admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:1.5
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
..
compare: admin:2.4.2
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

66 Commits
1.5 ... 2.4.2

Author SHA1 Message Date
AnonymousUser
225ee471ec Version: 2.4.2 Update 2022-07-15 10:12:34 +08:00
AnonymousUser
5097124867 Version: 2.4.1 Update 2022-06-29 16:05:51 +08:00
AnonymousUser
7e0e3054be Version: 2.4.1 Update 2022-06-29 15:17:42 +08:00
ᴋᴇʏ
17a84fc19e Update README.md 2022-06-24 11:11:27 +08:00
ᴋᴇʏ
1573d563eb Update README.md 2022-06-23 22:31:39 +08:00
ᴋᴇʏ
515f7b33f0 Update README.md 2022-06-23 22:26:51 +08:00
AnonymousUser
1dc510d576 Version: 2.4 Update 2022-06-23 15:48:22 +08:00
AnonymousUser
f401214524 Version: 2.4 Update 2022-06-23 15:34:22 +08:00
ᴋᴇʏ
7ebba02200 Update README.md 2022-06-22 10:26:36 +08:00
AnonymousUser
93f5c73aac Update 2022-06-22 10:20:44 +08:00
AnonymousUser
60b261d6ef Update 2022-06-21 17:06:45 +08:00
AnonymousUser
c84ebf3a9d Version: 2.3 Update 2022-05-27 13:29:32 +08:00
AnonymousUser
15f84028bb Version: 2.2.3 Update 2022-05-12 11:00:55 +08:00
AnonymousUser
1238e536d1 Version: 2.2.2 Update 2022-05-04 23:17:24 +08:00
AnonymousUser
5d23a68c0e Version: 2.2.2 Update 2022-05-04 22:51:58 +08:00
AnonymousUser
d7f04526b4 Version: 2.2.2 Update 2022-05-04 22:48:44 +08:00
AnonymousUser
acff96ed7b Version: 2.2.2 Update 2022-05-04 22:47:28 +08:00
AnonymousUser
350c093162 Update 2022-05-04 20:50:53 +08:00
AnonymousUser
0d3d4f88e9 Version: 2.2.1 Update 2022-04-21 10:50:10 +08:00
AnonymousUser
37ca315aba Version: 2.2 Update 2022-04-08 17:25:35 +08:00
AnonymousUser
241247a4a0 Version: 2.2 Update 2022-04-08 17:21:40 +08:00
AnonymousUser
08bfb69fce Version: 2.1.6 Update 2022-03-31 13:54:12 +08:00
AnonymousUser
a6d5f3a204 Version: 2.1.5 Update 2022-02-25 13:22:14 +08:00
AnonymousUser
c4d8743fe3 Version: 2.1.4 Update 2022-02-21 09:31:03 +08:00
AnonymousUser
903077c830 Version: 2.1.3 Update 2022-01-11 14:46:25 +08:00
AnonymousUser
daddf15af2 Version: 2.1.2 Update 2021-10-23 00:06:48 +08:00
AnonymousUser
e747011ec0 Version: 2.1.2 Update 2021-10-23 00:00:20 +08:00
AnonymousUser
f7b2e99eb2 Version: 2.1.2 Update 2021-10-22 22:46:42 +08:00
AnonymousUser
59cd0a88b9 Update 2021-10-22 21:58:45 +08:00
AnonymousUser
b16cbf5b60 Update 2021-10-22 21:57:11 +08:00
AnonymousUser
4ef766dd82 Version: 2.1.1 Update 2021-10-21 23:42:15 +08:00
AnonymousUser
5d9f590977 Version: 2.1 Update 2021-09-12 15:23:54 +08:00
AnonymousUser
5c326d3ca6 Version: 2.0.7 Update 2021-09-07 22:09:42 +08:00
ᴋᴇʏ
62edae0ab4 Merge pull request #28 from gh0stkey/add-license-1 
Create LICENSE
 2021-08-16 11:01:05 +08:00
ᴋᴇʏ
562378873c Create LICENSE 2021-08-16 11:00:53 +08:00
AnonymousUser
5f62e9653f update 2021-08-01 15:00:12 +08:00
AnonymousUser
3fc1869a7b Version: 2.0.6 Update 2021-07-13 15:10:25 +08:00
AnonymousUser
43fbc46b65 Version: 2.0.5 Fixed Bug 2021-07-06 18:33:11 +08:00
AnonymousUser
00a4a835b2 Update 2021-06-25 12:41:25 +08:00
AnonymousUser
f872dadf46 Version: 2.0.4 Fixed Bug 2021-06-14 23:06:03 +08:00
0chen
15bbb9f1a0 修复一处bug 
close #18
感谢#18 问题已经修复
 2021-06-14 15:33:22 +08:00
AnonymousUser
89f3f6cf09 Version 2.0.3 Fixed Match Scope Bug 2021-06-12 15:24:19 +08:00
AnonymousUser
cf9f434ff8 Version 2.0.3 Fixed Match Scope Bug 2021-06-12 15:19:39 +08:00
AnonymousUser
37a907d6df Version: 2.0.2 Fixed UI BUG 2021-06-11 18:27:14 +08:00
AnonymousUser
83e5da2f7e Version: 2.0.2 Fixed UI BUG 2021-06-11 18:25:36 +08:00
AnonymousUser
e43a96b8ad Version: 2.0.1 Fixed bug 2021-06-11 12:36:30 +08:00
AnonymousUser
a7112ad297 Version: 2.0 Update 2021-06-11 08:22:45 +08:00
AnonymousUser
efc7a2d7e3 Version: 2.0 Update 2021-06-10 23:20:46 +08:00
AnonymousUser
0cfebb8464 Version: 2.0 Update 2021-06-10 23:02:51 +08:00
AnonymousUser
2b4e56ea8c Version: 2.0 Update 2021-06-10 22:59:27 +08:00
AnonymousUser
4bdb576448 Add Public Rules 2020-12-11 23:55:11 +08:00
Key
e7a7f823df Merge pull request #11 from PortSwigger/master 
BApp
 2020-12-04 23:02:57 +08:00
PortSwigger Support
a0d33f8c58 1.5.1 update 2020-12-04 14:51:33 +00:00
Uthman Eqbal
72511d9f14 Merge pull request #7 from gh0stkey/master 
HaE 1.5.1
 2020-12-04 12:02:26 +00:00
Uthman Eqbal
2336a49023 Merge branch 'master' into master 2020-12-04 12:02:16 +00:00
AnonymousUser
d89bec65e3 Update 2020-12-04 19:52:36 +08:00
AnonymousUser
2239ca1e90 Update 2020-12-04 19:48:22 +08:00
AnonymousUser
27fbf465b7 update 2020-12-04 16:00:40 +08:00
AnonymousUser
2879a1494c update 2020-12-04 02:46:19 +08:00
AnonymousUser
d9e0bf4714 Update: Customize HaE's Regex Engine 
Now you can customize HaE's regex engine: NFA/DFA, but the premise is that you need to test your regex is running ok under the engine you choose.
 2020-12-04 02:43:34 +08:00
AnonymousUser
170ed412b3 Add gitignore 2020-11-27 21:31:54 +08:00
PortSwigger Support
91009337c1 BApp update v1.5 2020-11-27 10:24:49 +00:00
Uthman Eqbal
a0127d75a9 Merge pull request #5 from gh0stkey/master 
HaE 1.5
 2020-11-27 09:17:41 +00:00
PortSwigger Support
df0f4bd41b BApp update 2020-11-12 14:22:18 +00:00
HannahLaw-Portswigger
d0a61ba9ac Merge pull request #4 from gh0stkey/master 
HaE 1.4.1
 2020-11-12 11:26:34 +00:00
PortSwigger Support
78628b03d1 BApp preparation 2020-10-08 10:06:10 +00:00
47 changed files with 2426 additions and 994 deletions
Expand all files Collapse all files

137
.gitignore vendored Normal file
View File

@@ -0,0 +1,137 @@
# User-specific stuff
.idea/**/workspace.xml
.idea/**/tasks.xml
.idea/**/usage.statistics.xml
.idea/**/dictionaries
.idea/**/shelf
# AWS User-specific
.idea/**/aws.xml
# Generated files
.idea/**/contentModel.xml
# Sensitive or high-churn files
.idea/**/dataSources/
.idea/**/dataSources.ids
.idea/**/dataSources.local.xml
.idea/**/sqlDataSources.xml
.idea/**/dynamic.xml
.idea/**/uiDesigner.xml
.idea/**/dbnavigator.xml
# Gradle
.idea/**/gradle.xml
.idea/**/libraries
# Gradle and Maven with auto-import
# When using Gradle or Maven with auto-import, you should exclude module files,
# since they will be recreated, and may cause churn. Uncomment if using
# auto-import.
# .idea/artifacts
# .idea/compiler.xml
# .idea/jarRepositories.xml
# .idea/modules.xml
# .idea/*.iml
# .idea/modules
# *.iml
# *.ipr
# CMake
cmake-build-*/
# Mongo Explorer plugin
.idea/**/mongoSettings.xml
# File-based project format
*.iws
# IntelliJ
out/
# mpeltonen/sbt-idea plugin
.idea_modules/
# JIRA plugin
atlassian-ide-plugin.xml
# Cursive Clojure plugin
.idea/replstate.xml
# SonarLint plugin
.idea/sonarlint/
# Crashlytics plugin (for Android Studio and IntelliJ)
com_crashlytics_export_strings.xml
crashlytics.properties
crashlytics-build.properties
fabric.properties
# Editor-based Rest Client
.idea/httpRequests
# Android studio 3.1+ serialized cache file
.idea/caches/build_file_checksums.ser
### JetBrains+all Patch ###
# Ignore everything but code style settings and run configurations
# that are supposed to be shared within teams.
.idea/*
!.idea/codeStyles
!.idea/runConfigurations
### macOS ###
# General
.DS_Store
.AppleDouble
.LSOverride
# Icon must end with two \r
Icon
# Thumbnails
._*
# Files that might appear in the root of a volume
.DocumentRevisions-V100
.fseventsd
.Spotlight-V100
.TemporaryItems
.Trashes
.VolumeIcon.icns
.com.apple.timemachine.donotpresent
# Directories potentially created on remote AFP share
.AppleDB
.AppleDesktop
Network Trash Folder
Temporary Items
.apdisk
### Gradle ###
.gradle
**/build/
!src/**/build/
# Ignore Gradle GUI config
gradle-app.setting
# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)
!gradle-wrapper.jar
# Avoid ignore Gradle wrappper properties
!gradle-wrapper.properties
# Cache of project
.gradletasknamecache
# Eclipse Gradle plugin generated files
# Eclipse Core
.project
# JDT-specific (Eclipse Java Development Tools)
.classpath
# End of https://www.toptal.com/developers/gitignore/api/macos,gradle,jetbrains+all

