admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:2.2.2
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
...
compare: admin:3.0
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

88 Commits
2.2.2 ... 3.0

Author SHA1 Message Date
gh0stkey
ba079ab1d8 Version: 3.0 Update 2024-05-06 12:56:56 +08:00
EvilChen
a96dab6615 Update issue templates 2024-05-06 11:36:06 +08:00
gh0stkey
ad1a14b27e Version: 2.6.1 Update 2024-03-22 15:34:53 +08:00
gh0stkey
3a536a52de Version: 2.6 Update 2024-02-02 19:07:03 +08:00
ᴋᴇʏ
ea87c53958 Update issue templates 2024-01-26 20:05:43 +08:00
gh0stkey
e08b930fb5 Version: 2.5.11 Update 2024-01-18 12:07:20 +08:00
gh0stkey
49647d68d0 Version: 2.5.10 Update 2023-12-12 14:54:16 +08:00
gh0stkey
1c63841140 Version: 2.5.10 Update 2023-12-12 14:19:50 +08:00
gh0stkey
105c506039 Version: 2.5.10 Update 2023-12-12 14:19:28 +08:00
gh0stkey
f1941bccd7 Version: 2.5.9 Update 2023-11-28 15:26:25 +08:00
gh0stkey
d38e70523a Version: 2.5.9 Update 2023-11-28 09:11:56 +08:00
gh0stkey
1f7651c114 Version: 2.5.9 Update 2023-11-27 15:09:31 +08:00
gh0stkey
fc9a253d2b Version: 2.5.9 Update 2023-11-27 14:55:28 +08:00
ᴋᴇʏ
4cbcc1bcc4 Update issue templates 2023-11-27 09:11:52 +08:00
gh0stkey
765807de6e Version: 2.5.8 Update 2023-11-16 19:44:27 +08:00
gh0stkey
548315e163 Version: 2.5.8 Update 2023-11-16 19:33:38 +08:00
ᴋᴇʏ
d3ab207825 Update issue templates 2023-11-16 14:31:15 +08:00
ᴋᴇʏ
44260dd4ff Update issue templates 2023-11-16 14:27:15 +08:00
gh0stkey
cf3ac4978f Update README.md 2023-11-15 13:18:50 +08:00
gh0stkey
9c8dad8ac0 Version: 2.5.7 Update 2023-11-13 08:59:53 +08:00
gh0stkey
5cd216e45d Version: 2.5.7 Update 2023-11-13 08:28:44 +08:00
gh0stkey
87c5f713fa Version: 2.5.6 Update 2023-11-07 12:05:55 +08:00
gh0stkey
a0946bb723 Version: 2.5.6 Update 2023-11-07 11:32:44 +08:00
gh0stkey
bcb5177b54 Version: 2.5.6 Update 2023-11-07 11:15:20 +08:00
gh0stkey
0225c00f69 Version: 2.5.5 Update 2023-10-26 14:17:56 +08:00
gh0stkey
eafae602b8 Version: 2.5.4.1 2023-10-25 16:02:07 +08:00
gh0stkey
e56d8eb5d5 Version: 2.5.4 Update 2023-10-24 17:54:44 +08:00
gh0stkey
681cce0644 Version: 2.5.4 Update 2023-10-24 17:51:21 +08:00
gh0stkey
d43809e25f Version: 2.5.3 Update 2023-10-23 21:59:08 +08:00
gh0stkey
567dea6c60 Version: 2.5.3 Update 2023-10-23 21:51:12 +08:00
ᴋᴇʏ
8c388510c5 Version: 2.5.2 Update 2023-10-19 22:57:40 +08:00
ᴋᴇʏ
e22596819b Version: 2.5.2 Update 2023-10-19 22:46:11 +08:00
ᴋᴇʏ
d2cd7a0d03 Version: 2.5.2 Update 2023-10-19 22:45:44 +08:00
ᴋᴇʏ
67afe1f650 Version: 2.5.2 Update 2023-10-19 22:44:34 +08:00
ᴋᴇʏ
0602346249 Version: 2.5.2 Update 2023-10-19 22:43:29 +08:00
ᴋᴇʏ
953b966961 Version: 2.5.2 Update 2023-10-19 22:42:54 +08:00
ᴋᴇʏ
4c23d62576 Version: 2.5.2 Update 2023-10-19 22:41:50 +08:00
ᴋᴇʏ
6e9b8c8f37 Version: 2.5.2 Update 2023-10-19 22:41:14 +08:00
ᴋᴇʏ
ed58d891d5 Version: 2.5.2 Update 2023-10-19 22:40:06 +08:00
ᴋᴇʏ
33f5cab037 Version: 2.5.2 Update 2023-10-19 22:38:50 +08:00
ᴋᴇʏ
8b79c71df9 Version: 2.5.1 Update 2023-10-18 17:28:07 +08:00
ᴋᴇʏ
9ea0e4be9c Version: 2.5.1 Update 2023-10-18 17:08:09 +08:00
ᴋᴇʏ
41f197bcb2 Version: 2.5.1 Update 2023-10-18 15:17:45 +08:00
ᴋᴇʏ
31e419aed2 Version: 2.5.1 Update 2023-10-18 15:14:48 +08:00
ᴋᴇʏ
cf90a9366a Version: 2.5.1 Update 2023-10-18 15:14:33 +08:00
ᴋᴇʏ
6546446e4f Add files via upload 2023-10-18 00:51:20 +08:00
ᴋᴇʏ
6c4073c8ee Version: 2.5.1 Update 2023-10-18 00:51:01 +08:00
ᴋᴇʏ
1e1d51921d Version: 2.5.1 Update 2023-10-18 00:50:05 +08:00
ᴋᴇʏ
9135b8cbd2 Add files via upload 2023-10-18 00:49:02 +08:00
ᴋᴇʏ
cc7956d8dc Version: 2.5.1 Update 2023-10-18 00:48:12 +08:00
ᴋᴇʏ
405efdd5da Version: 2.5.1 Update 2023-10-18 00:47:41 +08:00
ᴋᴇʏ
0bb425f00b Version: 2.5.1 Update 2023-10-18 00:47:34 +08:00
ᴋᴇʏ
0bdff6fe28 Version: 2.5.1 Update 2023-10-18 00:46:21 +08:00
ᴋᴇʏ
6bd153d16a Version: 2.5.1 Update 2023-10-18 00:45:22 +08:00
ᴋᴇʏ
b12f9355fa Version: 2.5.1 Update 2023-10-18 00:44:50 +08:00
ᴋᴇʏ
fa9dcfc3d2 Version: 2.5.1 Update 2023-10-18 00:43:39 +08:00
ᴋᴇʏ
2e23388925 Version: 2.5.1 Update 2023-10-18 00:42:46 +08:00
ᴋᴇʏ
06fd54c9ce Delete BurpExtender.java 2023-10-18 00:42:22 +08:00
ᴋᴇʏ
0707a773c8 Version: 2.5.1 Update 2023-10-18 00:41:51 +08:00
ᴋᴇʏ
d0f49f8e6c Version: 2.5.1 Update 2023-10-18 00:40:37 +08:00
gh0stkey
5404c90c00 Update 2023-10-12 21:51:49 +08:00
gh0stkey
e68619d1c2 Version: 2.5 Update 2023-10-12 21:38:27 +08:00
gh0stkey
dd08ffaaa2 Update 2023-10-09 14:26:03 +08:00
gh0stkey
d9aeda4cc3 Update README.md 2023-10-09 14:25:14 +08:00
gh0stkey
e1c05ba10d Version: 2.4.7 Update 2023-09-28 01:48:51 +08:00
gh0stkey
6a17064b3a Version: 2.4.7 Update 2023-09-28 01:42:09 +08:00
gh0stkey
e698bb1caa Version: 2.4.7 Update 2023-09-28 01:23:36 +08:00
gh0stkey
a69503ca3d Version: 2.4.7 Update 2023-09-27 23:55:02 +08:00
AnonymousUser
d590d4a70e Version: 2.4.6 Update 2023-02-22 17:36:50 +08:00
AnonymousUser
548339fa58 Version: 2.4.6 Update 2023-02-22 17:25:55 +08:00
AnonymousUser
df4496d4fd Version: 2.4.5 Update 2022-12-18 16:12:16 +08:00
AnonymousUser
48e355ac54 Update 2022-12-18 15:09:28 +08:00
AnonymousUser
b784aa1425 Version: 2.4.4 Update 2022-09-26 18:49:35 +08:00
AnonymousUser
440b3b1504 Version: 2.4.3 Update 2022-09-20 10:33:00 +08:00
ᴋᴇʏ
a8f1798c7b Update README.md 2022-07-25 10:56:33 +08:00
AnonymousUser
225ee471ec Version: 2.4.2 Update 2022-07-15 10:12:34 +08:00
AnonymousUser
5097124867 Version: 2.4.1 Update 2022-06-29 16:05:51 +08:00
AnonymousUser
7e0e3054be Version: 2.4.1 Update 2022-06-29 15:17:42 +08:00
ᴋᴇʏ
17a84fc19e Update README.md 2022-06-24 11:11:27 +08:00
ᴋᴇʏ
1573d563eb Update README.md 2022-06-23 22:31:39 +08:00
ᴋᴇʏ
515f7b33f0 Update README.md 2022-06-23 22:26:51 +08:00
AnonymousUser
1dc510d576 Version: 2.4 Update 2022-06-23 15:48:22 +08:00
AnonymousUser
f401214524 Version: 2.4 Update 2022-06-23 15:34:22 +08:00
ᴋᴇʏ
7ebba02200 Update README.md 2022-06-22 10:26:36 +08:00
AnonymousUser
93f5c73aac Update 2022-06-22 10:20:44 +08:00
AnonymousUser
60b261d6ef Update 2022-06-21 17:06:45 +08:00
AnonymousUser
c84ebf3a9d Version: 2.3 Update 2022-05-27 13:29:32 +08:00
AnonymousUser
15f84028bb Version: 2.2.3 Update 2022-05-12 11:00:55 +08:00
58 changed files with 3261 additions and 1833 deletions
Expand all files Collapse all files

28
.github/ISSUE_TEMPLATE/问题反馈.md vendored Normal file
View File

@@ -0,0 +1,28 @@
---
name: 问题反馈
about: 尽可能详细的描述问题并反馈
title: "[BUG] "
labels: bug
assignees: ''
---
## 使用环境
```
HaE版本
是否有自定义的HaE规则
BurpSuite版本
JDK版本
操作系统版本:
```
## 问题详情
问题描述:
出现的场景:
## 解决建议
无。

116
README.md
View File

@@ -1,94 +1,76 @@
# HaE - Highlighter and Extractor
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://gh0st.cn/HaE/">赋能白帽,高效作战!</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a>(中孚信息元亨实验室), 第二作者: <a href="https://github.com/0chencc">0chencc</a>(米斯特安全团队)</h5>
</div>
核心功能作者: [@EvilChen](https://github.com/gh0stkey)
## 项目介绍
架构作者: [@0chencc](https://github.com/0Chencc)
**HaE**是一款网络安全数据安全领域下的辅助型框架式项目旨在实现对HTTP消息包含WebSocket的高亮标记和信息提取。本项目通过自定义正则表达式匹配响应报文或请求报文并对匹配成功的报文进行标记和提取。
## 公共规则 & 打赏
> 随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
公共规则下载地址https://gh0st.cn/HaE/
**注意事项**:
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
![](images/reward.jpeg)
## 介绍
**HaE**是基于 `BurpSuite` 插件 `JavaAPI` 开发的请求高亮标记与信息提取的辅助型插件。
![-w1070](images/16000706401522.jpg)
该插件可以通过自定义正则的方式匹配**响应报文或请求报文**,可以自行决定符合该自定义正则匹配的相应请求是否需要高亮标记、信息提取。
**注**: `HaE`的使用,对测试人员来说需要基本的正则表达式基础,由于`Java`正则表达式的库并没有`Python`的优雅或方便在使用正则的HaE要求使用者必须使用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
1. 由于HaE 3.0版本开始采用`Montoya API`进行开发因此使用新版HaE需要升级你的BurpSuite版本>=2023.12.1)。
2. 自定义HaE规则必须用左右括号`()`将所需提取的表达式内容包含,例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`在HaE的规则中就需要变成`(rememberMe=delete)`
## 使用方法
插件装载: `Extender - Extensions - Add - Select File - Next`
初次装载`HaE`初始化配置文件,默认配置文件内置一个正则: `Email`,初始化的配置文件会放在与`BurpSuite Jar`包同级目录下
初次装载`HaE`自动获取官方规则库`https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml`,配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下
除了初始化的配置文件外,还有`Setting.yml`,该文件用于存储配置文件路径;`HaE`支持自定义配置文件路径,你可以通过点击`Select File`按钮进行选择自定义配置文件。
1. Linux/Mac用户的配置文件目录`~/.config/HaE/`
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
![-w477](images/16000710069404.jpg)
除此之外,您也可以选择将配置文件存放在`HaE Jar包`的同级目录下的`/.config/HaE/`中,**以便于离线携带**。
## 插件优点
### 规则释义
1. 多选项自定义控制适配需求
2. 多颜色高亮分类将BurpSuite的所有高亮颜色集成: `red, orange, yellow, green, cyan, blue, pink, magenta, gray`
3. **颜色升级算法**: 利用下标的方式进行优先级排序当满足2个同颜色条件则以优先级顺序上升颜色例如: **两个正则,颜色为橘黄色,该请求两个正则都匹配到了,那么将升级为红色**
4. 配置文件采用YAML格式存储更加便于阅读和修改
5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象
6. **支持标签分页**,点击`...`即可添加新的标签页,对着标签页右键即可删除
7. 高亮信息添加的同时添加Comment便于查找请求
HaE目前的规则一共有8个字段分别是规则名称、规则正则、规则作用域、正则引擎、规则匹配颜色、规则敏感性。
![-w477](images/16000720732851.jpg)
详细的含义如下所示:
## 实际使用
使用 RGPerson 生成测试数据,放入网站根目录文件中:
![-w467](images/16000719723284.jpg)
访问该地址,在`Proxy - HTTP History`中可以看见高亮请求,响应标签页中含有`MarkINFO`标签,其中将匹配到的信息提取了出来。
![-w1047](images/16000720732854.png)
| 字段 | 含义 |
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Name | 规则名称,主要用于简短概括当前规则的作用。 |
| F-Regex | 规则正则主要用于填写正则表达式。在HaE中所需提取匹配的内容需要用`(``)`将正则表达式进行包裹。|
| S-Regex | 规则正则作用及使用同F-Regex。S-Regex为二次正则可以用于对F-Regex匹配的数据结果进行二次的匹配提取如不需要的情况下可以留空。|
| Format | 格式化输出在NFA引擎的正则表达式中我们可以通过`{0}``{1}``{2}`…的方式进行取分组格式化输出。默认情况下使用`{0}`即可。 |
| Scope | 规则作用域主要用于表示当前规则作用于HTTP报文的哪个部分。 |
| Engine | 正则引擎,主要用于表示当前规则的正则表达式所使用的引擎。**DFA引擎**:对于文本串里的每一个字符只需扫描一次,速度快、特性少;**NFA引擎**:要翻来覆去标注字符、取消标注字符,速度慢,但是特性(如:分组、替换、分割)丰富。 |
| Color | 规则匹配颜色主要用于表示当前规则匹配到对应HTTP报文时所需标记的高亮颜色。在HaE中具备颜色升级算法当出现相同颜色时会自动向上升级一个颜色进行标记。 |
| Sensitive | 规则敏感性,主要用于表示当前规则对于大小写字母是否敏感,敏感(`True`)则严格按照大小写要求匹配,不敏感(`False`)则反之。 |
## 正则优化
## 优势特点
有些正则在实战应用场景中并不理想
1. 精细配置:高度自由的配置选项,以满足各类精细化场景需求。
2. 分类标签:使用标签对规则进行分类,便于管理和组织规则。
3. 高亮标记在HTTP History页面通过颜色高亮和注释判断请求的价值。
4. 易读配置使用易读的YAML格式存储配置文件方便阅读和修改。
5. 数据集合:将匹配到的数据、请求和响应集中在数据面板中,提高测试和梳理效率。
6. 简洁可视清晰可视的界面设计更轻松地了解和配置HaE操作简单、使用便捷。
7. 颜色升级:内置颜色升级算法,避免“屠龙者终成恶龙”场景,突出最具价值的请求。
8. 实战规则:官方规则库是基于实战化场景总结输出,提升数据发现的有效性、精准性。
在正则匹配手机号、身份证号码的时候(纯数字类)会存在一些误报(这里匹配身份证号码无法进行校验,误报率很高),但手机号处理这一块可以解决:
| 界面名称 | 界面展示 |
| ------------------------ | ---------------------------------------------------- |
| Rules规则管理 | <img src="images/rules.png" style="width: 80%" /> |
| Config配置管理 | <img src="images/config.png" style="width: 80%" /> |
| Databoard数据集合 | <img src="images/databoard.png" style="width: 80%" /> |
| MarkInfo数据展示 | <img src="images/markinfo.png" style="width: 80%" /> |
原正则:
## 文末随笔
```
1[3-9]\d{9}
```
正义感是一个不可丢失的东西。
误报场景: `12315188888888123`,这时候会匹配到`15188888888`,而实际上这一段并不是手机号,所以修改正则为:
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
```
[^0-9]+(1[3-9]\d{9})[^0-9]+
```
也就是要求匹配的手机号前后不能为0-9的数字。
## 实战用法
1. CMS指纹识别Discuz正则: `(Powered by Discuz!)`
2. OSS对象存储信息泄露正则: `([A|a]ccess[K|k]ey[I|i]d|[A|a]ccess[K|k]ey[S|s]ecret)`
3. 内网地址信息提取,正则: `(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(?:172\.(?:(?:1[6-9])|(?:2\d)|(?:3[01]))\.\d{1,3}\.\d{1,3})|(?:192\.168\.\d{1,3}\.\d{1,3})`
4. 实战插件关联搭配,漏洞挖掘案例: https://mp.weixin.qq.com/s/5vNn7dMRZBtv0ojPBAHV7Q
...还有诸多使用方法等待大家去发掘。
## 文末
随笔: 正义感是一个不可丢失的东西。
Github项目地址BUG、需求、正则欢迎提交: https://github.com/gh0stkey/HaE
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
</div>
## 404StarLink 2.0 - Galaxy

68
build.gradle
View File

@@ -1,33 +1,37 @@
plugins {
id 'java'
}
repositories {
mavenCentral()
}
compileJava {
options.encoding = "UTF-8"
}
sourceSets {
main {
java {
srcDir './src/main/java'
}
}
}
task fatJar(type: Jar) {
baseName = project.name + '-all'
from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
with jar
}
dependencies {
compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
compile 'org.jetbrains:annotations:16.0.2'
compile group: 'org.yaml', name: 'snakeyaml', version: '1.28'
compile 'net.sourceforge.jregex:jregex:1.2_01'
compile 'dk.brics.automaton:automaton:1.11-8'
plugins {
id 'java'
}
sourceCompatibility = 17
targetCompatibility = 17
repositories {
mavenCentral()
}
sourceSets {
main {
java {
srcDir './src/main/java'
}
}
}
dependencies {
implementation 'net.portswigger.burp.extensions:montoya-api:2023.12.1'
implementation 'org.yaml:snakeyaml:2.0'
implementation 'net.sourceforge.jregex:jregex:1.2_01'
implementation 'dk.brics.automaton:automaton:1.11-8'
}
test {
useJUnitPlatform()
}
jar {
duplicatesStrategy = DuplicatesStrategy.EXCLUDE
from {
configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
}
}

