用
2. 新建规则New新建规则会自动添加一行表格数据单击或双击进行修改数据即可自动保存
3. 删除规则Delete单击选中某条规则时按下该按钮即可删除规则。
HaE的操作都是基于表单UI的方式操作即会自动保存。
## 插件优点
1. 多选项自定义控制适配需求;
2. 多颜色高亮分类将BurpSuite的所有高亮颜色集成`red, orange, yellow, green, cyan, blue, pink, magenta, gray`
3. 颜色升级算法利用下标的方式进行优先级排序当满足2个同颜色条件则以优先级顺序上升颜色。例如**两个正则,颜色为橘黄色,该请求两个正则都匹配到了,那么将升级为红色**
4. 简单的配置文件格式选用JSON格式格式为
```
{name: {"loaded": isLoaded:,"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}}
```
5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象。
| 界面名称 | 界面展示 |
| ------------------------ | ---------------------------------------------------- |
| Rules规则信息管理 | <img src="images/rules.png" style="width: 80%" /> |
| Config配置信息管理 | <img src="images/config.png" style="width: 80%" /> |
| Databoard数据集合面板 | <img src="images/databoard.png" style="width: 80%" /> |
## 实际使用
使用 RGPerson 生成测试数据,放入网站根目录文件中
使用 RGPerson 生成测试数据,放入网站根目录文件中:
![-w467](images/16000719723284.jpg)
![-w467](images/rgperson.jpg)
访问该地址,在`Proxy - HTTP History`中可以看见高亮请求,响应标签页中含有`MarkINFO`标签,其中将匹配到的信息提取了出来。
访问该地址,在`Proxy - HTTP History`中可以看见高亮请求,响应标签页中含有`MarkInfo`标签,其中将匹配到的信息提取了出来。
![-w1047](images/16000720732854.jpg)
![-w1047](images/markinfo.png)
## 文末随笔
## 正则优化
正义感是一个不可丢失的东西。
有些正则在实战应用场景中并不理想
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
在正则匹配手机号、身份证号码的时候(纯数字类)会存在一些误报(这里匹配身份证号码无法进行校验,误报率很高),但手机号处理这一块可以解决:
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
</div>
原正则:
## 404StarLink 2.0 - Galaxy
```
1[3-9]\d{9}
```
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
误报场景:`12315188888888123`,这时候会匹配到`15188888888`,而实际上这一段并不是手机号,所以修改正则为:
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
```
[^0-9]+(1[3-9]\d{9})[^0-9]+
```
也就是要求匹配的手机号前后不能为0-9的数字。
## 实战用法
1. CMS指纹识别Discuz正则`(Powered by Discuz!)`
2. OSS对象存储信息泄露正则`([A|a]ccess[K|k]ey[I|i]d|[A|a]ccess[K|k]ey[S|s]ecret)`
3. 内网地址信息提取,正则:`(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:172\.(?:(?:1[6-9])|(?:2\d)|(?:3[01]))\.\d{1,3}\.\d{1,3})|(?:192\.168\.\d{1,3}\.\d{1,3})`
4. 实战插件关联搭配漏洞挖掘案例https://mp.weixin.qq.com/s/5vNn7dMRZBtv0ojPBAHV7Q
...还有诸多使用方法等待大家去发掘。
## 文末
随笔:正义感是一个不可丢失的东西。
Github项目地址BUG、需求、正则欢迎提交https://github.com/gh0stkey/HaE
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

34
build.gradle Normal file
View File

@@ -0,0 +1,34 @@
plugins {
id 'java'
}
repositories {
mavenCentral()
}
compileJava {
options.encoding = "UTF-8"
}
sourceSets {
main {
java {
srcDir './src/main/java'
}
}
}
task fatJar(type: Jar) {
baseName = project.name + '-all'
from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
with jar
}
dependencies {
compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
compile 'org.jetbrains:annotations:16.0.2'
compile group: 'org.yaml', name: 'snakeyaml', version: '1.28'
compile 'net.sourceforge.jregex:jregex:1.2_01'
compile 'dk.brics.automaton:automaton:1.11-8'
compile 'com.squareup.okhttp:okhttp:2.7.5'
}

BIN
images/16000706401522.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 214 KiB

BIN
images/16000708493657.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 131 KiB

BIN
images/16000710069404.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

BIN
images/16000720732854.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 223 KiB

BIN
images/config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 50 KiB

BIN
images/databoard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 101 KiB

BIN
images/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

BIN
images/markinfo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 140 KiB

BIN
images/reward.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 132 KiB

0
images/16000719723284.jpg → images/rgperson.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 120 KiB

After

Width:  |  Height:  |  Size: 120 KiB

BIN
images/rules.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
lib/json.jar
View File

Binary file not shown.

2
settings.gradle Normal file
View File

@@ -0,0 +1,2 @@
rootProject.name = 'HaE'

556
src/burp/BurpExtender.java
View File

@@ -1,556 +0,0 @@
package burp;
import java.awt.BorderLayout;
import java.awt.Color;
import java.awt.Component;
import java.util.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.json.*;
import javax.swing.JFrame;
import javax.swing.JOptionPane;
import javax.swing.DefaultCellEditor;
import javax.swing.JScrollPane;
import javax.swing.JTable;
import javax.swing.JTextField;
import javax.swing.table.DefaultTableModel;
import javax.swing.JPanel;
import javax.swing.JButton;
import java.awt.event.ActionListener;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.awt.event.ActionEvent;
import javax.swing.JCheckBox;
import javax.swing.JComboBox;
import javax.swing.JFileChooser;
import javax.swing.border.EtchedBorder;
import javax.swing.border.TitledBorder;
import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener;
import javax.swing.SwingConstants;
import javax.swing.SwingUtilities;
import javax.swing.JLabel;
import java.io.PrintWriter;
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private JFrame frame;
private JPanel panel;
private JTable table;
private JTextField textField;
private IBurpExtenderCallbacks callbacks;
private static String configFilePath = "config.json";
private static String initFilePath = "init.hae";
private static String initConfigContent = "{\"Email\":{\"loaded\":true,\"highlight\":true,\"regex\":\"([\\\\w-]+(?:\\\\.[\\\\w-]+)*@(?:[\\\\w](?:[\\\\w-]*[\\\\w])?\\\\.)+[\\\\w](?:[\\\\w-]*[\\\\w])?)\",\"extract\":true,\"color\":\"yellow\"}}";
private String[] colorArray = new String[] {"red", "orange", "yellow", "green", "cyan", "blue", "pink", "magenta", "gray"};
private static IMessageEditorTab HaETab;
private static PrintWriter stdout;
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
// 设置插件名字
callbacks.setExtensionName("HaE - Highlighter and Extractor");
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@Author: EvilChen");
// UI
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
initialize();
// 判断"config.json"文件是否具备内容,如若不具备则进行初始化
if (configFilePath.equals("config.json")) {
if (readFileContent(configFilePath).equals("")) {
writeFileContent(configFilePath, initConfigContent);
writeFileContent(initFilePath, configFilePath);
}
}
// 判断配置文件是否存在
if (fileExists(configFilePath)) {
configFilePath = readFileContent(initFilePath);
fillTable();
} else {
JOptionPane.showMessageDialog(null, "Config File Not Found!", "Error", JOptionPane.ERROR_MESSAGE);
}
}
});
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize() {
frame = new JFrame();
frame.setBounds(100, 100, 526, 403);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
panel = new JPanel();
frame.getContentPane().add(panel, BorderLayout.CENTER);
panel.setLayout(new BorderLayout(0, 0));
JPanel panel_3 = new JPanel();
panel.add(panel_3, BorderLayout.NORTH);
JLabel lblNewLabel_1 = new JLabel("Config File:");
panel_3.add(lblNewLabel_1);
textField = new JTextField();
textField.setEditable(false);
panel_3.add(textField);
textField.setColumns(20);
textField.setText(configFilePath);
JButton btnNewButton = new JButton("Select File ...");
btnNewButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
JFileChooser jfc = new JFileChooser();
jfc.setFileSelectionMode(JFileChooser.FILES_ONLY);
jfc.showDialog(new JLabel(), "Choose");
File file = jfc.getSelectedFile();
textField.setText(file.getAbsolutePath());
configFilePath = textField.getText();
writeFileContent(initFilePath, configFilePath);
fillTable();
}
});
panel_3.add(btnNewButton);
JPanel panel_2 = new JPanel();
panel.add(panel_2, BorderLayout.CENTER);
panel_2.setLayout(new BorderLayout(0, 0));
JPanel panel_1 = new JPanel();
panel_2.add(panel_1, BorderLayout.NORTH);
panel_1.setBorder(new TitledBorder(new EtchedBorder(EtchedBorder.LOWERED, null, null), "Actions", TitledBorder.LEADING, TitledBorder.TOP, null, new Color(0, 0, 0)));
JButton btnReloadRule = new JButton("Reload Rule");
btnReloadRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
fillTable();
}
});
panel_1.add(btnReloadRule);
JButton btnNewRule = new JButton("New Rule");
btnNewRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent arg0) {
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
Vector rules = new Vector();
rules.add(true);
rules.add("New Rule");
rules.add("New Regex");
rules.add("red");
rules.add(true);
rules.add(true);
dtm.addRow(rules);
}
});
panel_1.add(btnNewRule);
JButton btnDeleteRule = new JButton("Delete Rule");
btnDeleteRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
int selectRows = table.getSelectedRows().length;
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
if (selectRows == 1) {
int selectedRowIndex = table.getSelectedRow();
// 在配置文件中删除数据
String cellValue = (String) dtm.getValueAt(selectedRowIndex, 1);
// System.out.println(cellValue);
removeConfig(cellValue);
// 在表格中删除数据
dtm.removeRow(selectedRowIndex);
}
}
});
panel_1.add(btnDeleteRule);
JScrollPane scrollPane = new JScrollPane();
panel_2.add(scrollPane, BorderLayout.CENTER);
table = new JTable();
table.setModel(new DefaultTableModel(
new Object[][] {
},
new String[] {
"Loaded", "Name", "Regex", "Color", "isExtract", "isHighlight"
}
));
scrollPane.setViewportView(table);
table.getColumnModel().getColumn(2).setPreferredWidth(172);
table.getColumnModel().getColumn(3).setCellEditor(new DefaultCellEditor(new JComboBox(colorArray)));
table.getColumnModel().getColumn(0).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JCheckBox()));
JLabel lblNewLabel = new JLabel("@EvilChen Love YuChen.");
lblNewLabel.setHorizontalAlignment(SwingConstants.CENTER);
panel.add(lblNewLabel, BorderLayout.SOUTH);
table.getModel().addTableModelListener(
new TableModelListener() {
@Override
public void tableChanged(TableModelEvent e) {
if (e.getType() == TableModelEvent.INSERT || e.getType() == TableModelEvent.UPDATE) {
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
int rows = dtm.getRowCount();
JSONObject jsonObj = new JSONObject();
for (int i = 0; i < rows; i++) {
JSONObject jsonObj1 = new JSONObject();
jsonObj1.put("loaded", (boolean) dtm.getValueAt(i, 0));
jsonObj1.put("regex", (String) dtm.getValueAt(i, 2));
jsonObj1.put("color", (String) dtm.getValueAt(i, 3));
jsonObj1.put("extract", (boolean) dtm.getValueAt(i, 4));
jsonObj1.put("highlight", (boolean) dtm.getValueAt(i, 5));
// 添加数据
jsonObj.put((String) dtm.getValueAt(i, 1), jsonObj1);
}
writeFileContent(configFilePath, jsonObj.toString());
}
}
}
);
callbacks.customizeUiComponent(panel);
callbacks.customizeUiComponent(panel_1);
callbacks.customizeUiComponent(panel_2);
callbacks.customizeUiComponent(panel_3);
callbacks.customizeUiComponent(scrollPane);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
HaETab = new MarkInfoTab(controller, editable);
return HaETab;
}
@Override
public String getTabCaption() {
return "HaE";
}
@Override
public Component getUiComponent() {
return panel;
}
/*
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
if (!messageIsRequest) {
byte[] content = messageInfo.getResponse();
JSONObject jsonObj = matchRegex(content);
if (jsonObj.length() > 0) {
List<String> colorList = new ArrayList<String>();
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString());
boolean isHighlight = jsonObj2.getBoolean("highlight");
boolean isLoaded = jsonObj2.getBoolean("loaded");
if (isHighlight && isLoaded) {
colorList.add(jsonObj2.getString("color"));
}
}
if (colorList.size() != 0) {
String color = colorUpgrade(getColorKeys(colorList));
messageInfo.setHighlight(color);
}
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private ITextEditor markInfoText;
private byte[] currentMessage;
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
markInfoText = callbacks.createTextEditor();
markInfoText.setEditable(editable);
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
return markInfoText.getComponent();
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
// 这里需要过一次正则匹配决定是否开启Tab
if (!isRequest && matchRegex(content).length() != 0) {
return true;
}
return false;
}
@Override
public byte[] getMessage() {
return currentMessage;
}
@Override
public boolean isModified() {
return markInfoText.isTextModified();
}
@Override
public byte[] getSelectedData() {
return markInfoText.getSelectedText();
}
/*
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
if (content.length > 0 && !isRequest) {
String result = "";
JSONObject jsonObj = matchRegex(content);
if (jsonObj.length() != 0) {
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isLoaded = jsonObj1.getBoolean("loaded");
if (isExtract && isLoaded) {
String tmpStr = String.format("[%s] %s \n", name, jsonObj1.getString("data"));
String tmpStr1 = new String(tmpStr).intern();
result += tmpStr;
}
}
}
markInfoText.setText(result.getBytes());
}
currentMessage = content;
}
}
private JSONObject matchRegex(byte[] content) {
JSONObject tabContent = new JSONObject();
// 正则匹配提取内容
try {
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String contentString = new String(content, "UTF-8").intern();
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
JSONObject jsonData = new JSONObject();
String regex = jsonObj1.getString("regex");
boolean isHighligth = jsonObj1.getBoolean("highlight");
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isLoaded = jsonObj1.getBoolean("loaded");
String color = jsonObj1.getString("color");
List<String> result = new ArrayList<String>();
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(contentString);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
jsonData.put("highlight", isHighligth);
jsonData.put("extract", isExtract);
jsonData.put("color", color);
jsonData.put("data", String.join(",", result));
jsonData.put("loaded", isLoaded);
// 初始化格式
tabContent.put(name, jsonData);
}
}
return tabContent;
} catch (Exception e) {
return new JSONObject();
}
}
/*
* 颜色下标获取
*/
private List<Integer> getColorKeys(List<String> keys){
List<Integer> result = new ArrayList<Integer>();
int size = colorArray.length;
// 根据颜色获取下标
for (int x = 0; x < keys.size(); x++) {
for (int v = 0; v < size; v++) {
if (colorArray[v].equals(keys.get(x))) {
result.add(v);
}
}
}
return result;
}
/*
* 颜色升级递归算法
*/
private String colorUpgrade(List<Integer> colorList) {
int colorSize = colorList.size();
int i = 0;
List<Integer> stack = new ArrayList<Integer>();
while (i < colorSize) {
if (stack.size() > 0) {
stack.add(colorList.get(i));
i++;
} else if (colorList.get(i) != stack.stream().reduce((first, second) -> second).orElse(999999)) {
stack.add(colorList.get(i));
i++;
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
i++;
}
}
int stackSize = stack.size();
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
stack.clear();
stack.addAll(tmpList);
if (stackSize == stack.size()) {
List<String> endColorList = new ArrayList<String>();
for (int j = 0; j < stack.size(); j++) {
int num = stack.get(j);
endColorList.add(colorArray[num]);
}
return endColorList.get(0);
} else {
colorUpgrade(stack);
}
return "";
}
/*
* 判断文件是否存在
*/
private Boolean fileExists(String fileName) {
File file = new File(fileName);
if(file.exists()){
return true;
}
return false;
}
/*
* 获取文件内容
*/
private String readFileContent(String fileName) {
File file = new File(fileName);
BufferedReader reader = null;
StringBuffer sbf = new StringBuffer();
try {
reader = new BufferedReader(new FileReader(file));
String tempStr;
while ((tempStr = reader.readLine()) != null) {
sbf.append(tempStr);
}
reader.close();
return sbf.toString();
} catch (IOException e) {
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException err) {
err.printStackTrace();
}
}
}
return sbf.toString();
}
/*
* 写入文件内容
*/
private boolean writeFileContent(String fileName, String fileContent) {
try {
BufferedWriter out = new BufferedWriter(new FileWriter(fileName));
out.write(fileContent);
out.close();
return true;
} catch (IOException e) {
stdout.println(e);
return false;
}
}
/*
* 删除单条配置内容
*/
private void removeConfig(String key) {
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
jsonObj.remove(key);
if (writeFileContent(configFilePath, jsonObj.toString())) {
JOptionPane.showMessageDialog(null, "Delete Successfully!", "Info", JOptionPane.INFORMATION_MESSAGE);
}
}
/*
* 初始化表格内容
*/
private void fillTable() {
DefaultTableModel dtm=(DefaultTableModel) table.getModel();
dtm.setRowCount(0);
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean loaded = jsonObj1.getBoolean("loaded");
String regex = jsonObj1.getString("regex");
String color = jsonObj1.getString("color");
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isHighlight = jsonObj1.getBoolean("highlight");
// 填充数据
Vector rules = new Vector();
rules.add(loaded);
rules.add(name);
rules.add(regex);
rules.add(color);
rules.add(isExtract);
rules.add(isHighlight);
dtm.addRow(rules);
}
}
public static void main(String[] args) {
}
}

97
src/burp/IBurpCollaboratorClientContext.java
View File

@@ -1,97 +0,0 @@
package burp;
/*
* @(#)IBurpCollaboratorClientContext.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface represents an instance of a Burp Collaborator client context,
* which can be used to generate Burp Collaborator payloads and poll the
* Collaborator server for any network interactions that result from using those
* payloads. Extensions can obtain new instances of this class by calling
* <code>IBurpExtenderCallbacks.createBurpCollaboratorClientContext()</code>.
* Note that each Burp Collaborator client context is tied to the Collaborator
* server configuration that was in place at the time the context was created.
*/
public interface IBurpCollaboratorClientContext
{
/**
* This method is used to generate new Burp Collaborator payloads.
*
* @param includeCollaboratorServerLocation Specifies whether to include the
* Collaborator server location in the generated payload.
* @return The payload that was generated.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
String generatePayload(boolean includeCollaboratorServerLocation);
/**
* This method is used to retrieve all interactions received by the
* Collaborator server resulting from payloads that were generated for this
* context.
*
* @return The Collaborator interactions that have occurred resulting from
* payloads that were generated for this context.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchAllCollaboratorInteractions();
/**
* This method is used to retrieve interactions received by the Collaborator
* server resulting from a single payload that was generated for this
* context.
*
* @param payload The payload for which interactions will be retrieved.
* @return The Collaborator interactions that have occurred resulting from
* the given payload.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchCollaboratorInteractionsFor(String payload);
/**
* This method is used to retrieve all interactions made by Burp Infiltrator
* instrumentation resulting from payloads that were generated for this
* context.
*
* @return The interactions triggered by the Burp Infiltrator
* instrumentation that have occurred resulting from payloads that were
* generated for this context.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchAllInfiltratorInteractions();
/**
* This method is used to retrieve interactions made by Burp Infiltrator
* instrumentation resulting from a single payload that was generated for
* this context.
*
* @param payload The payload for which interactions will be retrieved.
* @return The interactions triggered by the Burp Infiltrator
* instrumentation that have occurred resulting from the given payload.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchInfiltratorInteractionsFor(String payload);
/**
* This method is used to retrieve the network location of the Collaborator
* server.
*
* @return The hostname or IP address of the Collaborator server.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
String getCollaboratorServerLocation();
}

