admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rebuild code and add default filter.

Browse Source
This commit is contained in:
AnonymousUser
2020-11-27 03:48:28 +08:00
parent 7b5027a528
commit 2ce57f8ee1
12 changed files with 464 additions and 272 deletions
Download Patch File Download Diff File Expand all files Collapse all files

371
burp/BurpExtender.java
View File

@@ -7,8 +7,16 @@ import java.util.*;
import org.json.*;
import jregex.Matcher;
import jregex.Pattern;
import burp.action.DoAction;
import burp.action.ExtractContent;
import burp.action.MatchHTTP;
import burp.color.GetColorKey;
import burp.color.UpgradeColor;
import burp.file.FileExists;
import burp.file.ReadFile;
import burp.file.RemoveContent;
import burp.file.WriteFile;
import burp.ui.FillTable;
import javax.swing.JFrame;
import javax.swing.JOptionPane;
@@ -20,12 +28,7 @@ import javax.swing.table.DefaultTableModel;
import javax.swing.JPanel;
import javax.swing.JButton;
import java.awt.event.ActionListener;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.awt.event.ActionEvent;
import javax.swing.JCheckBox;
import javax.swing.JComboBox;
@@ -48,28 +51,37 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
private JTable table;
private JTextField textField;
private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers;
private static String configFilePath = "config.json";
private static String initFilePath = "init.hae";
private static String initConfigContent = "{\"Email\":{\"loaded\":true,\"scope\":\"response\",\"regex\":\"([\\\\w-]+(?:\\\\.[\\\\w-]+)*@(?:[\\\\w](?:[\\\\w-]*[\\\\w])?\\\\.)+[\\\\w](?:[\\\\w-]*[\\\\w])?)\",\"action\":\"any\",\"color\":\"yellow\"}}";
private static String endColor = "";
private static String[] colorArray = new String[] {"red", "orange", "yellow", "green", "cyan", "blue", "pink", "magenta", "gray"};
private static String[] scopeArray = new String[] {"any", "response", "request"};
private static String[] actionArray = new String[] {"any", "extract", "highight"};
private static IMessageEditorTab HaETab;
private static PrintWriter stdout;
ReadFile rf = new ReadFile();
WriteFile wfc = new WriteFile();
FileExists fe = new FileExists();
RemoveContent rc = new RemoveContent();
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
ExtractContent ec = new ExtractContent();
MatchHTTP mh = new MatchHTTP();
FillTable ft = new FillTable();
DoAction da = new DoAction();
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
{
this.callbacks = callbacks;
this.helpers = callbacks.getHelpers();
// 设置插件名字和版本
String version = "1.4.2";
String version = "1.5";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@Author: EvilChen");
stdout.println("@Blog: cn.gh0st.cn");
// UI
SwingUtilities.invokeLater(new Runnable() {
@@ -77,20 +89,20 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
public void run() {
// 判断"config.json"文件是否具备内容,如若不具备则进行初始化
if (configFilePath.equals("config.json")) {
if (readFileContent(configFilePath).equals("")) {
writeFileContent(configFilePath, initConfigContent);
writeFileContent(initFilePath, configFilePath);
if (rf.readFileContent(configFilePath).equals("")) {
wfc.writeFileContent(configFilePath, Config.initConfigContent);
wfc.writeFileContent(initFilePath, configFilePath);
}
}
// 判断配置文件是否存在
if (fileExists(configFilePath)) {
configFilePath = readFileContent(initFilePath);
if (fe.fileExists(configFilePath)) {
configFilePath = rf.readFileContent(initFilePath);
} else {
JOptionPane.showMessageDialog(null, "Config File Not Found!", "Error", JOptionPane.ERROR_MESSAGE);
}
initialize();
fillTable();
ft.fillTable(configFilePath, table);
}
});
@@ -129,8 +141,8 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
File file = jfc.getSelectedFile();
textField.setText(file.getAbsolutePath());
configFilePath = textField.getText();
writeFileContent(initFilePath, configFilePath);
fillTable();
wfc.writeFileContent(initFilePath, configFilePath);
ft.fillTable(configFilePath, table);
}
});
panel_3.add(btnNewButton);
@@ -146,7 +158,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
JButton btnReloadRule = new JButton("Reload");
btnReloadRule.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
fillTable();
ft.fillTable(configFilePath, table);
}
});
panel_1.add(btnReloadRule);
@@ -177,7 +189,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
// 在配置文件中删除数据
String cellValue = (String) dtm.getValueAt(selectedRowIndex, 1);
// System.out.println(cellValue);
removeConfig(cellValue);
rc.removeFileContent(cellValue, configFilePath);
// 在表格中删除数据
dtm.removeRow(selectedRowIndex);
@@ -200,10 +212,10 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
scrollPane.setViewportView(table);
table.getColumnModel().getColumn(2).setPreferredWidth(172);
table.getColumnModel().getColumn(3).setCellEditor(new DefaultCellEditor(new JComboBox(colorArray)));
