Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
3fc1869a7b | ||
|
|
43fbc46b65 | ||
|
|
00a4a835b2 | ||
|
|
f872dadf46 | ||
|
|
15bbb9f1a0 | ||
|
|
89f3f6cf09 | ||
|
|
cf9f434ff8 | ||
|
|
37a907d6df | ||
|
|
83e5da2f7e |
@@ -85,3 +85,11 @@ https://gh0st.cn/HaE/
|
||||
随笔: 正义感是一个不可丢失的东西。
|
||||
|
||||
Github项目地址(BUG、需求、正则欢迎提交): https://github.com/gh0stkey/HaE
|
||||
|
||||
## 404StarLink 2.0 - Galaxy
|
||||
|
||||
|
||||
|
||||
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
|
||||
|
||||
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)
|
||||
|
||||
@@ -33,7 +33,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
this.callbacks = callbacks;
|
||||
BurpExtender.helpers = callbacks.getHelpers();
|
||||
|
||||
String version = "2.0.1";
|
||||
String version = "2.0.6";
|
||||
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
||||
// 定义输出
|
||||
stdout = new PrintWriter(callbacks.getStdout(), true);
|
||||
@@ -73,18 +73,8 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
// 判断是否是响应,且该代码作用域为:REPEATER、INTRUDER、PROXY(分别对应toolFlag 64、32、4)
|
||||
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
|
||||
Map<String, Map<String, Object>> obj;
|
||||
byte[] content = messageInfo.getRequest();
|
||||
// 获取报文头
|
||||
List<String> tmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders();
|
||||
String headers = String.join("\n", tmpHeaders);
|
||||
|
||||
// 获取报文主体
|
||||
int bodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), content).getBodyOffset();
|
||||
byte[] byteRequest = messageInfo.getRequest();
|
||||
byte[] body = Arrays.copyOfRange(byteRequest, bodyOffset, byteRequest.length);
|
||||
|
||||
// 流量清洗
|
||||
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), content).getUrl().toString();
|
||||
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), messageInfo.getRequest()).getUrl().toString();
|
||||
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
|
||||
|
||||
// 正则判断
|
||||
@@ -93,10 +83,28 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
}
|
||||
|
||||
if (messageIsRequest) {
|
||||
obj = ec.matchRegex(content, headers, body, "request");
|
||||
byte[] byteRequest = messageInfo.getRequest();
|
||||
// 获取报文头
|
||||
List<String> requestTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), byteRequest).getHeaders();
|
||||
String requestHeaders = String.join("\n", requestTmpHeaders);
|
||||
|
||||
// 获取报文主体
|
||||
int requestBodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), byteRequest).getBodyOffset();
|
||||
byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length);
|
||||
|
||||
obj = ec.matchRegex(byteRequest, requestHeaders, requestBody, "request");
|
||||
} else {
|
||||
content = messageInfo.getResponse();
|
||||
obj = ec.matchRegex(content, headers, body, "response");
|
||||
byte[] byteResponse = messageInfo.getResponse();
|
||||
|
||||
// 获取报文头
|
||||
List<String> responseTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), byteResponse).getHeaders();
|
||||
String responseHeaders = String.join("\n", responseTmpHeaders);
|
||||
|
||||
// 获取报文主体
|
||||
int responseBodyOffset = helpers.analyzeResponse(byteResponse).getBodyOffset();
|
||||
byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length);
|
||||
|
||||
obj = ec.matchRegex(byteResponse, responseHeaders, responseBody, "response");
|
||||
}
|
||||
|
||||
List<String> colorList = da.highlightList(obj);
|
||||
@@ -147,32 +155,31 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
||||
} catch (Exception e) {
|
||||
return false;
|
||||
}
|
||||
IRequestInfo iRequestInfo = helpers.analyzeRequest(controller.getHttpService(), content);
|
||||
|
||||
// 获取报文头
|
||||
List<String> tmpHeaders = helpers.analyzeRequest(controller.getHttpService(), content).getHeaders();
|
||||
String headers = String.join("\n", tmpHeaders);
|
||||
List<String> requestTmpHeaders = iRequestInfo.getHeaders();
|
||||
String requestHeaders = String.join("\n", requestTmpHeaders);
|
||||
// 获取报文主体
|
||||
int bodyOffset = helpers.analyzeRequest(controller.getHttpService(), content).getBodyOffset();
|
||||
byte[] byteRequest = controller.getRequest();
|
||||
byte[] body = Arrays.copyOfRange(byteRequest, bodyOffset, byteRequest.length);
|
||||
int requestBodyOffset = iRequestInfo.getBodyOffset();
|
||||
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
|
||||
|
||||
obj = ec.matchRegex(content, headers, body, "request");
|
||||
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
|
||||
if (obj.size() > 0) {
|
||||