201
LICENSE Normal file
View File

@@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

112
README.md
View File

@@ -1,99 +1,71 @@
# HaE - Highlighter and Extractor
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://gh0st.cn/HaE/">赋能白帽,高效作战!</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a>(中孚信息元亨实验室), 第二作者: <a href="https://github.com/0chencc">0chencc</a>(米斯特安全团队)</h5>
</div>
Note: My english is not very good, Thanks!
Read Chinese simplified version ([README_zh](README_zh.md)).
## 项目介绍
## Introduction
**HaE**是基于 `BurpSuite Java插件API` 开发的请求高亮标记与信息提取的辅助型框架式插件,该插件可以通过自定义正则的方式匹配响应报文或请求报文,并对满足正则匹配的报文进行信息高亮与提取。
**HaE** is used to highlight HTTP requests and extract information from HTTP `response messages` or `request messages`.
现代化Web应用走上前后端分离开发模式这就导致在日常测试时候会有许多的流量如果你想要尽可能全面的对一个Web应用进行测试评估将花费大量精力浪费在无用的报文上**HaE的出现正是为了解决这一类似场景**借助HaE你可以**有效的减少**测试的时间,将更多的精力放在**有价值、有意义**的报文上,**提高漏洞挖掘效率**。
![-w1070](images/16000706401522.jpg)
**注**: 要想灵活的使用`HaE`,你需要掌握正则表达式阅读、编写、修改能力;由于`Java`正则表达式的库并没有`Python`的优雅或方便所以HaE要求使用者必须用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
The plugin can custom regular expression to match HTTP response messages. You can decide for yourself whether the corresponding request that meets the custom regular expression match needs to be highlighted and information extracted.
## 使用方法
**Note**: The use of HaE requires a basic regular expression foundation for testers. Since the Java regular expression library is not as elegant or convenient as Python, when using regular expressions, HaE requires users to use `()` to extract what they need The expression content contains; for example, if you want to match a response message of a Shiro application, the normal matching rule is `rememberMe=delete`, if you want to extract this content, you need to become `(rememberMe=delete)`.
插件装载: `Extender - Extensions - Add - Select File - Next`
## Instructions
初次装载`HaE`会初始化配置文件,默认配置文件内置一个正则: `Email`,初始化的配置文件会放在的`/用户根目录/.config/HaE/`目录下。
Load: `Extender - Extensions - Add - Select File - Next`
![-w477](images/show_config.png)
The configuration file is initialized when HaE is loaded for the first time. The default configuration file has a built-in regular expression: `Email`. The initialized configuration file will be placed in the same directory as the BurpSuite Jar package.
除了初始化的配置文件外,还有`Setting.yml`,该文件用于存储配置文件路径与排除后缀名;`HaE`支持自定义配置文件路径,你可以通过点击`Select File`按钮进行选择自定义配置文件。
![-w330](images/16000708493657.jpg)
## 优势特点
In addition to the initial configuration file, there is `init.hae`, which is used to store the configuration file path; `HaE` supports custom configuration file paths, and you can select a custom configuration file by clicking the `Select File` button.
1. **精细化配置项**:高自由度配置更适配精细化场景需求;
2. **简洁可视界面**简洁的可视化界面让你更加清晰了解HaE的各项配置操作更轻松使用更简单
3. **颜色升级算法**:内置颜色升级算法,避免“屠龙者终成恶龙”场景,突出最具价值的请求;
4. **标签化规则项**:标签化你的正则规则,让规则可分类,让管理更轻松;
5. **数据集合面板**将所有匹配数据集合到Databoard中使得测试、梳理更高效
6. **高亮标记一体**在Proxy - History页面你可以通过颜色高亮与Comment判断请求价值
7. **实战化官方库**:基于实战化场景、案例进行输出的官方规则库,提升测试实战性;
8. **配置文件易读**配置文件使用YAML格式存储更加便于阅读与修改。
![-w477](images/16000710069404.jpg)
| 界面名称 | 界面展示 |
| ------------------------- | ----------------------------------------------------- |
| Rules规则信息管理 | <img src="images/rules.png" style="width: 80%" /> |
| Config配置信息管理 | <img src="images/config.png" style="width: 80%" /> |
| Databoard数据集合面板 | <img src="images/databoard.png" style="width: 80%" /> |
HaE supports three actions:
1. Reload: It can be used when you do not use the HaE UI interface to modify the rules in the configuration file, but directly modify the rules based on the configuration file;
2. New: Add a new rule will automatically add a row of table data, click or double-click to modify the data to automatically save;
3. Delete: When you click to select a rule, press this button to delete the rule.
**Note**: `HaE's operations` are based on the form UI, and all operations will be automatically saved.
## 实际使用
## Plugin Advantages
1. Multi-option custom adaptation requirements;
2. Multi-color classification (colors of BurpSuite): `red, orange, yellow, green, cyan, blue, pink, magenta, gray`;
3. Color upgrade algorithm: **Two regulars expression, the colors are both orange, if the request are matched these, it will be upgraded to red.**
4. The configuration file format uses JSON format, the format is
```
{name: {"loaded": isLoaded,"regex": regexText, "scope": request/response/any, "action": extract/highlight/any, "color": colorText}}
```
5. Built-in simple cache to reduce the stuttering phenomenon in the `multi-regular, big data scenario`.
## Actual Use
Use RGPerson to generate test data and put it in the root directory file of the website:
使用 RGPerson 生成测试数据,放入网站根目录文件中:
![-w467](images/16000719723284.jpg)
Visit the address, you can see the highlighted request in the `Proxy-HTTP History`, and you can see the response tab contains the `MarkINFO` tag, which extracts the matched information.
访问该地址,在`Proxy - HTTP History`中可以看见高亮请求,响应标签页中含有`MarkINFO`标签,其中将匹配到的信息提取了出来。
![-w1047](images/16000720732854.jpg)
![-w1047](images/16000720732854.png)
## 文末随笔
## Regular Expression Optimization
正义感是一个不可丢失的东西。
Some regular expression are not ideal in actual combat application scenarios.
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
There will be some false positives when regular expression matching mobile phone numbers (pure numbers), the mobile phone number processing can be solved:
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
</div>
Original regular expression:
## 404StarLink 2.0 - Galaxy
```
1[3-9]\d{9}
```
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
False positive scenario: `12315188888888123`, it will match `15188888888`, but this paragraph is not a mobile phone number, so the modification rule is:
```
[^0-9]+(1[3-9]\d{9})[^0-9]+
```
The mobile phone number required to be matched cannot be a number from 0-9.
### Include Regular Expression List
Chinese ID-Number(From: https://github.com/gh0stkey/HaE/issues/3):
```
[^0-9]([1-9]\d{5}(18|19|([23]\d))\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx])|([1-9]\d{5}\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{2}[0-9Xx])[^0-9]
```
Email Address:
```
([\w-]+(?:\.[\w-]+)*@(?:[\w](?:[\w-]*[\w])?\.)+[\w](?:[\w-]*[\w])?)
```
Elasticsearch Unauthorized Access(From: https://github.com/gh0stkey/HaE/issues/7):
```
("cluster_uuid"\s*:\s*"[A-Za-z0-9_-]{22}")
```
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

108
README_zh.md
View File

@@ -1,108 +0,0 @@
# HaE - Highlighter and Extractor
## 介绍
**HaE**是基于 `BurpSuite` 插件 `JavaAPI` 开发的请求高亮标记与信息提取的辅助型插件。
![-w1070](images/16000706401522.jpg)
该插件可以通过自定义正则的方式匹配**响应报文或请求报文**,可以自行决定符合该自定义正则匹配的相应请求是否需要高亮标记、信息提取。
**注**: `HaE`的使用,对测试人员来说需要基本的正则表达式基础,由于`Java`正则表达式的库并没有`Python`的优雅或方便在使用正则的HaE要求使用者必须使用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
## 使用方法
插件装载: `Extender - Extensions - Add - Select File - Next`
初次装载`HaE`会初始化配置文件,默认配置文件内置一个正则: `Email`,初始化的配置文件会放在与`BurpSuite Jar`包同级目录下。
![-w330](images/16000708493657.jpg)
除了初始化的配置文件外,还有`init.hae`,该文件用于存储配置文件路径;`HaE`支持自定义配置文件路径,你可以通过点击`Select File`按钮进行选择自定义配置文件。
![-w477](images/16000710069404.jpg)
HaE支持三个动作:
1. 重载规则Reload: 当你不使用HaE UI界面去修改配置文件内的规则时而是直接基于配置文件进行修改规则时可使用
2. 新建规则New: 新建规则会自动添加一行表格数据,单击或双击进行修改数据即可自动保存;
3. 删除规则Delete: 单击选中某条规则时,按下该按钮即可删除规则。
**注**: HaE的操作都是基于表单UI的方式操作即会自动保存。
## 插件优点
1. 多选项自定义控制适配需求;
2. 多颜色高亮分类将BurpSuite的所有高亮颜色集成: `red, orange, yellow, green, cyan, blue, pink, magenta, gray`
3. 颜色升级算法: 利用下标的方式进行优先级排序当满足2个同颜色条件则以优先级顺序上升颜色。例如: **两个正则,颜色为橘黄色,该请求两个正则都匹配到了,那么将升级为红色**
4. 简单的配置文件格式选用JSON格式格式为
```
{name: {"loaded": isLoaded,"regex": regexText, "scope": request/response/any, "action": extract/highlight/any, "color": colorText}}
```
5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象。
## 实际使用
使用 RGPerson 生成测试数据,放入网站根目录文件中:
![-w467](images/16000719723284.jpg)
访问该地址,在`Proxy - HTTP History`中可以看见高亮请求,响应标签页中含有`MarkINFO`标签,其中将匹配到的信息提取了出来。
![-w1047](images/16000720732854.jpg)
## 正则优化
有些正则在实战应用场景中并不理想
在正则匹配手机号、身份证号码的时候(纯数字类)会存在一些误报(这里匹配身份证号码无法进行校验,误报率很高),但手机号处理这一块可以解决:
原正则:
```
1[3-9]\d{9}
```
误报场景: `12315188888888123`,这时候会匹配到`15188888888`,而实际上这一段并不是手机号,所以修改正则为:
```
[^0-9]+(1[3-9]\d{9})[^0-9]+
```
也就是要求匹配的手机号前后不能为0-9的数字。
## 实战用法
1. CMS指纹识别Discuz正则: `(Powered by Discuz!)`
2. OSS对象存储信息泄露正则: `([A|a]ccess[K|k]ey[I|i]d|[A|a]ccess[K|k]ey[S|s]ecret)`
3. 内网地址信息提取,正则: `(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:172\.(?:(?:1[6-9])|(?:2\d)|(?:3[01]))\.\d{1,3}\.\d{1,3})|(?:192\.168\.\d{1,3}\.\d{1,3})`
4. 实战插件关联搭配,漏洞挖掘案例: https://mp.weixin.qq.com/s/5vNn7dMRZBtv0ojPBAHV7Q
...还有诸多使用方法等待大家去发掘。
## 文末
随笔: 正义感是一个不可丢失的东西。
Github项目地址BUG、需求、正则欢迎提交: https://github.com/gh0stkey/HaE
### 收录正则列表
身份证号码(来自: https://github.com/gh0stkey/HaE/issues/3):
```
[^0-9]([1-9]\d{5}(18|19|([23]\d))\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx])|([1-9]\d{5}\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{2}[0-9Xx])[^0-9]
```
邮箱地址:
```
([\w-]+(?:\.[\w-]+)*@(?:[\w](?:[\w-]*[\w])?\.)+[\w](?:[\w-]*[\w])?)
```
Elasticsearch未授权访问匹配(来自: https://github.com/gh0stkey/HaE/issues/7):
```
("cluster_uuid"\s*:\s*"[A-Za-z0-9_-]{22}")
```

57
build.gradle
View File

@@ -1,25 +1,34 @@
apply plugin: 'java'
repositories {
mavenCentral()
}
dependencies {
compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
compile 'net.sourceforge.jregex:jregex:1.2_01'
compile 'org.json:json:20200518'
}
sourceSets {
main {
java {
srcDir '.'
}
}
}
task fatJar(type: Jar) {
baseName = project.name + '-all'
from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
with jar
plugins {
id 'java'
}
repositories {
mavenCentral()
}
compileJava {
options.encoding = "UTF-8"
}
sourceSets {
main {
java {
srcDir './src/main/java'
}
}
}
task fatJar(type: Jar) {
baseName = project.name + '-all'
from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
with jar
}
dependencies {
compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
compile 'org.jetbrains:annotations:16.0.2'
compile group: 'org.yaml', name: 'snakeyaml', version: '1.28'
compile 'net.sourceforge.jregex:jregex:1.2_01'
compile 'dk.brics.automaton:automaton:1.11-8'
compile 'com.squareup.okhttp:okhttp:2.7.5'
}