table.getColumnModel().getColumn(3).setCellEditor(new DefaultCellEditor(new JComboBox(Config.colorArray)));
table.getColumnModel().getColumn(0).setCellEditor(new DefaultCellEditor(new JCheckBox()));
table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JComboBox(scopeArray)));
table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JComboBox(actionArray)));
table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JComboBox(Config.scopeArray)));
table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JComboBox(Config.actionArray)));
JLabel lblNewLabel = new JLabel("@EvilChen Love YuChen.");
lblNewLabel.setHorizontalAlignment(SwingConstants.CENTER);
@@ -229,20 +241,20 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
jsonObj.put((String) dtm.getValueAt(i, 1), jsonObj1);
}
writeFileContent(configFilePath, jsonObj.toString());
wfc.writeFileContent(configFilePath, jsonObj.toString());
}
}
}
);
callbacks.customizeUiComponent(panel);
callbacks.customizeUiComponent(panel_1);
callbacks.customizeUiComponent(panel_2);
callbacks.customizeUiComponent(panel_3);
callbacks.customizeUiComponent(scrollPane);
callbacks.addSuiteTab(BurpExtender.this);
}
@Override
@@ -269,28 +281,40 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
JSONObject jsonObj = new JSONObject();
byte[] content = messageInfo.getRequest();
// 流量清洗
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), content).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return;
}
if (messageIsRequest) {
byte[] content = messageInfo.getRequest();
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
jsonObj = matchRegex(content, "request", "highlight");
jsonObj = ec.matchRegex(content, "request", "highlight", configFilePath);
} else {
byte[] content = messageInfo.getResponse();
content = messageInfo.getResponse();
// 流量清洗
List<String> mimeList = helpers.analyzeResponse(content).getHeaders();
// 正则判断
if (mh.matchMIME(mimeList)) {
return;
}
try {
String c = new String(content, "UTF-8").intern();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
jsonObj = matchRegex(content, "response", "highlight");
jsonObj = ec.matchRegex(content, "response", "highlight", configFilePath);
}
List<String> colorList = highlightList(jsonObj);
List<String> colorList = da.highlightList(jsonObj);
if (colorList.size() != 0) {
colorUpgrade(getColorKeys(colorList));
String color = endColor;
String color = uc.getEndColor(gck.getColorKeys(colorList, Config.colorArray), Config.colorArray);;
messageInfo.setHighlight(color);
}
}
@@ -300,8 +324,12 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
class MarkInfoTab implements IMessageEditorTab {
private ITextEditor markInfoText;
private byte[] currentMessage;
private final IMessageEditorController controller;
private byte[] extractRequestContent;
private byte[] extractResponseContent;
public MarkInfoTab(IMessageEditorController controller, boolean editable) {
this.controller = controller;
markInfoText = callbacks.createTextEditor();
markInfoText.setEditable(editable);
}
@@ -318,10 +346,39 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
@Override
public boolean isEnabled(byte[] content, boolean isRequest) {
if (isRequest && matchRegex(content, "request", "extract").length() != 0) {
return true;
} else if (!isRequest && matchRegex(content, "response", "extract").length() != 0) {
return true;
try {
// 流量清洗
String urlString = helpers.analyzeRequest(controller.getHttpService(), controller.getRequest()).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return false;
}
} catch (Exception e) {
return false;
}
if (isRequest) {
JSONObject jsonObj = ec.matchRegex(content, "request", "extract", configFilePath);
if (jsonObj.length() != 0) {
String result = da.extractString(jsonObj);
extractRequestContent = result.getBytes();
return true;
}
} else {
// 流量清洗
List<String> mimeList = helpers.analyzeResponse(controller.getResponse()).getHeaders();
// 正则判断
if (mh.matchMIME(mimeList)) {
return false;
}
JSONObject jsonObj = ec.matchRegex(content, "response", "extract", configFilePath);
if (jsonObj.length() != 0) {
String result = da.extractString(jsonObj);
extractResponseContent = result.getBytes();
return true;
}
}
return false;
}
@@ -353,246 +410,16 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
}
if (content.length > 0) {
if (isRequest) {
JSONObject jsonObj = matchRegex(content, "request", "extract");
if (jsonObj.length() != 0) {
String result = extractString(jsonObj);
markInfoText.setText(result.getBytes());
}
markInfoText.setText(extractRequestContent);
} else {
JSONObject jsonObj = matchRegex(content, "response", "extract");
if (jsonObj.length() != 0) {
String result = extractString(jsonObj);
markInfoText.setText(result.getBytes());
}
markInfoText.setText(extractResponseContent);
}
}
currentMessage = content;
}
}
private String extractString(JSONObject jsonObj) {
String result = "";
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
