admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:1.1
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
...
compare: admin:2.0.5
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

44 Commits
1.1 ... 2.0.5

Author SHA1 Message Date
AnonymousUser
43fbc46b65 Version: 2.0.5 Fixed Bug 2021-07-06 18:33:11 +08:00
AnonymousUser
00a4a835b2 Update 2021-06-25 12:41:25 +08:00
AnonymousUser
f872dadf46 Version: 2.0.4 Fixed Bug 2021-06-14 23:06:03 +08:00
0chen
15bbb9f1a0 修复一处bug 
close #18
感谢#18 问题已经修复
 2021-06-14 15:33:22 +08:00
AnonymousUser
89f3f6cf09 Version 2.0.3 Fixed Match Scope Bug 2021-06-12 15:24:19 +08:00
AnonymousUser
cf9f434ff8 Version 2.0.3 Fixed Match Scope Bug 2021-06-12 15:19:39 +08:00
AnonymousUser
37a907d6df Version: 2.0.2 Fixed UI BUG 2021-06-11 18:27:14 +08:00
AnonymousUser
83e5da2f7e Version: 2.0.2 Fixed UI BUG 2021-06-11 18:25:36 +08:00
AnonymousUser
e43a96b8ad Version: 2.0.1 Fixed bug 2021-06-11 12:36:30 +08:00
AnonymousUser
a7112ad297 Version: 2.0 Update 2021-06-11 08:22:45 +08:00
AnonymousUser
efc7a2d7e3 Version: 2.0 Update 2021-06-10 23:20:46 +08:00
AnonymousUser
0cfebb8464 Version: 2.0 Update 2021-06-10 23:02:51 +08:00
AnonymousUser
2b4e56ea8c Version: 2.0 Update 2021-06-10 22:59:27 +08:00
AnonymousUser
4bdb576448 Add Public Rules 2020-12-11 23:55:11 +08:00
Key
e7a7f823df Merge pull request #11 from PortSwigger/master 
BApp
 2020-12-04 23:02:57 +08:00
PortSwigger Support
a0d33f8c58 1.5.1 update 2020-12-04 14:51:33 +00:00
Uthman Eqbal
72511d9f14 Merge pull request #7 from gh0stkey/master 
HaE 1.5.1
 2020-12-04 12:02:26 +00:00
Uthman Eqbal
2336a49023 Merge branch 'master' into master 2020-12-04 12:02:16 +00:00
AnonymousUser
d89bec65e3 Update 2020-12-04 19:52:36 +08:00
AnonymousUser
2239ca1e90 Update 2020-12-04 19:48:22 +08:00
AnonymousUser
27fbf465b7 update 2020-12-04 16:00:40 +08:00
AnonymousUser
2879a1494c update 2020-12-04 02:46:19 +08:00
AnonymousUser
d9e0bf4714 Update: Customize HaE's Regex Engine 
Now you can customize HaE's regex engine: NFA/DFA, but the premise is that you need to test your regex is running ok under the engine you choose.
 2020-12-04 02:43:34 +08:00
AnonymousUser
170ed412b3 Add gitignore 2020-11-27 21:31:54 +08:00
PortSwigger Support
91009337c1 BApp update v1.5 2020-11-27 10:24:49 +00:00
Uthman Eqbal
a0127d75a9 Merge pull request #5 from gh0stkey/master 
HaE 1.5
 2020-11-27 09:17:41 +00:00
AnonymousUser
2ce57f8ee1 Rebuild code and add default filter. 2020-11-27 03:48:28 +08:00
AnonymousUser
7b5027a528 Update: Replace java.util.regex with jregex 2020-11-12 22:54:34 +08:00
PortSwigger Support
df0f4bd41b BApp update 2020-11-12 14:22:18 +00:00
HannahLaw-Portswigger
d0a61ba9ac Merge pull request #4 from gh0stkey/master 
HaE 1.4.1
 2020-11-12 11:26:34 +00:00
AnonymousUser
c632782bc6 Add Scope Column: any 2020-11-11 23:59:27 +08:00
AnonymousUser
503fea6f55 Update: Support request messages 2020-11-11 03:32:42 +08:00
AnonymousUser
db1f8b9cc9 Update 2020-11-11 03:22:31 +08:00
AnonymousUser
1e22b48001 Update 2020-11-11 03:15:12 +08:00
AnonymousUser
9cb5c93fd7 Update: Support request messages 2020-11-11 03:09:32 +08:00
AnonymousUser
8f18079ea6 Add Regular Expression [ Elasticsearch Unauthorized Access ] 2020-11-10 14:39:33 +08:00
AnonymousUser
ad8ebefb63 Update: Optimize speed 2020-10-27 19:38:58 +08:00
AnonymousUser
570fc1ed54 Update readme 2020-10-27 19:02:01 +08:00
AnonymousUser
edeb263712 Fiexd bug: isLoaded 2020-10-27 19:00:10 +08:00
PortSwigger Support
78628b03d1 BApp preparation 2020-10-08 10:06:10 +00:00
AnonymousUser
1df27ea121 Update: Gradle Project 2020-10-08 00:52:28 +08:00
AnonymousUser
94b3cee2ec Update: Gradle Project 2020-10-07 01:27:51 +08:00
AnonymousUser
6e5c60a738 Update: Gradle Project 2020-10-07 01:27:37 +08:00
AnonymousUser
91dc5f22f6 Update Readme 2020-10-06 23:33:01 +08:00
71 changed files with 1775 additions and 4550 deletions
Expand all files Collapse all files

7
.classpath
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="src" path="src"/>
<classpathentry kind="lib" path="lib/json.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
.DS_Store
.idea
.gradle

17
.project
View File

@@ -1,17 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>HaE</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
</natures>
</projectDescription>

80
README.md
View File

@@ -1,49 +1,48 @@
# HaE - Highlighter and Extractor
HaE相关作者 (来自米斯特安全团队 www.acmesec.cn)
架构作者: [@0chencc](https://github.com/0Chencc)
核心功能作者: [@EvilChen](https://github.com/gh0stkey)
## 公共规则网站
https://gh0st.cn/HaE/
## 介绍
**HaE**是基于 `BurpSuite` 插件 `JavaAPI` 开发的请求高亮标记与信息提取的辅助型插件。
![-w1070](images/16000706401522.jpg)
该插件可以通过自定义正则的方式匹配**响应报文**,可以自行决定符合该自定义正则匹配的相应请求是否需要高亮标记、信息提取。
该插件可以通过自定义正则的方式匹配**响应报文或请求报文**,可以自行决定符合该自定义正则匹配的相应请求是否需要高亮标记、信息提取。
**注**`HaE`的使用,对测试人员来说需要基本的正则表达式基础,由于`Java`正则表达式的库并没有`Python`的优雅或方便在使用正则的HaE要求使用者必须使用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
**注**: `HaE`的使用,对测试人员来说需要基本的正则表达式基础,由于`Java`正则表达式的库并没有`Python`的优雅或方便在使用正则的HaE要求使用者必须使用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
## 使用方法
插件装载`Extender - Extensions - Add - Select File - Next`
插件装载: `Extender - Extensions - Add - Select File - Next`
初次装载`HaE`会初始化配置文件,默认配置文件内置一个正则`Email`,初始化的配置文件会放在与`BurpSuite Jar`包同级目录下。
初次装载`HaE`会初始化配置文件,默认配置文件内置一个正则: `Email`,初始化的配置文件会放在与`BurpSuite Jar`包同级目录下。
![-w330](images/16000708493657.jpg)
除了初始化的配置文件外,还有`init.hae`,该文件用于存储配置文件路径;`HaE`支持自定义配置文件路径,你可以通过点击`Select File`按钮进行选择自定义配置文件。
除了初始化的配置文件外,还有`Setting.yml`,该文件用于存储配置文件路径;`HaE`支持自定义配置文件路径,你可以通过点击`Select File`按钮进行选择自定义配置文件。
![-w477](images/16000710069404.jpg)
HaE支持三个动作
1. 重载规则Reload当你不使用HaE UI界面去修改配置文件内的规则时而是直接基于配置文件进行修改规则时可使用
2. 新建规则New新建规则会自动添加一行表格数据单击或双击进行修改数据即可自动保存
3. 删除规则Delete单击选中某条规则时按下该按钮即可删除规则。
**注**HaE的操作都是基于表单UI的方式操作即会自动保存。
## 插件优点
1. 多选项自定义控制适配需求
2. 多颜色高亮分类将BurpSuite的所有高亮颜色集成`red, orange, yellow, green, cyan, blue, pink, magenta, gray`
3. 颜色升级算法利用下标的方式进行优先级排序当满足2个同颜色条件则以优先级顺序上升颜色(例如**两个正则,颜色为橘黄色,该请求两个正则都匹配到了,那么将升级为红色**
4. 简单的配置文件格式选用JSON格式格式为
```
{name: {"loaded": isLoaded:,"regex": regexText, "highlight": isHighlight, "extract": isExtract, "color": colorText}}
```
5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象。
1. 多选项自定义控制适配需求
2. 多颜色高亮分类将BurpSuite的所有高亮颜色集成: `red, orange, yellow, green, cyan, blue, pink, magenta, gray`
3. **颜色升级算法**: 利用下标的方式进行优先级排序当满足2个同颜色条件则以优先级顺序上升颜色例如: **两个正则,颜色为橘黄色,该请求两个正则都匹配到了,那么将升级为红色**
4. 配置文件采用YAML格式存储更加便于阅读和修改
5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象
6. **支持标签分页**,点击`...`即可添加新的标签页,对着标签页右键即可删除
![-w477](images/16000720732851.jpg)
## 实际使用
使用 RGPerson 生成测试数据,放入网站根目录文件中
使用 RGPerson 生成测试数据,放入网站根目录文件中:
![-w467](images/16000719723284.jpg)
@@ -56,15 +55,15 @@ HaE支持三个动作
有些正则在实战应用场景中并不理想
在正则匹配手机号、身份证号码的时候(纯数字类)会存在一些误报(这里匹配身份证号码无法进行校验,误报率很高),但手机号处理这一块可以解决
在正则匹配手机号、身份证号码的时候(纯数字类)会存在一些误报(这里匹配身份证号码无法进行校验,误报率很高),但手机号处理这一块可以解决:
原正则
原正则:
```
1[3-9]\d{9}
```
误报场景`12315188888888123`,这时候会匹配到`15188888888`,而实际上这一段并不是手机号,所以修改正则为
误报场景: `12315188888888123`,这时候会匹配到`15188888888`,而实际上这一段并不是手机号,所以修改正则为:
```
[^0-9]+(1[3-9]\d{9})[^0-9]+
@@ -74,30 +73,23 @@ HaE支持三个动作
## 实战用法
1. CMS指纹识别Discuz正则`(Powered by Discuz!)`
2. OSS对象存储信息泄露正则`([A|a]ccess[K|k]ey[I|i]d|[A|a]ccess[K|k]ey[S|s]ecret)`
3. 内网地址信息提取,正则`(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:172\.(?:(?:1[6-9])|(?:2\d)|(?:3[01]))\.\d{1,3}\.\d{1,3})|(?:192\.168\.\d{1,3}\.\d{1,3})`
4. 实战插件关联搭配,漏洞挖掘案例https://mp.weixin.qq.com/s/5vNn7dMRZBtv0ojPBAHV7Q
1. CMS指纹识别Discuz正则: `(Powered by Discuz!)`
2. OSS对象存储信息泄露正则: `([A|a]ccess[K|k]ey[I|i]d|[A|a]ccess[K|k]ey[S|s]ecret)`
3. 内网地址信息提取,正则: `(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:172\.(?:(?:1[6-9])|(?:2\d)|(?:3[01]))\.\d{1,3}\.\d{1,3})|(?:192\.168\.\d{1,3}\.\d{1,3})`
4. 实战插件关联搭配,漏洞挖掘案例: https://mp.weixin.qq.com/s/5vNn7dMRZBtv0ojPBAHV7Q
...还有诸多使用方法等待大家去发掘。
## 文末
随笔:正义感是一个不可丢失的东西。
随笔: 正义感是一个不可丢失的东西。
Github项目地址BUG、需求、正则欢迎提交https://github.com/gh0stkey/HaE
Github项目地址BUG、需求、正则欢迎提交: https://github.com/gh0stkey/HaE
### 收录正则列表
## 404StarLink 2.0 - Galaxy
身份证号码来自https://github.com/gh0stkey/HaE/issues/3
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
```
[^0-9]([1-9]\d{5}(18|19|([23]\d))\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx])|([1-9]\d{5}\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{2}[0-9Xx])[^0-9]
```
邮箱地址:
```
([\w-]+(?:\.[\w-]+)*@(?:[\w](?:[\w-]*[\w])?\.)+[\w](?:[\w-]*[\w])?)
```
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

33
build.gradle Normal file
View File

@@ -0,0 +1,33 @@
plugins {
id 'java'
}
repositories {
mavenCentral()
}
compileJava {
options.encoding = "UTF-8"
}
sourceSets {
main {
java {
srcDir './src/main/java'
}
}
}
task fatJar(type: Jar) {
baseName = project.name + '-all'
from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
with jar
}
dependencies {
compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
compile 'org.jetbrains:annotations:16.0.2'
compile group: 'org.yaml', name: 'snakeyaml', version: '1.28'
compile 'net.sourceforge.jregex:jregex:1.2_01'
compile 'dk.brics.automaton:automaton:1.11-8'
}

BIN
images/16000706401522.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 214 KiB

After

Width:  |  Height:  |  Size: 188 KiB

BIN
images/16000708493657.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 131 KiB

BIN
images/16000710069404.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 144 KiB

BIN
images/16000720732851.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 84 KiB

BIN
images/16000720732854.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 223 KiB

After

Width:  |  Height:  |  Size: 297 KiB

BIN
lib/json.jar
View File

Binary file not shown.