41
src/burp/IBurpCollaboratorInteraction.java
View File

@@ -1,41 +0,0 @@
package burp;
/*
* @(#)IBurpCollaboratorInteraction.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.Map;
/**
* This interface represents a network interaction that occurred with the Burp
* Collaborator server.
*/
public interface IBurpCollaboratorInteraction
{
/**
* This method is used to retrieve a property of the interaction. Properties
* of all interactions are: interaction_id, type, client_ip, and time_stamp.
* Properties of DNS interactions are: query_type and raw_query. The
* raw_query value is Base64-encoded. Properties of HTTP interactions are:
* protocol, request, and response. The request and response values are
* Base64-encoded.
*
* @param name The name of the property to retrieve.
* @return A string representing the property value, or null if not present.
*/
String getProperty(String name);
/**
* This method is used to retrieve a map containing all properties of the
* interaction.
*
* @return A map containing all properties of the interaction.
*/
Map<String, String> getProperties();
}

31
src/burp/IBurpExtender.java
View File

@@ -1,31 +0,0 @@
package burp;
/*
* @(#)IBurpExtender.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* All extensions must implement this interface.
*
* Implementations must be called BurpExtender, in the package burp, must be
* declared public, and must provide a default (public, no-argument)
* constructor.
*/
public interface IBurpExtender
{
/**
* This method is invoked when the extension is loaded. It registers an
* instance of the
* <code>IBurpExtenderCallbacks</code> interface, providing methods that may
* be invoked by the extension to perform various actions.
*
* @param callbacks An
* <code>IBurpExtenderCallbacks</code> object.
*/
void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
}

1088
src/burp/IBurpExtenderCallbacks.java
View File

File diff suppressed because it is too large Load Diff

39
src/burp/IContextMenuFactory.java
View File

@@ -1,39 +0,0 @@
package burp;
/*
* @(#)IContextMenuFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import javax.swing.JMenuItem;
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerContextMenuFactory()</code> to register
* a factory for custom context menu items.
*/
public interface IContextMenuFactory
{
/**
* This method will be called by Burp when the user invokes a context menu
* anywhere within Burp. The factory can then provide any custom context
* menu items that should be displayed in the context menu, based on the
* details of the menu invocation.
*
* @param invocation An object that implements the
* <code>IContextMenuInvocation</code> interface, which the extension can
* query to obtain details of the context menu invocation.
* @return A list of custom menu items (which may include sub-menus,
* checkbox menu items, etc.) that should be displayed. Extensions may
* return
* <code>null</code> from this method, to indicate that no menu items are
* required.
*/
List<JMenuItem> createMenuItems(IContextMenuInvocation invocation);
}

156
src/burp/IContextMenuInvocation.java
View File

@@ -1,156 +0,0 @@
package burp;
/*
* @(#)IContextMenuInvocation.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.event.InputEvent;
/**
* This interface is used when Burp calls into an extension-provided
* <code>IContextMenuFactory</code> with details of a context menu invocation.
* The custom context menu factory can query this interface to obtain details of
* the invocation event, in order to determine what menu items should be
* displayed.
*/
public interface IContextMenuInvocation
{
/**
* Used to indicate that the context menu is being invoked in a request
* editor.
*/
static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
/**
* Used to indicate that the context menu is being invoked in a response
* editor.
*/
static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
/**
* Used to indicate that the context menu is being invoked in a non-editable
* request viewer.
*/
static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
/**
* Used to indicate that the context menu is being invoked in a non-editable
* response viewer.
*/
static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
/**
* Used to indicate that the context menu is being invoked in the Target
* site map tree.
*/
static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
/**
* Used to indicate that the context menu is being invoked in the Target
* site map table.
*/
static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
/**
* Used to indicate that the context menu is being invoked in the Proxy
* history.
*/
static final byte CONTEXT_PROXY_HISTORY = 6;
/**
* Used to indicate that the context menu is being invoked in the Scanner
* results.
*/
static final byte CONTEXT_SCANNER_RESULTS = 7;
/**
* Used to indicate that the context menu is being invoked in the Intruder
* payload positions editor.
*/
static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
/**
* Used to indicate that the context menu is being invoked in an Intruder
* attack results.
*/
static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
/**
* Used to indicate that the context menu is being invoked in a search
* results window.
*/
static final byte CONTEXT_SEARCH_RESULTS = 10;
/**
* This method can be used to retrieve the native Java input event that was
* the trigger for the context menu invocation.
*
* @return The <code>InputEvent</code> that was the trigger for the context
* menu invocation.
*/
InputEvent getInputEvent();
/**
* This method can be used to retrieve the Burp tool within which the
* context menu was invoked.
*
* @return A flag indicating the Burp tool within which the context menu was
* invoked. Burp tool flags are defined in the
* <code>IBurpExtenderCallbacks</code> interface.
*/
int getToolFlag();
/**
* This method can be used to retrieve the context within which the menu was
* invoked.
*
* @return An index indicating the context within which the menu was
* invoked. The indices used are defined within this interface.
*/
byte getInvocationContext();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the current message, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection in the current message. If the user has not made any
* selection in the current message, both offsets indicate the position of
* the caret within the editor. If the menu is not being invoked from a
* message editor, the method returns <code>null</code>.
*/
int[] getSelectionBounds();
/**
* This method can be used to retrieve details of the HTTP requests /
* responses that were shown or selected by the user when the context menu
* was invoked.
*
* <b>Note:</b> For performance reasons, the objects returned from this
* method are tied to the originating context of the messages within the
* Burp UI. For example, if a context menu is invoked on the Proxy intercept
* panel, then the
* <code>IHttpRequestResponse</code> returned by this method will reflect
* the current contents of the interception panel, and this will change when
* the current message has been forwarded or dropped. If your extension
* needs to store details of the message for which the context menu has been
* invoked, then you should query those details from the
* <code>IHttpRequestResponse</code> at the time of invocation, or you
* should use
* <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code> to create a
* persistent read-only copy of the
* <code>IHttpRequestResponse</code>.
*
* @return An array of <code>IHttpRequestResponse</code> objects
* representing the items that were shown or selected by the user when the
* context menu was invoked. This method returns <code>null</code> if no
* messages are applicable to the invocation.
*/
IHttpRequestResponse[] getSelectedMessages();
/**
* This method can be used to retrieve details of the Scanner issues that
* were selected by the user when the context menu was invoked.
*
* @return An array of <code>IScanIssue</code> objects representing the
* issues that were selected by the user when the context menu was invoked.
* This method returns <code>null</code> if no Scanner issues are applicable
* to the invocation.
*/
IScanIssue[] getSelectedIssues();
}

61
src/burp/ICookie.java
View File

@@ -1,61 +0,0 @@
package burp;
/*
* @(#)ICookie.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.Date;
/**
* This interface is used to hold details about an HTTP cookie.
*/
public interface ICookie
{
/**
* This method is used to retrieve the domain for which the cookie is in
* scope.
*
* @return The domain for which the cookie is in scope. <b>Note:</b> For
* cookies that have been analyzed from responses (by calling
* <code>IExtensionHelpers.analyzeResponse()</code> and then
* <code>IResponseInfo.getCookies()</code>, the domain will be
* <code>null</code> if the response did not explicitly set a domain
* attribute for the cookie.
*/
String getDomain();
/**
* This method is used to retrieve the path for which the cookie is in
* scope.
*
* @return The path for which the cookie is in scope or null if none is set.
*/
String getPath();
/**
* This method is used to retrieve the expiration time for the cookie.
*
* @return The expiration time for the cookie, or
* <code>null</code> if none is set (i.e., for non-persistent session
* cookies).
*/
Date getExpiration();
/**
* This method is used to retrieve the name of the cookie.
*
* @return The name of the cookie.
*/
String getName();
/**
* This method is used to retrieve the value of the cookie.
* @return The value of the cookie.
*/
String getValue();
}

356
src/burp/IExtensionHelpers.java
View File

@@ -1,356 +0,0 @@
package burp;
/*
* @(#)IExtensionHelpers.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.URL;
import java.util.List;
/**
* This interface contains a number of helper methods, which extensions can use
* to assist with various common tasks that arise for Burp extensions.
*
* Extensions can call <code>IBurpExtenderCallbacks.getHelpers</code> to obtain
* an instance of this interface.
*/
public interface IExtensionHelpers
{
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it.
*
* @param request An <code>IHttpRequestResponse</code> object containing the
* request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(IHttpRequestResponse request);
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it.
*
* @param httpService The HTTP service associated with the request. This is
* optional and may be <code>null</code>, in which case the resulting
* <code>IRequestInfo</code> object will not include the full request URL.
* @param request The request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it. The resulting <code>IRequestInfo</code> object will
* not include the full request URL. To obtain the full URL, use one of the
* other overloaded <code>analyzeRequest()</code> methods.
*
* @param request The request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(byte[] request);
/**
* This method can be used to analyze an HTTP response, and obtain various
* key details about it.
*
* @param response The response to be analyzed.
* @return An <code>IResponseInfo</code> object that can be queried to
* obtain details about the response.
*/
IResponseInfo analyzeResponse(byte[] response);
/**
* This method can be used to retrieve details of a specified parameter
* within an HTTP request. <b>Note:</b> Use <code>analyzeRequest()</code> to
* obtain details of all parameters within the request.
*
* @param request The request to be inspected for the specified parameter.
* @param parameterName The name of the parameter to retrieve.
* @return An <code>IParameter</code> object that can be queried to obtain
* details about the parameter, or <code>null</code> if the parameter was
* not found.
*/
IParameter getRequestParameter(byte[] request, String parameterName);
/**
* This method can be used to URL-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
String urlDecode(String data);
/**
* This method can be used to URL-encode the specified data. Any characters
* that do not need to be encoded within HTTP requests are not encoded.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String urlEncode(String data);
/**
* This method can be used to URL-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] urlDecode(byte[] data);
/**
* This method can be used to URL-encode the specified data. Any characters
* that do not need to be encoded within HTTP requests are not encoded.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
byte[] urlEncode(byte[] data);
/**
* This method can be used to Base64-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] base64Decode(String data);
/**
* This method can be used to Base64-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] base64Decode(byte[] data);
/**
* This method can be used to Base64-encode the specified data.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String base64Encode(String data);
/**
* This method can be used to Base64-encode the specified data.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String base64Encode(byte[] data);
/**
* This method can be used to convert data from String form into an array of
* bytes. The conversion does not reflect any particular character set, and
* a character with the hex representation 0xWXYZ will always be converted
* into a byte with the representation 0xYZ. It performs the opposite
* conversion to the method <code>bytesToString()</code>, and byte-based
* data that is converted to a String and back again using these two methods
* is guaranteed to retain its integrity (which may not be the case with
* conversions that reflect a given character set).
*
* @param data The data to be converted.
* @return The converted data.
*/
byte[] stringToBytes(String data);
/**
* This method can be used to convert data from an array of bytes into
* String form. The conversion does not reflect any particular character
* set, and a byte with the representation 0xYZ will always be converted
* into a character with the hex representation 0x00YZ. It performs the
* opposite conversion to the method <code>stringToBytes()</code>, and
* byte-based data that is converted to a String and back again using these
* two methods is guaranteed to retain its integrity (which may not be the
* case with conversions that reflect a given character set).
*
* @param data The data to be converted.
* @return The converted data.
*/
String bytesToString(byte[] data);
/**
* This method searches a piece of data for the first occurrence of a
* specified pattern. It works on byte-based data in a way that is similar
* to the way the native Java method <code>String.indexOf()</code> works on
* String-based data.
*
* @param data The data to be searched.
* @param pattern The pattern to be searched for.
* @param caseSensitive Flags whether or not the search is case-sensitive.
* @param from The offset within <code>data</code> where the search should
* begin.
* @param to The offset within <code>data</code> where the search should
* end.
* @return The offset of the first occurrence of the pattern within the
* specified bounds, or -1 if no match is found.
*/
int indexOf(byte[] data,
byte[] pattern,
boolean caseSensitive,
int from,
int to);
/**
* This method builds an HTTP message containing the specified headers and
* message body. If applicable, the Content-Length header will be added or
* updated, based on the length of the body.
*
* @param headers A list of headers to include in the message.
* @param body The body of the message, of <code>null</code> if the message
* has an empty body.
* @return The resulting full HTTP message.
*/
byte[] buildHttpMessage(List<String> headers, byte[] body);
/**
* This method creates a GET request to the specified URL. The headers used
* in the request are determined by the Request headers settings as
* configured in Burp Spider's options.
*
* @param url The URL to which the request should be made.
* @return A request to the specified URL.
*/
byte[] buildHttpRequest(URL url);
/**
* This method adds a new parameter to an HTTP request, and if appropriate
* updates the Content-Length header.
*
* @param request The request to which the parameter should be added.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be added. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the new parameter added.
*/
byte[] addParameter(byte[] request, IParameter parameter);
/**
* This method removes a parameter from an HTTP request, and if appropriate
* updates the Content-Length header.
*
* @param request The request from which the parameter should be removed.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be removed. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the parameter removed.
*/
byte[] removeParameter(byte[] request, IParameter parameter);
/**
* This method updates the value of a parameter within an HTTP request, and
* if appropriate updates the Content-Length header. <b>Note:</b> This
* method can only be used to update the value of an existing parameter of a
* specified type. If you need to change the type of an existing parameter,
* you should first call <code>removeParameter()</code> to remove the
* parameter with the old type, and then call <code>addParameter()</code> to
* add a parameter with the new type.
*
* @param request The request containing the parameter to be updated.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be updated. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the parameter updated.
*/
byte[] updateParameter(byte[] request, IParameter parameter);
/**
* This method can be used to toggle a request's method between GET and
* POST. Parameters are relocated between the URL query string and message
* body as required, and the Content-Length header is created or removed as
* applicable.
*
* @param request The HTTP request whose method should be toggled.
* @return A new HTTP request using the toggled method.
*/
byte[] toggleRequestMethod(byte[] request);
/**
* This method constructs an <code>IHttpService</code> object based on the
* details provided.
*
* @param host The HTTP service host.
* @param port The HTTP service port.
* @param protocol The HTTP service protocol.
* @return An <code>IHttpService</code> object based on the details
* provided.
*/
IHttpService buildHttpService(String host, int port, String protocol);
/**
* This method constructs an <code>IHttpService</code> object based on the
* details provided.
*
* @param host The HTTP service host.
* @param port The HTTP service port.
* @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
* @return An <code>IHttpService</code> object based on the details
* provided.
*/
IHttpService buildHttpService(String host, int port, boolean useHttps);
/**
* This method constructs an <code>IParameter</code> object based on the
* details provided.
*
* @param name The parameter name.
* @param value The parameter value.
* @param type The parameter type, as defined in the <code>IParameter</code>
* interface.
* @return An <code>IParameter</code> object based on the details provided.
*/
IParameter buildParameter(String name, String value, byte type);
/**
* This method constructs an <code>IScannerInsertionPoint</code> object
* based on the details provided. It can be used to quickly create a simple
* insertion point based on a fixed payload location within a base request.
*
* @param insertionPointName The name of the insertion point.
* @param baseRequest The request from which to build scan requests.
* @param from The offset of the start of the payload location.
* @param to The offset of the end of the payload location.
* @return An <code>IScannerInsertionPoint</code> object based on the
* details provided.
*/
IScannerInsertionPoint makeScannerInsertionPoint(
String insertionPointName,
byte[] baseRequest,
int from,
int to);
/**
* This method analyzes one or more responses to identify variations in a
* number of attributes and returns an <code>IResponseVariations</code>
* object that can be queried to obtain details of the variations.
*
* @param responses The responses to analyze.
* @return An <code>IResponseVariations</code> object representing the
* variations in the responses.
*/
IResponseVariations analyzeResponseVariations(byte[]... responses);
/**
* This method analyzes one or more responses to identify the number of
* occurrences of the specified keywords and returns an
* <code>IResponseKeywords</code> object that can be queried to obtain
* details of the number of occurrences of each keyword.
*
* @param keywords The keywords to look for.
* @param responses The responses to analyze.
* @return An <code>IResponseKeywords</code> object representing the counts
* of the keywords appearing in the responses.
*/
IResponseKeywords analyzeResponseKeywords(List<String> keywords, byte[]... responses);
}

27
src/burp/IExtensionStateListener.java
View File

@@ -1,27 +0,0 @@
package burp;
/*
* @(#)IExtensionStateListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerExtensionStateListener()</code> to
* register an extension state listener. The listener will be notified of
* changes to the extension's state. <b>Note:</b> Any extensions that start
* background threads or open system resources (such as files or database
* connections) should register a listener and terminate threads / close
* resources when the extension is unloaded.
*/
public interface IExtensionStateListener
{
/**
* This method is called when the extension is unloaded.
*/
void extensionUnloaded();
}

37
src/burp/IHttpListener.java
View File

@@ -1,37 +0,0 @@
package burp;
/*
* @(#)IHttpListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerHttpListener()</code> to register an
* HTTP listener. The listener will be notified of requests and responses made
* by any Burp tool. Extensions can perform custom analysis or modification of
* these messages by registering an HTTP listener.
*/
public interface IHttpListener
{
/**
* This method is invoked when an HTTP request is about to be issued, and
* when an HTTP response has been received.
*
* @param toolFlag A flag indicating the Burp tool that issued the request.
* Burp tool flags are defined in the
* <code>IBurpExtenderCallbacks</code> interface.
* @param messageIsRequest Flags whether the method is being invoked for a
* request or response.
* @param messageInfo Details of the request / response to be processed.
* Extensions can call the setter methods on this object to update the
* current message and so modify Burp's behavior.
*/
void processHttpMessage(int toolFlag,
boolean messageIsRequest,
IHttpRequestResponse messageInfo);
}