BIN
images/16000706401522.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 188 KiB

BIN
images/16000710069404.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 144 KiB

BIN
images/16000719723284.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 120 KiB

BIN
images/16000720732851.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 84 KiB

BIN
images/16000720732854.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 167 KiB

BIN
images/config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 67 KiB

BIN
images/databoard.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 328 KiB

BIN
images/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 73 KiB

BIN
images/markinfo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 270 KiB

BIN
images/rules.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 117 KiB

207
src/main/java/burp/BurpExtender.java
View File

@@ -1,207 +0,0 @@
package burp;
import burp.action.*;
import burp.ui.MainUI;
import java.util.Map;
import javax.swing.*;
import java.awt.*;
import java.nio.charset.StandardCharsets;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
/**
* @author EvilChen & 0chencc
*/
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private final MainUI main = new MainUI();
private static PrintWriter stdout;
private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers;
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
ProcessMessage pm = new ProcessMessage();
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
BurpExtender.helpers = callbacks.getHelpers();
String version = "2.2.2";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@Core Author: EvilChen");
stdout.println("@Architecture Author: 0chencc");
stdout.println("@Github: https://github.com/gh0stkey/HaE");
// UI
SwingUtilities.invokeLater(this::initialize);
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize(){
callbacks.customizeUiComponent(main);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public String getTabCaption(){
return "HaE";
}
@Override
public Component getUiComponent() {
return main;
}
/**
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
byte[] content;
if (messageIsRequest) {
content = messageInfo.getRequest();
} else {
content = messageInfo.getResponse();
}
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = pm.processMessageByContent(helpers, content, messageIsRequest, true);
if (result != null && !result.isEmpty() && result.size() > 0) {
String originalColor = messageInfo.getHighlight();
String originalComment = messageInfo.getComment();
List<String> colorList = new ArrayList<>();
if (originalColor != null) {
colorList.add(originalColor);
}
colorList.add(result.get(0).get("color"));
String color = uc.getEndColor(gck.getColorKeys(colorList));
messageInfo.setHighlight(color);
String addComment = String.join(", ", result.get(1).get("comment"));
String resComment = originalComment != null ? String.format("%s, %s", originalComment, addComment) : addComment;
messageInfo.setComment(resComment);
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private final JTabbedPane jTabbedPane = new JTabbedPane();
private JTable jTable = new JTable();
private final IMessageEditorController controller;
private Map<String, String> extractRequestMap;
private Map<String, String> extractResponseMap;
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
this.controller = controller;
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
jTabbedPane.addChangeListener(new ChangeListener() {
@Override
public void stateChanged(ChangeEvent arg0) {
jTable = (JTable) ((JScrollPane)jTabbedPane.getSelectedComponent()).getViewport().getView();
}
});
return this.jTabbedPane;
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = pm.processMessageByContent(helpers, content, isRequest, false);
if (result != null && !result.isEmpty()) {
Map<String, String> dataMap = result.get(0);
if (isRequest) {
extractRequestMap = dataMap;
} else {
extractResponseMap = dataMap;
}
return true;
}
return false;
}
@Override
public byte[] getMessage() {
return null;
}
@Override
public boolean isModified() {
return false;
}
/**
* 快捷键复制功能
*/
@Override
public byte[] getSelectedData() {
int[] selectRows = jTable.getSelectedRows();
StringBuilder selectData = new StringBuilder();
for (int row : selectRows) {
selectData.append(jTable.getValueAt(row, 0).toString()).append("\n");
}
return helpers.stringToBytes(selectData.toString());
}
/**
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
if (content.length > 0) {
if (isRequest) {
makeTable(extractRequestMap);
} else {
makeTable(extractResponseMap);
}
}
}
/**
* 创建MarkInfo表单
*/
public void makeTable(Map<String, String> dataMap) {
dataMap.keySet().forEach(i->{
String[] extractData = dataMap.get(i).split("\n");
Object[][] data = new Object[extractData.length][1];
for (int x = 0; x < extractData.length; x++) {
data[x][0] = extractData[x];
}
int indexOfTab = this.jTabbedPane.indexOfTab(i);
JScrollPane jScrollPane = new JScrollPane(new JTable(data, new Object[] {"Information"}));
this.jTabbedPane.addTab(i, jScrollPane);
// 使用removeAll会导致UI出现空白的情况为了改善用户侧体验采用remove的方式进行删除
if (indexOfTab != -1) {
this.jTabbedPane.remove(indexOfTab);
}
});
}
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
return new MarkInfoTab(controller, editable);
}
}

42
src/main/java/burp/Config.java
View File

@@ -1,42 +0,0 @@
package burp;
/**
* @author EvilChen
*/
import burp.yaml.LoadConfig;
import java.util.Map;
public class Config {
public static String excludeSuffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|arc|au|avi|azw|bin|bmp|bz|bz2|cmx|cod|csh|css|csv|doc|docx|eot|epub|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|m3u|mid|midi|mjs|mp2|mp3|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|snd|svg|swf|tar|tif|tiff|ttf|vsd|wav|weba|webm|webp|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip|zip";
public static String[] scopeArray = new String[] {
"any",
"response",
"response header",
"response body",
"request",
"request header",
"request body"
};
public static String[] engineArray = new String[] {
"nfa",
"dfa"
};
public static String[] colorArray = new String[] {
"red",
"orange",
"yellow",
"green",
"cyan",
"blue",
"pink",
"magenta",
"gray"
};
public static Map<String,Object[][]> ruleConfig = null;
}

38
src/main/java/burp/action/DoAction.java
View File

@@ -1,38 +0,0 @@
package burp.action;
import java.util.HashMap;
import java.util.Map;
import burp.Config;
import java.util.ArrayList;
import java.util.List;
/**
* @author EvilChen
*/
public class DoAction {
public Map<String, String> extractString(Map<String, Map<String, Object>> obj) {
Map<String, String> resultMap = new HashMap<String, String>();
obj.keySet().forEach(i->{
Map<String, Object> tmpMap = obj.get(i);
String data = tmpMap.get("data").toString();
resultMap.put(i, String.format("%s\n", data).intern());
});
return resultMap;
}
public List<List<String>> highlightAndComment(Map<String, Map<String, Object>> obj) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
List<List<String>> result = new ArrayList<>();
obj.keySet().forEach(i->{
Map<String, Object> tmpMap = obj.get(i);
String color = tmpMap.get("color").toString();
colorList.add(color);
commentList.add(i);
});
result.add(colorList);
result.add(commentList);
return result;
}
}

93
src/main/java/burp/action/ExtractContent.java
View File

@@ -1,93 +0,0 @@
package burp.action;
import java.nio.charset.StandardCharsets;
import java.util.*;
import burp.Config;
import burp.yaml.LoadConfig;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton;
import jregex.Matcher;
import jregex.Pattern;
/**
* @author EvilChen
*/
public class ExtractContent {
public Map<String, Map<String, Object>> matchRegex(byte[] content, String headers, byte[] body, String scopeString) {
Map<String, Map<String, Object>> map = new HashMap<>(); // 最终返回的结果
Config.ruleConfig.keySet().forEach(i -> {
String matchContent = "";
for (Object[] objects : Config.ruleConfig.get(i)) {
// 遍历获取规则
List<String> result = new ArrayList<>();
Map<String, Object> tmpMap = new HashMap<>();
String name = objects[1].toString();
boolean loaded = (Boolean) objects[0];
String regex = objects[2].toString();
String color = objects[3].toString();
String scope = objects[4].toString();
String engine = objects[5].toString();
// 判断规则是否开启与作用域
if (loaded && (scope.contains(scopeString) || "any".equals(scope))) {
switch (scope) {
case "any":
case "request":
case "response":
matchContent = new String(content, StandardCharsets.UTF_8).intern();
break;
case "request header":
case "response header":
matchContent = headers;
break;
case "request body":
case "response body":
matchContent = new String(body, StandardCharsets.UTF_8).intern();
break;
default:
break;
}
if ("nfa".equals(engine)) {
Pattern pattern = new Pattern(regex);
Matcher matcher = pattern.matcher(matchContent);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
} else {
RegExp regexp = new RegExp(regex);
Automaton auto = regexp.toAutomaton();
RunAutomaton runAuto = new RunAutomaton(auto, true);
AutomatonMatcher autoMatcher = runAuto.newMatcher(matchContent);
while (autoMatcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(autoMatcher.group());
}
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
tmpMap.put("color", color);
tmpMap.put("data", String.join("\n", result));
// 初始化格式
map.put(name, tmpMap);
}
}
}
});
return map;
}
}

29
src/main/java/burp/action/GetColorKey.java
View File

@@ -1,29 +0,0 @@
package burp.action;
import burp.Config;
import java.util.ArrayList;
import java.util.List;
/**
* @author EvilChen
*/
public class GetColorKey {
/**
* 颜色下标获取
*/
public List<Integer> getColorKeys(List<String> keys){
List<Integer> result = new ArrayList<>();
String[] colorArray = Config.colorArray;
int size = colorArray.length;
// 根据颜色获取下标
for (String key : keys) {
for (int v = 0; v < size; v++) {
if (colorArray[v].equals(key)) {
result.add(v);
}
}
}
return result;
}
}

20
src/main/java/burp/action/MatchHTTP.java
View File

@@ -1,20 +0,0 @@
package burp.action;
import jregex.Matcher;
import jregex.Pattern;
import jregex.REFlags;
import burp.yaml.LoadConfig;
/**
* @author EvilChen
*/
public class MatchHTTP {
// 匹配后缀
LoadConfig lc = new LoadConfig();
public boolean matchSuffix(String str) {
Pattern pattern = new Pattern(String.format("[\\w]+[\\.](%s)", lc.getExcludeSuffix()), REFlags.IGNORE_CASE);
Matcher matcher = pattern.matcher(str);
return matcher.find();
}
}

95
src/main/java/burp/action/ProcessMessage.java
View File

@@ -1,95 +0,0 @@
package burp.action;
import burp.IExtensionHelpers;
import burp.IHttpService;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class ProcessMessage {
MatchHTTP mh = new MatchHTTP();
ExtractContent ec = new ExtractContent();
DoAction da = new DoAction();
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
public List<Map<String, String>> processMessageByContent(IExtensionHelpers helpers, byte[] content, boolean isRequest, boolean messageInfo) {
List<Map<String, String>> result = new ArrayList<>();;
Map<String, Map<String, Object>> obj;
if (isRequest) {
// 获取报文头
List<String> requestTmpHeaders = helpers.analyzeRequest(content).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
try {
// 流量清洗
String urlString = requestTmpHeaders.get(0).split(" ")[1];
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return result;
}
} catch (Exception e) {
return result;
}
// 获取报文主体
int requestBodyOffset = helpers.analyzeRequest(content).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
} else {
try {
// 流量清洗
String inferredMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getInferredMimeType().toLowerCase());
String statedMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getStatedMimeType().toLowerCase());
// 正则判断
if (mh.matchSuffix(statedMimeType) || mh.matchSuffix(inferredMimeType)) {
return result;
}
} catch (Exception e) {
return result;
}
// 获取报文头
List<String> responseTmpHeaders = helpers.analyzeResponse(content).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
// 获取报文主体
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
}
if (messageInfo) {
List<List<String>> resultList = da.highlightAndComment(obj);
List<String> colorList = resultList.get(0);
List<String> commentList = resultList.get(1);
if (colorList.size() != 0 && commentList.size() != 0) {
String color = uc.getEndColor(gck.getColorKeys(colorList));
Map<String, String> colorMap = new HashMap<String, String>(){{
put("color", color);
}};
Map<String, String> commentMap = new HashMap<String, String>(){{
put("comment", String.join(", ", commentList));
}};
result.add(colorMap);
result.add(commentMap);
}
} else {
if (obj.size() > 0) {
result.add(da.extractString(obj));
}
}
return result;
}
}

52
src/main/java/burp/action/UpgradeColor.java
View File

@@ -1,52 +0,0 @@
package burp.action;
import burp.Config;
import java.util.*;
/**
* @author EvilChen
*/
public class UpgradeColor {
private String endColor = "";
/**
* 颜色升级递归算法
*/
private void colorUpgrade(List<Integer> colorList) {
int colorSize = colorList.size();
String[] colorArray = Config.colorArray;
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
} else {
if (!Objects.equals(colorList.get(i), stack.stream().reduce((first, second) -> second).orElse(99999999))) {
stack.add(colorList.get(i));
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
}
}
i++;
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0) < 0) {
this.endColor = colorArray[0];
} else {
this.endColor = colorArray[stack.get(0)];
}
} else {
this.colorUpgrade(stack);
}
}
public String getEndColor(List<Integer> colorList) {
colorUpgrade(colorList);
return endColor;
}
}

115
src/main/java/burp/ui/JTabbedPaneCloseButton.java
View File

@@ -1,115 +0,0 @@
package burp.ui;
import javax.swing.*;
import javax.swing.plaf.metal.MetalIconFactory;
import java.awt.*;
import java.awt.event.MouseEvent;
import java.awt.event.MouseListener;
/**
* @author 6dc
*
* A class which creates a JTabbedPane and auto sets a close button when you add a tab
*/
public class JTabbedPaneCloseButton extends JTabbedPane {
public JTabbedPaneCloseButton() {
super();
}
/** Override Addtab in order to add the close Button everytime */
@Override
public void addTab(String title, Icon icon, Component component, String tip) {
super.addTab(title, icon, component, tip);
int count = this.getTabCount() - 1;
setTabComponentAt(count, new CloseButtonTab(component, title, icon));
}
@Override
public void addTab(String title, Icon icon, Component component) {
addTab(title, icon, component, null);
}
@Override
public void addTab(String title, Component component) {
addTab(title, null, component);
}
public void addTab(String title,Component component,Boolean closewith){
if (closewith){
addTab(title,component);
}else{
super.addTab(title,null,component,null);
}
}
/** addTabNoExit */
public void addTabNoExit(String title, Icon icon, Component component, String tip) {
super.addTab(title, icon, component, tip);
}
public void addTabNoExit(String title, Icon icon, Component component) {
addTabNoExit(title, icon, component, null);
}
public void addTabNoExit(String title, Component component) {
addTabNoExit(title, null, component);
}
/** Button */
public class CloseButtonTab extends JPanel {
public CloseButtonTab(final Component tab, String title, Icon icon) {
setOpaque(false);
FlowLayout flowLayout = new FlowLayout(FlowLayout.CENTER, 3, 3);
setLayout(flowLayout);
JLabel jLabel = new JLabel(title);
jLabel.setIcon(icon);
add(jLabel);
JButton button = new JButton(MetalIconFactory.getInternalFrameCloseIcon(2));
button.setMargin(new Insets(0, 0, 0, 0));
button.addMouseListener(new CloseListener(tab));
add(button);
}
}
/** ClickListener */
public class CloseListener implements MouseListener
{
private final Component tab;
public CloseListener(Component tab){
this.tab=tab;
}
@Override
public void mouseClicked(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
JTabbedPane tabbedPane = (JTabbedPane) clickedButton.getParent().getParent().getParent();
tabbedPane.remove(tab);
}
}
@Override
public void mousePressed(MouseEvent e) {}
@Override
public void mouseReleased(MouseEvent e) {}
@Override
public void mouseEntered(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
}
}
@Override
public void mouseExited(MouseEvent e) {
if(e.getSource() instanceof JButton){
JButton clickedButton = (JButton) e.getSource();
}
}
}
}

