2021-06-10 22:59:27 +08:00
|
|
|
|
package burp;
|
|
|
|
|
|
|
2023-10-12 21:38:27 +08:00
|
|
|
|
import burp.core.processor.ColorProcessor;
|
|
|
|
|
|
import burp.core.processor.MessageProcessor;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
import burp.ui.MainUI;
|
2023-10-12 21:38:27 +08:00
|
|
|
|
import burp.ui.board.MessagePanel;
|
|
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
2023-10-18 00:42:46 +08:00
|
|
|
|
import java.util.*;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
import javax.swing.*;
|
|
|
|
|
|
import java.awt.*;
|
|
|
|
|
|
import java.io.PrintWriter;
|
2021-10-21 23:42:15 +08:00
|
|
|
|
import java.util.List;
|
2022-04-21 10:50:10 +08:00
|
|
|
|
import javax.swing.event.ChangeEvent;
|
|
|
|
|
|
import javax.swing.event.ChangeListener;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
|
2022-05-04 23:17:24 +08:00
|
|
|
|
/**
|
2022-04-08 17:21:40 +08:00
|
|
|
|
* @author EvilChen & 0chencc
|
2021-06-10 22:59:27 +08:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEditorTabFactory, ITab {
|
2023-10-12 21:38:27 +08:00
|
|
|
|
private MainUI main;
|
2022-06-23 15:34:22 +08:00
|
|
|
|
// stdout变成公开属性,便于其他类调用输出调试信息
|
|
|
|
|
|
public static PrintWriter stdout;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
private IBurpExtenderCallbacks callbacks;
|
|
|
|
|
|
private static IExtensionHelpers helpers;
|
2023-10-12 21:38:27 +08:00
|
|
|
|
ColorProcessor colorProcessor = new ColorProcessor();
|
|
|
|
|
|
MessageProcessor messageProcessor = new MessageProcessor();
|
|
|
|
|
|
private MessagePanel messagePanel;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
|
|
|
|
|
|
{
|
|
|
|
|
|
this.callbacks = callbacks;
|
|
|
|
|
|
BurpExtender.helpers = callbacks.getHelpers();
|
|
|
|
|
|
|
2023-10-18 00:42:46 +08:00
|
|
|
|
String version = "2.5.1";
|
2021-06-10 22:59:27 +08:00
|
|
|
|
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
2023-10-12 21:38:27 +08:00
|
|
|
|
|
2021-06-10 22:59:27 +08:00
|
|
|
|
// 定义输出
|
|
|
|
|
|
stdout = new PrintWriter(callbacks.getStdout(), true);
|
2023-10-12 21:38:27 +08:00
|
|
|
|
stdout.println("[ HACK THE WORLD - TO DO IT ]");
|
|
|
|
|
|
stdout.println("[#] Author: EvilChen & 0chencc");
|
|
|
|
|
|
stdout.println("[#] Github: https://github.com/gh0stkey/HaE");
|
|
|
|
|
|
|
2021-06-10 22:59:27 +08:00
|
|
|
|
// UI
|
2023-10-12 21:38:27 +08:00
|
|
|
|
SwingUtilities.invokeLater(new Runnable() {
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public void run() {
|
|
|
|
|
|
initialize();
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
2021-06-10 22:59:27 +08:00
|
|
|
|
|
|
|
|
|
|
callbacks.registerHttpListener(BurpExtender.this);
|
|
|
|
|
|
callbacks.registerMessageEditorTabFactory(BurpExtender.this);
|
2023-10-12 21:38:27 +08:00
|
|
|
|
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
2022-01-11 14:46:25 +08:00
|
|
|
|
|
2021-06-10 22:59:27 +08:00
|
|
|
|
private void initialize(){
|
2023-10-12 21:38:27 +08:00
|
|
|
|
messagePanel = new MessagePanel(callbacks, helpers);
|
|
|
|
|
|
main = new MainUI(messagePanel);
|
2021-06-10 22:59:27 +08:00
|
|
|
|
callbacks.customizeUiComponent(main);
|
|
|
|
|
|
callbacks.addSuiteTab(BurpExtender.this);
|
|
|
|
|
|
}
|
2022-01-11 14:46:25 +08:00
|
|
|
|
|
2021-06-10 22:59:27 +08:00
|
|
|
|
@Override
|
|
|
|
|
|
public String getTabCaption(){
|
|
|
|
|
|
return "HaE";
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public Component getUiComponent() {
|
|
|
|
|
|
return main;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-04 23:17:24 +08:00
|
|
|
|
/**
|
2021-06-10 22:59:27 +08:00