102
src/burp/IHttpRequestResponse.java
View File

@@ -1,102 +0,0 @@
package burp;
/*
* @(#)IHttpRequestResponse.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve and update details about HTTP messages.
*
* <b>Note:</b> The setter methods generally can only be used before the message
* has been processed, and not in read-only contexts. The getter methods
* relating to response details can only be used after the request has been
* issued.
*/
public interface IHttpRequestResponse
{
/**
* This method is used to retrieve the request message.
*
* @return The request message.
*/
byte[] getRequest();
/**
* This method is used to update the request message.
*
* @param message The new request message.
*/
void setRequest(byte[] message);
/**
* This method is used to retrieve the response message.
*
* @return The response message.
*/
byte[] getResponse();
/**
* This method is used to update the response message.
*
* @param message The new response message.
*/
void setResponse(byte[] message);
/**
* This method is used to retrieve the user-annotated comment for this item,
* if applicable.
*
* @return The user-annotated comment for this item, or null if none is set.
*/
String getComment();
/**
* This method is used to update the user-annotated comment for this item.
*
* @param comment The comment to be assigned to this item.
*/
void setComment(String comment);
/**
* This method is used to retrieve the user-annotated highlight for this
* item, if applicable.
*
* @return The user-annotated highlight for this item, or null if none is
* set.
*/
String getHighlight();
/**
* This method is used to update the user-annotated highlight for this item.
*
* @param color The highlight color to be assigned to this item. Accepted
* values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
* or a null String to clear any existing highlight.
*/
void setHighlight(String color);
/**
* This method is used to retrieve the HTTP service for this request /
* response.
*
* @return An
* <code>IHttpService</code> object containing details of the HTTP service.
*/
IHttpService getHttpService();
/**
* This method is used to update the HTTP service for this request /
* response.
*
* @param httpService An
* <code>IHttpService</code> object containing details of the new HTTP
* service.
*/
void setHttpService(IHttpService httpService);
}

25
src/burp/IHttpRequestResponsePersisted.java
View File

@@ -1,25 +0,0 @@
package burp;
/*
* @(#)IHttpRequestResponsePersisted.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used for an
* <code>IHttpRequestResponse</code> object whose request and response messages
* have been saved to temporary files using
* <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code>.
*/
public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
{
/**
* This method is deprecated and no longer performs any action.
*/
@Deprecated
void deleteTempFiles();
}

44
src/burp/IHttpRequestResponseWithMarkers.java
View File

@@ -1,44 +0,0 @@
package burp;
/*
* @(#)IHttpRequestResponseWithMarkers.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used for an
* <code>IHttpRequestResponse</code> object that has had markers applied.
* Extensions can create instances of this interface using
* <code>IBurpExtenderCallbacks.applyMarkers()</code>, or provide their own
* implementation. Markers are used in various situations, such as specifying
* Intruder payload positions, Scanner insertion points, and highlights in
* Scanner issues.
*/
public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
{
/**
* This method returns the details of the request markers.
*
* @return A list of index pairs representing the offsets of markers for the
* request message. Each item in the list is an int[2] array containing the
* start and end offsets for the marker. The method may return
* <code>null</code> if no request markers are defined.
*/
List<int[]> getRequestMarkers();
/**
* This method returns the details of the response markers.
*
* @return A list of index pairs representing the offsets of markers for the
* response message. Each item in the list is an int[2] array containing the
* start and end offsets for the marker. The method may return
* <code>null</code> if no response markers are defined.
*/
List<int[]> getResponseMarkers();
}

39
src/burp/IHttpService.java
View File

@@ -1,39 +0,0 @@
package burp;
/*
* @(#)IHttpService.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to provide details about an HTTP service, to which
* HTTP requests can be sent.
*/
public interface IHttpService
{
/**
* This method returns the hostname or IP address for the service.
*
* @return The hostname or IP address for the service.
*/
String getHost();
/**
* This method returns the port number for the service.
*
* @return The port number for the service.
*/
int getPort();
/**
* This method returns the protocol for the service.
*
* @return The protocol for the service. Expected values are "http" or
* "https".
*/
String getProtocol();
}

116
src/burp/IInterceptedProxyMessage.java
View File

@@ -1,116 +0,0 @@
package burp;
/*
* @(#)IInterceptedProxyMessage.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.InetAddress;
/**
* This interface is used to represent an HTTP message that has been intercepted
* by Burp Proxy. Extensions can register an
* <code>IProxyListener</code> to receive details of proxy messages using this
* interface. *
*/
public interface IInterceptedProxyMessage
{
/**
* This action causes Burp Proxy to follow the current interception rules to
* determine the appropriate action to take for the message.
*/
static final int ACTION_FOLLOW_RULES = 0;
/**
* This action causes Burp Proxy to present the message to the user for
* manual review or modification.
*/
static final int ACTION_DO_INTERCEPT = 1;
/**
* This action causes Burp Proxy to forward the message to the remote server
* or client, without presenting it to the user.
*/
static final int ACTION_DONT_INTERCEPT = 2;
/**
* This action causes Burp Proxy to drop the message.
*/
static final int ACTION_DROP = 3;
/**
* This action causes Burp Proxy to follow the current interception rules to
* determine the appropriate action to take for the message, and then make a
* second call to processProxyMessage.
*/
static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
/**
* This action causes Burp Proxy to present the message to the user for
* manual review or modification, and then make a second call to
* processProxyMessage.
*/
static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
/**
* This action causes Burp Proxy to skip user interception, and then make a
* second call to processProxyMessage.
*/
static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
/**
* This method retrieves a unique reference number for this
* request/response.
*
* @return An identifier that is unique to a single request/response pair.
* Extensions can use this to correlate details of requests and responses
* and perform processing on the response message accordingly.
*/
int getMessageReference();
/**
* This method retrieves details of the intercepted message.
*
* @return An <code>IHttpRequestResponse</code> object containing details of
* the intercepted message.
*/
IHttpRequestResponse getMessageInfo();
/**
* This method retrieves the currently defined interception action. The
* default action is
* <code>ACTION_FOLLOW_RULES</code>. If multiple proxy listeners are
* registered, then other listeners may already have modified the
* interception action before it reaches the current listener. This method
* can be used to determine whether this has occurred.
*
* @return The currently defined interception action. Possible values are
* defined within this interface.
*/
int getInterceptAction();
/**
* This method is used to update the interception action.
*
* @param interceptAction The new interception action. Possible values are
* defined within this interface.
*/
void setInterceptAction(int interceptAction);
/**
* This method retrieves the name of the Burp Proxy listener that is
* processing the intercepted message.
*
* @return The name of the Burp Proxy listener that is processing the
* intercepted message. The format is the same as that shown in the Proxy
* Listeners UI - for example, "127.0.0.1:8080".
*/
String getListenerInterface();
/**
* This method retrieves the client IP address from which the request for
* the intercepted message was received.
*
* @return The client IP address from which the request for the intercepted
* message was received.
*/
InetAddress getClientIpAddress();
}

31
src/burp/IIntruderAttack.java
View File

@@ -1,31 +0,0 @@
package burp;
/*
* @(#)IIntruderAttack.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details about an Intruder attack.
*/
public interface IIntruderAttack
{
/**
* This method is used to retrieve the HTTP service for the attack.
*
* @return The HTTP service for the attack.
*/
IHttpService getHttpService();
/**
* This method is used to retrieve the request template for the attack.
*
* @return The request template for the attack.
*/
byte[] getRequestTemplate();
}

50
src/burp/IIntruderPayloadGenerator.java
View File

@@ -1,50 +0,0 @@
package burp;
/*
* @(#)IIntruderPayloadGenerator.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used for custom Intruder payload generators. Extensions
* that have registered an
* <code>IIntruderPayloadGeneratorFactory</code> must return a new instance of
* this interface when required as part of a new Intruder attack.
*/
public interface IIntruderPayloadGenerator
{
/**
* This method is used by Burp to determine whether the payload generator is
* able to provide any further payloads.
*
* @return Extensions should return
* <code>false</code> when all the available payloads have been used up,
* otherwise
* <code>true</code>.
*/
boolean hasMorePayloads();
/**
* This method is used by Burp to obtain the value of the next payload.
*
* @param baseValue The base value of the current payload position. This
* value may be
* <code>null</code> if the concept of a base value is not applicable (e.g.
* in a battering ram attack).
* @return The next payload to use in the attack.
*/
byte[] getNextPayload(byte[] baseValue);
/**
* This method is used by Burp to reset the state of the payload generator
* so that the next call to
* <code>getNextPayload()</code> returns the first payload again. This
* method will be invoked when an attack uses the same payload generator for
* more than one payload position, for example in a sniper attack.
*/
void reset();
}

40
src/burp/IIntruderPayloadGeneratorFactory.java
View File

@@ -1,40 +0,0 @@
package burp;
/*
* @(#)IIntruderPayloadGeneratorFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()</code>
* to register a factory for custom Intruder payloads.
*/
public interface IIntruderPayloadGeneratorFactory
{
/**
* This method is used by Burp to obtain the name of the payload generator.
* This will be displayed as an option within the Intruder UI when the user
* selects to use extension-generated payloads.
*
* @return The name of the payload generator.
*/
String getGeneratorName();
/**
* This method is used by Burp when the user starts an Intruder attack that
* uses this payload generator.
*
* @param attack An
* <code>IIntruderAttack</code> object that can be queried to obtain details
* about the attack in which the payload generator will be used.
* @return A new instance of
* <code>IIntruderPayloadGenerator</code> that will be used to generate
* payloads for the attack.
*/
IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
}

45
src/burp/IIntruderPayloadProcessor.java
View File

@@ -1,45 +0,0 @@
package burp;
/*
* @(#)IIntruderPayloadProcessor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerIntruderPayloadProcessor()</code> to
* register a custom Intruder payload processor.
*/
public interface IIntruderPayloadProcessor
{
/**
* This method is used by Burp to obtain the name of the payload processor.
* This will be displayed as an option within the Intruder UI when the user
* selects to use an extension-provided payload processor.
*
* @return The name of the payload processor.
*/
String getProcessorName();
/**
* This method is invoked by Burp each time the processor should be applied
* to an Intruder payload.
*
* @param currentPayload The value of the payload to be processed.
* @param originalPayload The value of the original payload prior to
* processing by any already-applied processing rules.
* @param baseValue The base value of the payload position, which will be
* replaced with the current payload.
* @return The value of the processed payload. This may be
* <code>null</code> to indicate that the current payload should be skipped,
* and the attack will move directly to the next payload.
*/
byte[] processPayload(
byte[] currentPayload,
byte[] originalPayload,
byte[] baseValue);
}

36
src/burp/IMenuItemHandler.java
View File

@@ -1,36 +0,0 @@
package burp;
/*
* @(#)IMenuItemHandler.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerMenuItem()</code> to register a custom
* context menu item.
*
* @deprecated Use
* <code>IContextMenuFactory</code> instead.
*/
@Deprecated
public interface IMenuItemHandler
{
/**
* This method is invoked by Burp Suite when the user clicks on a custom
* menu item which the extension has registered with Burp.
*
* @param menuItemCaption The caption of the menu item which was clicked.
* This parameter enables extensions to provide a single implementation
* which handles multiple different menu items.
* @param messageInfo Details of the HTTP message(s) for which the context
* menu was displayed.
*/
void menuItemClicked(
String menuItemCaption,
IHttpRequestResponse[] messageInfo);
}

77
src/burp/IMessageEditor.java
View File

@@ -1,77 +0,0 @@
package burp;
/*
* @(#)IMessageEditor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide extensions with an instance of Burp's HTTP
* message editor, for the extension to use in its own UI. Extensions should
* call <code>IBurpExtenderCallbacks.createMessageEditor()</code> to obtain an
* instance of this interface.
*/
public interface IMessageEditor
{
/**
* This method returns the UI component of the editor, for extensions to add
* to their own UI.
*
* @return The UI component of the editor.
*/
Component getComponent();
/**
* This method is used to display an HTTP message in the editor.
*
* @param message The HTTP message to be displayed.
* @param isRequest Flags whether the message is an HTTP request or
* response.
*/
void setMessage(byte[] message, boolean isRequest);
/**
* This method is used to retrieve the currently displayed message, which
* may have been modified by the user.
*
* @return The currently displayed HTTP message.
*/
byte[] getMessage();
/**
* This method is used to determine whether the current message has been
* modified by the user.
*
* @return An indication of whether the current message has been modified by
* the user since it was first displayed.
*/
boolean isMessageModified();
/**
* This method returns the data that is currently selected by the user.
*
* @return The data that is currently selected by the user, or
* <code>null</code> if no selection is made.
*/
byte[] getSelectedData();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the displayed message, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection within the displayed message. If the user has not made
* any selection in the current message, both offsets indicate the position
* of the caret within the editor. For some editor views, the concept of
* selection within the message does not apply, in which case this method
* returns null.
*/
int[] getSelectionBounds();
}

49
src/burp/IMessageEditorController.java
View File

@@ -1,49 +0,0 @@
package burp;
/*
* @(#)IMessageEditorController.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used by an
* <code>IMessageEditor</code> to obtain details about the currently displayed
* message. Extensions that create instances of Burp's HTTP message editor can
* optionally provide an implementation of
* <code>IMessageEditorController</code>, which the editor will invoke when it
* requires further information about the current message (for example, to send
* it to another Burp tool). Extensions that provide custom editor tabs via an
* <code>IMessageEditorTabFactory</code> will receive a reference to an
* <code>IMessageEditorController</code> object for each tab instance they
* generate, which the tab can invoke if it requires further information about
* the current message.
*/
public interface IMessageEditorController
{
/**
* This method is used to retrieve the HTTP service for the current message.
*
* @return The HTTP service for the current message.
*/
IHttpService getHttpService();
/**
* This method is used to retrieve the HTTP request associated with the
* current message (which may itself be a response).
*
* @return The HTTP request associated with the current message.
*/
byte[] getRequest();
/**
* This method is used to retrieve the HTTP response associated with the
* current message (which may itself be a request).
*
* @return The HTTP response associated with the current message.
*/
byte[] getResponse();
}

103
src/burp/IMessageEditorTab.java
View File

@@ -1,103 +0,0 @@
package burp;
/*
* @(#)IMessageEditorTab.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* Extensions that register an
* <code>IMessageEditorTabFactory</code> must return instances of this
* interface, which Burp will use to create custom tabs within its HTTP message
* editors.
*/
public interface IMessageEditorTab
{
/**
* This method returns the caption that should appear on the custom tab when
* it is displayed. <b>Note:</b> Burp invokes this method once when the tab
* is first generated, and the same caption will be used every time the tab
* is displayed.
*
* @return The caption that should appear on the custom tab when it is
* displayed.
*/
String getTabCaption();
/**
* This method returns the component that should be used as the contents of
* the custom tab when it is displayed. <b>Note:</b> Burp invokes this
* method once when the tab is first generated, and the same component will
* be used every time the tab is displayed.
*
* @return The component that should be used as the contents of the custom
* tab when it is displayed.
*/
Component getUiComponent();
/**
* The hosting editor will invoke this method before it displays a new HTTP
* message, so that the custom tab can indicate whether it should be enabled
* for that message.
*
* @param content The message that is about to be displayed, or a zero-length
* array if the existing message is to be cleared.
* @param isRequest Indicates whether the message is a request or a
* response.
* @return The method should return
* <code>true</code> if the custom tab is able to handle the specified
* message, and so will be displayed within the editor. Otherwise, the tab
* will be hidden while this message is displayed.
*/
boolean isEnabled(byte[] content, boolean isRequest);
/**
* The hosting editor will invoke this method to display a new message or to
* clear the existing message. This method will only be called with a new
* message if the tab has already returned
* <code>true</code> to a call to
* <code>isEnabled()</code> with the same message details.
*
* @param content The message that is to be displayed, or
* <code>null</code> if the tab should clear its contents and disable any
* editable controls.
* @param isRequest Indicates whether the message is a request or a
* response.
*/
void setMessage(byte[] content, boolean isRequest);
/**
* This method returns the currently displayed message.
*
* @return The currently displayed message.
*/
byte[] getMessage();
/**
* This method is used to determine whether the currently displayed message
* has been modified by the user. The hosting editor will always call
* <code>getMessage()</code> before calling this method, so any pending
* edits should be completed within
* <code>getMessage()</code>.
*
* @return The method should return
* <code>true</code> if the user has modified the current message since it
* was first displayed.
*/
boolean isModified();
/**
* This method is used to retrieve the data that is currently selected by
* the user.
*
* @return The data that is currently selected by the user. This may be
* <code>null</code> if no selection is currently made.
*/
byte[] getSelectedData();
}

38
src/burp/IMessageEditorTabFactory.java
View File

@@ -1,38 +0,0 @@
package burp;
/*
* @(#)IMessageEditorTabFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerMessageEditorTabFactory()</code> to
* register a factory for custom message editor tabs. This allows extensions to
* provide custom rendering or editing of HTTP messages, within Burp's own HTTP
* editor.
*/
public interface IMessageEditorTabFactory
{
/**
* Burp will call this method once for each HTTP message editor, and the
* factory should provide a new instance of an
* <code>IMessageEditorTab</code> object.
*
* @param controller An
* <code>IMessageEditorController</code> object, which the new tab can query
* to retrieve details about the currently displayed message. This may be
* <code>null</code> for extension-invoked message editors where the
* extension has not provided an editor controller.
* @param editable Indicates whether the hosting editor is editable or
* read-only.
* @return A new
* <code>IMessageEditorTab</code> object for use within the message editor.
*/
IMessageEditorTab createNewInstance(IMessageEditorController controller,
boolean editable);
}

104
src/burp/IParameter.java
View File

@@ -1,104 +0,0 @@
package burp;
/*
* @(#)IParameter.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details about an HTTP request parameter.
*/
public interface IParameter
{
/**
* Used to indicate a parameter within the URL query string.
*/
static final byte PARAM_URL = 0;
/**
* Used to indicate a parameter within the message body.
*/
static final byte PARAM_BODY = 1;
/**
* Used to indicate an HTTP cookie.
*/
static final byte PARAM_COOKIE = 2;
/**
* Used to indicate an item of data within an XML structure.
*/
static final byte PARAM_XML = 3;
/**
* Used to indicate the value of a tag attribute within an XML structure.
*/
static final byte PARAM_XML_ATTR = 4;
/**
* Used to indicate the value of a parameter attribute within a multi-part
* message body (such as the name of an uploaded file).
*/
static final byte PARAM_MULTIPART_ATTR = 5;
/**
* Used to indicate an item of data within a JSON structure.
*/
static final byte PARAM_JSON = 6;
/**
* This method is used to retrieve the parameter type.
*
* @return The parameter type. The available types are defined within this
* interface.
*/
byte getType();
/**
* This method is used to retrieve the parameter name.
*
* @return The parameter name.
*/
String getName();
/**
* This method is used to retrieve the parameter value.
*
* @return The parameter value.
*/
String getValue();
/**
* This method is used to retrieve the start offset of the parameter name
* within the HTTP request.
*
* @return The start offset of the parameter name within the HTTP request,
* or -1 if the parameter is not associated with a specific request.
*/
int getNameStart();
/**
* This method is used to retrieve the end offset of the parameter name
* within the HTTP request.
*
* @return The end offset of the parameter name within the HTTP request, or
* -1 if the parameter is not associated with a specific request.
*/
int getNameEnd();
/**
* This method is used to retrieve the start offset of the parameter value
* within the HTTP request.
*
* @return The start offset of the parameter value within the HTTP request,
* or -1 if the parameter is not associated with a specific request.
*/
int getValueStart();
/**
* This method is used to retrieve the end offset of the parameter value
* within the HTTP request.
*
* @return The end offset of the parameter value within the HTTP request, or
* -1 if the parameter is not associated with a specific request.
*/
int getValueEnd();
}