337
src/main/java/burp/ui/MainUI.java
View File

@@ -1,337 +0,0 @@
package burp.ui;
import burp.Config;
import burp.yaml.LoadConfig;
import burp.yaml.SetConfig;
import javax.swing.*;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import javax.swing.filechooser.FileNameExtensionFilter;
import java.awt.*;
import java.awt.event.*;
import java.util.Map;
/**
* @author LinChen
*/
public class MainUI extends JPanel{
private final LoadConfig loadConn = new LoadConfig();
public MainUI() {
initComponents();
}
public void closeTabActionPerformed(ActionEvent e){
if (tabbedPane1.getTabCount()>2){
if (tabbedPane1.getSelectedIndex()!=0){
SetConfig setConn = new SetConfig();
setConn.deleteRules(tabbedPane1.getTitleAt(tabbedPane1.getSelectedIndex()));
tabbedPane1.remove(tabbedPane1.getSelectedIndex());
tabbedPane1.setSelectedIndex(tabbedPane1.getSelectedIndex()-1);
}else{
SetConfig setConn = new SetConfig();
setConn.deleteRules(tabbedPane1.getTitleAt(tabbedPane1.getSelectedIndex()));
tabbedPane1.remove(tabbedPane1.getSelectedIndex());
tabbedPane1.setSelectedIndex(tabbedPane1.getSelectedIndex());
}
}
}
private void SelectFileMouseClicked(MouseEvent e) {
JFileChooser selectFile = new JFileChooser();
selectFile.setFileSelectionMode(JFileChooser.FILES_ONLY);
FileNameExtensionFilter filter = new FileNameExtensionFilter("Yaml File (.yml/.yaml)","yaml", "yml");
selectFile.setFileFilter(filter);
int selectFrame = selectFile.showDialog(new JLabel(),"Select");
if (selectFrame == JFileChooser.APPROVE_OPTION){
String configPath = selectFile.getSelectedFile().toString();
reloadRule();
loadConn.setConfigPath(configPath);
configFilepathtext.setText(configPath);
}
}
private void reloadRule(){
tabbedPane1.removeAll();
ruleSwitch.setListen(false);
Map<String,Object[][]> rules = LoadConfig.getRules();
rules.keySet().forEach(
i->tabbedPane1.addTab(
i,
new RulePane(rules.get(i), tabbedPane1)
)
);
tabbedPane1.addTab("...", new JLabel());
ruleSwitch.setListen(true);
}
private void reloadMouseClicked(MouseEvent e) {
reloadRule();
}
private void ESSaveMouseClicked(MouseEvent e) {
LoadConfig loadCon = new LoadConfig();
loadCon.setExcludeSuffix(EStext.getText());
}
private void initComponents() {
tabbedPane2 = new JTabbedPane();
tabbedPane1 = new JTabbedPane();
panel3 = new JPanel();
configFilepathtext = new JTextField();
label1 = new JLabel();
SelectFile = new JButton();
reload = new JButton();
label2 = new JLabel();
EStext = new JTextField();
ESSave = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {1.0, 1.0E-4};
//======== tabbedPane2 ========
{
tabbedPane2.addTab("Rules", tabbedPane1);
//======== panel3 ========
{
panel3.setLayout(new GridBagLayout());
((GridBagLayout)panel3.getLayout()).columnWidths = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)panel3.getLayout()).rowHeights = new int[] {0, 0, 0};
((GridBagLayout)panel3.getLayout()).columnWeights = new double[] {0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout)panel3.getLayout()).rowWeights = new double[] {0.0, 0.0, 1.0E-4};
//---- configFilepathtext ----
configFilepathtext.setEditable(false);
panel3.add(configFilepathtext, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
//---- label1 ----
label1.setText("Config File Path:");
panel3.add(label1, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.WEST, GridBagConstraints.VERTICAL,
new Insets(5, 5, 5, 5), 0, 0));
//---- SelectFile ----
SelectFile.setText("Select File ...");
SelectFile.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
SelectFileMouseClicked(e);
}
});
panel3.add(SelectFile, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
//---- reload ----
reload.setText("Reload");
reload.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
reloadMouseClicked(e);
}
});
panel3.add(reload, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
//---- label2 ----
label2.setText("ExcludeSuffix:");
panel3.add(label2, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTHWEST, GridBagConstraints.NONE,
new Insets(0, 5, 5, 5), 0, 0));
panel3.add(EStext, new GridBagConstraints(1, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
//---- ESSave ----
ESSave.setText("Save");
ESSave.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
ESSaveMouseClicked(e);
}
});
panel3.add(ESSave, new GridBagConstraints(2, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
}
tabbedPane2.addTab("Config", panel3);
}
add(tabbedPane2, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 0, 0, 0), 0, 0));
// JFormDesigner - End of component initialization //GEN-END:initComponents
Config.ruleConfig.keySet().forEach(i->tabbedPane1.addTab(i,new RulePane(Config.ruleConfig.get(i),tabbedPane1)));
tabbedPane1.addTab("...",new JLabel());
//TabTitleEditListener ruleSwitch = new TabTitleEditListener(tabbedPane1);
configFilepathtext.setText(LoadConfig.getConfigPath());
EStext.setText(loadConn.getExcludeSuffix());
ruleSwitch = new TabTitleEditListener(tabbedPane1);
tabbedPane1.addChangeListener(ruleSwitch);
tabbedPane1.addMouseListener(ruleSwitch);
closeTab.addActionListener(e -> closeTabActionPerformed(e));
tabMenu.add(closeTab);
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
private JTabbedPane tabbedPane2;
private JTabbedPane tabbedPane1;
private JPanel panel3;
private JTextField configFilepathtext;
private JLabel label1;
private JButton SelectFile;
private JButton reload;
private JLabel label2;
private JTextField EStext;
private JButton ESSave;
// JFormDesigner - End of variables declaration //GEN-END:variables
protected static JPopupMenu tabMenu = new JPopupMenu();
private JMenuItem closeTab = new JMenuItem("Delete");
private TabTitleEditListener ruleSwitch;
}
class TabTitleEditListener extends MouseAdapter implements ChangeListener, DocumentListener {
protected final JTextField editor = new JTextField();
protected final JTabbedPane tabbedPane;
protected int editingIdx = -1;
protected int len = -1;
protected Boolean listen = true;
protected Dimension dim;
protected Component tabComponent;
protected Boolean isRenameOk = false;
protected SetConfig setConfig = new SetConfig();
protected final Action startEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
editingIdx = tabbedPane.getSelectedIndex();
tabComponent = tabbedPane.getTabComponentAt(editingIdx);
tabbedPane.setTabComponentAt(editingIdx, editor);
isRenameOk = true;
editor.setVisible(true);
editor.setText(tabbedPane.getTitleAt(editingIdx));
editor.selectAll();
editor.requestFocusInWindow();
len = editor.getText().length();
dim = editor.getPreferredSize();
editor.setMinimumSize(dim);
}
};
protected final Action renameTabTitle = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
String title = editor.getText().trim();
if (editingIdx >= 0 && !title.isEmpty()) {
String oldName = tabbedPane.getTitleAt(editingIdx);
tabbedPane.setTitleAt(editingIdx, title);
setConfig.rename(oldName,title);
}
cancelEditing.actionPerformed(null);
}
};
protected final Action cancelEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
if (editingIdx >= 0) {
tabbedPane.setTabComponentAt(editingIdx, tabComponent);
editor.setVisible(false);
editingIdx = -1;
len = -1;
tabComponent = null;
editor.setPreferredSize(null);
tabbedPane.requestFocusInWindow();
}
}
};
protected TabTitleEditListener(JTabbedPane tabbedPane) {
super();
this.tabbedPane = tabbedPane;
editor.setBorder(BorderFactory.createEmptyBorder());
editor.addFocusListener(new FocusAdapter() {
@Override public void focusLost(FocusEvent e) {
renameTabTitle.actionPerformed(null);
}
});
InputMap im = editor.getInputMap(JComponent.WHEN_FOCUSED);
ActionMap am = editor.getActionMap();
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0), "cancel-editing");
am.put("cancel-editing", cancelEditing);
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "rename-tab-title");
am.put("rename-tab-title", renameTabTitle);
editor.getDocument().addDocumentListener(this);
tabbedPane.getInputMap(JComponent.WHEN_FOCUSED).put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "start-editing");
tabbedPane.getActionMap().put("start-editing", startEditing);
}
@Override public void stateChanged(ChangeEvent e) {
if (e.getSource() instanceof JTabbedPane && listen) {
JTabbedPane pane = (JTabbedPane) e.getSource();
if (!isRenameOk){
if (pane.getSelectedIndex() == pane.getComponentCount()-1){
newTab();
}
}else{
if (pane.getSelectedIndex() == pane.getComponentCount()-2){
newTab();
}
}
}
renameTabTitle.actionPerformed(null);
}
public void newTab(){
Object[][] data = new Object[][]{{false, "New Name", "(New Regex)", "gray", "any", "nfa"}};
insertTab(tabbedPane, setConfig.newRules(),data);
}
public void insertTab(JTabbedPane pane,String title,Object[][] data){
pane.addTab(title,new RulePane(data,pane));
pane.remove(pane.getSelectedIndex());
pane.addTab("...",new JLabel());
}
public void setListen(Boolean listen){
this.listen = listen;
}
@Override public void insertUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void removeUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void changedUpdate(DocumentEvent e) {}
@Override public void mouseClicked(MouseEvent e) {
switch (e.getButton()){
case 1:
{
Rectangle r = tabbedPane.getBoundsAt(tabbedPane.getSelectedIndex());
boolean isDoubleClick = e.getClickCount() >= 2;
if (isDoubleClick && r.contains(e.getPoint())) {
startEditing.actionPerformed(null);
} else {
renameTabTitle.actionPerformed(null);
}
break;
}
case 3:{
MainUI.tabMenu.show(e.getComponent(),e.getX(),e.getY());
break;
}
default:
break;
}
}
protected void updateTabSize() {
editor.setPreferredSize(editor.getText().length() > len ? null : dim);
tabbedPane.revalidate();
}
}

203
src/main/java/burp/ui/RulePane.java
View File

@@ -1,203 +0,0 @@
package burp.ui;
import burp.yaml.SetConfig;
import javax.swing.*;
import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent;
import java.util.Vector;
/**
* @author LinChen
*/
public class RulePane extends JPanel {
public RulePane(Object[][] data, JTabbedPane pane) {
initComponents(data, pane);
}
private SetConfig setConfig = new SetConfig();
private Boolean isEdit = false;
private void ruleAddMouseClicked(MouseEvent e, JTabbedPane pane) {
RuleSetting add = new RuleSetting();
int isOk = JOptionPane.showConfirmDialog(null, add, "RuleSetting - Add Rule", JOptionPane.OK_OPTION);
if(isOk == 0){
Vector data = new Vector();
data.add(false);
data.add(add.Name.getText());
data.add(add.Regex.getText());
data.add(add.ColorSelect.getSelectedItem().toString());
data.add(add.ScopeSelect.getSelectedItem().toString());
data.add(add.EngineSelect.getSelectedItem().toString());
model.insertRow(model.getRowCount(), data);
model = (DefaultTableModel) jTable.getModel();
setConfig.add(data, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void ruleEditMouseClicked(MouseEvent e, JTabbedPane pane){
if (jTable.getSelectedRowCount() >= 1){
RuleSetting edit = new RuleSetting();
edit.Name.setText(jTable.getValueAt(jTable.getSelectedRow(), 1).toString());
edit.Regex.setText(jTable.getValueAt(jTable.getSelectedRow(), 2).toString());
edit.ColorSelect.setSelectedItem(jTable.getValueAt(jTable.getSelectedRow(), 3).toString());
edit.ScopeSelect.setSelectedItem(jTable.getValueAt(jTable.getSelectedRow(), 4).toString());
edit.EngineSelect.setSelectedItem(jTable.getValueAt(jTable.getSelectedRow(), 5).toString());
int isOk = JOptionPane.showConfirmDialog(null, edit, "RuleSetting - Edit Rule", JOptionPane.OK_OPTION);
if (isOk == 0){
int select = jTable.convertRowIndexToModel(jTable.getSelectedRow());
model.setValueAt(edit.Name.getText(), select, 1);
model.setValueAt(edit.Regex.getText(), select, 2);
model.setValueAt(edit.ColorSelect.getSelectedItem().toString(), select, 3);
model.setValueAt(edit.ScopeSelect.getSelectedItem().toString(), select, 4);
model.setValueAt(edit.EngineSelect.getSelectedItem().toString(), select, 5);
model = (DefaultTableModel) jTable.getModel();
setConfig.edit((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleRemoveMouseClicked(MouseEvent e, JTabbedPane pane){
if (jTable.getSelectedRowCount() >= 1){
int isOk = JOptionPane.showConfirmDialog(null, "Are your sure?", "RuleSetting - Delete Rule", JOptionPane.OK_OPTION);
if (isOk == 0){
int select = jTable.convertRowIndexToModel(jTable.getSelectedRow());
model.removeRow(select);
model = (DefaultTableModel) jTable.getModel();
setConfig.remove(select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleTableChange(TableModelEvent e, JTabbedPane pane) {
if (e.getColumn() == 0 && jTable.getSelectedRow() != -1 && !isEdit){
model = (DefaultTableModel) jTable.getModel();
int select = jTable.convertRowIndexToModel(jTable.getSelectedRow());
setConfig.edit((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void initComponents(Object[][] data, JTabbedPane pane) {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
addButton = new JButton();
editButton = new JButton();
scrollPane = new JScrollPane();
jTable = new JTable();
removeButton = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 0.0, 0.0, 1.0, 1.0E-4};
//---- addButton ----
addButton.setText("Add");
addButton.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
isEdit = true;
ruleAddMouseClicked(e, pane);
model = (DefaultTableModel) jTable.getModel();
isEdit = false;
}
});
add(addButton, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 3, 2), 0, 0));
//---- editButton ----
editButton.setText("Edit");
editButton.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
isEdit = true;
ruleEditMouseClicked(e, pane);
model = (DefaultTableModel) jTable.getModel();
isEdit = false;
}
});
add(editButton, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
//======== scrollPane ========
{
//---- table ----
jTable.setShowVerticalLines(false);
jTable.setVerifyInputWhenFocusTarget(false);
jTable.setUpdateSelectionOnSort(false);
jTable.setShowHorizontalLines(false);
jTable.setModel(new DefaultTableModel());
jTable.setSurrendersFocusOnKeystroke(true);
scrollPane.setViewportView(jTable);
}
add(scrollPane, new GridBagConstraints(1, 0, 1, 4, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 5, 5), 0, 0));
//---- removeButton ----
removeButton.setText("Remove");
removeButton.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
isEdit = true;
ruleRemoveMouseClicked(e, pane);
model = (DefaultTableModel) jTable.getModel();
isEdit = false;
}
});
add(removeButton, new GridBagConstraints(0, 2, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
// JFormDesigner - End of component initialization //GEN-END:initComponents
jTable.setModel(model);
model.setDataVector(data, title);
model.addTableModelListener(new TableModelListener() {
@Override
public void tableChanged(TableModelEvent e) {
ruleTableChange(e, pane);
}
});
jTable.setRowSorter(new TableRowSorter(model));
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
public JButton addButton;
public JButton editButton;
public JScrollPane scrollPane;
public JTable jTable;
public JButton removeButton;
// JFormDesigner - End of variables declaration //GEN-END:variables
private final String[] title = new String[]{"Loaded", "Name", "Regex", "Color", "Scope", "Engine"};
private DefaultTableModel model = new DefaultTableModel() {
@Override
public Class<?> getColumnClass (int column){
if (column == 0) {
return Boolean.class;
}else{
return String.class;
}
}
@Override
public boolean isCellEditable(int row, int column){
return column == 0;
}
};
}

105
src/main/java/burp/ui/RuleSetting.java
View File

@@ -1,105 +0,0 @@
package burp.ui;
import javax.swing.*;
import java.awt.*;
import burp.Config;
/**
* @author LinChen
*/
public class RuleSetting extends JPanel {
public RuleSetting() {
initComponents();
}
public void initComponents() {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
label5 = new JLabel();
label4 = new JLabel();
Regex = new JTextField();
label3 = new JLabel();
label2 = new JLabel();
Name = new JTextField();
ScopeSelect = new JComboBox<>();
EngineSelect = new JComboBox<>();
label6 = new JLabel();
ColorSelect = new JComboBox<>();
//======== this ========
setLayout(null);
//---- label5 ----
label5.setText("Engine:");
add(label5);
label5.setBounds(new Rectangle(new Point(10, 175), label5.getPreferredSize()));
//---- label4 ----
label4.setText("Scope:");
add(label4);
label4.setBounds(new Rectangle(new Point(10, 135), label4.getPreferredSize()));
add(Regex);
Regex.setBounds(70, 50, 265, 30);
//---- label3 ----
label3.setText("Regex:");
add(label3);
label3.setBounds(new Rectangle(new Point(10, 55), label3.getPreferredSize()));
//---- label2 ----
label2.setText("Name:");
add(label2);
label2.setBounds(new Rectangle(new Point(10, 15), label2.getPreferredSize()));
add(Name);
Name.setBounds(70, 10, 265, 30);
//---- ScopeSelect ----
ScopeSelect.setModel(new DefaultComboBoxModel<>(Config.scopeArray));
add(ScopeSelect);
ScopeSelect.setBounds(70, 130, 265, ScopeSelect.getPreferredSize().height);
//---- EngineSelect ----
EngineSelect.setModel(new DefaultComboBoxModel<>(Config.engineArray));
add(EngineSelect);
EngineSelect.setBounds(70, 170, 265, EngineSelect.getPreferredSize().height);
//---- label7 ----
label6.setText("Color:");
add(label6);
label6.setBounds(new Rectangle(new Point(10, 95), label6.getPreferredSize()));
//---- ColorSelect ----
ColorSelect.setModel(new DefaultComboBoxModel<>(Config.colorArray));
add(ColorSelect);
ColorSelect.setBounds(70, 90, 265, ColorSelect.getPreferredSize().height);
{
// compute preferred size
Dimension preferredSize = new Dimension();
for(int i = 0; i < getComponentCount(); i++) {
Rectangle bounds = getComponent(i).getBounds();
preferredSize.width = Math.max(bounds.x + bounds.width, preferredSize.width);
preferredSize.height = Math.max(bounds.y + bounds.height, preferredSize.height);
}
Insets insets = getInsets();
preferredSize.width += insets.right;
preferredSize.height += insets.bottom;
setMinimumSize(preferredSize);
setPreferredSize(preferredSize);
}
// JFormDesigner - End of component initialization //GEN-END:initComponents
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
private JLabel label5;
private JLabel label4;
public JTextField Regex;
private JLabel label3;
private JLabel label2;
public JTextField Name;
public JComboBox<String> ScopeSelect;
public JComboBox<String> EngineSelect;
private JLabel label6;
public JComboBox<String> ColorSelect;
// JFormDesigner - End of variables declaration //GEN-END:variables
}

165
src/main/java/burp/yaml/LoadConfig.java
View File

@@ -1,165 +0,0 @@
package burp.yaml;
import burp.Config;
import burp.yaml.template.*;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
import java.util.ArrayList;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.representer.Representer;
import org.yaml.snakeyaml.nodes.Tag;
public class LoadConfig {
private static final Yaml yaml = new Yaml();
private static final String SettingPath = "Setting.yml";
private static final String ConfigPath = "Config.yml";
public LoadConfig() {
// 构造函数,初始化配置
File yamlSetting = new File(SettingPath);
if (!(yamlSetting.exists() && yamlSetting.isFile())) {
initSetting();
initRules();
}
Config.ruleConfig = LoadConfig.getRules();
}
// 初始化设置信息
public void initSetting() {
Map<String, Object> r = new HashMap<>();
r.put("configPath", ConfigPath);
r.put("excludeSuffix", getExcludeSuffix());
try {
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath), StandardCharsets.UTF_8);
yaml.dump(r, ws);
} catch (Exception ex) {
ex.printStackTrace();
}
}
// 初始化规则配置
public void initRules() {
Rule rule = new Rule();
rule.setLoaded(true);
rule.setName("Email");
rule.setColor("yellow");
rule.setEngine("nfa");
rule.setScope("response");
rule.setRegex("(([a-zA-Z0-9][_|\\.])*[a-zA-Z0-9]+@([a-zA-Z0-9][-|_|\\.])*[a-zA-Z0-9]+\\.((?!js|css|jpg|jpeg|png|ico)[a-zA-Z]{2,}))");
Rules rules = new Rules();
rules.setType("Basic Information");
ArrayList<Rule> rl = new ArrayList<>();
rl.add(rule);
rules.setRule(rl);
ArrayList<Rules> rls = new ArrayList<>();
rls.add(rules);
RulesConfig config = new RulesConfig();
config.setRules(rls);
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
representer.addClassTag(Config.class, Tag.MAP);
Yaml yaml = new Yaml(new Constructor(),representer,dop);
File f = new File(ConfigPath);
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(f), StandardCharsets.UTF_8);
yaml.dump(config,ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
// 获取配置路径
public static String getConfigPath(){
try {
InputStream inorder = new FileInputStream(SettingPath);
Map<String,Object> r = yaml.load(inorder);
return r.get("configPath").toString();
} catch (FileNotFoundException e) {
e.printStackTrace();
return ConfigPath;
}
}
// 获取不包含的后缀名
public String getExcludeSuffix(){
String excludeSuffix = "";
File yamlSetting = new File(SettingPath);
if (yamlSetting.exists() && yamlSetting.isFile()) {
try {
InputStream inorder = new FileInputStream(SettingPath);
Map<String,Object> r = yaml.load(inorder);
excludeSuffix = r.get("excludeSuffix").toString();
} catch (Exception e) {
// e.printStackTrace();
excludeSuffix = "";
}
} else {
excludeSuffix = Config.excludeSuffix;
}
return excludeSuffix;
}
// 获取规则配置
public static Map<String,Object[][]> getRules(){
InputStream inorder = null;
{
try {
inorder = new FileInputStream(getConfigPath());
} catch (FileNotFoundException e) {
e.printStackTrace();
}
}
Yaml yaml = new Yaml(new Constructor(RulesConfig.class));
RulesConfig rulesConfig = yaml.loadAs(inorder, RulesConfig.class);
Map<String,Object[][]> resRule = new HashMap<>();
rulesConfig.rules.forEach(i->{
ArrayList<Object[]> data = new ArrayList<>();
i.rule.forEach(j->{
try {
data.add(j.getRuleObject());
}catch (Exception e){
e.printStackTrace();
}
});
resRule.put(i.getType(), data.toArray(new Object[data.size()][]));
});
return resRule;
}
// 设置配置路径
public void setConfigPath(String filePath){
Map<String,Object> r = new HashMap<>();
r.put("configPath", filePath);
r.put("excludeSuffix", getExcludeSuffix());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath), StandardCharsets.UTF_8);
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
// 设置不包含的后缀名
public void setExcludeSuffix(String excludeSuffix){
Map<String,Object> r = new HashMap<>();
r.put("configPath", getConfigPath());
r.put("excludeSuffix", excludeSuffix);
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(SettingPath), StandardCharsets.UTF_8);
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
}