String result = da.extractString(obj);
|
||||
extractRequestContent = result.getBytes();
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
|
||||
IResponseInfo iResponseInfo = helpers.analyzeResponse(content);
|
||||
// 获取报文头
|
||||
List<String> tmpHeaders1 = helpers.analyzeResponse(content).getHeaders();
|
||||
String headers1 = String.join("\n", tmpHeaders1);
|
||||
List<String> responseTmpHeaders = iResponseInfo.getHeaders();
|
||||
String responseHeaders = String.join("\n", responseTmpHeaders);
|
||||
// 获取报文主体
|
||||
int bodyOffset1 = helpers.analyzeResponse(content).getBodyOffset();
|
||||
byte[] byteRequest1 = controller.getResponse();
|
||||
byte[] body = Arrays.copyOfRange(byteRequest1, bodyOffset1, byteRequest1.length);
|
||||
int responseBodyOffset = iResponseInfo.getBodyOffset();
|
||||
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
|
||||
|
||||
obj = ec.matchRegex(content, headers1, body, "response");
|
||||
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
|
||||
if (obj.size() > 0) {
|
||||
String result = da.extractString(obj);
|
||||
extractResponseContent = result.getBytes();
|
||||
|
||||
@@ -28,7 +28,7 @@ public class ExtractContent {
|
||||
String matchContent = "";
|
||||
for (Object[] objects : rules.get(i)) {
|
||||
// 遍历获取规则
|
||||
List<String> result = new ArrayList<String>();
|
||||
List<String> result = new ArrayList<>();
|
||||
Map<String, Object> tmpMap = new HashMap<>();
|
||||
|
||||
String name = objects[1].toString();
|
||||
@@ -38,7 +38,7 @@ public class ExtractContent {
|
||||
String scope = objects[4].toString();
|
||||
String engine = objects[5].toString();
|
||||
// 判断规则是否开启与作用域
|
||||
if (loaded && (scopeString.contains(scope) || scope.equals("any"))) {
|
||||
if (loaded && (scope.contains(scopeString) || scope.equals("any"))) {
|
||||
switch (scope) {
|
||||
case "any":
|
||||
case "request":
|
||||
|
||||
@@ -23,7 +23,7 @@ public class RuleSetting extends JPanel {
|
||||
Name = new JTextField();
|
||||
ScopeSelect = new JComboBox<>();
|
||||
EngineSelect = new JComboBox<>();
|
||||
label7 = new JLabel();
|
||||
label6 = new JLabel();
|
||||
ColorSelect = new JComboBox<>();
|
||||
|
||||
//======== this ========
|
||||
@@ -32,24 +32,24 @@ public class RuleSetting extends JPanel {
|
||||
//---- label5 ----
|
||||
label5.setText("Engine:");
|
||||
add(label5);
|
||||
label5.setBounds(10, 175, 50, 17);
|
||||
label5.setBounds(new Rectangle(new Point(10, 175), label5.getPreferredSize()));
|
||||
|
||||
//---- label4 ----
|
||||
label4.setText("Scope:");
|
||||
add(label4);
|
||||
label4.setBounds(10, 135, 50, 17);
|
||||
label4.setBounds(new Rectangle(new Point(10, 135), label4.getPreferredSize()));
|
||||
add(Regex);
|
||||
Regex.setBounds(70, 50, 265, 30);
|
||||
|
||||
//---- label3 ----
|
||||
label3.setText("Regex:");
|
||||
add(label3);
|
||||
label3.setBounds(10, 55, 50, 17);
|
||||
label3.setBounds(new Rectangle(new Point(10, 55), label3.getPreferredSize()));
|
||||
|
||||
//---- label2 ----
|
||||
label2.setText("Name:");
|
||||
add(label2);
|
||||
label2.setBounds(10, 15, 50, 17);
|
||||
label2.setBounds(new Rectangle(new Point(10, 15), label2.getPreferredSize()));
|
||||
add(Name);
|
||||
Name.setBounds(70, 10, 265, 30);
|
||||
|
||||
@@ -64,9 +64,9 @@ public class RuleSetting extends JPanel {
|
||||
EngineSelect.setBounds(70, 170, 265, EngineSelect.getPreferredSize().height);
|
||||
|
||||
//---- label7 ----
|
||||
label7.setText("Color:");
|
||||
add(label7);
|
||||
label7.setBounds(new Rectangle(new Point(10, 95), label7.getPreferredSize()));
|
||||
label6.setText("Color:");
|
||||
add(label6);
|
||||
label6.setBounds(new Rectangle(new Point(10, 95), label6.getPreferredSize()));
|
||||
|
||||
//---- ColorSelect ----
|
||||
ColorSelect.setModel(new DefaultComboBoxModel<>(Config.colorArray));
|
||||
@@ -99,7 +99,7 @@ public class RuleSetting extends JPanel {
|
||||
public JTextField Name;
|
||||
public JComboBox<String> ScopeSelect;
|
||||
public JComboBox<String> EngineSelect;
|
||||
private JLabel label7;
|
||||
private JLabel label6;
|
||||
public JComboBox<String> ColorSelect;
|
||||
// JFormDesigner - End of variables declaration //GEN-END:variables
|
||||
}
|
||||
|
||||
@@ -18,8 +18,8 @@ import java.util.Map;
|
||||
public class LoadRule {
|
||||
private static String filePath = "Config.yml";
|
||||
public LoadRule(String configfile){
|
||||
init();
|
||||
filePath = configfile;
|
||||
init();
|
||||
}
|
||||
|
||||
// 初始化配置
|
||||
|
||||
Reference in New Issue
Block a user