426
burp/BurpExtender.java
View File

@@ -1,426 +0,0 @@
package burp;
import java.awt.BorderLayout;
import java.awt.Color;
import java.awt.Component;
import java.util.*;
import org.json.*;
import burp.action.DoAction;
import burp.action.ExtractContent;
import burp.action.MatchHTTP;
import burp.color.GetColorKey;
import burp.color.UpgradeColor;
import burp.file.FileExists;
import burp.file.ReadFile;
import burp.file.RemoveContent;
import burp.file.WriteFile;
import burp.ui.FillTable;
import javax.swing.JFrame;
import javax.swing.JOptionPane;
import javax.swing.DefaultCellEditor;
import javax.swing.JScrollPane;
import javax.swing.JTable;
import javax.swing.JTextField;
import javax.swing.table.DefaultTableModel;
import javax.swing.JPanel;
import javax.swing.JButton;
import java.awt.event.ActionListener;
import java.io.File;
import java.awt.event.ActionEvent;
import javax.swing.JCheckBox;
import javax.swing.JComboBox;
import javax.swing.JFileChooser;
import javax.swing.border.EtchedBorder;
import javax.swing.border.TitledBorder;
import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener;
import javax.swing.SwingConstants;
import javax.swing.SwingUtilities;
import javax.swing.JLabel;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private JFrame frame;
private JPanel panel;
private JTable table;
private JTextField textField;
private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers;
private static String configFilePath = "config.json";
private static String initFilePath = "init.hae";
private static IMessageEditorTab HaETab;
private static PrintWriter stdout;
ReadFile rf = new ReadFile();
WriteFile wfc = new WriteFile();
FileExists fe = new FileExists();
RemoveContent rc = new RemoveContent();
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
ExtractContent ec = new ExtractContent();
MatchHTTP mh = new MatchHTTP();
FillTable ft = new FillTable();
DoAction da = new DoAction();
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
this.helpers = callbacks.getHelpers();
// 设置插件名字和版本
String version = "1.5";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@Author: EvilChen");
stdout.println("@Blog: cn.gh0st.cn");
// UI
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
// 判断"config.json"文件是否具备内容,如若不具备则进行初始化
if (configFilePath.equals("config.json")) {
if (rf.readFileContent(configFilePath).equals("")) {
wfc.writeFileContent(configFilePath, Config.initConfigContent);
wfc.writeFileContent(initFilePath, configFilePath);
}
}
// 判断配置文件是否存在
if (fe.fileExists(configFilePath)) {
configFilePath = rf.readFileContent(initFilePath);
} else {
JOptionPane.showMessageDialog(null, "Config File Not Found!", "Error", JOptionPane.ERROR_MESSAGE);
}
initialize();
ft.fillTable(configFilePath, table);
}
});
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize() {
frame = new JFrame();
frame.setBounds(100, 100, 526, 403);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
panel = new JPanel();
frame.getContentPane().add(panel, BorderLayout.CENTER);
panel.setLayout(new BorderLayout(0, 0));
JPanel panel_3 = new JPanel();
panel.add(panel_3, BorderLayout.NORTH);
JLabel lblNewLabel_1 = new JLabel("Config File:");
panel_3.add(lblNewLabel_1);
textField = new JTextField();
textField.setEditable(false);
panel_3.add(textField);
textField.setColumns(20);
textField.setText(configFilePath);
JButton btnNewButton = new JButton("Select File ...");
btnNewButton.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
JFileChooser jfc = new JFileChooser();
jfc.setFileSelectionMode(JFileChooser.FILES_ONLY);
jfc.showDialog(new JLabel(), "Choose");
File file = jfc.getSelectedFile();
textField.setText(file.getAbsolutePath());
configFilePath = textField.getText();
wfc.writeFileContent(initFilePath, configFilePath);
ft.fillTable(configFilePath, table);
}
});
panel_3.add(btnNewButton);
JPanel panel_2 = new JPanel();
panel.add(panel_2, BorderLayout.CENTER);
panel_2.setLayout(new BorderLayout(0, 0));
JPanel panel_1 = new JPanel();
panel_2.add(panel_1, BorderLayout.NORTH);
panel_1.setBorder(new TitledBorder(new EtchedBorder(EtchedBorder.LOWERED, null, null), "Actions", TitledBorder.LEADING, TitledBorder.TOP, null, new Color(0, 0, 0)));
JButton btnReloadRule = new JButton("Reload");
btnReloadRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
ft.fillTable(configFilePath, table);
}
});
panel_1.add(btnReloadRule);
JButton btnNewRule = new JButton("New");
btnNewRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent arg0) {
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
Vector rules = new Vector();
rules.add(true);
rules.add("New Rule");
rules.add("New Regex");
rules.add("red");
rules.add("response");
rules.add("any");
dtm.addRow(rules);
}
});
panel_1.add(btnNewRule);
JButton btnDeleteRule = new JButton("Delete");
btnDeleteRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
int selectRows = table.getSelectedRows().length;
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
if (selectRows == 1) {
int selectedRowIndex = table.getSelectedRow();
// 在配置文件中删除数据
String cellValue = (String) dtm.getValueAt(selectedRowIndex, 1);
// System.out.println(cellValue);
rc.removeFileContent(cellValue, configFilePath);
// 在表格中删除数据
dtm.removeRow(selectedRowIndex);
}
}
});
panel_1.add(btnDeleteRule);
JScrollPane scrollPane = new JScrollPane();
panel_2.add(scrollPane, BorderLayout.CENTER);
table = new JTable();
table.setModel(new DefaultTableModel(
new Object[][] {
},
new String[] {
"Loaded", "Name", "Regex", "Color", "Scope", "Action"
}
));
scrollPane.setViewportView(table);
table.getColumnModel().getColumn(2).setPreferredWidth(172);
table.getColumnModel().getColumn(3).setCellEditor(new DefaultCellEditor(new JComboBox(Config.colorArray)));
table.getColumnModel().getColumn(0).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JComboBox(Config.scopeArray)));
table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JComboBox(Config.actionArray)));
JLabel lblNewLabel = new JLabel("@EvilChen Love YuChen.");
lblNewLabel.setHorizontalAlignment(SwingConstants.CENTER);
panel.add(lblNewLabel, BorderLayout.SOUTH);
table.getModel().addTableModelListener(
new TableModelListener() {
@Override
public void tableChanged(TableModelEvent e) {
if (e.getType() == TableModelEvent.INSERT || e.getType() == TableModelEvent.UPDATE) {
DefaultTableModel dtm = (DefaultTableModel) table.getModel();
int rows = dtm.getRowCount();
JSONObject jsonObj = new JSONObject();
for (int i = 0; i < rows; i++) {
JSONObject jsonObj1 = new JSONObject();
jsonObj1.put("loaded", (boolean) dtm.getValueAt(i, 0));
jsonObj1.put("regex", (String) dtm.getValueAt(i, 2));
jsonObj1.put("color", (String) dtm.getValueAt(i, 3));
jsonObj1.put("scope", (String) dtm.getValueAt(i, 4));
jsonObj1.put("action", (String) dtm.getValueAt(i, 5));
// 添加数据
jsonObj.put((String) dtm.getValueAt(i, 1), jsonObj1);
}
wfc.writeFileContent(configFilePath, jsonObj.toString());
}
}
}
);
callbacks.customizeUiComponent(panel);
callbacks.customizeUiComponent(panel_1);
callbacks.customizeUiComponent(panel_2);
callbacks.customizeUiComponent(panel_3);
callbacks.customizeUiComponent(scrollPane);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
HaETab = new MarkInfoTab(controller, editable);
return HaETab;
}
@Override
public String getTabCaption() {
return "HaE";
}
@Override
public Component getUiComponent() {
return panel;
}
/*
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
JSONObject jsonObj = new JSONObject();
byte[] content = messageInfo.getRequest();
// 流量清洗
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), content).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return;
}
if (messageIsRequest) {
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
jsonObj = ec.matchRegex(content, "request", "highlight", configFilePath);
} else {
content = messageInfo.getResponse();
// 流量清洗
List<String> mimeList = helpers.analyzeResponse(content).getHeaders();
// 正则判断
if (mh.matchMIME(mimeList)) {
return;
}
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
jsonObj = ec.matchRegex(content, "response", "highlight", configFilePath);
}
List<String> colorList = da.highlightList(jsonObj);
if (colorList.size() != 0) {
String color = uc.getEndColor(gck.getColorKeys(colorList, Config.colorArray), Config.colorArray);;
messageInfo.setHighlight(color);
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private ITextEditor markInfoText;
private byte[] currentMessage;
private final IMessageEditorController controller;
private byte[] extractRequestContent;
private byte[] extractResponseContent;
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
this.controller = controller;
markInfoText = callbacks.createTextEditor();
markInfoText.setEditable(editable);
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
return markInfoText.getComponent();
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
try {
// 流量清洗
String urlString = helpers.analyzeRequest(controller.getHttpService(), controller.getRequest()).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return false;
}
} catch (Exception e) {
return false;
}
if (isRequest) {
JSONObject jsonObj = ec.matchRegex(content, "request", "extract", configFilePath);
if (jsonObj.length() != 0) {
String result = da.extractString(jsonObj);
extractRequestContent = result.getBytes();
return true;
}
} else {
// 流量清洗
List<String> mimeList = helpers.analyzeResponse(controller.getResponse()).getHeaders();
// 正则判断
if (mh.matchMIME(mimeList)) {
return false;
}
JSONObject jsonObj = ec.matchRegex(content, "response", "extract", configFilePath);
if (jsonObj.length() != 0) {
String result = da.extractString(jsonObj);
extractResponseContent = result.getBytes();
return true;
}
}
return false;
}
@Override
public byte[] getMessage() {
return currentMessage;
}
@Override
public boolean isModified() {
return markInfoText.isTextModified();
}
@Override
public byte[] getSelectedData() {
return markInfoText.getSelectedText();
}
/*
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
if (content.length > 0) {
if (isRequest) {
markInfoText.setText(extractRequestContent);
} else {
markInfoText.setText(extractResponseContent);
}
}
currentMessage = content;
}
}
public static void main(String[] args) {
}
}

11
burp/Config.java
View File

@@ -1,11 +0,0 @@
package burp;
public class Config {
public static String initConfigContent = "{\"Email\":{\"loaded\":true,\"scope\":\"response\",\"regex\":\"([\\\\w-]+(?:\\\\.[\\\\w-]+)*@(?:[\\\\w](?:[\\\\w-]*[\\\\w])?\\\\.)+[\\\\w](?:[\\\\w-]*[\\\\w])?)\",\"action\":\"any\",\"color\":\"yellow\"}}";
public static String[] colorArray = new String[] {"red", "orange", "yellow", "green", "cyan", "blue", "pink", "magenta", "gray"};
public static String[] scopeArray = new String[] {"any", "response", "request"};
public static String[] actionArray = new String[] {"any", "extract", "highight"};
public static String excludeSuffix = "7z|aif|aifc|aiff|au|bmp|cmx|cod|css|doc|docx|gif|gz|ico|ief|jfif|jpe|jpeg|jpg|m3u|mid|mp2|mp3|mpa|mpe|mpeg|mpg|mpp|mpv2|otf|pbm|pdf|pgm|png|pnm|ppm|ra|ram|rar|ras|rgb|rmi|snd|svg|tar|tif|tiff|ttf|wav|woff|woff2|xbm|xpm|xwd|zip";
public static String[] excludeMIME = new String[] {"application/msword", "application/vnd.ms-project", "application/x-gzip", "application/x-tar", "application/zip", "audio/basic", "audio/mid", "audio/mpeg", "audio/x-aiff", "audio/x-mpegurl", "audio/x-pn-realaudio", "audio/x-wav", "image/bmp", "image/cis-cod", "image/gif", "image/ief", "image/jpeg", "image/png", "image/pipeg", "image/svg+xml", "image/tiff", "image/x-cmu-raster", "image/x-cmx", "image/x-icon", "image/x-portable-anymap", "image/x-portable-bitmap", "image/x-portable-graymap", "image/x-portable-pixmap", "image/x-rgb", "image/x-xbitmap", "image/x-xpixmap", "image/x-xwindowdump", "text/css", "video/mpeg", "video/mpeg", "application/font-woff"};
public static String outputTplString = "[%s]\n%s\n\n";
}

