admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:2.5
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
...
compare: admin:file
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

159 Commits
2.5 ... file

Author SHA1 Message Date
gh0stkey
980999a2f0 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-10-30 10:33:51 +08:00
EvilChen
1236b9579e Update README_CN.md 2025-10-14 13:35:17 +08:00
EvilChen
d561b6815d Update README.md 2025-10-14 13:34:59 +08:00
gh0stkey
97d20bb7f5 Version: 4.3.1 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-09-22 16:02:06 +08:00
EvilChen
74fa78db5e Update README_CN.md 2025-09-18 19:41:45 +08:00
EvilChen
230cad7f91 Update README.md 2025-09-18 19:41:30 +08:00
chen
1957599b07 Update 2025-08-14 19:15:06 +08:00
gh0stkey
5f26db2a9e Version: 4.3 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-07-29 15:32:10 +08:00
gh0stkey
692e26044c Update 2025-07-29 13:00:20 +08:00
gh0stkey
b597a9e6d9 Version: 4.3 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-07-29 12:04:21 +08:00
gh0stkey
fca804cb7c Update 2025-07-07 20:29:48 +08:00
gh0stkey
3cbf0591c6 Update 2025-07-07 20:25:49 +08:00
gh0stkey
186430bb35 Update 2025-07-07 20:25:14 +08:00
gh0stkey
56c7973261 Update 2025-07-07 20:18:27 +08:00
gh0stkey
d71965ce10 Version: 4.2.1 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-05-08 11:29:09 +08:00
EvilChen
1ffe94e78d Update README_CN.md 2025-05-08 11:06:27 +08:00
EvilChen
3859f81b2a Update README.md 2025-05-08 11:06:05 +08:00
EvilChen
20ae5bc811 Update README.md 2025-05-08 10:45:58 +08:00
EvilChen
b7734ca710 Update README.md 2025-05-08 10:33:49 +08:00
gh0stkey
d75991043e Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-05-06 12:27:06 +08:00
gh0stkey
95e1cb4dc1 Version: 4.2 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-05-06 11:24:17 +08:00
gh0stkey
baa7270f46 Update 2025-04-25 16:17:59 +08:00
gh0stkey
0b1d502f79 Update 2025-04-25 15:50:24 +08:00
gh0stkey
8c7ac8f47d Update 2025-04-25 15:49:03 +08:00
gh0stkey
ec4a10753f Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-04-14 11:54:39 +08:00
gh0stkey
ed698b9861 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-04-03 11:26:02 +08:00
gh0stkey
c81094eb30 Version: 4.1.2 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-04-02 10:36:21 +08:00
gh0stkey
3608c3dca8 Version: 4.1.1 Update 2025-03-25 11:47:27 +08:00
gh0stkey
124e4c14fd Version: 4.1.1 Update 2025-03-25 11:44:07 +08:00
gh0stkey
6adf30f25c Version: 4.1 Update 2025-03-21 21:33:07 +08:00
gh0stkey
4fbd241ebe Version: 4.1 Update 2025-03-21 21:23:14 +08:00
gh0stkey
20afa30822 Version: 4.1 Update 2025-03-21 21:22:11 +08:00
EvilChen
1a5ed2a6a3 Update README_CN.md 2025-03-12 18:30:09 +08:00
EvilChen
1bf2b461ba Update README.md 2025-03-12 18:29:56 +08:00
gh0stkey
79e2e58d48 Update 2025-03-12 13:06:46 +08:00
gh0stkey
bf0b7f0016 Update 2025-03-10 14:56:05 +08:00
EvilChen
69c2b59c8c Update README_CN.md 2025-03-05 11:25:48 +08:00
EvilChen
79655def48 Update README.md 2025-03-05 11:24:43 +08:00
gh0stkey
116aec0848 Update 2025-03-05 11:21:25 +08:00
gh0stkey
c5de042b4b Update 2025-02-18 16:59:57 +08:00
gh0stkey
5bc592c6f9 Update 2025-02-18 16:58:58 +08:00
gh0stkey
be2df6472b Update 2025-02-18 16:56:51 +08:00
gh0stkey
4a53f20649 Update 2025-02-17 16:06:25 +08:00
gh0stkey
704e760912 Update 2025-02-12 16:08:29 +08:00
gh0stkey
3ccfee5a02 Update 2025-02-11 19:12:34 +08:00
chen
819ef820f8 Update 2025-02-11 18:54:27 +08:00
chen
0c795af101 Version: 4.0.5 Update 2025-02-11 18:29:55 +08:00
gh0stkey
5977e82ca6 Version: 4.0.4 Update 2025-01-17 17:56:35 +08:00
gh0stkey
452f297f55 Version: 4.0.3 Update 2025-01-10 17:45:59 +08:00
gh0stkey
a06ef8e25e Version: 4.0.2 Update 2025-01-08 13:49:12 +08:00
EvilChen
7e53e250af Merge pull request #235 from 0Chencc/master 
修复了社区版会无法正常使用HaE的问题
 2025-01-08 13:47:38 +08:00
林晨
b686b5e75e 修复了社区版会无法正常使用HaE的问题 
社区版由于Scanner的问题无法使用HaE,加入了一处版本判断。
 2025-01-02 05:50:14 +08:00
gh0stkey
e83a6a1478 Version: 4.0.1 Update 2024-12-31 15:40:05 +08:00
gh0stkey
daacb2e146 Version: 4.0 Update 2024-12-21 15:34:45 +08:00
gh0stkey
1f1ca99f10 Update 2024-12-21 15:19:19 +08:00
gh0stkey
fa35b0a625 Version: 3.4 Update 2024-11-16 19:48:50 +08:00
gh0stkey
8ef98d20a9 Version: 3.4 Update 2024-11-16 18:42:15 +08:00
gh0stkey
e556abb6f7 Version: 3.4 Update 2024-11-16 18:06:49 +08:00
EvilChen
471aab5ea1 Merge pull request #221 from AabyssZG/master 
Update Rules.yml
 2024-10-24 11:48:57 +08:00
曾哥
76b475bd91 Update Rules.yml 2024-10-24 11:40:29 +08:00
gh0stkey
6014089594 Version: 3.3.4 Update 2024-10-14 16:35:20 +08:00
EvilChen
910658f2e0 Update 问题反馈.md 2024-09-23 00:05:40 +08:00
gh0stkey
8692b0a494 Version: 3.3.3 Update 2024-09-19 17:45:47 +08:00
gh0stkey
5419d4a679 Version: 3.3.3 Update 2024-09-19 17:11:55 +08:00
gh0stkey
ae8cb2fd25 Version: 3.3.3 Update 2024-09-19 17:08:46 +08:00
EvilChen
5b6bdbe5b6 Update README.md 2024-08-28 16:19:24 +08:00
EvilChen
ddb08e9a6e Update README.md 2024-08-28 16:18:25 +08:00
EvilChen
6a2f289d57 Update build.gradle 2024-08-26 10:04:57 +08:00
gh0stkey
84746a7089 Version: 3.3.2 Update 2024-08-23 22:03:31 +08:00
gh0stkey
68f0bce619 Version: 3.3.1 Update 2024-08-12 10:41:24 +08:00
gh0stkey
4f0401347c Version: 3.3.1 Update 2024-08-12 10:34:26 +08:00
gh0stkey
a7e0a2a6ce Update 2024-07-31 08:57:17 +08:00
gh0stkey
b7c5a8363d Update 2024-07-31 08:49:53 +08:00
gh0stkey
d7b4419d51 Version: 3.3 Update 2024-07-23 09:22:43 +08:00
gh0stkey
5f54d1f461 Version: 3.3 Update 2024-07-23 09:21:30 +08:00
EvilChen
e4b7f86a0c Update README.md 2024-07-19 00:24:04 +08:00
EvilChen
cc30f41bfa Add files via upload 2024-07-18 23:38:29 +08:00
EvilChen
386c562311 Delete images/config.png 2024-07-18 23:37:12 +08:00
EvilChen
a867039284 Update README.md 2024-07-18 23:36:52 +08:00
gh0stkey
3a8d9eae11 Version: 3.2.2 Update 2024-06-19 22:20:46 +08:00
gh0stkey
e5f55b6c4c Version: 3.2.2 Update 2024-06-19 22:16:57 +08:00
gh0stkey
54973d9f4f Version: 3.2.1 Update 2024-05-30 16:01:25 +08:00
gh0stkey
fb347a8dc6 Version: 3.2.1 Update 2024-05-30 15:56:49 +08:00
gh0stkey
04b6652b03 Version: 3.2.1 Update 2024-05-30 14:42:26 +08:00
gh0stkey
6d4abae898 Version: 3.2.1 Update 2024-05-30 14:37:01 +08:00
gh0stkey
97172fab45 Update 2024-05-26 15:09:12 +08:00
EvilChen
ba3b206acf Update build.gradle 2024-05-24 17:13:31 +08:00
gh0stkey
99ed2cb2fd Version: 3.2 Update 2024-05-24 15:31:07 +08:00
gh0stkey
8a47f61caa Version: 3.2 Update 2024-05-24 15:00:49 +08:00
gh0stkey
ad323ba7a5 Version: 3.1 Update 2024-05-23 12:12:33 +08:00
gh0stkey
332b119064 Version: 3.1 Update 2024-05-23 12:00:13 +08:00
gh0stkey
ead03d42b9 Version: 3.0.2 Update 2024-05-12 19:25:33 +08:00
gh0stkey
4da3d3f42d Version: 3.0.2 Update 2024-05-12 19:02:38 +08:00
EvilChen
3363ca25ed Update issue templates 2024-05-11 09:56:23 +08:00
gh0stkey
496d0d2174 Version: 3.0.1 Update 2024-05-11 09:44:19 +08:00
gh0stkey
f387834c4d Version: 3.0.1 Update 2024-05-09 13:34:38 +08:00
gh0stkey
ca773f368b Version: 3.0.1 Update 2024-05-09 13:32:22 +08:00
gh0stkey
a6cd01300b Version: 3.0 Update 2024-05-07 16:08:46 +08:00
gh0stkey
ba079ab1d8 Version: 3.0 Update 2024-05-06 12:56:56 +08:00
EvilChen
a96dab6615 Update issue templates 2024-05-06 11:36:06 +08:00
gh0stkey
ad1a14b27e Version: 2.6.1 Update 2024-03-22 15:34:53 +08:00
gh0stkey
3a536a52de Version: 2.6 Update 2024-02-02 19:07:03 +08:00
ᴋᴇʏ
ea87c53958 Update issue templates 2024-01-26 20:05:43 +08:00
gh0stkey
e08b930fb5 Version: 2.5.11 Update 2024-01-18 12:07:20 +08:00
gh0stkey
49647d68d0 Version: 2.5.10 Update 2023-12-12 14:54:16 +08:00
gh0stkey
1c63841140 Version: 2.5.10 Update 2023-12-12 14:19:50 +08:00
gh0stkey
105c506039 Version: 2.5.10 Update 2023-12-12 14:19:28 +08:00
gh0stkey
f1941bccd7 Version: 2.5.9 Update 2023-11-28 15:26:25 +08:00
gh0stkey
d38e70523a Version: 2.5.9 Update 2023-11-28 09:11:56 +08:00
gh0stkey
1f7651c114 Version: 2.5.9 Update 2023-11-27 15:09:31 +08:00
gh0stkey
fc9a253d2b Version: 2.5.9 Update 2023-11-27 14:55:28 +08:00
ᴋᴇʏ
4cbcc1bcc4 Update issue templates 2023-11-27 09:11:52 +08:00
gh0stkey
765807de6e Version: 2.5.8 Update 2023-11-16 19:44:27 +08:00
gh0stkey
548315e163 Version: 2.5.8 Update 2023-11-16 19:33:38 +08:00
ᴋᴇʏ
d3ab207825 Update issue templates 2023-11-16 14:31:15 +08:00
ᴋᴇʏ
44260dd4ff Update issue templates 2023-11-16 14:27:15 +08:00
gh0stkey
cf3ac4978f Update README.md 2023-11-15 13:18:50 +08:00
gh0stkey
9c8dad8ac0 Version: 2.5.7 Update 2023-11-13 08:59:53 +08:00
gh0stkey
5cd216e45d Version: 2.5.7 Update 2023-11-13 08:28:44 +08:00
gh0stkey
87c5f713fa Version: 2.5.6 Update 2023-11-07 12:05:55 +08:00
gh0stkey
a0946bb723 Version: 2.5.6 Update 2023-11-07 11:32:44 +08:00
gh0stkey
bcb5177b54 Version: 2.5.6 Update 2023-11-07 11:15:20 +08:00
gh0stkey
0225c00f69 Version: 2.5.5 Update 2023-10-26 14:17:56 +08:00
gh0stkey
eafae602b8 Version: 2.5.4.1 2023-10-25 16:02:07 +08:00
gh0stkey
e56d8eb5d5 Version: 2.5.4 Update 2023-10-24 17:54:44 +08:00
gh0stkey
681cce0644 Version: 2.5.4 Update 2023-10-24 17:51:21 +08:00
gh0stkey
d43809e25f Version: 2.5.3 Update 2023-10-23 21:59:08 +08:00
gh0stkey
567dea6c60 Version: 2.5.3 Update 2023-10-23 21:51:12 +08:00
ᴋᴇʏ
8c388510c5 Version: 2.5.2 Update 2023-10-19 22:57:40 +08:00
ᴋᴇʏ
e22596819b Version: 2.5.2 Update 2023-10-19 22:46:11 +08:00
ᴋᴇʏ
d2cd7a0d03 Version: 2.5.2 Update 2023-10-19 22:45:44 +08:00
ᴋᴇʏ
67afe1f650 Version: 2.5.2 Update 2023-10-19 22:44:34 +08:00
ᴋᴇʏ
0602346249 Version: 2.5.2 Update 2023-10-19 22:43:29 +08:00
ᴋᴇʏ
953b966961 Version: 2.5.2 Update 2023-10-19 22:42:54 +08:00
ᴋᴇʏ
4c23d62576 Version: 2.5.2 Update 2023-10-19 22:41:50 +08:00
ᴋᴇʏ
6e9b8c8f37 Version: 2.5.2 Update 2023-10-19 22:41:14 +08:00
ᴋᴇʏ
ed58d891d5 Version: 2.5.2 Update 2023-10-19 22:40:06 +08:00
ᴋᴇʏ
33f5cab037 Version: 2.5.2 Update 2023-10-19 22:38:50 +08:00
ᴋᴇʏ
8b79c71df9 Version: 2.5.1 Update 2023-10-18 17:28:07 +08:00
ᴋᴇʏ
9ea0e4be9c Version: 2.5.1 Update 2023-10-18 17:08:09 +08:00
ᴋᴇʏ
41f197bcb2 Version: 2.5.1 Update 2023-10-18 15:17:45 +08:00
ᴋᴇʏ
31e419aed2 Version: 2.5.1 Update 2023-10-18 15:14:48 +08:00
ᴋᴇʏ
cf90a9366a Version: 2.5.1 Update 2023-10-18 15:14:33 +08:00
ᴋᴇʏ
6546446e4f Add files via upload 2023-10-18 00:51:20 +08:00
ᴋᴇʏ
6c4073c8ee Version: 2.5.1 Update 2023-10-18 00:51:01 +08:00
ᴋᴇʏ
1e1d51921d Version: 2.5.1 Update 2023-10-18 00:50:05 +08:00
ᴋᴇʏ
9135b8cbd2 Add files via upload 2023-10-18 00:49:02 +08:00
ᴋᴇʏ
cc7956d8dc Version: 2.5.1 Update 2023-10-18 00:48:12 +08:00
ᴋᴇʏ
405efdd5da Version: 2.5.1 Update 2023-10-18 00:47:41 +08:00
ᴋᴇʏ
0bb425f00b Version: 2.5.1 Update 2023-10-18 00:47:34 +08:00
ᴋᴇʏ
0bdff6fe28 Version: 2.5.1 Update 2023-10-18 00:46:21 +08:00
ᴋᴇʏ
6bd153d16a Version: 2.5.1 Update 2023-10-18 00:45:22 +08:00
ᴋᴇʏ
b12f9355fa Version: 2.5.1 Update 2023-10-18 00:44:50 +08:00
ᴋᴇʏ
fa9dcfc3d2 Version: 2.5.1 Update 2023-10-18 00:43:39 +08:00
ᴋᴇʏ
2e23388925 Version: 2.5.1 Update 2023-10-18 00:42:46 +08:00
ᴋᴇʏ
06fd54c9ce Delete BurpExtender.java 2023-10-18 00:42:22 +08:00
ᴋᴇʏ
0707a773c8 Version: 2.5.1 Update 2023-10-18 00:41:51 +08:00
ᴋᴇʏ
d0f49f8e6c Version: 2.5.1 Update 2023-10-18 00:40:37 +08:00
gh0stkey
5404c90c00 Update 2023-10-12 21:51:49 +08:00
59 changed files with 5386 additions and 2560 deletions
Expand all files Collapse all files

30
.github/ISSUE_TEMPLATE/问题反馈.md vendored Normal file
View File

@@ -0,0 +1,30 @@
---
name: 问题反馈
about: 尽可能详细的描述问题并反馈
title: "[BUG] 问题标题"
labels: bug
assignees: ''
---
## 使用环境
```
HaE 版本:
有无自定义规则:
BurpSuite 版本:
操作系统版本:
是否阅读README
是否知晓注意事项:
是否查阅历史ISSUE
```
## 问题详情
问题描述:
出现的场景:
## 解决建议
无。

133
README.md
View File

@@ -1,58 +1,119 @@
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://gh0st.cn/HaE/">赋能白帽,高效作战!</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a>(中孚信息元亨实验室), 第二作者: <a href="https://github.com/0chencc">0chencc</a>米斯特安全团队</h5>
<h4><a href="https://github.com/gh0stkey/HaE">Empower ethical hacker for efficient operations.</a></h4>
<h5>First Author: <a href="https://github.com/gh0stkey">EvilChen</a><br>Second Author: <a href="https://github.com/0chencc">0chencc</a>Mystery Security Team<br>Third Author: <a href="https://github.com/vaycore">vaycore</a>Independent Security Researcher</h5>
</div>
## 项目介绍
README Version: \[[English](README.md) | [简体中文](README_CN.md)\]
**HaE**是一个基于`BurpSuite Java插件API`开发的辅助型框架式插件旨在实现对HTTP消息的高亮标记和信息提取。该插件通过自定义正则表达式匹配响应报文或请求报文并对匹配成功的报文进行标记和提取。
## Project Introduction
随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
**HaE** is a framework-style project in the field of **cybersecurity (data security)**, adopting a **Lego brick-style** modular design philosophy to achieve fine-grained tagging and extraction of HTTP messages (including WebSocket).
**注**: 要想灵活的使用`HaE`,你需要掌握正则表达式阅读、编写、修改能力;由于`Java`正则表达式的库并没有`Python`的优雅或方便所以HaE要求使用者必须用`()`将所需提取的表达式内容包含;例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`,如果你要提取这段内容的话就需要变成`(rememberMe=delete)`
By utilizing **multi-engine** customized regular expressions, HaE can accurately match and process HTTP requests and response messages (including WebSocket), effectively tagging and extracting information from successfully matched content. This enhances the **efficiency of vulnerability and data analysis** in the field of cybersecurity (data security).
## 使用方法
> With the adoption of front-end and back-end separation development models in modern web applications, the amount of captured HTTP request traffic during routine vulnerability discovery has correspondingly increased. Fully assessing a web application often requires spending considerable time on irrelevant messages. **The emergence of HaE aims to address such situations**, by using HaE, you can **effectively reduce** testing time, focusing more effort on **valuable and meaningful** messages, thus **improving the efficiency of vulnerability discovery**.
插件装载: `Extender - Extensions - Add - Select File - Next`
GitHub project address: https://github.com/gh0stkey/HaE
初次装载`HaE`会自动获取官方规则库`https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml`,配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下:
GitCode project address: https://gitcode.com/gh0stkey/HaE
1. Linux/Mac用户的配置文件目录`~/.config/HaE/`
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
**Awards and Recognitions**:
## 优势特点
1. [Selected for the 2022 KCon Arsenal](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
2. [Recognized as a GitCode G-Star Project](https://gitcode.com/gh0stkey/HaE)
1. 精细配置:高度自由的配置选项,以满足各类精细化场景需求。
2. 分类标签:使用标签对规则进行分类,便于管理和组织规则。
3. 高亮标记在HTTP History页面通过颜色高亮和注释判断请求的价值。
4. 易读配置使用易读的YAML格式存储配置文件方便阅读和修改。
5. 数据集合:将匹配到的数据、请求和响应集中在数据面板中,提高测试和梳理效率。
6. 简洁可视清晰可视的界面设计更轻松地了解和配置HaE操作简单、使用便捷。
7. 颜色升级:内置颜色升级算法,避免“屠龙者终成恶龙”场景,突出最具价值的请求。
8. 实战规则:官方规则库是基于实战化场景总结输出,提升数据发现的有效性、精准性。
**Notes and Precautions**:
| 界面名称 | 界面展示 |
1. Starting with HaE version 3.0, development is done using the `Montoya API`. To use the new version of HaE, you need to upgrade your BurpSuite version (>=2023.12.1).
2. Custom HaE rules must enclose the expressions to be extracted within parentheses `()`. For example, if you want to match a response message from a **Shiro application**, the normal matching rule would be `rememberMe=delete`, but in HaE's rule format, it needs to be written as `(rememberMe=delete)`.
## Usage
**Plugin Installation**: `Extender - Extensions - Add - Select File - Next`
When you load `HaE` for the first time, it will load the offline rule database from the Jar package. If you need to update the rules, click `Reinit` to reinitialize. The address of the built-in rule database can be found on GitHub:
`https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml`
The configuration file (`Config.yml`) and rule file (`Rules.yml`) are stored in a fixed directory:
1. For Linux/Mac users: `~/.config/HaE/`
2. For Windows users: `%USERPROFILE%/.config/HaE/`
Alternatively, you can also place the configuration files in the `/.config/HaE/` directory under the same folder as the `HaE Jar package`, **for easier offline portability**.
### Rule Definitions
Currently, HaE rules consist of 8 fields, with detailed meanings as follows:
| Field | Meaning |
| --------- | ------------------------------------------------------------ |
| Name | Rule name, primarily used to briefly summarize the purpose of the current rule. |
| F-Regex | Rule regex, mainly used for entering regular expressions. In HaE, any content that needs to be extracted and matched should be enclosed within `(` and `)`. |
| S-Regex | Rule regex, with the same usage as F-Regex. S-Regex is a secondary regex, which can be used for further matching and extraction from the data results matched by F-Regex. Can be left empty if not needed. |
| Format | Formatted output; in NFA engine regular expressions, we can use `{0}`, `{1}`, `{2}`... to format and output captured groups. By default, using `{0}` is sufficient. |
| Scope | Rule scope, indicating which part of the HTTP message the current rule applies to. Supports request/response lines, headers, bodies, and complete messages. |
| Engine | Regex engine, indicating which engine the current rule's regular expression uses. **DFA engine**: scans each character in the text string only once, fast speed, fewer features; **NFA engine**: repeatedly marks and unmarks characters, slower but richer features (e.g., grouping, replacement, splitting). |
| Color | Match color, indicating the highlight color to mark when the current rule matches the corresponding HTTP message. HaE has a color upgrade algorithm that automatically upgrades the marking color when the same color appears. |
| Sensitive | Case sensitivity, indicating whether the current rule is case-sensitive. If sensitive (`True`), it strictly matches the case; if insensitive (`False`), it does not consider case differences. |
## Key Features and Advantages
1. **Functionality**: By highlighting, annotating, and extracting information from HTTP messages, it helps users obtain meaningful insights, **focusing on high-value messages**.
2. **Interface**: With a clear and visually intuitive design, and **simple interface interactions**, users can more easily understand and configure the project, **avoiding the complexity of a `multitude of buttons`**.
3. **Query**: Highlights, annotations, and extracted information from HTTP messages are **centralized in a single data panel**, allowing for one-click queries and extraction of information, thereby improving testing and analysis efficiency.
4. **Algorithm**: Built-in color upgrade algorithm automatically upgrades the marking color by one level when the same color appears, **preventing the scenario where `the dragon slayer becomes the dragon`**.
5. **Management**: **Integrated with BurpSuite's project data management**, HaE data is stored along with BurpSuite project data when saving projects.
6. **Practical Application**: The official rule library and rule field functionalities are **summarized and output based on real-world scenarios**, **thereby enhancing the effectiveness and accuracy of data discovery**.
| Name | Display |
| ------------------------ | ---------------------------------------------------- |
| Rules(规则信息管理) | <img src="images/rules.png" style="width: 80%" /> |
| Config(配置信息管理) | <img src="images/config.png" style="width: 80%" /> |
| Databoard(数据集合面板) | <img src="images/databoard.png" style="width: 80%" /> |
| Rules | <img src="images/rules.png" style="width: 80%" /> |
| Config | <img src="images/config.png" style="width: 80%" /> |
| Databoard | <img src="images/databoard.png" style="width: 80%" /> |
| MarkInfo | <img src="images/markinfo.png" style="width: 80%" /> |
## 实际使用
## Appreciation List
使用 RGPerson 生成测试数据,放入网站根目录文件中:
We appreciate everyone's support for the project. The following list is sorted based on the time of appreciation and is not in any particular order. If there are any omissions, please contact the project author for additions.
![-w467](images/rgperson.jpg)
| ID | Amount |
| -------- | -------- |
| 毁三观大人 | 200.00 CNY |
| ttt | 50.00 CNY |
| C_soon5 | 66.66 CNY |
| 1wtbb | 25.00 CNY |
| Deep | 66.66 CNY |
| NaTsUk0 | 50.00 CNY |
| Kite | 48.00 CNY |
| 红色键盘 | 99.99 CNY |
| 曾哥 | 188.88 CNY |
| 祝祝 | 488.00 CNY |
| NOP Team | 200.00 CNY |
| vaycore | 188.88 CNY |
| xccc | 168.00 CNY |
| 柯林斯-民间新秀 | 3288.8 CNY |
| Cuber | 100.00 CNY |
| 时光难逆 | 50.00 CNY |
| Celvin | 150.88 CNY |
| 呱呱 | 18.80 CNY |
| 红炉点雪 | 50.00 CNY |
| 王傑 | 100.00 CNY |
| 联系不到我请拨打我手机号码 | 200.00 CNY |
| Shu2e | 59.90 CNY |
| 亦 | 50.00 CNY |
| 是果实菌啊 | 38.88 CNY |
| caytez | 77.77 CNY |
| Sn0w33 | 18.88 CNY |
| Edwater | 18.88 CNY |
| 云中鹤 | 18.88 CNY |
| Twit | 18.88 CNY |
| cshu | 18.88 CNY |
| Fzz2 | 50.00 CNY |
访问该地址,在`Proxy - HTTP History`中可以看见高亮请求,响应标签页中含有`MarkInfo`标签,其中将匹配到的信息提取了出来。
## Support the Project
![-w1047](images/markinfo.png)
## 文末随笔
正义感是一个不可丢失的东西。
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
If you find HaE useful, you can show your appreciation by donating to the author, giving them the motivation to continue updating and improving it!
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
@@ -62,6 +123,6 @@
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
`HaE` 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
`HaE` is part of the 404Team's [Starlink Plan 2.0](https://github.com/knownsec/404StarLink2.0-Galaxy). If you have any questions about `HaE` or want to connect with other users, you can refer to the group joining methods provided by the Starlink Plan.
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

128
README_CN.md Normal file
View File

@@ -0,0 +1,128 @@
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://github.com/gh0stkey/HaE">赋能白帽,高效作战!</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a><br>第二作者: <a href="https://github.com/0chencc">0chencc</a>(米斯特安全团队)<br>第三作者: <a href="https://github.com/vaycore">vaycore</a>(独立安全研究员)</h5>
</div>
README 版本: \[[English](README.md) | [简体中文](README_CN.md)\]
## 项目介绍
**HaE**是一款**网络安全(数据安全)领域**下的框架式项目,采用了**乐高积木式**模块化设计理念实现对HTTP消息包含WebSocket精细化的标记和提取。
通过运用**多引擎**的自定义正则表达式HaE能够准确匹配并处理HTTP请求与响应报文包含WebSocket对匹配成功的内容进行有效的标记和信息抽取从而提升网络安全数据安全领域下的**漏洞和数据分析效率**。
> 随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
GitHub项目地址https://github.com/gh0stkey/HaE
GitCode项目地址https://gitcode.com/gh0stkey/HaE
**所获荣誉**:
1. [入选2022年KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
2. [入选GitCode G-Star项目](https://gitcode.com/gh0stkey/HaE)
**注意事项**:
1. HaE 3.0版本开始采用`Montoya API`进行开发使用新版HaE需要升级你的BurpSuite版本>=2023.12.1)。
2. 自定义HaE规则必须用左右括号`()`将所需提取的表达式内容包含,例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`在HaE的规则中就需要变成`(rememberMe=delete)`
## 使用方法
插件装载: `Extender - Extensions - Add - Select File - Next`
初次装载`HaE`会从Jar包中加载离线的规则库如果更新可以点击`Reinit`进行重新初始化。内置规则库地址可以在Github上找到`https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml`
配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下:
1. Linux/Mac用户的配置文件目录`~/.config/HaE/`
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
除此之外,您也可以选择将配置文件存放在`HaE Jar包`的同级目录下的`/.config/HaE/`中,**以便于离线携带**。
### 规则释义
HaE目前的规则一共有8个字段详细的含义如下所示
| 字段 | 含义 |
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Name | 规则名称,主要用于简短概括当前规则的作用。 |
| F-Regex | 规则正则主要用于填写正则表达式。在HaE中所需提取匹配的内容需要用`(``)`将正则表达式进行包裹。|
| S-Regex | 规则正则作用及使用同F-Regex。S-Regex为二次正则可以用于对F-Regex匹配的数据结果进行二次的匹配提取如不需要的情况下可以留空。|
| Format | 格式化输出在NFA引擎的正则表达式中我们可以通过`{0}``{1}``{2}`…的方式进行取分组格式化输出。默认情况下使用`{0}`即可。 |
| Scope | 规则作用域主要用于表示当前规则作用于HTTP报文的哪个部分。支持请求、响应的行、头、体以及完整的报文。 |
| Engine | 正则引擎,主要用于表示当前规则的正则表达式所使用的引擎。**DFA引擎**:对于文本串里的每一个字符只需扫描一次,速度快、特性少;**NFA引擎**:要翻来覆去标注字符、取消标注字符,速度慢,但是特性(如:分组、替换、分割)丰富。 |
| Color | 规则匹配颜色主要用于表示当前规则匹配到对应HTTP报文时所需标记的高亮颜色。在HaE中具备颜色升级算法当出现相同颜色时会自动向上升级一个颜色进行标记。 |
| Sensitive | 规则敏感性,主要用于表示当前规则对于大小写字母是否敏感,敏感(`True`)则严格按照大小写要求匹配,不敏感(`False`)则反之。 |
## 优势特点
1. **功能**通过对HTTP报文的颜色高亮、注释和提取帮助使用者获取有意义的信息**聚焦高价值报文**。
2. **界面**:清晰可视的界面设计,以及**简洁的界面交互**,帮助使用者更轻松的了解和配置项目,**避免`多按钮`式的复杂体验**。
3. **查询**将HTTP报文的高亮、注释和提取到的相关信息**集中在一个数据面板**,可以一键查询、提取信息,从而提高测试和梳理效率。
4. **算法**:内置高亮颜色的升级算法,当出现相同颜色时**会自动向上升级一个颜色**进行标记,**避免`屠龙者终成恶龙`场景**。
5. **管理****融入BurpSuite的项目数据管理**当使用BurpSuite进行项目存储时HaE数据也会一并存储。
6. **实战**:官方规则库和规则字段作用功能,都是**基于实战化场景总结输出**的,**以此提高数据的有效性、精准性发现**。
| 界面名称 | 界面展示 |
| ------------------------ | ---------------------------------------------------- |
| Rules规则管理 | <img src="images/rules.png" style="width: 80%" /> |
| Config配置管理 | <img src="images/config.png" style="width: 80%" /> |
| Databoard数据集合 | <img src="images/databoard.png" style="width: 80%" /> |
| MarkInfo数据展示 | <img src="images/markinfo.png" style="width: 80%" /> |
## 赞赏榜单
感谢各位对项目的赞赏,以下名单基于赞赏时间进行排序,不分先后,如有遗留可联系项目作者进行补充。
| ID | Amount |
| -------- | -------- |
| 毁三观大人 | 200.00 元 |
| ttt | 50.00 元 |
| C_soon5 | 66.66 元 |
| 1wtbb | 25.00 元 |
| Deep | 66.66 元 |
| NaTsUk0 | 50.00 元 |
| Kite | 48.00 元 |
| 红色键盘 | 99.99 元 |
| 曾哥 | 188.88 元 |
| 祝祝 | 488.00 元 |
| NOP Team | 200.00 元 |
| vaycore | 188.88 元 |
| xccc | 168.00 元 |
| 柯林斯-民间新秀 | 3288.8 元 |
| Cuber | 100.00 元 |
| 时光难逆 | 50.00 元 |
| Celvin | 150.88 元 |
| 呱呱 | 18.80 元 |
| 红炉点雪 | 50.00 元 |
| 王傑 | 100.00 元 |
| 联系不到我请拨打我手机号码 | 200.00 元 |
| Shu2e | 59.90 元 |
| 亦 | 50.00 元 |
| 是果实菌啊 | 38.88 元 |
| caytez | 77.77 元 |
| Sn0w33 | 18.88 元 |
| Edwater | 18.88 元 |
| 云中鹤 | 18.88 元 |
| Twit | 18.88 元 |
| cshu | 18.88 元 |
| Fzz2 | 50.00 元 |
## 支持项目
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
</div>
## 404StarLink 2.0 - Galaxy
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

