From 43fbc46b65908d7ea1bcfe77eaf4b94003c583fe Mon Sep 17 00:00:00 2001 From: AnonymousUser Date: Tue, 6 Jul 2021 18:33:11 +0800 Subject: [PATCH] Version: 2.0.5 Fixed Bug --- src/main/java/burp/BurpExtender.java | 55 +++++++++++-------- src/main/java/burp/action/ExtractContent.java | 2 +- 2 files changed, 33 insertions(+), 24 deletions(-) diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index f4d6515..82a34f2 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -33,7 +33,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito this.callbacks = callbacks; BurpExtender.helpers = callbacks.getHelpers(); - String version = "2.0.4"; + String version = "2.0.5"; callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version)); // 定义输出 stdout = new PrintWriter(callbacks.getStdout(), true); @@ -74,15 +74,6 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) { Map> obj; byte[] content = messageInfo.getRequest(); - // 获取报文头 - List tmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders(); - String headers = String.join("\n", tmpHeaders); - - // 获取报文主体 - int bodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), content).getBodyOffset(); - byte[] byteRequest = messageInfo.getRequest(); - byte[] body = Arrays.copyOfRange(byteRequest, bodyOffset, byteRequest.length); - // 流量清洗 String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), content).getUrl().toString(); urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString; @@ -93,10 +84,28 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito } if (messageIsRequest) { - obj = ec.matchRegex(content, headers, body, "request"); + // 获取报文头 + List requestTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders(); + String requestHeaders = String.join("\n", requestTmpHeaders); + + // 获取报文主体 + int requestBodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), content).getBodyOffset(); + byte[] byteRequest = messageInfo.getRequest(); + byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length); + + obj = ec.matchRegex(content, requestHeaders, requestBody, "request"); } else { + // 获取报文头 + List responseTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders(); + String responseHeaders = String.join("\n", responseTmpHeaders); + + // 获取报文主体 + int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset(); + byte[] byteResponse = messageInfo.getResponse(); + byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length); + content = messageInfo.getResponse(); - obj = ec.matchRegex(content, headers, body, "response"); + obj = ec.matchRegex(content, responseHeaders, responseBody, "response"); } List colorList = da.highlightList(obj); @@ -149,14 +158,14 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito } // 获取报文头 - List tmpHeaders = helpers.analyzeRequest(controller.getHttpService(), content).getHeaders(); - String headers = String.join("\n", tmpHeaders); + List requestTmpHeaders = helpers.analyzeRequest(controller.getHttpService(), content).getHeaders(); + String requestHeaders = String.join("\n", requestTmpHeaders); // 获取报文主体 - int bodyOffset = helpers.analyzeRequest(controller.getHttpService(), content).getBodyOffset(); + int requestBodyOffset = helpers.analyzeRequest(controller.getHttpService(), content).getBodyOffset(); byte[] byteRequest = controller.getRequest(); - byte[] body = Arrays.copyOfRange(byteRequest, bodyOffset, byteRequest.length); + byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length); - obj = ec.matchRegex(content, headers, body, "request"); + obj = ec.matchRegex(content, requestHeaders, requestBody, "request"); if (obj.size() > 0) { String result = da.extractString(obj); extractRequestContent = result.getBytes(); @@ -165,14 +174,14 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito } else { // 获取报文头 - List tmpHeaders1 = helpers.analyzeResponse(content).getHeaders(); - String headers1 = String.join("\n", tmpHeaders1); + List responseTmpHeaders = helpers.analyzeResponse(content).getHeaders(); + String responseHeaders = String.join("\n", responseTmpHeaders); // 获取报文主体 - int bodyOffset1 = helpers.analyzeResponse(content).getBodyOffset(); - byte[] byteRequest1 = controller.getResponse(); - byte[] body = Arrays.copyOfRange(byteRequest1, bodyOffset1, byteRequest1.length); + int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset(); + byte[] byteResponse = controller.getResponse(); + byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length); - obj = ec.matchRegex(content, headers1, body, "response"); + obj = ec.matchRegex(content, responseHeaders, responseBody, "response"); if (obj.size() > 0) { String result = da.extractString(obj); extractResponseContent = result.getBytes(); diff --git a/src/main/java/burp/action/ExtractContent.java b/src/main/java/burp/action/ExtractContent.java index 97e7aec..db7a502 100644 --- a/src/main/java/burp/action/ExtractContent.java +++ b/src/main/java/burp/action/ExtractContent.java @@ -28,7 +28,7 @@ public class ExtractContent { String matchContent = ""; for (Object[] objects : rules.get(i)) { // 遍历获取规则 - List result = new ArrayList(); + List result = new ArrayList<>(); Map tmpMap = new HashMap<>(); String name = objects[1].toString();