12
src/main/java/burp/yaml/RulesConfig.java
View File

@@ -1,12 +0,0 @@
package burp.yaml;
import java.util.List;
import burp.yaml.template.Rules;
public class RulesConfig {
public List<Rules> rules;
public void setRules(List<Rules> rules) {
this.rules = rules;
}
}

100
src/main/java/burp/yaml/SetConfig.java
View File

@@ -1,100 +0,0 @@
package burp.yaml;
import burp.Config;
import burp.yaml.template.Rule;
import burp.yaml.template.Rules;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
import org.yaml.snakeyaml.nodes.Tag;
import org.yaml.snakeyaml.representer.Representer;
import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.util.*;
public class SetConfig {
public void format() {
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
representer.addClassTag(RulesConfig.class, Tag.MAP);
Yaml yaml = new Yaml(new Constructor(), representer, dop);
RulesConfig con = new RulesConfig();
List<Rules> rls = new ArrayList<>();
Config.ruleConfig.keySet().forEach(i->
{
Rules rlsTmp = new Rules();
rlsTmp.setType(i);
List<Rule> rl = new ArrayList<>();
for (Object[] objects : Config.ruleConfig.get(i)) {
Rule rlTmp = new Rule();
rlTmp.setName((String) objects[1]);
rlTmp.setLoaded((Boolean) objects[0]);
rlTmp.setRegex((String) objects[2]);
rlTmp.setColor((String) objects[3]);
rlTmp.setScope((String) objects[4]);
rlTmp.setEngine((String) objects[5]);
rl.add(rlTmp);
}
rlsTmp.setRule(rl);
rls.add(rlsTmp);
});
con.setRules(rls);
File f = new File(LoadConfig.getConfigPath());
try{
Writer ws = new OutputStreamWriter(new FileOutputStream(f), StandardCharsets.UTF_8);
yaml.dump(con,ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
public void edit(Vector data, int select, String type) {
Config.ruleConfig.get(type)[select] = data.toArray();
this.format();
}
public void add(Vector data, String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.ruleConfig.get(type)));
x.add(data.toArray());
Config.ruleConfig.put(type,x.toArray(new Object[x.size()][]));
this.format();
}
public void remove(int select,String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.ruleConfig.get(type)));
x.remove(select);
Config.ruleConfig.put(type,x.toArray(new Object[x.size()][]));
this.format();
}
public void rename(String oldName, String newName) {
Config.ruleConfig.put(newName, Config.ruleConfig.remove(oldName));
this.format();
}
public void deleteRules(String Rules) {
Config.ruleConfig.remove(Rules);
this.format();
}
public String newRules() {
int i = 0;
String name = "New ";
Object[][] data = new Object[][]{
{
false, "New Name", "(New Regex)", "gray", "any", "nfa"
}
};
while (Config.ruleConfig.containsKey(name + i)) {
i++;
}
Config.ruleConfig.put(name + i, data);
this.format();
return name + i;
}
}

84
src/main/java/burp/yaml/template/Rule.java
View File

@@ -1,84 +0,0 @@
package burp.yaml.template;
import java.util.HashMap;
import java.util.Map;
/**
* @author LinChen
*/
public class Rule {
private String Name;
private Boolean Loaded;
private String Regex;
private String Color;
private String Engine;
private String Scope;
public Boolean getLoaded() {
return Loaded;
}
public String getColor() {
return Color;
}
public String getEngine() {
return Engine;
}
public String getName() {
return Name;
}
public String getRegex() {
return Regex;
}
public String getScope() {
return Scope;
}
public void setLoaded(Boolean loaded) {
this.Loaded = loaded;
}
public void setColor(String color) {
this.Color = color;
}
public void setEngine(String engine) {
this.Engine = engine;
}
public void setName(String name) {
this.Name = name;
}
public void setRegex(String regex) {
this.Regex = regex;
}
public void setScope(String scope) {
this.Scope = scope;
}
public Object[] getRuleObject() {
return new Object[] { Loaded, Name, Regex, Color, Scope, Engine };
}
public Map<String, Object> getRuleObjMap(){
Map<String,Object> r = new HashMap<>();
r.put("Loaded", Loaded);
r.put("Name", Name);
r.put("Regex", Regex);
r.put("Color", Color);
r.put("Scope", Scope);
r.put("Engine", Engine);
return r;
}
public String toString() {
return "{ \nLoaded: " + Loaded + "\nName: " + Name + "\nRegex: " + Regex + "\nColor: " + Color + "\nScope: " + Scope + "\nEngine: " + Engine + "\n}";
}
}

37
src/main/java/burp/yaml/template/Rules.java
View File

@@ -1,37 +0,0 @@
package burp.yaml.template;
import burp.yaml.template.Rule;
import java.util.List;
/**
* @author LinChen
*/
public class Rules {
private String type;
public List<Rule> rule;
public String getType() {
return type;
}
public void setType(String type) {
this.type = type;
}
public List<Rule> getRule() {
return rule;
}
public void setRule(List<Rule> rule) {
this.rule = rule;
}
public void setRuleObj(){
}
public String toString(){
return "{ type: "+type+"\n config: "+ rule +"}\n";
}
}

53
src/main/java/hae/Config.java Normal file
View File

@@ -0,0 +1,53 @@
package hae;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
public class Config {
public static String suffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|apk|arc|au|avi|azw|bat|bin|bmp|bz|bz2|cmd|cmx|cod|com|csh|css|csv|dll|doc|docx|ear|eot|epub|exe|flac|flv|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|less|m3u|mid|midi|mjs|mkv|mov|mp2|mp3|mp4|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogg|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|scss|sh|snd|svg|swf|tar|tif|tiff|ttf|vsd|war|wav|weba|webm|webp|wmv|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip";
public static String[] scope = new String[] {
"any",
"any header",
"any body",
"response",
"response header",
"response body",
"request",
"request header",
"request body"
};
public static String[] ruleFields = {
"Loaded", "Name", "F-Regex", "S-Regex", "Format", "Color", "Scope", "Engine", "Sensitive"
};
public static Object[][] ruleTemplate = new Object[][] {
{
false, "New Name", "(First Regex)", "(Second Regex)", "{0}", "gray", "any", "nfa", false
}
};
public static String[] engine = new String[] {
"nfa",
"dfa"
};
public static String[] color = new String[] {
"red",
"orange",
"yellow",
"green",
"cyan",
"blue",
"pink",
"magenta",
"gray"
};
public static Map<String, Object[][]> globalRules = new HashMap<>();
public static ConcurrentHashMap<String, Map<String, List<String>>> globalDataMap = new ConcurrentHashMap<>();
}

47
src/main/java/hae/HaE.java Normal file
View File

@@ -0,0 +1,47 @@
package hae;
import burp.api.montoya.BurpExtension;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.logging.Logging;
import hae.component.Main;
import hae.component.board.message.MessageTableModel;
import hae.instances.editor.RequestEditor;
import hae.instances.editor.ResponseEditor;
import hae.instances.editor.WebSocketEditor;
import hae.instances.http.HttpMessageHandler;
import hae.instances.websocket.WebSocketMessageHandler;
import hae.utils.config.ConfigLoader;
public class HaE implements BurpExtension {
@Override
public void initialize(MontoyaApi api) {
// 设置扩展名称
String version = "3.0";
api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 加载扩展后输出的项目信息
Logging logging = api.logging();
logging.logToOutput("[ HACK THE WORLD - TO DO IT ]");
logging.logToOutput("[#] Author: EvilChen && 0chencc");
logging.logToOutput("[#] Github: https://github.com/gh0stkey/HaE");
// 配置文件加载
ConfigLoader configLoader = new ConfigLoader(api);
MessageTableModel messageTableModel = new MessageTableModel(api);
// 注册Tab页用于查询数据
api.userInterface().registerSuiteTab("HaE", new Main(api, configLoader, messageTableModel));
// 注册HTTP处理器
api.http().registerHttpHandler(new HttpMessageHandler(api, messageTableModel));
// 注册WebSocket处理器
api.proxy().registerWebSocketCreationHandler(proxyWebSocketCreation -> proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(new WebSocketMessageHandler(api)));
// 注册消息编辑框(用于展示数据)
api.userInterface().registerHttpRequestEditorProvider(new RequestEditor(api));
api.userInterface().registerHttpResponseEditorProvider(new ResponseEditor(api));
api.userInterface().registerWebSocketMessageEditorProvider(new WebSocketEditor(api));
}
}

19
src/main/java/hae/cache/CachePool.java vendored Normal file
View File

@@ -0,0 +1,19 @@
package hae.cache;
import java.util.*;
public class CachePool {
private static final Map<String, Map<String, Map<String, Object>>> cache = new HashMap<>();
public static void addToCache(String key, Map<String, Map<String, Object>> value) {
cache.put(key, value);
}
public static Map<String, Map<String, Object>> getFromCache(String key) {
return cache.get(key);
}
public static void removeFromCache(String key) {
cache.remove(key);
}
}

87
src/main/java/hae/component/Main.java Normal file
View File

@@ -0,0 +1,87 @@
package hae.component;
import burp.api.montoya.MontoyaApi;
import hae.component.board.Databoard;
import hae.component.board.message.MessageTableModel;
import hae.component.config.Config;
import hae.component.rule.Rules;
import hae.utils.config.ConfigLoader;
import javax.swing.*;
import java.awt.*;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.net.URL;
public class Main extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final MessageTableModel messageTableModel;
public Main(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api;
this.configLoader = configLoader;
this.messageTableModel = messageTableModel;
initComponents();
}
private void initComponents() {
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {1.0, 1.0E-4};
JTabbedPane mainTabbedPane = new JTabbedPane();
// 新增Logo
JTabbedPane HaETabbedPane = new JTabbedPane();
HaETabbedPane.addTab("", getImageIcon(false), mainTabbedPane);
// 中文Slogan赋能白帽高效作战
HaETabbedPane.addTab(" Highlighter and Extractor - Empower ethical hacker for efficient operations. ", null);
HaETabbedPane.setEnabledAt(1, false);
HaETabbedPane.addPropertyChangeListener("background", new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent e) {
boolean isDarkBg = isDarkBg();
HaETabbedPane.setIconAt(0, getImageIcon(isDarkBg));
}
private boolean isDarkBg() {
Color bg = HaETabbedPane.getBackground();
int r = bg.getRed();
int g = bg.getGreen();
int b = bg.getBlue();
int avg = (r + g + b) / 3;
return avg < 128;
}
});
add(HaETabbedPane, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 0, 0, 0), 0, 0));
// 依次添加Rules、Config、Databoard
Rules rules = new Rules(api, configLoader);
mainTabbedPane.addTab("Rules", rules);
mainTabbedPane.addTab("Config", new Config(api, configLoader, rules));
mainTabbedPane.addTab("Databoard", new Databoard(api, configLoader, messageTableModel));
}
private ImageIcon getImageIcon(boolean isDark) {
ClassLoader classLoader = getClass().getClassLoader();
URL imageURL;
if (isDark) {
imageURL = classLoader.getResource("logo.png");
} else {
imageURL = classLoader.getResource("logo_black.png");
}
ImageIcon originalIcon = new ImageIcon(imageURL);
Image originalImage = originalIcon.getImage();
Image scaledImage = originalImage.getScaledInstance(30, 20, Image.SCALE_FAST);
ImageIcon scaledIcon = new ImageIcon(scaledImage);
return scaledIcon;
}
}

285
src/main/java/hae/component/board/Databoard.java Normal file
View File

@@ -0,0 +1,285 @@
package hae.component.board;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import hae.component.board.message.MessageTableModel;
import hae.utils.string.StringProcessor;
import hae.utils.config.ConfigLoader;
import hae.component.board.message.MessageTableModel.MessageTable;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import javax.swing.event.*;
import javax.swing.table.TableColumnModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.event.*;
import java.util.List;
import javax.swing.*;
public class Databoard extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final MessageTableModel messageTableModel;
private JTextField hostTextField;
private JTabbedPane dataTabbedPane;
private JSplitPane splitPane;
private MessageTable messageTable;
private static Boolean isMatchHost = false;
private DefaultComboBoxModel comboBoxModel = new DefaultComboBoxModel();
private JComboBox hostComboBox = new JComboBox(comboBoxModel);
public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api;
this.configLoader = configLoader;
this.messageTableModel = messageTableModel;
initComponents();
}
private void initComponents() {
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {25, 0, 0, 0,20, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 65, 20, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 1.0, 0.0, 1.0E-4};
JLabel hostLabel = new JLabel("Host:");
JButton clearButton = new JButton("Clear");
JButton actionButton = new JButton("Action");
JPanel menuPanel = new JPanel(new GridLayout(1, 1));
menuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3));
JPopupMenu menu = new JPopupMenu();
menuPanel.add(clearButton);
menu.add(menuPanel);
hostTextField = new JTextField();
splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
dataTabbedPane = new JTabbedPane(JTabbedPane.TOP);
actionButton.addActionListener(e -> {
int x = 0;
int y = actionButton.getHeight();
menu.show(actionButton, x, y);
});
clearButton.addActionListener(this::clearActionPerformed);
splitPane.addComponentListener(new ComponentAdapter() {
@Override
public void componentResized(ComponentEvent e) {
resizePanel();
}
});
splitPane.setVisible(false);
add(hostLabel, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(hostTextField, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(actionButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(splitPane, new GridBagConstraints(1, 1, 3, 3, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
hostComboBox.setMaximumRowCount(5);
add(hostComboBox, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
setAutoMatch();
}
private void resizePanel() {
splitPane.setDividerLocation(0.4);
TableColumnModel columnModel = messageTable.getColumnModel();
int totalWidth = (int) (getWidth() * 0.6);
columnModel.getColumn(0).setPreferredWidth((int) (totalWidth * 0.1));
columnModel.getColumn(1).setPreferredWidth((int) (totalWidth * 0.3));
columnModel.getColumn(2).setPreferredWidth((int) (totalWidth * 0.3));
columnModel.getColumn(3).setPreferredWidth((int) (totalWidth * 0.1));
columnModel.getColumn(4).setPreferredWidth((int) (totalWidth * 0.1));
columnModel.getColumn(5).setPreferredWidth((int) (totalWidth * 0.1));
}
private void setAutoMatch() {
hostComboBox.setSelectedItem(null);
hostComboBox.addActionListener(this::handleComboBoxAction);
hostTextField.addKeyListener(new KeyAdapter() {
@Override
public void keyPressed(KeyEvent e) {
handleKeyEvents(e);
}
});
hostTextField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
filterComboBoxList();
}
@Override
public void removeUpdate(DocumentEvent e) {
filterComboBoxList();
}
@Override
public void changedUpdate(DocumentEvent e) {
filterComboBoxList();
}
});
}
private void handleComboBoxAction(ActionEvent e) {
if (!isMatchHost && hostComboBox.getSelectedItem() != null) {
String selectedHost = hostComboBox.getSelectedItem().toString();
hostTextField.setText(selectedHost);
populateTabbedPaneByHost(selectedHost);
}
}
private void handleKeyEvents(KeyEvent e) {
isMatchHost = true;
int keyCode = e.getKeyCode();
if (keyCode == KeyEvent.VK_SPACE && hostComboBox.isPopupVisible()) {
e.setKeyCode(KeyEvent.VK_ENTER);
}
if (Arrays.asList(KeyEvent.VK_DOWN, KeyEvent.VK_UP).contains(keyCode)) {
hostComboBox.dispatchEvent(e);
}
if (keyCode == KeyEvent.VK_ENTER) {
isMatchHost = false;
handleComboBoxAction(null);
hostComboBox.setPopupVisible(false);
}
if (keyCode == KeyEvent.VK_ESCAPE) {
hostComboBox.setPopupVisible(false);
}
isMatchHost = false;
}
private void filterComboBoxList() {
isMatchHost = true;
comboBoxModel.removeAllElements();
String input = hostTextField.getText().toLowerCase();
if (!input.isEmpty()) {
for (String host : getHostByList()) {
String lowerCaseHost = host.toLowerCase();
if (lowerCaseHost.contains(input)) {
if (lowerCaseHost.equals(input)) {
comboBoxModel.insertElementAt(lowerCaseHost, 0);
comboBoxModel.setSelectedItem(lowerCaseHost);
} else {
comboBoxModel.addElement(host);
}
}
}
}
hostComboBox.setPopupVisible(comboBoxModel.getSize() > 0);
isMatchHost = false;
}
private void populateTabbedPaneByHost(String selectedHost) {
if (!Objects.equals(selectedHost, "")) {
ConcurrentHashMap<String, Map<String, List<String>>> dataMap = Config.globalDataMap;
Map<String, List<String>> selectedDataMap;
dataTabbedPane.removeAll();
dataTabbedPane.setPreferredSize(new Dimension(500,0));
dataTabbedPane.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
splitPane.setLeftComponent(dataTabbedPane);
if (selectedHost.contains("*")) {
// 通配符数据
selectedDataMap = new HashMap<>();
String hostPattern = StringProcessor.replaceFirstOccurrence(selectedHost, "*.", "");
for (String key : dataMap.keySet()) {
if (key.contains(hostPattern) || selectedHost.equals("*")) {
Map<String, List<String>> ruleMap = dataMap.get(key);
for (String ruleKey : ruleMap.keySet()) {
List<String> dataList = ruleMap.get(ruleKey);
if (selectedDataMap.containsKey(ruleKey)) {
List<String> mergedList = new ArrayList<>(selectedDataMap.get(ruleKey));
mergedList.addAll(dataList);
HashSet<String> uniqueSet = new HashSet<>(mergedList);
selectedDataMap.put(ruleKey, new ArrayList<>(uniqueSet));
} else {
selectedDataMap.put(ruleKey, dataList);
}
}
}
}
} else {
selectedDataMap = dataMap.get(selectedHost);
}
for (Map.Entry<String, List<String>> entry : selectedDataMap.entrySet()) {
String tabTitle = String.format("%s (%s)", entry.getKey(), entry.getValue().size());
Datatable datatablePanel = new Datatable(api, entry.getKey(), entry.getValue());
datatablePanel.setTableListener(messageTableModel);
dataTabbedPane.addTab(tabTitle, datatablePanel);
}
// 展示请求消息表单
JSplitPane messageSplitPane = messageTableModel.getSplitPane();
this.splitPane.setRightComponent(messageSplitPane);
messageTable = messageTableModel.getMessageTable();
resizePanel();
splitPane.setVisible(true);
applyHostFilter(selectedHost);
hostTextField.setText(selectedHost);
}
}
private void applyHostFilter(String filterText) {
TableRowSorter<TableModel> sorter = (TableRowSorter<TableModel>) messageTable.getRowSorter();
String cleanedText = StringProcessor.replaceFirstOccurrence(filterText, "*.", "");
if (cleanedText.contains("*")) {
cleanedText = "";
}
RowFilter<TableModel, Integer> filter = RowFilter.regexFilter(cleanedText, 1);
sorter.setRowFilter(filter);
messageTableModel.applyHostFilter(filterText);
}
private List<String> getHostByList() {
return new ArrayList<>(Config.globalDataMap.keySet());
}
private void clearActionPerformed(ActionEvent e) {
int retCode = JOptionPane.showConfirmDialog(null, "Do you want to clear data?", "Info",
JOptionPane.YES_NO_OPTION);
String host = hostTextField.getText();
if (retCode == JOptionPane.YES_OPTION && !host.isEmpty()) {
dataTabbedPane.removeAll();
splitPane.setVisible(false);
String cleanedHost = StringProcessor.replaceFirstOccurrence(host, "*.", "");
if (host.contains("*")) {
Config.globalDataMap.keySet().removeIf(i -> i.contains(cleanedHost) || cleanedHost.contains("*"));
} else {
Config.globalDataMap.remove(host);
}
messageTableModel.deleteByHost(cleanedHost);
}
}
}