33
build.gradle
View File

@@ -2,14 +2,13 @@ plugins {
id 'java'
}
sourceCompatibility = 17
targetCompatibility = 17
repositories {
mavenCentral()
}
compileJava {
options.encoding = "UTF-8"
}
sourceSets {
main {
java {
@@ -18,17 +17,21 @@ sourceSets {
}
}
task fatJar(type: Jar) {
baseName = project.name + '-all'
from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
with jar
dependencies {
implementation 'net.portswigger.burp.extensions:montoya-api:2023.12.1'
implementation 'org.yaml:snakeyaml:2.0'
implementation 'dk.brics.automaton:automaton:1.11-8'
implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
}
dependencies {
compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
compile 'org.jetbrains:annotations:16.0.2'
compile group: 'org.yaml', name: 'snakeyaml', version: '1.28'
compile 'net.sourceforge.jregex:jregex:1.2_01'
compile 'dk.brics.automaton:automaton:1.11-8'
compile 'com.squareup.okhttp:okhttp:2.7.5'
test {
useJUnitPlatform()
}
jar {
duplicatesStrategy = DuplicatesStrategy.EXCLUDE
from {
configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
}
}

BIN
images/config.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 50 KiB

After

Width:  |  Height:  |  Size: 158 KiB

BIN
images/databoard.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 101 KiB

After

Width:  |  Height:  |  Size: 175 KiB

BIN
images/markinfo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 140 KiB

After

Width:  |  Height:  |  Size: 54 KiB

BIN
images/rgperson.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 120 KiB

BIN
images/rules.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 111 KiB

After

Width:  |  Height:  |  Size: 128 KiB

270
src/main/java/burp/BurpExtender.java
View File

@@ -1,270 +0,0 @@
package burp;
import burp.core.processor.ColorProcessor;
import burp.core.processor.MessageProcessor;
import burp.ui.MainUI;
import burp.ui.board.MessagePanel;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Objects;
import javax.swing.*;
import java.awt.*;
import java.nio.charset.StandardCharsets;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
/**
* @author EvilChen & 0chencc
*/
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
private MainUI main;
// stdout变成公开属性便于其他类调用输出调试信息
public static PrintWriter stdout;
private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers;
ColorProcessor colorProcessor = new ColorProcessor();
MessageProcessor messageProcessor = new MessageProcessor();
private MessagePanel messagePanel;
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
BurpExtender.helpers = callbacks.getHelpers();
String version = "2.5";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("[ HACK THE WORLD - TO DO IT ]");
stdout.println("[#] Author: EvilChen & 0chencc");
stdout.println("[#] Github: https://github.com/gh0stkey/HaE");
// UI
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
initialize();
}
});
callbacks.registerHttpListener(BurpExtender.this);
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
}
private void initialize(){
messagePanel = new MessagePanel(callbacks, helpers);
main = new MainUI(messagePanel);
callbacks.customizeUiComponent(main);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
public String getTabCaption(){
return "HaE";
}
@Override
public Component getUiComponent() {
return main;
}
/**
* 使用processHttpMessage用来做Highlighter
*/
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
byte[] content;
if (messageIsRequest) {
content = messageInfo.getRequest();
} else {
content = messageInfo.getResponse();
}
IHttpService iHttpService = null;
try {
iHttpService = messageInfo.getHttpService();
} catch (Exception ignored) {
}
// 获取请求主机信息
assert iHttpService != null;
String host = iHttpService.getHost();
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = null;
try {
result = messageProcessor.processMessage(helpers, content, messageIsRequest, true, host);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
String resComment = "";
String resColor = "";
String originalColor = messageInfo.getHighlight();
String originalComment = messageInfo.getComment();
if (result != null && !result.isEmpty() && result.size() > 0) {
List<String> colorList = new ArrayList<>();
if (originalColor != null) {
colorList.add(originalColor);
}
colorList.add(result.get(0).get("color"));
resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
messageInfo.setHighlight(resColor);
String addComment = String.join(", ", result.get(1).get("comment"));
resComment = !Objects.equals(originalComment, "") ? String.format("%s, %s", originalComment, addComment) : addComment;
messageInfo.setComment(resComment);
}
String endComment = resComment.isEmpty() ? originalComment : resComment;
String endColor = resColor.isEmpty() ? originalColor : resColor;
if (!messageIsRequest && !endComment.isEmpty() && !endColor.isEmpty()) {
messagePanel.add(messageInfo, endComment, String.valueOf(content.length), endColor);
}
}
}
class MarkInfoTab implements IMessageEditorTab {
private final JTabbedPane jTabbedPane = new JTabbedPane();
private JTable jTable = new JTable();
private final IMessageEditorController controller;
private Map<String, String> extractRequestMap;
private Map<String, String> extractResponseMap;
private ArrayList<String> titleList = new ArrayList<>();
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
this.controller = controller;
}
@Override
public String getTabCaption() {
return "MarkInfo";
}
@Override
public Component getUiComponent() {
jTabbedPane.addChangeListener(new ChangeListener() {
@Override
public void stateChanged(ChangeEvent arg0) {
jTable = (JTable) ((JScrollPane)jTabbedPane.getSelectedComponent()).getViewport().getView();
}
});
return this.jTabbedPane;
}
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
List<Map<String, String>> result = null;
try {
result = messageProcessor.processMessage(helpers, content, isRequest, false, "");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
if (result != null && !result.isEmpty()) {
Map<String, String> dataMap = result.get(0);
if (isRequest) {
extractRequestMap = dataMap;
} else {
extractResponseMap = dataMap;
}
return true;
}
return false;
}
@Override
public byte[] getMessage() {
return null;
}
@Override
public boolean isModified() {
return false;
}
/**
* 快捷键复制功能
*/
@Override
public byte[] getSelectedData() {
int[] selectRows = jTable.getSelectedRows();
StringBuilder selectData = new StringBuilder();
for (int row : selectRows) {
selectData.append(jTable.getValueAt(row, 0).toString()).append("\n");
}
// 便于单行复制,去除最后一个换行符
String revData = selectData.reverse().toString().replaceFirst("\n", "");
StringBuilder retData = new StringBuilder(revData).reverse();
return helpers.stringToBytes(retData.toString());
}
/**
* 使用setMessage用来做Extractor
*/
@Override
public void setMessage(byte[] content, boolean isRequest) {
String c = new String(content, StandardCharsets.UTF_8).intern();
if (content.length > 0) {
if (isRequest) {
makeTable(extractRequestMap);
} else {
makeTable(extractResponseMap);
}
}
}
/**
* 创建MarkInfo表单
*/
public void makeTable(Map<String, String> dataMap) {
ArrayList<String> lTitleList = new ArrayList<>();
dataMap.keySet().forEach(i->{
String[] extractData = dataMap.get(i).split("\n");
Object[][] data = new Object[extractData.length][1];
for (int x = 0; x < extractData.length; x++) {
data[x][0] = extractData[x];
}
JTable infoTable = new JTable(data, new Object[]{"Information"});
infoTable.setAutoCreateRowSorter(true);
JScrollPane jScrollPane = new JScrollPane(infoTable);
lTitleList.add(i);
this.jTabbedPane.addTab(i, jScrollPane);
});
/*
* 使用removeAll会导致MarkInfo UI出现空白的情况为了改善用户侧体验采用remove的方式进行删除
* 采用全局ArrayList的方式遍历删除Tab以此应对BurpSuite缓存机制导致的MarkInfo UI错误展示。
*/
titleList.forEach(t->{
int indexOfTab = this.jTabbedPane.indexOfTab(t);
if (indexOfTab != -1) {
this.jTabbedPane.removeTabAt(indexOfTab);
}
});
titleList = lTitleList;
}
}
@Override
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
return new MarkInfoTab(controller, editable);
}
}

42
src/main/java/burp/config/ConfigEntry.java
View File

@@ -1,42 +0,0 @@
package burp.config;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class ConfigEntry {
public static String excludeSuffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|apk|arc|au|avi|azw|bat|bin|bmp|bz|bz2|cmd|cmx|cod|com|csh|css|csv|dll|doc|docx|ear|eot|epub|exe|flac|flv|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|less|m3u|mid|midi|mjs|mkv|mov|mp2|mp3|mp4|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogg|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|scss|sh|snd|svg|swf|tar|tif|tiff|ttf|vsd|war|wav|weba|webm|webp|wmv|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip";
public static String[] scopeArray = new String[] {
"any",
"any header",
"any body",
"response",
"response header",
"response body",
"request",
"request header",
"request body"
};
public static String[] engineArray = new String[] {
"nfa",
"dfa"
};
public static String[] colorArray = new String[] {
"red",
"orange",
"yellow",
"green",
"cyan",
"blue",
"pink",
"magenta",
"gray"
};
public static Map<String,Object[][]> globalRules = null;
public static Map<String, Map<String, List<String>>> globalDataMap = new HashMap<>();
}

131
src/main/java/burp/config/ConfigLoader.java
View File

@@ -1,131 +0,0 @@
package burp.config;
import burp.rule.utils.RuleTool;
import burp.rule.utils.YamlTool;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.ArrayList;
import org.yaml.snakeyaml.Yaml;
/**
* @author EvilChen
*/
public class ConfigLoader {
private static final Yaml yaml = YamlTool.newStandardYaml();
private static final String HaEConfigPath = String.format("%s/.config/HaE", System.getProperty("user.home"));
private static final String RulesFilePath = String.format("%s/%s", HaEConfigPath, "Rules.yml");
private static final String ConfigFilePath = String.format("%s/%s", HaEConfigPath, "Config.yml");
public ConfigLoader() {
// 构造函数,初始化配置
File HaEConfigPathFile = new File(HaEConfigPath);
if (!(HaEConfigPathFile.exists() && HaEConfigPathFile.isDirectory())) {
HaEConfigPathFile.mkdirs();
}
File configFilePath = new File(ConfigFilePath);
if (!(configFilePath.exists() && configFilePath.isFile())) {
initConfig();
initRules();
}
ConfigEntry.globalRules = ConfigLoader.getRules();
}
public void initConfig() {
Map<String, Object> r = new LinkedHashMap<>();
r.put("rulesPath", RulesFilePath);
r.put("excludeSuffix", getExcludeSuffix());
try {
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(ConfigFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws);
} catch (Exception ex) {
ex.printStackTrace();
}
}
public void initRules() {
RuleTool rt = new RuleTool(RulesFilePath);
rt.getRulesFromSite();
}
public static String getRulesFilePath() {
try {
Map<String, Object> r = YamlTool.loadYaml(ConfigFilePath);
return r.get("rulesPath").toString();
} catch (Exception e) {
e.printStackTrace();
return RulesFilePath;
}
}
public String getExcludeSuffix(){
String excludeSuffix = "";
File yamlSetting = new File(ConfigFilePath);
if (yamlSetting.exists() && yamlSetting.isFile()) {
try {
InputStream inorder = Files.newInputStream(Paths.get(ConfigFilePath));
Map<String,Object> r = yaml.load(inorder);
excludeSuffix = r.get("excludeSuffix").toString();
} catch (Exception e) {
// e.printStackTrace();
excludeSuffix = ConfigEntry.excludeSuffix;
}
} else {
excludeSuffix = ConfigEntry.excludeSuffix;
}
return excludeSuffix;
}
// 获取规则配置
public static Map<String, Object[][]> getRules() {
Map<String, Object> rulesMap = YamlTool.loadYaml(getRulesFilePath());
Map<String, Object[][]> resRule = new HashMap<>();
String[] fieldKeys = {"loaded", "name", "regex", "color", "scope", "engine", "sensitive"};
Object rulesObj = rulesMap.get("rules");
if (rulesObj instanceof List) {
List<Map<String, Object>> groupData = (List<Map<String, Object>>) rulesObj;
for (Map<String, Object> groupFields : groupData) {
ArrayList<Object[]> data = new ArrayList<>();
Object ruleObj = groupFields.get("rule");
if (ruleObj instanceof List) {
List<Map<String, Object>> ruleData = (List<Map<String, Object>>) ruleObj;
for (Map<String, Object> ruleFields : ruleData) {
Object[] valuesArray = new Object[fieldKeys.length];
for (int i = 0; i < fieldKeys.length; i++) {
valuesArray[i] = ruleFields.get(fieldKeys[i]);
}
data.add(valuesArray);
}
}
Object[][] dataArray = data.toArray(new Object[data.size()][]);
resRule.put(groupFields.get("group").toString(), dataArray);
}
}
return resRule;
}
public void setExcludeSuffix(String excludeSuffix){
Map<String,Object> r = new LinkedHashMap<>();
r.put("rulesPath", getRulesFilePath());
r.put("excludeSuffix", excludeSuffix);
try{
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(RulesFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws);
}catch (Exception ex){
ex.printStackTrace();
}
}
}

26
src/main/java/burp/core/GlobalCachePool.java
View File

@@ -1,26 +0,0 @@
package burp.core;
import java.util.HashMap;
import java.util.Map;
/**
* @author EvilChen
*/
public class GlobalCachePool {
// 用于缓存匹配结果,以请求/响应的MD5 Hash作为索引
private static final Map<String, Map<String, Map<String, Object>>> cache = new HashMap<>();
public static void addToCache(String key, Map<String, Map<String, Object>> value) {
cache.put(key, value);
}
public static Map<String, Map<String, Object>> getFromCache(String key) {
return cache.get(key);
}
public static void removeFromCache(String key) {
cache.remove(key);
}
}

68
src/main/java/burp/core/processor/ColorProcessor.java
View File

@@ -1,68 +0,0 @@
package burp.core.processor;
import burp.config.ConfigEntry;
import java.util.*;
/**
* @author EvilChen
*/
public class ColorProcessor {
private String finalColor = "";
public List<Integer> retrieveColorIndices(List<String> colors){
List<Integer> indices = new ArrayList<>();
String[] colorArray = ConfigEntry.colorArray;
int size = colorArray.length;
for (String color : colors) {
for (int i = 0; i < size; i++) {
if (colorArray[i].equals(color)) {
indices.add(i);
}
}
}
return indices;
}
/**
* 颜色升级递归算法
*/
private void upgradeColors(List<Integer> colorList) {
int colorSize = colorList.size();
String[] colorArray = ConfigEntry.colorArray;
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
} else {
if (!Objects.equals(colorList.get(i), stack.stream().reduce((first, second) -> second).orElse(99999999))) {
stack.add(colorList.get(i));
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
}
}
i++;
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0) < 0) {
this.finalColor = colorArray[0];
} else {
this.finalColor = colorArray[stack.get(0)];
}
} else {
this.upgradeColors(stack);
}
}
public String retrieveFinalColor(List<Integer> colorList) {
upgradeColors(colorList);
return finalColor;
}
}

201
src/main/java/burp/core/processor/DataProcessingUnit.java
View File

@@ -1,201 +0,0 @@
package burp.core.processor;
import burp.core.GlobalCachePool;
import burp.core.utils.HashCalculator;
import burp.core.utils.MatchTool;
import burp.config.ConfigEntry;
import burp.core.utils.StringHelper;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.ArrayList;
import java.util.List;
import jregex.Matcher;
import jregex.Pattern;
/**
* @author EvilChen
*/
public class DataProcessingUnit {
public Map<String, String> extractDataFromMap(Map<String, Map<String, Object>> inputData) {
Map<String, String> extractedData = new HashMap<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String data = tempMap.get("data").toString();
extractedData.put(key, data);
});
return extractedData;
}
public List<List<String>> extractColorsAndComments(Map<String, Map<String, Object>> inputData) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String color = tempMap.get("color").toString();
colorList.add(color);
commentList.add(key);
});
List<List<String>> result = new ArrayList<>();
result.add(colorList);
result.add(commentList);
return result;
}
public Map<String, Map<String, Object>> matchContentByRegex(byte[] content, String headers, byte[] body, String scopeString, String host)
throws NoSuchAlgorithmException {
// 先从池子里判断是否有已经匹配好的结果
String messageIndex = HashCalculator.calculateHash(content);
Map<String, Map<String, Object>> map = GlobalCachePool.getFromCache(messageIndex);
if (map != null) {
return map;
} else {
// 最终返回的结果
Map<String, Map<String, Object>> finalMap = new HashMap<>();
ConfigEntry.globalRules.keySet().forEach(i -> {
for (Object[] objects : ConfigEntry.globalRules.get(i)) {
// 多线程执行,一定程度上减少阻塞现象
Thread t = new Thread(() -> {
String matchContent = "";
// 遍历获取规则
List<String> result = new ArrayList<>();
Map<String, Object> tmpMap = new HashMap<>();
String name = objects[1].toString();
boolean loaded = (Boolean) objects[0];
String regex = objects[2].toString();
String color = objects[3].toString();
String scope = objects[4].toString();
String engine = objects[5].toString();
boolean sensitive = (Boolean) objects[6];
// 判断规则是否开启与作用域
if (loaded && (scope.contains(scopeString) || scope.contains("any"))) {
switch (scope) {
case "any":
case "request":
case "response":
matchContent = new String(content, StandardCharsets.UTF_8).intern();
break;
case "any header":
case "request header":
case "response header":
matchContent = headers;
break;
case "any body":
case "request body":
case "response body":
matchContent = new String(body, StandardCharsets.UTF_8).intern();
break;
default:
break;
}
if ("nfa".equals(engine)) {
Pattern pattern;
// 判断规则是否大小写敏感
if (sensitive) {
pattern = new Pattern(regex);
} else {
pattern = new Pattern(regex, Pattern.IGNORE_CASE);
}
Matcher matcher = pattern.matcher(matchContent);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
} else {
RegExp regexp = new RegExp(regex);
Automaton auto = regexp.toAutomaton();
RunAutomaton runAuto = new RunAutomaton(auto, true);
AutomatonMatcher autoMatcher = runAuto.newMatcher(matchContent);
while (autoMatcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(autoMatcher.group());
}
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
String nameAndSize = String.format("%s (%s)", name, result.size());
if (!result.isEmpty()) {
tmpMap.put("color", color);
String dataStr = String.join("\n", result);
tmpMap.put("data", dataStr);
finalMap.put(nameAndSize, tmpMap);
// 添加到全局变量中便于Databoard检索
if (!host.isEmpty()) {
List<String> dataList = Arrays.asList(dataStr.split("\n"));
if (ConfigEntry.globalDataMap.containsKey(host)) {
Map<String, List<String>> gRuleMap = new HashMap<>(ConfigEntry.globalDataMap.get(host));
if (gRuleMap.containsKey(name)) {
// gDataList为不可变列表因此需要重新创建一个列表以便于使用addAll方法
List<String> gDataList = gRuleMap.get(name);
List<String> newDataList = new ArrayList<>(gDataList);
newDataList.addAll(dataList);
newDataList = new ArrayList<>(new HashSet<>(newDataList));
gRuleMap.remove(name);
gRuleMap.put(name, newDataList);
} else {
gRuleMap.put(name, dataList);
}
ConfigEntry.globalDataMap.remove(host);
ConfigEntry.globalDataMap.put(host, gRuleMap);
} else {
Map<String, List<String>> ruleMap = new HashMap<>();
ruleMap.put(name, dataList);
// 添加单一Host
ConfigEntry.globalDataMap.put(host, ruleMap);
}
String[] splitHost = host.split("\\.");
String anyHost = (splitHost.length > 2 && !MatchTool.matchIP(host)) ? StringHelper.replaceFirstOccurrence(host, splitHost[0], "*") : "";
if (!ConfigEntry.globalDataMap.containsKey(anyHost) && anyHost.length() > 0) {
// 添加通配符Host实际数据从查询哪里将所有数据提取
ConfigEntry.globalDataMap.put(anyHost, new HashMap<>());
}
if (!ConfigEntry.globalDataMap.containsKey("*")) {
// 添加通配符全匹配,同上
ConfigEntry.globalDataMap.put("*", new HashMap<>());
}
if (!ConfigEntry.globalDataMap.containsKey("**")) {
// 添加通配符全匹配,同上
ConfigEntry.globalDataMap.put("**", new HashMap<>());
}
}
}
}
});
t.start();
try {
t.join();
} catch (Exception e) {
e.printStackTrace();
}
}
});
GlobalCachePool.addToCache(messageIndex, finalMap);
return finalMap;
}
}
}

78
src/main/java/burp/core/processor/MessageProcessor.java
View File

@@ -1,78 +0,0 @@
package burp.core.processor;
import burp.IExtensionHelpers;
import burp.core.utils.MatchTool;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class MessageProcessor {
MatchTool matcher = new MatchTool();
DataProcessingUnit dataProcessingUnit = new DataProcessingUnit();
ColorProcessor colorProcessor = new ColorProcessor();
public List<Map<String, String>> processMessage(IExtensionHelpers helpers, byte[] content, boolean isRequest, boolean messageInfo, String host)
throws NoSuchAlgorithmException {
List<Map<String, String>> result = new ArrayList<>();
Map<String, Map<String, Object>> obj;
if (isRequest) {
List<String> requestTmpHeaders = helpers.analyzeRequest(content).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
try {
String urlString = requestTmpHeaders.get(0).split(" ")[1];
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
if (matcher.matchUrlSuffix(urlString)) {
return result;
}
} catch (Exception e) {
return result;
}
int requestBodyOffset = helpers.analyzeRequest(content).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
obj = dataProcessingUnit.matchContentByRegex(content, requestHeaders, requestBody, "request", host);
} else {
try {
String inferredMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getInferredMimeType().toLowerCase());
String statedMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getStatedMimeType().toLowerCase());
if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) {
return result;
}
} catch (Exception e) {
return result;
}
List<String> responseTmpHeaders = helpers.analyzeResponse(content).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host);
}
if (obj.size() > 0) {
if (messageInfo) {
List<List<String>> resultList = dataProcessingUnit.extractColorsAndComments(obj);
List<String> colorList = resultList.get(0);
List<String> commentList = resultList.get(1);
if (!colorList.isEmpty() && !commentList.isEmpty()) {
String color = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
Map<String, String> colorMap = new HashMap<String, String>() {{
put("color", color);
}};
Map<String, String> commentMap = new HashMap<String, String>() {{
put("comment", String.join(", ", commentList));
}};
result.add(colorMap);
result.add(commentMap);
}
} else {
result.add(dataProcessingUnit.extractDataFromMap(obj));
}
}
return result;
}
}

24
src/main/java/burp/core/utils/MatchTool.java
View File

@@ -1,24 +0,0 @@
package burp.core.utils;
import jregex.Pattern;
import jregex.REFlags;
import burp.config.ConfigLoader;
/**
* @author EvilChen
*/
public class MatchTool {
// 匹配后缀
ConfigLoader configLoader = new ConfigLoader();
public boolean matchUrlSuffix(String str) {
Pattern pattern = new Pattern(String.format("[\\w]+[\\.](%s)", configLoader.getExcludeSuffix()), REFlags.IGNORE_CASE);
jregex.Matcher matcher = pattern.matcher(str);
return matcher.find();
}
public static boolean matchIP(String str) {
return str.matches("\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b");
}
}

30
src/main/java/burp/core/utils/StringHelper.java
View File

@@ -1,30 +0,0 @@
package burp.core.utils;
public class StringHelper {
public static String replaceFirstOccurrence(String original, String find, String replace) {
int index = original.indexOf(find);
if (index != -1) {
return original.substring(0, index) + replace + original.substring(index + find.length());
}
return original;
}
public static boolean matchFromEnd(String input, String pattern) {
int inputLength = input.length();
int patternLength = pattern.length();
int inputIndex = inputLength - 1;
int patternIndex = patternLength - 1;
while (inputIndex >= 0 && patternIndex >= 0) {
if (input.charAt(inputIndex) != pattern.charAt(patternIndex)) {
return false;
}
inputIndex--;
patternIndex--;
}
// 如果patternIndex为-1表示pattern字符串已经完全匹配
return patternIndex == -1;
}
}

98
src/main/java/burp/rule/RuleProcessor.java
View File

@@ -1,98 +0,0 @@
package burp.rule;
import burp.config.ConfigEntry;
import burp.config.ConfigLoader;
import burp.rule.model.Rule;
import burp.rule.model.RuleGroup;
import burp.rule.utils.YamlTool;
import java.io.IOException;
import java.nio.file.Files;
import java.util.stream.Collectors;
import org.yaml.snakeyaml.Yaml;
import java.io.File;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.util.*;
/**
* @author EvilChen
*/
public class RuleProcessor {
public void rulesFormatAndSave() {
Yaml yaml = YamlTool.newStandardYaml();
List<RuleGroup> ruleGroupList = new ArrayList<>();
ConfigEntry.globalRules.forEach((k, v) -> {
List<Rule> ruleList = Arrays.stream(v)
.map(objects -> new Rule(
(boolean) objects[0],
(String) objects[1],
(String) objects[2],
(String) objects[3],
(String) objects[4],
(String) objects[5],
(boolean) objects[6]))
.collect(Collectors.toList());
ruleGroupList.add(new RuleGroup(k, ruleList));
});
List<Map<String, Object>> outputGroupsMap = ruleGroupList.stream()
.map(RuleGroup::getFields)
.collect(Collectors.toList());
Map<String, Object> outputMap = new LinkedHashMap<>();
outputMap.put("rules", outputGroupsMap);
File f = new File(ConfigLoader.getRulesFilePath());
try (Writer ws = new OutputStreamWriter(Files.newOutputStream(f.toPath()), StandardCharsets.UTF_8)) {
yaml.dump(outputMap, ws);
} catch (IOException ex) {
ex.printStackTrace();
}
}
public void changeRule(Vector data, int select, String type) {
ConfigEntry.globalRules.get(type)[select] = data.toArray();
this.rulesFormatAndSave();
}
public void addRule(Vector data, String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(ConfigEntry.globalRules.get(type)));
x.add(data.toArray());
ConfigEntry.globalRules.put(type,x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void removeRule(int select,String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(ConfigEntry.globalRules.get(type)));
x.remove(select);
ConfigEntry.globalRules.put(type,x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void renameRuleGroup(String oldName, String newName) {
ConfigEntry.globalRules.put(newName, ConfigEntry.globalRules.remove(oldName));
this.rulesFormatAndSave();
}
public void deleteRuleGroup(String Rules) {
ConfigEntry.globalRules.remove(Rules);
this.rulesFormatAndSave();
}
public String newRule() {
int i = 0;
String name = "New ";
Object[][] data = new Object[][] {
{
false, "New Name", "(New Regex)", "gray", "any", "nfa", false
}
};
while (ConfigEntry.globalRules.containsKey(name + i)) {
i++;
}
ConfigEntry.globalRules.put(name + i, data);
this.rulesFormatAndSave();
return name + i;
}
}

35
src/main/java/burp/rule/utils/RuleTool.java
View File

@@ -1,35 +0,0 @@
package burp.rule.utils;
import com.squareup.okhttp.OkHttpClient;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.Response;
import java.io.FileOutputStream;
import javax.swing.JOptionPane;
/**
* @author EvilChen
*/
public class RuleTool {
private String rulesFilePath;
public RuleTool(String rulesFilePath) {
this.rulesFilePath = rulesFilePath;
}
public void getRulesFromSite() {
String url = "https://cdn.jsdelivr.net/gh/gh0stkey/HaE@gh-pages/Rules.yml";
OkHttpClient httpClient = new OkHttpClient();
Request httpRequest = new Request.Builder().url(url).get().build();
try {
Response httpResponse = httpClient.newCall(httpRequest).execute();
// 获取官方规则文件,在线更新写入
FileOutputStream fileOutputStream = new FileOutputStream(this.rulesFilePath);
fileOutputStream.write(httpResponse.body().bytes());
JOptionPane.showMessageDialog(null, "Config file updated successfully!", "Error",
JOptionPane.INFORMATION_MESSAGE);
} catch (Exception ignored) {
JOptionPane.showMessageDialog(null, "Please check your network!", "Error",
JOptionPane.ERROR_MESSAGE);
}
}
}

35
src/main/java/burp/rule/utils/YamlTool.java
View File

@@ -1,35 +0,0 @@
package burp.rule.utils;
import java.util.Map;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStream;
import org.yaml.snakeyaml.representer.Representer;
/**
* @author EvilChen
*/
public class YamlTool {
public static Yaml newStandardYaml() {
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer();
return new Yaml(representer, dop);
}
public static Map<String, Object> loadYaml(String filePath) {
try {
InputStream inputStream = new FileInputStream(filePath);
Yaml yaml = newStandardYaml();
return yaml.load(inputStream);
} catch (FileNotFoundException e) {
e.printStackTrace();
return null;
}
}
}

