Version: 2.5.8 Update

2023-11-16 19:33:38 +08:00
parent d3ab207825
commit 548315e163
6 changed files with 110 additions and 88 deletions
--- a/src/main/java/burp/BurpExtender.java
+++ b/src/main/java/burp/BurpExtender.java
@@ -9,7 +9,6 @@ import burp.ui.board.MessagePanel;
 import java.beans.PropertyChangeEvent;
 import java.beans.PropertyChangeListener;
 import java.net.URL;
 import java.security.NoSuchAlgorithmException;
 import java.util.*;
 import javax.swing.*;
 import java.awt.*;
@@ -39,7 +38,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
        new ConfigLoader();
-        String version = "2.5.7";
+        String version = "2.5.8";
        callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
        // 定义输出
@@ -140,23 +139,18 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
            }
            if (Objects.equals(host, "")) {
-                List<String> requestTmpHeaders = helpers.analyzeRequest(content).getHeaders();
+                host = helpers.analyzeRequest(content).getUrl().getHost();
                host = requestTmpHeaders.get(1).split(":")[1].trim();
            }
            List<Map<String, String>> result = null;
            try {
                result = messageProcessor.processMessage(helpers, content, messageIsRequest, true, host);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
            String resComment = "";
            String resColor = "";
            String originalColor = messageInfo.getHighlight();
            String originalComment = messageInfo.getComment();
            if (!messageIsRequest) {
                try {
                    result = messageProcessor.processMessage(helpers, messageInfo, host, true);
                    if (result != null && !result.isEmpty() && result.size() > 0) {
                        List<String> colorList = new ArrayList<>();
@@ -165,21 +159,21 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
                        }
                        colorList.add(result.get(0).get("color"));
-                resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
+                        String resColor = colorProcessor.retrieveFinalColor(colorProcessor.retrieveColorIndices(colorList));
                        messageInfo.setHighlight(resColor);
                        String addComment = String.join(", ", result.get(1).get("comment"));
                        String allComment = !Objects.equals(originalComment, "") ? String.format("%s, %s", originalComment, addComment) : addComment;
-                resComment = mergeComment(allComment);
+                        String resComment = mergeComment(allComment);
                        messageInfo.setComment(resComment);
                        messagePanel.add(messageInfo, resComment, String.valueOf(content.length), resColor);
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            String endComment = resComment.isEmpty() ? originalComment : resComment;
            String endColor = resColor.isEmpty() ? originalColor : resColor;
            if (!messageIsRequest && !Objects.equals(endComment, "") && !Objects.equals(endColor, "")) {
                messagePanel.add(messageInfo, endComment, String.valueOf(content.length), endColor);
            }
        }
    }
@@ -250,9 +244,13 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
            List<Map<String, String>> result = null;
            try {
-                result = messageProcessor.processMessage(helpers, content, isRequest, false, "");
+                if (isRequest) {
-            } catch (NoSuchAlgorithmException e) {
+                    result = messageProcessor.processRequestMessage(helpers, content, "", false);
-                throw new RuntimeException(e);
+                } else {
                    result = messageProcessor.processResponseMessage(helpers, content, "", false);
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
            if (result != null && !result.isEmpty()) {
@@ -264,6 +262,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
                }
                return true;
            }
            return false;
        }
--- a/src/main/java/burp/core/processor/DataProcessingUnit.java
+++ b/src/main/java/burp/core/processor/DataProcessingUnit.java
@@ -132,7 +132,7 @@ public class DataProcessingUnit {
                            tmpMap.put("data", dataStr);
                            finalMap.put(nameAndSize, tmpMap);
                            // 添加到全局变量中，便于Databoard检索
-                            if (!Objects.equals(host, "")) {
+                            if (!Objects.equals(host, "") && host != null) {
                                List<String> dataList = Arrays.asList(dataStr.split("\n"));
                                if (ConfigEntry.globalDataMap.containsKey(host)) {
                                    Map<String, List<String>> gRuleMap = new HashMap<>(ConfigEntry.globalDataMap.get(host));
--- a/src/main/java/burp/core/processor/MessageProcessor.java
+++ b/src/main/java/burp/core/processor/MessageProcessor.java
@@ -1,10 +1,10 @@
 package burp.core.processor;
 import burp.IExtensionHelpers;
 import burp.IHttpRequestResponse;
 import burp.IRequestInfo;
 import burp.IResponseInfo;
 import burp.core.utils.MatchTool;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -12,16 +12,27 @@ import java.util.List;
 import java.util.Map;
 public class MessageProcessor {
-    MatchTool matcher = new MatchTool();
+    private MatchTool matcher = new MatchTool();
-    DataProcessingUnit dataProcessingUnit = new DataProcessingUnit();
+    private DataProcessingUnit dataProcessingUnit = new DataProcessingUnit();
-    ColorProcessor colorProcessor = new ColorProcessor();
+    private ColorProcessor colorProcessor = new ColorProcessor();
-    public List<Map<String, String>> processMessage(IExtensionHelpers helpers, byte[] content, boolean isRequest, boolean messageInfo, String host)
+    public List<Map<String, String>> processMessage(IExtensionHelpers helpers, IHttpRequestResponse messageInfo, String host, boolean actionFlag) throws Exception {
-            throws NoSuchAlgorithmException {
+
-        List<Map<String, String>> result = new ArrayList<>();
+        byte[] requestByte = messageInfo.getRequest();
        byte[] responseByte = messageInfo.getResponse();
        List<Map<String, String>> reqObj = processRequestMessage(helpers, requestByte, host, actionFlag);
        List<Map<String, String>> resObj = processResponseMessage(helpers, responseByte, host, actionFlag);