226
src/main/java/hae/component/board/Datatable.java Normal file
View File

@@ -0,0 +1,226 @@
package hae.component.board;
import burp.api.montoya.MontoyaApi;
import hae.component.board.message.MessageTableModel;
import jregex.Pattern;
import jregex.REFlags;
import java.awt.*;
import java.awt.event.FocusEvent;
import java.awt.event.FocusListener;
import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent;
import java.util.*;
import java.util.List;
import javax.swing.*;
import java.awt.datatransfer.*;
import javax.swing.event.*;
import javax.swing.table.*;
public class Datatable extends JPanel {
private final MontoyaApi api;
private final JTable dataTable;
private final DefaultTableModel dataTableModel;
private final JTextField searchField;
private final TableRowSorter<DefaultTableModel> sorter;
private final JCheckBox searchMode = new JCheckBox("Reverse search");
private final String tabName;
public Datatable(MontoyaApi api, String tabName, List<String> dataList) {
this.api = api;
this.tabName = tabName;
String[] columnNames = {"#", "Information"};
dataTableModel = new DefaultTableModel(columnNames, 0);
dataTable = new JTable(dataTableModel);
sorter = new TableRowSorter<>(dataTableModel);
searchField = new JTextField();
initComponents(dataList);
}
private void initComponents(List<String> dataList) {
// 设置ID排序
sorter.setComparator(0, new Comparator<Integer>() {
@Override
public int compare(Integer s1, Integer s2) {
return s1.compareTo(s2);
}
});
dataTable.setRowSorter(sorter);
TableColumn idColumn = dataTable.getColumnModel().getColumn(0);
idColumn.setMaxWidth(50);
for (String item : dataList) {
if (!item.isEmpty()) {
addRowToTable(new Object[]{item});
}
}
// 设置灰色默认文本
String searchText = "Search";
addPlaceholder(searchField, searchText);
// 监听输入框内容输入、更新、删除
searchField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void removeUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void changedUpdate(DocumentEvent e) {
performSearch();
}
});
// 设置布局
JScrollPane scrollPane = new JScrollPane(dataTable);
scrollPane.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS);
searchMode.addItemListener(e -> performSearch());
setLayout(new BorderLayout(0, 5));
JPanel optionsPanel = new JPanel();
optionsPanel.setBorder(BorderFactory.createEmptyBorder(2, 3, 5, 5));
optionsPanel.setLayout(new BoxLayout(optionsPanel, BoxLayout.X_AXIS));
// 新增复选框要在这修改rows
JPanel menuPanel = new JPanel(new GridLayout(1, 1));
menuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3));
JPopupMenu menu = new JPopupMenu();
menuPanel.add(searchMode);
menu.add(menuPanel);
JButton settingsButton = new JButton("Settings");
settingsButton.addActionListener(e -> {
int x = settingsButton.getX();
int y = settingsButton.getY() - menu.getPreferredSize().height;
menu.show(settingsButton, x, y);
});
optionsPanel.add(settingsButton);
optionsPanel.add(Box.createHorizontalStrut(5));
optionsPanel.add(searchField);
dataTable.setTransferHandler(new TransferHandler() {
@Override
public void exportToClipboard(JComponent comp, Clipboard clip, int action) throws IllegalStateException {
if (comp instanceof JTable) {
StringSelection stringSelection = new StringSelection(getSelectedData(
(JTable) comp));
clip.setContents(stringSelection, null);
} else {
super.exportToClipboard(comp, clip, action);
}
}
});
add(scrollPane, BorderLayout.CENTER);
add(optionsPanel, BorderLayout.SOUTH);
}
public static void addPlaceholder(JTextField textField, String placeholderText) {
textField.setForeground(Color.GRAY);
textField.setText(placeholderText);
textField.addFocusListener(new FocusListener() {
@Override
public void focusGained(FocusEvent e) {
if (textField.getText().equals(placeholderText)) {
textField.setText("");
textField.setForeground(Color.BLACK);
}
}
@Override
public void focusLost(FocusEvent e) {
if (textField.getText().isEmpty()) {
textField.setForeground(Color.GRAY);
textField.setText(placeholderText);
}
}
});
}
private void addRowToTable(Object[] data) {
int rowCount = dataTableModel.getRowCount();
int id = rowCount > 0 ? (Integer) dataTableModel.getValueAt(rowCount - 1, 0) + 1 : 1;
Object[] rowData = new Object[data.length + 1];
rowData[0] = id;
System.arraycopy(data, 0, rowData, 1, data.length);
dataTableModel.addRow(rowData);
}
private void performSearch() {
if (searchField.getForeground().equals(Color.BLACK)) {
RowFilter<Object, Object> rowFilter = new RowFilter<Object, Object>() {
public boolean include(Entry<?, ?> entry) {
String searchFieldTextText = searchField.getText();
Pattern pattern = null;
try {
pattern = new Pattern(searchFieldTextText, REFlags.IGNORE_CASE);
} catch (Exception ignored) {
}
String entryValue = ((String) entry.getValue(1)).toLowerCase();
searchFieldTextText = searchFieldTextText.toLowerCase();
if (pattern != null) {
return searchFieldTextText.isEmpty() || pattern.matcher(entryValue).find() != searchMode.isSelected();
} else {
return searchFieldTextText.isEmpty() || entryValue.contains(searchFieldTextText) != searchMode.isSelected();
}
}
};
sorter.setRowFilter(rowFilter);
}
}
public static String getSelectedData(JTable table) {
int[] selectRows = table.getSelectedRows();
StringBuilder selectData = new StringBuilder();
for (int row : selectRows) {
selectData.append(table.getValueAt(row, 1).toString()).append("\n");
}
// 便于单行复制,去除最后一个换行符
if (!selectData.isEmpty()){
selectData.deleteCharAt(selectData.length() - 1);
}
return selectData.toString();
}
public JTable getDataTable() {
return this.dataTable;
}
public void setTableListener(MessageTableModel messagePanel) {
dataTable.setDefaultEditor(Object.class, null);
// 表格内容双击事件
dataTable.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
if (e.getClickCount() == 2) {
int selectedRow = dataTable.getSelectedRow();
if (selectedRow != -1) {
String rowData = dataTable.getValueAt(selectedRow, 1).toString();
messagePanel.applyMessageFilter(tabName, rowData);
}
}
}
});
}
}

52
src/main/java/hae/component/board/message/MessageEntry.java Normal file
View File

@@ -0,0 +1,52 @@
package hae.component.board.message;
import burp.api.montoya.http.message.HttpRequestResponse;
public class MessageEntry {
private final String comment;
private final HttpRequestResponse requestResponse;
private final String url;
private final String length;
private final String status;
private final String color;
private final String method;
MessageEntry(HttpRequestResponse requestResponse, String method, String url, String comment, String length, String color, String status) {
this.requestResponse = requestResponse;
this.method = method;
this.url = url;
this.comment = comment;
this.length = length;
this.color = color;
this.status = status;
}
public String getColor() {
return this.color;
}
public String getUrl() {
return this.url;
}
public String getLength() {
return this.length;
}
public String getComment() {
return this.comment;
}
public String getMethod() {
return this.method;
}
public String getStatus() {
return this.status;
}
public HttpRequestResponse getRequestResponse() {
return this.requestResponse;
}
}

67
src/main/java/hae/component/board/message/MessageRenderer.java Normal file
View File

@@ -0,0 +1,67 @@
package hae.component.board.message;
import java.awt.Color;
import java.awt.Component;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.swing.JTable;
import javax.swing.table.DefaultTableCellRenderer;
public class MessageRenderer extends DefaultTableCellRenderer {
private List<MessageEntry> log;
private Map<String, Color> colorMap = new HashMap<>();
private JTable table; // 保存对表格的引用
public MessageRenderer(List<MessageEntry> log, JTable table) {
this.log = log;
// 与BurpSuite的颜色保持一致
this.colorMap.put("red", new Color(0xFF, 0x64, 0x64));
this.colorMap.put("orange", new Color(0xFF, 0xC8, 0x64));
this.colorMap.put("yellow", new Color(0xFF, 0xFF, 0x64));
this.colorMap.put("green", new Color(0x64, 0xFF, 0x64));
this.colorMap.put("cyan", new Color(0x64, 0xFF, 0xFF));
this.colorMap.put("blue", new Color(0x64, 0x64, 0xFF));
this.colorMap.put("pink", new Color(0xFF, 0xC8, 0xC8));
this.colorMap.put("magenta", new Color(0xFF, 0x64, 0xFF));
this.colorMap.put("gray", new Color(0xB4, 0xB4, 0xB4));
this.table = table;
}
@Override
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected,
boolean hasFocus, int row, int column) {
Component component = super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
MessageEntry messageEntry = log.get(table.convertRowIndexToModel(row)); // 使用convertRowIndexToModel方法转换行索引
// 设置颜色
String colorByLog = messageEntry.getColor();
Color color = colorMap.get(colorByLog);
if (isSelected) {
// 通过更改RGB颜色来达成阴影效果
component.setBackground(new Color(color.getRed()-0x20, color.getGreen()-0x20, color.getBlue()-0x20));
} else {
// 否则使用原始颜色
component.setBackground(color);
}
component.setForeground(Color.BLACK);
return component;
}
@Override
public void firePropertyChange(String propertyName, Object oldValue, Object newValue) {
super.firePropertyChange(propertyName, oldValue, newValue);
// 监听表格排序的属性变化
if ("tableCellRenderer".equals(propertyName)) {
// 更新每一行数据的颜色
for (int i = 0; i < table.getRowCount(); i++) {
table.repaint(table.getCellRect(i, 0, true));
}
}
}
}

456
src/main/java/hae/component/board/message/MessageTableModel.java Normal file
View File

@@ -0,0 +1,456 @@
package hae.component.board.message;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.ui.UserInterface;
import burp.api.montoya.ui.editor.HttpRequestEditor;
import burp.api.montoya.ui.editor.HttpResponseEditor;
import hae.Config;
import hae.cache.CachePool;
import hae.utils.string.HashCalculator;
import hae.utils.string.StringProcessor;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.util.*;
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.JTabbedPane;
import javax.swing.JTable;
import javax.swing.SwingWorker;
import javax.swing.table.AbstractTableModel;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import static burp.api.montoya.ui.editor.EditorOptions.READ_ONLY;
public class MessageTableModel extends AbstractTableModel {
private final MontoyaApi api;
private final MessageTable messageTable;
private final JTabbedPane messageTab;
private final JSplitPane splitPane;
private final List<MessageEntry> log = new ArrayList<MessageEntry>();
private LinkedList<MessageEntry> filteredLog;
public MessageTableModel(MontoyaApi api) {
this.filteredLog = new LinkedList<>();
this.api = api;
messageTab = new JTabbedPane();
UserInterface userInterface = api.userInterface();
HttpRequestEditor requestViewer = userInterface.createHttpRequestEditor(READ_ONLY);
HttpResponseEditor responseViewer = userInterface.createHttpResponseEditor(READ_ONLY);
messageTab.addTab("Request", requestViewer.uiComponent());
messageTab.addTab("Response", responseViewer.uiComponent());
// 请求条目表格
messageTable = new MessageTable(MessageTableModel.this, requestViewer, responseViewer);
messageTable.setDefaultRenderer(Object.class, new MessageRenderer(filteredLog, messageTable));
messageTable.setAutoCreateRowSorter(true);
// Length字段根据大小进行排序
TableRowSorter<DefaultTableModel> sorter = (TableRowSorter<DefaultTableModel>) messageTable.getRowSorter();
sorter.setComparator(4, new Comparator<String>() {
@Override
public int compare(String s1, String s2) {
Integer age1 = Integer.parseInt(s1);
Integer age2 = Integer.parseInt(s2);
return age1.compareTo(age2);
}
});
// Color字段根据颜色顺序进行排序
sorter.setComparator(5, new Comparator<String>() {
@Override
public int compare(String s1, String s2) {
int index1 = getIndex(s1);
int index2 = getIndex(s2);
return Integer.compare(index1, index2);
}
private int getIndex(String color) {
for (int i = 0; i < Config.color.length; i++) {
if (Config.color[i].equals(color)) {
return i;
}
}
return -1;
}
});
messageTable.setRowSorter(sorter);
messageTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
// 请求/相应文本框
JScrollPane scrollPane = new JScrollPane(messageTable);
scrollPane.setHorizontalScrollBarPolicy(JScrollPane.HORIZONTAL_SCROLLBAR_ALWAYS);
scrollPane.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS);
splitPane.setLeftComponent(scrollPane);
splitPane.setRightComponent(messageTab);
}
public void add(HttpRequestResponse messageInfo, String comment, String color) {
synchronized(log) {
HttpRequest httpRequest = messageInfo.request();
String url = httpRequest.url();
String method = httpRequest.method();
HttpResponse httpResponse = messageInfo.response();
String status = String.valueOf(httpResponse.statusCode());
String length = String.valueOf(httpResponse.body().length());
MessageEntry logEntry = new MessageEntry(messageInfo, method, url, comment, length, color, status);
try {
// 比较Hash如若存在重复的请求或响应则不放入消息内容里
byte[] reqByteA = httpRequest.toByteArray().getBytes();
byte[] resByteA = httpResponse.toByteArray().getBytes();
boolean isDuplicate = false;
if (log.size() > 0) {
for (MessageEntry entry : log) {
HttpRequestResponse reqResMessage = entry.getRequestResponse();
byte[] reqByteB = reqResMessage.request().toByteArray().getBytes();
byte[] resByteB = reqResMessage.response().toByteArray().getBytes();
try {
// 通过URL、请求和响应报文、匹配数据内容多维度进行对比
if ((entry.getUrl().toString().equals(url.toString()) || (Arrays.equals(reqByteB, reqByteA) || Arrays.equals(resByteB, resByteA))) && (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA)))) {
isDuplicate = true;
break;
}
} catch (Exception ignored) {
}
}
}
if (!isDuplicate) {
log.add(logEntry);
}
} catch (Exception ignored) {
}
}
}
public void deleteByHost(String filterText) {
filteredLog.clear();
List<Integer> rowsToRemove = new ArrayList<>();
for (int i = 0; i < log.size(); i++) {
MessageEntry entry = log.get(i);
String host = StringProcessor.getHostByUrl(entry.getUrl());
if (!host.isEmpty()) {
if (StringProcessor.matchFromEnd(host, filterText) || filterText.contains("*")) {
rowsToRemove.add(i);
}
}
}
for (int i = rowsToRemove.size() - 1; i >= 0; i--) {
int row = rowsToRemove.get(i);
log.remove(row);
}
if (!rowsToRemove.isEmpty()) {
int[] rows = rowsToRemove.stream().mapToInt(Integer::intValue).toArray();
fireTableRowsDeleted(rows[0], rows[rows.length - 1]);
}
}
public void applyHostFilter(String filterText) {
filteredLog.clear();
fireTableDataChanged();
String cleanedText = StringProcessor.replaceFirstOccurrence(filterText, "*.", "");
for (MessageEntry entry : log) {
String host = StringProcessor.getHostByUrl(entry.getUrl());
if (!host.isEmpty()) {
if (filterText.contains("*.") && StringProcessor.matchFromEnd(host, cleanedText)) {
filteredLog.add(entry);
} else if (host.equals(filterText) || filterText.contains("*")) {
filteredLog.add(entry);
}
}
}
fireTableDataChanged();
}
public void applyMessageFilter(String tableName, String filterText) {
filteredLog.clear();
for (MessageEntry entry : log) {
HttpRequestResponse requestResponse = entry.getRequestResponse();
HttpRequest httpRequest = requestResponse.request();
HttpResponse httpResponse = requestResponse.response();
String requestString = new String(httpRequest.toByteArray().getBytes(), StandardCharsets.UTF_8);
String requestBody = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8);
String requestHeaders = httpRequest.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\n"));
String responseString = new String(httpResponse.toByteArray().getBytes(), StandardCharsets.UTF_8);
String responseBody = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8);
String responseHeaders = httpResponse.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\n"));
// 标志变量,表示是否满足过滤条件
AtomicBoolean isMatched = new AtomicBoolean(false);
Config.globalRules.keySet().forEach(i -> {
for (Object[] objects : Config.globalRules.get(i)) {
String name = objects[1].toString();
String format = objects[4].toString();
String scope = objects[6].toString();
// 从注释中查看是否包含当前规则名,包含的再进行查询,有效减少无意义的检索时间
if (entry.getComment().contains(name)) {
if (name.equals(tableName)) {
// 标志变量,表示当前规则是否匹配
boolean isMatch = false;
switch (scope) {
case "any":
isMatch = matchingString(format, filterText, requestString) || matchingString(format, filterText, responseString);
break;
case "request":
isMatch = matchingString(format, filterText, requestString);
break;
case "response":
isMatch = matchingString(format, filterText, responseString);
break;
case "any header":
isMatch = matchingString(format, filterText, requestHeaders) || matchingString(format, filterText, responseHeaders);
break;
case "request header":
isMatch = matchingString(format, filterText, requestHeaders);
break;
case "response header":
isMatch = matchingString(format, filterText, responseHeaders);
break;
case "any body":
isMatch = matchingString(format, filterText, requestBody) || matchingString(format, filterText, responseBody);
break;
case "request body":
isMatch = matchingString(format, filterText, requestBody);
break;
case "response body":
isMatch = matchingString(format, filterText, responseBody);
break;
default:
break;
}
isMatched.set(isMatch);
break;
}
}
}
});
if (isMatched.get()) {
filteredLog.add(entry);
}
}
fireTableDataChanged();
messageTable.lastSelectedIndex = -1;
}
private boolean matchingString(String format, String filterText, String target) {
boolean isMatch = true;
try {
MessageFormat mf = new MessageFormat(format);
Object[] parsedObjects = mf.parse(filterText);
for (Object parsedObject : parsedObjects) {
if (!target.contains(parsedObject.toString())) {
isMatch = false;
break;
}
}
} catch (Exception e) {
isMatch = false;
}
return isMatch;
}
private Map<String, Map<String, Object>> getCacheData(byte[] content) {
String hashIndex = HashCalculator.calculateHash(content);
return CachePool.getFromCache(hashIndex);
}
private boolean areMapsEqual(Map<String, Map<String, Object>> map1, Map<String, Map<String, Object>> map2) {
if (map1 == null || map2 == null) {
return false;
}
if (map1.size() != map2.size()) {
return false;
}
for (String key : map1.keySet()) {
if (!map2.containsKey(key)) {
return false;
}
if (!areInnerMapsEqual(map1.get(key), map2.get(key))) {
return false;
}
}
return true;
}
private boolean areInnerMapsEqual(Map<String, Object> innerMap1, Map<String, Object> innerMap2) {
if (innerMap1.size() != innerMap2.size()) {
return false;
}
for (String key : innerMap1.keySet()) {
if (!innerMap2.containsKey(key)) {
return false;
}
Object value1 = innerMap1.get(key);
Object value2 = innerMap2.get(key);
// 如果值是Map则递归对比
if (value1 instanceof Map && value2 instanceof Map) {
if (!areInnerMapsEqual((Map<String, Object>) value1, (Map<String, Object>) value2)) {
return false;
}
} else if (!value1.equals(value2)) {
return false;
}
}
return true;
}
public JSplitPane getSplitPane()
{
return splitPane;
}
public MessageTable getMessageTable()
{
return messageTable;
}
public List<MessageEntry> getLogs() {
return log;
}
@Override
public int getRowCount() {
return filteredLog.size();
}
@Override
public int getColumnCount() {
return 6;
}
@Override
public Object getValueAt(int rowIndex, int columnIndex)
{
if (filteredLog.isEmpty()) {
return "";
}
MessageEntry messageEntry = filteredLog.get(rowIndex);
return switch (columnIndex) {
case 0 -> messageEntry.getMethod();
case 1 -> messageEntry.getUrl();
case 2 -> messageEntry.getComment();
case 3 -> messageEntry.getStatus();
case 4 -> messageEntry.getLength();
case 5 -> messageEntry.getColor();
default -> "";
};
}
@Override
public String getColumnName(int columnIndex)
{
return switch (columnIndex) {
case 0 -> "Method";
case 1 -> "URL";
case 2 -> "Comment";
case 3 -> "Status";
case 4 -> "Length";
case 5 -> "Color";
default -> "";
};
}
public class MessageTable extends JTable {
private MessageEntry MessageEntry;
private SwingWorker<Object, Void> currentWorker;
// 设置响应报文返回的最大长度为3MB
private final int MAX_LENGTH = 3145728;
private int lastSelectedIndex = -1;
private final HttpRequestEditor requestEditor;
private final HttpResponseEditor responseEditor;
public MessageTable(TableModel messageTableModel, HttpRequestEditor requestEditor, HttpResponseEditor responseEditor) {
super(messageTableModel);
this.requestEditor = requestEditor;
this.responseEditor = responseEditor;
}
@Override
public void changeSelection(int row, int col, boolean toggle, boolean extend) {
super.changeSelection(row, col, toggle, extend);
int selectedIndex = convertRowIndexToModel(row);
if (lastSelectedIndex != selectedIndex) {
lastSelectedIndex = selectedIndex;
MessageEntry = filteredLog.get(selectedIndex);
requestEditor.setRequest(HttpRequest.httpRequest("Loading..."));
responseEditor.setResponse(HttpResponse.httpResponse("Loading..."));
if (currentWorker != null && !currentWorker.isDone()) {
currentWorker.cancel(true);
}
currentWorker = new SwingWorker<>() {
@Override
protected ByteArray[] doInBackground() {
ByteArray requestByte = MessageEntry.getRequestResponse().request().toByteArray();
ByteArray responseByte = MessageEntry.getRequestResponse().response().toByteArray();
if (responseByte.length() > MAX_LENGTH) {
String ellipsis = "\r\n......";
responseByte = responseByte.subArray(0, MAX_LENGTH).withAppended(ellipsis);
}
return new ByteArray[]{requestByte, responseByte};
}
@Override
protected void done() {
if (!isCancelled()) {
try {
ByteArray[] result = (ByteArray[]) get();
requestEditor.setRequest(HttpRequest.httpRequest(MessageEntry.getRequestResponse().httpService(), result[0]));
responseEditor.setResponse(HttpResponse.httpResponse(result[1]));
} catch (Exception e) {
e.printStackTrace();
}
}
}
};
currentWorker.execute();
}
}
}
}