37
src/burp/IProxyListener.java
View File

@@ -1,37 +0,0 @@
package burp;
/*
* @(#)IProxyListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerProxyListener()</code> to register a
* Proxy listener. The listener will be notified of requests and responses being
* processed by the Proxy tool. Extensions can perform custom analysis or
* modification of these messages, and control in-UI message interception, by
* registering a proxy listener.
*/
public interface IProxyListener
{
/**
* This method is invoked when an HTTP message is being processed by the
* Proxy.
*
* @param messageIsRequest Indicates whether the HTTP message is a request
* or a response.
* @param message An
* <code>IInterceptedProxyMessage</code> object that extensions can use to
* query and update details of the message, and control whether the message
* should be intercepted and displayed to the user for manual review or
* modification.
*/
void processProxyMessage(
boolean messageIsRequest,
IInterceptedProxyMessage message);
}

95
src/burp/IRequestInfo.java
View File

@@ -1,95 +0,0 @@
package burp;
/*
* @(#)IRequestInfo.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.URL;
import java.util.List;
/**
* This interface is used to retrieve key details about an HTTP request.
* Extensions can obtain an
* <code>IRequestInfo</code> object for a given request by calling
* <code>IExtensionHelpers.analyzeRequest()</code>.
*/
public interface IRequestInfo
{
/**
* Used to indicate that there is no content.
*/
static final byte CONTENT_TYPE_NONE = 0;
/**
* Used to indicate URL-encoded content.
*/
static final byte CONTENT_TYPE_URL_ENCODED = 1;
/**
* Used to indicate multi-part content.
*/
static final byte CONTENT_TYPE_MULTIPART = 2;
/**
* Used to indicate XML content.
*/
static final byte CONTENT_TYPE_XML = 3;
/**
* Used to indicate JSON content.
*/
static final byte CONTENT_TYPE_JSON = 4;
/**
* Used to indicate AMF content.
*/
static final byte CONTENT_TYPE_AMF = 5;
/**
* Used to indicate unknown content.
*/
static final byte CONTENT_TYPE_UNKNOWN = -1;
/**
* This method is used to obtain the HTTP method used in the request.
*
* @return The HTTP method used in the request.
*/
String getMethod();
/**
* This method is used to obtain the URL in the request.
*
* @return The URL in the request.
*/
URL getUrl();
/**
* This method is used to obtain the HTTP headers contained in the request.
*
* @return The HTTP headers contained in the request.
*/
List<String> getHeaders();
/**
* This method is used to obtain the parameters contained in the request.
*
* @return The parameters contained in the request.
*/
List<IParameter> getParameters();
/**
* This method is used to obtain the offset within the request where the
* message body begins.
*
* @return The offset within the request where the message body begins.
*/
int getBodyOffset();
/**
* This method is used to obtain the content type of the message body.
*
* @return An indication of the content type of the message body. Available
* types are defined within this interface.
*/
byte getContentType();
}

73
src/burp/IResponseInfo.java
View File

@@ -1,73 +0,0 @@
package burp;
/*
* @(#)IResponseInfo.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to retrieve key details about an HTTP response.
* Extensions can obtain an
* <code>IResponseInfo</code> object for a given response by calling
* <code>IExtensionHelpers.analyzeResponse()</code>.
*/
public interface IResponseInfo
{
/**
* This method is used to obtain the HTTP headers contained in the response.
*
* @return The HTTP headers contained in the response.
*/
List<String> getHeaders();
/**
* This method is used to obtain the offset within the response where the
* message body begins.
*
* @return The offset within the response where the message body begins.
*/
int getBodyOffset();
/**
* This method is used to obtain the HTTP status code contained in the
* response.
*
* @return The HTTP status code contained in the response.
*/
short getStatusCode();
/**
* This method is used to obtain details of the HTTP cookies set in the
* response.
*
* @return A list of <code>ICookie</code> objects representing the cookies
* set in the response, if any.
*/
List<ICookie> getCookies();
/**
* This method is used to obtain the MIME type of the response, as stated in
* the HTTP headers.
*
* @return A textual label for the stated MIME type, or an empty String if
* this is not known or recognized. The possible labels are the same as
* those used in the main Burp UI.
*/
String getStatedMimeType();
/**
* This method is used to obtain the MIME type of the response, as inferred
* from the contents of the HTTP message body.
*
* @return A textual label for the inferred MIME type, or an empty String if
* this is not known or recognized. The possible labels are the same as
* those used in the main Burp UI.
*/
String getInferredMimeType();
}

58
src/burp/IResponseKeywords.java
View File

@@ -1,58 +0,0 @@
package burp;
/*
* @(#)IResponseKeywords.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to represent the counts of keywords appearing in a
* number of HTTP responses.
*/
public interface IResponseKeywords
{
/**
* This method is used to obtain the list of keywords whose counts vary
* between the analyzed responses.
*
* @return The keywords whose counts vary between the analyzed responses.
*/
List<String> getVariantKeywords();
/**
* This method is used to obtain the list of keywords whose counts do not
* vary between the analyzed responses.
*
* @return The keywords whose counts do not vary between the analyzed
* responses.
*/
List<String> getInvariantKeywords();
/**
* This method is used to obtain the number of occurrences of an individual
* keyword in a response.
*
* @param keyword The keyword whose count will be retrieved.
* @param responseIndex The index of the response. Note responses are
* indexed from zero in the order they were originally supplied to the
* <code>IExtensionHelpers.analyzeResponseKeywords()</code> and
* <code>IResponseKeywords.updateWith()</code> methods.
* @return The number of occurrences of the specified keyword for the
* specified response.
*/
int getKeywordCount(String keyword, int responseIndex);
/**
* This method is used to update the analysis based on additional responses.
*
* @param responses The new responses to include in the analysis.
*/
void updateWith(byte[]... responses);
}

62
src/burp/IResponseVariations.java
View File

@@ -1,62 +0,0 @@
package burp;
/*
* @(#)IResponseVariations.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to represent variations between a number HTTP
* responses, according to various attributes.
*/
public interface IResponseVariations
{
/**
* This method is used to obtain the list of attributes that vary between
* the analyzed responses.
*
* @return The attributes that vary between the analyzed responses.
*/
List<String> getVariantAttributes();
/**
* This method is used to obtain the list of attributes that do not vary
* between the analyzed responses.
*
* @return The attributes that do not vary between the analyzed responses.
*/
List<String> getInvariantAttributes();
/**
* This method is used to obtain the value of an individual attribute in a
* response. Note that the values of some attributes are intrinsically
* meaningful (e.g. a word count) while the values of others are less so
* (e.g. a checksum of the HTML tag names).
*
* @param attributeName The name of the attribute whose value will be
* retrieved. Extension authors can obtain the list of supported attributes
* by generating an <code>IResponseVariations</code> object for a single
* response and calling
* <code>IResponseVariations.getInvariantAttributes()</code>.
* @param responseIndex The index of the response. Note that responses are
* indexed from zero in the order they were originally supplied to the
* <code>IExtensionHelpers.analyzeResponseVariations()</code> and
* <code>IResponseVariations.updateWith()</code> methods.
* @return The value of the specified attribute for the specified response.
*/
int getAttributeValue(String attributeName, int responseIndex);
/**
* This method is used to update the analysis based on additional responses.
*
* @param responses The new responses to include in the analysis.
*/
void updateWith(byte[]... responses);
}

123
src/burp/IScanIssue.java
View File

@@ -1,123 +0,0 @@
package burp;
/*
* @(#)IScanIssue.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve details of Scanner issues. Extensions can
* obtain details of issues by registering an <code>IScannerListener</code> or
* by calling <code>IBurpExtenderCallbacks.getScanIssues()</code>. Extensions
* can also add custom Scanner issues by registering an
* <code>IScannerCheck</code> or calling
* <code>IBurpExtenderCallbacks.addScanIssue()</code>, and providing their own
* implementations of this interface. Note that issue descriptions and other
* text generated by extensions are subject to an HTML whitelist that allows
* only formatting tags and simple hyperlinks.
*/
public interface IScanIssue
{
/**
* This method returns the URL for which the issue was generated.
*
* @return The URL for which the issue was generated.
*/
java.net.URL getUrl();
/**
* This method returns the name of the issue type.
*
* @return The name of the issue type (e.g. "SQL injection").
*/
String getIssueName();
/**
* This method returns a numeric identifier of the issue type. See the Burp
* Scanner documentation for a listing of all the issue types.
*
* @return A numeric identifier of the issue type.
*/
int getIssueType();
/**
* This method returns the issue severity level.
*
* @return The issue severity level. Expected values are "High", "Medium",
* "Low", "Information" or "False positive".
*
*/
String getSeverity();
/**
* This method returns the issue confidence level.
*
* @return The issue confidence level. Expected values are "Certain", "Firm"
* or "Tentative".
*/
String getConfidence();
/**
* This method returns a background description for this type of issue.
*
* @return A background description for this type of issue, or
* <code>null</code> if none applies. A limited set of HTML tags may be
* used.
*/
String getIssueBackground();
/**
* This method returns a background description of the remediation for this
* type of issue.
*
* @return A background description of the remediation for this type of
* issue, or <code>null</code> if none applies. A limited set of HTML tags
* may be used.
*/
String getRemediationBackground();
/**
* This method returns detailed information about this specific instance of
* the issue.
*
* @return Detailed information about this specific instance of the issue,
* or <code>null</code> if none applies. A limited set of HTML tags may be
* used.
*/
String getIssueDetail();
/**
* This method returns detailed information about the remediation for this
* specific instance of the issue.
*
* @return Detailed information about the remediation for this specific
* instance of the issue, or <code>null</code> if none applies. A limited
* set of HTML tags may be used.
*/
String getRemediationDetail();
/**
* This method returns the HTTP messages on the basis of which the issue was
* generated.
*
* @return The HTTP messages on the basis of which the issue was generated.
* <b>Note:</b> The items in this array should be instances of
* <code>IHttpRequestResponseWithMarkers</code> if applicable, so that
* details of the relevant portions of the request and response messages are
* available.
*/
IHttpRequestResponse[] getHttpMessages();
/**
* This method returns the HTTP service for which the issue was generated.
*
* @return The HTTP service for which the issue was generated.
*/
IHttpService getHttpService();
}

81
src/burp/IScanQueueItem.java
View File

@@ -1,81 +0,0 @@
package burp;
/*
* @(#)IScanQueueItem.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve details of items in the Burp Scanner
* active scan queue. Extensions can obtain references to scan queue items by
* calling
* <code>IBurpExtenderCallbacks.doActiveScan()</code>.
*/
public interface IScanQueueItem
{
/**
* This method returns a description of the status of the scan queue item.
*
* @return A description of the status of the scan queue item.
*/
String getStatus();
/**
* This method returns an indication of the percentage completed for the
* scan queue item.
*
* @return An indication of the percentage completed for the scan queue
* item.
*/
@Deprecated
byte getPercentageComplete();
/**
* This method returns the number of requests that have been made for the
* scan queue item.
*
* @return The number of requests that have been made for the scan queue
* item.
*/
int getNumRequests();
/**
* This method returns the number of network errors that have occurred for
* the scan queue item.
*
* @return The number of network errors that have occurred for the scan
* queue item.
*/
int getNumErrors();
/**
* This method returns the number of attack insertion points being used for
* the scan queue item.
*
* @return The number of attack insertion points being used for the scan
* queue item.
*/
int getNumInsertionPoints();
/**
* This method allows the scan queue item to be canceled.
*/
void cancel();
/**
* This method returns details of the issues generated for the scan queue
* item. <b>Note:</b> different items within the scan queue may contain
* duplicated versions of the same issues - for example, if the same request
* has been scanned multiple times. Duplicated issues are consolidated in
* the main view of scan results. Extensions can register an
* <code>IScannerListener</code> to get details only of unique, newly
* discovered Scanner issues post-consolidation.
*
* @return Details of the issues generated for the scan queue item.
*/
IScanIssue[] getIssues();
}

83
src/burp/IScannerCheck.java
View File

@@ -1,83 +0,0 @@
package burp;
/*
* @(#)IScannerCheck.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerCheck()</code> to register a
* custom Scanner check. When performing scanning, Burp will ask the check to
* perform active or passive scanning on the base request, and report any
* Scanner issues that are identified.
*/
public interface IScannerCheck
{
/**
* The Scanner invokes this method for each base request / response that is
* passively scanned. <b>Note:</b> Extensions should only analyze the
* HTTP messages provided during passive scanning, and should not make any
* new HTTP requests of their own.
*
* @param baseRequestResponse The base HTTP request / response that should
* be passively scanned.
* @return A list of <code>IScanIssue</code> objects, or <code>null</code>
* if no issues are identified.
*/
List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse);
/**
* The Scanner invokes this method for each insertion point that is actively
* scanned. Extensions may issue HTTP requests as required to carry out
* active scanning, and should use the
* <code>IScannerInsertionPoint</code> object provided to build scan
* requests for particular payloads.
* <b>Note:</b>
* Scan checks should submit raw non-encoded payloads to insertion points,
* and the insertion point has responsibility for performing any data
* encoding that is necessary given the nature and location of the insertion
* point.
*
* @param baseRequestResponse The base HTTP request / response that should
* be actively scanned.
* @param insertionPoint An <code>IScannerInsertionPoint</code> object that
* can be queried to obtain details of the insertion point being tested, and
* can be used to build scan requests for particular payloads.
* @return A list of <code>IScanIssue</code> objects, or <code>null</code>
* if no issues are identified.
*/
List<IScanIssue> doActiveScan(
IHttpRequestResponse baseRequestResponse,
IScannerInsertionPoint insertionPoint);
/**
* The Scanner invokes this method when the custom Scanner check has
* reported multiple issues for the same URL path. This can arise either
* because there are multiple distinct vulnerabilities, or because the same
* (or a similar) request has been scanned more than once. The custom check
* should determine whether the issues are duplicates. In most cases, where
* a check uses distinct issue names or descriptions for distinct issues,
* the consolidation process will simply be a matter of comparing these
* features for the two issues.
*
* @param existingIssue An issue that was previously reported by this
* Scanner check.
* @param newIssue An issue at the same URL path that has been newly
* reported by this Scanner check.
* @return An indication of which issue(s) should be reported in the main
* Scanner results. The method should return <code>-1</code> to report the
* existing issue only, <code>0</code> to report both issues, and
* <code>1</code> to report the new issue only.
*/
int consolidateDuplicateIssues(
IScanIssue existingIssue,
IScanIssue newIssue);
}

174
src/burp/IScannerInsertionPoint.java
View File

@@ -1,174 +0,0 @@
package burp;
/*
* @(#)IScannerInsertionPoint.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to define an insertion point for use by active Scanner
* checks. Extensions can obtain instances of this interface by registering an
* <code>IScannerCheck</code>, or can create instances for use by Burp's own
* scan checks by registering an
* <code>IScannerInsertionPointProvider</code>.
*/
public interface IScannerInsertionPoint
{
/**
* Used to indicate where the payload is inserted into the value of a URL
* parameter.
*/
static final byte INS_PARAM_URL = 0x00;
/**
* Used to indicate where the payload is inserted into the value of a body
* parameter.
*/
static final byte INS_PARAM_BODY = 0x01;
/**
* Used to indicate where the payload is inserted into the value of an HTTP
* cookie.
*/
static final byte INS_PARAM_COOKIE = 0x02;
/**
* Used to indicate where the payload is inserted into the value of an item
* of data within an XML data structure.
*/
static final byte INS_PARAM_XML = 0x03;
/**
* Used to indicate where the payload is inserted into the value of a tag
* attribute within an XML structure.
*/
static final byte INS_PARAM_XML_ATTR = 0x04;
/**
* Used to indicate where the payload is inserted into the value of a
* parameter attribute within a multi-part message body (such as the name of
* an uploaded file).
*/
static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
/**
* Used to indicate where the payload is inserted into the value of an item
* of data within a JSON structure.
*/
static final byte INS_PARAM_JSON = 0x06;
/**
* Used to indicate where the payload is inserted into the value of an AMF
* parameter.
*/
static final byte INS_PARAM_AMF = 0x07;
/**
* Used to indicate where the payload is inserted into the value of an HTTP
* request header.
*/
static final byte INS_HEADER = 0x20;
/**
* Used to indicate where the payload is inserted into a URL path folder.
*/
static final byte INS_URL_PATH_FOLDER = 0x21;
/**
* Used to indicate where the payload is inserted into a URL path folder.
* This is now deprecated; use <code>INS_URL_PATH_FOLDER</code> instead.
*/
@Deprecated
static final byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER;
/**
* Used to indicate where the payload is inserted into the name of an added
* URL parameter.
*/
static final byte INS_PARAM_NAME_URL = 0x22;
/**
* Used to indicate where the payload is inserted into the name of an added
* body parameter.
*/
static final byte INS_PARAM_NAME_BODY = 0x23;
/**
* Used to indicate where the payload is inserted into the body of the HTTP
* request.
*/
static final byte INS_ENTIRE_BODY = 0x24;
/**
* Used to indicate where the payload is inserted into the URL path
* filename.
*/
static final byte INS_URL_PATH_FILENAME = 0x25;
/**
* Used to indicate where the payload is inserted at a location manually
* configured by the user.
*/
static final byte INS_USER_PROVIDED = 0x40;
/**
* Used to indicate where the insertion point is provided by an
* extension-registered
* <code>IScannerInsertionPointProvider</code>.
*/
static final byte INS_EXTENSION_PROVIDED = 0x41;
/**
* Used to indicate where the payload is inserted at an unknown location
* within the request.
*/
static final byte INS_UNKNOWN = 0x7f;
/**
* This method returns the name of the insertion point.
*
* @return The name of the insertion point (for example, a description of a
* particular request parameter).
*/
String getInsertionPointName();
/**
* This method returns the base value for this insertion point.
*
* @return the base value that appears in this insertion point in the base
* request being scanned, or <code>null</code> if there is no value in the
* base request that corresponds to this insertion point.
*/
String getBaseValue();
/**
* This method is used to build a request with the specified payload placed
* into the insertion point. There is no requirement for extension-provided
* insertion points to adjust the Content-Length header in requests if the
* body length has changed, although Burp-provided insertion points will
* always do this and will return a request with a valid Content-Length
* header.
* <b>Note:</b>
* Scan checks should submit raw non-encoded payloads to insertion points,
* and the insertion point has responsibility for performing any data
* encoding that is necessary given the nature and location of the insertion
* point.
*
* @param payload The payload that should be placed into the insertion
* point.
* @return The resulting request.
*/
byte[] buildRequest(byte[] payload);
/**
* This method is used to determine the offsets of the payload value within
* the request, when it is placed into the insertion point. Scan checks may
* invoke this method when reporting issues, so as to highlight the relevant
* part of the request within the UI.
*
* @param payload The payload that should be placed into the insertion
* point.
* @return An int[2] array containing the start and end offsets of the
* payload within the request, or null if this is not applicable (for
* example, where the insertion point places a payload into a serialized
* data structure, the raw payload may not literally appear anywhere within
* the resulting request).
*/
int[] getPayloadOffsets(byte[] payload);
/**
* This method returns the type of the insertion point.
*
* @return The type of the insertion point. Available types are defined in
* this interface.
*/
byte getInsertionPointType();
}

