admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:2.6
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
..
compare: admin:2.6.1
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

1 Commits
2.6 ... 2.6.1

Author SHA1 Message Date
gh0stkey
ad1a14b27e Version: 2.6.1 Update 2024-03-22 15:34:53 +08:00
3 changed files with 57 additions and 31 deletions
Expand all files Collapse all files

2
src/main/java/burp/BurpExtender.java
View File

@@ -36,7 +36,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
new ConfigLoader();
String version = "2.6";
String version = "2.6.1";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出

56
src/main/java/burp/core/processor/DataProcessingUnit.java
View File

@@ -177,6 +177,7 @@ public class DataProcessingUnit {
Matcher matcher = createPatternMatcher(f_regex, content, sensitive);
retList.addAll(extractMatches(s_regex, format, sensitive, matcher));
} else {
// DFA不支持格式化输出因此不关注format
String newContent = content;
String newFirstRegex = f_regex;
if (!sensitive) {
@@ -184,7 +185,7 @@ public class DataProcessingUnit {
newFirstRegex = f_regex.toLowerCase();
}
AutomatonMatcher autoMatcher = createAutomatonMatcher(newFirstRegex, newContent);
retList.addAll(extractMatches(s_regex, format, autoMatcher, content));
retList.addAll(extractMatches(s_regex, autoMatcher, content));
}
return retList;
}
@@ -195,21 +196,27 @@ public class DataProcessingUnit {
matches.addAll(getFormatString(matcher, format));
} else {
while (matcher.find()) {
matcher = createPatternMatcher(s_regex, matcher.group(1), sensitive);
matches.addAll(getFormatString(matcher, format));
String matchContent = matcher.group(1);
if (!matchContent.isEmpty()) {
matcher = createPatternMatcher(s_regex, matchContent, sensitive);
matches.addAll(getFormatString(matcher, format));
}
}
}
return matches;
}
private List<String> extractMatches(String s_regex, String format, AutomatonMatcher autoMatcher, String content) {
private List<String> extractMatches(String s_regex, AutomatonMatcher autoMatcher, String content) {
List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) {
matches.addAll(getFormatString(autoMatcher, format, content));
matches.addAll(getFormatString(autoMatcher, content));
} else {
while (autoMatcher.find()) {
autoMatcher = createAutomatonMatcher(s_regex, getSubString(content, autoMatcher.group()));
matches.addAll(getFormatString(autoMatcher, format, content));
String s = autoMatcher.group();
if (!s.isEmpty()) {
autoMatcher = createAutomatonMatcher(s_regex, getSubString(content, s));
matches.addAll(getFormatString(autoMatcher, content));
}
}
}
return matches;
@@ -220,25 +227,29 @@ public class DataProcessingUnit {
List<String> stringList = new ArrayList<>();
while (matcher.find()) {
Object[] params = indexList.stream().map(i -> {
if (matcher.group(i+1) != null) {
return matcher.group(i+1);
}
return "";
}).toArray();
stringList.add(MessageFormat.format(reorderIndex(format), params));
if (!matcher.group(1).isEmpty()) {
Object[] params = indexList.stream().map(i -> {
if (!matcher.group(i+1).isEmpty()) {
return matcher.group(i+1);
}
return "";
}).toArray();
stringList.add(MessageFormat.format(reorderIndex(format), params));
}
}
return stringList;
}
public List<String> getFormatString(AutomatonMatcher matcher, String format, String content) {
List<Integer> indexList = parseIndexesFromString(format);
public List<String> getFormatString(AutomatonMatcher matcher, String content) {
List<String> stringList = new ArrayList<>();
while (matcher.find()) {
Object[] params = indexList.stream().map(i -> getSubString(content, matcher.group(i))).toArray();
stringList.add(MessageFormat.format(reorderIndex(format), params));
String s = matcher.group(0);
if (!s.isEmpty()) {
stringList.add(getSubString(content, s));
}
}
return stringList;
@@ -262,14 +273,19 @@ public class DataProcessingUnit {
Matcher matcher = pattern.matcher(input);
while (matcher.find()) {
indexes.add(Integer.valueOf(matcher.group(1)));
String index = matcher.group(1);
if (!index.isEmpty()) {
indexes.add(Integer.valueOf(index));
}
}
return indexes;
}
private String getSubString(String content, String s) {
int startIndex = content.toLowerCase().indexOf(s);
byte[] contentByte = BurpExtender.helpers.stringToBytes(content);
byte[] sByte = BurpExtender.helpers.stringToBytes(s);
int startIndex = BurpExtender.helpers.indexOf(contentByte, sByte, false, 1, contentByte.length);
int endIndex = startIndex + s.length();
return content.substring(startIndex, endIndex);
}

30
src/main/java/burp/core/processor/MessageProcessor.java
View File

@@ -1,5 +1,6 @@
package burp.core.processor;
import burp.BurpExtender;
import burp.IExtensionHelpers;
import burp.IHttpRequestResponse;
import burp.IRequestInfo;
@@ -79,20 +80,29 @@ public class MessageProcessor {
Map<String, Map<String, Object>> obj;
IResponseInfo responseInfo = helpers.analyzeResponse(content);
try {
String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType().toLowerCase());
String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType().toLowerCase());
if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) {
return null;
}
} catch (Exception e) {
e.printStackTrace();
return null;
}
List<String> responseTmpHeaders = responseInfo.getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
int responseBodyOffset = responseInfo.getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
if (responseBody.length > 1) {
try {
// TODO: 需要加入文件头校验来排除静态二进制文件
String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType());
String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType());
if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType))
{
return null;
}
} catch (Exception e) {
e.printStackTrace();
return null;
}
} else {
return null;
}
obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host);
return getDataList(obj, actionFlag);