34
burp/action/DoAction.java
View File

@@ -1,34 +0,0 @@
package burp.action;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.json.JSONObject;
import burp.Config;
public class DoAction {
public String extractString(JSONObject jsonObj) {
String result = "";
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
String tmpStr = String.format(Config.outputTplString, name, jsonObj1.getString("data")).intern();
result += tmpStr;
}
return result;
}
public List<String> highlightList(JSONObject jsonObj) {
List<String> colorList = new ArrayList<String>();
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString());
colorList.add(jsonObj2.getString("color"));
}
return colorList;
}
}

67
burp/action/ExtractContent.java
View File

@@ -1,67 +0,0 @@
package burp.action;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.json.JSONObject;
import burp.file.ReadFile;
import jregex.Matcher;
import jregex.Pattern;
public class ExtractContent {
ReadFile rf = new ReadFile();
public JSONObject matchRegex(byte[] content, String scopeString, String actionString, String configFilePath) {
JSONObject tabContent = new JSONObject();
// 正则匹配提取内容
try {
String jsonStr = rf.readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String contentString = new String(content, "UTF-8").intern();
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
JSONObject jsonData = new JSONObject();
String regex = jsonObj1.getString("regex");
boolean isLoaded = jsonObj1.getBoolean("loaded");
String scope = jsonObj1.getString("scope");
String action = jsonObj1.getString("action");
String color = jsonObj1.getString("color");
List<String> result = new ArrayList<String>();
if(isLoaded && (scope.equals(scopeString) || scope.equals("any")) && (action.equals(actionString) || action.equals("any"))) {
Pattern pattern = new Pattern(regex);
Matcher matcher = pattern.matcher(contentString);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
jsonData.put("color", color);
jsonData.put("data", String.join("\n", result));
jsonData.put("loaded", isLoaded);
// 初始化格式
tabContent.put(name, jsonData);
}
}
}
} catch (Exception e) {}
return tabContent;
}
}

36
burp/action/MatchHTTP.java
View File

@@ -1,36 +0,0 @@
package burp.action;
import java.util.Arrays;
import java.util.List;
import burp.Config;
import jregex.Matcher;
import jregex.Pattern;
import jregex.REFlags;
public class MatchHTTP {
// 匹配后缀
public boolean matchSuffix(String str) {
Pattern pattern = new Pattern(String.format("[\\w]+[\\.](%s)", Config.excludeSuffix), REFlags.IGNORE_CASE);
Matcher matcher = pattern.matcher(str);
if(matcher.find()){
return true;
}else{
return false;
}
}
// 匹配MIME
public boolean matchMIME(List<String> mimeList) {
for (String headerString : mimeList) {
if (headerString.toLowerCase().startsWith("content-type")) {
for (String mime : Arrays.asList(Config.excludeMIME)) {
if (headerString.contains(mime)) {
return true;
}
}
}
}
return false;
}
}

23
burp/color/GetColorKey.java
View File

@@ -1,23 +0,0 @@
package burp.color;
import java.util.ArrayList;
import java.util.List;
public class GetColorKey {
/*
* 颜色下标获取
*/
public List<Integer> getColorKeys(List<String> keys, String[] colorArray){
List<Integer> result = new ArrayList<Integer>();
int size = colorArray.length;
// 根据颜色获取下标
for (int x = 0; x < keys.size(); x++) {
for (int v = 0; v < size; v++) {
if (colorArray[v].equals(keys.get(x))) {
result.add(v);
}
}
}
return result;
}
}

53
burp/color/UpgradeColor.java
View File

@@ -1,53 +0,0 @@
package burp.color;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashSet;
import java.util.List;
public class UpgradeColor {
private String endColor = "";
/*
* 颜色升级递归算法
*/
private String colorUpgrade(List<Integer> colorList, String[] colorArray) {
int colorSize = colorList.size();
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<Integer>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
i++;
} else {
if (colorList.get(i) != stack.stream().reduce((first, second) -> second).orElse(99999999)) {
stack.add(colorList.get(i));
i++;
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
i++;
}
}
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0).equals(-1)) {
this.endColor = colorArray[0];
} else {
this.endColor = colorArray[stack.get(0)];
}
} else {
this.colorUpgrade(stack, colorArray);
}
return "";
}
public String getEndColor(List<Integer> colorList, String[] colorArray) {
colorUpgrade(colorList, colorArray);
return endColor;
}
}

18
burp/file/FileExists.java
View File

@@ -1,18 +0,0 @@
package burp.file;
import java.io.File;
public class FileExists {
/*
* 判断文件是否存在
*/
public Boolean fileExists(String fileName) {
File file = new File(fileName);
if(file.exists()){
return true;
}
return false;
}
}

36
burp/file/ReadFile.java
View File

@@ -1,36 +0,0 @@
package burp.file;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
public class ReadFile {
/*
* 获取文件内容
*/
public String readFileContent(String fileName) {
File file = new File(fileName);
BufferedReader reader = null;
StringBuffer sbf = new StringBuffer();
try {
reader = new BufferedReader(new FileReader(file));
String tempStr;
while ((tempStr = reader.readLine()) != null) {
sbf.append(tempStr);
}
reader.close();
return sbf.toString();
} catch (IOException e) {
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException err) {
err.printStackTrace();
}
}
}
return sbf.toString();
}
}

22
burp/file/RemoveContent.java
View File

@@ -1,22 +0,0 @@
package burp.file;
import javax.swing.JOptionPane;
import org.json.JSONObject;
public class RemoveContent {
WriteFile w = new WriteFile();
ReadFile r = new ReadFile();
/*
* 删除某文件内容
*/
public void removeFileContent(String key, String configFilePath) {
String jsonStr = r.readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
jsonObj.remove(key);
if (w.writeFileContent(configFilePath, jsonObj.toString())) {
JOptionPane.showMessageDialog(null, "Delete Successfully!", "Info", JOptionPane.INFORMATION_MESSAGE);
}
}
}

21
burp/file/WriteFile.java
View File

@@ -1,21 +0,0 @@
package burp.file;
import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
public class WriteFile {
/*
* 写入文件内容
*/
public boolean writeFileContent(String fileName, String fileContent) {
try {
BufferedWriter out = new BufferedWriter(new FileWriter(fileName));
out.write(fileContent);
out.close();
return true;
} catch (IOException e) {
return false;
}
}
}

44
burp/ui/FillTable.java
View File

@@ -1,44 +0,0 @@
package burp.ui;
import java.util.Iterator;
import java.util.Vector;
import javax.swing.JTable;
import javax.swing.table.DefaultTableModel;
import org.json.JSONObject;
import burp.file.ReadFile;
public class FillTable {
ReadFile rf = new ReadFile();
/*
* 初始化表格内容
*/
public void fillTable(String configFilePath, JTable table) {
DefaultTableModel dtm=(DefaultTableModel) table.getModel();
dtm.setRowCount(0);
String jsonStr = rf.readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean loaded = jsonObj1.getBoolean("loaded");
String regex = jsonObj1.getString("regex");
String color = jsonObj1.getString("color");
String scope = jsonObj1.getString("scope");
String action = jsonObj1.getString("action");
// 填充数据
Vector rules = new Vector();
rules.add(loaded);
rules.add(name);
rules.add(regex);
rules.add(color);
rules.add(scope);
rules.add(action);
dtm.addRow(rules);
}
}
}

BIN
images/16000706401522.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 698 KiB

BIN
images/16000708493657.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 223 KiB

BIN
images/16000710069404.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

BIN
images/16000720732854.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 223 KiB

BIN
images/16000720732854.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 167 KiB

BIN
images/config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

BIN
images/databoard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
images/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

BIN
images/reward.jpeg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 132 KiB

BIN
images/rules.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 111 KiB

BIN
images/show_config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

3
settings.gradle
View File

@@ -1 +1,2 @@
rootProject.name = 'HaE'
rootProject.name = 'HaE'

234
src/main/java/burp/BurpExtender.java Normal file
View File

@@ -0,0 +1,234 @@
package burp;
import burp.action.*;
import burp.ui.MainUI;
import java.util.HashMap;
import java.util.Map;
import javax.swing.*;
import java.awt.*;
import java.nio.charset.StandardCharsets;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
/**
* @author EvilChen & 0chencc
*/
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private final MainUI main = new MainUI();
// stdout变成公开属性便于其他类调用输出调试信息
public static PrintWriter stdout;
private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers;
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
ProcessMessage pm = new ProcessMessage();
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
BurpExtender.helpers = callbacks.getHelpers();
String version = "2.4.2";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@First Author: EvilChen");
stdout.println("@Second Author: 0chencc");
stdout.println("@Github: https://github.com/gh0stkey/HaE");
// UI
SwingUtilities.invokeLater(this::initialize);
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize(){
callbacks.customizeUiComponent(main);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public String getTabCaption(){
return "HaE";
}
@Override
public Component getUiComponent() {
return main;
}
/**
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
byte[] content;
if (messageIsRequest) {
content = messageInfo.getRequest();
} else {
content = messageInfo.getResponse();
}
IHttpService iHttpService = null;
try {
iHttpService = messageInfo.getHttpService();
} catch (Exception ignored) {
}
// 获取请求主机信息
assert iHttpService != null;
String host = iHttpService.getHost();
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = pm.processMessageByContent(helpers, content, messageIsRequest, true, host);
if (result != null && !result.isEmpty() && result.size() > 0) {
String originalColor = messageInfo.getHighlight();
String originalComment = messageInfo.getComment();
List<String> colorList = new ArrayList<>();
if (originalColor != null) {
colorList.add(originalColor);
}
colorList.add(result.get(0).get("color"));
String color = uc.getEndColor(gck.getColorKeys(colorList));
messageInfo.setHighlight(color);
String addComment = String.join(", ", result.get(1).get("comment"));
String resComment = originalComment != null ? String.format("%s, %s", originalComment, addComment) : addComment;
messageInfo.setComment(resComment);
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private final JTabbedPane jTabbedPane = new JTabbedPane();
private JTable jTable = new JTable();
private final IMessageEditorController controller;
private Map<String, String> extractRequestMap;
private Map<String, String> extractResponseMap;
private ArrayList<String> titleList = new ArrayList<>();
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
this.controller = controller;
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
jTabbedPane.addChangeListener(new ChangeListener() {
@Override
public void stateChanged(ChangeEvent arg0) {
jTable = (JTable) ((JScrollPane)jTabbedPane.getSelectedComponent()).getViewport().getView();
}
});
return this.jTabbedPane;
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = pm.processMessageByContent(helpers, content, isRequest, false, "");
if (result != null && !result.isEmpty()) {
Map<String, String> dataMap = result.get(0);
if (isRequest) {
extractRequestMap = dataMap;
} else {
extractResponseMap = dataMap;
}
return true;
}
return false;
}
@Override
public byte[] getMessage() {
return null;
}
@Override
public boolean isModified() {
return false;
}
/**
* 快捷键复制功能
*/
@Override
public byte[] getSelectedData() {
int[] selectRows = jTable.getSelectedRows();
StringBuilder selectData = new StringBuilder();
for (int row : selectRows) {
selectData.append(jTable.getValueAt(row, 0).toString()).append("\n");
}
// 便于单行复制,去除最后一个换行符
String revData = selectData.reverse().toString().replaceFirst("\n", "");
StringBuilder retData = new StringBuilder(revData).reverse();
return helpers.stringToBytes(retData.toString());
}
/**
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
if (content.length > 0) {
if (isRequest) {
makeTable(extractRequestMap);
} else {
makeTable(extractResponseMap);
}
}
}
/**
* 创建MarkInfo表单
*/
public void makeTable(Map<String, String> dataMap) {
ArrayList<String> lTitleList = new ArrayList<>();
dataMap.keySet().forEach(i->{
String[] extractData = dataMap.get(i).split("\n");
Object[][] data = new Object[extractData.length][1];
for (int x = 0; x < extractData.length; x++) {
data[x][0] = extractData[x];
// stdout.println(extractData[x]);
}
JScrollPane jScrollPane = new JScrollPane(new JTable(data, new Object[]{"Information"}));
lTitleList.add(i);
this.jTabbedPane.addTab(i, jScrollPane);
});
/*
* 使用removeAll会导致MarkInfo UI出现空白的情况为了改善用户侧体验采用remove的方式进行删除
* 采用全局ArrayList的方式遍历删除Tab以此应对BurpSuite缓存机制导致的MarkInfo UI错误展示。
*/
titleList.forEach(t->{
int indexOfTab = this.jTabbedPane.indexOfTab(t);
if (indexOfTab != -1) {
this.jTabbedPane.removeTabAt(indexOfTab);
}
});
titleList = lTitleList;
}
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
return new MarkInfoTab(controller, editable);
}
}