2
settings.gradle Normal file
View File

@@ -0,0 +1,2 @@
rootProject.name = 'HaE'

559
src/burp/BurpExtender.java
View File

@@ -1,559 +0,0 @@
package burp;
import java.awt.BorderLayout;
import java.awt.Color;
import java.awt.Component;
import java.util.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.json.*;
import javax.swing.JFrame;
import javax.swing.JOptionPane;
import javax.swing.DefaultCellEditor;
import javax.swing.JScrollPane;
import javax.swing.JTable;
import javax.swing.JTextField;
import javax.swing.table.DefaultTableModel;
import javax.swing.JPanel;
import javax.swing.JButton;
import java.awt.event.ActionListener;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.awt.event.ActionEvent;
import javax.swing.JCheckBox;
import javax.swing.JComboBox;
import javax.swing.JFileChooser;
import javax.swing.border.EtchedBorder;
import javax.swing.border.TitledBorder;
import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener;
import javax.swing.SwingConstants;
import javax.swing.SwingUtilities;
import javax.swing.JLabel;
import java.io.PrintWriter;
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private JFrame frame;
private JPanel panel;
private JTable table;
private JTextField textField;
private IBurpExtenderCallbacks callbacks;
private static String configFilePath = "config.json";
private static String initFilePath = "init.hae";
private static String initConfigContent = "{\"Email\":{\"loaded\":true,\"highlight\":true,\"regex\":\"([\\\\w-]+(?:\\\\.[\\\\w-]+)*@(?:[\\\\w](?:[\\\\w-]*[\\\\w])?\\\\.)+[\\\\w](?:[\\\\w-]*[\\\\w])?)\",\"extract\":true,\"color\":\"yellow\"}}";
private static String endColor = "";
private static String[] colorArray = new String[] {"red", "orange", "yellow", "green", "cyan", "blue", "pink", "magenta", "gray"};
private static IMessageEditorTab HaETab;
private static PrintWriter stdout;
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
// 设置插件名字
callbacks.setExtensionName("HaE - Highlighter and Extractor");
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@Author: EvilChen");
// UI
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
// 判断"config.json"文件是否具备内容,如若不具备则进行初始化
if (configFilePath.equals("config.json")) {
if (readFileContent(configFilePath).equals("")) {
writeFileContent(configFilePath, initConfigContent);
writeFileContent(initFilePath, configFilePath);
}
}
// 判断配置文件是否存在
if (fileExists(configFilePath)) {
configFilePath = readFileContent(initFilePath);
} else {
JOptionPane.showMessageDialog(null, "Config File Not Found!", "Error", JOptionPane.ERROR_MESSAGE);
}
initialize();
fillTable();
}
});
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize() {
frame = new JFrame();
frame.setBounds(100, 100, 526, 403);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
panel = new JPanel();
frame.getContentPane().add(panel, BorderLayout.CENTER);
panel.setLayout(new BorderLayout(0, 0));
JPanel panel_3 = new JPanel();
panel.add(panel_3, BorderLayout.NORTH);
JLabel lblNewLabel_1 = new JLabel("Config File:");
panel_3.add(lblNewLabel_1);
textField = new JTextField();
textField.setEditable(false);
panel_3.add(textField);
textField.setColumns(20);
textField.setText(configFilePath);
JButton btnNewButton = new JButton("Select File ...");
btnNewButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
JFileChooser jfc = new JFileChooser();
jfc.setFileSelectionMode(JFileChooser.FILES_ONLY);
jfc.showDialog(new JLabel(), "Choose");
File file = jfc.getSelectedFile();
textField.setText(file.getAbsolutePath());
configFilePath = textField.getText();
writeFileContent(initFilePath, configFilePath);
fillTable();
}
});
panel_3.add(btnNewButton);
JPanel panel_2 = new JPanel();
panel.add(panel_2, BorderLayout.CENTER);
panel_2.setLayout(new BorderLayout(0, 0));
JPanel panel_1 = new JPanel();
panel_2.add(panel_1, BorderLayout.NORTH);
panel_1.setBorder(new TitledBorder(new EtchedBorder(EtchedBorder.LOWERED, null, null), "Actions", TitledBorder.LEADING, TitledBorder.TOP, null, new Color(0, 0, 0)));
JButton btnReloadRule = new JButton("Reload Rule");
btnReloadRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
fillTable();
}
});
panel_1.add(btnReloadRule);
JButton btnNewRule = new JButton("New Rule");
btnNewRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent arg0) {
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
Vector rules = new Vector();
rules.add(true);
rules.add("New Rule");
rules.add("New Regex");
rules.add("red");
rules.add(true);
rules.add(true);
dtm.addRow(rules);
}
});
panel_1.add(btnNewRule);
JButton btnDeleteRule = new JButton("Delete Rule");
btnDeleteRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
int selectRows = table.getSelectedRows().length;
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
if (selectRows == 1) {
int selectedRowIndex = table.getSelectedRow();
// 在配置文件中删除数据
String cellValue = (String) dtm.getValueAt(selectedRowIndex, 1);
// System.out.println(cellValue);
removeConfig(cellValue);
// 在表格中删除数据
dtm.removeRow(selectedRowIndex);
}
}
});
panel_1.add(btnDeleteRule);
JScrollPane scrollPane = new JScrollPane();
panel_2.add(scrollPane, BorderLayout.CENTER);
table = new JTable();
table.setModel(new DefaultTableModel(
new Object[][] {
},
new String[] {
"Loaded", "Name", "Regex", "Color", "isExtract", "isHighlight"
}
));
scrollPane.setViewportView(table);
table.getColumnModel().getColumn(2).setPreferredWidth(172);
table.getColumnModel().getColumn(3).setCellEditor(new DefaultCellEditor(new JComboBox(colorArray)));
table.getColumnModel().getColumn(0).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JCheckBox()));
JLabel lblNewLabel = new JLabel("@EvilChen Love YuChen.");
lblNewLabel.setHorizontalAlignment(SwingConstants.CENTER);
panel.add(lblNewLabel, BorderLayout.SOUTH);
table.getModel().addTableModelListener(
new TableModelListener() {
@Override
public void tableChanged(TableModelEvent e) {
if (e.getType() == TableModelEvent.INSERT || e.getType() == TableModelEvent.UPDATE) {
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
int rows = dtm.getRowCount();
JSONObject jsonObj = new JSONObject();
for (int i = 0; i < rows; i++) {
JSONObject jsonObj1 = new JSONObject();
jsonObj1.put("loaded", (boolean) dtm.getValueAt(i, 0));
jsonObj1.put("regex", (String) dtm.getValueAt(i, 2));
jsonObj1.put("color", (String) dtm.getValueAt(i, 3));
jsonObj1.put("extract", (boolean) dtm.getValueAt(i, 4));
jsonObj1.put("highlight", (boolean) dtm.getValueAt(i, 5));
// 添加数据
jsonObj.put((String) dtm.getValueAt(i, 1), jsonObj1);
}
writeFileContent(configFilePath, jsonObj.toString());
}
}
}
);
callbacks.customizeUiComponent(panel);
callbacks.customizeUiComponent(panel_1);
callbacks.customizeUiComponent(panel_2);
callbacks.customizeUiComponent(panel_3);
callbacks.customizeUiComponent(scrollPane);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
HaETab = new MarkInfoTab(controller, editable);
return HaETab;
}
@Override
public String getTabCaption() {
return "HaE";
}
@Override
public Component getUiComponent() {
return panel;
}
/*
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (!messageIsRequest && (toolFlag == 64 || toolFlag == 32 || toolFlag == 4)) {
byte[] content = messageInfo.getResponse();
JSONObject jsonObj = matchRegex(content);
if (jsonObj.length() > 0) {
List<String> colorList = new ArrayList<String>();
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString());
boolean isHighlight = jsonObj2.getBoolean("highlight");
boolean isLoaded = jsonObj2.getBoolean("loaded");
if (isHighlight && isLoaded) {
colorList.add(jsonObj2.getString("color"));
}
}
if (colorList.size() != 0) {
colorUpgrade(getColorKeys(colorList));
String color = endColor;
messageInfo.setHighlight(color);
}
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private ITextEditor markInfoText;
private byte[] currentMessage;
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
markInfoText = callbacks.createTextEditor();
markInfoText.setEditable(editable);
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
return markInfoText.getComponent();
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
// 这里需要过一次正则匹配决定是否开启Tab
if (!isRequest && matchRegex(content).length() != 0) {
return true;
}
return false;
}
@Override
public byte[] getMessage() {
return currentMessage;
}
@Override
public boolean isModified() {
return markInfoText.isTextModified();
}
@Override
public byte[] getSelectedData() {
return markInfoText.getSelectedText();
}
/*
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
if (content.length > 0 && !isRequest) {
String result = "";
JSONObject jsonObj = matchRegex(content);
if (jsonObj.length() != 0) {
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isLoaded = jsonObj1.getBoolean("loaded");
if (isExtract && isLoaded) {
String tmpStr = String.format("[%s] %s \n", name, jsonObj1.getString("data")).intern();
result += tmpStr;
}
}
}
markInfoText.setText(result.getBytes());
}
currentMessage = content;
}
}
private JSONObject matchRegex(byte[] content) {
JSONObject tabContent = new JSONObject();
// 正则匹配提取内容
try {
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String contentString = new String(content, "UTF-8").intern();
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
JSONObject jsonData = new JSONObject();
String regex = jsonObj1.getString("regex");
boolean isHighligth = jsonObj1.getBoolean("highlight");
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isLoaded = jsonObj1.getBoolean("loaded");
String color = jsonObj1.getString("color");
List<String> result = new ArrayList<String>();
Pattern pattern = Pattern.compile(regex);
Matcher matcher = pattern.matcher(contentString);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
jsonData.put("highlight", isHighligth);
jsonData.put("extract", isExtract);
jsonData.put("color", color);
jsonData.put("data", String.join(",", result));
jsonData.put("loaded", isLoaded);
// 初始化格式
tabContent.put(name, jsonData);
}
}
return tabContent;
} catch (Exception e) {
return new JSONObject();
}
}
/*
* 颜色下标获取
*/
private List<Integer> getColorKeys(List<String> keys){
List<Integer> result = new ArrayList<Integer>();
int size = colorArray.length;
// 根据颜色获取下标
for (int x = 0; x < keys.size(); x++) {
for (int v = 0; v < size; v++) {
if (colorArray[v].equals(keys.get(x))) {
result.add(v);
}
}
}
return result;
}
/*
* 颜色升级递归算法
*/
private static String colorUpgrade(List<Integer> colorList) {
int colorSize = colorList.size();
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<Integer>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
i++;
} else {
if (colorList.get(i) != stack.stream().reduce((first, second) -> second).orElse(99999999)) {
stack.add(colorList.get(i));
i++;
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
i++;
}
}
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0).equals(-1)) {
endColor = colorArray[0];
} else {
endColor = colorArray[stack.get(0)];
}
} else {
colorUpgrade(stack);
}
return "";
}
/*
* 判断文件是否存在
*/
private Boolean fileExists(String fileName) {
File file = new File(fileName);
if(file.exists()){
return true;
}
return false;
}
/*
* 获取文件内容
*/
private String readFileContent(String fileName) {
File file = new File(fileName);
BufferedReader reader = null;
StringBuffer sbf = new StringBuffer();
try {
reader = new BufferedReader(new FileReader(file));
String tempStr;
while ((tempStr = reader.readLine()) != null) {
sbf.append(tempStr);
}
reader.close();
return sbf.toString();
} catch (IOException e) {
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException err) {
err.printStackTrace();
}
}
}
return sbf.toString();
}
/*
* 写入文件内容
*/
private boolean writeFileContent(String fileName, String fileContent) {
try {
BufferedWriter out = new BufferedWriter(new FileWriter(fileName));
out.write(fileContent);
out.close();
return true;
} catch (IOException e) {
stdout.println(e);
return false;
}
}
/*
* 删除单条配置内容
*/
private void removeConfig(String key) {
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
jsonObj.remove(key);
if (writeFileContent(configFilePath, jsonObj.toString())) {
JOptionPane.showMessageDialog(null, "Delete Successfully!", "Info", JOptionPane.INFORMATION_MESSAGE);
}
}
/*
* 初始化表格内容
*/
private void fillTable() {
DefaultTableModel dtm=(DefaultTableModel) table.getModel();
dtm.setRowCount(0);
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean loaded = jsonObj1.getBoolean("loaded");
String regex = jsonObj1.getString("regex");
String color = jsonObj1.getString("color");
boolean isExtract = jsonObj1.getBoolean("extract");
boolean isHighlight = jsonObj1.getBoolean("highlight");
// 填充数据
Vector rules = new Vector();
rules.add(loaded);
rules.add(name);
rules.add(regex);
rules.add(color);
rules.add(isExtract);
rules.add(isHighlight);
dtm.addRow(rules);
}
}
public static void main(String[] args) {
}
}

97
src/burp/IBurpCollaboratorClientContext.java
View File

@@ -1,97 +0,0 @@
package burp;
/*
* @(#)IBurpCollaboratorClientContext.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface represents an instance of a Burp Collaborator client context,
* which can be used to generate Burp Collaborator payloads and poll the
* Collaborator server for any network interactions that result from using those
* payloads. Extensions can obtain new instances of this class by calling
* <code>IBurpExtenderCallbacks.createBurpCollaboratorClientContext()</code>.
* Note that each Burp Collaborator client context is tied to the Collaborator
* server configuration that was in place at the time the context was created.
*/
public interface IBurpCollaboratorClientContext
{
/**
* This method is used to generate new Burp Collaborator payloads.
*
* @param includeCollaboratorServerLocation Specifies whether to include the
* Collaborator server location in the generated payload.
* @return The payload that was generated.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
String generatePayload(boolean includeCollaboratorServerLocation);
/**
* This method is used to retrieve all interactions received by the
* Collaborator server resulting from payloads that were generated for this
* context.
*
* @return The Collaborator interactions that have occurred resulting from
* payloads that were generated for this context.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchAllCollaboratorInteractions();
/**
* This method is used to retrieve interactions received by the Collaborator
* server resulting from a single payload that was generated for this
* context.
*
* @param payload The payload for which interactions will be retrieved.
* @return The Collaborator interactions that have occurred resulting from
* the given payload.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchCollaboratorInteractionsFor(String payload);
/**
* This method is used to retrieve all interactions made by Burp Infiltrator
* instrumentation resulting from payloads that were generated for this
* context.
*
* @return The interactions triggered by the Burp Infiltrator
* instrumentation that have occurred resulting from payloads that were
* generated for this context.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchAllInfiltratorInteractions();
/**
* This method is used to retrieve interactions made by Burp Infiltrator
* instrumentation resulting from a single payload that was generated for
* this context.
*
* @param payload The payload for which interactions will be retrieved.
* @return The interactions triggered by the Burp Infiltrator
* instrumentation that have occurred resulting from the given payload.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchInfiltratorInteractionsFor(String payload);
/**
* This method is used to retrieve the network location of the Collaborator
* server.
*
* @return The hostname or IP address of the Collaborator server.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
String getCollaboratorServerLocation();
}

41
src/burp/IBurpCollaboratorInteraction.java
View File

@@ -1,41 +0,0 @@
package burp;
/*
* @(#)IBurpCollaboratorInteraction.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.Map;
/**
* This interface represents a network interaction that occurred with the Burp
* Collaborator server.
*/
public interface IBurpCollaboratorInteraction
{
/**
* This method is used to retrieve a property of the interaction. Properties
* of all interactions are: interaction_id, type, client_ip, and time_stamp.
* Properties of DNS interactions are: query_type and raw_query. The
* raw_query value is Base64-encoded. Properties of HTTP interactions are:
* protocol, request, and response. The request and response values are
* Base64-encoded.
*
* @param name The name of the property to retrieve.
* @return A string representing the property value, or null if not present.
*/
String getProperty(String name);
/**
* This method is used to retrieve a map containing all properties of the
* interaction.
*
* @return A map containing all properties of the interaction.
*/
Map<String, String> getProperties();
}

31
src/burp/IBurpExtender.java
View File

@@ -1,31 +0,0 @@
package burp;
/*
* @(#)IBurpExtender.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* All extensions must implement this interface.
*
* Implementations must be called BurpExtender, in the package burp, must be
* declared public, and must provide a default (public, no-argument)
* constructor.
*/
public interface IBurpExtender
{
/**
* This method is invoked when the extension is loaded. It registers an
* instance of the
* <code>IBurpExtenderCallbacks</code> interface, providing methods that may
* be invoked by the extension to perform various actions.
*
* @param callbacks An
* <code>IBurpExtenderCallbacks</code> object.
*/
void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
}

1088
src/burp/IBurpExtenderCallbacks.java
View File

File diff suppressed because it is too large Load Diff

39
src/burp/IContextMenuFactory.java
View File

@@ -1,39 +0,0 @@
package burp;
/*
* @(#)IContextMenuFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import javax.swing.JMenuItem;
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerContextMenuFactory()</code> to register
* a factory for custom context menu items.
*/
public interface IContextMenuFactory
{
/**
* This method will be called by Burp when the user invokes a context menu
* anywhere within Burp. The factory can then provide any custom context
* menu items that should be displayed in the context menu, based on the
* details of the menu invocation.
*
* @param invocation An object that implements the
* <code>IContextMenuInvocation</code> interface, which the extension can
* query to obtain details of the context menu invocation.
* @return A list of custom menu items (which may include sub-menus,
* checkbox menu items, etc.) that should be displayed. Extensions may
* return
* <code>null</code> from this method, to indicate that no menu items are
* required.
*/
List<JMenuItem> createMenuItems(IContextMenuInvocation invocation);
}

156
src/burp/IContextMenuInvocation.java
View File

@@ -1,156 +0,0 @@
package burp;
/*
* @(#)IContextMenuInvocation.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.event.InputEvent;
/**
* This interface is used when Burp calls into an extension-provided
* <code>IContextMenuFactory</code> with details of a context menu invocation.
* The custom context menu factory can query this interface to obtain details of
* the invocation event, in order to determine what menu items should be
* displayed.
*/
public interface IContextMenuInvocation
{
/**
* Used to indicate that the context menu is being invoked in a request
* editor.
*/
static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
/**
* Used to indicate that the context menu is being invoked in a response
* editor.
*/
static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
/**
* Used to indicate that the context menu is being invoked in a non-editable
* request viewer.
*/
static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
/**
* Used to indicate that the context menu is being invoked in a non-editable
* response viewer.
*/
static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
/**
* Used to indicate that the context menu is being invoked in the Target
* site map tree.
*/
static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
/**
* Used to indicate that the context menu is being invoked in the Target
* site map table.
*/
static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
/**
* Used to indicate that the context menu is being invoked in the Proxy
* history.
*/
static final byte CONTEXT_PROXY_HISTORY = 6;
/**
* Used to indicate that the context menu is being invoked in the Scanner
* results.
*/
static final byte CONTEXT_SCANNER_RESULTS = 7;
/**
* Used to indicate that the context menu is being invoked in the Intruder
* payload positions editor.
*/
static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
/**
* Used to indicate that the context menu is being invoked in an Intruder
* attack results.
*/
static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
/**
* Used to indicate that the context menu is being invoked in a search
* results window.
*/
static final byte CONTEXT_SEARCH_RESULTS = 10;
/**
* This method can be used to retrieve the native Java input event that was
* the trigger for the context menu invocation.
*
* @return The <code>InputEvent</code> that was the trigger for the context
* menu invocation.
*/
InputEvent getInputEvent();
/**
* This method can be used to retrieve the Burp tool within which the
* context menu was invoked.
*
* @return A flag indicating the Burp tool within which the context menu was
* invoked. Burp tool flags are defined in the
* <code>IBurpExtenderCallbacks</code> interface.
*/
int getToolFlag();
/**
* This method can be used to retrieve the context within which the menu was
* invoked.