38
src/burp/IScannerInsertionPointProvider.java
View File

@@ -1,38 +0,0 @@
package burp;
/*
* @(#)IScannerInsertionPointProvider.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerInsertionPointProvider()</code>
* to register a factory for custom Scanner insertion points.
*/
public interface IScannerInsertionPointProvider
{
/**
* When a request is actively scanned, the Scanner will invoke this method,
* and the provider should provide a list of custom insertion points that
* will be used in the scan. <b>Note:</b> these insertion points are used in
* addition to those that are derived from Burp Scanner's configuration, and
* those provided by any other Burp extensions.
*
* @param baseRequestResponse The base request that will be actively
* scanned.
* @return A list of
* <code>IScannerInsertionPoint</code> objects that should be used in the
* scanning, or
* <code>null</code> if no custom insertion points are applicable for this
* request.
*/
List<IScannerInsertionPoint> getInsertionPoints(
IHttpRequestResponse baseRequestResponse);
}

30
src/burp/IScannerListener.java
View File

@@ -1,30 +0,0 @@
package burp;
/*
* @(#)IScannerListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerListener()</code> to register a
* Scanner listener. The listener will be notified of new issues that are
* reported by the Scanner tool. Extensions can perform custom analysis or
* logging of Scanner issues by registering a Scanner listener.
*/
public interface IScannerListener
{
/**
* This method is invoked when a new issue is added to Burp Scanner's
* results.
*
* @param issue An
* <code>IScanIssue</code> object that the extension can query to obtain
* details about the new issue.
*/
void newScanIssue(IScanIssue issue);
}

25
src/burp/IScopeChangeListener.java
View File

@@ -1,25 +0,0 @@
package burp;
/*
* @(#)IScopeChangeListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScopeChangeListener()</code> to register
* a scope change listener. The listener will be notified whenever a change
* occurs to Burp's suite-wide target scope.
*/
public interface IScopeChangeListener
{
/**
* This method is invoked whenever a change occurs to Burp's suite-wide
* target scope.
*/
void scopeChanged();
}

51
src/burp/ISessionHandlingAction.java
View File

@@ -1,51 +0,0 @@
package burp;
/*
* @(#)ISessionHandlingAction.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerSessionHandlingAction()</code> to
* register a custom session handling action. Each registered action will be
* available within the session handling rule UI for the user to select as a
* rule action. Users can choose to invoke an action directly in its own right,
* or following execution of a macro.
*/
public interface ISessionHandlingAction
{
/**
* This method is used by Burp to obtain the name of the session handling
* action. This will be displayed as an option within the session handling
* rule editor when the user selects to execute an extension-provided
* action.
*
* @return The name of the action.
*/
String getActionName();
/**
* This method is invoked when the session handling action should be
* executed. This may happen as an action in its own right, or as a
* sub-action following execution of a macro.
*
* @param currentRequest The base request that is currently being processed.
* The action can query this object to obtain details about the base
* request. It can issue additional requests of its own if necessary, and
* can use the setter methods on this object to update the base request.
* @param macroItems If the action is invoked following execution of a
* macro, this parameter contains the result of executing the macro.
* Otherwise, it is
* <code>null</code>. Actions can use the details of the macro items to
* perform custom analysis of the macro to derive values of non-standard
* session handling tokens, etc.
*/
void performAction(
IHttpRequestResponse currentRequest,
IHttpRequestResponse[] macroItems);
}

38
src/burp/ITab.java
View File

@@ -1,38 +0,0 @@
package burp;
/*
* @(#)ITab.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide Burp with details of a custom tab that will
* be added to Burp's UI, using a method such as
* <code>IBurpExtenderCallbacks.addSuiteTab()</code>.
*/
public interface ITab
{
/**
* Burp uses this method to obtain the caption that should appear on the
* custom tab when it is displayed.
*
* @return The caption that should appear on the custom tab when it is
* displayed.
*/
String getTabCaption();
/**
* Burp uses this method to obtain the component that should be used as the
* contents of the custom tab when it is displayed.
*
* @return The component that should be used as the contents of the custom
* tab when it is displayed.
*/
Component getUiComponent();
}

33
src/burp/ITempFile.java
View File

@@ -1,33 +0,0 @@
package burp;
/*
* @(#)ITempFile.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details of a temporary file that has been
* created via a call to
* <code>IBurpExtenderCallbacks.saveToTempFile()</code>.
*
*/
public interface ITempFile
{
/**
* This method is used to retrieve the contents of the buffer that was saved
* in the temporary file.
*
* @return The contents of the buffer that was saved in the temporary file.
*/
byte[] getBuffer();
/**
* This method is deprecated and no longer performs any action.
*/
@Deprecated
void delete();
}

90
src/burp/ITextEditor.java
View File

@@ -1,90 +0,0 @@
package burp;
/*
* @(#)ITextEditor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide extensions with an instance of Burp's raw
* text editor, for the extension to use in its own UI. Extensions should call
* <code>IBurpExtenderCallbacks.createTextEditor()</code> to obtain an instance
* of this interface.
*/
public interface ITextEditor
{
/**
* This method returns the UI component of the editor, for extensions to add
* to their own UI.
*
* @return The UI component of the editor.
*/
Component getComponent();
/**
* This method is used to control whether the editor is currently editable.
* This status can be toggled on and off as required.
*
* @param editable Indicates whether the editor should be currently
* editable.
*/
void setEditable(boolean editable);
/**
* This method is used to update the currently displayed text in the editor.
*
* @param text The text to be displayed.
*/
void setText(byte[] text);
/**
* This method is used to retrieve the currently displayed text.
*
* @return The currently displayed text.
*/
byte[] getText();
/**
* This method is used to determine whether the user has modified the
* contents of the editor.
*
* @return An indication of whether the user has modified the contents of
* the editor since the last call to
* <code>setText()</code>.
*/
boolean isTextModified();
/**
* This method is used to obtain the currently selected text.
*
* @return The currently selected text, or
* <code>null</code> if the user has not made any selection.
*/
byte[] getSelectedText();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the displayed text, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection within the displayed text. If the user has not made any
* selection in the current message, both offsets indicate the position of
* the caret within the editor.
*/
int[] getSelectionBounds();
/**
* This method is used to update the search expression that is shown in the
* search bar below the editor. The editor will automatically highlight any
* regions of the displayed text that match the search expression.
*
* @param expression The search expression.
*/
void setSearchExpression(String expression);
}

270
src/main/java/burp/BurpExtender.java Normal file
View File

@@ -0,0 +1,270 @@
package burp;
import burp.core.processor.ColorProcessor;
import burp.core.processor.MessageProcessor;
import burp.ui.MainUI;
import burp.ui.board.MessagePanel;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Objects;
import javax.swing.*;
import java.awt.*;
import java.nio.charset.StandardCharsets;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
/**
* @author EvilChen & 0chencc
*/
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private MainUI main;
// stdout变成公开属性便于其他类调用输出调试信息
public static PrintWriter stdout;
private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers;
ColorProcessor colorProcessor = new ColorProcessor();
MessageProcessor messageProcessor = new MessageProcessor();
private MessagePanel messagePanel;
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
BurpExtender.helpers = callbacks.getHelpers();
String version = "2.5";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("[ HACK THE WORLD - TO DO IT ]");
stdout.println("[#] Author: EvilChen & 0chencc");
stdout.println("[#] Github: https://github.com/gh0stkey/HaE");
// UI
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
initialize();
}
});
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize(){
messagePanel = new MessagePanel(callbacks, helpers);
main = new MainUI(messagePanel);
callbacks.customizeUiComponent(main);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public String getTabCaption(){
return "HaE";
}
@Override
public Component getUiComponent() {
return main;
}
/**
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
byte[] content;
if (messageIsRequest) {
content = messageInfo.getRequest();
} else {
content = messageInfo.getResponse();
}
IHttpService iHttpService = null;
try {
iHttpService = messageInfo.getHttpService();
} catch (Exception ignored) {
}
// 获取请求主机信息
assert iHttpService != null;
String host = iHttpService.getHost();
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = null;
try {
result = messageProcessor.processMessage(helpers, content, messageIsRequest, true, host);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
String resComment = "";
String resColor = "";
String originalColor = messageInfo.getHighlight();
String originalComment = messageInfo.getComment();
if (result != null && !result.isEmpty() && result.size() > 0) {
List<String> colorList = new ArrayList<>();
if (originalColor != null) {
colorList.add(originalColor);
}
colorList.add(result.get(0).get("color"));
resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
messageInfo.setHighlight(resColor);
String addComment = String.join(", ", result.get(1).get("comment"));
resComment = !Objects.equals(originalComment, "") ? String.format("%s, %s", originalComment, addComment) : addComment;
messageInfo.setComment(resComment);
}
String endComment = resComment.isEmpty() ? originalComment : resComment;
String endColor = resColor.isEmpty() ? originalColor : resColor;
if (!messageIsRequest && !endComment.isEmpty() && !endColor.isEmpty()) {
messagePanel.add(messageInfo, endComment, String.valueOf(content.length), endColor);
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private final JTabbedPane jTabbedPane = new JTabbedPane();
private JTable jTable = new JTable();
private final IMessageEditorController controller;
private Map<String, String> extractRequestMap;
private Map<String, String> extractResponseMap;
private ArrayList<String> titleList = new ArrayList<>();
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
this.controller = controller;
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
jTabbedPane.addChangeListener(new ChangeListener() {
@Override
public void stateChanged(ChangeEvent arg0) {
jTable = (JTable) ((JScrollPane)jTabbedPane.getSelectedComponent()).getViewport().getView();
}
});
return this.jTabbedPane;
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = null;
try {
result = messageProcessor.processMessage(helpers, content, isRequest, false, "");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
if (result != null && !result.isEmpty()) {
Map<String, String> dataMap = result.get(0);
if (isRequest) {
extractRequestMap = dataMap;
} else {
extractResponseMap = dataMap;
}
return true;
}
return false;
}
@Override
public byte[] getMessage() {
return null;
}
@Override
public boolean isModified() {
return false;
}
/**
* 快捷键复制功能
*/
@Override
public byte[] getSelectedData() {
int[] selectRows = jTable.getSelectedRows();
StringBuilder selectData = new StringBuilder();
for (int row : selectRows) {
selectData.append(jTable.getValueAt(row, 0).toString()).append("\n");
}
// 便于单行复制,去除最后一个换行符
String revData = selectData.reverse().toString().replaceFirst("\n", "");
StringBuilder retData = new StringBuilder(revData).reverse();
return helpers.stringToBytes(retData.toString());
}
/**
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
if (content.length > 0) {
if (isRequest) {
makeTable(extractRequestMap);
} else {
makeTable(extractResponseMap);
}
}
}
/**
* 创建MarkInfo表单
*/
public void makeTable(Map<String, String> dataMap) {
ArrayList<String> lTitleList = new ArrayList<>();
dataMap.keySet().forEach(i->{
String[] extractData = dataMap.get(i).split("\n");
Object[][] data = new Object[extractData.length][1];
for (int x = 0; x < extractData.length; x++) {
data[x][0] = extractData[x];
}
JTable infoTable = new JTable(data, new Object[]{"Information"});
infoTable.setAutoCreateRowSorter(true);
JScrollPane jScrollPane = new JScrollPane(infoTable);
lTitleList.add(i);
this.jTabbedPane.addTab(i, jScrollPane);
});
/*
* 使用removeAll会导致MarkInfo UI出现空白的情况为了改善用户侧体验采用remove的方式进行删除
* 采用全局ArrayList的方式遍历删除Tab以此应对BurpSuite缓存机制导致的MarkInfo UI错误展示。
*/
titleList.forEach(t->{
int indexOfTab = this.jTabbedPane.indexOfTab(t);
if (indexOfTab != -1) {
this.jTabbedPane.removeTabAt(indexOfTab);
}
});
titleList = lTitleList;
}
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
return new MarkInfoTab(controller, editable);
}
}

42
src/main/java/burp/config/ConfigEntry.java Normal file
View File

@@ -0,0 +1,42 @@
package burp.config;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class ConfigEntry {
public static String excludeSuffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|apk|arc|au|avi|azw|bat|bin|bmp|bz|bz2|cmd|cmx|cod|com|csh|css|csv|dll|doc|docx|ear|eot|epub|exe|flac|flv|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|less|m3u|mid|midi|mjs|mkv|mov|mp2|mp3|mp4|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogg|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|scss|sh|snd|svg|swf|tar|tif|tiff|ttf|vsd|war|wav|weba|webm|webp|wmv|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip";
public static String[] scopeArray = new String[] {
"any",
"any header",
"any body",
"response",
"response header",
"response body",
"request",
"request header",
"request body"
};
public static String[] engineArray = new String[] {
"nfa",
"dfa"
};
public static String[] colorArray = new String[] {
"red",
"orange",
"yellow",
"green",
"cyan",
"blue",
"pink",
"magenta",
"gray"
};
public static Map<String,Object[][]> globalRules = null;
public static Map<String, Map<String, List<String>>> globalDataMap = new HashMap<>();
}

131
src/main/java/burp/config/ConfigLoader.java Normal file
View File

@@ -0,0 +1,131 @@
package burp.config;
import burp.rule.utils.RuleTool;
import burp.rule.utils.YamlTool;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.ArrayList;
import org.yaml.snakeyaml.Yaml;
/**
* @author EvilChen
*/
public class ConfigLoader {
private static final Yaml yaml = YamlTool.newStandardYaml();
private static final String HaEConfigPath = String.format("%s/.config/HaE", System.getProperty("user.home"));
private static final String RulesFilePath = String.format("%s/%s", HaEConfigPath, "Rules.yml");
private static final String ConfigFilePath = String.format("%s/%s", HaEConfigPath, "Config.yml");
public ConfigLoader() {
// 构造函数,初始化配置
File HaEConfigPathFile = new File(HaEConfigPath);
if (!(HaEConfigPathFile.exists() && HaEConfigPathFile.isDirectory())) {
HaEConfigPathFile.mkdirs();
}
File configFilePath = new File(ConfigFilePath);
if (!(configFilePath.exists() && configFilePath.isFile())) {
initConfig();
initRules();
}
ConfigEntry.globalRules = ConfigLoader.getRules();
}
public void initConfig() {
Map<String, Object> r = new LinkedHashMap<>();
r.put("rulesPath", RulesFilePath);
r.put("excludeSuffix", getExcludeSuffix());
try {
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(ConfigFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws);
} catch (Exception ex) {
ex.printStackTrace();
}
}
public void initRules() {
RuleTool rt = new RuleTool(RulesFilePath);
rt.getRulesFromSite();
}
public static String getRulesFilePath() {
try {
Map<String, Object> r = YamlTool.loadYaml(ConfigFilePath);
return r.get("rulesPath").toString();
} catch (Exception e) {
e.printStackTrace();
return RulesFilePath;
}
}
public String getExcludeSuffix(){
String excludeSuffix = "";
File yamlSetting = new File(ConfigFilePath);
if (yamlSetting.exists() && yamlSetting.isFile()) {
try {
InputStream inorder = Files.newInputStream(Paths.get(ConfigFilePath));
Map<String,Object> r = yaml.load(inorder);
excludeSuffix = r.get("excludeSuffix").toString();
} catch (Exception e) {
// e.printStackTrace();
excludeSuffix = ConfigEntry.excludeSuffix;
}
} else {
excludeSuffix = ConfigEntry.excludeSuffix;
}
return excludeSuffix;
}
// 获取规则配置
public static Map<String, Object[][]> getRules() {
Map<String, Object> rulesMap = YamlTool.loadYaml(getRulesFilePath());
Map<String, Object[][]> resRule = new HashMap<>();
String[] fieldKeys = {"loaded", "name", "regex", "color", "scope", "engine", "sensitive"};
Object rulesObj = rulesMap.get("rules");
if (rulesObj instanceof List) {
List<Map<String, Object>> groupData = (List<Map<String, Object>>) rulesObj;
for (Map<String, Object> groupFields : groupData) {
ArrayList<Object[]> data = new ArrayList<>();
Object ruleObj = groupFields.get("rule");
if (ruleObj instanceof List) {
List<Map<String, Object>> ruleData = (List<Map<String, Object>>) ruleObj;
for (Map<String, Object> ruleFields : ruleData) {
Object[] valuesArray = new Object[fieldKeys.length];
for (int i = 0; i < fieldKeys.length; i++) {
valuesArray[i] = ruleFields.get(fieldKeys[i]);
}
data.add(valuesArray);
}
}
Object[][] dataArray = data.toArray(new Object[data.size()][]);
resRule.put(groupFields.get("group").toString(), dataArray);
}
}
return resRule;
}
public void setExcludeSuffix(String excludeSuffix){
Map<String,Object> r = new LinkedHashMap<>();
r.put("rulesPath", getRulesFilePath());
r.put("excludeSuffix", excludeSuffix);
try{
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(RulesFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
}

26
src/main/java/burp/core/GlobalCachePool.java Normal file
View File

@@ -0,0 +1,26 @@
package burp.core;
import java.util.HashMap;
import java.util.Map;
/**
* @author EvilChen
*/
public class GlobalCachePool {
// 用于缓存匹配结果,以请求/响应的MD5 Hash作为索引
private static final Map<String, Map<String, Map<String, Object>>> cache = new HashMap<>();
public static void addToCache(String key, Map<String, Map<String, Object>> value) {
cache.put(key, value);
}
public static Map<String, Map<String, Object>> getFromCache(String key) {
return cache.get(key);
}
public static void removeFromCache(String key) {
cache.remove(key);
}
}

68
src/main/java/burp/core/processor/ColorProcessor.java Normal file
View File

@@ -0,0 +1,68 @@
package burp.core.processor;
import burp.config.ConfigEntry;
import java.util.*;
/**
* @author EvilChen
*/
public class ColorProcessor {
private String finalColor = "";
public List<Integer> retrieveColorIndices(List<String> colors){
List<Integer> indices = new ArrayList<>();
String[] colorArray = ConfigEntry.colorArray;
int size = colorArray.length;
for (String color : colors) {
for (int i = 0; i < size; i++) {
if (colorArray[i].equals(color)) {
indices.add(i);
}
}
}
return indices;
}
/**
* 颜色升级递归算法
*/
private void upgradeColors(List<Integer> colorList) {
int colorSize = colorList.size();
String[] colorArray = ConfigEntry.colorArray;
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
} else {
if (!Objects.equals(colorList.get(i), stack.stream().reduce((first, second) -> second).orElse(99999999))) {
stack.add(colorList.get(i));
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
}
}
i++;
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0) < 0) {
this.finalColor = colorArray[0];
} else {
this.finalColor = colorArray[stack.get(0)];
}
} else {
this.upgradeColors(stack);
}
}
public String retrieveFinalColor(List<Integer> colorList) {
upgradeColors(colorList);
return finalColor;
}
}

201
src/main/java/burp/core/processor/DataProcessingUnit.java Normal file
View File