44
src/main/java/burp/Config.java Normal file
View File

@@ -0,0 +1,44 @@
package burp;
/**
* @author EvilChen
*/
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class Config {
public static String excludeSuffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|arc|au|avi|azw|bin|bmp|bz|bz2|cmx|cod|csh|css|csv|doc|docx|eot|epub|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|m3u|mid|midi|mjs|mp2|mp3|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|snd|svg|swf|tar|tif|tiff|ttf|vsd|wav|weba|webm|webp|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip|zip";
public static String[] scopeArray = new String[] {
"any",
"response",
"response header",
"response body",
"request",
"request header",
"request body"
};
public static String[] engineArray = new String[] {
"nfa",
"dfa"
};
public static String[] colorArray = new String[] {
"red",
"orange",
"yellow",
"green",
"cyan",
"blue",
"pink",
"magenta",
"gray"
};
public static Map<String,Object[][]> ruleConfig = null;
public static Map<String, Map<String, List<String>>> globalDataMap = new HashMap<>();
}

38
src/main/java/burp/action/DoAction.java Normal file
View File

@@ -0,0 +1,38 @@
package burp.action;
import burp.BurpExtender;
import java.util.HashMap;
import java.util.Map;
import java.util.ArrayList;
import java.util.List;
/**
* @author EvilChen
*/
public class DoAction {
public Map<String, String> extractString(Map<String, Map<String, Object>> obj) {
Map<String, String> resultMap = new HashMap<>();
obj.keySet().forEach(i->{
Map<String, Object> tmpMap = obj.get(i);
String data = tmpMap.get("data").toString();
resultMap.put(i, data);
});
return resultMap;
}
public List<List<String>> highlightAndComment(Map<String, Map<String, Object>> obj) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
List<List<String>> result = new ArrayList<>();
obj.keySet().forEach(i->{
Map<String, Object> tmpMap = obj.get(i);
String color = tmpMap.get("color").toString();
colorList.add(color);
commentList.add(i);
});
result.add(colorList);
result.add(commentList);
return result;
}
}

131
src/main/java/burp/action/ExtractContent.java Normal file
View File

@@ -0,0 +1,131 @@
package burp.action;
import java.nio.charset.StandardCharsets;
import java.util.*;
import burp.Config;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton;
import jregex.Matcher;
import jregex.Pattern;
/**
* @author EvilChen
*/
public class ExtractContent {
public Map<String, Map<String, Object>> matchRegex(byte[] content, String headers, byte[] body, String scopeString, String host) {
Map<String, Map<String, Object>> map = new HashMap<>(); // 最终返回的结果
Config.ruleConfig.keySet().forEach(i -> {
String matchContent = "";
for (Object[] objects : Config.ruleConfig.get(i)) {
// 遍历获取规则
List<String> result = new ArrayList<>();
Map<String, Object> tmpMap = new HashMap<>();
String name = objects[1].toString();
boolean loaded = (Boolean) objects[0];
String regex = objects[2].toString();
String color = objects[3].toString();
String scope = objects[4].toString();
String engine = objects[5].toString();
boolean sensitive = (Boolean) objects[6];
// 判断规则是否开启与作用域
if (loaded && (scope.contains(scopeString) || "any".equals(scope))) {
switch (scope) {
case "any":
case "request":
case "response":
matchContent = new String(content, StandardCharsets.UTF_8).intern();
break;
case "request header":
case "response header":
matchContent = headers;
break;
case "request body":
case "response body":
matchContent = new String(body, StandardCharsets.UTF_8).intern();
break;
default:
break;
}
if ("nfa".equals(engine)) {
Pattern pattern;
// 判断规则是否大小写敏感
if (sensitive) {
pattern = new Pattern(regex);
} else {
pattern = new Pattern(regex, Pattern.IGNORE_CASE);
}
Matcher matcher = pattern.matcher(matchContent);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
} else {
RegExp regexp = new RegExp(regex);
Automaton auto = regexp.toAutomaton();
RunAutomaton runAuto = new RunAutomaton(auto, true);
AutomatonMatcher autoMatcher = runAuto.newMatcher(matchContent);
while (autoMatcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(autoMatcher.group());
}
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
tmpMap.put("color", color);
tmpMap.put("data", String.join("\n", result));
// 初始化格式
map.put(name, tmpMap);
}
}
}
});
// 将提取的数据存放到全局变量中
if (!host.isEmpty()) {
map.keySet().forEach(i -> {
Map<String, Object> tmpMap = map.get(i);
List<String> dataList = Arrays.asList(tmpMap.get("data").toString().split("\n"));
// 判断Host是否存在如存在则进行数据更新反之则新增数据
if (Config.globalDataMap.containsKey(host)) {
Map<String, List<String>> gRuleMap = Config.globalDataMap.get(host);
// 判断匹配规则是否存在逻辑同Host判断
if (gRuleMap.containsKey(i)) {
List<String> gDataList = gRuleMap.get(i);
List<String> mergeDataList = new ArrayList<>();
// 合并两个List
mergeDataList.addAll(gDataList);
mergeDataList.addAll(dataList);
// 去重操作
HashSet tmpList = new HashSet(mergeDataList);
mergeDataList.clear();
mergeDataList.addAll(tmpList);
// 替换操作
gRuleMap.replace(i, gDataList, mergeDataList);
} else {
gRuleMap.put(i, dataList);
}
} else {
Map<String, List<String>> ruleMap = new HashMap<>();
ruleMap.put(i, dataList);
Config.globalDataMap.put(host, ruleMap);
}
});
}
return map;
}
}

29
src/main/java/burp/action/GetColorKey.java Normal file
View File

@@ -0,0 +1,29 @@
package burp.action;
import burp.Config;
import java.util.ArrayList;
import java.util.List;
/**
* @author EvilChen
*/
public class GetColorKey {
/**
* 颜色下标获取
*/
public List<Integer> getColorKeys(List<String> keys){
List<Integer> result = new ArrayList<>();
String[] colorArray = Config.colorArray;
int size = colorArray.length;
// 根据颜色获取下标
for (String key : keys) {
for (int v = 0; v < size; v++) {
if (colorArray[v].equals(key)) {
result.add(v);
}
}
}
return result;
}
}

20
src/main/java/burp/action/MatchHTTP.java Normal file
View File

@@ -0,0 +1,20 @@
package burp.action;
import jregex.Matcher;
import jregex.Pattern;
import jregex.REFlags;
import burp.yaml.LoadConfig;
/**
* @author EvilChen
*/
public class MatchHTTP {
// 匹配后缀
LoadConfig lc = new LoadConfig();
public boolean matchSuffix(String str) {
Pattern pattern = new Pattern(String.format("[\\w]+[\\.](%s)", lc.getExcludeSuffix()), REFlags.IGNORE_CASE);
Matcher matcher = pattern.matcher(str);
return matcher.find();
}
}

93
src/main/java/burp/action/ProcessMessage.java Normal file
View File

@@ -0,0 +1,93 @@
package burp.action;
import burp.IExtensionHelpers;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class ProcessMessage {
MatchHTTP mh = new MatchHTTP();
ExtractContent ec = new ExtractContent();
DoAction da = new DoAction();
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
public List<Map<String, String>> processMessageByContent(IExtensionHelpers helpers, byte[] content, boolean isRequest, boolean messageInfo, String host) {
List<Map<String, String>> result = new ArrayList<>();;
Map<String, Map<String, Object>> obj;
if (isRequest) {
// 获取报文头
List<String> requestTmpHeaders = helpers.analyzeRequest(content).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
try {
// 流量清洗
String urlString = requestTmpHeaders.get(0).split(" ")[1];
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return result;
}
} catch (Exception e) {
return result;
}
// 获取报文主体
int requestBodyOffset = helpers.analyzeRequest(content).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
obj = ec.matchRegex(content, requestHeaders, requestBody, "request", host);
} else {
try {
// 流量清洗
String inferredMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getInferredMimeType().toLowerCase());
String statedMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getStatedMimeType().toLowerCase());
// 正则判断
if (mh.matchSuffix(statedMimeType) || mh.matchSuffix(inferredMimeType)) {
return result;
}
} catch (Exception e) {
return result;
}
// 获取报文头
List<String> responseTmpHeaders = helpers.analyzeResponse(content).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
// 获取报文主体
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
obj = ec.matchRegex(content, responseHeaders, responseBody, "response", host);
}
if (obj.size() > 0) {
if (messageInfo) {
List<List<String>> resultList = da.highlightAndComment(obj);
List<String> colorList = resultList.get(0);
List<String> commentList = resultList.get(1);
if (colorList.size() != 0 && commentList.size() != 0) {
String color = uc.getEndColor(gck.getColorKeys(colorList));
Map<String, String> colorMap = new HashMap<String, String>(){{
put("color", color);
}};
Map<String, String> commentMap = new HashMap<String, String>(){{
put("comment", String.join(", ", commentList));
}};
result.add(colorMap);
result.add(commentMap);
}
} else {
result.add(da.extractString(obj));
}
}
return result;
}
}

52
src/main/java/burp/action/UpgradeColor.java Normal file
View File

@@ -0,0 +1,52 @@
package burp.action;
import burp.Config;
import java.util.*;
/**
* @author EvilChen
*/
public class UpgradeColor {
private String endColor = "";
/**
* 颜色升级递归算法
*/
private void colorUpgrade(List<Integer> colorList) {
int colorSize = colorList.size();
String[] colorArray = Config.colorArray;
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
} else {
if (!Objects.equals(colorList.get(i), stack.stream().reduce((first, second) -> second).orElse(99999999))) {
stack.add(colorList.get(i));
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
}
}
i++;
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0) < 0) {
this.endColor = colorArray[0];
} else {
this.endColor = colorArray[stack.get(0)];
}
} else {
this.colorUpgrade(stack);
}
}
public String getEndColor(List<Integer> colorList) {
colorUpgrade(colorList);
return endColor;
}
}