*
* @return An index indicating the context within which the menu was
* invoked. The indices used are defined within this interface.
*/
byte getInvocationContext();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the current message, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection in the current message. If the user has not made any
* selection in the current message, both offsets indicate the position of
* the caret within the editor. If the menu is not being invoked from a
* message editor, the method returns <code>null</code>.
*/
int[] getSelectionBounds();
/**
* This method can be used to retrieve details of the HTTP requests /
* responses that were shown or selected by the user when the context menu
* was invoked.
*
* <b>Note:</b> For performance reasons, the objects returned from this
* method are tied to the originating context of the messages within the
* Burp UI. For example, if a context menu is invoked on the Proxy intercept
* panel, then the
* <code>IHttpRequestResponse</code> returned by this method will reflect
* the current contents of the interception panel, and this will change when
* the current message has been forwarded or dropped. If your extension
* needs to store details of the message for which the context menu has been
* invoked, then you should query those details from the
* <code>IHttpRequestResponse</code> at the time of invocation, or you
* should use
* <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code> to create a
* persistent read-only copy of the
* <code>IHttpRequestResponse</code>.
*
* @return An array of <code>IHttpRequestResponse</code> objects
* representing the items that were shown or selected by the user when the
* context menu was invoked. This method returns <code>null</code> if no
* messages are applicable to the invocation.
*/
IHttpRequestResponse[] getSelectedMessages();
/**
* This method can be used to retrieve details of the Scanner issues that
* were selected by the user when the context menu was invoked.
*
* @return An array of <code>IScanIssue</code> objects representing the
* issues that were selected by the user when the context menu was invoked.
* This method returns <code>null</code> if no Scanner issues are applicable
* to the invocation.
*/
IScanIssue[] getSelectedIssues();
}

61
src/burp/ICookie.java
View File

@@ -1,61 +0,0 @@
package burp;
/*
* @(#)ICookie.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.Date;
/**
* This interface is used to hold details about an HTTP cookie.
*/
public interface ICookie
{
/**
* This method is used to retrieve the domain for which the cookie is in
* scope.
*
* @return The domain for which the cookie is in scope. <b>Note:</b> For
* cookies that have been analyzed from responses (by calling
* <code>IExtensionHelpers.analyzeResponse()</code> and then
* <code>IResponseInfo.getCookies()</code>, the domain will be
* <code>null</code> if the response did not explicitly set a domain
* attribute for the cookie.
*/
String getDomain();
/**
* This method is used to retrieve the path for which the cookie is in
* scope.
*
* @return The path for which the cookie is in scope or null if none is set.
*/
String getPath();
/**
* This method is used to retrieve the expiration time for the cookie.
*
* @return The expiration time for the cookie, or
* <code>null</code> if none is set (i.e., for non-persistent session
* cookies).
*/
Date getExpiration();
/**
* This method is used to retrieve the name of the cookie.
*
* @return The name of the cookie.
*/
String getName();
/**
* This method is used to retrieve the value of the cookie.
* @return The value of the cookie.
*/
String getValue();
}

356
src/burp/IExtensionHelpers.java
View File

@@ -1,356 +0,0 @@
package burp;
/*
* @(#)IExtensionHelpers.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.URL;
import java.util.List;
/**
* This interface contains a number of helper methods, which extensions can use
* to assist with various common tasks that arise for Burp extensions.
*
* Extensions can call <code>IBurpExtenderCallbacks.getHelpers</code> to obtain
* an instance of this interface.
*/
public interface IExtensionHelpers
{
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it.
*
* @param request An <code>IHttpRequestResponse</code> object containing the
* request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(IHttpRequestResponse request);
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it.
*
* @param httpService The HTTP service associated with the request. This is
* optional and may be <code>null</code>, in which case the resulting
* <code>IRequestInfo</code> object will not include the full request URL.
* @param request The request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it. The resulting <code>IRequestInfo</code> object will
* not include the full request URL. To obtain the full URL, use one of the
* other overloaded <code>analyzeRequest()</code> methods.
*
* @param request The request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(byte[] request);
/**
* This method can be used to analyze an HTTP response, and obtain various
* key details about it.
*
* @param response The response to be analyzed.
* @return An <code>IResponseInfo</code> object that can be queried to
* obtain details about the response.
*/
IResponseInfo analyzeResponse(byte[] response);
/**
* This method can be used to retrieve details of a specified parameter
* within an HTTP request. <b>Note:</b> Use <code>analyzeRequest()</code> to
* obtain details of all parameters within the request.
*
* @param request The request to be inspected for the specified parameter.
* @param parameterName The name of the parameter to retrieve.
* @return An <code>IParameter</code> object that can be queried to obtain
* details about the parameter, or <code>null</code> if the parameter was
* not found.
*/
IParameter getRequestParameter(byte[] request, String parameterName);
/**
* This method can be used to URL-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
String urlDecode(String data);
/**
* This method can be used to URL-encode the specified data. Any characters
* that do not need to be encoded within HTTP requests are not encoded.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String urlEncode(String data);
/**
* This method can be used to URL-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] urlDecode(byte[] data);
/**
* This method can be used to URL-encode the specified data. Any characters
* that do not need to be encoded within HTTP requests are not encoded.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
byte[] urlEncode(byte[] data);
/**
* This method can be used to Base64-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] base64Decode(String data);
/**
* This method can be used to Base64-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] base64Decode(byte[] data);
/**
* This method can be used to Base64-encode the specified data.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String base64Encode(String data);
/**
* This method can be used to Base64-encode the specified data.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String base64Encode(byte[] data);
/**
* This method can be used to convert data from String form into an array of
* bytes. The conversion does not reflect any particular character set, and
* a character with the hex representation 0xWXYZ will always be converted
* into a byte with the representation 0xYZ. It performs the opposite
* conversion to the method <code>bytesToString()</code>, and byte-based
* data that is converted to a String and back again using these two methods
* is guaranteed to retain its integrity (which may not be the case with
* conversions that reflect a given character set).
*
* @param data The data to be converted.
* @return The converted data.
*/
byte[] stringToBytes(String data);
/**
* This method can be used to convert data from an array of bytes into
* String form. The conversion does not reflect any particular character
* set, and a byte with the representation 0xYZ will always be converted
* into a character with the hex representation 0x00YZ. It performs the
* opposite conversion to the method <code>stringToBytes()</code>, and
* byte-based data that is converted to a String and back again using these
* two methods is guaranteed to retain its integrity (which may not be the
* case with conversions that reflect a given character set).
*
* @param data The data to be converted.
* @return The converted data.
*/
String bytesToString(byte[] data);
/**
* This method searches a piece of data for the first occurrence of a
* specified pattern. It works on byte-based data in a way that is similar
* to the way the native Java method <code>String.indexOf()</code> works on
* String-based data.
*
* @param data The data to be searched.
* @param pattern The pattern to be searched for.
* @param caseSensitive Flags whether or not the search is case-sensitive.
* @param from The offset within <code>data</code> where the search should
* begin.
* @param to The offset within <code>data</code> where the search should
* end.
* @return The offset of the first occurrence of the pattern within the
* specified bounds, or -1 if no match is found.
*/
int indexOf(byte[] data,
byte[] pattern,
boolean caseSensitive,
int from,
int to);
/**
* This method builds an HTTP message containing the specified headers and
* message body. If applicable, the Content-Length header will be added or
* updated, based on the length of the body.
*
* @param headers A list of headers to include in the message.
* @param body The body of the message, of <code>null</code> if the message
* has an empty body.
* @return The resulting full HTTP message.
*/
byte[] buildHttpMessage(List<String> headers, byte[] body);
/**
* This method creates a GET request to the specified URL. The headers used
* in the request are determined by the Request headers settings as
* configured in Burp Spider's options.
*
* @param url The URL to which the request should be made.
* @return A request to the specified URL.
*/
byte[] buildHttpRequest(URL url);
/**
* This method adds a new parameter to an HTTP request, and if appropriate
* updates the Content-Length header.
*
* @param request The request to which the parameter should be added.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be added. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the new parameter added.
*/
byte[] addParameter(byte[] request, IParameter parameter);
/**
* This method removes a parameter from an HTTP request, and if appropriate
* updates the Content-Length header.
*
* @param request The request from which the parameter should be removed.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be removed. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the parameter removed.
*/
byte[] removeParameter(byte[] request, IParameter parameter);
/**
* This method updates the value of a parameter within an HTTP request, and
* if appropriate updates the Content-Length header. <b>Note:</b> This
* method can only be used to update the value of an existing parameter of a
* specified type. If you need to change the type of an existing parameter,
* you should first call <code>removeParameter()</code> to remove the
* parameter with the old type, and then call <code>addParameter()</code> to
* add a parameter with the new type.
*
* @param request The request containing the parameter to be updated.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be updated. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the parameter updated.
*/
byte[] updateParameter(byte[] request, IParameter parameter);
/**
* This method can be used to toggle a request's method between GET and
* POST. Parameters are relocated between the URL query string and message
* body as required, and the Content-Length header is created or removed as
* applicable.
*
* @param request The HTTP request whose method should be toggled.
* @return A new HTTP request using the toggled method.
*/
byte[] toggleRequestMethod(byte[] request);
/**
* This method constructs an <code>IHttpService</code> object based on the
* details provided.
*
* @param host The HTTP service host.
* @param port The HTTP service port.
* @param protocol The HTTP service protocol.
* @return An <code>IHttpService</code> object based on the details
* provided.
*/
IHttpService buildHttpService(String host, int port, String protocol);
/**
* This method constructs an <code>IHttpService</code> object based on the
* details provided.
*
* @param host The HTTP service host.
* @param port The HTTP service port.
* @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
* @return An <code>IHttpService</code> object based on the details
* provided.
*/
IHttpService buildHttpService(String host, int port, boolean useHttps);
/**
* This method constructs an <code>IParameter</code> object based on the
* details provided.
*
* @param name The parameter name.
* @param value The parameter value.
* @param type The parameter type, as defined in the <code>IParameter</code>
* interface.
* @return An <code>IParameter</code> object based on the details provided.
*/
IParameter buildParameter(String name, String value, byte type);
/**
* This method constructs an <code>IScannerInsertionPoint</code> object
* based on the details provided. It can be used to quickly create a simple
* insertion point based on a fixed payload location within a base request.
*
* @param insertionPointName The name of the insertion point.
* @param baseRequest The request from which to build scan requests.
* @param from The offset of the start of the payload location.
* @param to The offset of the end of the payload location.
* @return An <code>IScannerInsertionPoint</code> object based on the
* details provided.
*/
IScannerInsertionPoint makeScannerInsertionPoint(
String insertionPointName,
byte[] baseRequest,
int from,
int to);
/**
* This method analyzes one or more responses to identify variations in a
* number of attributes and returns an <code>IResponseVariations</code>
* object that can be queried to obtain details of the variations.
*
* @param responses The responses to analyze.
* @return An <code>IResponseVariations</code> object representing the
* variations in the responses.
*/
IResponseVariations analyzeResponseVariations(byte[]... responses);
/**
* This method analyzes one or more responses to identify the number of
* occurrences of the specified keywords and returns an
* <code>IResponseKeywords</code> object that can be queried to obtain
* details of the number of occurrences of each keyword.
*
* @param keywords The keywords to look for.
* @param responses The responses to analyze.
* @return An <code>IResponseKeywords</code> object representing the counts
* of the keywords appearing in the responses.
*/
IResponseKeywords analyzeResponseKeywords(List<String> keywords, byte[]... responses);
}

27
src/burp/IExtensionStateListener.java
View File

@@ -1,27 +0,0 @@
package burp;
/*
* @(#)IExtensionStateListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerExtensionStateListener()</code> to
* register an extension state listener. The listener will be notified of
* changes to the extension's state. <b>Note:</b> Any extensions that start
* background threads or open system resources (such as files or database
* connections) should register a listener and terminate threads / close
* resources when the extension is unloaded.
*/
public interface IExtensionStateListener
{
/**
* This method is called when the extension is unloaded.
*/
void extensionUnloaded();
}

37
src/burp/IHttpListener.java
View File

@@ -1,37 +0,0 @@
package burp;
/*
* @(#)IHttpListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerHttpListener()</code> to register an
* HTTP listener. The listener will be notified of requests and responses made
* by any Burp tool. Extensions can perform custom analysis or modification of
* these messages by registering an HTTP listener.
*/
public interface IHttpListener
{
/**
* This method is invoked when an HTTP request is about to be issued, and
* when an HTTP response has been received.
*
* @param toolFlag A flag indicating the Burp tool that issued the request.
* Burp tool flags are defined in the
* <code>IBurpExtenderCallbacks</code> interface.
* @param messageIsRequest Flags whether the method is being invoked for a
* request or response.
* @param messageInfo Details of the request / response to be processed.
* Extensions can call the setter methods on this object to update the
* current message and so modify Burp's behavior.
*/
void processHttpMessage(int toolFlag,
boolean messageIsRequest,
IHttpRequestResponse messageInfo);
}

102
src/burp/IHttpRequestResponse.java
View File

@@ -1,102 +0,0 @@
package burp;
/*
* @(#)IHttpRequestResponse.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve and update details about HTTP messages.
*
* <b>Note:</b> The setter methods generally can only be used before the message
* has been processed, and not in read-only contexts. The getter methods
* relating to response details can only be used after the request has been
* issued.
*/
public interface IHttpRequestResponse
{
/**
* This method is used to retrieve the request message.
*
* @return The request message.
*/
byte[] getRequest();
/**
* This method is used to update the request message.
*
* @param message The new request message.
*/
void setRequest(byte[] message);
/**
* This method is used to retrieve the response message.
*
* @return The response message.
*/
byte[] getResponse();
/**
* This method is used to update the response message.
*
* @param message The new response message.
*/
void setResponse(byte[] message);
/**
* This method is used to retrieve the user-annotated comment for this item,
* if applicable.
*
* @return The user-annotated comment for this item, or null if none is set.
*/
String getComment();
/**
* This method is used to update the user-annotated comment for this item.
*
* @param comment The comment to be assigned to this item.
*/
void setComment(String comment);
/**
* This method is used to retrieve the user-annotated highlight for this
* item, if applicable.
*
* @return The user-annotated highlight for this item, or null if none is
* set.
*/
String getHighlight();
/**
* This method is used to update the user-annotated highlight for this item.
*
* @param color The highlight color to be assigned to this item. Accepted
* values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
* or a null String to clear any existing highlight.
*/
void setHighlight(String color);
/**
* This method is used to retrieve the HTTP service for this request /
* response.
*
* @return An
* <code>IHttpService</code> object containing details of the HTTP service.
*/
IHttpService getHttpService();
/**
* This method is used to update the HTTP service for this request /
* response.
*
* @param httpService An
* <code>IHttpService</code> object containing details of the new HTTP
* service.
*/
void setHttpService(IHttpService httpService);
}

25
src/burp/IHttpRequestResponsePersisted.java
View File

@@ -1,25 +0,0 @@
package burp;
/*
* @(#)IHttpRequestResponsePersisted.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used for an
* <code>IHttpRequestResponse</code> object whose request and response messages
* have been saved to temporary files using
* <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code>.
*/
public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
{
/**
* This method is deprecated and no longer performs any action.
*/
@Deprecated
void deleteTempFiles();
}

44
src/burp/IHttpRequestResponseWithMarkers.java
View File

@@ -1,44 +0,0 @@
package burp;
/*
* @(#)IHttpRequestResponseWithMarkers.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used for an
* <code>IHttpRequestResponse</code> object that has had markers applied.
* Extensions can create instances of this interface using
* <code>IBurpExtenderCallbacks.applyMarkers()</code>, or provide their own
* implementation. Markers are used in various situations, such as specifying
* Intruder payload positions, Scanner insertion points, and highlights in
* Scanner issues.
*/
public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
{
/**
* This method returns the details of the request markers.
*
* @return A list of index pairs representing the offsets of markers for the
* request message. Each item in the list is an int[2] array containing the
* start and end offsets for the marker. The method may return
* <code>null</code> if no request markers are defined.
*/
List<int[]> getRequestMarkers();
/**
* This method returns the details of the response markers.
*
* @return A list of index pairs representing the offsets of markers for the
* response message. Each item in the list is an int[2] array containing the
* start and end offsets for the marker. The method may return
* <code>null</code> if no response markers are defined.
*/
List<int[]> getResponseMarkers();
}

39
src/burp/IHttpService.java
View File

@@ -1,39 +0,0 @@
package burp;
/*
* @(#)IHttpService.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to provide details about an HTTP service, to which
* HTTP requests can be sent.
*/
public interface IHttpService
{
/**
* This method returns the hostname or IP address for the service.
*
* @return The hostname or IP address for the service.
*/
String getHost();
/**
* This method returns the port number for the service.
*
* @return The port number for the service.