@@ -0,0 +1,201 @@
package burp.core.processor;
import burp.core.GlobalCachePool;
import burp.core.utils.HashCalculator;
import burp.core.utils.MatchTool;
import burp.config.ConfigEntry;
import burp.core.utils.StringHelper;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.ArrayList;
import java.util.List;
import jregex.Matcher;
import jregex.Pattern;
/**
* @author EvilChen
*/
public class DataProcessingUnit {
public Map<String, String> extractDataFromMap(Map<String, Map<String, Object>> inputData) {
Map<String, String> extractedData = new HashMap<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String data = tempMap.get("data").toString();
extractedData.put(key, data);
});
return extractedData;
}
public List<List<String>> extractColorsAndComments(Map<String, Map<String, Object>> inputData) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String color = tempMap.get("color").toString();
colorList.add(color);
commentList.add(key);
});
List<List<String>> result = new ArrayList<>();
result.add(colorList);
result.add(commentList);
return result;
}
public Map<String, Map<String, Object>> matchContentByRegex(byte[] content, String headers, byte[] body, String scopeString, String host)
throws NoSuchAlgorithmException {
// 先从池子里判断是否有已经匹配好的结果
String messageIndex = HashCalculator.calculateHash(content);
Map<String, Map<String, Object>> map = GlobalCachePool.getFromCache(messageIndex);
if (map != null) {
return map;
} else {
// 最终返回的结果
Map<String, Map<String, Object>> finalMap = new HashMap<>();
ConfigEntry.globalRules.keySet().forEach(i -> {
for (Object[] objects : ConfigEntry.globalRules.get(i)) {
// 多线程执行,一定程度上减少阻塞现象
Thread t = new Thread(() -> {
String matchContent = "";
// 遍历获取规则
List<String> result = new ArrayList<>();
Map<String, Object> tmpMap = new HashMap<>();
String name = objects[1].toString();
boolean loaded = (Boolean) objects[0];
String regex = objects[2].toString();
String color = objects[3].toString();
String scope = objects[4].toString();
String engine = objects[5].toString();
boolean sensitive = (Boolean) objects[6];
// 判断规则是否开启与作用域
if (loaded && (scope.contains(scopeString) || scope.contains("any"))) {
switch (scope) {
case "any":
case "request":
case "response":
matchContent = new String(content, StandardCharsets.UTF_8).intern();
break;
case "any header":
case "request header":
case "response header":
matchContent = headers;
break;
case "any body":
case "request body":
case "response body":
matchContent = new String(body, StandardCharsets.UTF_8).intern();
break;
default:
break;
}
if ("nfa".equals(engine)) {
Pattern pattern;
// 判断规则是否大小写敏感
if (sensitive) {
pattern = new Pattern(regex);
} else {
pattern = new Pattern(regex, Pattern.IGNORE_CASE);
}
Matcher matcher = pattern.matcher(matchContent);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
} else {
RegExp regexp = new RegExp(regex);
Automaton auto = regexp.toAutomaton();
RunAutomaton runAuto = new RunAutomaton(auto, true);
AutomatonMatcher autoMatcher = runAuto.newMatcher(matchContent);
while (autoMatcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(autoMatcher.group());
}
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
String nameAndSize = String.format("%s (%s)", name, result.size());
if (!result.isEmpty()) {
tmpMap.put("color", color);
String dataStr = String.join("\n", result);
tmpMap.put("data", dataStr);
finalMap.put(nameAndSize, tmpMap);
// 添加到全局变量中便于Databoard检索
if (!host.isEmpty()) {
List<String> dataList = Arrays.asList(dataStr.split("\n"));
if (ConfigEntry.globalDataMap.containsKey(host)) {
Map<String, List<String>> gRuleMap = new HashMap<>(ConfigEntry.globalDataMap.get(host));
if (gRuleMap.containsKey(name)) {
// gDataList为不可变列表因此需要重新创建一个列表以便于使用addAll方法
List<String> gDataList = gRuleMap.get(name);
List<String> newDataList = new ArrayList<>(gDataList);
newDataList.addAll(dataList);
newDataList = new ArrayList<>(new HashSet<>(newDataList));
gRuleMap.remove(name);
gRuleMap.put(name, newDataList);
} else {
gRuleMap.put(name, dataList);
}
ConfigEntry.globalDataMap.remove(host);
ConfigEntry.globalDataMap.put(host, gRuleMap);
} else {
Map<String, List<String>> ruleMap = new HashMap<>();
ruleMap.put(name, dataList);
// 添加单一Host
ConfigEntry.globalDataMap.put(host, ruleMap);
}
String[] splitHost = host.split("\\.");
String anyHost = (splitHost.length > 2 && !MatchTool.matchIP(host)) ? StringHelper.replaceFirstOccurrence(host, splitHost[0], "*") : "";
if (!ConfigEntry.globalDataMap.containsKey(anyHost) && anyHost.length() > 0) {
// 添加通配符Host实际数据从查询哪里将所有数据提取
ConfigEntry.globalDataMap.put(anyHost, new HashMap<>());
}
if (!ConfigEntry.globalDataMap.containsKey("*")) {
// 添加通配符全匹配,同上
ConfigEntry.globalDataMap.put("*", new HashMap<>());
}
if (!ConfigEntry.globalDataMap.containsKey("**")) {
// 添加通配符全匹配,同上
ConfigEntry.globalDataMap.put("**", new HashMap<>());
}
}
}
}
});
t.start();
try {
t.join();
} catch (Exception e) {
e.printStackTrace();
}
}
});
GlobalCachePool.addToCache(messageIndex, finalMap);
return finalMap;
}
}
}

78
src/main/java/burp/core/processor/MessageProcessor.java Normal file
View File

@@ -0,0 +1,78 @@
package burp.core.processor;
import burp.IExtensionHelpers;
import burp.core.utils.MatchTool;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class MessageProcessor {
MatchTool matcher = new MatchTool();
DataProcessingUnit dataProcessingUnit = new DataProcessingUnit();
ColorProcessor colorProcessor = new ColorProcessor();
public List<Map<String, String>> processMessage(IExtensionHelpers helpers, byte[] content, boolean isRequest, boolean messageInfo, String host)
throws NoSuchAlgorithmException {
List<Map<String, String>> result = new ArrayList<>();
Map<String, Map<String, Object>> obj;
if (isRequest) {
List<String> requestTmpHeaders = helpers.analyzeRequest(content).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
try {
String urlString = requestTmpHeaders.get(0).split(" ")[1];
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
if (matcher.matchUrlSuffix(urlString)) {
return result;
}
} catch (Exception e) {
return result;
}
int requestBodyOffset = helpers.analyzeRequest(content).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
obj = dataProcessingUnit.matchContentByRegex(content, requestHeaders, requestBody, "request", host);
} else {
try {
String inferredMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getInferredMimeType().toLowerCase());
String statedMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getStatedMimeType().toLowerCase());
if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) {
return result;
}
} catch (Exception e) {
return result;
}
List<String> responseTmpHeaders = helpers.analyzeResponse(content).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host);
}
if (obj.size() > 0) {
if (messageInfo) {
List<List<String>> resultList = dataProcessingUnit.extractColorsAndComments(obj);
List<String> colorList = resultList.get(0);
List<String> commentList = resultList.get(1);
if (!colorList.isEmpty() && !commentList.isEmpty()) {
String color = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
Map<String, String> colorMap = new HashMap<String, String>() {{
put("color", color);
}};
Map<String, String> commentMap = new HashMap<String, String>() {{
put("comment", String.join(", ", commentList));
}};
result.add(colorMap);
result.add(commentMap);
}
} else {
result.add(dataProcessingUnit.extractDataFromMap(obj));
}
}
return result;
}
}

28
src/main/java/burp/core/utils/HashCalculator.java Normal file
View File

@@ -0,0 +1,28 @@
package burp.core.utils;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/**
* @author EvilChen
*/
public class HashCalculator {
public static String calculateHash(byte[] bytes) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("MD5");
byte[] hashBytes = digest.digest(bytes);
return bytesToHex(hashBytes);
}
private static String bytesToHex(byte[] bytes) {
StringBuilder hexString = new StringBuilder();
for (byte b : bytes) {
String hex = Integer.toHexString(0xff & b);
if (hex.length() == 1) {
hexString.append('0');
}
hexString.append(hex);
}
return hexString.toString();
}
}

24
src/main/java/burp/core/utils/MatchTool.java Normal file
View File

@@ -0,0 +1,24 @@
package burp.core.utils;
import jregex.Pattern;
import jregex.REFlags;
import burp.config.ConfigLoader;
/**
* @author EvilChen
*/
public class MatchTool {
// 匹配后缀
ConfigLoader configLoader = new ConfigLoader();
public boolean matchUrlSuffix(String str) {
Pattern pattern = new Pattern(String.format("[\\w]+[\\.](%s)", configLoader.getExcludeSuffix()), REFlags.IGNORE_CASE);
jregex.Matcher matcher = pattern.matcher(str);
return matcher.find();
}
public static boolean matchIP(String str) {
return str.matches("\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b");
}
}

30
src/main/java/burp/core/utils/StringHelper.java Normal file
View File

@@ -0,0 +1,30 @@
package burp.core.utils;
public class StringHelper {
public static String replaceFirstOccurrence(String original, String find, String replace) {
int index = original.indexOf(find);
if (index != -1) {
return original.substring(0, index) + replace + original.substring(index + find.length());
}
return original;
}
public static boolean matchFromEnd(String input, String pattern) {
int inputLength = input.length();
int patternLength = pattern.length();
int inputIndex = inputLength - 1;
int patternIndex = patternLength - 1;
while (inputIndex >= 0 && patternIndex >= 0) {
if (input.charAt(inputIndex) != pattern.charAt(patternIndex)) {
return false;
}
inputIndex--;
patternIndex--;
}
// 如果patternIndex为-1表示pattern字符串已经完全匹配
return patternIndex == -1;
}
}

98
src/main/java/burp/rule/RuleProcessor.java Normal file
View File

@@ -0,0 +1,98 @@
package burp.rule;
import burp.config.ConfigEntry;
import burp.config.ConfigLoader;
import burp.rule.model.Rule;
import burp.rule.model.RuleGroup;
import burp.rule.utils.YamlTool;
import java.io.IOException;
import java.nio.file.Files;
import java.util.stream.Collectors;
import org.yaml.snakeyaml.Yaml;
import java.io.File;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.util.*;
/**
* @author EvilChen
*/
public class RuleProcessor {
public void rulesFormatAndSave() {
Yaml yaml = YamlTool.newStandardYaml();
List<RuleGroup> ruleGroupList = new ArrayList<>();
ConfigEntry.globalRules.forEach((k, v) -> {
List<Rule> ruleList = Arrays.stream(v)
.map(objects -> new Rule(
(boolean) objects[0],
(String) objects[1],
(String) objects[2],
(String) objects[3],
(String) objects[4],
(String) objects[5],
(boolean) objects[6]))
.collect(Collectors.toList());
ruleGroupList.add(new RuleGroup(k, ruleList));
});
List<Map<String, Object>> outputGroupsMap = ruleGroupList.stream()
.map(RuleGroup::getFields)
.collect(Collectors.toList());
Map<String, Object> outputMap = new LinkedHashMap<>();
outputMap.put("rules", outputGroupsMap);
File f = new File(ConfigLoader.getRulesFilePath());
try (Writer ws = new OutputStreamWriter(Files.newOutputStream(f.toPath()), StandardCharsets.UTF_8)) {
yaml.dump(outputMap, ws);
} catch (IOException ex) {
ex.printStackTrace();
}
}
public void changeRule(Vector data, int select, String type) {
ConfigEntry.globalRules.get(type)[select] = data.toArray();
this.rulesFormatAndSave();
}
public void addRule(Vector data, String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(ConfigEntry.globalRules.get(type)));
x.add(data.toArray());
ConfigEntry.globalRules.put(type,x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void removeRule(int select,String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(ConfigEntry.globalRules.get(type)));
x.remove(select);
ConfigEntry.globalRules.put(type,x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void renameRuleGroup(String oldName, String newName) {
ConfigEntry.globalRules.put(newName, ConfigEntry.globalRules.remove(oldName));
this.rulesFormatAndSave();
}
public void deleteRuleGroup(String Rules) {
ConfigEntry.globalRules.remove(Rules);
this.rulesFormatAndSave();
}
public String newRule() {
int i = 0;
String name = "New ";
Object[][] data = new Object[][] {
{
false, "New Name", "(New Regex)", "gray", "any", "nfa", false
}
};
while (ConfigEntry.globalRules.containsKey(name + i)) {
i++;
}
ConfigEntry.globalRules.put(name + i, data);
this.rulesFormatAndSave();
return name + i;
}
}

35
src/main/java/burp/rule/model/Rule.java Normal file
View File

@@ -0,0 +1,35 @@
package burp.rule.model;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @author EvilChen
*/
public class Rule {
private Map<String, Object> fields;
public Rule(boolean loaded, String name, String regex, String color, String scope, String engine, boolean sensitive) {
fields = new LinkedHashMap<>();
fields.put("name", name);
fields.put("loaded", loaded);
fields.put("regex", regex);
fields.put("color", color);
fields.put("scope", scope);
fields.put("engine", engine);
fields.put("sensitive", sensitive);
}
public Rule() {
}
public Map<String, Object> getFields() {
return fields;
}
public void loadFields(Map<String, Object> fields) {
this.fields = fields;
}
}

37
src/main/java/burp/rule/model/RuleGroup.java Normal file
View File

@@ -0,0 +1,37 @@
package burp.rule.model;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
/**
* @author EvilChen
*/
public class RuleGroup {
private Map<String, Object> fields;
public RuleGroup(String groupName, List<Rule> rules) {
List<Map<String, Object>> ruleList = new ArrayList<>();
for (Rule rule : rules) {
ruleList.add(rule.getFields());
}
fields = new LinkedHashMap<>();
fields.put("group", groupName);
fields.put("rule", ruleList);
}
public RuleGroup() {
}
public Map<String, Object> getFields() {
return fields;
}
public void loadFields(Map<String, Object> fields) {
this.fields = fields;
}
}

35
src/main/java/burp/rule/utils/RuleTool.java Normal file
View File

@@ -0,0 +1,35 @@
package burp.rule.utils;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.Response;
import java.io.FileOutputStream;
import javax.swing.JOptionPane;
/**
* @author EvilChen
*/
public class RuleTool {
private String rulesFilePath;
public RuleTool(String rulesFilePath) {
this.rulesFilePath = rulesFilePath;
}
public void getRulesFromSite() {
String url = "https://cdn.jsdelivr.net/gh/gh0stkey/HaE@gh-pages/Rules.yml";
OkHttpClient httpClient = new OkHttpClient();
Request httpRequest = new Request.Builder().url(url).get().build();
try {
Response httpResponse = httpClient.newCall(httpRequest).execute();
// 获取官方规则文件,在线更新写入
FileOutputStream fileOutputStream = new FileOutputStream(this.rulesFilePath);
fileOutputStream.write(httpResponse.body().bytes());
JOptionPane.showMessageDialog(null, "Config file updated successfully!", "Error",
JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ignored) {
JOptionPane.showMessageDialog(null, "Please check your network!", "Error",
JOptionPane.ERROR_MESSAGE);
}
}
}

35
src/main/java/burp/rule/utils/YamlTool.java Normal file
View File

@@ -0,0 +1,35 @@
package burp.rule.utils;
import java.util.Map;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import org.yaml.snakeyaml.representer.Representer;
/**
* @author EvilChen
*/
public class YamlTool {
public static Yaml newStandardYaml() {
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
return new Yaml(representer, dop);
}
public static Map<String, Object> loadYaml(String filePath) {
try {
InputStream inputStream = new FileInputStream(filePath);
Yaml yaml = newStandardYaml();
return yaml.load(inputStream);
} catch (FileNotFoundException e) {
e.printStackTrace();
return null;
}
}
}