314
src/main/java/burp/ui/MainUI.java
View File

@@ -1,314 +0,0 @@
package burp.ui;
import burp.config.ConfigEntry;
import burp.config.ConfigLoader;
import burp.rule.RuleProcessor;
import burp.rule.utils.RuleTool;
import burp.ui.board.Databoard;
import burp.ui.board.MessagePanel;
import burp.ui.rule.RulePane;
import javax.swing.*;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import java.awt.*;
import java.awt.event.*;
import java.util.Map;
/**
* @author LinChen && EvilChen
*/
public class MainUI extends JPanel {
private final ConfigLoader loadConn = new ConfigLoader();
private MessagePanel messagePanel;
public MainUI(MessagePanel messagePanel) {
this.messagePanel = messagePanel;
databoardPanel = new Databoard(this.messagePanel);
initComponents();
}
public void closeTabActionPerformed(ActionEvent e) {
if (ruleTabbedPane.getTabCount() > 2 && ruleTabbedPane.getSelectedIndex() != 0) {
String title = ruleTabbedPane.getTitleAt(ruleTabbedPane.getSelectedIndex());
new RuleProcessor().deleteRuleGroup(title);
ruleTabbedPane.remove(ruleTabbedPane.getSelectedIndex());
ruleTabbedPane.setSelectedIndex(ruleTabbedPane.getSelectedIndex() - 1);
}
}
private void onlineUpdateActionPerformed(ActionEvent e) {
// 添加提示框防止用户误触导致配置更新
int retCode = JOptionPane.showConfirmDialog(null, "Do you want to update config?", "Info",
JOptionPane.YES_NO_CANCEL_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
String rulesFilePath = rulesPathTextField.getText();
RuleTool rt = new RuleTool(rulesFilePath);
rt.getRulesFromSite();
new ConfigLoader();
reloadRule();
}
}
private void reloadRule(){
ruleTabbedPane.removeAll();
ruleSwitch.setListen(false);
Map<String,Object[][]> rules = ConfigLoader.getRules();
rules.keySet().forEach(
i -> ruleTabbedPane.addTab(
i,
new RulePane(rules.get(i), ruleTabbedPane)
)
);
ruleTabbedPane.addTab("...", new JLabel());
ruleSwitch.setListen(true);
}
private void reloadActionPerformed(ActionEvent e) {
reloadRule();
}
private void excludeSuffixSaveActionPerformed(ActionEvent e) {
ConfigLoader loadCon = new ConfigLoader();
loadCon.setExcludeSuffix(excludeSuffixTextField.getText());
}
private void initComponents() {
JTabbedPane mainTabbedPane = new JTabbedPane();
ruleTabbedPane = new JTabbedPane();
JPanel rulePanel = new JPanel();
rulesPathTextField = new JTextField();
JLabel rulesPathLabel = new JLabel();
JButton onlineUpdateButton = new JButton();
JButton reloadButton = new JButton();
JLabel excludeSuffixLabel = new JLabel();
excludeSuffixTextField = new JTextField();
JButton excludeSuffixSaveButton = new JButton();
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {1.0, 1.0E-4};
{
mainTabbedPane.addTab("Rules", ruleTabbedPane);
{
rulePanel.setLayout(new GridBagLayout());
((GridBagLayout) rulePanel.getLayout()).columnWidths = new int[] {0, 0, 0, 0, 0};
((GridBagLayout) rulePanel.getLayout()).rowHeights = new int[] {0, 0, 0};
((GridBagLayout) rulePanel.getLayout()).columnWeights = new double[] {0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout) rulePanel.getLayout()).rowWeights = new double[] {0.0, 0.0, 1.0E-4};
rulesPathTextField.setEditable(false);
rulePanel.add(rulesPathTextField, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
rulesPathLabel.setText("Rules Path:");
rulePanel.add(rulesPathLabel, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.WEST, GridBagConstraints.VERTICAL,
new Insets(5, 5, 5, 5), 0, 0));
onlineUpdateButton.setText("Online Update");
onlineUpdateButton.addActionListener(this::onlineUpdateActionPerformed);
rulePanel.add(onlineUpdateButton, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
reloadButton.setText("Reload");
reloadButton.addActionListener(this::reloadActionPerformed);
rulePanel.add(reloadButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(5, 0, 5, 5), 0, 0));
excludeSuffixLabel.setText("Exclude Suffix:");
rulePanel.add(excludeSuffixLabel, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTHWEST, GridBagConstraints.NONE,
new Insets(0, 5, 5, 5), 0, 0));
rulePanel.add(excludeSuffixTextField, new GridBagConstraints(1, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
excludeSuffixSaveButton.setText("Save");
excludeSuffixSaveButton.addActionListener(this::excludeSuffixSaveActionPerformed);
rulePanel.add(excludeSuffixSaveButton, new GridBagConstraints(2, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.SOUTH, GridBagConstraints.HORIZONTAL,
new Insets(0, 0, 0, 5), 0, 0));
}
mainTabbedPane.addTab("Config", rulePanel);
mainTabbedPane.addTab("Databoard", this.databoardPanel);
}
add(mainTabbedPane, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 0, 0, 0), 0, 0));
ConfigEntry.globalRules.keySet().forEach(i-> ruleTabbedPane.addTab(i, new RulePane(
ConfigEntry.globalRules.get(i),
ruleTabbedPane)));
ruleTabbedPane.addTab("...",new JLabel());
rulesPathTextField.setText(ConfigLoader.getRulesFilePath());
excludeSuffixTextField.setText(loadConn.getExcludeSuffix());
ruleSwitch = new TabTitleEditListener(ruleTabbedPane);
ruleTabbedPane.addChangeListener(ruleSwitch);
ruleTabbedPane.addMouseListener(ruleSwitch);
deleteMenuItem.addActionListener(this::closeTabActionPerformed);
tabMenu.add(deleteMenuItem);
}
private JTabbedPane ruleTabbedPane;
private JTextField rulesPathTextField;
private JTextField excludeSuffixTextField;
private Databoard databoardPanel;
protected static JPopupMenu tabMenu = new JPopupMenu();
private final JMenuItem deleteMenuItem = new JMenuItem("Delete");
private TabTitleEditListener ruleSwitch;
}
class TabTitleEditListener extends MouseAdapter implements ChangeListener, DocumentListener {
protected final JTextField ruleEditTextField = new JTextField();
protected final JTabbedPane ruleEditTabbedPane;
protected int editingIndex = -1;
protected int len = -1;
protected Boolean listen = true;
protected Dimension dim;
protected Component tabComponent;
protected Boolean isRenameOk = false;
protected RuleProcessor ruleProcessor = new RuleProcessor();
protected final Action startEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
editingIndex = ruleEditTabbedPane.getSelectedIndex();
tabComponent = ruleEditTabbedPane.getTabComponentAt(editingIndex);
ruleEditTabbedPane.setTabComponentAt(editingIndex, ruleEditTextField);
isRenameOk = true;
ruleEditTextField.setVisible(true);
ruleEditTextField.setText(ruleEditTabbedPane.getTitleAt(editingIndex));
ruleEditTextField.selectAll();
ruleEditTextField.requestFocusInWindow();
len = ruleEditTextField.getText().length();
dim = ruleEditTextField.getPreferredSize();
ruleEditTextField.setMinimumSize(dim);
}
};
protected final Action renameTabTitle = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
String title = ruleEditTextField.getText().trim();
if (editingIndex >= 0 && !title.isEmpty()) {
String oldName = ruleEditTabbedPane.getTitleAt(editingIndex);
ruleEditTabbedPane.setTitleAt(editingIndex, title);
ruleProcessor.renameRuleGroup(oldName,title);
}
cancelEditing.actionPerformed(null);
}
};
protected final Action cancelEditing = new AbstractAction() {
@Override public void actionPerformed(ActionEvent e) {
if (editingIndex >= 0) {
ruleEditTabbedPane.setTabComponentAt(editingIndex, tabComponent);
ruleEditTextField.setVisible(false);
editingIndex = -1;
len = -1;
tabComponent = null;
ruleEditTextField.setPreferredSize(null);
ruleEditTabbedPane.requestFocusInWindow();
}
}
};
protected TabTitleEditListener(JTabbedPane tabbedPane) {
super();
this.ruleEditTabbedPane = tabbedPane;
ruleEditTextField.setBorder(BorderFactory.createEmptyBorder());
ruleEditTextField.addFocusListener(new FocusAdapter() {
@Override public void focusLost(FocusEvent e) {
renameTabTitle.actionPerformed(null);
}
});
InputMap im = ruleEditTextField.getInputMap(JComponent.WHEN_FOCUSED);
ActionMap am = ruleEditTextField.getActionMap();
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0), "cancel-editing");
am.put("cancel-editing", cancelEditing);
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "rename-tab-title");
am.put("rename-tab-title", renameTabTitle);
ruleEditTextField.getDocument().addDocumentListener(this);
tabbedPane.getInputMap(JComponent.WHEN_FOCUSED).put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "start-editing");
tabbedPane.getActionMap().put("start-editing", startEditing);
}
@Override public void stateChanged(ChangeEvent e) {
if (e.getSource() instanceof JTabbedPane && listen) {
JTabbedPane pane = (JTabbedPane) e.getSource();
if (!isRenameOk){
if (pane.getSelectedIndex() == pane.getComponentCount()-1){
newTab();
}
}else{
if (pane.getSelectedIndex() == pane.getComponentCount()-2){
newTab();
}
}
}
renameTabTitle.actionPerformed(null);
}
public void newTab(){
Object[][] data = new Object[][]{{false, "New Name", "(New Regex)", "gray", "any", "nfa", false}};
insertTab(ruleEditTabbedPane, ruleProcessor.newRule(),data);
}
public void insertTab(JTabbedPane pane,String title,Object[][] data){
pane.addTab(title,new RulePane(data,pane));
pane.remove(pane.getSelectedIndex());
pane.addTab("...",new JLabel());
}
public void setListen(Boolean listen){
this.listen = listen;
}
@Override public void insertUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void removeUpdate(DocumentEvent e) {
updateTabSize();
}
@Override public void changedUpdate(DocumentEvent e) {}
@Override public void mouseClicked(MouseEvent e) {
switch (e.getButton()){
case 1:
{
Rectangle r = ruleEditTabbedPane.getBoundsAt(ruleEditTabbedPane.getSelectedIndex());
boolean isDoubleClick = e.getClickCount() >= 2;
if (isDoubleClick && r.contains(e.getPoint())) {
startEditing.actionPerformed(null);
} else {
renameTabTitle.actionPerformed(null);
}
break;
}
case 3:{
MainUI.tabMenu.show(e.getComponent(),e.getX(),e.getY());
break;
}
default:
break;
}
}
protected void updateTabSize() {
ruleEditTextField.setPreferredSize(ruleEditTextField.getText().length() > len ? null : dim);
ruleEditTabbedPane.revalidate();
}
}

64
src/main/java/burp/ui/board/CustomTableCellRenderer.java
View File

@@ -1,64 +0,0 @@
package burp.ui.board;
import java.awt.Color;
import java.awt.Component;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.swing.JTable;
import javax.swing.table.DefaultTableCellRenderer;
public class CustomTableCellRenderer extends DefaultTableCellRenderer {
private List<LogEntry> log;
private Map<String, Color> colorMap = new HashMap<>();
private JTable table; // 保存对表格的引用
public CustomTableCellRenderer(List<LogEntry> log, JTable table) {
this.log = log;
this.colorMap.put("red", Color.RED);
this.colorMap.put("orange", Color.ORANGE);
this.colorMap.put("yellow", Color.YELLOW);
this.colorMap.put("green", Color.GREEN);
this.colorMap.put("cyan", Color.CYAN);
this.colorMap.put("blue", Color.BLUE);
this.colorMap.put("pink", Color.PINK);
this.colorMap.put("magenta", Color.MAGENTA);
this.colorMap.put("gray", Color.GRAY);
this.table = table;
}
@Override
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected,
boolean hasFocus, int row, int column) {
Component component = super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
LogEntry logEntry = log.get(table.convertRowIndexToModel(row)); // 使用convertRowIndexToModel方法转换行索引
// 设置颜色
String colorByLog = logEntry.getColor();
Color color = colorMap.get(colorByLog);
if (isSelected) {
// 如果行被选中,设置阴影颜色
component.setBackground(new Color(173, 216, 230)); // Light Blue
} else {
// 否则使用原始颜色
component.setBackground(color);
}
return component;
}
@Override
public void firePropertyChange(String propertyName, Object oldValue, Object newValue) {
super.firePropertyChange(propertyName, oldValue, newValue);
// 监听表格排序的属性变化
if ("tableCellRenderer".equals(propertyName)) {
// 更新每一行数据的颜色
for (int i = 0; i < table.getRowCount(); i++) {
table.repaint(table.getCellRect(i, 0, true));
}
}
}
}

358
src/main/java/burp/ui/board/Databoard.java
View File

@@ -1,358 +0,0 @@
package burp.ui.board;
import burp.config.ConfigEntry;
import burp.core.utils.StringHelper;
import burp.ui.board.MessagePanel.Table;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import javax.swing.event.ChangeEvent;
import javax.swing.event.ChangeListener;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableColumn;
import javax.swing.table.TableColumnModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.event.*;
import java.util.ArrayList;
import java.util.Map;
import javax.swing.*;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
/**
* @author LinChen && EvilChen
*/
public class Databoard extends JPanel {
private static Boolean isMatchHost = false;
private JLabel hostLabel;
private JTextField hostTextField;
private JTabbedPane dataTabbedPaneA;
private JTabbedPane dataTabbedPaneB;
private JButton clearButton;
private JSplitPane splitPane;
private MessagePanel messagePanel;
private Table table;
public Databoard(MessagePanel messagePanel) {
this.messagePanel = messagePanel;
initComponents();
}
private void cleanUI() {
dataTabbedPaneA.removeAll();
dataTabbedPaneB.removeAll();
splitPane.setVisible(false);
}
private void clearActionPerformed(ActionEvent e) {
cleanUI();
String host = hostTextField.getText();
String cleanedHost = StringHelper.replaceFirstOccurrence(host, "*.", "");
if (host.contains("*")) {
ConfigEntry.globalDataMap.keySet().removeIf(i -> i.contains(cleanedHost) || cleanedHost.equals("**"));
} else {
ConfigEntry.globalDataMap.remove(host);
}
messagePanel.deleteByHost(cleanedHost);
}
private void initComponents() {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
hostLabel = new JLabel();
hostTextField = new JTextField();
dataTabbedPaneA = new JTabbedPane(JTabbedPane.TOP);
dataTabbedPaneB = new JTabbedPane(JTabbedPane.TOP);
clearButton = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {25, 0, 0, 0, 20, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 65, 20, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 1.0, 0.0, 1.0E-4};
//---- hostLabel ----
hostLabel.setText("Host:");
add(hostLabel, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(hostTextField, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
clearButton.setText("Clear");
clearButton.addActionListener(this::clearActionPerformed);
add(clearButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
splitPane.setVisible(false);
add(splitPane, new GridBagConstraints(1, 1, 3, 2, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
setAutoMatch();
}
private static List<String> getHostByList() {
return new ArrayList<>(ConfigEntry.globalDataMap.keySet());
}
/**
* 设置输入自动匹配
*/
private void setAutoMatch() {
final DefaultComboBoxModel comboBoxModel = new DefaultComboBoxModel();
final JComboBox hostComboBox = new JComboBox(comboBoxModel) {
@Override
public Dimension getPreferredSize() {
return new Dimension(super.getPreferredSize().width, 0);
}
};
isMatchHost = false;
for (String host : getHostByList()) {
comboBoxModel.addElement(host);
}
hostComboBox.setSelectedItem(null);
hostComboBox.addActionListener(e -> {
if (!isMatchHost) {
if (hostComboBox.getSelectedItem() != null) {
hostTextField.setText(hostComboBox.getSelectedItem().toString());
populateTabbedPaneByHost(hostComboBox);
}
}
});
// 事件监听
hostTextField.addKeyListener(new KeyAdapter() {
@Override
public void keyPressed(KeyEvent e) {
isMatchHost = true;
int keyCode = e.getKeyCode();
if (keyCode == KeyEvent.VK_SPACE && hostComboBox.isPopupVisible()) {
e.setKeyCode(KeyEvent.VK_ENTER);
}
if (keyCode == KeyEvent.VK_ENTER || keyCode == KeyEvent.VK_UP || keyCode == KeyEvent.VK_DOWN) {
e.setSource(hostComboBox);
hostComboBox.dispatchEvent(e);
if (keyCode == KeyEvent.VK_ENTER) {
String selectedItem = hostComboBox.getSelectedItem().toString();
hostTextField.setText(selectedItem);
populateTabbedPaneByHost(hostComboBox);
hostComboBox.setPopupVisible(false);
return;
}
}
if (keyCode == KeyEvent.VK_ESCAPE) {
hostComboBox.setPopupVisible(false);
}
isMatchHost = false;
}
});
hostTextField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
updateList();
}
@Override
public void removeUpdate(DocumentEvent e) {
updateList();
}
@Override
public void changedUpdate(DocumentEvent e) {
updateList();
}
private void updateList() {
isMatchHost = true;
comboBoxModel.removeAllElements();
String input = hostTextField.getText().toLowerCase();
if (!input.isEmpty()){
for (String host : getHostByList()) {
String lowerCaseHost = host.toLowerCase();
if (lowerCaseHost.contains(input)) {
if (host.length() == input.length()){
comboBoxModel.insertElementAt(host,0);
comboBoxModel.setSelectedItem(host);
} else {
comboBoxModel.addElement(host);
}
}
}
}
hostComboBox.setPopupVisible(comboBoxModel.getSize() > 0);
isMatchHost = false;
}
});
hostTextField.setLayout(new BorderLayout());
hostTextField.add(hostComboBox, BorderLayout.SOUTH);
}
private void applyHostFilter(String filterText) {
TableRowSorter<TableModel> sorter = (TableRowSorter<TableModel>) table.getRowSorter();
if (filterText.contains("*.")) {
filterText = StringHelper.replaceFirstOccurrence(filterText, "*.", "");
} else if (filterText.contains("*")) {
filterText = "";
}
RowFilter<TableModel, Integer> filter = RowFilter.regexFilter(filterText, 1);
sorter.setRowFilter(filter);
filterText = filterText.isEmpty() ? "*" : filterText;
messagePanel.applyHostFilter(filterText);
}
private void populateTabbedPaneByHost(JComboBox<String> hostComboBox) {
if (hostComboBox.getSelectedItem() != null) {
String selectedHost = hostComboBox.getSelectedItem().toString();
Map<String, Map<String, List<String>>> dataMap = ConfigEntry.globalDataMap;
Map<String, List<String>> selectedDataMap;
if (selectedHost.contains("*")) {
// 通配符数据
selectedDataMap = new HashMap<>();
String hostPattern = StringHelper.replaceFirstOccurrence(selectedHost, "*.", "");
for (String key : dataMap.keySet()) {
if (key.contains(hostPattern) || selectedHost.equals("*")) {
Map<String, List<String>> ruleMap = dataMap.get(key);
for (String ruleKey : ruleMap.keySet()) {
List<String> dataList = ruleMap.get(ruleKey);
if (selectedDataMap.containsKey(ruleKey)) {
List<String> mergedList = new ArrayList<>(selectedDataMap.get(ruleKey));
mergedList.addAll(dataList);
HashSet<String> uniqueSet = new HashSet<>(mergedList);
selectedDataMap.put(ruleKey, new ArrayList<>(uniqueSet));
} else {
selectedDataMap.put(ruleKey, dataList);
}
}
}
}
} else {
selectedDataMap = dataMap.get(selectedHost);
}
// 由于removeChangeListener不知什么原因不生效因此建立两个tabbedPane
dataTabbedPaneA.removeAll();
dataTabbedPaneB.removeAll();
ChangeListener changeListenerInstance = new ChangeListener() {
@Override
public void stateChanged(ChangeEvent e) {
int selectedIndex = dataTabbedPaneA.getSelectedIndex();
String selectedTitle = "";
if (selectedIndex != -1) {
selectedTitle = dataTabbedPaneA.getTitleAt(selectedIndex);
}
applyHostFilter(selectedTitle);
}
};
if (selectedHost.equals("**")) {
dataTabbedPaneA.setPreferredSize(new Dimension(500,0));
dataTabbedPaneA.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
splitPane.setLeftComponent(dataTabbedPaneA);
for (Map.Entry<String, Map<String, List<String>>> entry : dataMap.entrySet()) {
JTabbedPane newTabbedPane = new JTabbedPane();
newTabbedPane.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
for (Map.Entry<String, List<String>> entrySet : entry.getValue().entrySet()) {
Thread t = new Thread(() -> {
String tabTitle = String.format("%s (%s)", entrySet.getKey(), entrySet.getValue().size());
newTabbedPane.addTab(tabTitle, new JScrollPane(new DataTable(entrySet.getKey(), entrySet.getValue())));
dataTabbedPaneA.addTab(entry.getKey(), newTabbedPane);
});
t.start();
try {
t.join();
} catch (Exception e) {
e.printStackTrace();
}
}
}
dataTabbedPaneA.addChangeListener(changeListenerInstance);
} else {
dataTabbedPaneB.setPreferredSize(new Dimension(500,0));
dataTabbedPaneB.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
splitPane.setLeftComponent(dataTabbedPaneB);
for (Map.Entry<String, List<String>> entry : selectedDataMap.entrySet()) {
String tabTitle = String.format("%s (%s)", entry.getKey(), entry.getValue().size());
dataTabbedPaneB.addTab(tabTitle, new JScrollPane(new DataTable(entry.getKey(), entry.getValue())));
}
}
// 展示请求消息表单
JSplitPane messageSplitPane = this.messagePanel.getPanel();
this.splitPane.setRightComponent(messageSplitPane);
// 获取字段
table = this.messagePanel.getTable();
// 设置对应字段宽度
TableColumnModel columnModel = table.getColumnModel();
TableColumn column = columnModel.getColumn(1);
column.setPreferredWidth(300);
column = columnModel.getColumn(2);
column.setPreferredWidth(300);
splitPane.setVisible(true);
applyHostFilter(selectedHost);
// 主动调用一次stateChanged使得dataTabbedPane可以精准展示内容
if (selectedHost.equals("**")) {
changeListenerInstance.stateChanged(null);
}
hostTextField.setText(selectedHost);
}
}
class DataTable extends JTable {
public DataTable(String tableName, List<String> list){
DefaultTableModel model = new DefaultTableModel();
Object[][] data = new Object[list.size()][1];
for (int x = 0; x < list.size(); x++) {
data[x][0] = list.get(x);
}
model.setDataVector(data, new Object[]{"Information"});
setAutoCreateRowSorter(true);
setModel(model);
setDefaultEditor(Object.class, null);
addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
if (e.getClickCount() == 2) {
int selectedRow = getSelectedRow();
if (selectedRow != -1) {
String rowData = getValueAt(selectedRow, 0).toString();
messagePanel.applyMessageFilter(tableName, rowData);
}
}
}
});
}
}
}

345
src/main/java/burp/ui/board/MessagePanel.java
View File

@@ -1,345 +0,0 @@
package burp.ui.board;
import burp.IBurpExtenderCallbacks;
import burp.IExtensionHelpers;
import burp.IHttpRequestResponse;
import burp.IHttpRequestResponsePersisted;
import burp.IHttpService;
import burp.IMessageEditor;
import burp.IMessageEditorController;
import burp.config.ConfigEntry;
import burp.core.utils.StringHelper;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.JTabbedPane;
import javax.swing.JTable;
import javax.swing.SwingUtilities;
import javax.swing.SwingWorker;
import javax.swing.table.AbstractTableModel;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
/**
* @author EvilChen
*/
public class MessagePanel extends AbstractTableModel implements IMessageEditorController {
private JSplitPane splitPane;
private IMessageEditor requestViewer;
private IMessageEditor responseViewer;
private final IBurpExtenderCallbacks callbacks;
private final List<LogEntry> log = new ArrayList<LogEntry>();
private final List<LogEntry> filteredLog = new ArrayList<LogEntry>();
private IHttpRequestResponse currentlyDisplayedItem;
private final IExtensionHelpers helpers;
private Table logTable;
public MessagePanel(IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers) {
this.callbacks = callbacks;
this.helpers = helpers;
splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
logTable = new Table(MessagePanel.this);
logTable.setDefaultRenderer(Object.class, new CustomTableCellRenderer(filteredLog, logTable));
logTable.setAutoCreateRowSorter(true);
// Length字段根据大小进行排序
TableRowSorter<DefaultTableModel> sorter = (TableRowSorter<DefaultTableModel>) logTable.getRowSorter();
sorter.setComparator(3, new Comparator<String>() {
@Override
public int compare(String s1, String s2) {
Integer age1 = Integer.parseInt(s1);
Integer age2 = Integer.parseInt(s2);
return age1.compareTo(age2);
}
});
// Color字段根据颜色顺序进行排序
sorter.setComparator(4, new Comparator<String>() {
@Override
public int compare(String s1, String s2) {
int index1 = getIndex(s1);
int index2 = getIndex(s2);
return Integer.compare(index1, index2);
}
private int getIndex(String color) {
for (int i = 0; i < ConfigEntry.colorArray.length; i++) {
if (ConfigEntry.colorArray[i].equals(color)) {
return i;
}
}
return -1;
}
});
logTable.setRowSorter(sorter);
logTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
JScrollPane scrollPane = new JScrollPane(logTable);
scrollPane.setHorizontalScrollBarPolicy(JScrollPane.HORIZONTAL_SCROLLBAR_ALWAYS);
scrollPane.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS);
splitPane.setLeftComponent(scrollPane);
JTabbedPane tabs = new JTabbedPane();
requestViewer = callbacks.createMessageEditor(MessagePanel.this, false);
responseViewer = callbacks.createMessageEditor(MessagePanel.this, false);
tabs.addTab("Request", requestViewer.getComponent());
tabs.addTab("Response", responseViewer.getComponent());
splitPane.setRightComponent(tabs);
}
public JSplitPane getPanel() {
return splitPane;
}
public Table getTable() {
return logTable;
}
public List<LogEntry> getLogs() {
return log;
}
@Override
public int getRowCount()
{
return filteredLog.size();
}
@Override
public int getColumnCount()
{
return 5;
}
@Override
public String getColumnName(int columnIndex)
{
switch (columnIndex)
{
case 0:
return "Method";
case 1:
return "URL";
case 2:
return "Comment";
case 3:
return "Length";
case 4:
return "Color";
default:
return "";
}
}
@Override
public Class<?> getColumnClass(int columnIndex)
{
return String.class;
}
@Override
public Object getValueAt(int rowIndex, int columnIndex)
{
LogEntry logEntry = filteredLog.get(rowIndex);
switch (columnIndex)
{
case 0:
return logEntry.getMethod();
case 1:
return logEntry.getUrl().toString();
case 2:
return logEntry.getComment();
case 3:
return logEntry.getLength();
case 4:
return logEntry.getColor();
default:
return "";
}
}
public void applyHostFilter(String filterText) {
filteredLog.clear();
fireTableDataChanged();
for (LogEntry entry : log) {
String host = entry.getUrl().getHost();
if (StringHelper.matchFromEnd(host, filterText) || filterText.contains("*")) {
filteredLog.add(entry);
}
}
fireTableDataChanged();
}
public void applyMessageFilter(String tableName, String filterText) {
filteredLog.clear();
for (LogEntry entry : log) {
IHttpRequestResponsePersisted requestResponse = entry.getRequestResponse();
byte[] requestByte = requestResponse.getRequest();
byte[] responseByte = requestResponse.getResponse();
List<String> requestTmpHeaders = helpers.analyzeRequest(requestByte).getHeaders();
byte[] requestHeaders = helpers.stringToBytes(String.join("\n", requestTmpHeaders));
int requestBodyOffset = helpers.analyzeRequest(requestByte).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(requestByte, requestBodyOffset, requestByte.length);
List<String> responseTmpHeaders = helpers.analyzeResponse(responseByte).getHeaders();
byte[] responseHeaders = helpers.stringToBytes(String.join("\n", responseTmpHeaders));
int responseBodyOffset = helpers.analyzeResponse(responseByte).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(responseByte, responseBodyOffset, responseByte.length);
final boolean[] isMatched = {false}; // 标志变量,表示是否满足过滤条件
ConfigEntry.globalRules.keySet().forEach(i -> {
for (Object[] objects : ConfigEntry.globalRules.get(i)) {
String name = objects[1].toString();
String scope = objects[4].toString();
if (name.contains(tableName)) {
boolean match = false; // 标志变量,表示当前规则是否匹配
switch (scope) {
case "any":
match = helpers.indexOf(requestByte, helpers.stringToBytes(filterText), true, 0, requestByte.length) != -1 || helpers.indexOf(responseByte, helpers.stringToBytes(filterText), true, 0, responseByte.length) != -1;
break;
case "request":
match = helpers.indexOf(requestByte, helpers.stringToBytes(filterText), true, 0, requestByte.length) != -1;
break;
case "response":
match = helpers.indexOf(responseByte, helpers.stringToBytes(filterText), true, 0, responseByte.length) != -1;
break;
case "any header":
match = helpers.indexOf(requestHeaders, helpers.stringToBytes(filterText), true, 0, requestHeaders.length) != -1 || helpers.indexOf(responseHeaders, helpers.stringToBytes(filterText), true, 0, responseHeaders.length) != -1;
break;
case "request header":
match = helpers.indexOf(requestHeaders, helpers.stringToBytes(filterText), true, 0, requestHeaders.length) != -1;
break;
case "response header":
match = helpers.indexOf(responseHeaders, helpers.stringToBytes(filterText), true, 0, responseHeaders.length) != -1;
break;
case "any body":
match = helpers.indexOf(requestBody, helpers.stringToBytes(filterText), true, 0, requestBody.length) != -1 || helpers.indexOf(responseBody, helpers.stringToBytes(filterText), true, 0, responseBody.length) != -1;
break;
case "request body":
match = helpers.indexOf(requestBody, helpers.stringToBytes(filterText), true, 0, requestBody.length) != -1;
break;
case "response body":
match = helpers.indexOf(responseBody, helpers.stringToBytes(filterText), true, 0, responseBody.length) != -1;
break;
default:
break;
}
if (match) {
isMatched[0] = true;
break;
}
}
}
});
if (isMatched[0]) {
filteredLog.add(entry);
}
}
fireTableDataChanged();
}
public void deleteByHost(String filterText) {
filteredLog.clear();
List<Integer> rowsToRemove = new ArrayList<>();
for (int i = 0; i < log.size(); i++) {
LogEntry entry = log.get(i);
String host = entry.getUrl().getHost();
if (StringHelper.matchFromEnd(host, filterText) || filterText.contains("*")) {
rowsToRemove.add(i);
}
}
for (int i = rowsToRemove.size() - 1; i >= 0; i--) {
int row = rowsToRemove.get(i);
log.remove(row);
}
if (!rowsToRemove.isEmpty()) {
int[] rows = rowsToRemove.stream().mapToInt(Integer::intValue).toArray();
fireTableRowsDeleted(rows[0], rows[rows.length - 1]);
}
}
@Override
public byte[] getRequest()
{
return currentlyDisplayedItem.getRequest();
}
@Override
public byte[] getResponse()
{
return currentlyDisplayedItem.getResponse();
}
@Override
public IHttpService getHttpService()
{
return currentlyDisplayedItem.getHttpService();
}
public void add(IHttpRequestResponse messageInfo, String comment, String length, String color) {
synchronized(log)
{
LogEntry logEntry = new LogEntry(callbacks.saveBuffersToTempFiles(messageInfo), helpers.analyzeRequest(messageInfo).getMethod(),
helpers.analyzeRequest(messageInfo).getUrl(), comment, length, color);
log.add(logEntry);
}
}
public class Table extends JTable {
LogEntry logEntry;
private SwingWorker<Void, Void> currentWorker;
public Table(TableModel tableModel) {
super(tableModel);
}
@Override
public void changeSelection(int row, int col, boolean toggle, boolean extend) {
logEntry = filteredLog.get(convertRowIndexToModel(row));
requestViewer.setMessage("Loading...".getBytes(), true);
responseViewer.setMessage("Loading...".getBytes(), false);
currentlyDisplayedItem = logEntry.getRequestResponse();
// 取消之前的后台任务
if (currentWorker != null && !currentWorker.isDone()) {
currentWorker.cancel(true);
}
// 在后台线程中执行耗时操作
SwingWorker<Void, Void> worker = new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() throws Exception {
refreshMessage();
return null;
}
};
// 设置当前后台任务
currentWorker = worker;
// 启动后台线程
worker.execute();
super.changeSelection(row, col, toggle, extend);
}
private void refreshMessage() {
SwingUtilities.invokeLater(() -> {
requestViewer.setMessage(logEntry.getRequestResponse().getRequest(), true);
responseViewer.setMessage(logEntry.getRequestResponse().getResponse(), false);
});
}
}
}