*/
int getPort();
/**
* This method returns the protocol for the service.
*
* @return The protocol for the service. Expected values are "http" or
* "https".
*/
String getProtocol();
}

116
src/burp/IInterceptedProxyMessage.java
View File

@@ -1,116 +0,0 @@
package burp;
/*
* @(#)IInterceptedProxyMessage.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.InetAddress;
/**
* This interface is used to represent an HTTP message that has been intercepted
* by Burp Proxy. Extensions can register an
* <code>IProxyListener</code> to receive details of proxy messages using this
* interface. *
*/
public interface IInterceptedProxyMessage
{
/**
* This action causes Burp Proxy to follow the current interception rules to
* determine the appropriate action to take for the message.
*/
static final int ACTION_FOLLOW_RULES = 0;
/**
* This action causes Burp Proxy to present the message to the user for
* manual review or modification.
*/
static final int ACTION_DO_INTERCEPT = 1;
/**
* This action causes Burp Proxy to forward the message to the remote server
* or client, without presenting it to the user.
*/
static final int ACTION_DONT_INTERCEPT = 2;
/**
* This action causes Burp Proxy to drop the message.
*/
static final int ACTION_DROP = 3;
/**
* This action causes Burp Proxy to follow the current interception rules to
* determine the appropriate action to take for the message, and then make a
* second call to processProxyMessage.
*/
static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
/**
* This action causes Burp Proxy to present the message to the user for
* manual review or modification, and then make a second call to
* processProxyMessage.
*/
static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
/**
* This action causes Burp Proxy to skip user interception, and then make a
* second call to processProxyMessage.
*/
static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
/**
* This method retrieves a unique reference number for this
* request/response.
*
* @return An identifier that is unique to a single request/response pair.
* Extensions can use this to correlate details of requests and responses
* and perform processing on the response message accordingly.
*/
int getMessageReference();
/**
* This method retrieves details of the intercepted message.
*
* @return An <code>IHttpRequestResponse</code> object containing details of
* the intercepted message.
*/
IHttpRequestResponse getMessageInfo();
/**
* This method retrieves the currently defined interception action. The
* default action is
* <code>ACTION_FOLLOW_RULES</code>. If multiple proxy listeners are
* registered, then other listeners may already have modified the
* interception action before it reaches the current listener. This method
* can be used to determine whether this has occurred.
*
* @return The currently defined interception action. Possible values are
* defined within this interface.
*/
int getInterceptAction();
/**
* This method is used to update the interception action.
*
* @param interceptAction The new interception action. Possible values are
* defined within this interface.
*/
void setInterceptAction(int interceptAction);
/**
* This method retrieves the name of the Burp Proxy listener that is
* processing the intercepted message.
*
* @return The name of the Burp Proxy listener that is processing the
* intercepted message. The format is the same as that shown in the Proxy
* Listeners UI - for example, "127.0.0.1:8080".
*/
String getListenerInterface();
/**
* This method retrieves the client IP address from which the request for
* the intercepted message was received.
*
* @return The client IP address from which the request for the intercepted
* message was received.
*/
InetAddress getClientIpAddress();
}

31
src/burp/IIntruderAttack.java
View File

@@ -1,31 +0,0 @@
package burp;
/*
* @(#)IIntruderAttack.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details about an Intruder attack.
*/
public interface IIntruderAttack
{
/**
* This method is used to retrieve the HTTP service for the attack.
*
* @return The HTTP service for the attack.
*/
IHttpService getHttpService();
/**
* This method is used to retrieve the request template for the attack.
*
* @return The request template for the attack.
*/
byte[] getRequestTemplate();
}

50
src/burp/IIntruderPayloadGenerator.java
View File

@@ -1,50 +0,0 @@
package burp;
/*
* @(#)IIntruderPayloadGenerator.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used for custom Intruder payload generators. Extensions
* that have registered an
* <code>IIntruderPayloadGeneratorFactory</code> must return a new instance of
* this interface when required as part of a new Intruder attack.
*/
public interface IIntruderPayloadGenerator
{
/**
* This method is used by Burp to determine whether the payload generator is
* able to provide any further payloads.
*
* @return Extensions should return
* <code>false</code> when all the available payloads have been used up,
* otherwise
* <code>true</code>.
*/
boolean hasMorePayloads();
/**
* This method is used by Burp to obtain the value of the next payload.
*
* @param baseValue The base value of the current payload position. This
* value may be
* <code>null</code> if the concept of a base value is not applicable (e.g.
* in a battering ram attack).
* @return The next payload to use in the attack.
*/
byte[] getNextPayload(byte[] baseValue);
/**
* This method is used by Burp to reset the state of the payload generator
* so that the next call to
* <code>getNextPayload()</code> returns the first payload again. This
* method will be invoked when an attack uses the same payload generator for
* more than one payload position, for example in a sniper attack.
*/
void reset();
}

40
src/burp/IIntruderPayloadGeneratorFactory.java
View File

@@ -1,40 +0,0 @@
package burp;
/*
* @(#)IIntruderPayloadGeneratorFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()</code>
* to register a factory for custom Intruder payloads.
*/
public interface IIntruderPayloadGeneratorFactory
{
/**
* This method is used by Burp to obtain the name of the payload generator.
* This will be displayed as an option within the Intruder UI when the user
* selects to use extension-generated payloads.
*
* @return The name of the payload generator.
*/
String getGeneratorName();
/**
* This method is used by Burp when the user starts an Intruder attack that
* uses this payload generator.
*
* @param attack An
* <code>IIntruderAttack</code> object that can be queried to obtain details
* about the attack in which the payload generator will be used.
* @return A new instance of
* <code>IIntruderPayloadGenerator</code> that will be used to generate
* payloads for the attack.
*/
IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
}

45
src/burp/IIntruderPayloadProcessor.java
View File

@@ -1,45 +0,0 @@
package burp;
/*
* @(#)IIntruderPayloadProcessor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerIntruderPayloadProcessor()</code> to
* register a custom Intruder payload processor.
*/
public interface IIntruderPayloadProcessor
{
/**
* This method is used by Burp to obtain the name of the payload processor.
* This will be displayed as an option within the Intruder UI when the user
* selects to use an extension-provided payload processor.
*
* @return The name of the payload processor.
*/
String getProcessorName();
/**
* This method is invoked by Burp each time the processor should be applied
* to an Intruder payload.
*
* @param currentPayload The value of the payload to be processed.
* @param originalPayload The value of the original payload prior to
* processing by any already-applied processing rules.
* @param baseValue The base value of the payload position, which will be
* replaced with the current payload.
* @return The value of the processed payload. This may be
* <code>null</code> to indicate that the current payload should be skipped,
* and the attack will move directly to the next payload.
*/
byte[] processPayload(
byte[] currentPayload,
byte[] originalPayload,
byte[] baseValue);
}

36
src/burp/IMenuItemHandler.java
View File

@@ -1,36 +0,0 @@
package burp;
/*
* @(#)IMenuItemHandler.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerMenuItem()</code> to register a custom
* context menu item.
*
* @deprecated Use
* <code>IContextMenuFactory</code> instead.
*/
@Deprecated
public interface IMenuItemHandler
{
/**
* This method is invoked by Burp Suite when the user clicks on a custom
* menu item which the extension has registered with Burp.
*
* @param menuItemCaption The caption of the menu item which was clicked.
* This parameter enables extensions to provide a single implementation
* which handles multiple different menu items.
* @param messageInfo Details of the HTTP message(s) for which the context
* menu was displayed.
*/
void menuItemClicked(
String menuItemCaption,
IHttpRequestResponse[] messageInfo);
}

77
src/burp/IMessageEditor.java
View File

@@ -1,77 +0,0 @@
package burp;
/*
* @(#)IMessageEditor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide extensions with an instance of Burp's HTTP
* message editor, for the extension to use in its own UI. Extensions should
* call <code>IBurpExtenderCallbacks.createMessageEditor()</code> to obtain an
* instance of this interface.
*/
public interface IMessageEditor
{
/**
* This method returns the UI component of the editor, for extensions to add
* to their own UI.
*
* @return The UI component of the editor.
*/
Component getComponent();
/**
* This method is used to display an HTTP message in the editor.
*
* @param message The HTTP message to be displayed.
* @param isRequest Flags whether the message is an HTTP request or
* response.
*/
void setMessage(byte[] message, boolean isRequest);
/**
* This method is used to retrieve the currently displayed message, which
* may have been modified by the user.
*
* @return The currently displayed HTTP message.
*/
byte[] getMessage();
/**
* This method is used to determine whether the current message has been
* modified by the user.
*
* @return An indication of whether the current message has been modified by
* the user since it was first displayed.
*/
boolean isMessageModified();
/**
* This method returns the data that is currently selected by the user.
*
* @return The data that is currently selected by the user, or
* <code>null</code> if no selection is made.
*/
byte[] getSelectedData();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the displayed message, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection within the displayed message. If the user has not made
* any selection in the current message, both offsets indicate the position
* of the caret within the editor. For some editor views, the concept of
* selection within the message does not apply, in which case this method
* returns null.
*/
int[] getSelectionBounds();
}

49
src/burp/IMessageEditorController.java
View File

@@ -1,49 +0,0 @@
package burp;
/*
* @(#)IMessageEditorController.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used by an
* <code>IMessageEditor</code> to obtain details about the currently displayed
* message. Extensions that create instances of Burp's HTTP message editor can
* optionally provide an implementation of
* <code>IMessageEditorController</code>, which the editor will invoke when it
* requires further information about the current message (for example, to send
* it to another Burp tool). Extensions that provide custom editor tabs via an
* <code>IMessageEditorTabFactory</code> will receive a reference to an
* <code>IMessageEditorController</code> object for each tab instance they
* generate, which the tab can invoke if it requires further information about
* the current message.
*/
public interface IMessageEditorController
{
/**
* This method is used to retrieve the HTTP service for the current message.
*
* @return The HTTP service for the current message.
*/
IHttpService getHttpService();
/**
* This method is used to retrieve the HTTP request associated with the
* current message (which may itself be a response).
*
* @return The HTTP request associated with the current message.
*/
byte[] getRequest();
/**
* This method is used to retrieve the HTTP response associated with the
* current message (which may itself be a request).
*
* @return The HTTP response associated with the current message.
*/
byte[] getResponse();
}

103
src/burp/IMessageEditorTab.java
View File

@@ -1,103 +0,0 @@
package burp;
/*
* @(#)IMessageEditorTab.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* Extensions that register an
* <code>IMessageEditorTabFactory</code> must return instances of this
* interface, which Burp will use to create custom tabs within its HTTP message
* editors.
*/
public interface IMessageEditorTab
{
/**
* This method returns the caption that should appear on the custom tab when
* it is displayed. <b>Note:</b> Burp invokes this method once when the tab
* is first generated, and the same caption will be used every time the tab
* is displayed.
*
* @return The caption that should appear on the custom tab when it is
* displayed.
*/
String getTabCaption();
/**
* This method returns the component that should be used as the contents of
* the custom tab when it is displayed. <b>Note:</b> Burp invokes this
* method once when the tab is first generated, and the same component will
* be used every time the tab is displayed.
*
* @return The component that should be used as the contents of the custom
* tab when it is displayed.
*/
Component getUiComponent();
/**
* The hosting editor will invoke this method before it displays a new HTTP
* message, so that the custom tab can indicate whether it should be enabled
* for that message.
*
* @param content The message that is about to be displayed, or a zero-length
* array if the existing message is to be cleared.
* @param isRequest Indicates whether the message is a request or a
* response.
* @return The method should return
* <code>true</code> if the custom tab is able to handle the specified
* message, and so will be displayed within the editor. Otherwise, the tab
* will be hidden while this message is displayed.
*/
boolean isEnabled(byte[] content, boolean isRequest);
/**
* The hosting editor will invoke this method to display a new message or to
* clear the existing message. This method will only be called with a new
* message if the tab has already returned
* <code>true</code> to a call to
* <code>isEnabled()</code> with the same message details.
*
* @param content The message that is to be displayed, or
* <code>null</code> if the tab should clear its contents and disable any
* editable controls.
* @param isRequest Indicates whether the message is a request or a
* response.
*/
void setMessage(byte[] content, boolean isRequest);
/**
* This method returns the currently displayed message.
*
* @return The currently displayed message.
*/
byte[] getMessage();
/**
* This method is used to determine whether the currently displayed message
* has been modified by the user. The hosting editor will always call
* <code>getMessage()</code> before calling this method, so any pending
* edits should be completed within
* <code>getMessage()</code>.
*
* @return The method should return
* <code>true</code> if the user has modified the current message since it
* was first displayed.
*/
boolean isModified();
/**
* This method is used to retrieve the data that is currently selected by
* the user.
*
* @return The data that is currently selected by the user. This may be
* <code>null</code> if no selection is currently made.
*/
byte[] getSelectedData();
}

38
src/burp/IMessageEditorTabFactory.java
View File

@@ -1,38 +0,0 @@
package burp;
/*
* @(#)IMessageEditorTabFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerMessageEditorTabFactory()</code> to
* register a factory for custom message editor tabs. This allows extensions to
* provide custom rendering or editing of HTTP messages, within Burp's own HTTP
* editor.
*/
public interface IMessageEditorTabFactory
{
/**
* Burp will call this method once for each HTTP message editor, and the
* factory should provide a new instance of an
* <code>IMessageEditorTab</code> object.
*
* @param controller An
* <code>IMessageEditorController</code> object, which the new tab can query
* to retrieve details about the currently displayed message. This may be
* <code>null</code> for extension-invoked message editors where the
* extension has not provided an editor controller.
* @param editable Indicates whether the hosting editor is editable or
* read-only.
* @return A new
* <code>IMessageEditorTab</code> object for use within the message editor.
*/
IMessageEditorTab createNewInstance(IMessageEditorController controller,
boolean editable);
}

104
src/burp/IParameter.java
View File

@@ -1,104 +0,0 @@
package burp;
/*
* @(#)IParameter.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details about an HTTP request parameter.
*/
public interface IParameter
{
/**
* Used to indicate a parameter within the URL query string.
*/
static final byte PARAM_URL = 0;
/**
* Used to indicate a parameter within the message body.
*/
static final byte PARAM_BODY = 1;
/**
* Used to indicate an HTTP cookie.
*/
static final byte PARAM_COOKIE = 2;
/**
* Used to indicate an item of data within an XML structure.
*/
static final byte PARAM_XML = 3;
/**
* Used to indicate the value of a tag attribute within an XML structure.
*/
static final byte PARAM_XML_ATTR = 4;
/**
* Used to indicate the value of a parameter attribute within a multi-part
* message body (such as the name of an uploaded file).
*/
static final byte PARAM_MULTIPART_ATTR = 5;
/**
* Used to indicate an item of data within a JSON structure.
*/
static final byte PARAM_JSON = 6;
/**
* This method is used to retrieve the parameter type.
*
* @return The parameter type. The available types are defined within this
* interface.
*/
byte getType();
/**
* This method is used to retrieve the parameter name.
*
* @return The parameter name.
*/
String getName();
/**
* This method is used to retrieve the parameter value.
*
* @return The parameter value.
*/
String getValue();
/**
* This method is used to retrieve the start offset of the parameter name
* within the HTTP request.
*
* @return The start offset of the parameter name within the HTTP request,
* or -1 if the parameter is not associated with a specific request.
*/
int getNameStart();
/**
* This method is used to retrieve the end offset of the parameter name
* within the HTTP request.
*
* @return The end offset of the parameter name within the HTTP request, or
* -1 if the parameter is not associated with a specific request.
*/
int getNameEnd();
/**
* This method is used to retrieve the start offset of the parameter value
* within the HTTP request.
*
* @return The start offset of the parameter value within the HTTP request,
* or -1 if the parameter is not associated with a specific request.
*/
int getValueStart();
/**
* This method is used to retrieve the end offset of the parameter value
* within the HTTP request.
*
* @return The end offset of the parameter value within the HTTP request, or
* -1 if the parameter is not associated with a specific request.
*/
int getValueEnd();
}

37
src/burp/IProxyListener.java
View File

@@ -1,37 +0,0 @@
package burp;
/*
* @(#)IProxyListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerProxyListener()</code> to register a
* Proxy listener. The listener will be notified of requests and responses being
* processed by the Proxy tool. Extensions can perform custom analysis or
* modification of these messages, and control in-UI message interception, by
* registering a proxy listener.
*/
public interface IProxyListener
{
/**
* This method is invoked when an HTTP message is being processed by the
* Proxy.
*
* @param messageIsRequest Indicates whether the HTTP message is a request
* or a response.
* @param message An
* <code>IInterceptedProxyMessage</code> object that extensions can use to
* query and update details of the message, and control whether the message
* should be intercepted and displayed to the user for manual review or
* modification.