190
src/main/java/burp/ui/Databoard.java Normal file
View File

@@ -0,0 +1,190 @@
package burp.ui;
import burp.Config;
import java.util.List;
import javax.swing.table.DefaultTableModel;
import org.jetbrains.annotations.NotNull;
import java.awt.*;
import java.awt.event.*;
import java.util.ArrayList;
import java.util.Map;
import javax.swing.*;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
/**
* @author LinChen
*/
public class Databoard extends JPanel {
public Databoard() {
initComponents();
}
private void initComponents() {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
hostLabel = new JLabel();
hostTextField = new JTextField();
dataTabbedPane = new JTabbedPane();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {25, 0, 0, 0, 20, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 65, 20, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 1.0, 0.0, 1.0E-4};
//---- hostLabel ----
hostLabel.setText("Host:");
add(hostLabel, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(hostTextField, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(dataTabbedPane, new GridBagConstraints(1, 1, 3, 2, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 0, 5), 0, 0));
setAutoMatch(hostTextField, dataTabbedPane);
}
/**
* 获取Host列表
*/
private static List<String> getHostByList(){
List<String> hostList = new ArrayList<>();
Config.globalDataMap.keySet().forEach(i -> {
hostList.add(i);
});
return hostList;
}
/**
* 设置输入自动匹配
*/
public static void setAutoMatch(JTextField textField, JTabbedPane tabbedPane) {
final DefaultComboBoxModel comboBoxModel = new DefaultComboBoxModel();
final JComboBox hostComboBox = new JComboBox(comboBoxModel) {
@Override
public Dimension getPreferredSize() {
return new Dimension(super.getPreferredSize().width, 0);
}
};
isMatchHost = false;
for (String host : getHostByList()) {
comboBoxModel.addElement(host);
}
hostComboBox.setSelectedItem(null);
hostComboBox.addActionListener(e -> {
if (!isMatchHost) {
if (hostComboBox.getSelectedItem() != null) {
textField.setText(hostComboBox.getSelectedItem().toString());
getInfoByHost(hostComboBox, tabbedPane, textField);
}
}
});
// 事件监听
textField.addKeyListener(new KeyAdapter() {
@Override
public void keyPressed(KeyEvent e) {
isMatchHost = true;
if (e.getKeyCode() == KeyEvent.VK_SPACE) {
if (hostComboBox.isPopupVisible()) {
e.setKeyCode(KeyEvent.VK_ENTER);
}
}
if (e.getKeyCode() == KeyEvent.VK_ENTER
|| e.getKeyCode() == KeyEvent.VK_UP
|| e.getKeyCode() == KeyEvent.VK_DOWN) {
e.setSource(hostComboBox);
hostComboBox.dispatchEvent(e);
if (e.getKeyCode() == KeyEvent.VK_ENTER) {
textField.setText(hostComboBox.getSelectedItem().toString());
getInfoByHost(hostComboBox, tabbedPane, textField);
hostComboBox.setPopupVisible(false);
}
}
if (e.getKeyCode() == KeyEvent.VK_ESCAPE) {
hostComboBox.setPopupVisible(false);
}
isMatchHost = false;
}
});
textField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
updateList();
}
@Override
public void removeUpdate(DocumentEvent e) {
updateList();
}
@Override
public void changedUpdate(DocumentEvent e) {
updateList();
}
private void updateList() {
isMatchHost = true;
comboBoxModel.removeAllElements();
String input = textField.getText();
if (!input.isEmpty()){
for (String host : getHostByList()) {
if (host.toLowerCase().contains(input.toLowerCase())) {
comboBoxModel.addElement(host);
}
}
}
hostComboBox.setPopupVisible(comboBoxModel.getSize() > 0);
isMatchHost = false;
}
});
textField.setLayout(new BorderLayout());
textField.add(hostComboBox, BorderLayout.SOUTH);
}
private static void getInfoByHost(@NotNull JComboBox hostComboBox, JTabbedPane tabbedPane, JTextField textField) {
if (hostComboBox.getSelectedItem() != null) {
Map<String, Map<String, List<String>>> ruleMap = Config.globalDataMap;
Map<String, List<String>> selectUrl = ruleMap.get(hostComboBox.getSelectedItem());
tabbedPane.removeAll();
for(Map.Entry<String, List<String>> entry: selectUrl.entrySet()){
tabbedPane.addTab(entry.getKey(), new JScrollPane(new HitRuleDataList(entry.getValue())));
}
textField.setText(hostComboBox.getSelectedItem().toString());
}
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
private JLabel hostLabel;
private JTextField hostTextField;
private JTabbedPane dataTabbedPane;
// JFormDesigner - End of variables declaration //GEN-END:variables
// 是否自动匹配Host
private static Boolean isMatchHost = false;
}
class HitRuleDataList extends JTable {
public HitRuleDataList(List<String> list){
DefaultTableModel model = new DefaultTableModel();
Object[][] data = new Object[list.size()][1];
for (int x = 0; x < list.size(); x++) {
data[x][0] = list.get(x);
}
model.setDataVector(data, new Object[]{"Information"});
this.setModel(model);
}
}

114
src/main/java/burp/ui/JTabbedPaneCloseButton.java Normal file
View File

@@ -0,0 +1,114 @@
package burp.ui;
import javax.swing.*;
import javax.swing.plaf.metal.MetalIconFactory;
import java.awt.*;
import java.awt.event.MouseEvent;
import java.awt.event.MouseListener;
/**
* @author 6dc
*
* A class which creates a JTabbedPane and auto sets a close button when you add a tab
*/
public class JTabbedPaneCloseButton extends JTabbedPane {
public JTabbedPaneCloseButton() {
super();
}
/** Override Addtab in order to add the close Button everytime */
@Override
public void addTab(String title, Icon icon, Component component, String tip) {
super.addTab(title, icon, component, tip);
int count = this.getTabCount() - 1;
setTabComponentAt(count, new CloseButtonTab(component, title, icon));
}
@Override
public void addTab(String title, Icon icon, Component component) {
addTab(title, icon, component, null);
}
@Override
public void addTab(String title, Component component) {
addTab(title, null, component);
}
public void addTab(String title,Component component,Boolean closewith){
if (closewith){
addTab(title,component);
}else{
super.addTab(title,null,component,null);
}
}
/** addTabNoExit */
public void addTabNoExit(String title, Icon icon, Component component, String tip) {
super.addTab(title, icon, component, tip);
}
public void addTabNoExit(String title, Icon icon, Component component) {
addTabNoExit(title, icon, component, null);
}
public void addTabNoExit(String title, Component component) {
addTabNoExit(title, null, component);
}
/** Button */
public class CloseButtonTab extends JPanel {
public CloseButtonTab(final Component tab, String title, Icon icon) {
setOpaque(false);
FlowLayout flowLayout = new FlowLayout(FlowLayout.CENTER, 3, 3);
setLayout(flowLayout);
JLabel jLabel = new JLabel(title);
jLabel.setIcon(icon);
add(jLabel);
JButton button = new JButton(MetalIconFactory.getInternalFrameCloseIcon(2));
button.setMargin(new Insets(0, 0, 0, 0));
button.addMouseListener(new CloseListener(tab));
add(button);
}
}
/** ClickListener */
public class CloseListener implements MouseListener
{
private final Component tab;
public CloseListener(Component tab){
this.tab=tab;
}
@Override
public void mouseClicked(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
JTabbedPane tabbedPane = (JTabbedPane) clickedButton.getParent().getParent().getParent();
tabbedPane.remove(tab);
}
}
@Override
public void mousePressed(MouseEvent e) {}
@Override
public void mouseReleased(MouseEvent e) {}
@Override
public void mouseEntered(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
}
}
@Override
public void mouseExited(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
}
}
}
}

332
src/main/java/burp/ui/MainUI.java Normal file
View File

@@ -0,0 +1,332 @@
package burp.ui;
import burp.Config;
import burp.yaml.LoadConfig;
import burp.yaml.SetConfig;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.Response;
import java.io.FileOutputStream;
import javax.swing.*;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import java.awt.*;
import java.awt.event.*;
import java.util.Map;
/**
* @author LinChen
*/
public class MainUI extends JPanel{
private final LoadConfig loadConn = new LoadConfig();
public MainUI() {
initComponents();
}
public void closeTabActionPerformed(ActionEvent e){
if (ruleTabbedPane.getTabCount()>2){
if (ruleTabbedPane.getSelectedIndex()!=0){
SetConfig setConn = new SetConfig();
setConn.deleteRules(ruleTabbedPane.getTitleAt(ruleTabbedPane.getSelectedIndex()));
ruleTabbedPane.remove(ruleTabbedPane.getSelectedIndex());
ruleTabbedPane.setSelectedIndex(ruleTabbedPane.getSelectedIndex()-1);
} else {
SetConfig setConn = new SetConfig();
setConn.deleteRules(ruleTabbedPane.getTitleAt(ruleTabbedPane.getSelectedIndex()));
ruleTabbedPane.remove(ruleTabbedPane.getSelectedIndex());
ruleTabbedPane.setSelectedIndex(ruleTabbedPane.getSelectedIndex());
}
}
}
private void onlineUpdateActionPerformed(ActionEvent e) {
String url = "https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Config.yml";
OkHttpClient httpClient = new OkHttpClient();
Request httpRequest = new Request.Builder().url(url).get().build();
try {
Response httpResponse = httpClient.newCall(httpRequest).execute();
// 获取官方规则文件,在线更新写入
String configFile = configTextField.getText();
FileOutputStream fileOutputStream = new FileOutputStream(configFile);
fileOutputStream.write(httpResponse.body().bytes());
JOptionPane.showMessageDialog(null, "Config file updated successfully!", "Error",
JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ignored) {
JOptionPane.showMessageDialog(null, "Please check your network!", "Error",
JOptionPane.ERROR_MESSAGE);
}
new LoadConfig();
reloadRule();
}
private void reloadRule(){
ruleTabbedPane.removeAll();
ruleSwitch.setListen(false);
Map<String,Object[][]> rules = LoadConfig.getRules();
rules.keySet().forEach(
i-> ruleTabbedPane.addTab(
i,
new RulePane(rules.get(i), ruleTabbedPane)
)
);
ruleTabbedPane.addTab("...", new JLabel());
ruleSwitch.setListen(true);
}
private void reloadActionPerformed(ActionEvent e) {
reloadRule();
}
private void excludeSuffixSaveActionPerformed(ActionEvent e) {
LoadConfig loadCon = new LoadConfig();
loadCon.setExcludeSuffix(excludeSuffixTextField.getText());
}
private void initComponents() {
mainTabbedPane = new JTabbedPane();
ruleTabbedPane = new JTabbedPane();
rulePanel = new JPanel();
configTextField = new JTextField();
configLabel = new JLabel();
onlineUpdateButton = new JButton();
reloadButton = new JButton();
excludeSuffixLabel = new JLabel();
excludeSuffixTextField = new JTextField();
excludeSuffixSaveButton = new JButton();
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {1.0, 1.0E-4};
{
mainTabbedPane.addTab("Rules", ruleTabbedPane);
{
rulePanel.setLayout(new GridBagLayout());
((GridBagLayout) rulePanel.getLayout()).columnWidths = new int[] {0, 0, 0, 0, 0};
((GridBagLayout) rulePanel.getLayout()).rowHeights = new int[] {0, 0, 0};
((GridBagLayout) rulePanel.getLayout()).columnWeights = new double[] {0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout) rulePanel.getLayout()).rowWeights = new double[] {0.0, 0.0, 1.0E-4};
configTextField.setEditable(false);
rulePanel.add(configTextField, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
configLabel.setText("Config Path:");
rulePanel.add(configLabel, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.WEST, GridBagConstraints.VERTICAL,
new Insets(5, 5, 5, 5), 0, 0));
onlineUpdateButton.setText("Online Update");
onlineUpdateButton.addActionListener(this::onlineUpdateActionPerformed);
rulePanel.add(onlineUpdateButton, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
reloadButton.setText("Reload");
reloadButton.addActionListener(this::reloadActionPerformed);
rulePanel.add(reloadButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
excludeSuffixLabel.setText("Exclude Suffix:");
rulePanel.add(excludeSuffixLabel, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTHWEST, GridBagConstraints.NONE,
new Insets(0, 5, 5, 5), 0, 0));
rulePanel.add(excludeSuffixTextField, new GridBagConstraints(1, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
excludeSuffixSaveButton.setText("Save");
excludeSuffixSaveButton.addActionListener(this::excludeSuffixSaveActionPerformed);
rulePanel.add(excludeSuffixSaveButton, new GridBagConstraints(2, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
}
mainTabbedPane.addTab("Config", rulePanel);
mainTabbedPane.addTab("Databoard", databoardPanel);
}
add(mainTabbedPane, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 0, 0, 0), 0, 0));
Config.ruleConfig.keySet().forEach(i-> ruleTabbedPane.addTab(i,new RulePane(Config.ruleConfig.get(i),
ruleTabbedPane)));
ruleTabbedPane.addTab("...",new JLabel());
configTextField.setText(LoadConfig.getConfigPath());
excludeSuffixTextField.setText(loadConn.getExcludeSuffix());
ruleSwitch = new TabTitleEditListener(ruleTabbedPane);
ruleTabbedPane.addChangeListener(ruleSwitch);
ruleTabbedPane.addMouseListener(ruleSwitch);
closeTabMenuItem.addActionListener(this::closeTabActionPerformed);
tabMenu.add(closeTabMenuItem);
}
private JTabbedPane mainTabbedPane;
private JTabbedPane ruleTabbedPane;
private JPanel rulePanel;
private JTextField configTextField;
private JLabel configLabel;
private JButton onlineUpdateButton;
private JButton reloadButton;
private JLabel excludeSuffixLabel;
private JTextField excludeSuffixTextField;
private JButton excludeSuffixSaveButton;
private Databoard databoardPanel = new Databoard();
protected static JPopupMenu tabMenu = new JPopupMenu();
private JMenuItem closeTabMenuItem = new JMenuItem("Delete");
private TabTitleEditListener ruleSwitch;
}
class TabTitleEditListener extends MouseAdapter implements ChangeListener, DocumentListener {
protected final JTextField ruleEditTextField = new JTextField();
protected final JTabbedPane ruleEditTabbedPane;
protected int editingIndex = -1;
protected int len = -1;
protected Boolean listen = true;
protected Dimension dim;
protected Component tabComponent;
protected Boolean isRenameOk = false;
protected SetConfig setConfig = new SetConfig();
protected final Action startEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
editingIndex = ruleEditTabbedPane.getSelectedIndex();
tabComponent = ruleEditTabbedPane.getTabComponentAt(editingIndex);
ruleEditTabbedPane.setTabComponentAt(editingIndex, ruleEditTextField);
isRenameOk = true;
ruleEditTextField.setVisible(true);
ruleEditTextField.setText(ruleEditTabbedPane.getTitleAt(editingIndex));
ruleEditTextField.selectAll();
ruleEditTextField.requestFocusInWindow();
len = ruleEditTextField.getText().length();
dim = ruleEditTextField.getPreferredSize();
ruleEditTextField.setMinimumSize(dim);
}
};
protected final Action renameTabTitle = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
String title = ruleEditTextField.getText().trim();
if (editingIndex >= 0 && !title.isEmpty()) {
String oldName = ruleEditTabbedPane.getTitleAt(editingIndex);
ruleEditTabbedPane.setTitleAt(editingIndex, title);
setConfig.rename(oldName,title);
}
cancelEditing.actionPerformed(null);
}
};
protected final Action cancelEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
if (editingIndex >= 0) {
ruleEditTabbedPane.setTabComponentAt(editingIndex, tabComponent);
ruleEditTextField.setVisible(false);
editingIndex = -1;
len = -1;
tabComponent = null;
ruleEditTextField.setPreferredSize(null);
ruleEditTabbedPane.requestFocusInWindow();
}
}
};
protected TabTitleEditListener(JTabbedPane tabbedPane) {
super();
this.ruleEditTabbedPane = tabbedPane;
ruleEditTextField.setBorder(BorderFactory.createEmptyBorder());
ruleEditTextField.addFocusListener(new FocusAdapter() {
@Override public void focusLost(FocusEvent e) {
renameTabTitle.actionPerformed(null);
}
});
InputMap im = ruleEditTextField.getInputMap(JComponent.WHEN_FOCUSED);
ActionMap am = ruleEditTextField.getActionMap();
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0), "cancel-editing");
am.put("cancel-editing", cancelEditing);
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "rename-tab-title");
am.put("rename-tab-title", renameTabTitle);
ruleEditTextField.getDocument().addDocumentListener(this);
tabbedPane.getInputMap(JComponent.WHEN_FOCUSED).put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "start-editing");
tabbedPane.getActionMap().put("start-editing", startEditing);
}
@Override public void stateChanged(ChangeEvent e) {
if (e.getSource() instanceof JTabbedPane && listen) {
JTabbedPane pane = (JTabbedPane) e.getSource();
if (!isRenameOk){
if (pane.getSelectedIndex() == pane.getComponentCount()-1){
newTab();
}
}else{
if (pane.getSelectedIndex() == pane.getComponentCount()-2){
newTab();
}
}
}
renameTabTitle.actionPerformed(null);
}
public void newTab(){
Object[][] data = new Object[][]{{false, "New Name", "(New Regex)", "gray", "any", "nfa", false}};
insertTab(ruleEditTabbedPane, setConfig.newRules(),data);
}
public void insertTab(JTabbedPane pane,String title,Object[][] data){
pane.addTab(title,new RulePane(data,pane));
pane.remove(pane.getSelectedIndex());
pane.addTab("...",new JLabel());
}
public void setListen(Boolean listen){
this.listen = listen;
}
@Override public void insertUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void removeUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void changedUpdate(DocumentEvent e) {}
@Override public void mouseClicked(MouseEvent e) {
switch (e.getButton()){
case 1:
{
Rectangle r = ruleEditTabbedPane.getBoundsAt(ruleEditTabbedPane.getSelectedIndex());
boolean isDoubleClick = e.getClickCount() >= 2;
if (isDoubleClick && r.contains(e.getPoint())) {
startEditing.actionPerformed(null);
} else {
renameTabTitle.actionPerformed(null);
}
break;
}
case 3:{
MainUI.tabMenu.show(e.getComponent(),e.getX(),e.getY());
break;
}
default:
break;
}
}
protected void updateTabSize() {
ruleEditTextField.setPreferredSize(ruleEditTextField.getText().length() > len ? null : dim);
ruleEditTabbedPane.revalidate();
}
}