String tmpStr = String.format("[%s]\n%s\n\n", name, jsonObj1.getString("data")).intern();
result += tmpStr;
}
return result;
}
private List<String> highlightList(JSONObject jsonObj) {
List<String> colorList = new ArrayList<String>();
Iterator<String> k = jsonObj.keys();
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj2 = new JSONObject(jsonObj.get(name).toString());
colorList.add(jsonObj2.getString("color"));
}
return colorList;
}
private JSONObject matchRegex(byte[] content, String scopeString, String actionString) {
JSONObject tabContent = new JSONObject();
// 正则匹配提取内容
try {
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String contentString = new String(content, "UTF-8").intern();
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
JSONObject jsonData = new JSONObject();
String regex = jsonObj1.getString("regex");
boolean isLoaded = jsonObj1.getBoolean("loaded");
String scope = jsonObj1.getString("scope");
String action = jsonObj1.getString("action");
String color = jsonObj1.getString("color");
List<String> result = new ArrayList<String>();
if(isLoaded && (scope.equals(scopeString) || scope.equals("any")) && (action.equals(actionString) || action.equals("any"))) {
Pattern pattern = new Pattern(regex);
Matcher matcher = pattern.matcher(contentString);
while (matcher.find()) {
// 添加匹配数据至list
// 强制用户使用()包裹正则
result.add(matcher.group(1));
}
// 去除重复内容
HashSet tmpList = new HashSet(result);
result.clear();
result.addAll(tmpList);
if (!result.isEmpty()) {
jsonData.put("color", color);
jsonData.put("data", String.join("\n", result));
jsonData.put("loaded", isLoaded);
// 初始化格式
tabContent.put(name, jsonData);
}
}
}
} catch (Exception e) {}
return tabContent;
}
/*
* 颜色下标获取
*/
private List<Integer> getColorKeys(List<String> keys){
List<Integer> result = new ArrayList<Integer>();
int size = colorArray.length;
// 根据颜色获取下标
for (int x = 0; x < keys.size(); x++) {
for (int v = 0; v < size; v++) {
if (colorArray[v].equals(keys.get(x))) {
result.add(v);
}
}
}
return result;
}
/*
* 颜色升级递归算法
*/
private static String colorUpgrade(List<Integer> colorList) {
int colorSize = colorList.size();
colorList.sort(Comparator.comparingInt(Integer::intValue));
int i = 0;
List<Integer> stack = new ArrayList<Integer>();
while (i < colorSize) {
if (stack.isEmpty()) {
stack.add(colorList.get(i));
i++;
} else {
if (colorList.get(i) != stack.stream().reduce((first, second) -> second).orElse(99999999)) {
stack.add(colorList.get(i));
i++;
} else {
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1);
i++;
}
}
}
// 利用HashSet删除重复元素
HashSet tmpList = new HashSet(stack);
if (stack.size() == tmpList.size()) {
stack.sort(Comparator.comparingInt(Integer::intValue));
if(stack.get(0).equals(-1)) {
endColor = colorArray[0];
} else {
endColor = colorArray[stack.get(0)];
}
} else {
colorUpgrade(stack);
}
return "";
}
/*
* 判断文件是否存在
*/
private Boolean fileExists(String fileName) {
File file = new File(fileName);
if(file.exists()){
return true;
}
return false;
}
/*
* 获取文件内容
*/
private String readFileContent(String fileName) {
File file = new File(fileName);
BufferedReader reader = null;
StringBuffer sbf = new StringBuffer();
try {
reader = new BufferedReader(new FileReader(file));
String tempStr;
while ((tempStr = reader.readLine()) != null) {
sbf.append(tempStr);
}
reader.close();
return sbf.toString();
} catch (IOException e) {
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException err) {
err.printStackTrace();
}
}
}
return sbf.toString();
}
/*
* 写入文件内容
*/
private boolean writeFileContent(String fileName, String fileContent) {
try {
BufferedWriter out = new BufferedWriter(new FileWriter(fileName));
out.write(fileContent);
out.close();
return true;
} catch (IOException e) {
stdout.println(e);
return false;
}
}
/*
* 删除单条配置内容
*/
private void removeConfig(String key) {
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
jsonObj.remove(key);
if (writeFileContent(configFilePath, jsonObj.toString())) {
JOptionPane.showMessageDialog(null, "Delete Successfully!", "Info", JOptionPane.INFORMATION_MESSAGE);
}
}
/*
* 初始化表格内容
*/
private void fillTable() {
DefaultTableModel dtm=(DefaultTableModel) table.getModel();
dtm.setRowCount(0);
String jsonStr = readFileContent(configFilePath);
JSONObject jsonObj = new JSONObject(jsonStr);
Iterator<String> k = jsonObj.keys();
// 遍历json数组
while (k.hasNext()) {
String name = k.next();
JSONObject jsonObj1 = new JSONObject(jsonObj.get(name).toString());
boolean loaded = jsonObj1.getBoolean("loaded");
String regex = jsonObj1.getString("regex");
String color = jsonObj1.getString("color");
String scope = jsonObj1.getString("scope");
String action = jsonObj1.getString("action");
// 填充数据
Vector rules = new Vector();
rules.add(loaded);
rules.add(name);
rules.add(regex);
rules.add(color);
rules.add(scope);
rules.add(action);
dtm.addRow(rules);
}
}
public static void main(String[] args) {
}