314
src/main/java/burp/ui/MainUI.java Normal file
View File

@@ -0,0 +1,314 @@
package burp.ui;
import burp.config.ConfigEntry;
import burp.config.ConfigLoader;
import burp.rule.RuleProcessor;
import burp.rule.utils.RuleTool;
import burp.ui.board.Databoard;
import burp.ui.board.MessagePanel;
import burp.ui.rule.RulePane;
import javax.swing.*;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import java.awt.*;
import java.awt.event.*;
import java.util.Map;
/**
* @author LinChen && EvilChen
*/
public class MainUI extends JPanel {
private final ConfigLoader loadConn = new ConfigLoader();
private MessagePanel messagePanel;
public MainUI(MessagePanel messagePanel) {
this.messagePanel = messagePanel;
databoardPanel = new Databoard(this.messagePanel);
initComponents();
}
public void closeTabActionPerformed(ActionEvent e) {
if (ruleTabbedPane.getTabCount() > 2 && ruleTabbedPane.getSelectedIndex() != 0) {
String title = ruleTabbedPane.getTitleAt(ruleTabbedPane.getSelectedIndex());
new RuleProcessor().deleteRuleGroup(title);
ruleTabbedPane.remove(ruleTabbedPane.getSelectedIndex());
ruleTabbedPane.setSelectedIndex(ruleTabbedPane.getSelectedIndex() - 1);
}
}
private void onlineUpdateActionPerformed(ActionEvent e) {
// 添加提示框防止用户误触导致配置更新
int retCode = JOptionPane.showConfirmDialog(null, "Do you want to update config?", "Info",
JOptionPane.YES_NO_CANCEL_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
String rulesFilePath = rulesPathTextField.getText();
RuleTool rt = new RuleTool(rulesFilePath);
rt.getRulesFromSite();
new ConfigLoader();
reloadRule();
}
}
private void reloadRule(){
ruleTabbedPane.removeAll();
ruleSwitch.setListen(false);
Map<String,Object[][]> rules = ConfigLoader.getRules();
rules.keySet().forEach(
i -> ruleTabbedPane.addTab(
i,
new RulePane(rules.get(i), ruleTabbedPane)
)
);
ruleTabbedPane.addTab("...", new JLabel());
ruleSwitch.setListen(true);
}
private void reloadActionPerformed(ActionEvent e) {
reloadRule();
}
private void excludeSuffixSaveActionPerformed(ActionEvent e) {
ConfigLoader loadCon = new ConfigLoader();
loadCon.setExcludeSuffix(excludeSuffixTextField.getText());
}
private void initComponents() {
JTabbedPane mainTabbedPane = new JTabbedPane();
ruleTabbedPane = new JTabbedPane();
JPanel rulePanel = new JPanel();
rulesPathTextField = new JTextField();
JLabel rulesPathLabel = new JLabel();
JButton onlineUpdateButton = new JButton();
JButton reloadButton = new JButton();
JLabel excludeSuffixLabel = new JLabel();
excludeSuffixTextField = new JTextField();
JButton excludeSuffixSaveButton = new JButton();
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {1.0, 1.0E-4};
{
mainTabbedPane.addTab("Rules", ruleTabbedPane);
{
rulePanel.setLayout(new GridBagLayout());
((GridBagLayout) rulePanel.getLayout()).columnWidths = new int[] {0, 0, 0, 0, 0};
((GridBagLayout) rulePanel.getLayout()).rowHeights = new int[] {0, 0, 0};
((GridBagLayout) rulePanel.getLayout()).columnWeights = new double[] {0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout) rulePanel.getLayout()).rowWeights = new double[] {0.0, 0.0, 1.0E-4};
rulesPathTextField.setEditable(false);
rulePanel.add(rulesPathTextField, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
rulesPathLabel.setText("Rules Path:");
rulePanel.add(rulesPathLabel, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.WEST, GridBagConstraints.VERTICAL,
new Insets(5, 5, 5, 5), 0, 0));
onlineUpdateButton.setText("Online Update");
onlineUpdateButton.addActionListener(this::onlineUpdateActionPerformed);
rulePanel.add(onlineUpdateButton, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
reloadButton.setText("Reload");
reloadButton.addActionListener(this::reloadActionPerformed);
rulePanel.add(reloadButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
excludeSuffixLabel.setText("Exclude Suffix:");
rulePanel.add(excludeSuffixLabel, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTHWEST, GridBagConstraints.NONE,
new Insets(0, 5, 5, 5), 0, 0));
rulePanel.add(excludeSuffixTextField, new GridBagConstraints(1, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
excludeSuffixSaveButton.setText("Save");
excludeSuffixSaveButton.addActionListener(this::excludeSuffixSaveActionPerformed);
rulePanel.add(excludeSuffixSaveButton, new GridBagConstraints(2, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
}
mainTabbedPane.addTab("Config", rulePanel);
mainTabbedPane.addTab("Databoard", this.databoardPanel);
}
add(mainTabbedPane, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 0, 0, 0), 0, 0));
ConfigEntry.globalRules.keySet().forEach(i-> ruleTabbedPane.addTab(i, new RulePane(
ConfigEntry.globalRules.get(i),
ruleTabbedPane)));
ruleTabbedPane.addTab("...",new JLabel());
rulesPathTextField.setText(ConfigLoader.getRulesFilePath());
excludeSuffixTextField.setText(loadConn.getExcludeSuffix());
ruleSwitch = new TabTitleEditListener(ruleTabbedPane);
ruleTabbedPane.addChangeListener(ruleSwitch);
ruleTabbedPane.addMouseListener(ruleSwitch);
deleteMenuItem.addActionListener(this::closeTabActionPerformed);
tabMenu.add(deleteMenuItem);
}
private JTabbedPane ruleTabbedPane;
private JTextField rulesPathTextField;
private JTextField excludeSuffixTextField;
private Databoard databoardPanel;
protected static JPopupMenu tabMenu = new JPopupMenu();
private final JMenuItem deleteMenuItem = new JMenuItem("Delete");
private TabTitleEditListener ruleSwitch;
}
class TabTitleEditListener extends MouseAdapter implements ChangeListener, DocumentListener {
protected final JTextField ruleEditTextField = new JTextField();
protected final JTabbedPane ruleEditTabbedPane;
protected int editingIndex = -1;
protected int len = -1;
protected Boolean listen = true;
protected Dimension dim;
protected Component tabComponent;
protected Boolean isRenameOk = false;
protected RuleProcessor ruleProcessor = new RuleProcessor();
protected final Action startEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
editingIndex = ruleEditTabbedPane.getSelectedIndex();
tabComponent = ruleEditTabbedPane.getTabComponentAt(editingIndex);
ruleEditTabbedPane.setTabComponentAt(editingIndex, ruleEditTextField);
isRenameOk = true;
ruleEditTextField.setVisible(true);
ruleEditTextField.setText(ruleEditTabbedPane.getTitleAt(editingIndex));
ruleEditTextField.selectAll();
ruleEditTextField.requestFocusInWindow();
len = ruleEditTextField.getText().length();
dim = ruleEditTextField.getPreferredSize();
ruleEditTextField.setMinimumSize(dim);
}
};
protected final Action renameTabTitle = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
String title = ruleEditTextField.getText().trim();
if (editingIndex >= 0 && !title.isEmpty()) {
String oldName = ruleEditTabbedPane.getTitleAt(editingIndex);
ruleEditTabbedPane.setTitleAt(editingIndex, title);
ruleProcessor.renameRuleGroup(oldName,title);
}
cancelEditing.actionPerformed(null);
}
};
protected final Action cancelEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
if (editingIndex >= 0) {
ruleEditTabbedPane.setTabComponentAt(editingIndex, tabComponent);
ruleEditTextField.setVisible(false);
editingIndex = -1;
len = -1;
tabComponent = null;
ruleEditTextField.setPreferredSize(null);
ruleEditTabbedPane.requestFocusInWindow();
}
}
};
protected TabTitleEditListener(JTabbedPane tabbedPane) {
super();
this.ruleEditTabbedPane = tabbedPane;
ruleEditTextField.setBorder(BorderFactory.createEmptyBorder());
ruleEditTextField.addFocusListener(new FocusAdapter() {
@Override public void focusLost(FocusEvent e) {
renameTabTitle.actionPerformed(null);
}
});
InputMap im = ruleEditTextField.getInputMap(JComponent.WHEN_FOCUSED);
ActionMap am = ruleEditTextField.getActionMap();
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0), "cancel-editing");
am.put("cancel-editing", cancelEditing);
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "rename-tab-title");
am.put("rename-tab-title", renameTabTitle);
ruleEditTextField.getDocument().addDocumentListener(this);
tabbedPane.getInputMap(JComponent.WHEN_FOCUSED).put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "start-editing");
tabbedPane.getActionMap().put("start-editing", startEditing);
}
@Override public void stateChanged(ChangeEvent e) {
if (e.getSource() instanceof JTabbedPane && listen) {
JTabbedPane pane = (JTabbedPane) e.getSource();
if (!isRenameOk){
if (pane.getSelectedIndex() == pane.getComponentCount()-1){
newTab();
}
}else{
if (pane.getSelectedIndex() == pane.getComponentCount()-2){
newTab();
}
}
}
renameTabTitle.actionPerformed(null);
}
public void newTab(){
Object[][] data = new Object[][]{{false, "New Name", "(New Regex)", "gray", "any", "nfa", false}};
insertTab(ruleEditTabbedPane, ruleProcessor.newRule(),data);
}
public void insertTab(JTabbedPane pane,String title,Object[][] data){
pane.addTab(title,new RulePane(data,pane));
pane.remove(pane.getSelectedIndex());
pane.addTab("...",new JLabel());
}
public void setListen(Boolean listen){
this.listen = listen;
}
@Override public void insertUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void removeUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void changedUpdate(DocumentEvent e) {}
@Override public void mouseClicked(MouseEvent e) {
switch (e.getButton()){
case 1:
{
Rectangle r = ruleEditTabbedPane.getBoundsAt(ruleEditTabbedPane.getSelectedIndex());
boolean isDoubleClick = e.getClickCount() >= 2;
if (isDoubleClick && r.contains(e.getPoint())) {
startEditing.actionPerformed(null);
} else {
renameTabTitle.actionPerformed(null);
}
break;
}
case 3:{
MainUI.tabMenu.show(e.getComponent(),e.getX(),e.getY());
break;
}
default:
break;
}
}
protected void updateTabSize() {
ruleEditTextField.setPreferredSize(ruleEditTextField.getText().length() > len ? null : dim);
ruleEditTabbedPane.revalidate();
}
}

64
src/main/java/burp/ui/board/CustomTableCellRenderer.java Normal file
View File

@@ -0,0 +1,64 @@
package burp.ui.board;
import java.awt.Color;
import java.awt.Component;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.swing.JTable;
import javax.swing.table.DefaultTableCellRenderer;
public class CustomTableCellRenderer extends DefaultTableCellRenderer {
private List<LogEntry> log;
private Map<String, Color> colorMap = new HashMap<>();
private JTable table; // 保存对表格的引用
public CustomTableCellRenderer(List<LogEntry> log, JTable table) {
this.log = log;
this.colorMap.put("red", Color.RED);
this.colorMap.put("orange", Color.ORANGE);
this.colorMap.put("yellow", Color.YELLOW);
this.colorMap.put("green", Color.GREEN);
this.colorMap.put("cyan", Color.CYAN);
this.colorMap.put("blue", Color.BLUE);
this.colorMap.put("pink", Color.PINK);
this.colorMap.put("magenta", Color.MAGENTA);
this.colorMap.put("gray", Color.GRAY);
this.table = table;
}
@Override
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected,
boolean hasFocus, int row, int column) {
Component component = super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
LogEntry logEntry = log.get(table.convertRowIndexToModel(row)); // 使用convertRowIndexToModel方法转换行索引
// 设置颜色
String colorByLog = logEntry.getColor();
Color color = colorMap.get(colorByLog);
if (isSelected) {
// 如果行被选中,设置阴影颜色
component.setBackground(new Color(173, 216, 230)); // Light Blue
} else {
// 否则使用原始颜色
component.setBackground(color);
}
return component;
}
@Override
public void firePropertyChange(String propertyName, Object oldValue, Object newValue) {
super.firePropertyChange(propertyName, oldValue, newValue);
// 监听表格排序的属性变化
if ("tableCellRenderer".equals(propertyName)) {
// 更新每一行数据的颜色
for (int i = 0; i < table.getRowCount(); i++) {
table.repaint(table.getCellRect(i, 0, true));
}
}
}
}

358
src/main/java/burp/ui/board/Databoard.java Normal file
View File

@@ -0,0 +1,358 @@
package burp.ui.board;
import burp.config.ConfigEntry;
import burp.core.utils.StringHelper;
import burp.ui.board.MessagePanel.Table;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableColumn;
import javax.swing.table.TableColumnModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.event.*;
import java.util.ArrayList;
import java.util.Map;
import javax.swing.*;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
/**
* @author LinChen && EvilChen
*/
public class Databoard extends JPanel {
private static Boolean isMatchHost = false;
private JLabel hostLabel;
private JTextField hostTextField;
private JTabbedPane dataTabbedPaneA;
private JTabbedPane dataTabbedPaneB;
private JButton clearButton;
private JSplitPane splitPane;
private MessagePanel messagePanel;
private Table table;
public Databoard(MessagePanel messagePanel) {
this.messagePanel = messagePanel;
initComponents();
}
private void cleanUI() {
dataTabbedPaneA.removeAll();
dataTabbedPaneB.removeAll();
splitPane.setVisible(false);
}
private void clearActionPerformed(ActionEvent e) {
cleanUI();
String host = hostTextField.getText();
String cleanedHost = StringHelper.replaceFirstOccurrence(host, "*.", "");
if (host.contains("*")) {
ConfigEntry.globalDataMap.keySet().removeIf(i -> i.contains(cleanedHost) || cleanedHost.equals("**"));
} else {
ConfigEntry.globalDataMap.remove(host);
}
messagePanel.deleteByHost(cleanedHost);
}
private void initComponents() {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
hostLabel = new JLabel();
hostTextField = new JTextField();
dataTabbedPaneA = new JTabbedPane(JTabbedPane.TOP);
dataTabbedPaneB = new JTabbedPane(JTabbedPane.TOP);
clearButton = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {25, 0, 0, 0, 20, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 65, 20, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 1.0, 0.0, 1.0E-4};
//---- hostLabel ----
hostLabel.setText("Host:");
add(hostLabel, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(hostTextField, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
clearButton.setText("Clear");
clearButton.addActionListener(this::clearActionPerformed);
add(clearButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
splitPane.setVisible(false);
add(splitPane, new GridBagConstraints(1, 1, 3, 2, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
setAutoMatch();
}
private static List<String> getHostByList() {
return new ArrayList<>(ConfigEntry.globalDataMap.keySet());
}
/**
* 设置输入自动匹配
*/
private void setAutoMatch() {
final DefaultComboBoxModel comboBoxModel = new DefaultComboBoxModel();
final JComboBox hostComboBox = new JComboBox(comboBoxModel) {
@Override
public Dimension getPreferredSize() {
return new Dimension(super.getPreferredSize().width, 0);
}
};
isMatchHost = false;
for (String host : getHostByList()) {
comboBoxModel.addElement(host);
}
hostComboBox.setSelectedItem(null);
hostComboBox.addActionListener(e -> {
if (!isMatchHost) {
if (hostComboBox.getSelectedItem() != null) {
hostTextField.setText(hostComboBox.getSelectedItem().toString());
populateTabbedPaneByHost(hostComboBox);
}
}
});
// 事件监听
hostTextField.addKeyListener(new KeyAdapter() {
@Override
public void keyPressed(KeyEvent e) {
isMatchHost = true;
int keyCode = e.getKeyCode();
if (keyCode == KeyEvent.VK_SPACE && hostComboBox.isPopupVisible()) {
e.setKeyCode(KeyEvent.VK_ENTER);
}
if (keyCode == KeyEvent.VK_ENTER || keyCode == KeyEvent.VK_UP || keyCode == KeyEvent.VK_DOWN) {
e.setSource(hostComboBox);
hostComboBox.dispatchEvent(e);
if (keyCode == KeyEvent.VK_ENTER) {
String selectedItem = hostComboBox.getSelectedItem().toString();
hostTextField.setText(selectedItem);
populateTabbedPaneByHost(hostComboBox);
hostComboBox.setPopupVisible(false);
return;
}
}
if (keyCode == KeyEvent.VK_ESCAPE) {
hostComboBox.setPopupVisible(false);
}
isMatchHost = false;
}
});
hostTextField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
updateList();
}
@Override
public void removeUpdate(DocumentEvent e) {
updateList();
}
@Override
public void changedUpdate(DocumentEvent e) {
updateList();
}
private void updateList() {
isMatchHost = true;
comboBoxModel.removeAllElements();
String input = hostTextField.getText().toLowerCase();
if (!input.isEmpty()){
for (String host : getHostByList()) {
String lowerCaseHost = host.toLowerCase();
if (lowerCaseHost.contains(input)) {
if (host.length() == input.length()){
comboBoxModel.insertElementAt(host,0);
comboBoxModel.setSelectedItem(host);
} else {
comboBoxModel.addElement(host);
}
}
}
}
hostComboBox.setPopupVisible(comboBoxModel.getSize() > 0);
isMatchHost = false;
}
});
hostTextField.setLayout(new BorderLayout());
hostTextField.add(hostComboBox, BorderLayout.SOUTH);
}
private void applyHostFilter(String filterText) {
TableRowSorter<TableModel> sorter = (TableRowSorter<TableModel>) table.getRowSorter();
if (filterText.contains("*.")) {
filterText = StringHelper.replaceFirstOccurrence(filterText, "*.", "");
} else if (filterText.contains("*")) {
filterText = "";
}
RowFilter<TableModel, Integer> filter = RowFilter.regexFilter(filterText, 1);
sorter.setRowFilter(filter);
filterText = filterText.isEmpty() ? "*" : filterText;
messagePanel.applyHostFilter(filterText);
}
private void populateTabbedPaneByHost(JComboBox<String> hostComboBox) {
if (hostComboBox.getSelectedItem() != null) {
String selectedHost = hostComboBox.getSelectedItem().toString();
Map<String, Map<String, List<String>>> dataMap = ConfigEntry.globalDataMap;
Map<String, List<String>> selectedDataMap;
if (selectedHost.contains("*")) {
// 通配符数据
selectedDataMap = new HashMap<>();
String hostPattern = StringHelper.replaceFirstOccurrence(selectedHost, "*.", "");
for (String key : dataMap.keySet()) {
if (key.contains(hostPattern) || selectedHost.equals("*")) {
Map<String, List<String>> ruleMap = dataMap.get(key);
for (String ruleKey : ruleMap.keySet()) {
List<String> dataList = ruleMap.get(ruleKey);
if (selectedDataMap.containsKey(ruleKey)) {
List<String> mergedList = new ArrayList<>(selectedDataMap.get(ruleKey));
mergedList.addAll(dataList);
HashSet<String> uniqueSet = new HashSet<>(mergedList);
selectedDataMap.put(ruleKey, new ArrayList<>(uniqueSet));
} else {
selectedDataMap.put(ruleKey, dataList);
}
}
}
}
} else {
selectedDataMap = dataMap.get(selectedHost);
}
// 由于removeChangeListener不知什么原因不生效因此建立两个tabbedPane
dataTabbedPaneA.removeAll();
dataTabbedPaneB.removeAll();
ChangeListener changeListenerInstance = new ChangeListener() {
@Override
public void stateChanged(ChangeEvent e) {
int selectedIndex = dataTabbedPaneA.getSelectedIndex();
String selectedTitle = "";
if (selectedIndex != -1) {
selectedTitle = dataTabbedPaneA.getTitleAt(selectedIndex);
}
applyHostFilter(selectedTitle);
}
};
if (selectedHost.equals("**")) {
dataTabbedPaneA.setPreferredSize(new Dimension(500,0));
dataTabbedPaneA.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
splitPane.setLeftComponent(dataTabbedPaneA);
for (Map.Entry<String, Map<String, List<String>>> entry : dataMap.entrySet()) {
JTabbedPane newTabbedPane = new JTabbedPane();
newTabbedPane.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
for (Map.Entry<String, List<String>> entrySet : entry.getValue().entrySet()) {
Thread t = new Thread(() -> {
String tabTitle = String.format("%s (%s)", entrySet.getKey(), entrySet.getValue().size());
newTabbedPane.addTab(tabTitle, new JScrollPane(new DataTable(entrySet.getKey(), entrySet.getValue())));
dataTabbedPaneA.addTab(entry.getKey(), newTabbedPane);
});
t.start();
try {
t.join();
} catch (Exception e) {
e.printStackTrace();
}
}
}
dataTabbedPaneA.addChangeListener(changeListenerInstance);
} else {
dataTabbedPaneB.setPreferredSize(new Dimension(500,0));
dataTabbedPaneB.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
splitPane.setLeftComponent(dataTabbedPaneB);
for (Map.Entry<String, List<String>> entry : selectedDataMap.entrySet()) {
String tabTitle = String.format("%s (%s)", entry.getKey(), entry.getValue().size());
dataTabbedPaneB.addTab(tabTitle, new JScrollPane(new DataTable(entry.getKey(), entry.getValue())));
}
}
// 展示请求消息表单
JSplitPane messageSplitPane = this.messagePanel.getPanel();
this.splitPane.setRightComponent(messageSplitPane);
// 获取字段
table = this.messagePanel.getTable();
// 设置对应字段宽度
TableColumnModel columnModel = table.getColumnModel();
TableColumn column = columnModel.getColumn(1);
column.setPreferredWidth(300);
column = columnModel.getColumn(2);
column.setPreferredWidth(300);
splitPane.setVisible(true);
applyHostFilter(selectedHost);
// 主动调用一次stateChanged使得dataTabbedPane可以精准展示内容
if (selectedHost.equals("**")) {
changeListenerInstance.stateChanged(null);
}
hostTextField.setText(selectedHost);
}
}
class DataTable extends JTable {
public DataTable(String tableName, List<String> list){
DefaultTableModel model = new DefaultTableModel();
Object[][] data = new Object[list.size()][1];
for (int x = 0; x < list.size(); x++) {
data[x][0] = list.get(x);
}
model.setDataVector(data, new Object[]{"Information"});
setAutoCreateRowSorter(true);
setModel(model);
setDefaultEditor(Object.class, null);
addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
if (e.getClickCount() == 2) {
int selectedRow = getSelectedRow();
if (selectedRow != -1) {
String rowData = getValueAt(selectedRow, 0).toString();
messagePanel.applyMessageFilter(tableName, rowData);
}
}
}
});
}
}
}