89
src/main/java/hae/component/config/Config.java Normal file
View File

@@ -0,0 +1,89 @@
package hae.component.config;
import burp.api.montoya.MontoyaApi;
import hae.component.rule.Rules;
import hae.utils.config.ConfigLoader;
import javax.swing.*;
import java.awt.*;
import java.awt.event.ActionEvent;
public class Config extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final Rules rules;
public Config(MontoyaApi api, ConfigLoader configLoader, Rules rules) {
this.api = api;
this.configLoader = configLoader;
this.rules = rules;
initComponents();
}
private void initComponents() {
setLayout(new GridBagLayout());
((GridBagLayout) getLayout()).columnWidths = new int[] {0, 0, 0, 0, 0};
((GridBagLayout) getLayout()).rowHeights = new int[] {0, 0, 0};
((GridBagLayout) getLayout()).columnWeights = new double[] {0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout) getLayout()).rowWeights = new double[] {0.0, 0.0, 1.0E-4};
JLabel rulesFilePathLabel = new JLabel("Rules Path:");
JTextField rulesFilePathTextField = new JTextField();
JButton onlineUpdateButton = new JButton("Update");
JLabel excludeSuffixLabel = new JLabel("Exclude Suffix:");
JTextField excludeSuffixTextField = new JTextField();
JButton excludeSuffixSaveButton = new JButton("Save");
JButton reloadButton = new JButton("Reload");
rulesFilePathTextField.setEditable(false);
onlineUpdateButton.addActionListener(this::onlineUpdateActionPerformed);
excludeSuffixSaveButton.addActionListener(e -> excludeSuffixSaveActionPerformed(e, excludeSuffixTextField.getText()));
reloadButton.addActionListener(this::reloadActionPerformed);
rulesFilePathTextField.setText(configLoader.getRulesFilePath());
excludeSuffixTextField.setText(configLoader.getExcludeSuffix());
add(rulesFilePathTextField, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
add(rulesFilePathLabel, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.WEST, GridBagConstraints.VERTICAL,
new Insets(5, 5, 5, 5), 0, 0));
add(onlineUpdateButton, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
add(reloadButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
add(excludeSuffixLabel, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTHWEST, GridBagConstraints.NONE,
new Insets(0, 5, 5, 5), 0, 0));
add(excludeSuffixTextField, new GridBagConstraints(1, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
add(excludeSuffixSaveButton, new GridBagConstraints(2, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
}
private void onlineUpdateActionPerformed(ActionEvent e) {
// 添加提示框防止用户误触导致配置更新
int retCode = JOptionPane.showConfirmDialog(null, "Do you want to update rules?", "Info", JOptionPane.YES_NO_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
configLoader.initRules();
reloadActionPerformed(null);
}
}
private void excludeSuffixSaveActionPerformed(ActionEvent e, String suffix) {
if (!suffix.equals(configLoader.getExcludeSuffix()) && !suffix.isEmpty()) {
configLoader.setExcludeSuffix(suffix);
}
}
private void reloadActionPerformed(ActionEvent e) {
rules.reloadRuleGroup();
}
}

79
src/main/java/hae/component/rule/Display.java Normal file
View File

@@ -0,0 +1,79 @@
package hae.component.rule;
import hae.Config;
import javax.swing.*;
import java.awt.*;
public class Display extends JPanel {
public JTextField firstRegexTextField;
public JTextField secondRegexTextField;
public JTextField formatTextField;
public JTextField ruleNameTextField;
public JComboBox<String> scopeComboBox;
public JComboBox<String> engineComboBox;
public JComboBox<String> colorComboBox;
public JComboBox<Boolean> sensitiveComboBox;
public Display() {
initComponents();
}
private void initComponents() {
setLayout(new GridBagLayout());
GridBagConstraints c = new GridBagConstraints();
c.fill = GridBagConstraints.BOTH;
addLabel("Name:", 0, c);
ruleNameTextField = addTextField(0, c);
addLabel("F-Regex:", 1, c);
firstRegexTextField = addTextField(1, c);
addLabel("S-Regex:", 2, c);
secondRegexTextField = addTextField(2, c);
addLabel("Format:", 3, c);
formatTextField = addTextField(3, c);
addLabel("Scope:", 4, c);
scopeComboBox = addComboBox(Config.scope, 4, c);
addLabel("Engine:", 5, c);
engineComboBox = addComboBox(Config.engine, 5, c);
engineComboBox.addActionListener(e -> {
boolean isNfa = "nfa".equals(engineComboBox.getSelectedItem().toString());
formatTextField.setEnabled(isNfa);
formatTextField.setText(isNfa ? formatTextField.getText() : "{0}");
});
addLabel("Color:", 6, c);
colorComboBox = addComboBox(Config.color, 6, c);
addLabel("Sensitive:", 7, c);
sensitiveComboBox = addComboBox(new Boolean[]{true, false}, 7, c);
}
private void addLabel(String text, int y, GridBagConstraints c) {
JLabel label = new JLabel(text);
c.gridx = 0;
c.gridy = y;
add(label, c);
}
private JTextField addTextField(int y, GridBagConstraints c) {
JTextField textField = new JTextField(35);
c.gridx = 1;
c.gridy = y;
add(textField, c);
return textField;
}
private <T> JComboBox<T> addComboBox(T[] items, int y, GridBagConstraints c) {
JComboBox<T> comboBox = new JComboBox<>(items);
c.gridx = 1;
c.gridy = y;
add(comboBox, c);
return comboBox;
}
}

164
src/main/java/hae/component/rule/Rule.java Normal file
View File

@@ -0,0 +1,164 @@
package hae.component.rule;
import burp.api.montoya.MontoyaApi;
import javax.swing.*;
import javax.swing.table.DefaultTableModel;
import java.awt.*;
import java.awt.event.ActionEvent;
import javax.swing.table.TableRowSorter;
import java.util.Vector;
import hae.Config;
import hae.utils.config.ConfigLoader;
import hae.utils.rule.RuleProcessor;
import static javax.swing.JOptionPane.YES_OPTION;
public class Rule extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final RuleProcessor ruleProcessor;
private final JTabbedPane tabbedPane;
public Rule(MontoyaApi api, ConfigLoader configLoader, Object[][] data, JTabbedPane tabbedPane) {
this.api = api;
this.configLoader = configLoader;
this.ruleProcessor = new RuleProcessor(api, configLoader);
this.tabbedPane = tabbedPane;
initComponents(data);
}
private void initComponents(Object[][] data) {
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 0.0, 0.0, 1.0, 1.0E-4};
JButton addButton = new JButton("Add");
JButton editButton = new JButton("Edit");
JButton removeButton = new JButton("Remove");
JTable ruleTable = new JTable();
JScrollPane scrollPane = new JScrollPane();
ruleTable.setShowVerticalLines(false);
ruleTable.setShowHorizontalLines(false);
ruleTable.setVerifyInputWhenFocusTarget(false);
ruleTable.setUpdateSelectionOnSort(false);
ruleTable.setSurrendersFocusOnKeystroke(true);
scrollPane.setViewportView(ruleTable);
// 按钮监听事件
addButton.addActionListener(e -> ruleAddActionPerformed(e, ruleTable, tabbedPane));
editButton.addActionListener(e -> ruleEditActionPerformed(e, ruleTable, tabbedPane));
removeButton.addActionListener(e -> ruleRemoveActionPerformed(e, ruleTable, tabbedPane));
// 表格
DefaultTableModel model = new DefaultTableModel() {
@Override
public Class<?> getColumnClass(int column) {
return (column == 0) ? Boolean.class : String.class;
}
@Override
public boolean isCellEditable(int row, int column) {
return column == 0;
}
};
ruleTable.setModel(model);
ruleTable.setRowSorter(new TableRowSorter<>(model));
model.setDataVector(data, Config.ruleFields);
model.addTableModelListener(e -> {
if (e.getColumn() == 0 && ruleTable.getSelectedRow() != -1){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
ruleProcessor.changeRule(model.getDataVector().get(select), select, tabbedPane.getTitleAt(tabbedPane.getSelectedIndex()));
}
});
add(addButton, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 3, 2), 0, 0));
add(editButton, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
add(removeButton, new GridBagConstraints(0, 2, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
add(scrollPane, new GridBagConstraints(1, 0, 1, 4, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 5, 5), 0, 0));
}
private void ruleAddActionPerformed(ActionEvent e, JTable ruleTable, JTabbedPane tabbedPane) {
Display ruleDisplay = new Display();
ruleDisplay.formatTextField.setText("{0}");
int showState = JOptionPane.showConfirmDialog(null, ruleDisplay, "Add Rule", JOptionPane.OK_OPTION);
if (showState == YES_OPTION) {
Vector<Object> ruleData = new Vector<>();
ruleData.add(false);
ruleData.add(ruleDisplay.ruleNameTextField.getText());
ruleData.add(ruleDisplay.firstRegexTextField.getText());
ruleData.add(ruleDisplay.secondRegexTextField.getText());
ruleData.add(ruleDisplay.formatTextField.getText());
ruleData.add(ruleDisplay.colorComboBox.getSelectedItem().toString());
ruleData.add(ruleDisplay.scopeComboBox.getSelectedItem().toString());
ruleData.add(ruleDisplay.engineComboBox.getSelectedItem().toString());
ruleData.add(ruleDisplay.sensitiveComboBox.getSelectedItem());
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
model.insertRow(model.getRowCount(), ruleData);
ruleProcessor.addRule(ruleData, tabbedPane.getTitleAt(tabbedPane.getSelectedIndex()));
}
}
private void ruleEditActionPerformed(ActionEvent e, JTable ruleTable, JTabbedPane tabbedPane){
if (ruleTable.getSelectedRowCount() >= 1){
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
Display ruleDisplay = new Display();
ruleDisplay.ruleNameTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 1).toString());
ruleDisplay.firstRegexTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 2).toString());
ruleDisplay.secondRegexTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 3).toString());
ruleDisplay.formatTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 4).toString());
ruleDisplay.colorComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 5).toString());
ruleDisplay.scopeComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 6).toString());
ruleDisplay.engineComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 7).toString());
ruleDisplay.sensitiveComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(),8));
ruleDisplay.formatTextField.setEnabled(ruleDisplay.engineComboBox.getSelectedItem().toString().equals("nfa"));
int showState = JOptionPane.showConfirmDialog(null, ruleDisplay, "Edit Rule", JOptionPane.OK_OPTION);
if (showState == 0){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.setValueAt(ruleDisplay.ruleNameTextField.getText(), select, 1);
model.setValueAt(ruleDisplay.firstRegexTextField.getText(), select, 2);
model.setValueAt(ruleDisplay.secondRegexTextField.getText(), select, 3);
model.setValueAt(ruleDisplay.formatTextField.getText(), select, 4);
model.setValueAt(ruleDisplay.colorComboBox.getSelectedItem().toString(), select, 5);
model.setValueAt(ruleDisplay.scopeComboBox.getSelectedItem().toString(), select, 6);
model.setValueAt(ruleDisplay.engineComboBox.getSelectedItem().toString(), select, 7);
model.setValueAt(ruleDisplay.sensitiveComboBox.getSelectedItem(), select, 8);
model = (DefaultTableModel) ruleTable.getModel();
ruleProcessor.changeRule(model.getDataVector().get(select), select, tabbedPane.getTitleAt(tabbedPane.getSelectedIndex()));
}
}
}
private void ruleRemoveActionPerformed(ActionEvent e, JTable ruleTable, JTabbedPane tabbedPane){
if (ruleTable.getSelectedRowCount() >= 1){
if (JOptionPane.showConfirmDialog(null, "Are you sure you want to delete this rule?", "Info", JOptionPane.OK_OPTION) == 0){
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.removeRow(select);
ruleProcessor.removeRule(select, tabbedPane.getTitleAt(tabbedPane.getSelectedIndex()));
}
}
}
}

156
src/main/java/hae/component/rule/Rules.java Normal file
View File

@@ -0,0 +1,156 @@
package hae.component.rule;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import hae.utils.config.ConfigLoader;
import hae.utils.rule.RuleProcessor;
import javax.swing.*;
import java.awt.*;
import java.awt.event.*;
public class Rules extends JTabbedPane {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final RuleProcessor ruleProcessor;
private final JTextField ruleGroupNameTextField;
private Component tabComponent;
private int selectedIndex;
public Rules(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
this.ruleProcessor = new RuleProcessor(api, configLoader);
this.ruleGroupNameTextField = new JTextField();
initComponents();
}
private void initComponents() {
reloadRuleGroup();
JTabbedPane tabbedPane = this;
JMenuItem deleteMenuItem = new JMenuItem("Delete");
JPopupMenu popupMenu = new JPopupMenu();
popupMenu.add(deleteMenuItem);
deleteMenuItem.addActionListener(this::deleteRuleGroupActionPerformed);
ruleGroupNameTextField.setBorder(BorderFactory.createEmptyBorder());
ruleGroupNameTextField.addFocusListener(new FocusAdapter() {
@Override
public void focusLost(FocusEvent e) {
renameTitleActionPerformed.actionPerformed(null);
}
});
addMouseListener(new MouseAdapter() {
@Override
public void mousePressed(MouseEvent e) {
int index = getSelectedIndex();
Rectangle r = getBoundsAt(index);
if (r.contains(e.getPoint()) && index >= 0) {
switch (e.getButton()) {
case MouseEvent.BUTTON1:
if (e.getClickCount() == 2) {
selectedIndex = index;
tabComponent = getTabComponentAt(selectedIndex);
String ruleGroupName = getTitleAt(selectedIndex);
if (!"...".equals(ruleGroupName)) {
setTabComponentAt(selectedIndex, ruleGroupNameTextField);
ruleGroupNameTextField.setVisible(true);
ruleGroupNameTextField.setText(ruleGroupName);
ruleGroupNameTextField.selectAll();
ruleGroupNameTextField.requestFocusInWindow();
ruleGroupNameTextField.setMinimumSize(ruleGroupNameTextField.getPreferredSize());
}
} else if (e.getClickCount() == 1) {
if ("...".equals(getTitleAt(getSelectedIndex()))) {
String title = ruleProcessor.newRule();
Rule newRule = new Rule(api, configLoader, Config.ruleTemplate, tabbedPane);
insertTab(title, null, newRule, null, getTabCount() - 1);
setSelectedIndex(getTabCount() - 2);
} else {
renameTitleActionPerformed.actionPerformed(null);
}
}
break;
case MouseEvent.BUTTON3:
if (!"...".equals(getTitleAt(getSelectedIndex()))) {
popupMenu.show(e.getComponent(), e.getX(), e.getY());
}
break;
default:
break;
}
}
}
});
InputMap im = ruleGroupNameTextField.getInputMap(JComponent.WHEN_FOCUSED);
ActionMap am = ruleGroupNameTextField.getActionMap();
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0), "cancel");
am.put("cancel", cancelActionPerformed);
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "rename");
am.put("rename", renameTitleActionPerformed);
}
public void reloadRuleGroup() {
removeAll();
Config.globalRules.keySet().forEach(i-> addTab(i, new Rule(api, configLoader, hae.Config.globalRules.get(i), this)));
addTab("...", null);
}
private void deleteRuleGroupActionPerformed(ActionEvent e) {
if (getTabCount() > 2) {
int retCode = JOptionPane.showConfirmDialog(null, "Do you want to delete this rule group?", "Info",
JOptionPane.YES_NO_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
String title = getTitleAt(getSelectedIndex());
ruleProcessor.deleteRuleGroup(title);
remove(getSelectedIndex());
setSelectedIndex(getSelectedIndex() - 1);
}
}
}
private Action renameTitleActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
String title = ruleGroupNameTextField.getText();
if (!title.isEmpty() && selectedIndex >= 0) {
String oldName = getTitleAt(selectedIndex);
setTitleAt(selectedIndex, title);
if (!oldName.equals(title)) {
ruleProcessor.renameRuleGroup(oldName, title);
}
}
cancelActionPerformed.actionPerformed(null);
}
};
private Action cancelActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
if (selectedIndex >= 0) {
setTabComponentAt(selectedIndex, tabComponent);
ruleGroupNameTextField.setVisible(false);
ruleGroupNameTextField.setPreferredSize(null);
selectedIndex = -1;
tabComponent = null;
requestFocusInWindow();
}
}
};
}