209
src/main/java/burp/ui/rule/RulePane.java
View File

@@ -1,209 +0,0 @@
package burp.ui.rule;
import burp.rule.RuleProcessor;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import javax.swing.*;
import javax.swing.event.TableModelEvent;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.util.Vector;
/**
* @author LinChen & EvilChen
*/
public class RulePane extends JPanel {
private RuleProcessor ruleProcessor = new RuleProcessor();
private Boolean isEdit = false;
private DefaultTableModel model = createModel();
private static final int YES_OPTION = JOptionPane.YES_OPTION;
private static final String[] TITLE = {
"Loaded", "Name", "Regex", "Color", "Scope", "Engine", "Sensitive"
};
public RulePane(Object[][] data, JTabbedPane pane) {
initComponents(data, pane);
}
private DefaultTableModel createModel() {
return new DefaultTableModel() {
@Override
public Class<?> getColumnClass(int column) {
return (column == 0) ? Boolean.class : String.class;
}
@Override
public boolean isCellEditable(int row, int column) {
return column == 0;
}
};
}
private void updateModel() {
model = (DefaultTableModel) ruleTable.getModel();
}
private void ruleAddActionPerformed(ActionEvent e, JTabbedPane pane) {
RuleSetting ruleSettingPanel = new RuleSetting();
int showState = JOptionPane.showConfirmDialog(null, ruleSettingPanel, "Add Rule", JOptionPane.OK_OPTION);
if (showState == YES_OPTION) {
Vector<Object> ruleData = new Vector<>();
ruleData.add(false);
ruleData.add(ruleSettingPanel.ruleNameTextField.getText());
ruleData.add(ruleSettingPanel.regexTextField.getText());
ruleData.add(ruleSettingPanel.colorComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.scopeComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.engineComboBox.getSelectedItem().toString());
ruleData.add(ruleSettingPanel.sensitiveComboBox.getSelectedItem());
model.insertRow(model.getRowCount(), ruleData);
updateModel();
ruleProcessor.addRule(ruleData, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void ruleEditActionPerformed(ActionEvent e, JTabbedPane pane){
if (ruleTable.getSelectedRowCount() >= 1){
RuleSetting ruleSettingPanel = new RuleSetting();
ruleSettingPanel.ruleNameTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 1).toString());
ruleSettingPanel.regexTextField.setText(ruleTable.getValueAt(ruleTable.getSelectedRow(), 2).toString());
ruleSettingPanel.colorComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 3).toString());
ruleSettingPanel.scopeComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 4).toString());
ruleSettingPanel.engineComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(), 5).toString());
ruleSettingPanel.sensitiveComboBox.setSelectedItem(ruleTable.getValueAt(ruleTable.getSelectedRow(),6));
ruleSettingPanel.sensitiveComboBox.setEnabled(
ruleSettingPanel.engineComboBox.getSelectedItem().toString().equals("nfa")
);
int showState = JOptionPane.showConfirmDialog(null, ruleSettingPanel, "Edit Rule", JOptionPane.OK_OPTION);
if (showState == 0){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.setValueAt(ruleSettingPanel.ruleNameTextField.getText(), select, 1);
model.setValueAt(ruleSettingPanel.regexTextField.getText(), select, 2);
model.setValueAt(ruleSettingPanel.colorComboBox.getSelectedItem().toString(), select, 3);
model.setValueAt(ruleSettingPanel.scopeComboBox.getSelectedItem().toString(), select, 4);
model.setValueAt(ruleSettingPanel.engineComboBox.getSelectedItem().toString(), select, 5);
model.setValueAt(ruleSettingPanel.sensitiveComboBox.getSelectedItem(), select, 6);
model = (DefaultTableModel) ruleTable.getModel();
ruleProcessor.changeRule((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleRemoveActionPerformed(ActionEvent e, JTabbedPane pane){
if (ruleTable.getSelectedRowCount() >= 1){
int isOk = JOptionPane.showConfirmDialog(null, "Are your sure?", "Delete Rule", JOptionPane.OK_OPTION);
if (isOk == 0){
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.removeRow(select);
model = (DefaultTableModel) ruleTable.getModel();
ruleProcessor.removeRule(select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
}
private void ruleTableChange(TableModelEvent e, JTabbedPane pane) {
if (e.getColumn() == 0 && ruleTable.getSelectedRow() != -1 && !isEdit){
model = (DefaultTableModel) ruleTable.getModel();
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
ruleProcessor.changeRule((Vector) model.getDataVector().get(select), select, pane.getTitleAt(pane.getSelectedIndex()));
}
}
private void initComponents(Object[][] data, JTabbedPane pane) {
// JFormDesigner - Component initialization - DO NOT MODIFY //GEN-BEGIN:initComponents
addButton = new JButton();
editButton = new JButton();
scrollPane = new JScrollPane();
ruleTable = new JTable();
removeButton = new JButton();
//======== this ========
setLayout(new GridBagLayout());
((GridBagLayout)getLayout()).columnWidths = new int[] {0, 0, 0};
((GridBagLayout)getLayout()).rowHeights = new int[] {0, 0, 0, 0, 0};
((GridBagLayout)getLayout()).columnWeights = new double[] {0.0, 1.0, 1.0E-4};
((GridBagLayout)getLayout()).rowWeights = new double[] {0.0, 0.0, 0.0, 1.0, 1.0E-4};
//---- addButton ----
addButton.setText("Add");
addButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleAddActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(addButton, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 3, 2), 0, 0));
//---- editButton ----
editButton.setText("Edit");
editButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleEditActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(editButton, new GridBagConstraints(0, 1, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
//======== scrollPane ========
{
//---- table ----
ruleTable.setShowVerticalLines(false);
ruleTable.setVerifyInputWhenFocusTarget(false);
ruleTable.setUpdateSelectionOnSort(false);
ruleTable.setShowHorizontalLines(false);
ruleTable.setModel(new DefaultTableModel());
ruleTable.setSurrendersFocusOnKeystroke(true);
scrollPane.setViewportView(ruleTable);
}
add(scrollPane, new GridBagConstraints(1, 0, 1, 4, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 5, 5), 0, 0));
//---- removeButton ----
removeButton.setText("Remove");
removeButton.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
isEdit = true;
ruleRemoveActionPerformed(e, pane);
model = (DefaultTableModel) ruleTable.getModel();
isEdit = false;
}
});
add(removeButton, new GridBagConstraints(0, 2, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 3, 2), 0, 0));
ruleTable.setModel(model);
model.setDataVector(data, TITLE);
model.addTableModelListener(e -> ruleTableChange(e, pane));
ruleTable.setRowSorter(new TableRowSorter<>(model));
}
// JFormDesigner - Variables declaration - DO NOT MODIFY //GEN-BEGIN:variables
public JButton addButton;
public JButton editButton;
public JScrollPane scrollPane;
public JTable ruleTable;
public JButton removeButton;
// JFormDesigner - End of variables declaration //GEN-END:variables
}

72
src/main/java/hae/Config.java Normal file
View File

@@ -0,0 +1,72 @@
package hae;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
public class Config {
public static String suffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|apk|arc|au|avi|azw|bat|bin|bmp|bz|bz2|cmd|cmx|cod|com|csh|css|csv|dll|doc|docx|ear|eot|epub|exe|flac|flv|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|less|m3u|mid|midi|mjs|mkv|mov|mp2|mp3|mp4|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogg|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|scss|sh|snd|svg|swf|tar|tif|tiff|ttf|vsd|war|wav|weba|webm|webp|wmv|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip";
public static String host = "gh0st.cn";
public static String status = "404";
public static String header = "Last-Modified|Date|Connection|ETag";
public static String size = "0";
public static String boundary = "\n\t\n";
public static String[] scope = new String[]{
"any",
"any header",
"any body",
"response",
"response line",
"response header",
"response body",
"request",
"request line",
"request header",
"request body"
};
public static String scopeOptions = "Suite|Target|Proxy|Scanner|Intruder|Repeater|Logger|Sequencer|Decoder|Comparer|Extensions|Organizer|Recorded login replayer";
public static String modeStatus = "true";
public static String[] ruleFields = {
"Loaded", "Name", "F-Regex", "S-Regex", "Format", "Color", "Scope", "Engine", "Sensitive"
};
public static Object[][] ruleTemplate = new Object[][]{
{
false, "New Name", "(First Regex)", "(Second Regex)", "{0}", "gray", "any", "nfa", false
}
};
public static String[] engine = new String[]{
"nfa",
"dfa"
};
public static String[] color = new String[]{
"red",
"orange",
"yellow",
"green",
"cyan",
"blue",
"pink",
"magenta",
"gray",
"none"
};
public static Boolean proVersionStatus = true;
public static Map<String, Object[][]> globalRules = new HashMap<>();
public static ConcurrentHashMap<String, Map<String, List<String>>> globalDataMap = new ConcurrentHashMap<>();
}

71
src/main/java/hae/HaE.java Normal file
View File

@@ -0,0 +1,71 @@
package hae;
import burp.api.montoya.BurpExtension;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.BurpSuiteEdition;
import burp.api.montoya.logging.Logging;
import hae.cache.DataCache;
import hae.component.Main;
import hae.component.board.message.MessageTableModel;
import hae.instances.editor.RequestEditor;
import hae.instances.editor.ResponseEditor;
import hae.instances.editor.WebSocketEditor;
import hae.instances.websocket.WebSocketMessageHandler;
import hae.utils.ConfigLoader;
import hae.utils.DataManager;
public class HaE implements BurpExtension {
@Override
public void initialize(MontoyaApi api) {
// 设置扩展名称
api.extension().setName("HaE - Highlighter and Extractor");
String version = "4.3.1";
// 加载扩展后输出的项目信息
Logging logging = api.logging();
logging.logToOutput("[ HACK THE WORLD - TO DO IT ]");
logging.logToOutput("[#] Author: EvilChen && 0chencc && vaycore");
logging.logToOutput("[#] Github: https://github.com/gh0stkey/HaE");
logging.logToOutput("[#] Version: " + version);
// 配置文件加载
ConfigLoader configLoader = new ConfigLoader(api);
MessageTableModel messageTableModel = new MessageTableModel(api, configLoader);
// 设置BurpSuite专业版状态
Config.proVersionStatus = getBurpSuiteProStatus(api);
// 注册Tab页用于查询数据
api.userInterface().registerSuiteTab("HaE", new Main(api, configLoader, messageTableModel));
// 注册WebSocket处理器
api.proxy().registerWebSocketCreationHandler(proxyWebSocketCreation -> proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(new WebSocketMessageHandler(api, configLoader)));
// 注册消息编辑框(用于展示数据)
api.userInterface().registerHttpRequestEditorProvider(new RequestEditor(api, configLoader));
api.userInterface().registerHttpResponseEditorProvider(new ResponseEditor(api, configLoader));
api.userInterface().registerWebSocketMessageEditorProvider(new WebSocketEditor(api, configLoader));
// 从BurpSuite里加载数据
DataManager dataManager = new DataManager(api);
dataManager.loadData(messageTableModel);
api.extension().registerUnloadingHandler(() -> {
// 卸载清空数据
Config.globalDataMap.clear();
DataCache.clear();
});
}
private Boolean getBurpSuiteProStatus(MontoyaApi api) {
boolean burpSuiteProStatus = false;
try {
burpSuiteProStatus = api.burpSuite().version().edition() == BurpSuiteEdition.PROFESSIONAL;
} catch (Exception ignored) {
}
return burpSuiteProStatus;
}
}

30
src/main/java/hae/cache/DataCache.java vendored Normal file
View File

@@ -0,0 +1,30 @@
package hae.cache;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.Map;
import java.util.concurrent.TimeUnit;
public class DataCache {
private static final int MAX_SIZE = 100000;
private static final int EXPIRE_DURATION = 4;
private static final Cache<String, Map<String, Map<String, Object>>> cache =
Caffeine.newBuilder()
.maximumSize(MAX_SIZE)
.expireAfterWrite(EXPIRE_DURATION, TimeUnit.HOURS)
.build();
public static void put(String key, Map<String, Map<String, Object>> value) {
cache.put(key, value);
}
public static Map<String, Map<String, Object>> get(String key) {
return cache.getIfPresent(key);
}
public static void clear() {
cache.invalidateAll();
}
}

456
src/main/java/hae/component/Config.java Normal file
View File

@@ -0,0 +1,456 @@
package hae.component;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.Registration;
import hae.component.board.message.MessageTableModel;
import hae.component.rule.Rules;
import hae.instances.http.HttpMessageActiveHandler;
import hae.instances.http.HttpMessagePassiveHandler;
import hae.utils.ConfigLoader;
import hae.utils.UIEnhancer;
import javax.swing.*;
import javax.swing.border.EmptyBorder;
import javax.swing.border.TitledBorder;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import javax.swing.event.TableModelListener;
import javax.swing.table.DefaultTableModel;
import java.awt.*;
import java.awt.datatransfer.Clipboard;
import java.awt.datatransfer.DataFlavor;
import java.awt.event.*;
import java.util.List;
import java.util.*;
public class Config extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final MessageTableModel messageTableModel;
private final Rules rules;
private Registration activeHandler;
private Registration passiveHandler;
private boolean isLoadingData = false;
public Config(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel, Rules rules) {
this.api = api;
this.configLoader = configLoader;
this.messageTableModel = messageTableModel;
this.rules = rules;
this.activeHandler = api.http().registerHttpHandler(new HttpMessageActiveHandler(api, configLoader, messageTableModel));
this.passiveHandler = api.scanner().registerScanCheck(new HttpMessagePassiveHandler(api, configLoader, messageTableModel));
initComponents();
}
private void initComponents() {
setLayout(new BorderLayout());
GridBagConstraints constraints = new GridBagConstraints();
constraints.weightx = 1.0;
constraints.fill = GridBagConstraints.HORIZONTAL;
JPanel ruleInfoPanel = new JPanel(new GridBagLayout());
ruleInfoPanel.setBorder(new EmptyBorder(10, 15, 5, 15));
JLabel ruleLabel = new JLabel("Path:");
JTextField pathTextField = new JTextField();
pathTextField.setEditable(false);
pathTextField.setText(configLoader.getRulesFilePath());
JButton reloadButton = new JButton("Reload");
JButton reinitButton = new JButton("Reinit");
ruleInfoPanel.add(ruleLabel);
ruleInfoPanel.add(pathTextField, constraints);
ruleInfoPanel.add(Box.createHorizontalStrut(5));
ruleInfoPanel.add(reinitButton);
ruleInfoPanel.add(Box.createHorizontalStrut(5));
ruleInfoPanel.add(reloadButton);
reloadButton.addActionListener(this::reloadActionPerformed);
reinitButton.addActionListener(this::reinitActionPerformed);
constraints.gridx = 1;
JTabbedPane configTabbedPanel = new JTabbedPane();
String[] settingMode = new String[]{"Exclude suffix", "Block host", "Exclude status", "Dynamic Header"};
JPanel settingPanel = createConfigTablePanel(settingMode);
JPanel northPanel = new JPanel(new BorderLayout());
JPanel modePanel = getModePanel();
JScrollPane modeScrollPane = new JScrollPane(modePanel);
modeScrollPane.setBorder(new TitledBorder("Mode"));
JTextField limitPanel = getLimitPanel();
JScrollPane limitScrollPane = new JScrollPane(limitPanel);
limitScrollPane.setBorder(new TitledBorder("Limit Size (MB)"));
JSplitPane northTopPanel = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT, modeScrollPane, limitScrollPane);
northTopPanel.addComponentListener(new ComponentAdapter() {
@Override
public void componentResized(ComponentEvent e) {
northTopPanel.setDividerLocation(0.5);
}
});
JPanel scopePanel = getScopePanel();
JScrollPane scopeScrollPane = new JScrollPane(scopePanel);
scopeScrollPane.setBorder(new TitledBorder("Scope"));
northPanel.add(scopeScrollPane, BorderLayout.SOUTH);
northPanel.add(northTopPanel, BorderLayout.NORTH);
settingPanel.add(northPanel, BorderLayout.NORTH);
configTabbedPanel.add("Setting", settingPanel);
add(ruleInfoPanel, BorderLayout.NORTH);
add(configTabbedPanel, BorderLayout.CENTER);
}
private JPanel getScopePanel() {
JPanel scopePanel = new JPanel();
scopePanel.setLayout(new BoxLayout(scopePanel, BoxLayout.X_AXIS));
scopePanel.setBorder(new EmptyBorder(3, 0, 6, 0));
String[] scopeInit = hae.Config.scopeOptions.split("\\|");
String[] scopeMode = configLoader.getScope().split("\\|");
for (String scope : scopeInit) {
JCheckBox checkBox = new JCheckBox(scope);
scopePanel.add(checkBox);
checkBox.addActionListener(e -> updateScope(checkBox));
for (String mode : scopeMode) {
if (scope.equals(mode)) {
checkBox.setSelected(true);
}
}
updateScope(checkBox);
}
return scopePanel;
}
private JPanel getModePanel() {
JPanel modePanel = new JPanel();
modePanel.setLayout(new BoxLayout(modePanel, BoxLayout.X_AXIS));
JCheckBox checkBox = new JCheckBox("Enable active http message handler");
checkBox.setEnabled(hae.Config.proVersionStatus);
modePanel.add(checkBox);
checkBox.addActionListener(e -> updateModeStatus(checkBox));
checkBox.setSelected(configLoader.getMode());
updateModeStatus(checkBox);
return modePanel;
}
private JTextField getLimitPanel() {
JTextField limitSizeTextField = new JTextField();
limitSizeTextField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
onTextChange();
}
@Override
public void removeUpdate(DocumentEvent e) {
onTextChange();
}
@Override
public void changedUpdate(DocumentEvent e) {
onTextChange();
}
private void onTextChange() {
String limitSizeText = limitSizeTextField.getText();
configLoader.setLimitSize(limitSizeText);
}
});
limitSizeTextField.setText(configLoader.getLimitSize());
return limitSizeTextField;
}
private TableModelListener craeteSettingTableModelListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) {
return e -> {
// 如果是程序正在加载数据,不处理事件
if (isLoadingData) {
return;
}
String selected = (String) setTypeComboBox.getSelectedItem();
String values = getFirstColumnDataAsString(model);
if (selected != null) {
if (selected.equals("Exclude suffix")) {
if (!values.equals(configLoader.getExcludeSuffix())) {
configLoader.setExcludeSuffix(values);
}
}
if (selected.equals("Block host")) {
if (!values.equals(configLoader.getBlockHost())) {
configLoader.setBlockHost(values);
}
}
if (selected.equals("Exclude status")) {
if (!values.equals(configLoader.getExcludeStatus())) {
configLoader.setExcludeStatus(values);
}
}
if (selected.equals("Dynamic Header")) {
if (!values.equals(configLoader.getExcludeStatus())) {
configLoader.setDynamicHeader(values);
}
}
}
};
}
private ActionListener createSettingActionListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) {
return e -> {
String selected = (String) setTypeComboBox.getSelectedItem();
// 设置标志,表示正在加载数据
isLoadingData = true;
model.setRowCount(0);
if (selected != null) {
if (selected.equals("Exclude suffix")) {
addDataToTable(configLoader.getExcludeSuffix().replaceAll("\\|", "\r\n"), model);
}
if (selected.equals("Block host")) {
addDataToTable(configLoader.getBlockHost().replaceAll("\\|", "\r\n"), model);
}
if (selected.equals("Exclude status")) {
addDataToTable(configLoader.getExcludeStatus().replaceAll("\\|", "\r\n"), model);
}
if (selected.equals("Dynamic Header")) {
addDataToTable(configLoader.getDynamicHeader().replaceAll("\\|", "\r\n"), model);
}
}
// 重置标志
isLoadingData = false;
};
}
private JPanel createConfigTablePanel(String[] mode) {
GridBagConstraints constraints = new GridBagConstraints();
constraints.weightx = 1.0;
constraints.fill = GridBagConstraints.HORIZONTAL;
JPanel settingPanel = new JPanel(new BorderLayout());
DefaultTableModel model = new DefaultTableModel();
JTable table = new JTable(model);
model.addColumn("Value");
JScrollPane scrollPane = new JScrollPane(table);
JPanel buttonPanel = new JPanel();
buttonPanel.setBorder(new EmptyBorder(0, 3, 0, 0));
GridBagLayout layout = new GridBagLayout();
layout.rowHeights = new int[]{0, 0, 0, 0, 0, 0, 0};
layout.rowWeights = new double[]{0.0, 0.0, 0.0, 0.0, 0.0, 0.0, Double.MIN_VALUE};
buttonPanel.setLayout(layout);
JPanel inputPanel = new JPanel(new BorderLayout());
JPanel inputPanelB = new JPanel(new BorderLayout());
inputPanelB.setBorder(new EmptyBorder(0, 0, 3, 0));
JButton addButton = new JButton("Add");
JButton removeButton = new JButton("Remove");
JButton pasteButton = new JButton("Paste");
JButton clearButton = new JButton("Clear");
JComboBox<String> setTypeComboBox = new JComboBox<>();
setTypeComboBox.setModel(new DefaultComboBoxModel<>(mode));
model.addTableModelListener(craeteSettingTableModelListener(setTypeComboBox, model));
setTypeComboBox.addActionListener(createSettingActionListener(setTypeComboBox, model));
setTypeComboBox.setSelectedItem(mode[0]);
constraints.insets = new Insets(0, 0, 3, 0);
constraints.gridy = 0;
buttonPanel.add(setTypeComboBox, constraints);
constraints.gridy = 1;
buttonPanel.add(addButton, constraints);
constraints.gridy = 2;
buttonPanel.add(removeButton, constraints);
constraints.gridy = 3;
buttonPanel.add(pasteButton, constraints);
constraints.gridy = 4;
buttonPanel.add(clearButton, constraints);
JTextField addTextField = new JTextField();
String defaultText = "Enter a new item";
UIEnhancer.setTextFieldPlaceholder(addTextField, defaultText);
inputPanelB.add(addTextField, BorderLayout.CENTER);
inputPanel.add(scrollPane, BorderLayout.CENTER);
inputPanel.add(inputPanelB, BorderLayout.NORTH);
settingPanel.add(buttonPanel, BorderLayout.EAST);
settingPanel.add(inputPanel, BorderLayout.CENTER);
addButton.addActionListener(e -> addActionPerformed(e, model, addTextField));
addTextField.addKeyListener(new KeyAdapter() {
@Override
public void keyPressed(KeyEvent e) {
if (e.getKeyCode() == KeyEvent.VK_ENTER) {
addActionPerformed(null, model, addTextField);
}
}
});
pasteButton.addActionListener(e -> {
Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
try {
String data = (String) clipboard.getData(DataFlavor.stringFlavor);
if (data != null && !data.isEmpty()) {
addDataToTable(data, model);
}
} catch (Exception ignored) {
}
});
removeButton.addActionListener(e -> {
int selectedRow = table.getSelectedRow();
if (selectedRow != -1) {
model.removeRow(selectedRow);
}
});
clearButton.addActionListener(e -> model.setRowCount(0));
JPanel settingMainPanel = new JPanel(new BorderLayout());
settingMainPanel.setBorder(new EmptyBorder(5, 15, 10, 15));
JScrollPane settingScroller = new JScrollPane(settingPanel);
settingScroller.setBorder(new TitledBorder("Setting"));
settingMainPanel.add(settingScroller, BorderLayout.CENTER);
return settingMainPanel;
}
private String getFirstColumnDataAsString(DefaultTableModel model) {
StringBuilder firstColumnData = new StringBuilder();
int numRows = model.getRowCount();
for (int row = 0; row < numRows; row++) {
firstColumnData.append(model.getValueAt(row, 0));
if (row < numRows - 1) {
firstColumnData.append("|");
}
}
return firstColumnData.toString();
}
private void addDataToTable(String data, DefaultTableModel model) {
if (!data.isBlank()) {
String[] rows = data.split("\\r?\\n");
for (String row : rows) {
model.addRow(new String[]{row});
}
deduplicateTableData(model);
}
}
private void deduplicateTableData(DefaultTableModel model) {
// 使用 Map 存储每一行的数据,用于去重
Set<List<Object>> rowData = new LinkedHashSet<>();
int columnCount = model.getColumnCount();
// 将每一行数据作为一个列表,添加到 Set 中
for (int i = 0; i < model.getRowCount(); i++) {
List<Object> row = new ArrayList<>();
for (int j = 0; j < columnCount; j++) {
row.add(model.getValueAt(i, j));
}
rowData.add(row);
}
// 清除原始数据
model.setRowCount(0);
// 将去重后的数据添加回去
for (List<Object> uniqueRow : rowData) {
model.addRow(uniqueRow.toArray());
}
}
public void updateModeStatus(JCheckBox checkBox) {
boolean selected = checkBox.isSelected();
configLoader.setMode(selected ? "true" : "false");
if (checkBox.isSelected()) {
if (hae.Config.proVersionStatus && passiveHandler.isRegistered()) {
passiveHandler.deregister();
}
if (!activeHandler.isRegistered()) {
activeHandler = api.http().registerHttpHandler(new HttpMessageActiveHandler(api, configLoader, messageTableModel));
}
} else {
if (hae.Config.proVersionStatus && !passiveHandler.isRegistered()) {
passiveHandler = api.scanner().registerScanCheck(new HttpMessagePassiveHandler(api, configLoader, messageTableModel));
}
if (activeHandler.isRegistered()) {
activeHandler.deregister();
}
}
}
public void updateScope(JCheckBox checkBox) {
String boxText = checkBox.getText();
boolean selected = checkBox.isSelected();
Set<String> HaEScope = new HashSet<>(Arrays.asList(configLoader.getScope().split("\\|")));
if (selected) {
HaEScope.add(boxText);
} else {
HaEScope.remove(boxText);
}
configLoader.setScope(String.join("|", HaEScope));
}
private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField) {
String addTextFieldText = addTextField.getText();
if (addTextField.getForeground().equals(Color.BLACK)) {
addDataToTable(addTextFieldText, model);
addTextField.setText("");
addTextField.requestFocusInWindow();
}
}
private void reloadActionPerformed(ActionEvent e) {
rules.reloadRuleGroup();
}
private void reinitActionPerformed(ActionEvent e) {
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to reinitialize rules? This action will overwrite your existing rules.", "Info", JOptionPane.YES_NO_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
boolean ret = configLoader.initRules();
if (ret) {
rules.reloadRuleGroup();
}
}
}
}

77
src/main/java/hae/component/Main.java Normal file
View File

@@ -0,0 +1,77 @@
package hae.component;
import burp.api.montoya.MontoyaApi;
import hae.component.board.Databoard;
import hae.component.board.message.MessageTableModel;
import hae.component.rule.Rules;
import hae.utils.ConfigLoader;
import hae.utils.UIEnhancer;
import javax.swing.*;
import java.awt.*;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.net.URL;
public class Main extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final MessageTableModel messageTableModel;
public Main(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api;
this.configLoader = configLoader;
this.messageTableModel = messageTableModel;
initComponents();
}
private void initComponents() {
setLayout(new GridBagLayout());
((GridBagLayout) getLayout()).columnWidths = new int[]{0, 0};
((GridBagLayout) getLayout()).rowHeights = new int[]{0, 0};
((GridBagLayout) getLayout()).columnWeights = new double[]{1.0, 1.0E-4};
((GridBagLayout) getLayout()).rowWeights = new double[]{1.0, 1.0E-4};
JTabbedPane mainTabbedPane = new JTabbedPane();
// 新增Logo
JTabbedPane HaETabbedPane = new JTabbedPane();
boolean isDarkBg = UIEnhancer.isDarkColor(HaETabbedPane.getBackground());
HaETabbedPane.addTab("", getImageIcon(isDarkBg), mainTabbedPane);
// 中文Slogan赋能白帽高效作战
HaETabbedPane.addTab(" Highlighter and Extractor - Empower ethical hacker for efficient operations. ", null);
HaETabbedPane.setEnabledAt(1, false);
HaETabbedPane.addPropertyChangeListener("background", new PropertyChangeListener() {
@Override
public void propertyChange(PropertyChangeEvent e) {
boolean isDarkBg = UIEnhancer.isDarkColor(HaETabbedPane.getBackground());
HaETabbedPane.setIconAt(0, getImageIcon(isDarkBg));
}
});
add(HaETabbedPane, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 0, 0, 0), 0, 0));
// 依次添加Rules、Config、Databoard
Rules rules = new Rules(api, configLoader);
mainTabbedPane.addTab("Rules", rules);
mainTabbedPane.addTab("Databoard", new Databoard(api, configLoader, messageTableModel));
mainTabbedPane.addTab("Config", new Config(api, configLoader, messageTableModel, rules));
}
private ImageIcon getImageIcon(boolean isDark) {
ClassLoader classLoader = getClass().getClassLoader();
URL imageURL;
if (isDark) {
imageURL = classLoader.getResource("logo/logo.png");
} else {
imageURL = classLoader.getResource("logo/logo_black.png");
}
ImageIcon originalIcon = new ImageIcon(imageURL);
Image originalImage = originalIcon.getImage();
Image scaledImage = originalImage.getScaledInstance(30, 20, Image.SCALE_FAST);
return new ImageIcon(scaledImage);
}
}