47
src/main/java/burp/ui/board/LogEntry.java Normal file
View File

@@ -0,0 +1,47 @@
package burp.ui.board;
import burp.IHttpRequestResponsePersisted;
import java.net.URL;
public class LogEntry {
private final String comment;
private final IHttpRequestResponsePersisted requestResponse;
private final URL url;
private final String length;
private final String color;
private final String method;
LogEntry(IHttpRequestResponsePersisted requestResponse, String method, URL url, String comment, String length, String color) {
this.requestResponse = requestResponse;
this.method = method;
this.url = url;
this.comment = comment;
this.length = length;
this.color = color;
}
public String getColor() {
return this.color;
}
public URL getUrl() {
return this.url;
}
public String getLength() {
return this.length;
}
public String getComment() {
return this.comment;
}
public String getMethod() {
return this.method;
}
public IHttpRequestResponsePersisted getRequestResponse() {
return this.requestResponse;
}
}

345
src/main/java/burp/ui/board/MessagePanel.java Normal file
View File

@@ -0,0 +1,345 @@
package burp.ui.board;
import burp.IBurpExtenderCallbacks;
import burp.IExtensionHelpers;
import burp.IHttpRequestResponse;
import burp.IHttpRequestResponsePersisted;
import burp.IHttpService;
import burp.IMessageEditor;
import burp.IMessageEditorController;
import burp.config.ConfigEntry;
import burp.core.utils.StringHelper;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.JTabbedPane;
import javax.swing.JTable;
import javax.swing.SwingUtilities;
import javax.swing.SwingWorker;
import javax.swing.table.AbstractTableModel;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
/**
* @author EvilChen
*/
public class MessagePanel extends AbstractTableModel implements IMessageEditorController {
private JSplitPane splitPane;
private IMessageEditor requestViewer;
private IMessageEditor responseViewer;
private final IBurpExtenderCallbacks callbacks;
private final List<LogEntry> log = new ArrayList<LogEntry>();
private final List<LogEntry> filteredLog = new ArrayList<LogEntry>();
private IHttpRequestResponse currentlyDisplayedItem;
private final IExtensionHelpers helpers;
private Table logTable;
public MessagePanel(IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers) {
this.callbacks = callbacks;
this.helpers = helpers;
splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
logTable = new Table(MessagePanel.this);
logTable.setDefaultRenderer(Object.class, new CustomTableCellRenderer(filteredLog, logTable));
logTable.setAutoCreateRowSorter(true);
// Length字段根据大小进行排序
TableRowSorter<DefaultTableModel> sorter = (TableRowSorter<DefaultTableModel>) logTable.getRowSorter();
sorter.setComparator(3, new Comparator<String>() {
@Override
public int compare(String s1, String s2) {
Integer age1 = Integer.parseInt(s1);
Integer age2 = Integer.parseInt(s2);
return age1.compareTo(age2);
}
});
// Color字段根据颜色顺序进行排序
sorter.setComparator(4, new Comparator<String>() {
@Override
public int compare(String s1, String s2) {
int index1 = getIndex(s1);
int index2 = getIndex(s2);
return Integer.compare(index1, index2);
}
private int getIndex(String color) {
for (int i = 0; i < ConfigEntry.colorArray.length; i++) {
if (ConfigEntry.colorArray[i].equals(color)) {
return i;
}
}
return -1;
}
});
logTable.setRowSorter(sorter);
logTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
JScrollPane scrollPane = new JScrollPane(logTable);
scrollPane.setHorizontalScrollBarPolicy(JScrollPane.HORIZONTAL_SCROLLBAR_ALWAYS);
scrollPane.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS);
splitPane.setLeftComponent(scrollPane);
JTabbedPane tabs = new JTabbedPane();
requestViewer = callbacks.createMessageEditor(MessagePanel.this, false);
responseViewer = callbacks.createMessageEditor(MessagePanel.this, false);
tabs.addTab("Request", requestViewer.getComponent());
tabs.addTab("Response", responseViewer.getComponent());
splitPane.setRightComponent(tabs);
}
public JSplitPane getPanel() {
return splitPane;
}
public Table getTable() {
return logTable;
}
public List<LogEntry> getLogs() {
return log;
}
@Override
public int getRowCount()
{
return filteredLog.size();
}
@Override
public int getColumnCount()
{
return 5;
}
@Override
public String getColumnName(int columnIndex)
{
switch (columnIndex)
{
case 0:
return "Method";
case 1:
return "URL";
case 2:
return "Comment";
case 3:
return "Length";
case 4:
return "Color";
default:
return "";
}
}
@Override
public Class<?> getColumnClass(int columnIndex)
{
return String.class;
}
@Override
public Object getValueAt(int rowIndex, int columnIndex)
{
LogEntry logEntry = filteredLog.get(rowIndex);
switch (columnIndex)
{
case 0:
return logEntry.getMethod();
case 1:
return logEntry.getUrl().toString();
case 2:
return logEntry.getComment();
case 3:
return logEntry.getLength();
case 4:
return logEntry.getColor();
default:
return "";
}
}
public void applyHostFilter(String filterText) {
filteredLog.clear();
fireTableDataChanged();
for (LogEntry entry : log) {
String host = entry.getUrl().getHost();
if (StringHelper.matchFromEnd(host, filterText) || filterText.contains("*")) {
filteredLog.add(entry);
}
}
fireTableDataChanged();
}
public void applyMessageFilter(String tableName, String filterText) {
filteredLog.clear();
for (LogEntry entry : log) {
IHttpRequestResponsePersisted requestResponse = entry.getRequestResponse();
byte[] requestByte = requestResponse.getRequest();
byte[] responseByte = requestResponse.getResponse();
List<String> requestTmpHeaders = helpers.analyzeRequest(requestByte).getHeaders();
byte[] requestHeaders = helpers.stringToBytes(String.join("\n", requestTmpHeaders));
int requestBodyOffset = helpers.analyzeRequest(requestByte).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(requestByte, requestBodyOffset, requestByte.length);
List<String> responseTmpHeaders = helpers.analyzeResponse(responseByte).getHeaders();
byte[] responseHeaders = helpers.stringToBytes(String.join("\n", responseTmpHeaders));
int responseBodyOffset = helpers.analyzeResponse(responseByte).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(responseByte, responseBodyOffset, responseByte.length);
final boolean[] isMatched = {false}; // 标志变量,表示是否满足过滤条件
ConfigEntry.globalRules.keySet().forEach(i -> {
for (Object[] objects : ConfigEntry.globalRules.get(i)) {
String name = objects[1].toString();
String scope = objects[4].toString();
if (name.contains(tableName)) {
boolean match = false; // 标志变量,表示当前规则是否匹配
switch (scope) {
case "any":
match = helpers.indexOf(requestByte, helpers.stringToBytes(filterText), true, 0, requestByte.length) != -1 || helpers.indexOf(responseByte, helpers.stringToBytes(filterText), true, 0, responseByte.length) != -1;
break;
case "request":
match = helpers.indexOf(requestByte, helpers.stringToBytes(filterText), true, 0, requestByte.length) != -1;
break;
case "response":
match = helpers.indexOf(responseByte, helpers.stringToBytes(filterText), true, 0, responseByte.length) != -1;
break;
case "any header":
match = helpers.indexOf(requestHeaders, helpers.stringToBytes(filterText), true, 0, requestHeaders.length) != -1 || helpers.indexOf(responseHeaders, helpers.stringToBytes(filterText), true, 0, responseHeaders.length) != -1;
break;
case "request header":
match = helpers.indexOf(requestHeaders, helpers.stringToBytes(filterText), true, 0, requestHeaders.length) != -1;
break;
case "response header":
match = helpers.indexOf(responseHeaders, helpers.stringToBytes(filterText), true, 0, responseHeaders.length) != -1;
break;
case "any body":
match = helpers.indexOf(requestBody, helpers.stringToBytes(filterText), true, 0, requestBody.length) != -1 || helpers.indexOf(responseBody, helpers.stringToBytes(filterText), true, 0, responseBody.length) != -1;
break;
case "request body":
match = helpers.indexOf(requestBody, helpers.stringToBytes(filterText), true, 0, requestBody.length) != -1;
break;
case "response body":
match = helpers.indexOf(responseBody, helpers.stringToBytes(filterText), true, 0, responseBody.length) != -1;
break;
default:
break;
}
if (match) {
isMatched[0] = true;
break;
}
}
}
});
if (isMatched[0]) {
filteredLog.add(entry);
}
}
fireTableDataChanged();
}
public void deleteByHost(String filterText) {
filteredLog.clear();
List<Integer> rowsToRemove = new ArrayList<>();
for (int i = 0; i < log.size(); i++) {
LogEntry entry = log.get(i);
String host = entry.getUrl().getHost();
if (StringHelper.matchFromEnd(host, filterText) || filterText.contains("*")) {
rowsToRemove.add(i);
}
}
for (int i = rowsToRemove.size() - 1; i >= 0; i--) {
int row = rowsToRemove.get(i);
log.remove(row);
}
if (!rowsToRemove.isEmpty()) {
int[] rows = rowsToRemove.stream().mapToInt(Integer::intValue).toArray();
fireTableRowsDeleted(rows[0], rows[rows.length - 1]);
}
}
@Override
public byte[] getRequest()
{
return currentlyDisplayedItem.getRequest();
}
@Override
public byte[] getResponse()
{
return currentlyDisplayedItem.getResponse();
}
@Override
public IHttpService getHttpService()
{
return currentlyDisplayedItem.getHttpService();
}
public void add(IHttpRequestResponse messageInfo, String comment, String length, String color) {
synchronized(log)
{
LogEntry logEntry = new LogEntry(callbacks.saveBuffersToTempFiles(messageInfo), helpers.analyzeRequest(messageInfo).getMethod(),
helpers.analyzeRequest(messageInfo).getUrl(), comment, length, color);
log.add(logEntry);
}
}
public class Table extends JTable {
LogEntry logEntry;
private SwingWorker<Void, Void> currentWorker;
public Table(TableModel tableModel) {
super(tableModel);
}
@Override
public void changeSelection(int row, int col, boolean toggle, boolean extend) {
logEntry = filteredLog.get(convertRowIndexToModel(row));
requestViewer.setMessage("Loading...".getBytes(), true);
responseViewer.setMessage("Loading...".getBytes(), false);
currentlyDisplayedItem = logEntry.getRequestResponse();
// 取消之前的后台任务
if (currentWorker != null && !currentWorker.isDone()) {
currentWorker.cancel(true);
}
// 在后台线程中执行耗时操作
SwingWorker<Void, Void> worker = new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() throws Exception {
refreshMessage();
return null;
}
};
// 设置当前后台任务
currentWorker = worker;
// 启动后台线程
worker.execute();
super.changeSelection(row, col, toggle, extend);
}
private void refreshMessage() {
SwingUtilities.invokeLater(() -> {
requestViewer.setMessage(logEntry.getRequestResponse().getRequest(), true);
responseViewer.setMessage(logEntry.getRequestResponse().getResponse(), false);
});
}
}
}

209
src/main/java/burp/ui/rule/RulePane.java Normal file
View File

@@ -0,0 +1,209 @@
package burp.ui.rule;
import burp.rule.RuleProcessor;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import javax.swing.*;
import javax.swing.event.TableModelEvent;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.util.Vector;
/**
* @author LinChen & EvilChen
*/
public class RulePane extends JPanel {
private RuleProcessor ruleProcessor = new RuleProcessor();
private Boolean isEdit = false;
private DefaultTableModel model = createModel();
private static final int YES_OPTION = JOptionPane.YES_OPTION;
private static final String[] TITLE = {
"Loaded", "Name", "Regex", "Color", "Scope", "Engine", "Sensitive"
};
public RulePane(Object[][] data, JTabbedPane pane) {
initComponents(data, pane);
}
private DefaultTableModel createModel() {
return new DefaultTableModel() {
@Override
public Class<?> getColumnClass(int column) {
return (column == 0) ? Boolean.class : String.class;
}
@Override
public boolean isCellEditable(int row, int column) {
return column == 0;
}
};
}
private void updateModel() {
model = (DefaultTableModel) ruleTable.getModel();
}
private void ruleAddActionPerformed(ActionEvent e, JTabbedPane pane) {
RuleSetting ruleSettingPanel = new RuleSetting();
int showState = JOptionPane.showConfirmDialog(null, ruleSettingPanel, "Add Rule", JOptionPane.OK_OPTION);
if (showState == YES_OPTION) {
Vector<Object> ruleData = new Vector<>();
ruleData.add(false);
ruleData.add(ruleSettingPanel.ruleNameTextField.getText());
ruleData.add(ruleSettingPanel.regexTextField.getText());
ruleData.add(ruleSettingPanel.colorComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.scopeComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.engineComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.sensitiveComboBox.getSelectedItem());
model.insertRow(model.getRowCount(), ruleData);
updateModel();
ruleProcessor.addRule(ruleData, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void ruleEditActionPerformed(ActionEvent e, JTabbedPane pane){
if (ruleTable.getSelectedRowCount() >= 1){
RuleSetting ruleSettingPanel = new RuleSetting();
ruleSettingPanel.ruleNameTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 1).toString());
ruleSettingPanel.regexTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 2).toString());
ruleSettingPanel.colorComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 3).toString());
ruleSettingPanel.scopeComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 4).toString());
ruleSettingPanel.engineComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 5).toString());
ruleSettingPanel.sensitiveComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(),6));
ruleSettingPanel.sensitiveComboBox.setEnabled(
ruleSettingPanel.engineComboBox.getSelectedItem().toString().equals("nfa")
);
int showState = JOptionPane.showConfirmDialog(null, ruleSettingPanel, "Edit Rule", JOptionPane.OK_OPTION);
if (showState == 0){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.setValueAt(ruleSettingPanel.ruleNameTextField.getText(), select, 1);
model.setValueAt(ruleSettingPanel.regexTextField.getText(), select, 2);
model.setValueAt(ruleSettingPanel.colorComboBox.getSelectedItem().toString(), select, 3);
model.setValueAt(ruleSettingPanel.scopeComboBox.getSelectedItem().toString(), select, 4);
model.setValueAt(ruleSettingPanel.engineComboBox.getSelectedItem().toString(), select, 5);
model.setValueAt(ruleSettingPanel.sensitiveComboBox.getSelectedItem(), select, 6);
model = (DefaultTableModel) ruleTable.getModel();
ruleProcessor.changeRule((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleRemoveActionPerformed(ActionEvent e, JTabbedPane pane){
if (ruleTable.getSelectedRowCount() >= 1){
int isOk = JOptionPane.showConfirmDialog(null, "Are your sure?", "Delete Rule", JOptionPane.OK_OPTION);
if (isOk == 0){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.removeRow(select);
model = (DefaultTableModel) ruleTable.getModel();
ruleProcessor.removeRule(select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleTableChange(TableModelEvent e, JTabbedPane pane) {
if (e.getColumn() == 0 && ruleTable.getSelectedRow() != -1 && !isEdit){
model = (DefaultTableModel) ruleTable.getModel();
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
ruleProcessor.changeRule((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void initComponents(Object[][] data, JTabbedPane pane) {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
addButton = new JButton();
editButton = new JButton();
scrollPane = new JScrollPane();
ruleTable = new JTable();
removeButton = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 0.0, 0.0, 1.0, 1.0E-4};
//---- addButton ----
addButton.setText("Add");
addButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleAddActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(addButton, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 3, 2), 0, 0));
//---- editButton ----
editButton.setText("Edit");
editButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleEditActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(editButton, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
//======== scrollPane ========
{
//---- table ----
ruleTable.setShowVerticalLines(false);
ruleTable.setVerifyInputWhenFocusTarget(false);
ruleTable.setUpdateSelectionOnSort(false);
ruleTable.setShowHorizontalLines(false);
ruleTable.setModel(new DefaultTableModel());
ruleTable.setSurrendersFocusOnKeystroke(true);
scrollPane.setViewportView(ruleTable);
}
add(scrollPane, new GridBagConstraints(1, 0, 1, 4, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 5, 5), 0, 0));
//---- removeButton ----
removeButton.setText("Remove");
removeButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleRemoveActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(removeButton, new GridBagConstraints(0, 2, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
ruleTable.setModel(model);
model.setDataVector(data, TITLE);
model.addTableModelListener(e -> ruleTableChange(e, pane));
ruleTable.setRowSorter(new TableRowSorter<>(model));
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
public JButton addButton;
public JButton editButton;
public JScrollPane scrollPane;
public JTable ruleTable;
public JButton removeButton;
// JFormDesigner - End of variables declaration //GEN-END:variables
}

71
src/main/java/burp/ui/rule/RuleSetting.java Normal file
View File

@@ -0,0 +1,71 @@
package burp.ui.rule;
import java.awt.*;
import javax.swing.*;
import burp.config.ConfigEntry;
/**
* @author LinChen & EvilChen
*/
public class RuleSetting extends JPanel {
public JTextField regexTextField;
public JTextField ruleNameTextField;
public JComboBox<String> scopeComboBox;
public JComboBox<String> engineComboBox;
public JComboBox<String> colorComboBox;
public JComboBox<Boolean> sensitiveComboBox;
public RuleSetting() {
initComponents();
}
private void initComponents() {
setLayout(new GridBagLayout());
GridBagConstraints c = new GridBagConstraints();
c.fill = GridBagConstraints.BOTH;
addLabel("Name:", 0, c);
ruleNameTextField = addTextField(0, c);
addLabel("Regex:", 1, c);
regexTextField = addTextField(1, c);
addLabel("Scope:", 2, c);
scopeComboBox = addComboBox(ConfigEntry.scopeArray, 2, c);
addLabel("Engine:", 3, c);
engineComboBox = addComboBox(ConfigEntry.engineArray, 3, c);
engineComboBox.addActionListener(e -> sensitiveComboBox.setEnabled("nfa".equals(engineComboBox.getSelectedItem().toString())));
addLabel("Color:", 4, c);
colorComboBox = addComboBox(ConfigEntry.colorArray, 4, c);
addLabel("Sensitive:", 5, c);
sensitiveComboBox = addComboBox(new Boolean[]{true, false}, 5, c);
}
private void addLabel(String text, int y, GridBagConstraints c) {
JLabel label = new JLabel(text);
c.gridx = 0;
c.gridy = y;
add(label, c);
}
private JTextField addTextField(int y, GridBagConstraints c) {
JTextField textField = new JTextField(35);
c.gridx = 1;
c.gridy = y;
add(textField, c);
return textField;
}
private <T> JComboBox<T> addComboBox(T[] items, int y, GridBagConstraints c) {
JComboBox<T> comboBox = new JComboBox<>(items);
c.gridx = 1;
c.gridy = y;
add(comboBox, c);
return comboBox;
}
}