*/
void processProxyMessage(
boolean messageIsRequest,
IInterceptedProxyMessage message);
}

95
src/burp/IRequestInfo.java
View File

@@ -1,95 +0,0 @@
package burp;
/*
* @(#)IRequestInfo.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.URL;
import java.util.List;
/**
* This interface is used to retrieve key details about an HTTP request.
* Extensions can obtain an
* <code>IRequestInfo</code> object for a given request by calling
* <code>IExtensionHelpers.analyzeRequest()</code>.
*/
public interface IRequestInfo
{
/**
* Used to indicate that there is no content.
*/
static final byte CONTENT_TYPE_NONE = 0;
/**
* Used to indicate URL-encoded content.
*/
static final byte CONTENT_TYPE_URL_ENCODED = 1;
/**
* Used to indicate multi-part content.
*/
static final byte CONTENT_TYPE_MULTIPART = 2;
/**
* Used to indicate XML content.
*/
static final byte CONTENT_TYPE_XML = 3;
/**
* Used to indicate JSON content.
*/
static final byte CONTENT_TYPE_JSON = 4;
/**
* Used to indicate AMF content.
*/
static final byte CONTENT_TYPE_AMF = 5;
/**
* Used to indicate unknown content.
*/
static final byte CONTENT_TYPE_UNKNOWN = -1;
/**
* This method is used to obtain the HTTP method used in the request.
*
* @return The HTTP method used in the request.
*/
String getMethod();
/**
* This method is used to obtain the URL in the request.
*
* @return The URL in the request.
*/
URL getUrl();
/**
* This method is used to obtain the HTTP headers contained in the request.
*
* @return The HTTP headers contained in the request.
*/
List<String> getHeaders();
/**
* This method is used to obtain the parameters contained in the request.
*
* @return The parameters contained in the request.
*/
List<IParameter> getParameters();
/**
* This method is used to obtain the offset within the request where the
* message body begins.
*
* @return The offset within the request where the message body begins.
*/
int getBodyOffset();
/**
* This method is used to obtain the content type of the message body.
*
* @return An indication of the content type of the message body. Available
* types are defined within this interface.
*/
byte getContentType();
}

73
src/burp/IResponseInfo.java
View File

@@ -1,73 +0,0 @@
package burp;
/*
* @(#)IResponseInfo.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to retrieve key details about an HTTP response.
* Extensions can obtain an
* <code>IResponseInfo</code> object for a given response by calling
* <code>IExtensionHelpers.analyzeResponse()</code>.
*/
public interface IResponseInfo
{
/**
* This method is used to obtain the HTTP headers contained in the response.
*
* @return The HTTP headers contained in the response.
*/
List<String> getHeaders();
/**
* This method is used to obtain the offset within the response where the
* message body begins.
*
* @return The offset within the response where the message body begins.
*/
int getBodyOffset();
/**
* This method is used to obtain the HTTP status code contained in the
* response.
*
* @return The HTTP status code contained in the response.
*/
short getStatusCode();
/**
* This method is used to obtain details of the HTTP cookies set in the
* response.
*
* @return A list of <code>ICookie</code> objects representing the cookies
* set in the response, if any.
*/
List<ICookie> getCookies();
/**
* This method is used to obtain the MIME type of the response, as stated in
* the HTTP headers.
*
* @return A textual label for the stated MIME type, or an empty String if
* this is not known or recognized. The possible labels are the same as
* those used in the main Burp UI.
*/
String getStatedMimeType();
/**
* This method is used to obtain the MIME type of the response, as inferred
* from the contents of the HTTP message body.
*
* @return A textual label for the inferred MIME type, or an empty String if
* this is not known or recognized. The possible labels are the same as
* those used in the main Burp UI.
*/
String getInferredMimeType();
}

58
src/burp/IResponseKeywords.java
View File

@@ -1,58 +0,0 @@
package burp;
/*
* @(#)IResponseKeywords.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to represent the counts of keywords appearing in a
* number of HTTP responses.
*/
public interface IResponseKeywords
{
/**
* This method is used to obtain the list of keywords whose counts vary
* between the analyzed responses.
*
* @return The keywords whose counts vary between the analyzed responses.
*/
List<String> getVariantKeywords();
/**
* This method is used to obtain the list of keywords whose counts do not
* vary between the analyzed responses.
*
* @return The keywords whose counts do not vary between the analyzed
* responses.
*/
List<String> getInvariantKeywords();
/**
* This method is used to obtain the number of occurrences of an individual
* keyword in a response.
*
* @param keyword The keyword whose count will be retrieved.
* @param responseIndex The index of the response. Note responses are
* indexed from zero in the order they were originally supplied to the
* <code>IExtensionHelpers.analyzeResponseKeywords()</code> and
* <code>IResponseKeywords.updateWith()</code> methods.
* @return The number of occurrences of the specified keyword for the
* specified response.
*/
int getKeywordCount(String keyword, int responseIndex);
/**
* This method is used to update the analysis based on additional responses.
*
* @param responses The new responses to include in the analysis.
*/
void updateWith(byte[]... responses);
}

62
src/burp/IResponseVariations.java
View File

@@ -1,62 +0,0 @@
package burp;
/*
* @(#)IResponseVariations.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to represent variations between a number HTTP
* responses, according to various attributes.
*/
public interface IResponseVariations
{
/**
* This method is used to obtain the list of attributes that vary between
* the analyzed responses.
*
* @return The attributes that vary between the analyzed responses.
*/
List<String> getVariantAttributes();
/**
* This method is used to obtain the list of attributes that do not vary
* between the analyzed responses.
*
* @return The attributes that do not vary between the analyzed responses.
*/
List<String> getInvariantAttributes();
/**
* This method is used to obtain the value of an individual attribute in a
* response. Note that the values of some attributes are intrinsically
* meaningful (e.g. a word count) while the values of others are less so
* (e.g. a checksum of the HTML tag names).
*
* @param attributeName The name of the attribute whose value will be
* retrieved. Extension authors can obtain the list of supported attributes
* by generating an <code>IResponseVariations</code> object for a single
* response and calling
* <code>IResponseVariations.getInvariantAttributes()</code>.
* @param responseIndex The index of the response. Note that responses are
* indexed from zero in the order they were originally supplied to the
* <code>IExtensionHelpers.analyzeResponseVariations()</code> and
* <code>IResponseVariations.updateWith()</code> methods.
* @return The value of the specified attribute for the specified response.
*/
int getAttributeValue(String attributeName, int responseIndex);
/**
* This method is used to update the analysis based on additional responses.
*
* @param responses The new responses to include in the analysis.
*/
void updateWith(byte[]... responses);
}

123
src/burp/IScanIssue.java
View File

@@ -1,123 +0,0 @@
package burp;
/*
* @(#)IScanIssue.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve details of Scanner issues. Extensions can
* obtain details of issues by registering an <code>IScannerListener</code> or
* by calling <code>IBurpExtenderCallbacks.getScanIssues()</code>. Extensions
* can also add custom Scanner issues by registering an
* <code>IScannerCheck</code> or calling
* <code>IBurpExtenderCallbacks.addScanIssue()</code>, and providing their own
* implementations of this interface. Note that issue descriptions and other
* text generated by extensions are subject to an HTML whitelist that allows
* only formatting tags and simple hyperlinks.
*/
public interface IScanIssue
{
/**
* This method returns the URL for which the issue was generated.
*
* @return The URL for which the issue was generated.
*/
java.net.URL getUrl();
/**
* This method returns the name of the issue type.
*
* @return The name of the issue type (e.g. "SQL injection").
*/
String getIssueName();
/**
* This method returns a numeric identifier of the issue type. See the Burp
* Scanner documentation for a listing of all the issue types.
*
* @return A numeric identifier of the issue type.
*/
int getIssueType();
/**
* This method returns the issue severity level.
*
* @return The issue severity level. Expected values are "High", "Medium",
* "Low", "Information" or "False positive".
*
*/
String getSeverity();
/**
* This method returns the issue confidence level.
*
* @return The issue confidence level. Expected values are "Certain", "Firm"
* or "Tentative".
*/
String getConfidence();
/**
* This method returns a background description for this type of issue.
*
* @return A background description for this type of issue, or
* <code>null</code> if none applies. A limited set of HTML tags may be
* used.
*/
String getIssueBackground();
/**
* This method returns a background description of the remediation for this
* type of issue.
*
* @return A background description of the remediation for this type of
* issue, or <code>null</code> if none applies. A limited set of HTML tags
* may be used.
*/
String getRemediationBackground();
/**
* This method returns detailed information about this specific instance of
* the issue.
*
* @return Detailed information about this specific instance of the issue,
* or <code>null</code> if none applies. A limited set of HTML tags may be
* used.
*/
String getIssueDetail();
/**
* This method returns detailed information about the remediation for this
* specific instance of the issue.
*
* @return Detailed information about the remediation for this specific
* instance of the issue, or <code>null</code> if none applies. A limited
* set of HTML tags may be used.
*/
String getRemediationDetail();
/**
* This method returns the HTTP messages on the basis of which the issue was
* generated.
*
* @return The HTTP messages on the basis of which the issue was generated.
* <b>Note:</b> The items in this array should be instances of
* <code>IHttpRequestResponseWithMarkers</code> if applicable, so that
* details of the relevant portions of the request and response messages are
* available.
*/
IHttpRequestResponse[] getHttpMessages();
/**
* This method returns the HTTP service for which the issue was generated.
*
* @return The HTTP service for which the issue was generated.
*/
IHttpService getHttpService();
}

81
src/burp/IScanQueueItem.java
View File

@@ -1,81 +0,0 @@
package burp;
/*
* @(#)IScanQueueItem.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve details of items in the Burp Scanner
* active scan queue. Extensions can obtain references to scan queue items by
* calling
* <code>IBurpExtenderCallbacks.doActiveScan()</code>.
*/
public interface IScanQueueItem
{
/**
* This method returns a description of the status of the scan queue item.
*
* @return A description of the status of the scan queue item.
*/
String getStatus();
/**
* This method returns an indication of the percentage completed for the
* scan queue item.
*
* @return An indication of the percentage completed for the scan queue
* item.
*/
@Deprecated
byte getPercentageComplete();
/**
* This method returns the number of requests that have been made for the
* scan queue item.
*
* @return The number of requests that have been made for the scan queue
* item.
*/
int getNumRequests();
/**
* This method returns the number of network errors that have occurred for
* the scan queue item.
*
* @return The number of network errors that have occurred for the scan
* queue item.
*/
int getNumErrors();
/**
* This method returns the number of attack insertion points being used for
* the scan queue item.
*
* @return The number of attack insertion points being used for the scan
* queue item.
*/
int getNumInsertionPoints();
/**
* This method allows the scan queue item to be canceled.
*/
void cancel();
/**
* This method returns details of the issues generated for the scan queue
* item. <b>Note:</b> different items within the scan queue may contain
* duplicated versions of the same issues - for example, if the same request
* has been scanned multiple times. Duplicated issues are consolidated in
* the main view of scan results. Extensions can register an
* <code>IScannerListener</code> to get details only of unique, newly
* discovered Scanner issues post-consolidation.
*
* @return Details of the issues generated for the scan queue item.
*/
IScanIssue[] getIssues();
}

83
src/burp/IScannerCheck.java
View File

@@ -1,83 +0,0 @@
package burp;
/*
* @(#)IScannerCheck.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerCheck()</code> to register a
* custom Scanner check. When performing scanning, Burp will ask the check to
* perform active or passive scanning on the base request, and report any
* Scanner issues that are identified.
*/
public interface IScannerCheck
{
/**
* The Scanner invokes this method for each base request / response that is
* passively scanned. <b>Note:</b> Extensions should only analyze the
* HTTP messages provided during passive scanning, and should not make any
* new HTTP requests of their own.
*
* @param baseRequestResponse The base HTTP request / response that should
* be passively scanned.
* @return A list of <code>IScanIssue</code> objects, or <code>null</code>
* if no issues are identified.
*/
List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse);
/**
* The Scanner invokes this method for each insertion point that is actively
* scanned. Extensions may issue HTTP requests as required to carry out
* active scanning, and should use the
* <code>IScannerInsertionPoint</code> object provided to build scan
* requests for particular payloads.
* <b>Note:</b>
* Scan checks should submit raw non-encoded payloads to insertion points,
* and the insertion point has responsibility for performing any data
* encoding that is necessary given the nature and location of the insertion
* point.
*
* @param baseRequestResponse The base HTTP request / response that should
* be actively scanned.
* @param insertionPoint An <code>IScannerInsertionPoint</code> object that
* can be queried to obtain details of the insertion point being tested, and
* can be used to build scan requests for particular payloads.
* @return A list of <code>IScanIssue</code> objects, or <code>null</code>
* if no issues are identified.
*/
List<IScanIssue> doActiveScan(
IHttpRequestResponse baseRequestResponse,
IScannerInsertionPoint insertionPoint);
/**
* The Scanner invokes this method when the custom Scanner check has
* reported multiple issues for the same URL path. This can arise either
* because there are multiple distinct vulnerabilities, or because the same
* (or a similar) request has been scanned more than once. The custom check
* should determine whether the issues are duplicates. In most cases, where
* a check uses distinct issue names or descriptions for distinct issues,
* the consolidation process will simply be a matter of comparing these
* features for the two issues.
*
* @param existingIssue An issue that was previously reported by this
* Scanner check.
* @param newIssue An issue at the same URL path that has been newly
* reported by this Scanner check.
* @return An indication of which issue(s) should be reported in the main
* Scanner results. The method should return <code>-1</code> to report the
* existing issue only, <code>0</code> to report both issues, and
* <code>1</code> to report the new issue only.
*/
int consolidateDuplicateIssues(
IScanIssue existingIssue,
IScanIssue newIssue);
}

174
src/burp/IScannerInsertionPoint.java
View File

@@ -1,174 +0,0 @@
package burp;
/*
* @(#)IScannerInsertionPoint.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to define an insertion point for use by active Scanner
* checks. Extensions can obtain instances of this interface by registering an
* <code>IScannerCheck</code>, or can create instances for use by Burp's own
* scan checks by registering an
* <code>IScannerInsertionPointProvider</code>.
*/
public interface IScannerInsertionPoint
{
/**
* Used to indicate where the payload is inserted into the value of a URL
* parameter.
*/
static final byte INS_PARAM_URL = 0x00;
/**
* Used to indicate where the payload is inserted into the value of a body
* parameter.
*/
static final byte INS_PARAM_BODY = 0x01;
/**
* Used to indicate where the payload is inserted into the value of an HTTP
* cookie.
*/
static final byte INS_PARAM_COOKIE = 0x02;
/**
* Used to indicate where the payload is inserted into the value of an item
* of data within an XML data structure.
*/
static final byte INS_PARAM_XML = 0x03;
/**
* Used to indicate where the payload is inserted into the value of a tag
* attribute within an XML structure.
*/
static final byte INS_PARAM_XML_ATTR = 0x04;
/**
* Used to indicate where the payload is inserted into the value of a
* parameter attribute within a multi-part message body (such as the name of
* an uploaded file).
*/
static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
/**
* Used to indicate where the payload is inserted into the value of an item
* of data within a JSON structure.
*/
static final byte INS_PARAM_JSON = 0x06;
/**
* Used to indicate where the payload is inserted into the value of an AMF
* parameter.
*/
static final byte INS_PARAM_AMF = 0x07;
/**
* Used to indicate where the payload is inserted into the value of an HTTP
* request header.
*/
static final byte INS_HEADER = 0x20;
/**
* Used to indicate where the payload is inserted into a URL path folder.
*/
static final byte INS_URL_PATH_FOLDER = 0x21;
/**
* Used to indicate where the payload is inserted into a URL path folder.
* This is now deprecated; use <code>INS_URL_PATH_FOLDER</code> instead.
*/
@Deprecated
static final byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER;
/**
* Used to indicate where the payload is inserted into the name of an added
* URL parameter.
*/
static final byte INS_PARAM_NAME_URL = 0x22;
/**
* Used to indicate where the payload is inserted into the name of an added
* body parameter.
*/
static final byte INS_PARAM_NAME_BODY = 0x23;
/**
* Used to indicate where the payload is inserted into the body of the HTTP
* request.
*/
static final byte INS_ENTIRE_BODY = 0x24;
/**
* Used to indicate where the payload is inserted into the URL path
* filename.
*/
static final byte INS_URL_PATH_FILENAME = 0x25;
/**
* Used to indicate where the payload is inserted at a location manually
* configured by the user.
*/
static final byte INS_USER_PROVIDED = 0x40;
/**
* Used to indicate where the insertion point is provided by an
* extension-registered
* <code>IScannerInsertionPointProvider</code>.
*/
static final byte INS_EXTENSION_PROVIDED = 0x41;
/**
* Used to indicate where the payload is inserted at an unknown location
* within the request.
*/
static final byte INS_UNKNOWN = 0x7f;
/**
* This method returns the name of the insertion point.