467
src/main/java/hae/component/board/Databoard.java Normal file
View File

@@ -0,0 +1,467 @@
package hae.component.board;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import hae.cache.DataCache;
import hae.component.board.message.MessageTableModel;
import hae.component.board.message.MessageTableModel.MessageTable;
import hae.component.board.table.Datatable;
import hae.utils.ConfigLoader;
import hae.utils.UIEnhancer;
import hae.utils.string.StringProcessor;
import javax.swing.*;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import javax.swing.table.TableColumnModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.event.*;
import java.text.Collator;
import java.util.*;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
public class Databoard extends JPanel {
private static Boolean isMatchHost = false;
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final MessageTableModel messageTableModel;
private final DefaultComboBoxModel comboBoxModel = new DefaultComboBoxModel();
private final JComboBox hostComboBox = new JComboBox(comboBoxModel);
private JTextField hostTextField;
private JTabbedPane dataTabbedPane;
private JSplitPane splitPane;
private MessageTable messageTable;
private JProgressBar progressBar;
private SwingWorker<Map<String, List<String>>, Integer> handleComboBoxWorker;
private SwingWorker<Void, Void> applyHostFilterWorker;
public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api;
this.configLoader = configLoader;
this.messageTableModel = messageTableModel;
initComponents();
}
private void initComponents() {
setLayout(new GridBagLayout());
((GridBagLayout) getLayout()).columnWidths = new int[]{25, 0, 0, 0, 20, 0};
((GridBagLayout) getLayout()).rowHeights = new int[]{0, 65, 20, 0, 0};
((GridBagLayout) getLayout()).columnWeights = new double[]{0.0, 0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout) getLayout()).rowWeights = new double[]{0.0, 1.0, 0.0, 0.0, 1.0E-4};
JLabel hostLabel = new JLabel("Host:");
JButton clearDataButton = new JButton("Clear data");
JButton clearCacheButton = new JButton("Clear cache");
JButton actionButton = new JButton("Action");
JPanel menuPanel = new JPanel(new GridLayout(2, 1, 0, 5));
menuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3));
JPopupMenu menu = new JPopupMenu();
menuPanel.add(clearDataButton);
menuPanel.add(clearCacheButton);
menu.add(menuPanel);
hostTextField = new JTextField();
String defaultText = "Please enter the host";
UIEnhancer.setTextFieldPlaceholder(hostTextField, defaultText);
splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
dataTabbedPane = new JTabbedPane(JTabbedPane.TOP);
dataTabbedPane.setPreferredSize(new Dimension(500, 0));
dataTabbedPane.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
actionButton.addActionListener(e -> {
int x = 0;
int y = actionButton.getHeight();
menu.show(actionButton, x, y);
});
clearDataButton.addActionListener(this::clearDataActionPerformed);
clearCacheButton.addActionListener(this::clearCacheActionPerformed);
progressBar = new JProgressBar();
splitPane.addComponentListener(new ComponentAdapter() {
@Override
public void componentResized(ComponentEvent e) {
resizePanel();
}
});
splitPane.setVisible(false);
progressBar.setVisible(false);
add(hostLabel, new GridBagConstraints(1, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(hostTextField, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(actionButton, new GridBagConstraints(3, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
add(splitPane, new GridBagConstraints(1, 1, 3, 1, 0.0, 1.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(0, 5, 0, 5), 0, 0));
add(progressBar, new GridBagConstraints(1, 2, 3, 1, 1.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.HORIZONTAL,
new Insets(0, 5, 0, 5), 0, 0));
hostComboBox.setMaximumRowCount(5);
add(hostComboBox, new GridBagConstraints(2, 0, 1, 1, 0.0, 0.0, GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(8, 0, 5, 5), 0, 0));
setAutoMatch();
}
private void resizePanel() {
splitPane.setDividerLocation(0.4);
TableColumnModel columnModel = messageTable.getColumnModel();
int totalWidth = (int) (getWidth() * 0.6);
columnModel.getColumn(0).setPreferredWidth((int) (totalWidth * 0.1));
columnModel.getColumn(1).setPreferredWidth((int) (totalWidth * 0.3));
columnModel.getColumn(2).setPreferredWidth((int) (totalWidth * 0.3));
columnModel.getColumn(3).setPreferredWidth((int) (totalWidth * 0.1));
columnModel.getColumn(4).setPreferredWidth((int) (totalWidth * 0.1));
columnModel.getColumn(5).setPreferredWidth((int) (totalWidth * 0.1));
}
private void setProgressBar(boolean status, String message, int progress) {
progressBar.setIndeterminate(status && progress <= 0);
progressBar.setString(message);
progressBar.setStringPainted(true);
progressBar.setMaximum(100);
if (progress > 0) {
progressBar.setValue(progress);
} else if (!status) {
progressBar.setValue(progressBar.getMaximum());
}
}
private void setAutoMatch() {
hostComboBox.setSelectedItem(null);
hostComboBox.addActionListener(this::handleComboBoxAction);
hostTextField.addKeyListener(new KeyAdapter() {
@Override
public void keyPressed(KeyEvent e) {
handleKeyEvents(e);
}
});
hostTextField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
filterComboBoxList();
}
@Override
public void removeUpdate(DocumentEvent e) {
filterComboBoxList();
}
@Override
public void changedUpdate(DocumentEvent e) {
filterComboBoxList();
}
});
}
private void handleComboBoxAction(ActionEvent e) {
if (!isMatchHost && hostComboBox.getSelectedItem() != null) {
String selectedHost = hostComboBox.getSelectedItem().toString();
if (getHostByList().contains(selectedHost)) {
hostTextField.setText(selectedHost);
hostComboBox.setPopupVisible(false);
if (handleComboBoxWorker != null && !handleComboBoxWorker.isDone()) {
progressBar.setVisible(false);
handleComboBoxWorker.cancel(true);
}
handleComboBoxWorker = new DataLoadingWorker(selectedHost);
handleComboBoxWorker.execute();
}
}
}
private void handleKeyEvents(KeyEvent e) {
isMatchHost = true;
int keyCode = e.getKeyCode();
if (keyCode == KeyEvent.VK_SPACE && hostComboBox.isPopupVisible()) {
e.setKeyCode(KeyEvent.VK_ENTER);
}
if (Arrays.asList(KeyEvent.VK_DOWN, KeyEvent.VK_UP).contains(keyCode)) {
hostComboBox.dispatchEvent(e);
}
if (keyCode == KeyEvent.VK_ENTER) {
isMatchHost = false;
handleComboBoxAction(null);
}
if (keyCode == KeyEvent.VK_ESCAPE) {
hostComboBox.setPopupVisible(false);
}
isMatchHost = false;
}
private Map<String, List<String>> getSelectedMapByHost(String selectedHost, DataLoadingWorker worker) {
ConcurrentHashMap<String, Map<String, List<String>>> dataMap = Config.globalDataMap;
Map<String, List<String>> selectedDataMap;
if (selectedHost.contains("*")) {
selectedDataMap = new HashMap<>();
List<String> matchingKeys = new ArrayList<>();
// 第一步:找出所有匹配的键(预处理)
for (String key : dataMap.keySet()) {
if ((StringProcessor.matchesHostPattern(key, selectedHost) || selectedHost.equals("*")) && !key.contains("*")) {
matchingKeys.add(key);
}
}
// 第二步:分批处理数据
int totalKeys = matchingKeys.size();
for (int i = 0; i < totalKeys; i++) {
String key = matchingKeys.get(i);
Map<String, List<String>> ruleMap = dataMap.get(key);
if (ruleMap != null) {
for (String ruleKey : ruleMap.keySet()) {
List<String> dataList = ruleMap.get(ruleKey);
if (selectedDataMap.containsKey(ruleKey)) {
List<String> mergedList = new ArrayList<>(selectedDataMap.get(ruleKey));
mergedList.addAll(dataList);
// 使用HashSet去重
HashSet<String> uniqueSet = new HashSet<>(mergedList);
selectedDataMap.put(ruleKey, new ArrayList<>(uniqueSet));
} else {
selectedDataMap.put(ruleKey, new ArrayList<>(dataList));
}
}
}
// 报告进度
if (worker != null && i % 5 == 0) {
int progress = (int) ((i + 1) * 90.0 / totalKeys);
worker.publishProgress(progress);
}
}
} else {
selectedDataMap = dataMap.get(selectedHost);
// 对于非通配符匹配,直接返回结果
if (worker != null) {
worker.publishProgress(90);
}
}
return selectedDataMap != null ? selectedDataMap : new HashMap<>();
}
private void filterComboBoxList() {
isMatchHost = true;
comboBoxModel.removeAllElements();
String input = hostTextField.getText().toLowerCase();
if (!input.isEmpty()) {
for (String host : getHostByList()) {
String lowerCaseHost = host.toLowerCase();
if (lowerCaseHost.contains(input)) {
if (lowerCaseHost.equals(input)) {
comboBoxModel.insertElementAt(lowerCaseHost, 0);
comboBoxModel.setSelectedItem(lowerCaseHost);
} else {
comboBoxModel.addElement(host);
}
}
}
}
hostComboBox.setPopupVisible(comboBoxModel.getSize() > 0);
isMatchHost = false;
}
private void applyHostFilter(String filterText) {
TableRowSorter<TableModel> sorter = (TableRowSorter<TableModel>) messageTable.getRowSorter();
String cleanedText = StringProcessor.replaceFirstOccurrence(filterText, "*.", "");
if (applyHostFilterWorker != null && !applyHostFilterWorker.isDone()) {
applyHostFilterWorker.cancel(true);
}
applyHostFilterWorker = new SwingWorker<>() {
@Override
protected Void doInBackground() {
RowFilter<Object, Object> rowFilter = new RowFilter<>() {
public boolean include(Entry<?, ?> entry) {
if (cleanedText.equals("*")) {
return true;
} else {
String host = StringProcessor.getHostByUrl((String) entry.getValue(1));
return StringProcessor.matchesHostPattern(host, filterText);
}
}
};
sorter.setRowFilter(rowFilter);
messageTableModel.applyHostFilter(filterText);
return null;
}
};
applyHostFilterWorker.execute();
}
private List<String> getHostByList() {
List<String> result = new ArrayList<>();
if (!Config.globalDataMap.isEmpty()) {
result = new ArrayList<>(Config.globalDataMap.keySet());
}
return result;
}
private void clearCacheActionPerformed(ActionEvent e) {
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to clear cache?", "Info",
JOptionPane.YES_NO_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
DataCache.clear();
}
}
private void clearDataActionPerformed(ActionEvent e) {
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to clear data?", "Info",
JOptionPane.YES_NO_OPTION);
String host = hostTextField.getText();
if (retCode == JOptionPane.YES_OPTION && !host.isEmpty()) {
dataTabbedPane.removeAll();
splitPane.setVisible(false);
progressBar.setVisible(false);
Config.globalDataMap.keySet().parallelStream().forEach(key -> {
if (StringProcessor.matchesHostPattern(key, host) || host.equals("*")) {
Config.globalDataMap.remove(key);
}
});
// 删除无用的数据
Set<String> wildcardKeys = Config.globalDataMap.keySet().stream()
.filter(key -> key.startsWith("*."))
.collect(Collectors.toSet());
Set<String> existingSuffixes = Config.globalDataMap.keySet().stream()
.filter(key -> !key.startsWith("*."))
.map(key -> {
int dotIndex = key.indexOf(".");
return dotIndex != -1 ? key.substring(dotIndex) : "";
})
.collect(Collectors.toSet());
Set<String> keysToRemove = wildcardKeys.stream()
.filter(key -> !existingSuffixes.contains(key.substring(1)))
.collect(Collectors.toSet());
keysToRemove.forEach(Config.globalDataMap::remove);
if (Config.globalDataMap.size() == 1 && Config.globalDataMap.keySet().stream().anyMatch(key -> key.equals("*"))) {
Config.globalDataMap.remove("*");
}
messageTableModel.deleteByHost(host);
hostTextField.setText("");
}
}
// 定义为内部类
private class DataLoadingWorker extends SwingWorker<Map<String, List<String>>, Integer> {
private final String selectedHost;
public DataLoadingWorker(String selectedHost) {
this.selectedHost = selectedHost;
progressBar.setVisible(true);
}
@Override
protected Map<String, List<String>> doInBackground() throws Exception {
return getSelectedMapByHost(selectedHost, this);
}
@Override
protected void process(List<Integer> chunks) {
if (!chunks.isEmpty()) {
int progress = chunks.get(chunks.size() - 1);
setProgressBar(true, "Loading... " + progress + "%", progress);
}
}
@Override
protected void done() {
if (!isCancelled()) {
try {
Map<String, List<String>> selectedDataMap = get();
if (selectedDataMap != null && !selectedDataMap.isEmpty()) {
dataTabbedPane.removeAll();
for (Map.Entry<String, List<String>> entry : selectedDataMap.entrySet()) {
String tabTitle = String.format("%s (%s)", entry.getKey(), entry.getValue().size());
Datatable datatablePanel = new Datatable(api, configLoader, entry.getKey(), entry.getValue());
datatablePanel.setTableListener(messageTableModel);
insertTabSorted(dataTabbedPane, tabTitle, datatablePanel);
}
JSplitPane messageSplitPane = messageTableModel.getSplitPane();
splitPane.setLeftComponent(dataTabbedPane);
splitPane.setRightComponent(messageSplitPane);
messageTable = messageTableModel.getMessageTable();
resizePanel();
splitPane.setVisible(true);
applyHostFilter(selectedHost);
setProgressBar(false, "OK", 100);
} else {
setProgressBar(false, "Error", 0);
}
} catch (Exception e) {
api.logging().logToOutput("DataLoadingWorker: " + e.getMessage());
setProgressBar(false, "Error", 0);
}
}
}
public static void insertTabSorted(JTabbedPane tabbedPane, String title, Component component) {
int insertIndex = 0;
int tabCount = tabbedPane.getTabCount();
// 使用 Collator 实现更友好的语言排序(支持中文、特殊字符等)
Collator collator = Collator.getInstance(Locale.getDefault());
collator.setStrength(Collator.PRIMARY); // 忽略大小写和重音
for (int i = 0; i < tabCount; i++) {
String existingTitle = tabbedPane.getTitleAt(i);
if (collator.compare(existingTitle, title) > 0) {
insertIndex = i;
break;
}
insertIndex = i + 1;
}
tabbedPane.insertTab(title, null, component, null, insertIndex);
}
// 提供一个公共方法来发布进度
public void publishProgress(int progress) {
publish(progress);
}
}
}

23
src/main/java/burp/ui/board/LogEntry.java → src/main/java/hae/component/board/message/MessageEntry.java
View File

@@ -1,31 +1,32 @@
package burp.ui.board;
package hae.component.board.message;
import burp.IHttpRequestResponsePersisted;
import java.net.URL;
import burp.api.montoya.http.message.HttpRequestResponse;
public class LogEntry {
public class MessageEntry {
private final String comment;
private final IHttpRequestResponsePersisted requestResponse;
private final URL url;
private final HttpRequestResponse requestResponse;
private final String url;
private final String length;
private final String status;
private final String color;
private final String method;
LogEntry(IHttpRequestResponsePersisted requestResponse, String method, URL url, String comment, String length, String color) {
MessageEntry(HttpRequestResponse requestResponse, String method, String url, String comment, String length, String color, String status) {
this.requestResponse = requestResponse;
this.method = method;
this.url = url;
this.comment = comment;
this.length = length;
this.color = color;
this.status = status;
}
public String getColor() {
return this.color;
}
public URL getUrl() {
public String getUrl() {
return this.url;
}
@@ -41,7 +42,11 @@ public class LogEntry {
return this.method;
}
public IHttpRequestResponsePersisted getRequestResponse() {
public String getStatus() {
return this.status;
}
public HttpRequestResponse getRequestResponse() {
return this.requestResponse;
}
}

79
src/main/java/hae/component/board/message/MessageRenderer.java Normal file
View File

@@ -0,0 +1,79 @@
package hae.component.board.message;
import javax.swing.*;
import javax.swing.table.DefaultTableCellRenderer;
import java.awt.*;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
public class MessageRenderer extends DefaultTableCellRenderer {
private final LinkedList<MessageEntry> log;
private final Map<String, Color> colorMap = new HashMap<>();
private final JTable table; // 保存对表格的引用
public MessageRenderer(LinkedList<MessageEntry> log, JTable table) {
this.log = log;
// 与BurpSuite的颜色保持一致
this.colorMap.put("red", new Color(0xFF, 0x64, 0x64));
this.colorMap.put("orange", new Color(0xFF, 0xC8, 0x64));
this.colorMap.put("yellow", new Color(0xFF, 0xFF, 0x64));
this.colorMap.put("green", new Color(0x64, 0xFF, 0x64));
this.colorMap.put("cyan", new Color(0x64, 0xFF, 0xFF));
this.colorMap.put("blue", new Color(0x64, 0x64, 0xFF));
this.colorMap.put("pink", new Color(0xFF, 0xC8, 0xC8));
this.colorMap.put("magenta", new Color(0xFF, 0x64, 0xFF));
this.colorMap.put("gray", new Color(0xB4, 0xB4, 0xB4));
this.colorMap.put("none", new Color(0, 0, 0, 0));
this.table = table;
}
@Override
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected,
boolean hasFocus, int row, int column) {
Component component = super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
// 添加边界检查以防止IndexOutOfBoundsException
int modelRow = table.convertRowIndexToModel(row);
if (modelRow < 0 || modelRow >= log.size()) {
// 如果索引无效,返回默认渲染组件(使用默认背景色)
component.setBackground(Color.WHITE);
component.setForeground(Color.BLACK);
return component;
}
MessageEntry messageEntry = log.get(modelRow);
// 设置颜色
String colorByLog = messageEntry.getColor();
Color color = colorMap.get(colorByLog);
// 如果颜色映射中没有找到对应颜色,使用默认白色
if (color == null) {
color = Color.WHITE;
}
if (isSelected) {
component.setBackground(UIManager.getColor("Table.selectionBackground"));
} else {
component.setBackground(color);
}
component.setForeground(Color.BLACK);
return component;
}
@Override
public void firePropertyChange(String propertyName, Object oldValue, Object newValue) {
super.firePropertyChange(propertyName, oldValue, newValue);
// 监听表格排序的属性变化
if ("tableCellRenderer".equals(propertyName)) {
// 更新每一行数据的颜色
for (int i = 0; i < table.getRowCount(); i++) {
table.repaint(table.getCellRect(i, 0, true));
}
}
}
}

531
src/main/java/hae/component/board/message/MessageTableModel.java Normal file
View File

@@ -0,0 +1,531 @@
package hae.component.board.message;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.persistence.PersistedObject;
import burp.api.montoya.ui.UserInterface;
import burp.api.montoya.ui.editor.HttpRequestEditor;
import burp.api.montoya.ui.editor.HttpResponseEditor;
import hae.Config;
import hae.utils.ConfigLoader;
import hae.utils.DataManager;
import hae.utils.string.StringProcessor;
import javax.swing.*;
import javax.swing.table.AbstractTableModel;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.util.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import static burp.api.montoya.ui.editor.EditorOptions.READ_ONLY;
public class MessageTableModel extends AbstractTableModel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final MessageTable messageTable;
private final JSplitPane splitPane;
private final LinkedList<MessageEntry> log = new LinkedList<>();
private final LinkedList<MessageEntry> filteredLog;
private SwingWorker<Void, Void> currentWorker;
public MessageTableModel(MontoyaApi api, ConfigLoader configLoader) {
this.filteredLog = new LinkedList<>();
this.api = api;
this.configLoader = configLoader;
JTabbedPane messageTab = new JTabbedPane();
UserInterface userInterface = api.userInterface();
HttpRequestEditor requestViewer = userInterface.createHttpRequestEditor(READ_ONLY);
HttpResponseEditor responseViewer = userInterface.createHttpResponseEditor(READ_ONLY);
messageTab.addTab("Request", requestViewer.uiComponent());
messageTab.addTab("Response", responseViewer.uiComponent());
// 请求条目表格
messageTable = new MessageTable(MessageTableModel.this, requestViewer, responseViewer);
messageTable.setDefaultRenderer(Object.class, new MessageRenderer(filteredLog, messageTable));
messageTable.setAutoCreateRowSorter(true);
TableRowSorter<DefaultTableModel> sorter = getDefaultTableModelTableRowSorter();
messageTable.setRowSorter(sorter);
messageTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
// 请求/响应文本框
JScrollPane scrollPane = new JScrollPane(messageTable);
scrollPane.setHorizontalScrollBarPolicy(JScrollPane.HORIZONTAL_SCROLLBAR_ALWAYS);
scrollPane.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS);
splitPane.setLeftComponent(scrollPane);
splitPane.setRightComponent(messageTab);
}
private TableRowSorter<DefaultTableModel> getDefaultTableModelTableRowSorter() {
TableRowSorter<DefaultTableModel> sorter = (TableRowSorter<DefaultTableModel>) messageTable.getRowSorter();
// Length字段根据大小进行排序
sorter.setComparator(4, (Comparator<String>) (s1, s2) -> {
Integer age1 = Integer.parseInt(s1);
Integer age2 = Integer.parseInt(s2);
return age1.compareTo(age2);
});
// Color字段根据颜色顺序进行排序
sorter.setComparator(5, new Comparator<String>() {
@Override
public int compare(String s1, String s2) {
int index1 = getIndex(s1);
int index2 = getIndex(s2);
return Integer.compare(index1, index2);
}
private int getIndex(String color) {
for (int i = 0; i < Config.color.length; i++) {
if (Config.color[i].equals(color)) {
return i;
}
}
return -1;
}
});
return sorter;
}
public synchronized void add(HttpRequestResponse messageInfo, String url, String method, String status, String length, String comment, String color, boolean flag) {
synchronized (log) {
if (messageInfo == null) {
return;
}
if (comment == null || comment.trim().isEmpty()) {
return;
}
if (color == null || color.trim().isEmpty()) {
return;
}
boolean isDuplicate = false;
try {
if (!log.isEmpty() && flag) {
String host = StringProcessor.getHostByUrl(url);
for (MessageEntry entry : log) {
if (host.equals(StringProcessor.getHostByUrl(entry.getUrl()))) {
if (isRequestDuplicate(
messageInfo, entry.getRequestResponse(),
url, entry.getUrl(),
comment, entry.getComment(),
color, entry.getColor()
)) {
isDuplicate = true;
break;
}
}
}
}
} catch (Exception ignored) {
}
if (!isDuplicate) {
if (flag) {
persistData(messageInfo, comment, color);
}
log.add(new MessageEntry(messageInfo, method, url, comment, length, color, status));
}
}
}
private boolean isRequestDuplicate(
HttpRequestResponse newReq, HttpRequestResponse existingReq,
String newUrl, String existingUrl,
String newComment, String existingComment,
String newColor, String existingColor) {
try {
// 基础属性匹配
String normalizedNewUrl = normalizeUrl(newUrl);
String normalizedExistingUrl = normalizeUrl(existingUrl);
boolean basicMatch = normalizedNewUrl.equals(normalizedExistingUrl);
// 请求响应内容匹配
byte[] newReqBytes = newReq.request().toByteArray().getBytes();
byte[] newResBytes = newReq.response().toByteArray().getBytes();
byte[] existingReqBytes = existingReq.request().toByteArray().getBytes();
byte[] existingResBytes = existingReq.response().toByteArray().getBytes();
boolean contentMatch = Arrays.equals(newReqBytes, existingReqBytes) &&
Arrays.equals(newResBytes, existingResBytes);
// 注释和颜色匹配
boolean metadataMatch = areCommentsEqual(newComment, existingComment) &&
newColor.equals(existingColor);
return (basicMatch || contentMatch) && metadataMatch;
} catch (Exception e) {
return false;
}
}
private String normalizeUrl(String url) {
if (url == null) {
return "";
}
String normalized = url.trim().toLowerCase();
while (normalized.endsWith("/")) {
normalized = normalized.substring(0, normalized.length() - 1);
}
return normalized.replaceAll("//", "/");
}
private boolean areCommentsEqual(String comment1, String comment2) {
if (comment1 == null || comment2 == null) {
return false;
}
try {
// 将注释按规则拆分并排序
Set<String> rules1 = new TreeSet<>(Arrays.asList(comment1.split(", ")));
Set<String> rules2 = new TreeSet<>(Arrays.asList(comment2.split(", ")));
return rules1.equals(rules2);
} catch (Exception e) {
return false;
}
}
private void persistData(HttpRequestResponse messageInfo, String comment, String color) {
try {
DataManager dataManager = new DataManager(api);
PersistedObject persistedObject = PersistedObject.persistedObject();
persistedObject.setHttpRequestResponse("messageInfo", messageInfo);
persistedObject.setString("comment", comment);
persistedObject.setString("color", color);
String uuidIndex = StringProcessor.getRandomUUID();
dataManager.putData("message", uuidIndex, persistedObject);
} catch (Exception e) {
api.logging().logToError("Data persistence error: " + e.getMessage());
}
}
public void deleteByHost(String filterText) {
filteredLog.clear();
List<Integer> rowsToRemove = new ArrayList<>();
if (currentWorker != null && !currentWorker.isDone()) {
currentWorker.cancel(true);
}
currentWorker = new SwingWorker<>() {
@Override
protected Void doInBackground() {
for (int i = 0; i < log.size(); i++) {
MessageEntry entry = log.get(i);
String host = StringProcessor.getHostByUrl(entry.getUrl());
if (!host.isEmpty()) {
if (StringProcessor.matchesHostPattern(host, filterText) || filterText.equals("*")) {
rowsToRemove.add(i);
}
}
}
for (int i = rowsToRemove.size() - 1; i >= 0; i--) {
int row = rowsToRemove.get(i);
log.remove(row);
}
return null;
}
};
currentWorker.execute();
}
public void applyHostFilter(String filterText) {
// 预分配合适的容量,避免频繁扩容
final List<MessageEntry> newFilteredLog = new ArrayList<>(log.size() / 2);
// 预处理过滤条件,优化性能
final boolean isWildcardFilter = "*".equals(filterText) || filterText.contains("*");
final String normalizedFilter = filterText.toLowerCase().trim();
// 创建log的安全副本
final List<MessageEntry> logSnapshot;
synchronized (log) {
logSnapshot = new ArrayList<>(log);
}
// 使用并行流高效过滤,但保持有序
logSnapshot.parallelStream()
.filter(entry -> {
// 快速通配符检查
if (isWildcardFilter && "*".equals(filterText)) {
return true;
}
try {
String host = StringProcessor.getHostByUrl(entry.getUrl());
if (host.isEmpty()) {
return false;
}
// 优化后的匹配逻辑
return StringProcessor.matchesHostPattern(host, filterText) ||
(isWildcardFilter && host.toLowerCase().contains(normalizedFilter.replace("*", "")));
} catch (Exception e) {
return false;
}
})
.forEachOrdered(newFilteredLog::add);
// 一次性更新UI避免频繁刷新
SwingUtilities.invokeLater(() -> {
synchronized (filteredLog) {
filteredLog.clear();
filteredLog.addAll(newFilteredLog);
}
fireTableDataChanged();
});
}
public void applyMessageFilter(String tableName, String filterText) {
List<MessageEntry> newFilteredLog = new ArrayList<>();
// 创建log的安全副本以避免ConcurrentModificationException
List<MessageEntry> logSnapshot;
synchronized (log) {
logSnapshot = new ArrayList<>(log);
}
for (MessageEntry entry : logSnapshot) {
// 标志变量,表示是否满足过滤条件
AtomicBoolean isMatched = new AtomicBoolean(false);
try {
HttpRequestResponse requestResponse = entry.getRequestResponse();
HttpRequest httpRequest = requestResponse.request();
HttpResponse httpResponse = requestResponse.response();
String requestString = new String(httpRequest.toByteArray().getBytes(), StandardCharsets.UTF_8);
String requestBody = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8);
String requestHeaders = httpRequest.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\r\n"));
String responseString = new String(httpResponse.toByteArray().getBytes(), StandardCharsets.UTF_8);
String responseBody = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8);
String responseHeaders = httpResponse.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\r\n"));
Config.globalRules.keySet().forEach(i -> {
for (Object[] objects : Config.globalRules.get(i)) {
String name = objects[1].toString();
String format = objects[4].toString();
String scope = objects[6].toString();
// 从注释中查看是否包含当前规则名,包含的再进行查询,有效减少无意义的检索时间
if (entry.getComment().contains(name)) {
if (name.equals(tableName)) {
// 标志变量,表示当前规则是否匹配
boolean isMatch = false;
switch (scope) {
case "any":
isMatch = matchingString(format, filterText, requestString) || matchingString(format, filterText, responseString);
break;
case "request":
isMatch = matchingString(format, filterText, requestString);
break;
case "response":
isMatch = matchingString(format, filterText, responseString);
break;
case "any header":
isMatch = matchingString(format, filterText, requestHeaders) || matchingString(format, filterText, responseHeaders);
break;
case "request header":
isMatch = matchingString(format, filterText, requestHeaders);
break;
case "response header":
isMatch = matchingString(format, filterText, responseHeaders);
break;
case "any body":
isMatch = matchingString(format, filterText, requestBody) || matchingString(format, filterText, responseBody);
break;
case "request body":
isMatch = matchingString(format, filterText, requestBody);
break;
case "response body":
isMatch = matchingString(format, filterText, responseBody);
break;
case "request line":
String requestLine = requestString.split("\\r?\\n", 2)[0];
isMatch = matchingString(format, filterText, requestLine);
break;
case "response line":
String responseLine = responseString.split("\\r?\\n", 2)[0];
isMatch = matchingString(format, filterText, responseLine);
break;
default:
break;
}
isMatched.set(isMatch);
break;
}
}
}
});
// 由于每个用户规则不同,如果进行项目文件共享则需要考虑全部匹配一下
if (!isMatched.get()) {
isMatched.set(matchingString("{0}", filterText, requestString) || matchingString("{0}", filterText, responseString));
}
if (isMatched.get()) {
newFilteredLog.add(entry);
}
} catch (Exception ignored) {
}
}
// 在EDT线程中更新UI
SwingUtilities.invokeLater(() -> {
synchronized (filteredLog) {
filteredLog.clear();
filteredLog.addAll(newFilteredLog);
}
fireTableDataChanged();
messageTable.lastSelectedIndex = -1;
});
}
private boolean matchingString(String format, String filterText, String target) {
boolean isMatch = true;
try {
MessageFormat mf = new MessageFormat(format);
Object[] parsedObjects = mf.parse(filterText);
for (Object parsedObject : parsedObjects) {
if (!target.contains(parsedObject.toString())) {
isMatch = false;
break;
}
}
} catch (Exception e) {
isMatch = false;
}
return isMatch;
}
public JSplitPane getSplitPane() {
return splitPane;
}
public MessageTable getMessageTable() {
return messageTable;
}
@Override
public int getRowCount() {
synchronized (filteredLog) {
return filteredLog.size();
}
}
@Override
public int getColumnCount() {
return 6;
}
@Override
public Object getValueAt(int rowIndex, int columnIndex) {
synchronized (filteredLog) {
if (rowIndex < 0 || rowIndex >= filteredLog.size()) {
return "";
}
try {
MessageEntry messageEntry = filteredLog.get(rowIndex);
if (messageEntry == null) {
return "";
}
return switch (columnIndex) {
case 0 -> messageEntry.getMethod();
case 1 -> messageEntry.getUrl();
case 2 -> messageEntry.getComment();
case 3 -> messageEntry.getStatus();
case 4 -> messageEntry.getLength();
case 5 -> messageEntry.getColor();
default -> "";
};
} catch (Exception e) {
api.logging().logToError("getValueAt: " + e.getMessage());
return "";
}
}
}
@Override
public String getColumnName(int columnIndex) {
return switch (columnIndex) {
case 0 -> "Method";
case 1 -> "URL";
case 2 -> "Comment";
case 3 -> "Status";
case 4 -> "Length";
case 5 -> "Color";
default -> "";
};
}
public class MessageTable extends JTable {
private final ExecutorService executorService;
private final HttpRequestEditor requestEditor;
private final HttpResponseEditor responseEditor;
private int lastSelectedIndex = -1;
public MessageTable(TableModel messageTableModel, HttpRequestEditor requestEditor, HttpResponseEditor responseEditor) {
super(messageTableModel);
this.requestEditor = requestEditor;
this.responseEditor = responseEditor;
this.executorService = Executors.newSingleThreadExecutor();
}
@Override
public void changeSelection(int row, int col, boolean toggle, boolean extend) {
super.changeSelection(row, col, toggle, extend);
int selectedIndex = convertRowIndexToModel(row);
if (lastSelectedIndex != selectedIndex) {
lastSelectedIndex = selectedIndex;
executorService.execute(this::getSelectedMessage);
}
}
private void getSelectedMessage() {
MessageEntry messageEntry = filteredLog.get(lastSelectedIndex);
HttpRequestResponse httpRequestResponse = messageEntry.getRequestResponse();
requestEditor.setRequest(HttpRequest.httpRequest(messageEntry.getRequestResponse().httpService(), httpRequestResponse.request().toByteArray()));
int responseSizeWithMb = httpRequestResponse.response().toString().length() / 1024 / 1024;
if ((responseSizeWithMb < Integer.parseInt(configLoader.getLimitSize())) || configLoader.getLimitSize().equals("0")) {
responseEditor.setResponse(httpRequestResponse.response());
} else {
responseEditor.setResponse(HttpResponse.httpResponse("Exceeds length limit."));
}
}
}
}