|
|
|
|
* 使用processHttpMessage用来做Highlighter
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
|
|
|
|
|
|
// 判断是否是响应,且该代码作用域为:REPEATER、INTRUDER、PROXY(分别对应toolFlag 64、32、4)
|
|
|
|
|
|
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
|
2021-10-21 23:42:15 +08:00
|
|
|
|
byte[] content;
|
2023-10-12 21:38:27 +08:00
|
|
|
|
|
2021-06-10 22:59:27 +08:00
|
|
|
|
if (messageIsRequest) {
|
2021-10-21 23:42:15 +08:00
|
|
|
|
content = messageInfo.getRequest();
|
2021-06-10 22:59:27 +08:00
|
|
|
|
} else {
|
2021-10-21 23:42:15 +08:00
|
|
|
|
content = messageInfo.getResponse();
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
2022-01-11 14:46:25 +08:00
|
|
|
|
|
2022-06-23 15:34:22 +08:00
|
|
|
|
IHttpService iHttpService = null;
|
2023-10-12 21:38:27 +08:00
|
|
|
|
|
2023-10-18 00:42:46 +08:00
|
|
|
|
String host = "";
|
|
|
|
|
|
|
2022-06-23 15:34:22 +08:00
|
|
|
|
try {
|
|
|
|
|
|
iHttpService = messageInfo.getHttpService();
|
2023-10-18 00:42:46 +08:00
|
|
|
|
host = iHttpService.getHost();
|
2022-06-23 15:34:22 +08:00
|
|
|
|
} catch (Exception ignored) {
|
|
|
|
|
|
}
|
2023-10-12 21:38:27 +08:00
|
|
|
|
|
2023-10-18 00:42:46 +08:00
|
|
|
|
if (Objects.equals(host, "")) {
|
|
|
|
|
|
List<String> requestTmpHeaders = helpers.analyzeRequest(content).getHeaders();
|
|
|
|
|
|
host = requestTmpHeaders.get(1).split(":")[1].trim();
|
|
|
|
|
|
}
|
2022-06-23 15:34:22 +08:00
|
|
|
|
|
2023-10-12 21:38:27 +08:00
|
|
|
|
List<Map<String, String>> result = null;
|
|
|
|
|
|
try {
|
|
|
|
|
|
result = messageProcessor.processMessage(helpers, content, messageIsRequest, true, host);
|
|
|
|
|
|
} catch (NoSuchAlgorithmException e) {
|
|
|
|
|
|
throw new RuntimeException(e);
|
|
|
|
|
|
}
|
|
|
|
|
|
String resComment = "";
|
|
|
|
|
|
String resColor = "";
|
|
|
|
|
|
String originalColor = messageInfo.getHighlight();
|
|
|
|
|
|
String originalComment = messageInfo.getComment();
|
2021-10-21 23:42:15 +08:00
|
|
|
|
if (result != null && !result.isEmpty() && result.size() > 0) {
|
|
|
|
|
|
List<String> colorList = new ArrayList<>();
|
2022-06-23 15:34:22 +08:00
|
|
|
|
|
2021-10-21 23:42:15 +08:00
|
|
|
|
if (originalColor != null) {
|
|
|
|
|
|
colorList.add(originalColor);
|
|
|
|
|
|
}
|
2022-06-23 15:34:22 +08:00
|
|
|
|
|
2022-04-08 17:21:40 +08:00
|
|
|
|
colorList.add(result.get(0).get("color"));
|
2023-10-12 21:38:27 +08:00
|
|
|
|
resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
|
|
|
|
|
|
messageInfo.setHighlight(resColor);
|
2022-09-20 10:33:00 +08:00
|
|
|
|
|
2022-04-08 17:21:40 +08:00
|
|
|
|
String addComment = String.join(", ", result.get(1).get("comment"));
|
2023-10-18 00:42:46 +08:00
|
|
|
|
String allComment = !Objects.equals(originalComment, "") ? String.format("%s, %s", originalComment, addComment) : addComment;
|
|
|
|
|
|
resComment = mergeComment(allComment);
|
2023-10-18 15:17:45 +08:00
|
|
|
|
messageInfo.setComment(resComment);
|
2021-09-12 15:23:54 +08:00
|
|
|
|
}
|
2023-10-12 21:38:27 +08:00
|
|
|
|
|
|
|
|
|
|
String endComment = resComment.isEmpty() ? originalComment : resComment;
|
|
|
|
|
|
String endColor = resColor.isEmpty() ? originalColor : resColor;
|
|
|
|
|
|
|
2023-10-18 00:42:46 +08:00
|
|
|
|
if (!messageIsRequest && !Objects.equals(endComment, "") && !Objects.equals(endColor, "")) {
|
2023-10-12 21:38:27 +08:00
|
|
|
|
messagePanel.add(messageInfo, endComment, String.valueOf(content.length), endColor);
|
|
|
|
|
|
}
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-10-18 00:42:46 +08:00
|
|
|
|
private String mergeComment(String comment) {
|