*
* @return The name of the insertion point (for example, a description of a
* particular request parameter).
*/
String getInsertionPointName();
/**
* This method returns the base value for this insertion point.
*
* @return the base value that appears in this insertion point in the base
* request being scanned, or <code>null</code> if there is no value in the
* base request that corresponds to this insertion point.
*/
String getBaseValue();
/**
* This method is used to build a request with the specified payload placed
* into the insertion point. There is no requirement for extension-provided
* insertion points to adjust the Content-Length header in requests if the
* body length has changed, although Burp-provided insertion points will
* always do this and will return a request with a valid Content-Length
* header.
* <b>Note:</b>
* Scan checks should submit raw non-encoded payloads to insertion points,
* and the insertion point has responsibility for performing any data
* encoding that is necessary given the nature and location of the insertion
* point.
*
* @param payload The payload that should be placed into the insertion
* point.
* @return The resulting request.
*/
byte[] buildRequest(byte[] payload);
/**
* This method is used to determine the offsets of the payload value within
* the request, when it is placed into the insertion point. Scan checks may
* invoke this method when reporting issues, so as to highlight the relevant
* part of the request within the UI.
*
* @param payload The payload that should be placed into the insertion
* point.
* @return An int[2] array containing the start and end offsets of the
* payload within the request, or null if this is not applicable (for
* example, where the insertion point places a payload into a serialized
* data structure, the raw payload may not literally appear anywhere within
* the resulting request).
*/
int[] getPayloadOffsets(byte[] payload);
/**
* This method returns the type of the insertion point.
*
* @return The type of the insertion point. Available types are defined in
* this interface.
*/
byte getInsertionPointType();
}

38
src/burp/IScannerInsertionPointProvider.java
View File

@@ -1,38 +0,0 @@
package burp;
/*
* @(#)IScannerInsertionPointProvider.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerInsertionPointProvider()</code>
* to register a factory for custom Scanner insertion points.
*/
public interface IScannerInsertionPointProvider
{
/**
* When a request is actively scanned, the Scanner will invoke this method,
* and the provider should provide a list of custom insertion points that
* will be used in the scan. <b>Note:</b> these insertion points are used in
* addition to those that are derived from Burp Scanner's configuration, and
* those provided by any other Burp extensions.
*
* @param baseRequestResponse The base request that will be actively
* scanned.
* @return A list of
* <code>IScannerInsertionPoint</code> objects that should be used in the
* scanning, or
* <code>null</code> if no custom insertion points are applicable for this
* request.
*/
List<IScannerInsertionPoint> getInsertionPoints(
IHttpRequestResponse baseRequestResponse);
}

30
src/burp/IScannerListener.java
View File

@@ -1,30 +0,0 @@
package burp;
/*
* @(#)IScannerListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerListener()</code> to register a
* Scanner listener. The listener will be notified of new issues that are
* reported by the Scanner tool. Extensions can perform custom analysis or
* logging of Scanner issues by registering a Scanner listener.
*/
public interface IScannerListener
{
/**
* This method is invoked when a new issue is added to Burp Scanner's
* results.
*
* @param issue An
* <code>IScanIssue</code> object that the extension can query to obtain
* details about the new issue.
*/
void newScanIssue(IScanIssue issue);
}

25
src/burp/IScopeChangeListener.java
View File

@@ -1,25 +0,0 @@
package burp;
/*
* @(#)IScopeChangeListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScopeChangeListener()</code> to register
* a scope change listener. The listener will be notified whenever a change
* occurs to Burp's suite-wide target scope.
*/
public interface IScopeChangeListener
{
/**
* This method is invoked whenever a change occurs to Burp's suite-wide
* target scope.
*/
void scopeChanged();
}

51
src/burp/ISessionHandlingAction.java
View File

@@ -1,51 +0,0 @@
package burp;
/*
* @(#)ISessionHandlingAction.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerSessionHandlingAction()</code> to
* register a custom session handling action. Each registered action will be
* available within the session handling rule UI for the user to select as a
* rule action. Users can choose to invoke an action directly in its own right,
* or following execution of a macro.
*/
public interface ISessionHandlingAction
{
/**
* This method is used by Burp to obtain the name of the session handling
* action. This will be displayed as an option within the session handling
* rule editor when the user selects to execute an extension-provided
* action.
*
* @return The name of the action.
*/
String getActionName();
/**
* This method is invoked when the session handling action should be
* executed. This may happen as an action in its own right, or as a
* sub-action following execution of a macro.
*
* @param currentRequest The base request that is currently being processed.
* The action can query this object to obtain details about the base
* request. It can issue additional requests of its own if necessary, and
* can use the setter methods on this object to update the base request.
* @param macroItems If the action is invoked following execution of a
* macro, this parameter contains the result of executing the macro.
* Otherwise, it is
* <code>null</code>. Actions can use the details of the macro items to
* perform custom analysis of the macro to derive values of non-standard
* session handling tokens, etc.
*/
void performAction(
IHttpRequestResponse currentRequest,
IHttpRequestResponse[] macroItems);
}

38
src/burp/ITab.java
View File

@@ -1,38 +0,0 @@
package burp;
/*
* @(#)ITab.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide Burp with details of a custom tab that will
* be added to Burp's UI, using a method such as
* <code>IBurpExtenderCallbacks.addSuiteTab()</code>.
*/
public interface ITab
{
/**
* Burp uses this method to obtain the caption that should appear on the
* custom tab when it is displayed.
*
* @return The caption that should appear on the custom tab when it is
* displayed.
*/
String getTabCaption();
/**
* Burp uses this method to obtain the component that should be used as the
* contents of the custom tab when it is displayed.
*
* @return The component that should be used as the contents of the custom
* tab when it is displayed.
*/
Component getUiComponent();
}

33
src/burp/ITempFile.java
View File

@@ -1,33 +0,0 @@
package burp;
/*
* @(#)ITempFile.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details of a temporary file that has been
* created via a call to
* <code>IBurpExtenderCallbacks.saveToTempFile()</code>.
*
*/
public interface ITempFile
{
/**
* This method is used to retrieve the contents of the buffer that was saved
* in the temporary file.
*
* @return The contents of the buffer that was saved in the temporary file.
*/
byte[] getBuffer();
/**
* This method is deprecated and no longer performs any action.
*/
@Deprecated
void delete();
}

90
src/burp/ITextEditor.java
View File

@@ -1,90 +0,0 @@
package burp;
/*
* @(#)ITextEditor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide extensions with an instance of Burp's raw
* text editor, for the extension to use in its own UI. Extensions should call
* <code>IBurpExtenderCallbacks.createTextEditor()</code> to obtain an instance
* of this interface.
*/
public interface ITextEditor
{
/**
* This method returns the UI component of the editor, for extensions to add
* to their own UI.
*
* @return The UI component of the editor.
*/
Component getComponent();
/**
* This method is used to control whether the editor is currently editable.
* This status can be toggled on and off as required.
*
* @param editable Indicates whether the editor should be currently
* editable.
*/
void setEditable(boolean editable);
/**
* This method is used to update the currently displayed text in the editor.
*
* @param text The text to be displayed.
*/
void setText(byte[] text);
/**
* This method is used to retrieve the currently displayed text.
*
* @return The currently displayed text.
*/
byte[] getText();
/**
* This method is used to determine whether the user has modified the
* contents of the editor.
*
* @return An indication of whether the user has modified the contents of
* the editor since the last call to
* <code>setText()</code>.
*/
boolean isTextModified();
/**
* This method is used to obtain the currently selected text.
*
* @return The currently selected text, or
* <code>null</code> if the user has not made any selection.
*/
byte[] getSelectedText();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the displayed text, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection within the displayed text. If the user has not made any
* selection in the current message, both offsets indicate the position of
* the caret within the editor.
*/
int[] getSelectionBounds();
/**
* This method is used to update the search expression that is shown in the
* search bar below the editor. The editor will automatically highlight any
* regions of the displayed text that match the search expression.
*
* @param expression The search expression.
*/
void setSearchExpression(String expression);
}

235
src/main/java/burp/BurpExtender.java Normal file
View File

@@ -0,0 +1,235 @@
package burp;
import burp.action.*;
import burp.ui.MainUI;
import javax.swing.*;
import java.awt.*;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.List;
import java.io.PrintWriter;
import java.util.Map;
/*
* @author EvilChen
*/
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private MainUI main = new MainUI();
private static PrintWriter stdout;
private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers;
private static IMessageEditorTab HaETab;
MatchHTTP mh = new MatchHTTP();
ExtractContent ec = new ExtractContent();
DoAction da = new DoAction();
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
BurpExtender.helpers = callbacks.getHelpers();
String version = "2.0.5";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@UI Author: 0chencc");
stdout.println("@Core Author: EvilChen");
stdout.println("@Github: https://github.com/gh0stkey/HaE");
// UI
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
initialize();
}
});
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize(){
callbacks.customizeUiComponent(main);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public String getTabCaption(){
return "HaE";
}
@Override
public Component getUiComponent() {
return main;
}
/*
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
Map<String, Map<String, Object>> obj;
byte[] content = messageInfo.getRequest();
// 流量清洗
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), content).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return;
}
if (messageIsRequest) {
// 获取报文头
List<String> requestTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
// 获取报文主体
int requestBodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), content).getBodyOffset();
byte[] byteRequest = messageInfo.getRequest();
byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length);
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
} else {
// 获取报文头
List<String> responseTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
// 获取报文主体
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
byte[] byteResponse = messageInfo.getResponse();
byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length);
content = messageInfo.getResponse();
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
}
List<String> colorList = da.highlightList(obj);
if (colorList.size() != 0) {
String color = uc.getEndColor(gck.getColorKeys(colorList, Config.colorArray), Config.colorArray);
messageInfo.setHighlight(color);
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private ITextEditor markInfoText;
private byte[] currentMessage;
private final IMessageEditorController controller;
private byte[] extractRequestContent;
private byte[] extractResponseContent;
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
this.controller = controller;
markInfoText = callbacks.createTextEditor();
markInfoText.setEditable(editable);
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
return markInfoText.getComponent();
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
Map<String, Map<String, Object>> obj;
if (isRequest) {
try {
// 流量清洗
String urlString = helpers.analyzeRequest(controller.getHttpService(), controller.getRequest()).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return false;
}
} catch (Exception e) {
return false;
}
// 获取报文头
List<String> requestTmpHeaders = helpers.analyzeRequest(controller.getHttpService(), content).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
// 获取报文主体
int requestBodyOffset = helpers.analyzeRequest(controller.getHttpService(), content).getBodyOffset();
byte[] byteRequest = controller.getRequest();
byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length);
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
if (obj.size() > 0) {
String result = da.extractString(obj);
extractRequestContent = result.getBytes();
return true;
}
} else {
// 获取报文头
List<String> responseTmpHeaders = helpers.analyzeResponse(content).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
// 获取报文主体
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
byte[] byteResponse = controller.getResponse();
byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length);
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
if (obj.size() > 0) {
String result = da.extractString(obj);
extractResponseContent = result.getBytes();
return true;
}
}
return false;
}
@Override
public byte[] getMessage() {
return currentMessage;
}
@Override
public boolean isModified() {
return markInfoText.isTextModified();
}
@Override
public byte[] getSelectedData() {
return markInfoText.getSelectedText();
}
/*
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
stdout.println(e);
}
if (content.length > 0) {
if (isRequest) {
markInfoText.setText(extractRequestContent);
} else {
markInfoText.setText(extractResponseContent);
}
}
currentMessage = content;
}
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
HaETab = new MarkInfoTab(controller, editable);
return HaETab;
}
}

38
src/main/java/burp/Config.java Normal file
View File

@@ -0,0 +1,38 @@
package burp;
/*
* @author EvilChen
*/
public class Config {
public static String excludeSuffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|arc|au|avi|azw|bin|bmp|bz|bz2|cmx|cod|csh|css|csv|doc|docx|eot|epub|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|m3u|mid|midi|mjs|mp2|mp3|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|snd|svg|swf|tar|tif|tiff|ttf|vsd|wav|weba|webm|webp|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip|zip";
public static String[] scopeArray = new String[] {
"any",
"response",
"response header",
"response body",
"request",
"request header",
"request body"
};
public static String[] engineArray = new String[] {
"nfa",
"dfa"
};
public static String outputTplString = "[%s]\n%s\n\n";
public static String[] colorArray = new String[] {
"red",
"orange",
"yellow",
"green",
"cyan",
"blue",
"pink",
"magenta",
"gray"
};
}

33
src/main/java/burp/action/DoAction.java Normal file
View File

@@ -0,0 +1,33 @@
package burp.action;
import java.util.Map;
import burp.Config;
import java.util.ArrayList;
import java.util.List;
/*
* @author EvilChen
*/
public class DoAction {
public String extractString(Map<String, Map<String, Object>> obj) {
String[] result = {""};
obj.keySet().forEach(i->{
Map<String, Object> tmpMap = obj.get(i);
String data = tmpMap.get("data").toString();
String tmpStr = String.format(Config.outputTplString, i, data).intern();
result[0] += tmpStr;
});
return result[0];
}
public List<String> highlightList(Map<String, Map<String, Object>> obj) {
List<String> colorList = new ArrayList<String>();
obj.keySet().forEach(i->{
Map<String, Object> tmpMap = obj.get(i);
String color = tmpMap.get("color").toString();
colorList.add(color);
});
return colorList;
}
}

103
src/main/java/burp/action/ExtractContent.java Normal file
View File

@@ -0,0 +1,103 @@
package burp.action;
import java.io.UnsupportedEncodingException;
import java.util.*;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton;
import jregex.Matcher;
import jregex.Pattern;
import burp.yaml.LoadRule;
import burp.yaml.LoadConfigFile;
/*
* @author EvilChen
*/
public class ExtractContent {
private LoadConfigFile lcf = new LoadConfigFile();
private LoadRule lr = new LoadRule(lcf.getConfigPath());
public Map<String, Map<String, Object>> matchRegex(byte[] content, String headers, byte[] body, String scopeString) {
Map<String, Map<String, Object>> map = new HashMap<>(); // 最终返回的结果
Map<String,Object[][]> rules = lr.getConfig();
rules.keySet().forEach(i -> {
String matchContent = "";
for (Object[] objects : rules.get(i)) {
// 遍历获取规则
List<String> result = new ArrayList<>();
Map<String, Object> tmpMap = new HashMap<>();