277
src/main/java/hae/component/board/table/Datatable.java Normal file
View File

@@ -0,0 +1,277 @@
package hae.component.board.table;
import burp.api.montoya.MontoyaApi;
import hae.component.board.message.MessageTableModel;
import hae.utils.ConfigLoader;
import hae.utils.UIEnhancer;
import javax.swing.*;
import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableColumn;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.datatransfer.Clipboard;
import java.awt.datatransfer.StringSelection;
import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.List;
import java.util.regex.Pattern;
public class Datatable extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final JTable dataTable;
private final DefaultTableModel dataTableModel;
private final JTextField searchField;
private final JTextField secondSearchField;
private final TableRowSorter<DefaultTableModel> sorter;
private final JCheckBox searchMode = new JCheckBox("Reverse search");
private final JCheckBox regexMode = new JCheckBox("Regex mode");
private final String tabName;
private final JPanel footerPanel;
private SwingWorker<Void, Void> doubleClickWorker;
public Datatable(MontoyaApi api, ConfigLoader configLoader, String tabName, List<String> dataList) {
this.api = api;
this.configLoader = configLoader;
this.tabName = tabName;
String[] columnNames = {"#", "Information"};
this.dataTableModel = new DefaultTableModel(columnNames, 0);
this.dataTable = new JTable(dataTableModel);
this.sorter = new TableRowSorter<>(dataTableModel);
this.searchField = new JTextField(10);
this.secondSearchField = new JTextField(10);
this.footerPanel = new JPanel(new BorderLayout(0, 5));
initComponents(dataList);
}
private void initComponents(List<String> dataList) {
dataTable.setRowSorter(sorter);
// 设置ID排序
sorter.setComparator(0, (Comparator<Integer>) Integer::compareTo);
for (String item : dataList) {
if (!item.isEmpty()) {
addRowToTable(new Object[]{item});
}
}
UIEnhancer.setTextFieldPlaceholder(searchField, "Search");
searchField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void removeUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void changedUpdate(DocumentEvent e) {
performSearch();
}
});
UIEnhancer.setTextFieldPlaceholder(secondSearchField, "Second search");
secondSearchField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void removeUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void changedUpdate(DocumentEvent e) {
performSearch();
}
});
// 设置布局
JScrollPane scrollPane = new JScrollPane(dataTable);
scrollPane.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS);
TableColumn idColumn = dataTable.getColumnModel().getColumn(0);
idColumn.setPreferredWidth(50);
idColumn.setMaxWidth(100);
setLayout(new BorderLayout(0, 5));
JPanel optionsPanel = new JPanel();
optionsPanel.setLayout(new BoxLayout(optionsPanel, BoxLayout.X_AXIS));
// Settings按钮
JPanel settingMenuPanel = new JPanel(new GridLayout(2, 1));
settingMenuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3));
JPopupMenu settingMenu = new JPopupMenu();
settingMenuPanel.add(searchMode);
settingMenuPanel.add(regexMode);
regexMode.setSelected(true);
searchMode.addItemListener(e -> performSearch());
settingMenu.add(settingMenuPanel);
JButton settingsButton = new JButton("Settings");
setMenuShow(settingMenu, settingsButton);
optionsPanel.add(settingsButton);
optionsPanel.add(Box.createHorizontalStrut(5));
optionsPanel.add(searchField);
optionsPanel.add(Box.createHorizontalStrut(5));
optionsPanel.add(secondSearchField);
footerPanel.setBorder(BorderFactory.createEmptyBorder(2, 3, 5, 3));
footerPanel.add(optionsPanel, BorderLayout.CENTER);
add(scrollPane, BorderLayout.CENTER);
add(footerPanel, BorderLayout.SOUTH);
}
private void setMenuShow(JPopupMenu menu, JButton button) {
button.addActionListener(e -> {
Point buttonLocation = button.getLocationOnScreen();
Dimension menuSize = menu.getPreferredSize();
int x = buttonLocation.x + (button.getWidth() - menuSize.width) / 2;
int y = buttonLocation.y - menuSize.height;
menu.show(button, x - buttonLocation.x, y - buttonLocation.y);
});
}
private void addRowToTable(Object[] data) {
int rowCount = dataTableModel.getRowCount();
int id = rowCount > 0 ? (Integer) dataTableModel.getValueAt(rowCount - 1, 0) + 1 : 1;
Object[] rowData = new Object[data.length + 1];
rowData[0] = id;
System.arraycopy(data, 0, rowData, 1, data.length);
dataTableModel.addRow(rowData);
}
private void performSearch() {
List<RowFilter<Object, Object>> filters = new ArrayList<>();
if (UIEnhancer.hasUserInput(searchField)) {
filters.add(getObjectObjectRowFilter(searchField, true));
}
if (UIEnhancer.hasUserInput(secondSearchField)) {
filters.add(getObjectObjectRowFilter(secondSearchField, false));
}
sorter.setRowFilter(filters.isEmpty() ? null : RowFilter.andFilter(filters));
}
private RowFilter<Object, Object> getObjectObjectRowFilter(JTextField searchField, boolean firstFlag) {
return new RowFilter<>() {
public boolean include(Entry<?, ?> entry) {
String searchFieldTextText = searchField.getText();
searchFieldTextText = searchFieldTextText.toLowerCase();
String entryValue = ((String) entry.getValue(1)).toLowerCase();
boolean filterReturn = searchFieldTextText.isEmpty();
boolean firstFlagReturn = searchMode.isSelected() && firstFlag;
if (regexMode.isSelected()) {
Pattern pattern = null;
try {
pattern = Pattern.compile(searchFieldTextText, Pattern.CASE_INSENSITIVE);
} catch (Exception ignored) {
}
if (pattern != null) {
filterReturn = filterReturn || pattern.matcher(entryValue).find() != firstFlagReturn;
}
} else {
filterReturn = filterReturn || entryValue.contains(searchFieldTextText) != firstFlagReturn;
}
return filterReturn;
}
};
}
private void handleDoubleClick(int selectedRow, MessageTableModel messagePanel) {
if (doubleClickWorker != null && !doubleClickWorker.isDone()) {
doubleClickWorker.cancel(true);
}
doubleClickWorker = new SwingWorker<>() {
@Override
protected Void doInBackground() {
String rowData = dataTable.getValueAt(selectedRow, 1).toString();
SwingUtilities.invokeLater(() -> {
if (!isCancelled()) {
messagePanel.applyMessageFilter(tabName, rowData);
}
});
return null;
}
};
doubleClickWorker.execute();
}
public void setTableListener(MessageTableModel messagePanel) {
// 表格复制功能
dataTable.setTransferHandler(new TransferHandler() {
@Override
public void exportToClipboard(JComponent comp, Clipboard clip, int action) throws IllegalStateException {
if (comp instanceof JTable) {
StringSelection stringSelection = new StringSelection(getSelectedDataAtTable((JTable) comp).replace("\0", "").replaceAll("[\\p{Cntrl}&&[^\r\n\t]]", ""));
clip.setContents(stringSelection, null);
} else {
super.exportToClipboard(comp, clip, action);
}
}
});
dataTable.setDefaultEditor(Object.class, null);
// 表格内容双击事件
dataTable.addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
if (e.getClickCount() == 2) {
int selectedRow = dataTable.getSelectedRow();
if (selectedRow != -1) {
handleDoubleClick(selectedRow, messagePanel);
}
}
}
});
}
public String getSelectedDataAtTable(JTable table) {
int[] selectRows = table.getSelectedRows();
StringBuilder selectData = new StringBuilder();
for (int row : selectRows) {
selectData.append(table.getValueAt(row, 1).toString()).append("\r\n");
}
if (!selectData.isEmpty()) {
selectData.delete(selectData.length() - 2, selectData.length());
} else {
return "";
}
return selectData.toString();
}
public JTable getDataTable() {
return this.dataTable;
}
}

52
src/main/java/burp/ui/rule/RuleSetting.java → src/main/java/hae/component/rule/Display.java
View File

@@ -1,23 +1,21 @@
package burp.ui.rule;
package hae.component.rule;
import hae.Config;
import java.awt.*;
import javax.swing.*;
import burp.config.ConfigEntry;
import java.awt.*;
/**
* @author LinChen & EvilChen
*/
public class RuleSetting extends JPanel {
public JTextField regexTextField;
public class Display extends JPanel {
public JTextField firstRegexTextField;
public JTextField secondRegexTextField;
public JTextField formatTextField;
public JTextField ruleNameTextField;
public JComboBox<String> scopeComboBox;
public JComboBox<String> engineComboBox;
public JComboBox<String> colorComboBox;
public JComboBox<Boolean> sensitiveComboBox;
public RuleSetting() {
public Display() {
initComponents();
}
@@ -29,21 +27,31 @@ public class RuleSetting extends JPanel {
addLabel("Name:", 0, c);
ruleNameTextField = addTextField(0, c);
addLabel("Regex:", 1, c);
regexTextField = addTextField(1, c);
addLabel("F-Regex:", 1, c);
firstRegexTextField = addTextField(1, c);
addLabel("Scope:", 2, c);
scopeComboBox = addComboBox(ConfigEntry.scopeArray, 2, c);
addLabel("S-Regex:", 2, c);
secondRegexTextField = addTextField(2, c);
addLabel("Engine:", 3, c);
engineComboBox = addComboBox(ConfigEntry.engineArray, 3, c);
engineComboBox.addActionListener(e -> sensitiveComboBox.setEnabled("nfa".equals(engineComboBox.getSelectedItem().toString())));
addLabel("Format:", 3, c);
formatTextField = addTextField(3, c);
addLabel("Color:", 4, c);
colorComboBox = addComboBox(ConfigEntry.colorArray, 4, c);
addLabel("Scope:", 4, c);
scopeComboBox = addComboBox(Config.scope, 4, c);
addLabel("Sensitive:", 5, c);
sensitiveComboBox = addComboBox(new Boolean[]{true, false}, 5, c);
addLabel("Engine:", 5, c);
engineComboBox = addComboBox(Config.engine, 5, c);
engineComboBox.addActionListener(e -> {
boolean isNfa = "nfa".equals(engineComboBox.getSelectedItem().toString());
formatTextField.setEnabled(isNfa);
formatTextField.setText(isNfa ? formatTextField.getText() : "{0}");
});
addLabel("Color:", 6, c);
colorComboBox = addComboBox(Config.color, 6, c);
addLabel("Sensitive:", 7, c);
sensitiveComboBox = addComboBox(new Boolean[]{true, false}, 7, c);
}
private void addLabel(String text, int y, GridBagConstraints c) {

414
src/main/java/hae/component/rule/Rule.java Normal file
View File

@@ -0,0 +1,414 @@
package hae.component.rule;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import hae.utils.ConfigLoader;
import hae.utils.rule.RuleProcessor;
import javax.swing.*;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.JTableHeader;
import javax.swing.table.TableCellRenderer;
import javax.swing.table.TableRowSorter;
import java.awt.*;
import java.awt.event.ActionEvent;
import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent;
import java.util.Vector;
import static javax.swing.JOptionPane.YES_OPTION;
public class Rule extends JPanel {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final RuleProcessor ruleProcessor;
private final JTabbedPane tabbedPane;
private JCheckBox headerCheckBox;
public Rule(MontoyaApi api, ConfigLoader configLoader, Object[][] data, JTabbedPane tabbedPane) {
this.api = api;
this.configLoader = configLoader;
this.ruleProcessor = new RuleProcessor(api, configLoader);
this.tabbedPane = tabbedPane;
initComponents(data);
}
private void initComponents(Object[][] data) {
setLayout(new GridBagLayout());
((GridBagLayout) getLayout()).columnWidths = new int[]{0, 0, 0};
((GridBagLayout) getLayout()).rowHeights = new int[]{0, 0, 0, 0, 0};
((GridBagLayout) getLayout()).columnWeights = new double[]{0.0, 1.0, 1.0E-4};
((GridBagLayout) getLayout()).rowWeights = new double[]{0.0, 0.0, 0.0, 1.0, 1.0E-4};
JButton copyButton = new JButton("Copy");
JButton addButton = new JButton("Add");
JButton editButton = new JButton("Edit");
JButton removeButton = new JButton("Remove");
JTable ruleTable = new JTable();
JScrollPane scrollPane = new JScrollPane();
ruleTable.setVerifyInputWhenFocusTarget(false);
ruleTable.setUpdateSelectionOnSort(false);
ruleTable.setSurrendersFocusOnKeystroke(true);
scrollPane.setViewportView(ruleTable);
// 按钮监听事件
copyButton.addActionListener(e -> ruleCopyActionPerformed(e, ruleTable, tabbedPane));
addButton.addActionListener(e -> ruleAddActionPerformed(e, ruleTable, tabbedPane));
editButton.addActionListener(e -> ruleEditActionPerformed(e, ruleTable, tabbedPane));
removeButton.addActionListener(e -> ruleRemoveActionPerformed(e, ruleTable, tabbedPane));
// 表格
DefaultTableModel model = new DefaultTableModel() {
@Override
public Class<?> getColumnClass(int column) {
return (column == 0) ? Boolean.class : String.class;
}
@Override
public boolean isCellEditable(int row, int column) {
return column == 0;
}
};
ruleTable.setModel(model);
ruleTable.setRowSorter(new TableRowSorter<>(model));
model.setDataVector(data, Config.ruleFields);
model.addTableModelListener(e -> {
if (e.getColumn() == 0 && ruleTable.getSelectedRow() != -1) {
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
ruleProcessor.changeRule(model.getDataVector().get(select), select, tabbedPane.getTitleAt(tabbedPane.getSelectedIndex()));
// 更新表头复选框状态并强制重新渲染
updateHeaderCheckBoxState(model);
ruleTable.getTableHeader().repaint();
}
});
// 设置表头复选框
setupHeaderCheckBox(ruleTable);
// 设置Loaded列的宽度第一列
setupColumnWidths(ruleTable);
GridBagConstraints constraints = new GridBagConstraints();
constraints.weightx = 1.0;
constraints.fill = GridBagConstraints.HORIZONTAL;
JPanel buttonPanel = new JPanel();
GridBagLayout layout = new GridBagLayout();
layout.rowHeights = new int[]{0, 0, 0, 0, 0, 0, 0};
layout.rowWeights = new double[]{0.0, 0.0, 0.0, 0.0, 0.0, 0.0, Double.MIN_VALUE};
buttonPanel.setLayout(layout);
constraints.insets = new Insets(0, 0, 3, 0);
constraints.gridy = 0;
buttonPanel.add(copyButton, constraints);
constraints.gridy = 1;
buttonPanel.add(addButton, constraints);
constraints.gridy = 2;
buttonPanel.add(editButton, constraints);
constraints.gridy = 3;
buttonPanel.add(removeButton, constraints);
add(buttonPanel, new GridBagConstraints(0, 0, 1, 1, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 3, 2), 0, 0));
add(scrollPane, new GridBagConstraints(1, 0, 1, 4, 0.0, 0.0,
GridBagConstraints.CENTER, GridBagConstraints.BOTH,
new Insets(15, 5, 5, 5), 0, 0));
}
/**
* 设置列宽度
*/
private void setupColumnWidths(JTable ruleTable) {
// 设置Loaded列第一列的宽度
ruleTable.getColumnModel().getColumn(0).setPreferredWidth(50);
ruleTable.getColumnModel().getColumn(0).setMaxWidth(50);
ruleTable.getColumnModel().getColumn(0).setMinWidth(50);
}
/**
* 设置表头复选框
*/
private void setupHeaderCheckBox(JTable ruleTable) {
// 创建表头复选框
headerCheckBox = new JCheckBox();
headerCheckBox.setHorizontalAlignment(SwingConstants.CENTER);
// 设置表头渲染器
ruleTable.getTableHeader().setDefaultRenderer(new HeaderCheckBoxRenderer(ruleTable.getTableHeader().getDefaultRenderer()));
// 添加表头鼠标点击事件
ruleTable.getTableHeader().addMouseListener(new MouseAdapter() {
@Override
public void mouseClicked(MouseEvent e) {
if (e.getClickCount() == 1) {
JTableHeader header = (JTableHeader) e.getSource();
JTable table = header.getTable();
int columnIndex = header.columnAtPoint(e.getPoint());
if (columnIndex == 0) { // 点击的是Loaded列表头
toggleAllRules(table);
}
}
}
});
}
/**
* 自定义表头渲染器在Loaded列显示复选框
*/
private class HeaderCheckBoxRenderer implements TableCellRenderer {
private final TableCellRenderer originalRenderer;
public HeaderCheckBoxRenderer(TableCellRenderer originalRenderer) {
this.originalRenderer = originalRenderer;
}
@Override
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {
if (column == 0) { // Loaded列
// 获取原始表头组件作为背景
Component originalComponent = originalRenderer.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
// 创建一个面板来包含复选框,保持原始样式
JPanel panel = new JPanel(new BorderLayout());
panel.setOpaque(true);
// 复制原始组件的样式
if (originalComponent instanceof JComponent origComp) {
panel.setBackground(origComp.getBackground());
panel.setBorder(origComp.getBorder());
}
// 更新复选框状态并添加到面板中心
updateHeaderCheckBoxState((DefaultTableModel) table.getModel());
headerCheckBox.setOpaque(false); // 让复选框透明,显示背景
panel.add(headerCheckBox, BorderLayout.CENTER);
return panel;
} else {
return originalRenderer.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
}
}
}
/**
* 切换所有规则的开启/关闭状态
*/
private void toggleAllRules(JTable ruleTable) {
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
int rowCount = model.getRowCount();
if (rowCount == 0) {
return;
}
// 判断当前状态:如果所有规则都开启,则关闭所有;否则开启所有
boolean allEnabled = true;
for (int i = 0; i < rowCount; i++) {
if (!(Boolean) model.getValueAt(i, 0)) {
allEnabled = false;
break;
}
}
boolean newState = !allEnabled;
// 更新所有行的状态
for (int i = 0; i < rowCount; i++) {
model.setValueAt(newState, i, 0);
// 通知规则处理器更新规则状态
ruleProcessor.changeRule(model.getDataVector().get(i), i, getCurrentTabTitle());
}
// 更新表头复选框状态
updateHeaderCheckBoxState(model);
// 刷新表格和表头
ruleTable.repaint();
ruleTable.getTableHeader().repaint();
}
/**
* 更新表头复选框的状态
*/
private void updateHeaderCheckBoxState(DefaultTableModel model) {
int rowCount = model.getRowCount();
if (rowCount == 0) {
headerCheckBox.setSelected(false);
headerCheckBox.getModel().setArmed(false);
headerCheckBox.getModel().setPressed(false);
return;
}
int enabledCount = 0;
for (int i = 0; i < rowCount; i++) {
if ((Boolean) model.getValueAt(i, 0)) {
enabledCount++;
}
}
if (enabledCount == 0) {
// 全部未选中
headerCheckBox.setSelected(false);
headerCheckBox.getModel().setArmed(false);
headerCheckBox.getModel().setPressed(false);
} else if (enabledCount == rowCount) {
// 全部选中
headerCheckBox.setSelected(true);
headerCheckBox.getModel().setArmed(false);
headerCheckBox.getModel().setPressed(false);
} else {
// 部分选中 - 显示为按下但未选中的状态
headerCheckBox.setSelected(false);
headerCheckBox.getModel().setArmed(true);
headerCheckBox.getModel().setPressed(true);
}
}
/**
* 填充Display对象的字段值
*/
private void populateDisplayFromTable(Display ruleDisplay, JTable ruleTable, int selectedRow) {
ruleDisplay.ruleNameTextField.setText(ruleTable.getValueAt(selectedRow, 1).toString());
ruleDisplay.firstRegexTextField.setText(ruleTable.getValueAt(selectedRow, 2).toString());
ruleDisplay.secondRegexTextField.setText(ruleTable.getValueAt(selectedRow, 3).toString());
ruleDisplay.formatTextField.setText(ruleTable.getValueAt(selectedRow, 4).toString());
ruleDisplay.colorComboBox.setSelectedItem(ruleTable.getValueAt(selectedRow, 5).toString());
ruleDisplay.scopeComboBox.setSelectedItem(ruleTable.getValueAt(selectedRow, 6).toString());
ruleDisplay.engineComboBox.setSelectedItem(ruleTable.getValueAt(selectedRow, 7).toString());
ruleDisplay.sensitiveComboBox.setSelectedItem(ruleTable.getValueAt(selectedRow, 8));
}
/**
* 从Display对象创建规则数据Vector
*/
private Vector<Object> createRuleDataFromDisplay(Display ruleDisplay) {
Vector<Object> ruleData = new Vector<>();
ruleData.add(false);
ruleData.add(ruleDisplay.ruleNameTextField.getText());
ruleData.add(ruleDisplay.firstRegexTextField.getText());
ruleData.add(ruleDisplay.secondRegexTextField.getText());
ruleData.add(ruleDisplay.formatTextField.getText());
ruleData.add(ruleDisplay.colorComboBox.getSelectedItem().toString());
ruleData.add(ruleDisplay.scopeComboBox.getSelectedItem().toString());
ruleData.add(ruleDisplay.engineComboBox.getSelectedItem().toString());
ruleData.add(ruleDisplay.sensitiveComboBox.getSelectedItem());
return ruleData;
}
/**
* 显示规则编辑对话框
*/
private boolean showRuleDialog(Display ruleDisplay, String title) {
ruleDisplay.formatTextField.setEnabled(ruleDisplay.engineComboBox.getSelectedItem().toString().equals("nfa"));
int showState = JOptionPane.showConfirmDialog(this, ruleDisplay, title, JOptionPane.YES_NO_OPTION);
return showState == YES_OPTION;
}
/**
* 检查是否有选中的行
*/
private boolean hasSelectedRow(JTable ruleTable) {
return ruleTable.getSelectedRowCount() >= 1;
}
/**
* 获取当前选中的Tab标题
*/
private String getCurrentTabTitle() {
return tabbedPane.getTitleAt(tabbedPane.getSelectedIndex());
}
private void ruleCopyActionPerformed(ActionEvent e, JTable ruleTable, JTabbedPane tabbedPane) {
if (!hasSelectedRow(ruleTable)) {
return;
}
Display ruleDisplay = new Display();
int selectedRow = ruleTable.getSelectedRow();
populateDisplayFromTable(ruleDisplay, ruleTable, selectedRow);
// 为复制的规则名称添加前缀
ruleDisplay.ruleNameTextField.setText(String.format("Copy of %s", ruleDisplay.ruleNameTextField.getText()));
if (showRuleDialog(ruleDisplay, "Copy Rule")) {
Vector<Object> ruleData = createRuleDataFromDisplay(ruleDisplay);
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
model.insertRow(model.getRowCount(), ruleData);
ruleProcessor.addRule(ruleData, getCurrentTabTitle());
// 复制规则后更新表头复选框状态
updateHeaderCheckBoxState(model);
ruleTable.getTableHeader().repaint();
}
}
private void ruleAddActionPerformed(ActionEvent e, JTable ruleTable, JTabbedPane tabbedPane) {
Display ruleDisplay = new Display();
ruleDisplay.formatTextField.setText("{0}");
if (showRuleDialog(ruleDisplay, "Add Rule")) {
Vector<Object> ruleData = createRuleDataFromDisplay(ruleDisplay);
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
model.insertRow(model.getRowCount(), ruleData);
ruleProcessor.addRule(ruleData, getCurrentTabTitle());
// 添加规则后更新表头复选框状态
updateHeaderCheckBoxState(model);
ruleTable.getTableHeader().repaint();
}
}
private void ruleEditActionPerformed(ActionEvent e, JTable ruleTable, JTabbedPane tabbedPane) {
if (!hasSelectedRow(ruleTable)) {
return;
}
Display ruleDisplay = new Display();
int selectedRow = ruleTable.getSelectedRow();
populateDisplayFromTable(ruleDisplay, ruleTable, selectedRow);
if (showRuleDialog(ruleDisplay, "Edit Rule")) {
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
int modelIndex = ruleTable.convertRowIndexToModel(selectedRow);
// 更新表格数据
Vector<Object> ruleData = createRuleDataFromDisplay(ruleDisplay);
for (int i = 1; i < ruleData.size(); i++) {
model.setValueAt(ruleData.get(i), modelIndex, i);
}
ruleProcessor.changeRule(model.getDataVector().get(modelIndex), modelIndex, getCurrentTabTitle());
// 编辑规则后更新表头复选框状态(如果编辑影响了启用状态)
updateHeaderCheckBoxState(model);
ruleTable.getTableHeader().repaint();
}
}
private void ruleRemoveActionPerformed(ActionEvent e, JTable ruleTable, JTabbedPane tabbedPane) {
if (!hasSelectedRow(ruleTable)) {
return;
}
if (JOptionPane.showConfirmDialog(this, "Are you sure you want to remove this rule?", "Info", JOptionPane.YES_NO_OPTION) == 0) {
DefaultTableModel model = (DefaultTableModel) ruleTable.getModel();
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.removeRow(select);
ruleProcessor.removeRule(select, getCurrentTabTitle());
// 删除规则后更新表头复选框状态
updateHeaderCheckBoxState(model);
ruleTable.getTableHeader().repaint();
}
}
}

158
src/main/java/hae/component/rule/Rules.java Normal file
View File

@@ -0,0 +1,158 @@
package hae.component.rule;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import hae.utils.ConfigLoader;
import hae.utils.rule.RuleProcessor;
import javax.swing.*;
import java.awt.*;
import java.awt.event.*;
public class Rules extends JTabbedPane {
private final MontoyaApi api;
private final RuleProcessor ruleProcessor;
private final JTextField ruleGroupNameTextField;
private ConfigLoader configLoader;
private Component tabComponent;
private int selectedIndex;
private final Action cancelActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
if (selectedIndex >= 0) {
setTabComponentAt(selectedIndex, tabComponent);
ruleGroupNameTextField.setVisible(false);
ruleGroupNameTextField.setPreferredSize(null);
selectedIndex = -1;
tabComponent = null;
requestFocusInWindow();
}
}
};
private final Action renameTitleActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
String title = ruleGroupNameTextField.getText();
if (!title.isEmpty() && selectedIndex >= 0) {
String oldName = getTitleAt(selectedIndex);
setTitleAt(selectedIndex, title);
if (!oldName.equals(title)) {
ruleProcessor.renameRuleGroup(oldName, title);
}
}
cancelActionPerformed.actionPerformed(null);
}
};
public Rules(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
this.ruleProcessor = new RuleProcessor(api, configLoader);
this.ruleGroupNameTextField = new JTextField();
initComponents();
}
private void initComponents() {
reloadRuleGroup();
JMenuItem deleteMenuItem = new JMenuItem("Delete");
JPopupMenu popupMenu = new JPopupMenu();
popupMenu.add(deleteMenuItem);
deleteMenuItem.addActionListener(this::deleteRuleGroupActionPerformed);
ruleGroupNameTextField.setBorder(BorderFactory.createEmptyBorder());
ruleGroupNameTextField.addFocusListener(new FocusAdapter() {
@Override
public void focusLost(FocusEvent e) {
renameTitleActionPerformed.actionPerformed(null);
}
});
addMouseListener(new MouseAdapter() {
@Override
public void mousePressed(MouseEvent e) {
int index = indexAtLocation(e.getX(), e.getY());
if (index < 0) {
return;
}
switch (e.getButton()) {
case MouseEvent.BUTTON1:
if (e.getClickCount() == 2) {
selectedIndex = index;
tabComponent = getTabComponentAt(selectedIndex);
String ruleGroupName = getTitleAt(selectedIndex);
if (!"...".equals(ruleGroupName)) {
setTabComponentAt(selectedIndex, ruleGroupNameTextField);
ruleGroupNameTextField.setVisible(true);
ruleGroupNameTextField.setText(ruleGroupName);
ruleGroupNameTextField.selectAll();
ruleGroupNameTextField.requestFocusInWindow();
ruleGroupNameTextField.setMinimumSize(ruleGroupNameTextField.getPreferredSize());
}
} else if (e.getClickCount() == 1) {
String title = getTitleAt(index);
if ("...".equals(title)) {
// 阻止默认的选中行为
e.consume();
// 直接创建新标签
String newTitle = ruleProcessor.newRule();
Rule newRule = new Rule(api, configLoader, Config.ruleTemplate, Rules.this);
insertTab(newTitle, null, newRule, null, getTabCount() - 1);
setSelectedIndex(getTabCount() - 2);
} else {
renameTitleActionPerformed.actionPerformed(null);
}
}
break;
case MouseEvent.BUTTON3:
if (!"...".equals(getTitleAt(index))) {
popupMenu.show(e.getComponent(), e.getX(), e.getY());
}
break;
default:
break;
}
}
});
InputMap im = ruleGroupNameTextField.getInputMap(JComponent.WHEN_FOCUSED);
ActionMap am = ruleGroupNameTextField.getActionMap();
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ESCAPE, 0), "cancel");
am.put("cancel", cancelActionPerformed);
im.put(KeyStroke.getKeyStroke(KeyEvent.VK_ENTER, 0), "rename");
am.put("rename", renameTitleActionPerformed);
}
public void reloadRuleGroup() {
removeAll();
this.configLoader = new ConfigLoader(api);
Config.globalRules.keySet().forEach(i -> addTab(i, new Rule(api, configLoader, hae.Config.globalRules.get(i), this)));
addTab("...", null);
}
private void deleteRuleGroupActionPerformed(ActionEvent e) {
if (getTabCount() > 2) {
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to delete this rule group?", "Info",
JOptionPane.YES_NO_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
String title = getTitleAt(getSelectedIndex());
ruleProcessor.deleteRuleGroup(title);
remove(getSelectedIndex());
setSelectedIndex(getSelectedIndex() - 1);
}
}
}
}

142
src/main/java/hae/instances/editor/RequestEditor.java Normal file
View File

@@ -0,0 +1,142 @@
package hae.instances.editor;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Range;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.ui.Selection;
import burp.api.montoya.ui.editor.extension.EditorCreationContext;
import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
import hae.Config;
import hae.component.board.table.Datatable;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor;
import javax.swing.*;
import java.awt.*;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
public class RequestEditor implements HttpRequestEditorProvider {
private final MontoyaApi api;
private final ConfigLoader configLoader;
public RequestEditor(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
}
public static boolean isListHasData(List<Map<String, String>> dataList) {
if (dataList != null && !dataList.isEmpty()) {
Map<String, String> dataMap = dataList.get(0);
return dataMap != null && !dataMap.isEmpty();
}
return false;
}
public static void generateTabbedPaneFromResultMap(MontoyaApi api, ConfigLoader configLoader, JTabbedPane tabbedPane, List<Map<String, String>> result) {
tabbedPane.removeAll();
if (result != null && !result.isEmpty()) {
Map<String, String> dataMap = result.get(0);
if (dataMap != null && !dataMap.isEmpty()) {
dataMap.keySet().forEach(i -> {
String[] extractData = dataMap.get(i).split(Config.boundary);
Datatable dataPanel = new Datatable(api, configLoader, i, Arrays.asList(extractData));
tabbedPane.addTab(i, dataPanel);
});
}
}
}
@Override
public ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreationContext editorCreationContext) {
return new Editor(api, configLoader, editorCreationContext);
}
private static class Editor implements ExtensionProvidedHttpRequestEditor {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor;
private final JTabbedPane jTabbedPane = new JTabbedPane();
private HttpRequestResponse requestResponse;
private List<Map<String, String>> dataList;
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api;
this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api, configLoader);
}
@Override
public HttpRequest getRequest() {
return requestResponse.request();
}
@Override
public void setRequestResponse(HttpRequestResponse requestResponse) {
this.requestResponse = requestResponse;
generateTabbedPaneFromResultMap(api, configLoader, jTabbedPane, this.dataList);
}
@Override
public synchronized boolean isEnabledFor(HttpRequestResponse requestResponse) {
HttpRequest request = requestResponse.request();
if (request != null) {
try {
String host = StringProcessor.getHostByUrl(request.url());
if (!host.isEmpty()) {
String toolType = creationContext.toolSource().toolType().toolName();
boolean matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
if (!matches) {
this.dataList = messageProcessor.processRequest("", request, false);
return isListHasData(this.dataList);
}
}
} catch (Exception ignored) {
}
}
return false;
}
@Override
public String caption() {
return "MarkInfo";
}
@Override
public Component uiComponent() {
return jTabbedPane;
}
@Override
public Selection selectedData() {
return new Selection() {
@Override
public ByteArray contents() {
Datatable dataTable = (Datatable) jTabbedPane.getSelectedComponent();
return ByteArray.byteArray(dataTable.getSelectedDataAtTable(dataTable.getDataTable()));
}
@Override
public Range offsets() {
return null;
}
};
}
@Override
public boolean isModified() {
return false;
}
}
}