2023-10-18 15:14:33 +08:00
|
|
|
|
if (!comment.contains("(") || !comment.contains(")")) {
|
|
|
|
|
|
// 没有括号的情况,直接返回原始Comment
|
|
|
|
|
|
return comment;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-10-18 00:42:46 +08:00
|
|
|
|
Map<String, Integer> itemCounts = new HashMap<>();
|
|
|
|
|
|
String[] items = comment.split(", ");
|
|
|
|
|
|
|
|
|
|
|
|
for (String item : items) {
|
2023-10-18 15:14:33 +08:00
|
|
|
|
int openParenIndex = item.lastIndexOf("(");
|
|
|
|
|
|
int closeParenIndex = item.lastIndexOf(")");
|
|
|
|
|
|
String itemName = item.substring(0, openParenIndex).trim();
|
|
|
|
|
|
int count = Integer.parseInt(item.substring(openParenIndex + 1, closeParenIndex).trim());
|
2023-10-18 00:42:46 +08:00
|
|
|
|
itemCounts.put(itemName, itemCounts.getOrDefault(itemName, 0) + count);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
StringBuilder mergedItems = new StringBuilder();
|
|
|
|
|
|
|
|
|
|
|
|
for (Map.Entry<String, Integer> entry : itemCounts.entrySet()) {
|
|
|
|
|
|
String itemName = entry.getKey();
|
|
|
|
|
|
int count = entry.getValue();
|
|
|
|
|
|
|
|
|
|
|
|
mergedItems.append(itemName).append(" (").append(count).append("), ");
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return mergedItems.substring(0, mergedItems.length() - 2);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-10 22:59:27 +08:00
|
|
|
|
class MarkInfoTab implements IMessageEditorTab {
|
2022-04-08 17:21:40 +08:00
|
|
|
|
private final JTabbedPane jTabbedPane = new JTabbedPane();
|
2022-04-21 10:50:10 +08:00
|
|
|
|
private JTable jTable = new JTable();
|
2021-06-10 22:59:27 +08:00
|
|
|
|
private final IMessageEditorController controller;
|
2022-04-08 17:21:40 +08:00
|
|
|
|
private Map<String, String> extractRequestMap;
|
|
|
|
|
|
private Map<String, String> extractResponseMap;
|
2022-06-29 15:17:42 +08:00
|
|
|
|
private ArrayList<String> titleList = new ArrayList<>();
|
2021-06-10 22:59:27 +08:00
|
|
|
|
|
|
|
|
|
|
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
|
|
|
|
|
|
this.controller = controller;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public String getTabCaption() {
|
|
|
|
|
|
return "MarkInfo";
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public Component getUiComponent() {
|
2022-04-21 10:50:10 +08:00
|
|
|
|
jTabbedPane.addChangeListener(new ChangeListener() {
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public void stateChanged(ChangeEvent arg0) {
|
|
|
|
|
|
jTable = (JTable) ((JScrollPane)jTabbedPane.getSelectedComponent()).getViewport().getView();
|
|
|
|
|
|
}
|
|
|
|
|
|
});
|
2022-04-08 17:21:40 +08:00
|
|
|
|
return this.jTabbedPane;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public boolean isEnabled(byte[] content, boolean isRequest) {
|
2023-10-12 21:38:27 +08:00
|
|
|
|
List<Map<String, String>> result = null;
|
2023-10-18 00:42:46 +08:00
|
|
|
|
|
2023-10-12 21:38:27 +08:00
|
|
|
|
try {
|
|
|
|
|
|
result = messageProcessor.processMessage(helpers, content, isRequest, false, "");
|
|
|
|
|
|
} catch (NoSuchAlgorithmException e) {
|
|
|
|
|
|
throw new RuntimeException(e);
|
|
|
|
|
|
}
|
2022-12-18 16:12:16 +08:00
|
|
|
|
|
2021-10-21 23:42:15 +08:00
|
|
|
|
if (result != null && !result.isEmpty()) {
|
2022-04-08 17:21:40 +08:00
|
|
|
|
Map<String, String> dataMap = result.get(0);
|
2021-10-21 23:42:15 +08:00
|
|
|
|
if (isRequest) {
|
2022-04-08 17:21:40 +08:00
|
|
|
|
extractRequestMap = dataMap;
|
2021-10-21 23:42:15 +08:00
|
|
|
|
} else {
|
2022-04-08 17:21:40 +08:00
|
|
|
|
extractResponseMap = dataMap;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