String name = objects[1].toString();
boolean loaded = (Boolean) objects[0];
String regex = objects[2].toString();
String color = objects[3].toString();
String scope = objects[4].toString();
String engine = objects[5].toString();
// 判断规则是否开启与作用域
if (loaded && (scope.contains(scopeString) || scope.equals("any"))) {
switch (scope) {
case "any":
case "request":
case "response":
try {
matchContent = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
break;
case "request header":
case "response header":
matchContent = headers;
break;
case "request body":
case "response body":
try {
matchContent = new String(body, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
break;
}
if (engine.equals("nfa")) {
Pattern pattern = new Pattern(regex);
Matcher matcher = pattern.matcher(matchContent);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
} else {
RegExp regexpr = new RegExp(regex);
Automaton auto = regexpr.toAutomaton();
RunAutomaton runAuto = new RunAutomaton(auto, true);
AutomatonMatcher autoMatcher = runAuto.newMatcher(matchContent);
while (autoMatcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(autoMatcher.group());
}
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
tmpMap.put("color", color);
tmpMap.put("data", String.join("\n", result));
// 初始化格式
map.put(name, tmpMap);
}
}
}
});
return map;
}
}

27
src/main/java/burp/action/GetColorKey.java Normal file
View File

@@ -0,0 +1,27 @@
package burp.action;
import java.util.ArrayList;
import java.util.List;
/*
* @author EvilChen
*/
public class GetColorKey {
/*
* 颜色下标获取
*/
public List<Integer> getColorKeys(List<String> keys, String[] colorArray){
List<Integer> result = new ArrayList<Integer>();
int size = colorArray.length;
// 根据颜色获取下标
for (int x = 0; x < keys.size(); x++) {
for (int v = 0; v < size; v++) {
if (colorArray[v].equals(keys.get(x))) {
result.add(v);
}
}
}
return result;
}
}

24
src/main/java/burp/action/MatchHTTP.java Normal file
View File

@@ -0,0 +1,24 @@
package burp.action;
import jregex.Matcher;
import jregex.Pattern;
import jregex.REFlags;
import burp.yaml.LoadConfigFile;
/*
* @author EvilChen
*/
public class MatchHTTP {
// 匹配后缀
LoadConfigFile lc = new LoadConfigFile();
public boolean matchSuffix(String str) {
Pattern pattern = new Pattern(String.format("[\\w]+[\\.](%s)", lc.getExcludeSuffix()), REFlags.IGNORE_CASE);
Matcher matcher = pattern.matcher(str);
if(matcher.find()){
return true;
}else{
return false;
}
}
}

56
src/main/java/burp/action/UpgradeColor.java Normal file
View File

@@ -0,0 +1,56 @@
package burp.action;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
/*
* @author EvilChen
*/
public class UpgradeColor {
private String endColor = "";
/*
* 颜色升级递归算法
*/
private String colorUpgrade(List<Integer> colorList, String[] colorArray) {
int colorSize = colorList.size();
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<Integer>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
i++;
} else {
if (colorList.get(i) != stack.stream().reduce((first, second) -> second).orElse(99999999)) {
stack.add(colorList.get(i));
i++;
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
i++;
}
}
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0).equals(-1)) {
this.endColor = colorArray[0];
} else {
this.endColor = colorArray[stack.get(0)];
}
} else {
this.colorUpgrade(stack, colorArray);
}
return "";
}
public String getEndColor(List<Integer> colorList, String[] colorArray) {
colorUpgrade(colorList, colorArray);
return endColor;
}
}

117
src/main/java/burp/ui/JTabbedPaneCloseButton.java Normal file
View File

@@ -0,0 +1,117 @@
package burp.ui;
import javax.swing.*;
import javax.swing.plaf.metal.MetalIconFactory;
import java.awt.*;
import java.awt.event.MouseEvent;
import java.awt.event.MouseListener;
/*
* @author 6dc
*
* A class which creates a JTabbedPane and auto sets a close button when you add a tab
*/
public class JTabbedPaneCloseButton extends JTabbedPane {
public JTabbedPaneCloseButton() {
super();
}
/* Override Addtab in order to add the close Button everytime */
@Override
public void addTab(String title, Icon icon, Component component, String tip) {
super.addTab(title, icon, component, tip);
int count = this.getTabCount() - 1;
setTabComponentAt(count, new CloseButtonTab(component, title, icon));
}
@Override
public void addTab(String title, Icon icon, Component component) {
addTab(title, icon, component, null);
}
@Override
public void addTab(String title, Component component) {
addTab(title, null, component);
}
public void addTab(String title,Component component,Boolean closewith){
if (closewith){
addTab(title,component);
}else{
super.addTab(title,null,component,null);
}
}
/* addTabNoExit */
public void addTabNoExit(String title, Icon icon, Component component, String tip) {
super.addTab(title, icon, component, tip);
}
public void addTabNoExit(String title, Icon icon, Component component) {
addTabNoExit(title, icon, component, null);
}
public void addTabNoExit(String title, Component component) {
addTabNoExit(title, null, component);
}
/* Button */
public class CloseButtonTab extends JPanel {
private Component tab;
public CloseButtonTab(final Component tab, String title, Icon icon) {
this.tab = tab;
setOpaque(false);
FlowLayout flowLayout = new FlowLayout(FlowLayout.CENTER, 3, 3);
setLayout(flowLayout);
JLabel jLabel = new JLabel(title);
jLabel.setIcon(icon);
add(jLabel);
JButton button = new JButton(MetalIconFactory.getInternalFrameCloseIcon(2));
button.setMargin(new Insets(0, 0, 0, 0));
button.addMouseListener(new CloseListener(tab));
add(button);
}
}
/* ClickListener */
public class CloseListener implements MouseListener
{
private Component tab;
public CloseListener(Component tab){
this.tab=tab;
}
@Override
public void mouseClicked(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
JTabbedPane tabbedPane = (JTabbedPane) clickedButton.getParent().getParent().getParent();
tabbedPane.remove(tab);
}
}
@Override
public void mousePressed(MouseEvent e) {}
@Override
public void mouseReleased(MouseEvent e) {}
@Override
public void mouseEntered(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
}
}
@Override
public void mouseExited(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
}
}
}
}

347
src/main/java/burp/ui/MainUI.java Normal file
View File

@@ -0,0 +1,347 @@
package burp.ui;
import org.jetbrains.annotations.NotNull;
import burp.yaml.LoadConfigFile;
import burp.yaml.LoadRule;
import burp.yaml.SetRuleConfig;
import javax.swing.*;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import javax.swing.filechooser.FileNameExtensionFilter;
import java.awt.*;
import java.awt.event.*;
import java.util.Map;
/*
* @author LinChen
*/
public class MainUI extends JPanel{
public MainUI() {
initComponents();
}
public void closeTabActionPerformed(ActionEvent e){
if (tabbedPane1.getTabCount()>2){
if (tabbedPane1.getSelectedIndex()!=0){
SetRuleConfig setruleconfig = new SetRuleConfig();
setruleconfig.deleteRules(tabbedPane1.getTitleAt(tabbedPane1.getSelectedIndex()));
tabbedPane1.remove(tabbedPane1.getSelectedIndex());
tabbedPane1.setSelectedIndex(tabbedPane1.getSelectedIndex()-1);
}else{
SetRuleConfig setruleconfig = new SetRuleConfig();
setruleconfig.deleteRules(tabbedPane1.getTitleAt(tabbedPane1.getSelectedIndex()));
tabbedPane1.remove(tabbedPane1.getSelectedIndex());
tabbedPane1.setSelectedIndex(tabbedPane1.getSelectedIndex());
}
}
}
private void SelectFileMouseClicked(MouseEvent e) {
JFileChooser chooseconfig = new JFileChooser();
chooseconfig.setFileSelectionMode(JFileChooser.FILES_ONLY);
FileNameExtensionFilter filter = new FileNameExtensionFilter("Yaml File (.yml/.yaml)","yaml", "yml");
chooseconfig.setFileFilter(filter);
int selectframe = chooseconfig.showDialog(new JLabel(),"Select");
if (selectframe == JFileChooser.APPROVE_OPTION){
String configpath = chooseconfig.getSelectedFile().toString();
reloadRule(configpath);
loadfile.setConfigPath(configpath);
}
configfilepathtext.setText(loadfile.getConfigPath());
}
private void reloadRule(String configfile){
tabbedPane1.removeAll();
LoadRule loadrule = new LoadRule(configfile);
Map<String,Object[][]> config = loadrule.getConfig();
ruleSwitch.setListen(false);
config.keySet().forEach(i->tabbedPane1.addTab(i,new RulePane(config.get(i),tabbedPane1)));
tabbedPane1.addTab("...",new JLabel());
ruleSwitch.setListen(true);
}
private void reloadRule(){
tabbedPane1.removeAll();
LoadRule loadrule = new LoadRule(loadfile.getConfigPath());
Map<String,Object[][]> config = loadrule.getConfig();
ruleSwitch.setListen(false);
config.keySet().forEach(i->tabbedPane1.addTab(i,new RulePane(config.get(i),tabbedPane1))
);
tabbedPane1.addTab("...",new JLabel());
ruleSwitch.setListen(true);
}
private void reloadMouseClicked(MouseEvent e) {
reloadRule();
}
private void ESSaveMouseClicked(MouseEvent e) {
// TODO add your code here
LoadConfigFile lcf = new LoadConfigFile();
lcf.setExcludeSuffix(EStext.getText());
}
private void initComponents() {
tabbedPane2 = new JTabbedPane();
tabbedPane1 = new JTabbedPane();
panel3 = new JPanel();
configfilepathtext = new JTextField();
label1 = new JLabel();
SelectFile = new JButton();
reload = new JButton();
label2 = new JLabel();
EStext = new JTextField();
ESSave = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {1.0, 1.0E-4};
//======== tabbedPane2 ========
{
tabbedPane2.addTab("Rules", tabbedPane1);
//======== panel3 ========
{
panel3.setLayout(new GridBagLayout());
((GridBagLayout)panel3.getLayout()).columnWidths = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)panel3.getLayout()).rowHeights = new int[] {0, 0, 0};
((GridBagLayout)panel3.getLayout()).columnWeights = new double[] {0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout)panel3.getLayout()).rowWeights = new double[] {0.0, 0.0, 1.0E-4};
//---- configfilepathtext ----
configfilepathtext.setEditable(false);
panel3.add(configfilepathtext, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
//---- label1 ----
label1.setText("Config File Path:");
panel3.add(label1, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.WEST, GridBagConstraints.VERTICAL,
new Insets(5, 5, 5, 5), 0, 0));
//---- SelectFile ----
SelectFile.setText("Select File ...");
SelectFile.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
SelectFileMouseClicked(e);
}
});
panel3.add(SelectFile, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
//---- reload ----
reload.setText("Reload");
reload.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
reloadMouseClicked(e);
}
});
panel3.add(reload, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
//---- label2 ----
label2.setText("ExcludeSuffix:");
panel3.add(label2, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTHWEST, GridBagConstraints.NONE,
new Insets(0, 5, 5, 5), 0, 0));
panel3.add(EStext, new GridBagConstraints(1, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
//---- ESSave ----
ESSave.setText("Save");
ESSave.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
ESSaveMouseClicked(e);
}
});
panel3.add(ESSave, new GridBagConstraints(2, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
}
tabbedPane2.addTab("Config", panel3);
}
add(tabbedPane2, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 0, 0, 0), 0, 0));
// JFormDesigner - End of component initialization //GEN-END:initComponents
LoadRule loadRule = new LoadRule(loadfile.getConfigPath());
Map<String,Object[][]> config = loadRule.getConfig();
config.keySet().forEach(i->tabbedPane1.addTab(i,new RulePane(config.get(i),tabbedPane1)));
tabbedPane1.addTab("...",new JLabel());
//TabTitleEditListener ruleSwitch = new TabTitleEditListener(tabbedPane1);
configfilepathtext.setText(loadfile.getConfigPath());
LoadConfigFile lcf =new LoadConfigFile();
EStext.setText(lcf.getExcludeSuffix());
ruleSwitch = new TabTitleEditListener(tabbedPane1);
tabbedPane1.addChangeListener(ruleSwitch);
tabbedPane1.addMouseListener(ruleSwitch);
closeTab.addActionListener(e -> closeTabActionPerformed(e));
tabMenu.add(closeTab);
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
private JTabbedPane tabbedPane2;
private JTabbedPane tabbedPane1;
private JPanel panel3;
private JTextField configfilepathtext;
private JLabel label1;
private JButton SelectFile;
private JButton reload;
private JLabel label2;
private JTextField EStext;
private JButton ESSave;
// JFormDesigner - End of variables declaration //GEN-END:variables
protected static JPopupMenu tabMenu = new JPopupMenu();
private JMenuItem closeTab = new JMenuItem("Delete");
private TabTitleEditListener ruleSwitch;
private LoadConfigFile loadfile = new LoadConfigFile();
}
class TabTitleEditListener extends MouseAdapter implements ChangeListener, DocumentListener {
protected final JTextField editor = new JTextField();
protected final JTabbedPane tabbedPane;
protected int editingIdx = -1;
protected int len = -1;
protected Boolean listen = true;
protected Dimension dim;
protected Component tabComponent;
protected Boolean isRenamesucc = false;
protected LoadConfigFile loadfile = new LoadConfigFile();
protected LoadRule lr = new LoadRule(loadfile.getConfigPath());
protected SetRuleConfig setRuleConfig = new SetRuleConfig();
protected final Action startEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
editingIdx = tabbedPane.getSelectedIndex();
tabComponent = tabbedPane.getTabComponentAt(editingIdx);
tabbedPane.setTabComponentAt(editingIdx, editor);
isRenamesucc = true;
editor.setVisible(true);
editor.setText(tabbedPane.getTitleAt(editingIdx));
editor.selectAll();
editor.requestFocusInWindow();
len = editor.getText().length();
dim = editor.getPreferredSize();
editor.setMinimumSize(dim);
}
};
protected final Action renameTabTitle = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
String title = editor.getText().trim();
if (editingIdx >= 0 && !title.isEmpty()) {
String oldname = tabbedPane.getTitleAt(editingIdx);
tabbedPane.setTitleAt(editingIdx, title);
setRuleConfig.rename(oldname,title);
}
cancelEditing.actionPerformed(null);
}
};
protected final Action cancelEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
if (editingIdx >= 0) {
tabbedPane.setTabComponentAt(editingIdx, tabComponent);
editor.setVisible(false);
editingIdx = -1;
len = -1;
tabComponent = null;
editor.setPreferredSize(null);
tabbedPane.requestFocusInWindow();
}
}
};
protected TabTitleEditListener(JTabbedPane tabbedPane) {
super();
this.tabbedPane = tabbedPane;
editor.setBorder(BorderFactory.createEmptyBorder());
editor.addFocusListener(new FocusAdapter() {
@Override public void focusLost(FocusEvent e) {
renameTabTitle.actionPerformed(null);
}
});
InputMap im = editor.getInputMap(JComponent.WHEN_FOCUSED);
ActionMap am = editor.getActionMap();
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0), "cancel-editing");
am.put("cancel-editing", cancelEditing);
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "rename-tab-title");
am.put("rename-tab-title", renameTabTitle);
editor.getDocument().addDocumentListener(this);
tabbedPane.getInputMap(JComponent.WHEN_FOCUSED).put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "start-editing");
tabbedPane.getActionMap().put("start-editing", startEditing);
}
@Override public void stateChanged(ChangeEvent e) {
if (e.getSource() instanceof JTabbedPane && listen) {
JTabbedPane pane = (JTabbedPane) e.getSource();
if (!isRenamesucc){
if (pane.getSelectedIndex() == pane.getComponentCount()-1){
newTab();
}
}else{
if (pane.getSelectedIndex() == pane.getComponentCount()-2){
newTab();
}
}
}
renameTabTitle.actionPerformed(null);
}
public void newTab(){
Object[][] data = new Object[][]{{false, "New Name", "(New Regex)", "gray", "any", "nfa"}};
insertTab(tabbedPane,setRuleConfig.newRules(),data);
}
public void insertTab(@NotNull JTabbedPane pane,String title,Object[][] data){
pane.addTab(title,new RulePane(data,pane));
pane.remove(pane.getSelectedIndex());
pane.addTab("...",new JLabel());
}
public void setListen(Boolean listen){
this.listen = listen;
}
@Override public void insertUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void removeUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void changedUpdate(DocumentEvent e) {}
@Override public void mouseClicked(MouseEvent e) {
switch (e.getButton()){
case 1:
{
Rectangle r = tabbedPane.getBoundsAt(tabbedPane.getSelectedIndex());
boolean isDoubleClick = e.getClickCount() >= 2;
if (isDoubleClick && r.contains(e.getPoint())) {
startEditing.actionPerformed(null);
} else {
renameTabTitle.actionPerformed(null);
}
break;
}
case 3:{
MainUI.tabMenu.show(e.getComponent(),e.getX(),e.getY());
break;
}
default:
break;
}
}
protected void updateTabSize() {
editor.setPreferredSize(editor.getText().length() > len ? null : dim);
tabbedPane.revalidate();
}
}

197
src/main/java/burp/ui/RulePane.java Normal file
View File

@@ -0,0 +1,197 @@
package burp.ui;
import burp.yaml.SetRuleConfig;
import javax.swing.*;
import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent;
import java.util.Vector;
/*
* @author LinChen
*/
public class RulePane extends JPanel {
public RulePane(Object[][] data,JTabbedPane pane) {
initComponents(data,pane);
}
private SetRuleConfig setruleconfig = new SetRuleConfig();
private Boolean isEdit = false;
private void RuleAddMouseClicked(MouseEvent e, JTabbedPane pane) {
// TODO add your code here
RuleSetting add = new RuleSetting();
int isOk = JOptionPane.showConfirmDialog(null,add,"RuleSetting - Add Rule",JOptionPane.OK_OPTION);
if(isOk == 0){
Vector data = new Vector();