211
src/main/java/burp/ui/RulePane.java Normal file
View File

@@ -0,0 +1,211 @@
package burp.ui;
import burp.yaml.SetConfig;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import javax.swing.*;
import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.util.Vector;
/**
* @author LinChen
*/
public class RulePane extends JPanel {
public RulePane(Object[][] data, JTabbedPane pane) {
initComponents(data, pane);
}
private SetConfig setConfig = new SetConfig();
private Boolean isEdit = false;
private void ruleAddActionPerformed(ActionEvent e, JTabbedPane pane) {
RuleSetting ruleSettingPanel = new RuleSetting();
int showState = JOptionPane.showConfirmDialog(null, ruleSettingPanel, "RuleSetting - Add Rule", JOptionPane.OK_OPTION);
if(showState == 0){
Vector ruleData = new Vector();
ruleData.add(false);
ruleData.add(ruleSettingPanel.ruleNameTextField.getText());
ruleData.add(ruleSettingPanel.regexTextField.getText());
ruleData.add(ruleSettingPanel.colorComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.scopeComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.engineComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.sensitiveComboBox.getSelectedItem());
model.insertRow(model.getRowCount(), ruleData);
model = (DefaultTableModel) ruleTable.getModel();
setConfig.add(ruleData, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void ruleEditActionPerformed(ActionEvent e, JTabbedPane pane){
if (ruleTable.getSelectedRowCount() >= 1){
RuleSetting ruleSettingPanel = new RuleSetting();
ruleSettingPanel.ruleNameTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 1).toString());
ruleSettingPanel.regexTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 2).toString());
ruleSettingPanel.colorComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 3).toString());
ruleSettingPanel.scopeComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 4).toString());
ruleSettingPanel.engineComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 5).toString());
ruleSettingPanel.sensitiveComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(),6));
ruleSettingPanel.sensitiveComboBox.setEnabled(
ruleSettingPanel.engineComboBox.getSelectedItem().toString().equals("nfa")
);
int showState = JOptionPane.showConfirmDialog(null, ruleSettingPanel, "RuleSetting - Edit Rule", JOptionPane.OK_OPTION);
if (showState == 0){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.setValueAt(ruleSettingPanel.ruleNameTextField.getText(), select, 1);
model.setValueAt(ruleSettingPanel.regexTextField.getText(), select, 2);
model.setValueAt(ruleSettingPanel.colorComboBox.getSelectedItem().toString(), select, 3);
model.setValueAt(ruleSettingPanel.scopeComboBox.getSelectedItem().toString(), select, 4);
model.setValueAt(ruleSettingPanel.engineComboBox.getSelectedItem().toString(), select, 5);
model.setValueAt(ruleSettingPanel.sensitiveComboBox.getSelectedItem(), select, 6);
model = (DefaultTableModel) ruleTable.getModel();
setConfig.edit((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleRemoveActionPerformed(ActionEvent e, JTabbedPane pane){
if (ruleTable.getSelectedRowCount() >= 1){
int isOk = JOptionPane.showConfirmDialog(null, "Are your sure?", "RuleSetting - Delete Rule", JOptionPane.OK_OPTION);
if (isOk == 0){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.removeRow(select);
model = (DefaultTableModel) ruleTable.getModel();
setConfig.remove(select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleTableChange(TableModelEvent e, JTabbedPane pane) {
if (e.getColumn() == 0 && ruleTable.getSelectedRow() != -1 && !isEdit){
model = (DefaultTableModel) ruleTable.getModel();
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
setConfig.edit((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void initComponents(Object[][] data, JTabbedPane pane) {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
addButton = new JButton();
editButton = new JButton();
scrollPane = new JScrollPane();
ruleTable = new JTable();
removeButton = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 0.0, 0.0, 1.0, 1.0E-4};
//---- addButton ----
addButton.setText("Add");
addButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleAddActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(addButton, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 3, 2), 0, 0));
//---- editButton ----
editButton.setText("Edit");
editButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleEditActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(editButton, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
//======== scrollPane ========
{
//---- table ----
ruleTable.setShowVerticalLines(false);
ruleTable.setVerifyInputWhenFocusTarget(false);
ruleTable.setUpdateSelectionOnSort(false);
ruleTable.setShowHorizontalLines(false);
ruleTable.setModel(new DefaultTableModel());
ruleTable.setSurrendersFocusOnKeystroke(true);
scrollPane.setViewportView(ruleTable);
}
add(scrollPane, new GridBagConstraints(1, 0, 1, 4, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 5, 5), 0, 0));
//---- removeButton ----
removeButton.setText("Remove");
removeButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleRemoveActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(removeButton, new GridBagConstraints(0, 2, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
// JFormDesigner - End of component initialization //GEN-END:initComponents
ruleTable.setModel(model);
model.setDataVector(data, title);
model.addTableModelListener(new TableModelListener() {
@Override
public void tableChanged(TableModelEvent e) {
ruleTableChange(e, pane);
}
});
ruleTable.setRowSorter(new TableRowSorter(model));
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
public JButton addButton;
public JButton editButton;
public JScrollPane scrollPane;
public JTable ruleTable;
public JButton removeButton;
// JFormDesigner - End of variables declaration //GEN-END:variables
private final String[] title = new String[]{"Loaded", "Name", "Regex", "Color", "Scope", "Engine", "Sensitive"};
private DefaultTableModel model = new DefaultTableModel() {
@Override
public Class<?> getColumnClass (int column){
if (column == 0) {
return Boolean.class;
}else{
return String.class;
}
}
@Override
public boolean isCellEditable(int row, int column){
return column == 0;
}
};
}