115
src/main/java/hae/instances/editor/RequestEditor.java Normal file
View File

@@ -0,0 +1,115 @@
package hae.instances.editor;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.ui.editor.extension.EditorCreationContext;
import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Range;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.ui.Selection;
import hae.component.board.Datatable;
import hae.instances.http.utils.MessageProcessor;
import javax.swing.*;
import java.awt.*;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
public class RequestEditor implements HttpRequestEditorProvider {
private final MontoyaApi api;
public RequestEditor(MontoyaApi api) {
this.api = api;
}
@Override
public ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreationContext editorCreationContext) {
return new Editor(api, editorCreationContext);
}
private static class Editor implements ExtensionProvidedHttpRequestEditor {
private final MontoyaApi api;
private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor;
private HttpRequestResponse requestResponse;
private JTabbedPane jTabbedPane = new JTabbedPane();
public Editor(MontoyaApi api, EditorCreationContext creationContext)
{
this.api = api;
this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api);
}
@Override
public HttpRequest getRequest() {
return requestResponse.request();
}
@Override
public void setRequestResponse(HttpRequestResponse requestResponse) {
this.requestResponse = requestResponse;
}
@Override
public synchronized boolean isEnabledFor(HttpRequestResponse requestResponse) {
HttpRequest request = requestResponse.request();
if (request != null && !request.bodyToString().equals("Loading...")) {
List<Map<String, String>> result = messageProcessor.processRequest("", request, false);
jTabbedPane = generateTabbedPaneFromResultMap(api, result);
return jTabbedPane.getTabCount() > 0;
}
return false;
}
@Override
public String caption() {
return "MarkInfo";
}
@Override
public Component uiComponent() {
return jTabbedPane;
}
@Override
public Selection selectedData() {
return new Selection() {
@Override
public ByteArray contents() {
return ByteArray.byteArray(Datatable.getSelectedData(((Datatable) jTabbedPane.getSelectedComponent()).getDataTable()));
}
@Override
public Range offsets() {
return null;
}
};
}
@Override
public boolean isModified() {
return false;
}
}
public static JTabbedPane generateTabbedPaneFromResultMap(MontoyaApi api, List<Map<String, String>> result) {
JTabbedPane tabbedPane = new JTabbedPane();
if (result != null && !result.isEmpty() && result.size() > 0) {
Map<String, String> dataMap = result.get(0);
if (dataMap != null && !dataMap.isEmpty() && dataMap.size() > 0) {
dataMap.keySet().forEach(i->{
String[] extractData = dataMap.get(i).split("\n");
Datatable dataPanel = new Datatable(api, i, Arrays.asList(extractData));
tabbedPane.addTab(i, dataPanel);
});
}
}
return tabbedPane;
}
}

98
src/main/java/hae/instances/editor/ResponseEditor.java Normal file
View File

@@ -0,0 +1,98 @@
package hae.instances.editor;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.ui.editor.extension.EditorCreationContext;
import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpResponseEditor;
import burp.api.montoya.ui.editor.extension.HttpResponseEditorProvider;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Range;
import burp.api.montoya.ui.Selection;
import hae.component.board.Datatable;
import hae.instances.http.utils.MessageProcessor;
import javax.swing.*;
import java.awt.*;
import java.util.List;
import java.util.Map;
public class ResponseEditor implements HttpResponseEditorProvider {
private final MontoyaApi api;
public ResponseEditor(MontoyaApi api) {
this.api = api;
}
@Override
public ExtensionProvidedHttpResponseEditor provideHttpResponseEditor(EditorCreationContext editorCreationContext) {
return new Editor(api, editorCreationContext);
}
private static class Editor implements ExtensionProvidedHttpResponseEditor {
private final MontoyaApi api;
private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor;
private HttpRequestResponse requestResponse;
private JTabbedPane jTabbedPane = new JTabbedPane();
public Editor(MontoyaApi api, EditorCreationContext creationContext)
{
this.api = api;
this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api);
}
@Override
public HttpResponse getResponse() {
return requestResponse.response();
}
@Override
public void setRequestResponse(HttpRequestResponse requestResponse) {
this.requestResponse = requestResponse;
}
@Override
public synchronized boolean isEnabledFor(HttpRequestResponse requestResponse) {
HttpResponse request = requestResponse.response();
if (request != null && !request.bodyToString().equals("Loading...")) {
List<Map<String, String>> result = messageProcessor.processResponse("", request, false);
jTabbedPane = RequestEditor.generateTabbedPaneFromResultMap(api, result);
return jTabbedPane.getTabCount() > 0;
}
return false;
}
@Override
public String caption() {
return "MarkInfo";
}
@Override
public Component uiComponent() {
return jTabbedPane;
}
@Override
public Selection selectedData() {
return new Selection() {
@Override
public ByteArray contents() {
return ByteArray.byteArray(Datatable.getSelectedData(((Datatable) jTabbedPane.getSelectedComponent()).getDataTable()));
}
@Override
public Range offsets() {
return null;
}
};
}
@Override
public boolean isModified() {
return false;
}
}
}

94
src/main/java/hae/instances/editor/WebSocketEditor.java Normal file
View File

@@ -0,0 +1,94 @@
package hae.instances.editor;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Range;
import burp.api.montoya.ui.Selection;
import burp.api.montoya.ui.contextmenu.WebSocketMessage;
import burp.api.montoya.ui.editor.extension.*;
import hae.component.board.Datatable;
import hae.instances.http.utils.MessageProcessor;
import javax.swing.*;
import java.awt.*;
import java.util.List;
import java.util.Map;
public class WebSocketEditor implements WebSocketMessageEditorProvider {
private final MontoyaApi api;
public WebSocketEditor(MontoyaApi api) {
this.api = api;
}
@Override
public ExtensionProvidedWebSocketMessageEditor provideMessageEditor(EditorCreationContext editorCreationContext) {
return new Editor(api, editorCreationContext);
}
private static class Editor implements ExtensionProvidedWebSocketMessageEditor {
private final MontoyaApi api;
private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor;
private ByteArray message;
private JTabbedPane jTabbedPane = new JTabbedPane();
public Editor(MontoyaApi api, EditorCreationContext creationContext) {
this.api = api;
this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api);
}
@Override
public ByteArray getMessage() {
return message;
}
@Override
public void setMessage(WebSocketMessage webSocketMessage) {
this.message = webSocketMessage.payload();
}
@Override
public boolean isEnabledFor(WebSocketMessage webSocketMessage) {
String websocketMessage = webSocketMessage.payload().toString();
if (!websocketMessage.isEmpty()) {
List<Map<String, String>> result = messageProcessor.processMessage("", websocketMessage, false);
jTabbedPane = RequestEditor.generateTabbedPaneFromResultMap(api, result);
return jTabbedPane.getTabCount() > 0;
}
return false;
}
@Override
public String caption() {
return "MarkInfo";
}
@Override
public Component uiComponent() {
return jTabbedPane;
}
@Override
public Selection selectedData() {
return new Selection() {
@Override
public ByteArray contents() {
return ByteArray.byteArray(Datatable.getSelectedData(((Datatable) jTabbedPane.getSelectedComponent()).getDataTable()));
}
@Override
public Range offsets() {
return null;
}
};
}
@Override
public boolean isModified() {
return false;
}
}
}

87
src/main/java/hae/instances/http/HttpMessageHandler.java Normal file
View File

@@ -0,0 +1,87 @@
package hae.instances.http;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.Annotations;
import burp.api.montoya.core.HighlightColor;
import burp.api.montoya.http.handler.*;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import hae.Config;
import hae.component.board.message.MessageTableModel;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.string.StringProcessor;
import java.util.*;
public class HttpMessageHandler implements HttpHandler {
private final MontoyaApi api;
private MessageTableModel messageTableModel;
private final MessageProcessor messageProcessor;
private String host;
// Montoya API对HTTP消息的处理分为了请求和响应因此此处设置高亮和标记需要使用全局变量的方式以此兼顾请求和响应
// 同时采用 ThreadLocal 来保证多线程并发的情况下全局变量的安全性
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
private final ThreadLocal<Boolean> matches = ThreadLocal.withInitial(() -> false);
private final ThreadLocal<HttpRequest> httpRequest = new ThreadLocal<>();
public HttpMessageHandler(MontoyaApi api, MessageTableModel messageTableModel) {
this.api = api;
this.messageTableModel = messageTableModel;
this.messageProcessor = new MessageProcessor(api);
}
@Override
public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent httpRequestToBeSent) {
colorList.get().clear();
commentList.get().clear();
Annotations annotations = httpRequestToBeSent.annotations();
httpRequest.set(httpRequestToBeSent);
host = StringProcessor.getHostByUrl(httpRequestToBeSent.url());
List<String> suffixList = Arrays.asList(Config.suffix.split("\\|"));
matches.set(suffixList.contains(httpRequestToBeSent.fileExtension()));
if (!matches.get()) {
List<Map<String, String>> result = messageProcessor.processRequest(host, httpRequestToBeSent, true);
setColorAndCommentList(result);
}
return RequestToBeSentAction.continueWith(httpRequestToBeSent, annotations);
}
@Override
public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived httpResponseReceived) {
Annotations annotations = httpResponseReceived.annotations();
if (!matches.get()) {
List<Map<String, String>> result = messageProcessor.processResponse(host, httpResponseReceived, true);
setColorAndCommentList(result);
// 设置高亮颜色和注释
if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
annotations.setHighlightColor(HighlightColor.highlightColor(color));
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
annotations.setNotes(comment);
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived);
// 添加到Databoard
messageTableModel.add(httpRequestResponse, comment, color);
}
}
return ResponseReceivedAction.continueWith(httpResponseReceived, annotations);
}
private void setColorAndCommentList(List<Map<String, String>> result) {
if (result != null && !result.isEmpty() && result.size() > 0) {
colorList.get().add(result.get(0).get("color"));
commentList.get().add(result.get(1).get("comment"));
}
}
}

172
src/main/java/hae/instances/http/utils/MessageProcessor.java Normal file
View File

@@ -0,0 +1,172 @@
package hae.instances.http.utils;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import hae.Config;
import java.nio.charset.StandardCharsets;
import java.util.*;
import java.util.stream.Collectors;
public class MessageProcessor {
private final MontoyaApi api;
private final RegularMatcher regularMatcher;
private String finalColor = "";
public MessageProcessor(MontoyaApi api) {
this.api = api;
this.regularMatcher = new RegularMatcher(api);
}
public List<Map<String, String>> processMessage(String host, String message, boolean flag) {
Map<String, Map<String, Object>> obj = null;
try {
obj = regularMatcher.match(host, "any", message, message, message);
} catch (Exception ignored) {
}
return getDataList(obj, flag);
}
public List<Map<String, String>> processResponse(String host, HttpResponse httpResponse, boolean flag) {
Map<String, Map<String, Object>> obj = null;
try {
String response = new String(httpResponse.toByteArray().getBytes(), StandardCharsets.UTF_8);
String body = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8);
String header = httpResponse.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\n"));
obj = regularMatcher.match(host, "response", response, header, body);
} catch (Exception ignored) {
}
return getDataList(obj, flag);
}
public List<Map<String, String>> processRequest(String host, HttpRequest httpRequest, boolean flag) {
Map<String, Map<String, Object>> obj = null;
try {
String request = new String(httpRequest.toByteArray().getBytes(), StandardCharsets.UTF_8);
String body = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8);
String header = httpRequest.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\n"));
obj = regularMatcher.match(host, "request", request, header, body);
} catch (Exception ignored) {
}
return getDataList(obj, flag);
}
private List<Map<String, String>> getDataList(Map<String, Map<String, Object>> obj, boolean actionFlag) {
List<Map<String, String>> highlightList = new ArrayList<>();
List<Map<String, String>> extractList = new ArrayList<>();
if (obj != null && !obj.isEmpty() && obj.size() > 0) {
if (actionFlag) {
List<List<String>> resultList = extractColorsAndComments(obj);
List<String> colorList = resultList.get(0);
List<String> commentList = resultList.get(1);
if (!colorList.isEmpty() && !commentList.isEmpty()) {
String color = retrieveFinalColor(retrieveColorIndices(colorList));
Map<String, String> colorMap = new HashMap<String, String>() {{
put("color", color);
}};
Map<String, String> commentMap = new HashMap<String, String>() {{
put("comment", String.join(", ", commentList));
}};
highlightList.add(colorMap);
highlightList.add(commentMap);
}
} else {
extractList.add(extractDataFromMap(obj));
}
}
return actionFlag ? highlightList : extractList;
}
private Map<String, String> extractDataFromMap(Map<String, Map<String, Object>> inputData) {
Map<String, String> extractedData = new HashMap<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String data = tempMap.get("data").toString();
extractedData.put(key, data);
});
return extractedData;
}
private List<List<String>> extractColorsAndComments(Map<String, Map<String, Object>> inputData) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String color = tempMap.get("color").toString();
colorList.add(color);
commentList.add(key);
});
List<List<String>> result = new ArrayList<>();
result.add(colorList);
result.add(commentList);
return result;
}
public List<Integer> retrieveColorIndices(List<String> colors){
List<Integer> indices = new ArrayList<>();
String[] colorArray = Config.color;
int size = colorArray.length;
for (String color : colors) {
for (int i = 0; i < size; i++) {
if (colorArray[i].equals(color)) {
indices.add(i);
}
}
}
return indices;
}
private void upgradeColors(List<Integer> colorList) {
int colorSize = colorList.size();
String[] colorArray = Config.color;
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
} else {
if (!Objects.equals(colorList.get(i), stack.stream().reduce((first, second) -> second).orElse(99999999))) {
stack.add(colorList.get(i));
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
}
}
i++;
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0) < 0) {
finalColor = colorArray[0];
} else {
finalColor = colorArray[stack.get(0)];
}
} else {
upgradeColors(stack);
}
}
public String retrieveFinalColor(List<Integer> colorList) {
upgradeColors(colorList);
return finalColor;
}
}

274
src/main/java/hae/instances/http/utils/RegularMatcher.java Normal file
View File