data.add(false);
data.add(add.Name.getText());
data.add(add.Regex.getText());
data.add(add.ColorSelect.getSelectedItem().toString());
data.add(add.ScopeSelect.getSelectedItem().toString());
data.add(add.EngineSelect.getSelectedItem().toString());
model.insertRow(model.getRowCount(),data);
model = (DefaultTableModel) table.getModel();
setruleconfig.add(data,pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void RuleEditMouseClicked(MouseEvent e,JTabbedPane pane){
if (table.getSelectedRowCount()>=1){
RuleSetting edit = new RuleSetting();
edit.Name.setText(table.getValueAt(table.getSelectedRow(),1).toString());
edit.Regex.setText(table.getValueAt(table.getSelectedRow(),2).toString());
edit.ColorSelect.setSelectedItem(table.getValueAt(table.getSelectedRow(),3).toString());
edit.ScopeSelect.setSelectedItem(table.getValueAt(table.getSelectedRow(),4).toString());
edit.EngineSelect.setSelectedItem(table.getValueAt(table.getSelectedRow(),5).toString());
int isOk = JOptionPane.showConfirmDialog(null,edit,"RuleSetting - Edit Rule",JOptionPane.OK_OPTION);
if (isOk ==0){
int select = table.convertRowIndexToModel(table.getSelectedRow());
model.setValueAt(edit.Name.getText(),select,1);
model.setValueAt(edit.Regex.getText(),select,2);
model.setValueAt(edit.ColorSelect.getSelectedItem().toString(),select,3);
model.setValueAt(edit.ScopeSelect.getSelectedItem().toString(),select,4);
model.setValueAt(edit.EngineSelect.getSelectedItem().toString(),select,5);
model = (DefaultTableModel) table.getModel();
setruleconfig.edit((Vector) model.getDataVector().get(select),select,pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void RuleRemoveMouseClicked(MouseEvent e,JTabbedPane pane){
if (table.getSelectedRowCount()>=1){
int isOk = JOptionPane.showConfirmDialog(null,"Are your sure?","RuleSetting - Delete Rule",JOptionPane.OK_OPTION);
if (isOk==0){
int select = table.convertRowIndexToModel(table.getSelectedRow());
model.removeRow(select);
model = (DefaultTableModel) table.getModel();
setruleconfig.remove(select,pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void RuleTableChange(TableModelEvent e,JTabbedPane pane) {
if (e.getColumn()==0&&table.getSelectedRow()!=-1&&!isEdit){
model = (DefaultTableModel) table.getModel();
int select = table.convertRowIndexToModel(table.getSelectedRow());
setruleconfig.edit((Vector) model.getDataVector().get(select),select,pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void initComponents(Object[][] data,JTabbedPane pane) {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
RuleAdd = new JButton();
RuleEdit = new JButton();
scrollPane = new JScrollPane();
table = new JTable();
Remove = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 0.0, 0.0, 1.0, 1.0E-4};
//---- RuleAdd ----
RuleAdd.setText("Add");
RuleAdd.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
isEdit = true;
RuleAddMouseClicked(e,pane);
model = (DefaultTableModel) table.getModel();
isEdit = false;
}
});
add(RuleAdd, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 3, 2), 0, 0));
//---- RuleEdit ----
RuleEdit.setText("Edit");
RuleEdit.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
isEdit = true;
RuleEditMouseClicked(e,pane);
model = (DefaultTableModel) table.getModel();
isEdit = false;
}
});
add(RuleEdit, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
//======== scrollPane ========
{
//---- table ----
table.setShowVerticalLines(false);
table.setVerifyInputWhenFocusTarget(false);
table.setUpdateSelectionOnSort(false);
table.setShowHorizontalLines(false);
table.setModel(new DefaultTableModel());
table.setSurrendersFocusOnKeystroke(true);
scrollPane.setViewportView(table);
}
add(scrollPane, new GridBagConstraints(1, 0, 1, 4, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 5, 5), 0, 0));
//---- Remove ----
Remove.setText("Remove");
Remove.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
isEdit = true;
RuleRemoveMouseClicked(e,pane);
model = (DefaultTableModel) table.getModel();
isEdit = false;
}
});
add(Remove, new GridBagConstraints(0, 2, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
// JFormDesigner - End of component initialization //GEN-END:initComponents
table.setModel(model);
model.setDataVector(data,title);
model.addTableModelListener(new TableModelListener() {
@Override
public void tableChanged(TableModelEvent e) {
RuleTableChange(e,pane);
}
});
table.setRowSorter(new TableRowSorter(model));
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
public JButton RuleAdd;
public JButton RuleEdit;
public JScrollPane scrollPane;
public JTable table;
public JButton Remove;
// JFormDesigner - End of variables declaration //GEN-END:variables
private final String[] title = new String[]{"Loaded", "Name", "Regex", "Color", "Scope", "Engine"};
private DefaultTableModel model = new DefaultTableModel() {
public Class<?> getColumnClass ( int column){
if (column == 0) {
return Boolean.class;
}else{
return String.class;
}
}
public boolean isCellEditable(int row,int column){
if (column ==0){
return true;
}else {
return false;
}
}
};
}

105
src/main/java/burp/ui/RuleSetting.java Normal file
View File

@@ -0,0 +1,105 @@
package burp.ui;
import javax.swing.*;
import java.awt.*;
import burp.Config;
/*
* @author LinChen
*/
public class RuleSetting extends JPanel {
public RuleSetting() {
initComponents();
}
public void initComponents() {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
label5 = new JLabel();
label4 = new JLabel();
Regex = new JTextField();
label3 = new JLabel();
label2 = new JLabel();
Name = new JTextField();
ScopeSelect = new JComboBox<>();
EngineSelect = new JComboBox<>();
label6 = new JLabel();
ColorSelect = new JComboBox<>();
//======== this ========
setLayout(null);
//---- label5 ----
label5.setText("Engine:");
add(label5);
label5.setBounds(new Rectangle(new Point(10, 175), label5.getPreferredSize()));
//---- label4 ----
label4.setText("Scope:");
add(label4);
label4.setBounds(new Rectangle(new Point(10, 135), label4.getPreferredSize()));
add(Regex);
Regex.setBounds(70, 50, 265, 30);
//---- label3 ----
label3.setText("Regex:");
add(label3);
label3.setBounds(new Rectangle(new Point(10, 55), label3.getPreferredSize()));
//---- label2 ----
label2.setText("Name:");
add(label2);
label2.setBounds(new Rectangle(new Point(10, 15), label2.getPreferredSize()));
add(Name);
Name.setBounds(70, 10, 265, 30);
//---- ScopeSelect ----
ScopeSelect.setModel(new DefaultComboBoxModel<>(Config.scopeArray));
add(ScopeSelect);
ScopeSelect.setBounds(70, 130, 265, ScopeSelect.getPreferredSize().height);
//---- EngineSelect ----
EngineSelect.setModel(new DefaultComboBoxModel<>(Config.engineArray));
add(EngineSelect);
EngineSelect.setBounds(70, 170, 265, EngineSelect.getPreferredSize().height);
//---- label7 ----
label6.setText("Color:");
add(label6);
label6.setBounds(new Rectangle(new Point(10, 95), label6.getPreferredSize()));
//---- ColorSelect ----
ColorSelect.setModel(new DefaultComboBoxModel<>(Config.colorArray));
add(ColorSelect);
ColorSelect.setBounds(70, 90, 265, ColorSelect.getPreferredSize().height);
{
// compute preferred size
Dimension preferredSize = new Dimension();
for(int i = 0; i < getComponentCount(); i++) {
Rectangle bounds = getComponent(i).getBounds();
preferredSize.width = Math.max(bounds.x + bounds.width, preferredSize.width);
preferredSize.height = Math.max(bounds.y + bounds.height, preferredSize.height);
}
Insets insets = getInsets();
preferredSize.width += insets.right;
preferredSize.height += insets.bottom;
setMinimumSize(preferredSize);
setPreferredSize(preferredSize);
}
// JFormDesigner - End of component initialization //GEN-END:initComponents
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
private JLabel label5;
private JLabel label4;
public JTextField Regex;
private JLabel label3;
private JLabel label2;
public JTextField Name;
public JComboBox<String> ScopeSelect;
public JComboBox<String> EngineSelect;
private JLabel label6;
public JComboBox<String> ColorSelect;
// JFormDesigner - End of variables declaration //GEN-END:variables
}

19
src/main/java/burp/yaml/Config.java Normal file
View File

@@ -0,0 +1,19 @@
package burp.yaml;
import java.util.List;
/*
* @author LinChen
*/
public class Config {
public List<Rules> rules;
public List<Rules> getRules() {
return rules;
}
public void setRules(List<Rules> rules) {
this.rules = rules;
}
}

86
src/main/java/burp/yaml/LoadConfigFile.java Normal file
View File

@@ -0,0 +1,86 @@
package burp.yaml;
import org.jetbrains.annotations.NotNull;
import org.yaml.snakeyaml.Yaml;
import java.io.*;
import java.util.HashMap;
import java.util.Map;
/*
* @author LinChen
*/
public class LoadConfigFile {
private static Yaml yaml = new Yaml();
private static final String SettingPath = "Setting.yml";
private static final String ConfigPath = "Config.yml";
public LoadConfigFile(){
init();
}
// 初始化配置
public void init(){
File yamlSetting = new File(SettingPath);
if (!(yamlSetting.exists() && yamlSetting.isFile())) {
Map<String,Object> r = new HashMap<>();
r.put("configPath", ConfigPath);
r.put("excludeSuffix", getExcludeSuffix());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath),"UTF-8");
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
}
public String getExcludeSuffix(){
try {
InputStream inorder = new FileInputStream(SettingPath);
Map<String,Object> r;
r = yaml.load(inorder);
return r.get("excludeSuffix").toString();
} catch (FileNotFoundException e) {
e.printStackTrace();
return "css|jpeg|gif|jpg|png|pdf|rar|zip|docx|doc|svg|jpeg|ico|woff|woff2|ttf|otf";
}
}
public String getConfigPath(){
try {
InputStream inorder = new FileInputStream(SettingPath);
Map<String,Object> r;
r = yaml.load(inorder);
return r.get("configPath").toString();
} catch (FileNotFoundException e) {
e.printStackTrace();
return ConfigPath;
}
}
public void setExcludeSuffix(@NotNull String excludeSuffix){
Map<String,Object> r = new HashMap<>();
r.put("excludeSuffix", excludeSuffix);
r.put("configPath", getConfigPath());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath),"UTF-8");
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
public void setConfigPath(@NotNull String filePath){
Map<String,Object> r = new HashMap<>();
r.put("configPath", filePath);
r.put("excludeSuffix", getExcludeSuffix());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath),"UTF-8");
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
}

89
src/main/java/burp/yaml/LoadRule.java Normal file
View File

@@ -0,0 +1,89 @@
package burp.yaml;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.representer.Representer;
import org.yaml.snakeyaml.nodes.Tag;
import java.io.*;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
/*
* @author LinChen
*/
public class LoadRule {
private static String filePath = "Config.yml";
public LoadRule(String configfile){
filePath = configfile;
init();
}
// 初始化配置
public void init(){
File settingyaml = new File(filePath);
if (!(settingyaml.exists() && settingyaml.isFile())){
Map<String,Object[][]> r = new HashMap<>();
Rule rule = new Rule();
rule.setLoaded(true);
rule.setName("Email");
rule.setColor("yellow");
rule.setEngine("nfa");
rule.setScope("response");
rule.setRegex("(([a-zA-Z0-9][_|\\.])*[a-zA-Z0-9]+@([a-zA-Z0-9][-|_|\\.])*[a-zA-Z0-9]+\\.((?!js|css|jpg|jpeg|png|ico)[a-zA-Z]{2,}))");
Rules rules = new Rules();
rules.setType("Basic Information");
ArrayList<Rule> rl = new ArrayList<>();
rl.add(rule);
rules.setRule(rl);
ArrayList<Rules> rls = new ArrayList<>();
rls.add(rules);
Config config = new Config();
config.setRules(rls);
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
representer.addClassTag(Config.class, Tag.MAP);
Yaml yaml = new Yaml(new Constructor(),representer,dop);
LoadConfigFile loadfile = new LoadConfigFile();
File f = new File(loadfile.getConfigPath());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(f),"UTF-8");
yaml.dump(config,ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
}
public static Map<String,Object[][]> getConfig(){
InputStream inorder = null;
{
try {
inorder = new FileInputStream(new File(filePath));
} catch (FileNotFoundException e) {
e.printStackTrace();
}
}
Yaml yaml = new Yaml(new Constructor(Config.class));
Config plugin = yaml.loadAs(inorder, Config.class);
Map<String,Object[][]> config = new HashMap<>();
plugin.rules.forEach(i->{
ArrayList<Object[]> data = new ArrayList<>();
i.rule.forEach(j->{
try {
data.add(j.getRuleObject());
}catch (Exception e){
e.printStackTrace();
}
});
config.put(i.getType(), data.toArray(new Object[data.size()][]));
});
return config;
}
}

81
src/main/java/burp/yaml/Rule.java Normal file
View File

@@ -0,0 +1,81 @@
package burp.yaml;
import java.util.HashMap;
import java.util.Map;
/*
* @author LinChen
*/
public class Rule {
private String Name;
private Boolean Loaded;
private String Regex;
private String Color;
private String Engine;
private String Scope;
public Boolean getLoaded() {
return Loaded;
}
public String getColor() {
return Color;
}
public String getEngine() {
return Engine;
}
public String getName() {
return Name;
}
public String getRegex() {
return Regex;
}
public String getScope() {
return Scope;
}
public void setLoaded(Boolean loaded) {
this.Loaded = loaded;
}
public void setColor(String color) {
this.Color = color;
}
public void setEngine(String engine) {
this.Engine = engine;
}
public void setName(String name) {
this.Name = name;
}
public void setRegex(String regex) {
this.Regex = regex;
}
public void setScope(String scope) {
this.Scope = scope;
}
public Object[] getRuleObject(){
return new Object[]{Loaded, Name, Regex, Color, Scope, Engine};
}
public Map<String,Object> getRuleObjMap(){
Map<String,Object> r = new HashMap<>();
r.put("Loaded",Loaded);
r.put("Name",Name);
r.put("Regex",Regex);
r.put("Color",Color);
r.put("Scope",Scope);
r.put("Engine",Engine);
return r;
}
public String toString(){
return "{ \nLoaded: "+Loaded+"\nName: "+Name+"\nRegex: "+Regex+"\nColor: "+Color+"\nScope: "+Scope+"\nEngine: "+Engine+"\n}";
}
}

35
src/main/java/burp/yaml/Rules.java Normal file
View File

@@ -0,0 +1,35 @@
package burp.yaml;
import java.util.List;
/*
* @author LinChen
*/
public class Rules {
private String type;
public List<Rule> rule;
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public List<Rule> getRule() {
return rule;
}
public void setRule(List<Rule> rule) {
this.rule = rule;
}
public void setRuleObj(){
}
public String toString(){
return "{ type: "+type+"\n config: "+ rule +"}\n";
}
}

109
src/main/java/burp/yaml/SetRuleConfig.java Normal file
View File

@@ -0,0 +1,109 @@
package burp.yaml;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.nodes.Tag;
import org.yaml.snakeyaml.representer.Representer;
import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.util.*;
public class SetRuleConfig {
private static Yaml yaml;
private static LoadConfigFile loadfile;
private static LoadRule lr;
private Map<String,Object[][]> config = lr.getConfig();
public void format(){
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
representer.addClassTag(Config.class, Tag.MAP);
yaml = new Yaml(new Constructor(),representer,dop);
Config con = new Config();
List<Rules> rls = new ArrayList<>();
config.keySet().forEach(i->
{
Rules rlstmp = new Rules();
rlstmp.setType(i);
List<Rule> rl = new ArrayList<>();
for (Object[] objects : config.get(i)) {
Rule rltmp = new Rule();
rltmp.setName((String) objects[1]);
rltmp.setLoaded((Boolean) objects[0]);
rltmp.setRegex((String) objects[2]);
rltmp.setColor((String) objects[3]);
rltmp.setScope((String) objects[4]);
rltmp.setEngine((String) objects[5]);
rl.add(rltmp);
}
rlstmp.setRule(rl);
rls.add(rlstmp);
});
con.setRules(rls);
File f = new File(loadfile.getConfigPath());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(f),"UTF-8");
yaml.dump(con,ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
public void edit(Vector data,int select, String type){
loadfile = new LoadConfigFile();
lr = new LoadRule(loadfile.getConfigPath());
config = lr.getConfig();
config.get(type)[select] = data.toArray();
this.format();
}
public void add(Vector data,String type){
loadfile = new LoadConfigFile();
lr = new LoadRule(loadfile.getConfigPath());
config = lr.getConfig();
ArrayList<Object[]> x = new ArrayList<Object[]>(Arrays.asList(config.get(type)));
x.add(data.toArray());
config.put(type,x.toArray(new Object[x.size()][]));
this.format();
}
public void remove(int select,String type){
loadfile = new LoadConfigFile();
lr = new LoadRule(loadfile.getConfigPath());
config = lr.getConfig();
ArrayList<Object[]> x = new ArrayList<Object[]>(Arrays.asList(config.get(type)));
x.remove(select);
config.put(type,x.toArray(new Object[x.size()][]));
this.format();
}
public void rename(String oldname,String newname){
loadfile = new LoadConfigFile();
lr = new LoadRule(loadfile.getConfigPath());
config = lr.getConfig();
config.put(newname,config.remove(oldname));
this.format();
}
public void deleteRules(String Rules){
loadfile = new LoadConfigFile();
lr = new LoadRule(loadfile.getConfigPath());
config = lr.getConfig();
config.remove(Rules);
this.format();
}
public String newRules(){
int i = 0;
loadfile = new LoadConfigFile();
lr = new LoadRule(loadfile.getConfigPath());
config = lr.getConfig();
String name = "New ";
Object[][] data = new Object[][]{{false, "New Name", "(New Regex)", "gray", "any", "nfa"}};
while (config.containsKey(name+i)){
i++;
}
config.put(name+i,data);
this.format();
return name+i;
}
}