2021-10-21 23:42:15 +08:00
|
|
|
|
return true;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public byte[] getMessage() {
|
2022-04-21 10:50:10 +08:00
|
|
|
|
return null;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public boolean isModified() {
|
2022-04-08 17:21:40 +08:00
|
|
|
|
return false;
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-04 23:17:24 +08:00
|
|
|
|
/**
|
2022-05-04 22:47:28 +08:00
|
|
|
|
* 快捷键复制功能
|
|
|
|
|
|
*/
|
2021-06-10 22:59:27 +08:00
|
|
|
|
@Override
|
|
|
|
|
|
public byte[] getSelectedData() {
|
2022-04-21 10:50:10 +08:00
|
|
|
|
int[] selectRows = jTable.getSelectedRows();
|
|
|
|
|
|
StringBuilder selectData = new StringBuilder();
|
|
|
|
|
|
for (int row : selectRows) {
|
|
|
|
|
|
selectData.append(jTable.getValueAt(row, 0).toString()).append("\n");
|
|
|
|
|
|
}
|
2022-05-12 11:00:55 +08:00
|
|
|
|
// 便于单行复制,去除最后一个换行符
|
|
|
|
|
|
String revData = selectData.reverse().toString().replaceFirst("\n", "");
|
|
|
|
|
|
StringBuilder retData = new StringBuilder(revData).reverse();
|
|
|
|
|
|
return helpers.stringToBytes(retData.toString());
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-04 23:17:24 +08:00
|
|
|
|
/**
|
2021-06-10 22:59:27 +08:00
|
|
|
|
* 使用setMessage用来做Extractor
|
|
|
|
|
|
*/
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public void setMessage(byte[] content, boolean isRequest) {
|
|
|
|
|
|
if (content.length > 0) {
|
|
|
|
|
|
if (isRequest) {
|
2022-04-08 17:21:40 +08:00
|
|
|
|
makeTable(extractRequestMap);
|
2021-06-10 22:59:27 +08:00
|
|
|
|
} else {
|
2022-04-08 17:21:40 +08:00
|
|
|
|
makeTable(extractResponseMap);
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2022-04-08 17:21:40 +08:00
|
|
|
|
|
2022-05-04 23:17:24 +08:00
|
|
|
|
/**
|
2022-05-04 22:47:28 +08:00
|
|
|
|
* 创建MarkInfo表单
|
|
|
|
|
|
*/
|
2022-04-08 17:21:40 +08:00
|
|
|
|
public void makeTable(Map<String, String> dataMap) {
|
2022-06-29 15:17:42 +08:00
|
|
|
|
ArrayList<String> lTitleList = new ArrayList<>();
|
2022-04-08 17:21:40 +08:00
|
|
|
|
dataMap.keySet().forEach(i->{
|
|
|
|
|
|
String[] extractData = dataMap.get(i).split("\n");
|
|
|
|
|
|
Object[][] data = new Object[extractData.length][1];
|
|
|
|
|
|
for (int x = 0; x < extractData.length; x++) {
|
|
|
|
|
|
data[x][0] = extractData[x];
|
|
|
|
|
|
}
|
2023-09-27 23:55:02 +08:00
|
|
|
|
JTable infoTable = new JTable(data, new Object[]{"Information"});
|
|
|
|
|
|
infoTable.setAutoCreateRowSorter(true);
|
|
|
|
|
|
JScrollPane jScrollPane = new JScrollPane(infoTable);
|
|
|
|
|
|
|
2022-06-29 15:17:42 +08:00
|
|
|
|
lTitleList.add(i);
|
2022-05-04 22:51:58 +08:00
|
|
|
|
this.jTabbedPane.addTab(i, jScrollPane);
|
2022-06-29 15:17:42 +08:00
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
* 使用removeAll会导致MarkInfo UI出现空白的情况,为了改善用户侧体验,采用remove的方式进行删除;
|
|
|
|
|
|
* 采用全局ArrayList的方式遍历删除Tab,以此应对BurpSuite缓存机制导致的MarkInfo UI错误展示。
|
|
|
|
|
|
*/
|
|
|
|
|
|
titleList.forEach(t->{
|
|
|
|
|
|
int indexOfTab = this.jTabbedPane.indexOfTab(t);
|
2022-05-04 22:47:28 +08:00
|
|
|
|
if (indexOfTab != -1) {
|
2022-06-29 15:17:42 +08:00
|
|
|
|
this.jTabbedPane.removeTabAt(indexOfTab);
|
2022-05-04 22:47:28 +08:00
|
|
|
|
}
|
2022-04-08 17:21:40 +08:00
|
|
|
|
});
|
2022-06-29 15:17:42 +08:00
|
|
|
|
|
|
|
|
|
|
titleList = lTitleList;
|
2022-04-08 17:21:40 +08:00
|
|
|
|
}
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
|
2021-09-07 22:09:42 +08:00
|
|
|
|
return new MarkInfoTab(controller, editable);
|
2021-06-10 22:59:27 +08:00
|
|
|
|
}
|
2023-10-18 15:14:33 +08:00
|
|
|
|
}
|