118
src/main/java/burp/ui/RuleSetting.java Normal file
View File

@@ -0,0 +1,118 @@
package burp.ui;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import javax.swing.*;
import java.awt.*;
import burp.Config;
/**
* @author LinChen
*/
public class RuleSetting extends JPanel {
public RuleSetting() {
initComponents();
}
public void initComponents() {
sensitiveLabel = new JLabel();
engineLabel = new JLabel();
scopeLabel = new JLabel();
regexTextField = new JTextField();
regexLabel = new JLabel();
nameLabel = new JLabel();
ruleNameTextField = new JTextField();
scopeComboBox = new JComboBox<>();
engineComboBox = new JComboBox<>();
colorLabel = new JLabel();
colorComboBox = new JComboBox<>();
sensitiveComboBox = new JComboBox<>();
setLayout(null);
engineLabel.setText("Engine:");
add(engineLabel);
engineLabel.setBounds(new Rectangle(new Point(10, 175), engineLabel.getPreferredSize()));
sensitiveLabel.setText("Sensitive:");
add(sensitiveLabel);
sensitiveLabel.setBounds(new Rectangle(new Point(10,215), sensitiveLabel.getPreferredSize()));
scopeLabel.setText("Scope:");
add(scopeLabel);
scopeLabel.setBounds(new Rectangle(new Point(10, 135), scopeLabel.getPreferredSize()));
add(regexTextField);
regexTextField.setBounds(70, 50, 265, 30);
regexLabel.setText("Regex:");
add(regexLabel);
regexLabel.setBounds(new Rectangle(new Point(10, 55), regexLabel.getPreferredSize()));
nameLabel.setText("Name:");
add(nameLabel);
nameLabel.setBounds(new Rectangle(new Point(10, 15), nameLabel.getPreferredSize()));
add(ruleNameTextField);
ruleNameTextField.setBounds(70, 10, 265, 30);
scopeComboBox.setModel(new DefaultComboBoxModel<>(Config.scopeArray));
add(scopeComboBox);
scopeComboBox.setBounds(70, 130, 265, scopeComboBox.getPreferredSize().height);
engineComboBox.setModel(new DefaultComboBoxModel<>(Config.engineArray));
engineComboBox.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
String engineValue = engineComboBox.getSelectedItem().toString();
if (engineValue.equals("nfa")) {
sensitiveComboBox.setEnabled(true);
} else {
sensitiveComboBox.setEnabled(false);
}
}
});
add(engineComboBox);
engineComboBox.setBounds(70, 170, 265, engineComboBox.getPreferredSize().height);
colorLabel.setText("Color:");
add(colorLabel);
colorLabel.setBounds(new Rectangle(new Point(10, 95), colorLabel.getPreferredSize()));
colorComboBox.setModel(new DefaultComboBoxModel<>(Config.colorArray));
add(colorComboBox);
colorComboBox.setBounds(70, 90, 265, colorComboBox.getPreferredSize().height);
sensitiveComboBox.setModel(new DefaultComboBoxModel<>(new Boolean[]{true, false}));
add(sensitiveComboBox);
sensitiveComboBox.setBounds(70,210,265,sensitiveComboBox.getPreferredSize().height);
{
Dimension preferredSize = new Dimension();
for(int i = 0; i < getComponentCount(); i++) {
Rectangle bounds = getComponent(i).getBounds();
preferredSize.width = Math.max(bounds.x + bounds.width, preferredSize.width);
preferredSize.height = Math.max(bounds.y + bounds.height, preferredSize.height);
}
Insets insets = getInsets();
preferredSize.width += insets.right;
preferredSize.height += insets.bottom;
setMinimumSize(preferredSize);
setPreferredSize(preferredSize);
}
}
private JLabel engineLabel;
private JLabel sensitiveLabel;
private JLabel scopeLabel;
public JTextField regexTextField;
private JLabel regexLabel;
private JLabel nameLabel;
public JTextField ruleNameTextField;
public JComboBox<String> scopeComboBox;
public JComboBox<String> engineComboBox;
private JLabel colorLabel;
public JComboBox<String> colorComboBox;
public JComboBox<Boolean> sensitiveComboBox;
}

162
src/main/java/burp/yaml/LoadConfig.java Normal file
View File

@@ -0,0 +1,162 @@
package burp.yaml;
import burp.Config;
import burp.yaml.template.*;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.ArrayList;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.representer.Representer;
import org.yaml.snakeyaml.nodes.Tag;
public class LoadConfig {
private static final Yaml yaml = new Yaml();
private static String HaEConfigPath = String.format("%s/.config/HaE", System.getProperty("user.home"));
private static String SettingPath = String.format("%s/%s", HaEConfigPath, "Setting.yml");
private static String ConfigPath = String.format("%s/%s", HaEConfigPath, "Config.yml");
public LoadConfig() {
// 构造函数,初始化配置
File HaEConfigPathFile = new File(HaEConfigPath);
if (!(HaEConfigPathFile.exists() && HaEConfigPathFile.isDirectory())) {
HaEConfigPathFile.mkdirs();
}
File settingPathFile = new File(SettingPath);
if (!(settingPathFile.exists() && settingPathFile.isFile())) {
initSetting();
initRules();
}
Config.ruleConfig = LoadConfig.getRules();
}
// 初始化设置信息
public void initSetting() {
Map<String, Object> r = new HashMap<>();
r.put("configPath", ConfigPath);
r.put("excludeSuffix", getExcludeSuffix());
try {
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath), StandardCharsets.UTF_8);
yaml.dump(r, ws);
} catch (Exception ex) {
ex.printStackTrace();
}
}
// 初始化规则配置
public void initRules() {
Rule rule = new Rule();
rule.setLoaded(true);
rule.setName("Email");
rule.setColor("yellow");
rule.setEngine("nfa");
rule.setScope("response");
rule.setRegex("(([a-zA-Z0-9][_|\\.])*[a-zA-Z0-9]+@([a-zA-Z0-9][-|_|\\.])*[a-zA-Z0-9]+\\.((?!js|css|jpg|jpeg|png|ico)[a-zA-Z]{2,}))");
rule.setSensitive(false);
Rules rules = new Rules();
rules.setType("Basic Information");
ArrayList<Rule> rl = new ArrayList<>();
rl.add(rule);
rules.setRule(rl);
ArrayList<Rules> rls = new ArrayList<>();
rls.add(rules);
RulesConfig config = new RulesConfig();
config.setRules(rls);
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
representer.addClassTag(Config.class, Tag.MAP);
Yaml yaml = new Yaml(new Constructor(),representer,dop);
File f = new File(ConfigPath);
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(f), StandardCharsets.UTF_8);
yaml.dump(config,ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
// 获取配置路径
public static String getConfigPath(){
try {
InputStream inorder = new FileInputStream(SettingPath);
Map<String,Object> r = yaml.load(inorder);
return r.get("configPath").toString();
} catch (FileNotFoundException e) {
e.printStackTrace();
return ConfigPath;
}
}
// 获取不包含的后缀名
public String getExcludeSuffix(){
String excludeSuffix = "";
File yamlSetting = new File(SettingPath);
if (yamlSetting.exists() && yamlSetting.isFile()) {
try {
InputStream inorder = new FileInputStream(SettingPath);
Map<String,Object> r = yaml.load(inorder);
excludeSuffix = r.get("excludeSuffix").toString();
} catch (Exception e) {
// e.printStackTrace();
excludeSuffix = "";
}
} else {
excludeSuffix = Config.excludeSuffix;
}
return excludeSuffix;
}
// 获取规则配置
public static Map<String,Object[][]> getRules(){
InputStream inorder = null;
{
try {
inorder = new FileInputStream(getConfigPath());
} catch (FileNotFoundException e) {
e.printStackTrace();
}
}
Yaml yaml = new Yaml(new Constructor(RulesConfig.class));
RulesConfig rulesConfig = yaml.loadAs(inorder, RulesConfig.class);
Map<String,Object[][]> resRule = new HashMap<>();
rulesConfig.rules.forEach(i->{
ArrayList<Object[]> data = new ArrayList<>();
i.rule.forEach(j->{
try {
data.add(j.getRuleObject());
}catch (Exception e){
e.printStackTrace();
}
});
resRule.put(i.getType(), data.toArray(new Object[data.size()][]));
});
return resRule;
}
// 设置不包含的后缀名
public void setExcludeSuffix(String excludeSuffix){
Map<String,Object> r = new HashMap<>();
r.put("configPath", getConfigPath());
r.put("excludeSuffix", excludeSuffix);
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath), StandardCharsets.UTF_8);
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
}

12
src/main/java/burp/yaml/RulesConfig.java Normal file
View File

@@ -0,0 +1,12 @@
package burp.yaml;
import java.util.List;
import burp.yaml.template.Rules;
public class RulesConfig {
public List<Rules> rules;
public void setRules(List<Rules> rules) {
this.rules = rules;
}
}

101
src/main/java/burp/yaml/SetConfig.java Normal file
View File

@@ -0,0 +1,101 @@
package burp.yaml;
import burp.Config;
import burp.yaml.template.Rule;
import burp.yaml.template.Rules;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.nodes.Tag;
import org.yaml.snakeyaml.representer.Representer;
import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.util.*;
public class SetConfig {
public void format() {
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
representer.addClassTag(RulesConfig.class, Tag.MAP);
Yaml yaml = new Yaml(new Constructor(), representer, dop);
RulesConfig con = new RulesConfig();
List<Rules> rls = new ArrayList<>();
Config.ruleConfig.keySet().forEach(i->
{
Rules rlsTmp = new Rules();
rlsTmp.setType(i);
List<Rule> rl = new ArrayList<>();
for (Object[] objects : Config.ruleConfig.get(i)) {
Rule rlTmp = new Rule();
rlTmp.setName((String) objects[1]);
rlTmp.setLoaded((Boolean) objects[0]);
rlTmp.setRegex((String) objects[2]);
rlTmp.setColor((String) objects[3]);
rlTmp.setScope((String) objects[4]);
rlTmp.setEngine((String) objects[5]);
rlTmp.setSensitive((Boolean) objects[6]);
rl.add(rlTmp);
}
rlsTmp.setRule(rl);
rls.add(rlsTmp);
});
con.setRules(rls);
File f = new File(LoadConfig.getConfigPath());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(f), StandardCharsets.UTF_8);
yaml.dump(con,ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
public void edit(Vector data, int select, String type) {
Config.ruleConfig.get(type)[select] = data.toArray();
this.format();
}
public void add(Vector data, String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.ruleConfig.get(type)));
x.add(data.toArray());
Config.ruleConfig.put(type,x.toArray(new Object[x.size()][]));
this.format();
}
public void remove(int select,String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.ruleConfig.get(type)));
x.remove(select);
Config.ruleConfig.put(type,x.toArray(new Object[x.size()][]));
this.format();
}
public void rename(String oldName, String newName) {
Config.ruleConfig.put(newName, Config.ruleConfig.remove(oldName));
this.format();
}
public void deleteRules(String Rules) {
Config.ruleConfig.remove(Rules);
this.format();
}
public String newRules() {
int i = 0;
String name = "New ";
Object[][] data = new Object[][]{
{
false, "New Name", "(New Regex)", "gray", "any", "nfa", false
}
};
while (Config.ruleConfig.containsKey(name + i)) {
i++;
}
Config.ruleConfig.put(name + i, data);
this.format();
return name + i;
}
}

93
src/main/java/burp/yaml/template/Rule.java Normal file
View File

@@ -0,0 +1,93 @@
package burp.yaml.template;
import java.util.HashMap;
import java.util.Map;
/**
* @author LinChen
*/
public class Rule {
private String Name;
private Boolean Loaded;
private String Regex;
private String Color;
private String Engine;
private String Scope;
private Boolean Sensitive;
public Boolean getLoaded() {
return Loaded;
}
public String getColor() {
return Color;
}
public String getEngine() {
return Engine;
}
public String getName() {
return Name;
}
public String getRegex() {
return Regex;
}
public String getScope() {
return Scope;
}
public Boolean getSensitive(){
return Sensitive = Sensitive;
}
public void setLoaded(Boolean loaded) {
this.Loaded = loaded;
}
public void setColor(String color) {
this.Color = color;
}
public void setEngine(String engine) {
this.Engine = engine;
}
public void setName(String name) {
this.Name = name;
}
public void setRegex(String regex) {
this.Regex = regex;
}
public void setScope(String scope) {
this.Scope = scope;
}
public void setSensitive(Boolean sensitive){
this.Sensitive = sensitive;
}
public Object[] getRuleObject() {
return new Object[] { Loaded, Name, Regex, Color, Scope, Engine,Sensitive };
}
public Map<String, Object> getRuleObjMap(){
Map<String,Object> r = new HashMap<>();
r.put("Loaded", Loaded);
r.put("Name", Name);
r.put("Regex", Regex);
r.put("Color", Color);
r.put("Scope", Scope);
r.put("Engine", Engine);
r.put("Sensitive", Sensitive);
return r;
}
@Override
public String toString() {
return "{ \nLoaded: " + Loaded + "\nName: " + Name + "\nRegex: " + Regex + "\nColor: " + Color + "\nScope: " + Scope + "\nEngine: " + Engine + "\nSensitive: " + Sensitive + "\n }";
}
}

37
src/main/java/burp/yaml/template/Rules.java Normal file
View File

@@ -0,0 +1,37 @@
package burp.yaml.template;
import burp.yaml.template.Rule;
import java.util.List;
/**
* @author LinChen
*/
public class Rules {
private String type;
public List<Rule> rule;
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public List<Rule> getRule() {
return rule;
}
public void setRule(List<Rule> rule) {
this.rule = rule;
}
public void setRuleObj(){}
@Override
public String toString(){
return "{ type: "+type+"\n config: "+ rule +"}\n";
}
}