126
src/main/java/hae/instances/editor/ResponseEditor.java Normal file
View File

@@ -0,0 +1,126 @@
package hae.instances.editor;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Range;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.ui.Selection;
import burp.api.montoya.ui.editor.extension.EditorCreationContext;
import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpResponseEditor;
import burp.api.montoya.ui.editor.extension.HttpResponseEditorProvider;
import hae.component.board.table.Datatable;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor;
import javax.swing.*;
import java.awt.*;
import java.util.List;
import java.util.Map;
public class ResponseEditor implements HttpResponseEditorProvider {
private final MontoyaApi api;
private final ConfigLoader configLoader;
public ResponseEditor(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
}
@Override
public ExtensionProvidedHttpResponseEditor provideHttpResponseEditor(EditorCreationContext editorCreationContext) {
return new Editor(api, configLoader, editorCreationContext);
}
private static class Editor implements ExtensionProvidedHttpResponseEditor {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor;
private final JTabbedPane jTabbedPane = new JTabbedPane();
private HttpRequestResponse requestResponse;
private List<Map<String, String>> dataList;
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api;
this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api, configLoader);
}
@Override
public HttpResponse getResponse() {
return requestResponse.response();
}
@Override
public void setRequestResponse(HttpRequestResponse requestResponse) {
this.requestResponse = requestResponse;
RequestEditor.generateTabbedPaneFromResultMap(api, configLoader, jTabbedPane, this.dataList);
}
@Override
public synchronized boolean isEnabledFor(HttpRequestResponse requestResponse) {
HttpResponse response = requestResponse.response();
if (response != null) {
HttpRequest request = requestResponse.request();
boolean matches = false;
if (request != null) {
try {
String host = StringProcessor.getHostByUrl(request.url());
if (!host.isEmpty()) {
String toolType = creationContext.toolSource().toolType().toolName();
matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
}
} catch (Exception ignored) {
}
}
if (!matches) {
this.dataList = messageProcessor.processResponse("", response, false);
return RequestEditor.isListHasData(this.dataList);
}
}
return false;
}
@Override
public String caption() {
return "MarkInfo";
}
@Override
public Component uiComponent() {
return jTabbedPane;
}
@Override
public Selection selectedData() {
return new Selection() {
@Override
public ByteArray contents() {
Datatable dataTable = (Datatable) jTabbedPane.getSelectedComponent();
return ByteArray.byteArray(dataTable.getSelectedDataAtTable(dataTable.getDataTable()));
}
@Override
public Range offsets() {
return null;
}
};
}
@Override
public boolean isModified() {
return false;
}
}
}

102
src/main/java/hae/instances/editor/WebSocketEditor.java Normal file
View File

@@ -0,0 +1,102 @@
package hae.instances.editor;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.core.Range;
import burp.api.montoya.ui.Selection;
import burp.api.montoya.ui.contextmenu.WebSocketMessage;
import burp.api.montoya.ui.editor.extension.EditorCreationContext;
import burp.api.montoya.ui.editor.extension.ExtensionProvidedWebSocketMessageEditor;
import burp.api.montoya.ui.editor.extension.WebSocketMessageEditorProvider;
import hae.component.board.table.Datatable;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import javax.swing.*;
import java.awt.*;
import java.util.List;
import java.util.Map;
public class WebSocketEditor implements WebSocketMessageEditorProvider {
private final MontoyaApi api;
private final ConfigLoader configLoader;
public WebSocketEditor(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
}
@Override
public ExtensionProvidedWebSocketMessageEditor provideMessageEditor(EditorCreationContext editorCreationContext) {
return new Editor(api, configLoader, editorCreationContext);
}
private static class Editor implements ExtensionProvidedWebSocketMessageEditor {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor;
private final JTabbedPane jTabbedPane = new JTabbedPane();
private ByteArray message;
private List<Map<String, String>> dataList;
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api;
this.configLoader = configLoader;
this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api, configLoader);
}
@Override
public ByteArray getMessage() {
return message;
}
@Override
public void setMessage(WebSocketMessage webSocketMessage) {
this.message = webSocketMessage.payload();
RequestEditor.generateTabbedPaneFromResultMap(api, configLoader, jTabbedPane, this.dataList);
}
@Override
public boolean isEnabledFor(WebSocketMessage webSocketMessage) {
String websocketMessage = webSocketMessage.payload().toString();
if (!websocketMessage.isEmpty()) {
this.dataList = messageProcessor.processMessage("", websocketMessage, false);
return RequestEditor.isListHasData(this.dataList);
}
return false;
}
@Override
public String caption() {
return "MarkInfo";
}
@Override
public Component uiComponent() {
return jTabbedPane;
}
@Override
public Selection selectedData() {
return new Selection() {
@Override
public ByteArray contents() {
Datatable dataTable = (Datatable) jTabbedPane.getSelectedComponent();
return ByteArray.byteArray(dataTable.getSelectedDataAtTable(dataTable.getDataTable()));
}
@Override
public Range offsets() {
return null;
}
};
}
@Override
public boolean isModified() {
return false;
}
}
}

106
src/main/java/hae/instances/http/HttpMessageActiveHandler.java Normal file
View File

@@ -0,0 +1,106 @@
package hae.instances.http;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.Annotations;
import burp.api.montoya.core.HighlightColor;
import burp.api.montoya.http.handler.*;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import hae.component.board.message.MessageTableModel;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor;
import javax.swing.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
public class HttpMessageActiveHandler implements HttpHandler {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final MessageTableModel messageTableModel;
private final MessageProcessor messageProcessor;
// Montoya API对HTTP消息的处理分为了请求和响应因此此处设置高亮和标记需要使用全局变量的方式以此兼顾请求和响应
// 同时采用 ThreadLocal 来保证多线程并发的情况下全局变量的安全性
private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> "");
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
public HttpMessageActiveHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api;
this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.messageTableModel = messageTableModel;
this.messageProcessor = new MessageProcessor(api, configLoader);
}
@Override
public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent httpRequestToBeSent) {
colorList.get().clear();
commentList.get().clear();
Annotations annotations = httpRequestToBeSent.annotations();
try {
host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url()));
} catch (Exception e) {
api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage());
}
return RequestToBeSentAction.continueWith(httpRequestToBeSent, annotations);
}
@Override
public ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived httpResponseReceived) {
Annotations annotations = httpResponseReceived.annotations();
HttpRequest request = httpResponseReceived.initiatingRequest();
HttpRequestResponse requestResponse = HttpRequestResponse.httpRequestResponse(request, httpResponseReceived);
String toolType = httpResponseReceived.toolSource().toolType().toolName();
boolean matches = httpUtils.verifyHttpRequestResponse(requestResponse, toolType);
if (!matches) {
try {
setColorAndCommentList(messageProcessor.processRequest(host.get(), request, true));
setColorAndCommentList(messageProcessor.processResponse(host.get(), httpResponseReceived, true));
if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(request, httpResponseReceived);
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
annotations.setHighlightColor(HighlightColor.highlightColor(color));
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
annotations.setNotes(comment);
String method = request.method();
String url = request.url();
String status = String.valueOf(httpResponseReceived.statusCode());
String length = String.valueOf(httpResponseReceived.toByteArray().length());
new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() {
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, true);
return null;
}
}.execute();
}
} catch (Exception e) {
api.logging().logToError("handleHttpResponseReceived: " + e.getMessage());
}
}
return ResponseReceivedAction.continueWith(httpResponseReceived, annotations);
}
private void setColorAndCommentList(List<Map<String, String>> result) {
if (result != null && !result.isEmpty()) {
colorList.get().add(result.get(0).get("color"));
commentList.get().add(result.get(1).get("comment"));
}
}
}

97
src/main/java/hae/instances/http/HttpMessagePassiveHandler.java Normal file
View File

@@ -0,0 +1,97 @@
package hae.instances.http;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.scanner.AuditResult;
import burp.api.montoya.scanner.ConsolidationAction;
import burp.api.montoya.scanner.ScanCheck;
import burp.api.montoya.scanner.audit.insertionpoint.AuditInsertionPoint;
import burp.api.montoya.scanner.audit.issues.AuditIssue;
import hae.component.board.message.MessageTableModel;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor;
import javax.swing.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import static burp.api.montoya.scanner.AuditResult.auditResult;
import static burp.api.montoya.scanner.ConsolidationAction.KEEP_BOTH;
import static burp.api.montoya.scanner.ConsolidationAction.KEEP_EXISTING;
import static java.util.Collections.emptyList;
public class HttpMessagePassiveHandler implements ScanCheck {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final MessageTableModel messageTableModel;
private final MessageProcessor messageProcessor;
public HttpMessagePassiveHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api;
this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.messageTableModel = messageTableModel;
this.messageProcessor = new MessageProcessor(api, configLoader);
}
@Override
public AuditResult activeAudit(HttpRequestResponse httpRequestResponse, AuditInsertionPoint auditInsertionPoint) {
return auditResult(emptyList());
}
@Override
public AuditResult passiveAudit(HttpRequestResponse httpRequestResponse) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
HttpRequest request = httpRequestResponse.request();
HttpResponse response = httpRequestResponse.response();
boolean matches = httpUtils.verifyHttpRequestResponse(httpRequestResponse, "Proxy");
if (!matches) {
try {
String host = StringProcessor.getHostByUrl(request.url());
setColorAndCommentList(messageProcessor.processRequest(host, request, true), colorList, commentList);
setColorAndCommentList(messageProcessor.processResponse(host, response, true), colorList, commentList);
String url = request.url();
String method = request.method();
String status = String.valueOf(response.statusCode());
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList));
String comment = StringProcessor.mergeComment(String.join(", ", commentList));
String length = String.valueOf(response.toByteArray().length());
new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() {
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, true);
return null;
}
}.execute();
} catch (Exception e) {
api.logging().logToError("passiveAudit: " + e.getMessage());
}
}
return auditResult(emptyList());
}
private void setColorAndCommentList(List<Map<String, String>> result, List<String> colorList, List<String> commentList) {
if (result != null && !result.isEmpty()) {
colorList.add(result.get(0).get("color"));
commentList.add(result.get(1).get("comment"));
}
}
@Override
public ConsolidationAction consolidateIssues(AuditIssue newIssue, AuditIssue existingIssue) {
return existingIssue.name().equals(newIssue.name()) ? KEEP_EXISTING : KEEP_BOTH;
}
}

173
src/main/java/hae/instances/http/utils/MessageProcessor.java Normal file
View File

@@ -0,0 +1,173 @@
package hae.instances.http.utils;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import hae.Config;
import hae.utils.ConfigLoader;
import java.nio.charset.StandardCharsets;
import java.util.*;
import java.util.stream.Collectors;
public class MessageProcessor {
private final MontoyaApi api;
private final RegularMatcher regularMatcher;
public MessageProcessor(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.regularMatcher = new RegularMatcher(api, configLoader);
}
public List<Map<String, String>> processMessage(String host, String message, boolean flag) {
Map<String, Map<String, Object>> obj = null;
try {
obj = regularMatcher.performRegexMatching(host, "any", message, message, message);
} catch (Exception ignored) {
}
return getDataList(obj, flag);
}
public List<Map<String, String>> processResponse(String host, HttpResponse httpResponse, boolean flag) {
Map<String, Map<String, Object>> obj = null;
try {
String response = new String(httpResponse.toByteArray().getBytes(), StandardCharsets.UTF_8);
String body = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8);
String header = httpResponse.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\r\n"));
obj = regularMatcher.performRegexMatching(host, "response", response, header, body);
} catch (Exception ignored) {
}
return getDataList(obj, flag);
}
public List<Map<String, String>> processRequest(String host, HttpRequest httpRequest, boolean flag) {
Map<String, Map<String, Object>> obj = null;
try {
String request = new String(httpRequest.toByteArray().getBytes(), StandardCharsets.UTF_8);
String body = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8);
String header = httpRequest.headers().stream()
.map(HttpHeader::toString)
.collect(Collectors.joining("\r\n"));
obj = regularMatcher.performRegexMatching(host, "request", request, header, body);
} catch (Exception ignored) {
}
return getDataList(obj, flag);
}
private List<Map<String, String>> getDataList(Map<String, Map<String, Object>> obj, boolean actionFlag) {
List<Map<String, String>> highlightList = new ArrayList<>();
List<Map<String, String>> extractList = new ArrayList<>();
if (obj != null && !obj.isEmpty()) {
if (actionFlag) {
List<List<String>> resultList = extractColorsAndComments(obj);
List<String> colorList = resultList.get(0);
List<String> commentList = resultList.get(1);
if (!colorList.isEmpty() && !commentList.isEmpty()) {
String color = retrieveFinalColor(retrieveColorIndices(colorList));
Map<String, String> colorMap = new HashMap<>() {{
put("color", color);
}};
Map<String, String> commentMap = new HashMap<>() {{
put("comment", String.join(", ", commentList));
}};
highlightList.add(colorMap);
highlightList.add(commentMap);
}
} else {
extractList.add(extractDataFromMap(obj));
}
}
return actionFlag ? highlightList : extractList;
}
private Map<String, String> extractDataFromMap(Map<String, Map<String, Object>> inputData) {
Map<String, String> extractedData = new HashMap<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String data = tempMap.get("data").toString();
extractedData.put(key, data);
});
return extractedData;
}
private List<List<String>> extractColorsAndComments(Map<String, Map<String, Object>> inputData) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
inputData.keySet().forEach(key -> {
Map<String, Object> tempMap = inputData.get(key);
String color = tempMap.get("color").toString();
colorList.add(color);
commentList.add(key);
});
List<List<String>> result = new ArrayList<>();
result.add(colorList);
result.add(commentList);
return result;
}
public List<Integer> retrieveColorIndices(List<String> colors) {
List<Integer> indices = new ArrayList<>();
String[] colorArray = Config.color;
int size = colorArray.length;
for (String color : colors) {
for (int i = 0; i < size; i++) {
if (colorArray[i].equals(color)) {
indices.add(i);
}
}
}
return indices;
}
private String upgradeColors(List<Integer> colorList) {
if (colorList == null || colorList.isEmpty()) {
return Config.color[0];
}
// 创建副本避免修改原始数据
List<Integer> indices = new ArrayList<>(colorList);
indices.sort(Comparator.comparingInt(Integer::intValue));
// 处理颜色升级
for (int i = 1; i < indices.size(); i++) {
if (indices.get(i).equals(indices.get(i - 1))) {
// 如果发现重复的颜色索引,将当前索引降级
indices.set(i - 1, indices.get(i - 1) - 1);
}
}
// 获取最终的颜色索引
int finalIndex = indices.stream()
.min(Integer::compareTo)
.orElse(0);
// 处理负数索引情况
if (finalIndex < 0) {
return Config.color[0];
}
return Config.color[finalIndex];
}
public String retrieveFinalColor(List<Integer> colorList) {
return upgradeColors(colorList);
}
}

343
src/main/java/hae/instances/http/utils/RegularMatcher.java Normal file
View File

@@ -0,0 +1,343 @@
package hae.instances.http.utils;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.persistence.PersistedList;
import burp.api.montoya.persistence.PersistedObject;
import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton;
import hae.Config;
import hae.cache.DataCache;
import hae.utils.ConfigLoader;
import hae.utils.DataManager;
import hae.utils.string.HashCalculator;
import hae.utils.string.StringProcessor;
import java.text.MessageFormat;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class RegularMatcher {
private static final Map<String, Pattern> nfaPatternCache = new ConcurrentHashMap<>();
private static final Map<String, RunAutomaton> dfaAutomatonCache = new ConcurrentHashMap<>();
private static final Pattern formatIndexPattern = Pattern.compile("\\{(\\d+)}");
private final MontoyaApi api;
private final ConfigLoader configLoader;
public RegularMatcher(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
}
public synchronized static void updateGlobalMatchCache(MontoyaApi api, String host, String name, List<String> dataList, boolean flag) {
// 添加到全局变量中便于Databoard检索
if (!Objects.equals(host, "") && host != null) {
Config.globalDataMap.compute(host, (existingHost, existingMap) -> {
Map<String, List<String>> gRuleMap = Optional.ofNullable(existingMap).orElse(new ConcurrentHashMap<>());
gRuleMap.merge(name, new ArrayList<>(dataList), (existingList, newList) -> {
Set<String> combinedSet = new LinkedHashSet<>(existingList);
combinedSet.addAll(newList);
return new ArrayList<>(combinedSet);
});
if (flag) {
// 数据存储在BurpSuite空间内
try {
DataManager dataManager = new DataManager(api);
PersistedObject persistedObject = PersistedObject.persistedObject();
gRuleMap.forEach((kName, vList) -> {
PersistedList<String> persistedList = PersistedList.persistedStringList();
persistedList.addAll(vList);
persistedObject.setStringList(kName, persistedList);
});
dataManager.putData("data", host, persistedObject);
} catch (Exception ignored) {
}
}
return gRuleMap;
});
String[] splitHost = host.split("\\.");
String onlyHost = host.split(":")[0];
String anyHost = (splitHost.length > 2 && !StringProcessor.matchHostIsIp(onlyHost)) ? StringProcessor.replaceFirstOccurrence(onlyHost, splitHost[0], "*") : "";
if (!Config.globalDataMap.containsKey(anyHost) && !anyHost.isEmpty()) {
// 添加通配符Host实际数据从查询哪里将所有数据提取
Config.globalDataMap.put(anyHost, new HashMap<>());
}
if (!Config.globalDataMap.containsKey("*")) {
// 添加通配符全匹配,同上
Config.globalDataMap.put("*", new HashMap<>());
}
}
}
public Map<String, Map<String, Object>> performRegexMatching(String host, String type, String message, String header, String body) {
// 删除动态响应头再进行存储
String originalMessage = message;
String dynamicHeader = configLoader.getDynamicHeader();
if (!dynamicHeader.isBlank()) {
String modifiedHeader = header.replaceAll(String.format("(%s):.*?\r\n", configLoader.getDynamicHeader()), "");
message = message.replace(header, modifiedHeader);
}
String messageIndex = HashCalculator.calculateHash(message.getBytes());
// 从数据缓存中读取
Map<String, Map<String, Object>> dataCacheMap = DataCache.get(messageIndex);
// 存在则返回
if (dataCacheMap != null) {
return dataCacheMap;
}
// 最终返回的结果
String firstLine = originalMessage.split("\\r?\\n", 2)[0];
Map<String, Map<String, Object>> finalMap = applyMatchingRules(host, type, originalMessage, firstLine, header, body);
// 数据缓存写入,有可能是空值,当作匹配过的索引不再匹配
DataCache.put(messageIndex, finalMap);
return finalMap;
}
private Map<String, Map<String, Object>> applyMatchingRules(String host, String type, String message, String firstLine, String header, String body) {
Map<String, Map<String, Object>> finalMap = new HashMap<>();
Config.globalRules.keySet().parallelStream().forEach(i -> {
for (Object[] objects : Config.globalRules.get(i)) {
String matchContent = "";
// 遍历获取规则
List<String> result;
Map<String, Object> tmpMap = new HashMap<>();
boolean loaded = (Boolean) objects[0];
String name = objects[1].toString();
String f_regex = objects[2].toString();
String s_regex = objects[3].toString();
String format = objects[4].toString();
String color = objects[5].toString();
String scope = objects[6].toString();
String engine = objects[7].toString();
boolean sensitive = (Boolean) objects[8];
// 判断规则是否开启与作用域
if (loaded && (scope.contains(type) || scope.contains("any") || type.equals("any"))) {
// 在此处检查内容是否缓存,缓存则返回为空
switch (scope) {
case "any":
case "request":
case "response":
matchContent = message;
break;
case "any header":
case "request header":
case "response header":
matchContent = header;
break;
case "any body":
case "request body":
case "response body":
matchContent = body;
break;
case "request line":
case "response line":
matchContent = firstLine;
break;
default:
break;
}
// 匹配内容为空则跳出
if (matchContent.isBlank()) {
break;
}
try {
result = new ArrayList<>(executeRegexEngine(f_regex, s_regex, matchContent, format, engine, sensitive));
} catch (Exception e) {
api.logging().logToError(String.format("[x] Error Info:\nName: %s\nRegex: %s", name, f_regex));
api.logging().logToError(e.getMessage());
continue;
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
tmpMap.put("color", color);
String dataStr = String.join(Config.boundary, result);
tmpMap.put("data", dataStr);
String nameAndSize = String.format("%s (%s)", name, result.size());
finalMap.put(nameAndSize, tmpMap);
updateGlobalMatchCache(api, host, name, result, true);
}
}
}
});
return finalMap;
}
private List<String> executeRegexEngine(String f_regex, String s_regex, String content, String format, String engine, boolean sensitive) {
List<String> retList = new ArrayList<>();
if ("nfa".equals(engine)) {
Matcher matcher = createPatternMatcher(f_regex, content, sensitive);
retList.addAll(extractRegexMatchResults(s_regex, format, sensitive, matcher));
} else {
// DFA不支持格式化输出因此不关注format
String newContent = content;
String newFirstRegex = f_regex;
if (!sensitive) {
newContent = content.toLowerCase();
newFirstRegex = f_regex.toLowerCase();
}
AutomatonMatcher autoMatcher = createAutomatonMatcher(newFirstRegex, newContent);
retList.addAll(extractRegexMatchResults(s_regex, autoMatcher, content));
}
return retList;
}
private List<String> extractRegexMatchResults(String s_regex, String format, boolean sensitive, Matcher matcher) {
List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) {
matches.addAll(formatMatchResults(matcher, format));
} else {
while (matcher.find()) {
String matchContent = matcher.group(1);
if (!matchContent.isEmpty()) {
Matcher secondMatcher = createPatternMatcher(s_regex, matchContent, sensitive);
matches.addAll(formatMatchResults(secondMatcher, format));
}
}
}
return matches;
}
private List<String> extractRegexMatchResults(String s_regex, AutomatonMatcher autoMatcher, String content) {
List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) {
matches.addAll(formatMatchResults(autoMatcher, content));
} else {
while (autoMatcher.find()) {
String s = autoMatcher.group();
if (!s.isEmpty()) {
autoMatcher = createAutomatonMatcher(s_regex, extractMatchedContent(content, s));
matches.addAll(formatMatchResults(autoMatcher, content));
}
}
}
return matches;
}
private List<String> formatMatchResults(Matcher matcher, String format) {
List<String> stringList = new ArrayList<>();
// 当format为{0}时,直接返回第一个捕获组,避免格式化开销
if ("{0}".equals(format)) {
while (matcher.find()) {
if (matcher.groupCount() > 0 && !matcher.group(1).isEmpty()) {
stringList.add(matcher.group(1));
}
}
return stringList;
}
// 需要复杂格式化的情况
List<Integer> indexList = parseIndexesFromString(format);
while (matcher.find()) {
if (!matcher.group(1).isEmpty()) {
Object[] params = indexList.stream().map(i -> {
if (!matcher.group(i + 1).isEmpty()) {
return matcher.group(i + 1);
}
return "";
}).toArray();
stringList.add(MessageFormat.format(normalizeFormatIndexes(format), params));
}
}
return stringList;
}
private List<String> formatMatchResults(AutomatonMatcher matcher, String content) {
List<String> stringList = new ArrayList<>();
while (matcher.find()) {
String s = matcher.group(0);
if (!s.isEmpty()) {
stringList.add(extractMatchedContent(content, s));
}
}
return stringList;
}
private Matcher createPatternMatcher(String regex, String content, boolean sensitive) {
Pattern pattern = nfaPatternCache.computeIfAbsent(regex, k -> {
int flags = sensitive ? 0 : Pattern.CASE_INSENSITIVE;
return Pattern.compile(regex, flags);
});
return pattern.matcher(content);
}
private AutomatonMatcher createAutomatonMatcher(String regex, String content) {
RunAutomaton runAuto = dfaAutomatonCache.computeIfAbsent(regex, k -> {
RegExp regexp = new RegExp(regex);
Automaton auto = regexp.toAutomaton();
return new RunAutomaton(auto, true);
});
return runAuto.newMatcher(content);
}
private LinkedList<Integer> parseIndexesFromString(String input) {
LinkedList<Integer> indexes = new LinkedList<>();
Matcher matcher = formatIndexPattern.matcher(input);
while (matcher.find()) {
String index = matcher.group(1);
if (!index.isEmpty()) {
indexes.add(Integer.valueOf(index));
}
}
return indexes;
}
private String extractMatchedContent(String content, String s) {
byte[] contentByte = api.utilities().byteUtils().convertFromString(content);
byte[] sByte = api.utilities().byteUtils().convertFromString(s);
int startIndex = api.utilities().byteUtils().indexOf(contentByte, sByte, false, 1, contentByte.length);
int endIndex = startIndex + s.length();
return content.substring(startIndex, endIndex);
}
private String normalizeFormatIndexes(String format) {
Matcher matcher = formatIndexPattern.matcher(format);
int count = 0;
while (matcher.find()) {
String newStr = String.format("{%s}", count);
String matchStr = matcher.group(0);
format = format.replace(matchStr, newStr);
count++;
}
return format;
}
}

48
src/main/java/hae/instances/websocket/WebSocketMessageHandler.java Normal file
View File

@@ -0,0 +1,48 @@
package hae.instances.websocket;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.HighlightColor;
import burp.api.montoya.proxy.websocket.*;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import java.util.List;
import java.util.Map;
public class WebSocketMessageHandler implements ProxyMessageHandler {
private final MontoyaApi api;
private final MessageProcessor messageProcessor;
public WebSocketMessageHandler(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.messageProcessor = new MessageProcessor(api, configLoader);
}
@Override
public TextMessageReceivedAction handleTextMessageReceived(InterceptedTextMessage interceptedTextMessage) {
String message = interceptedTextMessage.payload();
List<Map<String, String>> result = messageProcessor.processMessage("", message, true);
if (result != null && !result.isEmpty()) {
interceptedTextMessage.annotations().setHighlightColor(HighlightColor.highlightColor(result.get(0).get("color")));
interceptedTextMessage.annotations().setNotes(result.get(1).get("comment"));
}
return TextMessageReceivedAction.continueWith(interceptedTextMessage);
}
@Override
public TextMessageToBeSentAction handleTextMessageToBeSent(InterceptedTextMessage interceptedTextMessage) {
return TextMessageToBeSentAction.continueWith(interceptedTextMessage);
}
@Override
public BinaryMessageReceivedAction handleBinaryMessageReceived(InterceptedBinaryMessage interceptedBinaryMessage) {
return BinaryMessageReceivedAction.continueWith(interceptedBinaryMessage);
}
@Override
public BinaryMessageToBeSentAction handleBinaryMessageToBeSent(InterceptedBinaryMessage interceptedBinaryMessage) {
return BinaryMessageToBeSentAction.continueWith(interceptedBinaryMessage);
}
}

277
src/main/java/hae/utils/ConfigLoader.java Normal file
View File

@@ -0,0 +1,277 @@
package hae.utils;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
import org.yaml.snakeyaml.representer.Representer;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.*;
public class ConfigLoader {
private final MontoyaApi api;
private final Yaml yaml;
private final String configFilePath;
private final String rulesFilePath;
public ConfigLoader(MontoyaApi api) {
this.api = api;
this.yaml = createSecureYaml();
String configPath = determineConfigPath();
this.configFilePath = String.format("%s/%s", configPath, "Config.yml");
this.rulesFilePath = String.format("%s/%s", configPath, "Rules.yml");
// 构造函数,初始化配置
File HaEConfigPathFile = new File(configPath);
if (!(HaEConfigPathFile.exists() && HaEConfigPathFile.isDirectory())) {
HaEConfigPathFile.mkdirs();
}
File configFilePath = new File(this.configFilePath);
if (!(configFilePath.exists() && configFilePath.isFile())) {
initConfig();
}
File rulesFilePath = new File(this.rulesFilePath);
if (!(rulesFilePath.exists() && rulesFilePath.isFile())) {
initRules();
}
Config.globalRules = getRules();
}
private static boolean isValidConfigPath(String configPath) {
File configPathFile = new File(configPath);
return configPathFile.exists() && configPathFile.isDirectory();
}
private Yaml createSecureYaml() {
// 配置 LoaderOptions 进行安全限制
LoaderOptions loaderOptions = new LoaderOptions();
// 禁用注释处理
loaderOptions.setProcessComments(false);
// 禁止递归键
loaderOptions.setAllowRecursiveKeys(false);
// 配置 DumperOptions 控制输出格式
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
// 创建 Representer
Representer representer = new Representer(dop);
// 使用 SafeConstructor创建安全的 YAML 实例
return new Yaml(new SafeConstructor(loaderOptions), representer, dop);
}
private String determineConfigPath() {
// 优先级1用户根目录
String userConfigPath = String.format("%s/.config/HaE", System.getProperty("user.home"));
if (isValidConfigPath(userConfigPath)) {
return userConfigPath;
}
// 优先级2Jar包所在目录
String jarPath = api.extension().filename();
String jarDirectory = new File(jarPath).getParent();
String jarConfigPath = String.format("%s/.config/HaE", jarDirectory);
if (isValidConfigPath(jarConfigPath)) {
return jarConfigPath;
}
return userConfigPath;
}
public void initConfig() {
Map<String, Object> r = new LinkedHashMap<>();
r.put("ExcludeSuffix", getExcludeSuffix());
r.put("BlockHost", getBlockHost());
r.put("ExcludeStatus", getExcludeStatus());
r.put("LimitSize", getLimitSize());
r.put("HaEScope", getScope());
r.put("DynamicHeader", getDynamicHeader());
try {
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws);
ws.close();
} catch (Exception ignored) {
}
}
public String getRulesFilePath() {
return rulesFilePath;
}
// 获取规则配置
public Map<String, Object[][]> getRules() {
Map<String, Object[][]> rules = new HashMap<>();
try {
InputStream inputStream = Files.newInputStream(Paths.get(getRulesFilePath()));
Map<String, Object> rulesMap = yaml.load(inputStream);
Object rulesObj = rulesMap.get("rules");
if (rulesObj instanceof List) {
List<Map<String, Object>> groupData = (List<Map<String, Object>>) rulesObj;
for (Map<String, Object> groupFields : groupData) {
ArrayList<Object[]> data = new ArrayList<>();
Object ruleObj = groupFields.get("rule");
if (ruleObj instanceof List) {
List<Map<String, Object>> ruleData = (List<Map<String, Object>>) ruleObj;
for (Map<String, Object> ruleFields : ruleData) {
Object[] valuesArray = new Object[Config.ruleFields.length];
for (int i = 0; i < Config.ruleFields.length; i++) {
valuesArray[i] = ruleFields.get(Config.ruleFields[i].toLowerCase().replace("-", "_"));
}
data.add(valuesArray);
}
}
Object[][] dataArray = data.toArray(new Object[data.size()][]);
rules.put(groupFields.get("group").toString(), dataArray);
}
}
return rules;
} catch (Exception ignored) {
}
return rules;
}
public String getBlockHost() {
return getValueFromConfig("BlockHost", Config.host);
}
public void setBlockHost(String blockHost) {
setValueToConfig("BlockHost", blockHost);
}
public String getExcludeSuffix() {
return getValueFromConfig("ExcludeSuffix", Config.suffix);
}
public void setExcludeSuffix(String excludeSuffix) {
setValueToConfig("ExcludeSuffix", excludeSuffix);
}
public String getExcludeStatus() {
return getValueFromConfig("ExcludeStatus", Config.status);
}
public void setExcludeStatus(String status) {
setValueToConfig("ExcludeStatus", status);
}
public String getDynamicHeader() {
return getValueFromConfig("DynamicHeader", Config.header);
}
public void setDynamicHeader(String header) {
setValueToConfig("DynamicHeader", header);
}
public String getLimitSize() {
return getValueFromConfig("LimitSize", Config.size);
}
public void setLimitSize(String size) {
setValueToConfig("LimitSize", size);
}
public String getScope() {
return getValueFromConfig("HaEScope", Config.scopeOptions);
}
public void setScope(String scope) {
setValueToConfig("HaEScope", scope);
}
public boolean getMode() {
return getValueFromConfig("HaEModeStatus", Config.modeStatus).equals("true");
}
public void setMode(String mode) {
setValueToConfig("HaEModeStatus", mode);
}
private String getValueFromConfig(String name, String defaultValue) {
File yamlSetting = new File(configFilePath);
if (!yamlSetting.exists() || !yamlSetting.isFile()) {
return defaultValue;
}
try (InputStream inorder = Files.newInputStream(Paths.get(configFilePath))) {
Map<String, Object> r = new Yaml().load(inorder);
if (r.containsKey(name)) {
return r.get(name).toString();
}
} catch (Exception ignored) {
}
return defaultValue;
}
private void setValueToConfig(String name, String value) {
Map<String, Object> currentConfig = loadCurrentConfig();
currentConfig.put(name, value);
try (Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8)) {
yaml.dump(currentConfig, ws);
} catch (Exception ignored) {
}
}
private Map<String, Object> loadCurrentConfig() {
Path path = Paths.get(configFilePath);
if (!Files.exists(path)) {
return new LinkedHashMap<>(); // 返回空的Map表示没有当前配置
}
try (InputStream in = Files.newInputStream(path)) {
return yaml.load(in);
} catch (Exception e) {
return new LinkedHashMap<>(); // 读取失败时也返回空的Map
}
}
public boolean initRules() {
boolean ret = copyRulesToFile(this.rulesFilePath);
if (!ret) {
api.extension().unload();
}
return ret;
}
private boolean copyRulesToFile(String targetFilePath) {
InputStream inputStream = getClass().getClassLoader().getResourceAsStream("rules/Rules.yml");
File targetFile = new File(targetFilePath);
try (inputStream; OutputStream outputStream = new FileOutputStream(targetFile)) {
if (inputStream != null) {
byte[] buffer = new byte[1024];
int length;
while ((length = inputStream.read(buffer)) > 0) {
outputStream.write(buffer, 0, length);
}
return true;
}
} catch (Exception ignored) {
}
return false;
}
}