        List<Map<String, String>> mergedList = new ArrayList<>(reqObj);
        mergedList.addAll(resObj);
        return mergedList;
    }
    public List<Map<String, String>> processRequestMessage(IExtensionHelpers helpers, byte[] content, String host, boolean actionFlag) throws Exception {
        Map<String, Map<String, Object>> obj;
        if (isRequest) {
        IRequestInfo requestInfo = helpers.analyzeRequest(content);
        List<String> requestTmpHeaders = requestInfo.getHeaders();
        String requestHeaders = String.join("\n", requestTmpHeaders);
@@ -30,35 +41,49 @@ public class MessageProcessor {
            String urlString = requestTmpHeaders.get(0).split(" ")[1];
            urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
            if (matcher.matchUrlSuffix(urlString)) {
-                    return result;
+                return null;
            }
        } catch (Exception e) {
-                return result;
+            e.printStackTrace();
            return null;
        }
        int requestBodyOffset = requestInfo.getBodyOffset();
        byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
        obj = dataProcessingUnit.matchContentByRegex(content, requestHeaders, requestBody, "request", host);
-        } else {
+
        return getDataList(obj, actionFlag);
    }
    public List<Map<String, String>> processResponseMessage(IExtensionHelpers helpers, byte[] content, String host, boolean actionFlag) throws Exception {
        Map<String, Map<String, Object>> obj;
        IResponseInfo responseInfo = helpers.analyzeResponse(content);
        try {
            String inferredMimeType = String.format("hae.%s", responseInfo.getInferredMimeType().toLowerCase());
            String statedMimeType = String.format("hae.%s", responseInfo.getStatedMimeType().toLowerCase());
            if (matcher.matchUrlSuffix(statedMimeType) || matcher.matchUrlSuffix(inferredMimeType)) {
-                    return result;
+                return null;
            }
        } catch (Exception e) {
-                return result;
+            e.printStackTrace();
            return null;
        }
        List<String> responseTmpHeaders = responseInfo.getHeaders();
        String responseHeaders = String.join("\n", responseTmpHeaders);
        int responseBodyOffset = responseInfo.getBodyOffset();
        byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
        obj = dataProcessingUnit.matchContentByRegex(content, responseHeaders, responseBody, "response", host);
        return getDataList(obj, actionFlag);
    }
    private List<Map<String, String>> getDataList(Map<String, Map<String, Object>> obj, boolean actionFlag) {
        List<Map<String, String>> highlightList = new ArrayList<>();
        List<Map<String, String>> extractList = new ArrayList<>();
        if (obj.size() > 0) {
-            if (messageInfo) {
+            if (actionFlag) {
                List<List<String>> resultList = dataProcessingUnit.extractColorsAndComments(obj);
                List<String> colorList = resultList.get(0);
                List<String> commentList = resultList.get(1);
@@ -70,13 +95,14 @@ public class MessageProcessor {
                    Map<String, String> commentMap = new HashMap<String, String>() {{
                        put("comment", String.join(", ", commentList));
                    }};
-                    result.add(colorMap);
+                    highlightList.add(colorMap);
-                    result.add(commentMap);
+                    highlightList.add(commentMap);
                }
            } else {
-                result.add(dataProcessingUnit.extractDataFromMap(obj));
+                extractList.add(dataProcessingUnit.extractDataFromMap(obj));
            }
        }
-        return result;
+
        return actionFlag ? highlightList : extractList;
    }
 }
--- a/src/main/java/burp/rule/utils/RuleTool.java
+++ b/src/main/java/burp/rule/utils/RuleTool.java
@@ -1,8 +1,6 @@
 package burp.rule.utils;
 import burp.*;
 import burp.config.ConfigEntry;
 import burp.config.ConfigLoader;
 import java.io.FileOutputStream;
 import java.net.URL;
 import java.util.Arrays;
--- a/src/main/java/burp/ui/board/Databoard.java
+++ b/src/main/java/burp/ui/board/Databoard.java
@@ -301,9 +301,6 @@ public class Databoard extends JPanel {
                for (Map.Entry<String, Map<String, List<String>>> entry : dataMap.entrySet()) {
                    JTabbedPane newTabbedPane = new JTabbedPane();
                    newTabbedPane.setTabLayoutPolicy(JTabbedPane.SCROLL_TAB_LAYOUT);
                    if (currentWorker != null && !currentWorker.isDone()) {
                        currentWorker.cancel(true);
                    }
                    for (Map.Entry<String, List<String>> entrySet : entry.getValue().entrySet()) {
                        currentWorker = new SwingWorker<Object, Void>() {
@@ -322,8 +319,10 @@ public class Databoard extends JPanel {
                                if (!isCancelled()) {
                                    try {
                                        Object[] result = (Object[]) get();
                                        SwingUtilities.invokeLater(() -> {
                                            newTabbedPane.addTab(result[0].toString(), (DatatablePanel) result[1]);
                                            dataTabbedPane.addTab(entry.getKey(), newTabbedPane);
                                        });
                                    } catch (Exception e) {
                                        e.printStackTrace();
                                    }
--- a/src/main/java/burp/ui/board/MessagePanel.java
+++ b/src/main/java/burp/ui/board/MessagePanel.java
@@ -329,8 +329,8 @@ public class MessagePanel extends AbstractTableModel implements IMessageEditorCo
                        byte[] reqByteB = reqResMessage.getRequest();
                        byte[] resByteB = reqResMessage.getResponse();
                        try {
-                            // 采用匹配数据结果比对
+                            // 通过URL、请求和响应报文、匹配数据内容，多维度进行对比
-                            if (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA))) {
+                            if ((entry.getUrl().toString().equals(url.toString()) || (Arrays.equals(reqByteB, reqByteA) || Arrays.equals(resByteB, resByteA))) && (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA)))) {
                                isDuplicate = true;
                                break;
                            }