@@ -0,0 +1,274 @@
package hae.instances.http.utils;
import burp.api.montoya.MontoyaApi;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton;
import hae.Config;
import hae.cache.CachePool;
import hae.utils.string.HashCalculator;
import hae.utils.string.StringProcessor;
import jregex.Matcher;
import jregex.Pattern;
import java.text.MessageFormat;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
public class RegularMatcher {
private final MontoyaApi api;
public RegularMatcher(MontoyaApi api) {
this.api = api;
}
public Map<String, Map<String, Object>> match(String host, String type, String message, String header, String body) {
// 先从缓存池里判断是否有已经匹配好的结果
String messageIndex = HashCalculator.calculateHash(message.getBytes());
Map<String, Map<String, Object>> map = CachePool.getFromCache(messageIndex);
if (map != null) {
return map;
} else {
// 最终返回的结果
Map<String, Map<String, Object>> finalMap = new HashMap<>();
Config.globalRules.keySet().parallelStream().forEach(i -> {
for (Object[] objects : Config.globalRules.get(i)) {
// 多线程执行,一定程度上减少阻塞现象
String matchContent = "";
// 遍历获取规则
List<String> result = new ArrayList<>();
Map<String, Object> tmpMap = new HashMap<>();
boolean loaded = (Boolean) objects[0];
String name = objects[1].toString();
String f_regex = objects[2].toString();
String s_regex = objects[3].toString();
String format = objects[4].toString();
String color = objects[5].toString();
String scope = objects[6].toString();
String engine = objects[7].toString();
boolean sensitive = (Boolean) objects[8];
// 判断规则是否开启与作用域
if (loaded && (scope.contains(type) || scope.contains("any") || type.equals("any"))) {
switch (scope) {
case "any":
case "request":
case "response":
matchContent = message;
break;
case "any header":
case "request header":
case "response header":
matchContent = header;
break;
case "any body":
case "request body":
case "response body":
matchContent = body;
break;
default:
break;
}
try {
result.addAll(matchByRegex(f_regex, s_regex, matchContent, format, engine, sensitive));
} catch (Exception e) {
api.logging().logToError(String.format("[x] Error Info:\nName: %s\nRegex: %s", name, f_regex));
continue;
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
String nameAndSize = String.format("%s (%s)", name, result.size());
if (!result.isEmpty()) {
tmpMap.put("color", color);
String dataStr = String.join("\n", result);
tmpMap.put("data", dataStr);
finalMap.put(nameAndSize, tmpMap);
// 添加到全局变量中便于Databoard检索
if (!Objects.equals(host, "") && host != null) {
List<String> dataList = Arrays.asList(dataStr.split("\n"));
if (Config.globalDataMap.containsKey(host)) {
ConcurrentHashMap<String, List<String>> gRuleMap = new ConcurrentHashMap<>(Config.globalDataMap.get(host));
if (gRuleMap.containsKey(name)) {
// gDataList为不可变列表因此需要重新创建一个列表以便于使用addAll方法
List<String> gDataList = gRuleMap.get(name);
List<String> newDataList = new ArrayList<>(gDataList);
newDataList.addAll(dataList);
newDataList = new ArrayList<>(new HashSet<>(newDataList));
gRuleMap.remove(name);
gRuleMap.put(name, newDataList);
} else {
gRuleMap.put(name, dataList);
}
Config.globalDataMap.remove(host);
Config.globalDataMap.put(host, gRuleMap);
} else {
Map<String, List<String>> ruleMap = new HashMap<>();
ruleMap.put(name, dataList);
// 添加单一Host
Config.globalDataMap.put(host, ruleMap);
}
String[] splitHost = host.split("\\.");
String onlyHost = host.split(":")[0];
String anyHost = (splitHost.length > 2 && !onlyHost.matches("\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b")) ? StringProcessor.replaceFirstOccurrence(onlyHost, splitHost[0], "*") : "";
if (!Config.globalDataMap.containsKey(anyHost) && anyHost.length() > 0) {
// 添加通配符Host实际数据从查询哪里将所有数据提取
Config.globalDataMap.put(anyHost, new HashMap<>());
}
if (!Config.globalDataMap.containsKey("*")) {
// 添加通配符全匹配,同上
Config.globalDataMap.put("*", new HashMap<>());
}
}
}
}
}
});
CachePool.addToCache(messageIndex, finalMap);
return finalMap;
}
}
private List<String> matchByRegex(String f_regex, String s_regex, String content, String format, String engine, boolean sensitive) {
List<String> retList = new ArrayList<>();
if ("nfa".equals(engine)) {
Matcher matcher = createPatternMatcher(f_regex, content, sensitive);
retList.addAll(extractMatches(s_regex, format, sensitive, matcher));
} else {
// DFA不支持格式化输出因此不关注format
String newContent = content;
String newFirstRegex = f_regex;
if (!sensitive) {
newContent = content.toLowerCase();
newFirstRegex = f_regex.toLowerCase();
}
AutomatonMatcher autoMatcher = createAutomatonMatcher(newFirstRegex, newContent);
retList.addAll(extractMatches(s_regex, autoMatcher, content));
}
return retList;
}
private List<String> extractMatches(String s_regex, String format, boolean sensitive, Matcher matcher) {
List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) {
matches.addAll(getFormatString(matcher, format));
} else {
while (matcher.find()) {
String matchContent = matcher.group(1);
if (!matchContent.isEmpty()) {
matcher = createPatternMatcher(s_regex, matchContent, sensitive);
matches.addAll(getFormatString(matcher, format));
}
}
}
return matches;
}
private List<String> extractMatches(String s_regex, AutomatonMatcher autoMatcher, String content) {
List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) {
matches.addAll(getFormatString(autoMatcher, content));
} else {
while (autoMatcher.find()) {
String s = autoMatcher.group();
if (!s.isEmpty()) {
autoMatcher = createAutomatonMatcher(s_regex, getSubString(content, s));
matches.addAll(getFormatString(autoMatcher, content));
}
}
}
return matches;
}
private List<String> getFormatString(Matcher matcher, String format) {
List<Integer> indexList = parseIndexesFromString(format);
List<String> stringList = new ArrayList<>();
while (matcher.find()) {
if (!matcher.group(1).isEmpty()) {
Object[] params = indexList.stream().map(i -> {
if (!matcher.group(i+1).isEmpty()) {
return matcher.group(i+1);
}
return "";
}).toArray();
stringList.add(MessageFormat.format(reorderIndex(format), params));
}
}
return stringList;
}
private List<String> getFormatString(AutomatonMatcher matcher, String content) {
List<String> stringList = new ArrayList<>();
while (matcher.find()) {
String s = matcher.group(0);
if (!s.isEmpty()) {
stringList.add(getSubString(content, s));
}
}
return stringList;
}
private Matcher createPatternMatcher(String regex, String content, boolean sensitive) {
Pattern pattern = (sensitive) ? new Pattern(regex) : new Pattern(regex, Pattern.IGNORE_CASE);
return pattern.matcher(content);
}
private AutomatonMatcher createAutomatonMatcher(String regex, String content) {
RegExp regexp = new RegExp(regex);
Automaton auto = regexp.toAutomaton();
RunAutomaton runAuto = new RunAutomaton(auto, true);
return runAuto.newMatcher(content);
}
private LinkedList<Integer> parseIndexesFromString(String input) {
LinkedList<Integer> indexes = new LinkedList<>();
Pattern pattern = new Pattern("\\{(\\d+)}");
Matcher matcher = pattern.matcher(input);
while (matcher.find()) {
String index = matcher.group(1);
if (!index.isEmpty()) {
indexes.add(Integer.valueOf(index));
}
}
return indexes;
}
private String getSubString(String content, String s) {
byte[] contentByte = api.utilities().byteUtils().convertFromString(content);
byte[] sByte = api.utilities().byteUtils().convertFromString(s);
int startIndex = api.utilities().byteUtils().indexOf(contentByte, sByte, false, 1, contentByte.length);
int endIndex = startIndex + s.length();
return content.substring(startIndex, endIndex);
}
private String reorderIndex(String format) {
Pattern pattern = new Pattern("\\{(\\d+)}");
Matcher matcher = pattern.matcher(format);
int count = 0;
while (matcher.find()) {
String newStr = String.format("{%s}", count);
String matchStr = matcher.group(0);
format = format.replace(matchStr, newStr);
count++;
}
return format;
}
}

47
src/main/java/hae/instances/websocket/WebSocketMessageHandler.java Normal file
View File

@@ -0,0 +1,47 @@
package hae.instances.websocket;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.HighlightColor;
import burp.api.montoya.proxy.websocket.*;
import hae.instances.http.utils.MessageProcessor;
import java.util.List;
import java.util.Map;
public class WebSocketMessageHandler implements ProxyMessageHandler {
private final MontoyaApi api;
private final MessageProcessor messageProcessor;
public WebSocketMessageHandler(MontoyaApi api) {
this.api = api;
this.messageProcessor = new MessageProcessor(api);
}
@Override
public TextMessageReceivedAction handleTextMessageReceived(InterceptedTextMessage interceptedTextMessage) {
String message = interceptedTextMessage.payload();
List<Map<String, String>> result = messageProcessor.processMessage("", message, true);
if (result != null && !result.isEmpty() && result.size() > 0) {
interceptedTextMessage.annotations().setHighlightColor(HighlightColor.highlightColor(result.get(0).get("color")));
interceptedTextMessage.annotations().setNotes(result.get(1).get("comment"));
}
return TextMessageReceivedAction.continueWith(interceptedTextMessage);
}
@Override
public TextMessageToBeSentAction handleTextMessageToBeSent(InterceptedTextMessage interceptedTextMessage) {
return TextMessageToBeSentAction.continueWith(interceptedTextMessage);
}
@Override
public BinaryMessageReceivedAction handleBinaryMessageReceived(InterceptedBinaryMessage interceptedBinaryMessage) {
return BinaryMessageReceivedAction.continueWith(interceptedBinaryMessage);
}
@Override
public BinaryMessageToBeSentAction handleBinaryMessageToBeSent(InterceptedBinaryMessage interceptedBinaryMessage) {
return BinaryMessageToBeSentAction.continueWith(interceptedBinaryMessage);
}
}

195
src/main/java/hae/utils/config/ConfigLoader.java Normal file
View File

@@ -0,0 +1,195 @@
package hae.utils.config;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.ArrayList;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import hae.Config;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.representer.Representer;
public class ConfigLoader {
private final MontoyaApi api;
private final Yaml yaml;
private final String configFilePath;
private final String rulesFilePath;
public ConfigLoader(MontoyaApi api) {
this.api = api;
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer(dop);
this.yaml = new Yaml(representer, dop);
String configPath = determineConfigPath();
this.configFilePath = String.format("%s/%s", configPath, "Config.yml");
this.rulesFilePath = String.format("%s/%s", configPath, "Rules.yml");
// 构造函数,初始化配置
File HaEConfigPathFile = new File(configPath);
if (!(HaEConfigPathFile.exists() && HaEConfigPathFile.isDirectory())) {
HaEConfigPathFile.mkdirs();
}
File configFilePath = new File(this.configFilePath);
if (!(configFilePath.exists() && configFilePath.isFile())) {
initConfig();
}
File rulesFilePath = new File(this.rulesFilePath);
if (!(rulesFilePath.exists() && rulesFilePath.isFile())) {
initRules();
}
Config.globalRules = getRules();
}
private String determineConfigPath() {
// 优先级1用户根目录
String userConfigPath = String.format("%s/.config/HaE", System.getProperty("user.home"));
if (isValidConfigPath(userConfigPath)) {
return userConfigPath;
}
// 优先级2Jar包所在目录
String jarPath = api.extension().filename();
String jarDirectory = new File(jarPath).getParent();
String jarConfigPath = String.format("%s/.config/HaE", jarDirectory);
if (isValidConfigPath(jarConfigPath)) {
return jarConfigPath;
}
return userConfigPath;
}
private static boolean isValidConfigPath(String configPath) {
File configPathFile = new File(configPath);
return configPathFile.exists() && configPathFile.isDirectory();
}
public void initConfig() {
Map<String, Object> r = new LinkedHashMap<>();
r.put("excludeSuffix", getExcludeSuffix());
try {
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws);
ws.close();
} catch (Exception ignored) {
}
}
public String getRulesFilePath() {
return rulesFilePath;
}
public String getExcludeSuffix() {
File yamlSetting = new File(configFilePath);
if (!yamlSetting.exists() || !yamlSetting.isFile()) {
return Config.suffix;
}
try (InputStream inorder = Files.newInputStream(Paths.get(configFilePath))) {
Map<String, Object> r = new Yaml().load(inorder);
if (r.containsKey("excludeSuffix")) {
return r.get("excludeSuffix").toString();
}
}catch (Exception ignored) {
}
return Config.suffix;
}
// 获取规则配置
public Map<String, Object[][]> getRules() {
Map<String, Object[][]> rules = new HashMap<>();
try {
InputStream inputStream = Files.newInputStream(Paths.get(getRulesFilePath()));
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer(dop);
Map<String, Object> rulesMap = new Yaml(representer, dop).load(inputStream);
String[] fieldKeys = {"loaded", "name", "f_regex", "s_regex", "format", "color", "scope", "engine", "sensitive"};
Object rulesObj = rulesMap.get("rules");
if (rulesObj instanceof List) {
List<Map<String, Object>> groupData = (List<Map<String, Object>>) rulesObj;
for (Map<String, Object> groupFields : groupData) {
ArrayList<Object[]> data = new ArrayList<>();
Object ruleObj = groupFields.get("rule");
if (ruleObj instanceof List) {
List<Map<String, Object>> ruleData = (List<Map<String, Object>>) ruleObj;
for (Map<String, Object> ruleFields : ruleData) {
Object[] valuesArray = new Object[fieldKeys.length];
for (int i = 0; i < fieldKeys.length; i++) {
valuesArray[i] = ruleFields.get(fieldKeys[i]);
}
data.add(valuesArray);
}
}
Object[][] dataArray = data.toArray(new Object[data.size()][]);
rules.put(groupFields.get("group").toString(), dataArray);
}
}
return rules;
} catch (Exception ignored){
}
return rules;
}
public void setExcludeSuffix(String excludeSuffix) {
Map<String,Object> r = new LinkedHashMap<>();
r.put("excludeSuffix", excludeSuffix);
try{
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws);
ws.close();
} catch (Exception ignored) {
}
}
public void initRules() {
Thread t = new Thread() {
public void run() {
pullRules();
}
};
t.start();
try {
t.join(10000);
} catch (Exception ignored) {
}
}
private void pullRules() {
try {
String url = "https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml";
HttpRequest httpRequest = HttpRequest.httpRequestFromUrl(url);
HttpRequestResponse requestResponse = api.http().sendRequest(httpRequest);
String responseBody = requestResponse.response().bodyToString();
if (responseBody.contains("rules")) {
FileOutputStream fileOutputStream = new FileOutputStream(rulesFilePath);
fileOutputStream.write(responseBody.getBytes());
fileOutputStream.close();
}
} catch (Exception ignored) {
api.extension().unload();
}
}
}

109
src/main/java/hae/utils/rule/RuleProcessor.java Normal file
View File

@@ -0,0 +1,109 @@
package hae.utils.rule;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import hae.utils.rule.model.Group;
import hae.utils.rule.model.Info;
import hae.utils.config.ConfigLoader;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.representer.Representer;
import java.io.File;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.util.*;
import java.util.stream.Collectors;
public class RuleProcessor {
private final MontoyaApi api;
private final ConfigLoader configLoader;
public RuleProcessor(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
}
public void rulesFormatAndSave() {
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer(dop);
Yaml yaml = new Yaml(representer, dop);
List<Group> ruleGroupList = new ArrayList<>();
Config.globalRules.forEach((k, v) -> {
List<Info> ruleList = Arrays.stream(v)
.map(objects -> new Info(
(boolean) objects[0],
(String) objects[1],
(String) objects[2],
(String) objects[3],
(String) objects[4],
(String) objects[5],
(String) objects[6],
(String) objects[7],
(boolean) objects[8]))
.collect(Collectors.toList());
ruleGroupList.add(new Group(k, ruleList));
});
List<Map<String, Object>> outputGroupsMap = ruleGroupList.stream()
.map(Group::getFields)
.collect(Collectors.toList());
Map<String, Object> outputMap = new LinkedHashMap<>();
outputMap.put("rules", outputGroupsMap);
File f = new File(configLoader.getRulesFilePath());
try (Writer ws = new OutputStreamWriter(Files.newOutputStream(f.toPath()), StandardCharsets.UTF_8)) {
yaml.dump(outputMap, ws);
} catch (Exception ignored) {
}
}
public void changeRule(Vector data, int select, String type) {
Config.globalRules.get(type)[select] = data.toArray();
this.rulesFormatAndSave();
}
public void addRule(Vector data, String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.globalRules.get(type)));
x.add(data.toArray());
Config.globalRules.put(type,x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void removeRule(int select,String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.globalRules.get(type)));
x.remove(select);
Config.globalRules.put(type,x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void renameRuleGroup(String oldName, String newName) {
Config.globalRules.put(newName, Config.globalRules.remove(oldName));
this.rulesFormatAndSave();
}
public void deleteRuleGroup(String Rules) {
Config.globalRules.remove(Rules);
this.rulesFormatAndSave();
}
public String newRule() {
int i = 0;
String name = "New ";
while (Config.globalRules.containsKey(name + i)) {
i++;
}
Config.globalRules.put(name + i, Config.ruleTemplate);
this.rulesFormatAndSave();
return name + i;
}
}

29
src/main/java/hae/utils/rule/model/Group.java Normal file
View File

@@ -0,0 +1,29 @@
package hae.utils.rule.model;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
public class Group {
private Map<String, Object> fields;
public Group(String groupName, List<Info> rules) {
List<Map<String, Object>> ruleList = new ArrayList<>();
for (Info rule : rules) {
ruleList.add(rule.getFields());
}
fields = new LinkedHashMap<>();
fields.put("group", groupName);
fields.put("rule", ruleList);
}
public Map<String, Object> getFields() {
return fields;
}
public void loadFields(Map<String, Object> fields) {
this.fields = fields;
}
}

29
src/main/java/hae/utils/rule/model/Info.java Normal file
View File

@@ -0,0 +1,29 @@
package hae.utils.rule.model;
import java.util.LinkedHashMap;
import java.util.Map;
public class Info {
private Map<String, Object> fields;
public Info(boolean loaded, String name, String f_regex, String s_regex, String format, String color, String scope, String engine, boolean sensitive) {
fields = new LinkedHashMap<>();
fields.put("name", name);
fields.put("loaded", loaded);
fields.put("f_regex", f_regex);
fields.put("s_regex", s_regex);
fields.put("format", format);
fields.put("color", color);
fields.put("scope", scope);
fields.put("engine", engine);
fields.put("sensitive", sensitive);
}
public Map<String, Object> getFields() {
return fields;
}
public void loadFields(Map<String, Object> fields) {
this.fields = fields;
}
}

28
src/main/java/hae/utils/string/HashCalculator.java Normal file
View File

@@ -0,0 +1,28 @@
package hae.utils.string;
import java.security.MessageDigest;
public class HashCalculator {
public static String calculateHash(byte[] bytes){
MessageDigest digest;
try {
digest = MessageDigest.getInstance("MD5");
byte[] hashBytes = digest.digest(bytes);
return bytesToHex(hashBytes);
} catch (Exception ignored) {
return "";
}
}
private static String bytesToHex(byte[] bytes) {
StringBuilder hexString = new StringBuilder();
for (byte b : bytes) {
String hex = Integer.toHexString(0xff & b);
if (hex.length() == 1) {
hexString.append('0');
}
hexString.append(hex);
}
return hexString.toString();
}
}

91
src/main/java/hae/utils/string/StringProcessor.java Normal file
View File

@@ -0,0 +1,91 @@
package hae.utils.string;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
public class StringProcessor {
public static String replaceFirstOccurrence(String original, String find, String replace) {
int index = original.indexOf(find);
if (index != -1) {
return original.substring(0, index) + replace + original.substring(index + find.length());
}
return original;
}
public static boolean matchFromEnd(String input, String pattern) {
int inputLength = input.length();
int patternLength = pattern.length();
int inputIndex = inputLength - 1;
int patternIndex = patternLength - 1;
while (inputIndex >= 0 && patternIndex >= 0) {
if (input.charAt(inputIndex) != pattern.charAt(patternIndex)) {
return false;
}
inputIndex--;
patternIndex--;
}
// 如果patternIndex为-1表示pattern字符串已经完全匹配
return patternIndex == -1;
}
public static String mergeComment(String comment) {
if (!comment.contains(",")) {
return comment;
}
Map<String, Integer> itemCounts = getStringIntegerMap(comment);
StringBuilder mergedItems = new StringBuilder();
for (Map.Entry<String, Integer> entry : itemCounts.entrySet()) {
String itemName = entry.getKey();
int count = entry.getValue();
if (count != 0) {
mergedItems.append(itemName).append(" (").append(count).append("), ");
}
}
return mergedItems.substring(0, mergedItems.length() - 2);
}
public static String getHostByUrl(String url) {
String host = "";
try {
URL u = new URL(url);
int port = u.getPort();
if (port == -1) {
host = u.getHost();
} else {
host = String.format("%s:%s", u.getHost(), port);
}
} catch (Exception ignored) {
}
return host;
}
private static Map<String, Integer> getStringIntegerMap(String comment) {
Map<String, Integer> itemCounts = new HashMap<>();
String[] items = comment.split(", ");
for (String item : items) {
if (item.contains("(") && item.contains(")")) {
int openParenIndex = item.lastIndexOf("(");
int closeParenIndex = item.lastIndexOf(")");
String itemName = item.substring(0, openParenIndex).trim();
int count = Integer.parseInt(item.substring(openParenIndex + 1, closeParenIndex).trim());
itemCounts.put(itemName, itemCounts.getOrDefault(itemName, 0) + count);
} else {
itemCounts.put(item, 0);
}
}
return itemCounts;
}
}

BIN
src/main/resources/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

BIN
src/main/resources/logo_black.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.8 KiB