137
src/main/java/hae/utils/DataManager.java Normal file
View File

@@ -0,0 +1,137 @@
package hae.utils;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.persistence.PersistedList;
import burp.api.montoya.persistence.PersistedObject;
import burp.api.montoya.persistence.Persistence;
import hae.component.board.message.MessageTableModel;
import hae.instances.http.utils.RegularMatcher;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
public class DataManager {
private final MontoyaApi api;
private final Persistence persistence;
public DataManager(MontoyaApi api) {
this.api = api;
this.persistence = api.persistence();
}
public synchronized void putData(String dataType, String dataName, PersistedObject persistedObject) {
if (persistence.extensionData().getChildObject(dataName) != null) {
persistence.extensionData().deleteChildObject(dataName);
}
persistence.extensionData().setChildObject(dataName, persistedObject);
saveIndex(dataType, dataName);
}
public synchronized void loadData(MessageTableModel messageTableModel) {
// 1. 获取索引
PersistedList<String> dataIndex = persistence.extensionData().getStringList("data"); // 数据索引
PersistedList<String> messageIndex = persistence.extensionData().getStringList("message"); // 消息索引
// 2. 从索引获取数据
loadHaEData(dataIndex);
loadMessageData(messageIndex, messageTableModel);
}
private void saveIndex(String indexName, String indexValue) {
PersistedList<String> indexList = persistence.extensionData().getStringList(indexName);
if (indexList != null && !indexList.isEmpty()) {
persistence.extensionData().deleteStringList(indexName);
} else if (indexList == null) {
indexList = PersistedList.persistedStringList();
}
if (!indexList.contains(indexValue)) {
indexList.add(indexValue);
}
persistence.extensionData().setStringList(indexName, indexList);
}
private void loadHaEData(PersistedList<String> dataIndex) {
if (dataIndex != null && !dataIndex.isEmpty()) {
dataIndex.forEach(index -> {
PersistedObject dataObj = persistence.extensionData().getChildObject(index);
try {
dataObj.stringListKeys().forEach(dataKey -> RegularMatcher.updateGlobalMatchCache(api, index, dataKey, dataObj.getStringList(dataKey).stream().toList(), false));
} catch (Exception ignored) {
}
});
}
}
private void loadMessageData(PersistedList<String> messageIndex, MessageTableModel messageTableModel) {
if (messageIndex == null || messageIndex.isEmpty()) {
return;
}
// 直接转换为List简化处理
List<String> indexList = messageIndex.stream()
.filter(Objects::nonNull)
.map(Object::toString)
.toList();
if (indexList.isEmpty()) {
return;
}
final int batchSize = 2000;
final int threadCount = Math.max(8, Runtime.getRuntime().availableProcessors() * 2);
ExecutorService executorService = Executors.newWorkStealingPool(threadCount);
try {
// 分批处理
for (int i = 0; i < indexList.size(); i += batchSize) {
int endIndex = Math.min(i + batchSize, indexList.size());
List<String> batch = indexList.subList(i, endIndex);
processBatch(batch, messageTableModel);
}
} finally {
executorService.shutdown();
}
}
private void processBatch(List<String> batch, MessageTableModel messageTableModel) {
batch.forEach(index -> {
try {
PersistedObject dataObj = persistence.extensionData().getChildObject(index);
if (dataObj != null) {
HttpRequestResponse messageInfo = dataObj.getHttpRequestResponse("messageInfo");
if (messageInfo != null) {
addMessageToModel(messageInfo, dataObj, messageTableModel);
}
}
} catch (Exception e) {
api.logging().logToError("processBatch: " + e.getMessage());
}
});
}
private void addMessageToModel(HttpRequestResponse messageInfo, PersistedObject dataObj, MessageTableModel messageTableModel) {
HttpRequest request = messageInfo.request();
HttpResponse response = messageInfo.response();
messageTableModel.add(
messageInfo,
request.url(),
request.method(),
String.valueOf(response.statusCode()),
String.valueOf(response.toByteArray().length()),
dataObj.getString("comment"),
dataObj.getString("color"),
false
);
}
}

81
src/main/java/hae/utils/UIEnhancer.java Normal file
View File

@@ -0,0 +1,81 @@
package hae.utils;
import javax.swing.*;
import java.awt.*;
import java.awt.event.FocusEvent;
import java.awt.event.FocusListener;
public class UIEnhancer {
public static void setTextFieldPlaceholder(JTextField textField, String placeholderText) {
// 存储占位符文本
textField.putClientProperty("placeholderText", placeholderText);
textField.putClientProperty("isPlaceholder", true);
updatePlaceholderText(textField);
textField.addPropertyChangeListener("background", evt -> {
updateForeground(textField);
});
textField.addFocusListener(new FocusListener() {
@Override
public void focusGained(FocusEvent e) {
if (Boolean.TRUE.equals(textField.getClientProperty("isPlaceholder"))) {
textField.putClientProperty("isPlaceholder", false);
updateForeground(textField);
textField.setText("");
}
}
@Override
public void focusLost(FocusEvent e) {
if (textField.getText().isEmpty()) {
updatePlaceholderText(textField);
}
}
});
textField.addPropertyChangeListener("text", evt -> {
if (Boolean.TRUE.equals(textField.getClientProperty("isPlaceholder"))) {
if (!textField.getText().isEmpty()) {
textField.putClientProperty("isPlaceholder", false);
updateForeground(textField);
}
} else {
if (textField.getText().isEmpty()) {
updatePlaceholderText(textField);
}
}
});
}
private static void updatePlaceholderText(JTextField textField) {
String placeholderText = (String) textField.getClientProperty("placeholderText");
textField.putClientProperty("isPlaceholder", true);
textField.setText(placeholderText);
textField.setForeground(Color.GRAY);
}
private static void updateForeground(JTextField textField) {
Color bg = textField.getBackground();
Color fg = isDarkColor(bg) ? Color.WHITE : Color.BLACK;
if (!Boolean.TRUE.equals(textField.getClientProperty("isPlaceholder"))) {
textField.setForeground(fg);
textField.putClientProperty("isPlaceholder", false);
}
}
public static boolean isDarkColor(Color color) {
double brightness = 0.299 * color.getRed()
+ 0.587 * color.getGreen()
+ 0.114 * color.getBlue();
return brightness < 128;
}
public static boolean hasUserInput(JTextField field) {
Object prop = field.getClientProperty("isPlaceholder");
return prop instanceof Boolean && !((Boolean) prop);
}
}

71
src/main/java/hae/utils/http/HttpUtils.java Normal file
View File

@@ -0,0 +1,71 @@
package hae.utils.http;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import hae.utils.ConfigLoader;
import hae.utils.string.StringProcessor;
import java.util.Arrays;
import java.util.List;
public class HttpUtils {
private final MontoyaApi api;
private final ConfigLoader configLoader;
public HttpUtils(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
}
public boolean verifyHttpRequestResponse(HttpRequestResponse requestResponse, String toolType) {
HttpRequest request = requestResponse.request();
HttpResponse response = requestResponse.response();
boolean retStatus = false;
try {
String host = StringProcessor.getHostByUrl(request.url());
boolean isBlockHost = false;
String blockHost = configLoader.getBlockHost();
if (!blockHost.isBlank()) {
String[] hostList = configLoader.getBlockHost().split("\\|");
isBlockHost = isBlockHost(hostList, host);
}
boolean isExcludeSuffix = false;
String suffix = configLoader.getExcludeSuffix();
if (!suffix.isBlank()) {
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
isExcludeSuffix = suffixList.contains(request.fileExtension().toLowerCase());
}
boolean isToolScope = !configLoader.getScope().contains(toolType);
boolean isExcludeStatus = false;
String status = configLoader.getExcludeStatus();
if (!status.isBlank()) {
List<String> statusList = Arrays.asList(configLoader.getExcludeStatus().split("\\|"));
isExcludeStatus = statusList.contains(String.valueOf(response.statusCode()));
}
retStatus = isExcludeSuffix || isBlockHost || isToolScope || isExcludeStatus;
} catch (Exception ignored) {
}
return retStatus;
}
private boolean isBlockHost(String[] hostList, String host) {
boolean isBlockHost = false;
for (String hostName : hostList) {
String cleanedHost = StringProcessor.replaceFirstOccurrence(hostName, "*.", "");
if (hostName.contains("*.") && StringProcessor.matchFromEnd(host, cleanedHost)) {
isBlockHost = true;
} else if (host.equals(hostName) || hostName.equals("*")) {
isBlockHost = true;
}
}
return isBlockHost;
}
}

113
src/main/java/hae/utils/rule/RuleProcessor.java Normal file
View File

@@ -0,0 +1,113 @@
package hae.utils.rule;
import burp.api.montoya.MontoyaApi;
import hae.Config;
import hae.cache.DataCache;
import hae.utils.ConfigLoader;
import hae.utils.rule.model.Group;
import hae.utils.rule.model.Info;
import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.representer.Representer;
import java.io.File;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.util.*;
import java.util.stream.Collectors;
public class RuleProcessor {
private final MontoyaApi api;
private final ConfigLoader configLoader;
public RuleProcessor(MontoyaApi api, ConfigLoader configLoader) {
this.api = api;
this.configLoader = configLoader;
}
public void rulesFormatAndSave() {
DataCache.clear();
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer(dop);
Yaml yaml = new Yaml(representer, dop);
List<Group> ruleGroupList = new ArrayList<>();
Config.globalRules.forEach((k, v) -> {
List<Info> ruleList = Arrays.stream(v)
.map(objects -> new Info(
(boolean) objects[0],
(String) objects[1],
(String) objects[2],
(String) objects[3],
(String) objects[4],
(String) objects[5],
(String) objects[6],
(String) objects[7],
(boolean) objects[8]))
.collect(Collectors.toList());
ruleGroupList.add(new Group(k, ruleList));
});
List<Map<String, Object>> outputGroupsMap = ruleGroupList.stream()
.map(Group::getFields)
.collect(Collectors.toList());
Map<String, Object> outputMap = new LinkedHashMap<>();
outputMap.put("rules", outputGroupsMap);
File f = new File(configLoader.getRulesFilePath());
try (Writer ws = new OutputStreamWriter(Files.newOutputStream(f.toPath()), StandardCharsets.UTF_8)) {
yaml.dump(outputMap, ws);
} catch (Exception ignored) {
}
}
public void changeRule(Vector data, int select, String type) {
Config.globalRules.get(type)[select] = data.toArray();
this.rulesFormatAndSave();
}
public void addRule(Vector data, String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.globalRules.get(type)));
x.add(data.toArray());
Config.globalRules.put(type, x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void removeRule(int select, String type) {
ArrayList<Object[]> x = new ArrayList<>(Arrays.asList(Config.globalRules.get(type)));
x.remove(select);
Config.globalRules.put(type, x.toArray(new Object[x.size()][]));
this.rulesFormatAndSave();
}
public void renameRuleGroup(String oldName, String newName) {
Config.globalRules.put(newName, Config.globalRules.remove(oldName));
this.rulesFormatAndSave();
}
public void deleteRuleGroup(String Rules) {
Config.globalRules.remove(Rules);
this.rulesFormatAndSave();
}
public String newRule() {
int i = 0;
String name = "New ";
while (Config.globalRules.containsKey(name + i)) {
i++;
}
Config.globalRules.put(name + i, Config.ruleTemplate);
this.rulesFormatAndSave();
return name + i;
}
}

16
src/main/java/burp/rule/model/RuleGroup.java → src/main/java/hae/utils/rule/model/Group.java
View File

@@ -1,20 +1,16 @@
package burp.rule.model;
package hae.utils.rule.model;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
/**
* @author EvilChen
*/
public class RuleGroup {
public class Group {
private Map<String, Object> fields;
public RuleGroup(String groupName, List<Rule> rules) {
public Group(String groupName, List<Info> rules) {
List<Map<String, Object>> ruleList = new ArrayList<>();
for (Rule rule : rules) {
for (Info rule : rules) {
ruleList.add(rule.getFields());
}
@@ -23,10 +19,6 @@ public class RuleGroup {
fields.put("rule", ruleList);
}
public RuleGroup() {
}
public Map<String, Object> getFields() {
return fields;
}

18
src/main/java/burp/rule/model/Rule.java → src/main/java/hae/utils/rule/model/Info.java
View File

@@ -1,30 +1,24 @@
package burp.rule.model;
package hae.utils.rule.model;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* @author EvilChen
*/
public class Rule {
public class Info {
private Map<String, Object> fields;
public Rule(boolean loaded, String name, String regex, String color, String scope, String engine, boolean sensitive) {
public Info(boolean loaded, String name, String f_regex, String s_regex, String format, String color, String scope, String engine, boolean sensitive) {
fields = new LinkedHashMap<>();
fields.put("name", name);
fields.put("loaded", loaded);
fields.put("regex", regex);
fields.put("f_regex", f_regex);
fields.put("s_regex", s_regex);
fields.put("format", format);
fields.put("color", color);
fields.put("scope", scope);
fields.put("engine", engine);
fields.put("sensitive", sensitive);
}
public Rule() {
}
public Map<String, Object> getFields() {
return fields;
}

20
src/main/java/burp/core/utils/HashCalculator.java → src/main/java/hae/utils/string/HashCalculator.java
View File

@@ -1,17 +1,17 @@
package burp.core.utils;
package hae.utils.string;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/**
* @author EvilChen
*/
public class HashCalculator {
public static String calculateHash(byte[] bytes) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance("MD5");
byte[] hashBytes = digest.digest(bytes);
return bytesToHex(hashBytes);
public static String calculateHash(byte[] bytes) {
MessageDigest digest;
try {
digest = MessageDigest.getInstance("MD5");
byte[] hashBytes = digest.digest(bytes);
return bytesToHex(hashBytes);
} catch (Exception ignored) {
return "";
}
}
private static String bytesToHex(byte[] bytes) {

124
src/main/java/hae/utils/string/StringProcessor.java Normal file
View File

@@ -0,0 +1,124 @@
package hae.utils.string;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
public class StringProcessor {
public static String replaceFirstOccurrence(String original, String find, String replace) {
int index = original.indexOf(find);
if (index != -1) {
return original.substring(0, index) + replace + original.substring(index + find.length());
}
return original;
}
public static boolean matchFromEnd(String input, String pattern) {
int inputLength = input.length();
int patternLength = pattern.length();
int inputIndex = inputLength - 1;
int patternIndex = patternLength - 1;
while (inputIndex >= 0 && patternIndex >= 0) {
if (input.charAt(inputIndex) != pattern.charAt(patternIndex)) {
return false;
}
inputIndex--;
patternIndex--;
}
// 如果patternIndex为-1表示pattern字符串已经完全匹配
return patternIndex == -1;
}
public static String extractHostname(String hostWithPort) {
if (hostWithPort == null || hostWithPort.isEmpty()) {
return "";
}
int colonIndex = hostWithPort.indexOf(":");
if (colonIndex != -1) {
return hostWithPort.substring(0, colonIndex);
} else {
return hostWithPort;
}
}
public static boolean matchesHostPattern(String host, String selectedHost) {
String hostname = StringProcessor.extractHostname(host);
String hostPattern = selectedHost.replace("*.", "");
boolean matchesDirectly = selectedHost.equals("*") || host.equals(selectedHost);
boolean matchesPattern = !host.contains("*") &&
(hostPattern.equals(selectedHost) ?
StringProcessor.matchFromEnd(host, hostPattern) :
StringProcessor.matchFromEnd(hostname, hostPattern));
return matchesDirectly || matchesPattern;
}
public static String getRandomUUID() {
UUID uuid = UUID.randomUUID();
return uuid.toString();
}
public static String mergeComment(String comment) {
if (!comment.contains(",")) {
return comment;
}
Map<String, Integer> itemCounts = getStringIntegerMap(comment);
StringBuilder mergedItems = new StringBuilder();
for (Map.Entry<String, Integer> entry : itemCounts.entrySet()) {
String itemName = entry.getKey();
int count = entry.getValue();
if (count != 0) {
mergedItems.append(itemName).append(" (").append(count).append("), ");
}
}
return mergedItems.substring(0, mergedItems.length() - 2);
}
public static String getHostByUrl(String url) {
String host = "";
try {
URL u = new URL(url);
int port = u.getPort();
if (port == -1) {
host = u.getHost();
} else {
host = String.format("%s:%s", u.getHost(), port);
}
} catch (Exception ignored) {
}
return host;
}
public static boolean matchHostIsIp(String host) {
return host.matches("\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b");
}
private static Map<String, Integer> getStringIntegerMap(String comment) {
Map<String, Integer> itemCounts = new HashMap<>();
String[] items = comment.split(", ");
for (String item : items) {
if (item.contains("(") && item.contains(")")) {
int openParenIndex = item.lastIndexOf("(");
int closeParenIndex = item.lastIndexOf(")");
String itemName = item.substring(0, openParenIndex).trim();
int count = Integer.parseInt(item.substring(openParenIndex + 1, closeParenIndex).trim());
itemCounts.put(itemName, itemCounts.getOrDefault(itemName, 0) + count);
} else {
itemCounts.put(item, 0);
}
}
return itemCounts;
}
}

BIN
src/main/resources/logo/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

BIN
src/main/resources/logo/logo_black.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.8 KiB

361
src/main/resources/rules/Rules.yml Normal file
View File

@@ -0,0 +1,361 @@
rules:
- group: Fingerprint
rule:
- name: Shiro
loaded: true
f_regex: (=deleteMe|rememberMe=)
s_regex: ''
format: '{0}'
color: green
scope: any header
engine: dfa
sensitive: true
- name: JSON Web Token
loaded: true
f_regex: (eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9._-]{10,}|eyJ[A-Za-z0-9_\/+-]{10,}\.[A-Za-z0-9._\/+-]{10,})
s_regex: ''
format: '{0}'
color: green
scope: any
engine: nfa
sensitive: true
- name: Swagger UI
loaded: true
f_regex: ((swagger-ui.html)|(\"swagger\":)|(Swagger UI)|(swaggerUi)|(swaggerVersion))
s_regex: ''
format: '{0}'
color: red
scope: response body
engine: dfa
sensitive: false
- name: Ueditor
loaded: true
f_regex: (ueditor\.(config|all)\.js)
s_regex: ''
format: '{0}'
color: green
scope: response body
engine: dfa
sensitive: false
- name: Druid
loaded: true
f_regex: (Druid Stat Index)
s_regex: ''
format: '{0}'
color: orange
scope: response body
engine: dfa
sensitive: false
- name: PDF.js Viewer
loaded: true
f_regex: (pdf.worker)
s_regex: ''
format: '{0}'
color: green
scope: response body
engine: dfa
sensitive: false
- name: Vite DevMode
loaded: true
f_regex: (/\@vite/client)
s_regex: ''
format: '{0}'
color: red
scope: response body
engine: dfa
sensitive: true
- group: Maybe Vulnerability
rule:
- name: Java Deserialization
loaded: true
f_regex: (javax\.faces\.ViewState)
s_regex: ''
format: '{0}'
color: yellow
scope: response body
engine: dfa
sensitive: false
- name: Debug Logic Parameters
loaded: true
f_regex: ((access=)|(adm=)|(admin=)|(alter=)|(cfg=)|(clone=)|(config=)|(create=)|(dbg=)|(debug=)|(delete=)|(disable=)|(edit=)|(enable=)|(exec=)|(execute=)|(grant=)|(load=)|(make=)|(modify=)|(rename=)|(reset=)|(root=)|(shell=)|(test=)|(toggl=))
s_regex: ''
format: '{0}'
color: cyan
scope: request
engine: dfa
sensitive: false
- name: URL As A Value
loaded: true
f_regex: (=(https?)(://|%3a%2f%2f))
s_regex: ''
format: '{0}'
color: cyan
scope: any
engine: nfa
sensitive: false
- name: Upload Form
loaded: true
f_regex: (type\=\"file\")
s_regex: ''
format: '{0}'
color: yellow
scope: response body
engine: dfa
sensitive: false
- name: DoS Paramters
loaded: true
f_regex: ((size=)|(page=)|(num=)|(limit=)|(start=)|(end=)|(count=))
s_regex: ''
format: '{0}'
color: cyan
scope: request
engine: dfa
sensitive: false
- name: Passwd File
loaded: true
f_regex: (/root:/bin/bash)
s_regex: ''
format: '{0}'
color: red
scope: response body
engine: dfa
sensitive: true
- name: Win.ini File
loaded: true
f_regex: (for 16-bit app)
s_regex: ''
format: '{0}'
color: red
scope: response body
engine: dfa
sensitive: true
- group: Basic Information
rule:
- name: Email
loaded: true
f_regex: (\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,5}\b)
s_regex: ^((?!.*\.(jpg|jpeg|png|gif|bmp|webp|svg|tiff|ico?)$).*@.*\..*)$
format: '{0}'
color: yellow
scope: response
engine: nfa
sensitive: false
- name: Chinese IDCard
loaded: true
f_regex: '[^0-9]((\d{8}(0\d|10|11|12)([0-2]\d|30|31)\d{3}$)|(\d{6}(18|19|20)\d{2}(0[1-9]|10|11|12)([0-2]\d|30|31)\d{3}(\d|X|x)))[^0-9]'
s_regex: ''
format: '{0}'
color: orange
scope: response body
engine: nfa
sensitive: true
- name: Chinese Mobile Number
loaded: true
f_regex: '[^\w]((?:(?:\+|0{0,2})86)?1(?:(?:3[\d])|(?:4[5-79])|(?:5[0-35-9])|(?:6[5-7])|(?:7[0-8])|(?:8[\d])|(?:9[189]))\d{8})[^\w]'
s_regex: ''
format: '{0}'
color: orange
scope: response body
engine: nfa
sensitive: false
- name: Internal IP Address
loaded: true
f_regex: '[^0-9]((127\.0\.0\.1)|(10\.\d{1,3}\.\d{1,3}\.\d{1,3})|(172\.((1[6-9])|(2\d)|(3[01]))\.\d{1,3}\.\d{1,3})|(192\.168\.\d{1,3}\.\d{1,3}))'
s_regex: ''
format: '{0}'
color: cyan
scope: response
engine: nfa
sensitive: true
- name: MAC Address
loaded: true
f_regex: (^([a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){5})|[^a-zA-Z0-9]([a-fA-F0-9]{2}(:[a-fA-F0-9]{2}){5}))
s_regex: ''
format: '{0}'
color: green
scope: response
engine: nfa
sensitive: true
- group: Sensitive Information
rule:
- name: Cloud Key
loaded: true
f_regex: (((access)(|-|_)(key)(|-|_)(id|secret))|(LTAI[a-z0-9]{12,20}))
s_regex: ''
format: '{0}'
color: yellow
scope: any
engine: nfa
sensitive: false
- name: Windows File/Dir Path
loaded: true
f_regex: '[^\w]([a-zA-Z]:\\\\?(?:[^<>:/\\|?*]+\\\\?)*)([^<>:/\\|?*]+(?:\.[^<>:/\\|?*]+)?)'
s_regex: ''
format: '{0}'
color: green
scope: response
engine: nfa
sensitive: true
- name: Password Field
loaded: true
f_regex: (((|\\)(|'|")(|[\.\w]{1,32})([p](ass|wd|asswd|assword))(|[\.\w]{1,32})(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2}|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,32})([p](ass|wd|asswd|assword))(|[\.\w]{1,32})(|\\)(|'|")))
s_regex: ''
format: '{0}'
color: yellow
scope: response body
engine: nfa
sensitive: false
- name: Username Field
loaded: true
f_regex: (((|\\)(|'|")(|[\.\w]{1,32})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\.\w]{1,32})(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2}|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,32})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\.\w]{1,32})(|\\)(|'|")))
s_regex: ''
format: '{0}'
color: green
scope: response body
engine: nfa
sensitive: false
- name: WeCom Key
loaded: true
f_regex: ((corp)(id|secret))
s_regex: ''
format: '{0}'
color: green
scope: response body
engine: dfa
sensitive: false
- name: JDBC Connection
loaded: true
f_regex: (jdbc:[a-z:]+://[a-z0-9\.\-_:;=/@?,&]+)
s_regex: ''
format: '{0}'
color: yellow
scope: any
engine: nfa
sensitive: false
- name: Authorization Header
loaded: true
f_regex: ((basic [a-z0-9=:_\+\/-]{5,100})|(bearer [a-z0-9_.=:_\+\/-]{5,100}))
s_regex: ''
format: '{0}'
color: yellow
scope: response body
engine: nfa
sensitive: false
- name: Sensitive Field
loaded: true
f_regex: (((|\\)(|'|")(|[\.\w]{1,32})(key|secret|token|config|auth|access|admin|ticket)(|[\.\w]{1,32})(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2}|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,32})(key|secret|token|config|auth|access|admin|ticket)(|[\.\w]{1,32})(|\\)(|'|")))
s_regex: ''
format: '{0}'
color: yellow
scope: response
engine: nfa
sensitive: false
- name: Mobile Number Field
loaded: true
f_regex: (((|\\)(|'|")(|[\.\w]{1,32})(mobile|phone|sjh|shoujihao|concat)(|[\.\w]{1,32})(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2}|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,32})(mobile|phone|sjh|shoujihao|concat)(|[\.\w]{1,32})(|\\)(|'|")))
s_regex: ''
format: '{0}'
color: green
scope: response body
engine: nfa
sensitive: false
- name: Userinfo In Link
loaded: true
f_regex: (?:"|'|\`)(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;|*()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:\w)(?:[\?|#][^"|']{0,}|)))(?:"|'|\`)
s_regex: ((([p](ass|wd|asswd|assword))|(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator)))))=[\.\w]{1,32})
format: '{0}'
color: green
scope: response body
engine: nfa
sensitive: false
- group: Other
rule:
- name: Linkfinder
loaded: true
f_regex: (?:"|'|\`)(((?:[a-zA-Z]{1,10}://|//)[^"'/]{1,}\.[a-zA-Z]{2,}[^"']{0,})|((?:/|\.\./|\./)[^"'><,;|*()(%%$^/\\\[\]][^"'><,;|()]{1,})|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{1,}\.(?:[a-zA-Z]{1,4}|action)(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-/]{1,}/[a-zA-Z0-9_\-/]{3,}(?:[\?|#][^"|']{0,}|))|([a-zA-Z0-9_\-]{1,}\.(?:\w)(?:[\?|#][^"|']{0,}|)))(?:"|'|\`)
s_regex: ''
format: '{0}'
color: gray
scope: response body
engine: nfa
sensitive: true
- name: Source Map
loaded: true
f_regex: (\.js\.map)
s_regex: ''
format: '{0}'
color: pink
scope: response body
engine: dfa
sensitive: false
- name: Create Script
loaded: true
f_regex: (\{[^{}]*\}\s*\[[^\s]*\]\s*\+\s*"[^\s]*\.js")
s_regex: '"?([\w].*?)"?:"(.*?)"'
format: '{0}.{1}'
color: green
scope: response body
engine: nfa
sensitive: false
- name: URL Schemes
loaded: true
f_regex: (\b(?![\w]{0,10}?https?://)(([A-Za-z0-9-\.]{1,20})://([-\w+&@#/%?=~_|!:,.;]*[-\w+&@#/%=~_|])?))
s_regex: ''
format: '{0}'
color: yellow
scope: response body
engine: nfa
sensitive: false
- name: Router Push
loaded: true
f_regex: (\$router\.push)
s_regex: ''
format: '{0}'
color: magenta
scope: response body
engine: dfa
sensitive: false
- name: All URL
loaded: true
f_regex: (https?://[-A-Za-z0-9+&@#/%?=~_|!:,.;\u4E00-\u9FFF]+[-A-Za-z0-9+&@#/%=~_|])
s_regex: ''
format: '{0}'
color: gray
scope: response body
engine: nfa
sensitive: true
- name: Request URI
loaded: false
f_regex: ' ((?!.*\.js(\?.*)?$)(.*?[^.js$])) '
s_regex: ''
format: '{0}'
color: gray
scope: request line
engine: nfa
sensitive: false
- name: 302 Location
loaded: true
f_regex: 'Location: (.*?)\r\n'
s_regex: ''
format: '{0}'
color: gray
scope: response header
engine: nfa
sensitive: false
- name: OSKeys
loaded: false
f_regex: <Key>(.*?)</Key>
s_regex: ''
format: '{0}'
color: gray
scope: response body
engine: nfa
sensitive: true