Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
43fbc46b65 | ||
|
|
00a4a835b2 | ||
|
|
f872dadf46 | ||
|
|
15bbb9f1a0 | ||
|
|
89f3f6cf09 | ||
|
|
cf9f434ff8 |
@@ -85,3 +85,11 @@ https://gh0st.cn/HaE/
|
|||||||
随笔: 正义感是一个不可丢失的东西。
|
随笔: 正义感是一个不可丢失的东西。
|
||||||
|
|
||||||
Github项目地址(BUG、需求、正则欢迎提交): https://github.com/gh0stkey/HaE
|
Github项目地址(BUG、需求、正则欢迎提交): https://github.com/gh0stkey/HaE
|
||||||
|
|
||||||
|
## 404StarLink 2.0 - Galaxy
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
|
||||||
|
|
||||||
|
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
|||||||
this.callbacks = callbacks;
|
this.callbacks = callbacks;
|
||||||
BurpExtender.helpers = callbacks.getHelpers();
|
BurpExtender.helpers = callbacks.getHelpers();
|
||||||
|
|
||||||
String version = "2.0.2";
|
String version = "2.0.5";
|
||||||
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
|
||||||
// 定义输出
|
// 定义输出
|
||||||
stdout = new PrintWriter(callbacks.getStdout(), true);
|
stdout = new PrintWriter(callbacks.getStdout(), true);
|
||||||
@@ -74,15 +74,6 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
|||||||
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
|
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
|
||||||
Map<String, Map<String, Object>> obj;
|
Map<String, Map<String, Object>> obj;
|
||||||
byte[] content = messageInfo.getRequest();
|
byte[] content = messageInfo.getRequest();
|
||||||
// 获取报文头
|
|
||||||
List<String> tmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders();
|
|
||||||
String headers = String.join("\n", tmpHeaders);
|
|
||||||
|
|
||||||
// 获取报文主体
|
|
||||||
int bodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), content).getBodyOffset();
|
|
||||||
byte[] byteRequest = messageInfo.getRequest();
|
|
||||||
byte[] body = Arrays.copyOfRange(byteRequest, bodyOffset, byteRequest.length);
|
|
||||||
|
|
||||||
// 流量清洗
|
// 流量清洗
|
||||||
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), content).getUrl().toString();
|
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), content).getUrl().toString();
|
||||||
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
|
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
|
||||||
@@ -93,10 +84,28 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (messageIsRequest) {
|
if (messageIsRequest) {
|
||||||
obj = ec.matchRegex(content, headers, body, "request");
|
// 获取报文头
|
||||||
|
List<String> requestTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders();
|
||||||
|
String requestHeaders = String.join("\n", requestTmpHeaders);
|
||||||
|
|
||||||
|
// 获取报文主体
|
||||||
|
int requestBodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), content).getBodyOffset();
|
||||||
|
byte[] byteRequest = messageInfo.getRequest();
|
||||||
|
byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length);
|
||||||
|
|
||||||
|
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
|
||||||
} else {
|
} else {
|
||||||
|
// 获取报文头
|
||||||
|
List<String> responseTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), content).getHeaders();
|
||||||
|
String responseHeaders = String.join("\n", responseTmpHeaders);
|
||||||
|
|
||||||
|
// 获取报文主体
|
||||||
|
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
|
||||||
|
byte[] byteResponse = messageInfo.getResponse();
|
||||||
|
byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length);
|
||||||
|
|
||||||
content = messageInfo.getResponse();
|
content = messageInfo.getResponse();
|
||||||
obj = ec.matchRegex(content, headers, body, "response");
|
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
|
||||||
}
|
}
|
||||||
|
|
||||||
List<String> colorList = da.highlightList(obj);
|
List<String> colorList = da.highlightList(obj);
|
||||||
@@ -149,14 +158,14 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 获取报文头
|
// 获取报文头
|
||||||
List<String> tmpHeaders = helpers.analyzeRequest(controller.getHttpService(), content).getHeaders();
|
List<String> requestTmpHeaders = helpers.analyzeRequest(controller.getHttpService(), content).getHeaders();
|
||||||
String headers = String.join("\n", tmpHeaders);
|
String requestHeaders = String.join("\n", requestTmpHeaders);
|
||||||
// 获取报文主体
|
// 获取报文主体
|
||||||
int bodyOffset = helpers.analyzeRequest(controller.getHttpService(), content).getBodyOffset();
|
int requestBodyOffset = helpers.analyzeRequest(controller.getHttpService(), content).getBodyOffset();
|
||||||
byte[] byteRequest = controller.getRequest();
|
byte[] byteRequest = controller.getRequest();
|
||||||
byte[] body = Arrays.copyOfRange(byteRequest, bodyOffset, byteRequest.length);
|
byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length);
|
||||||
|
|
||||||
obj = ec.matchRegex(content, headers, body, "request");
|
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
|
||||||
if (obj.size() > 0) {
|
if (obj.size() > 0) {
|
||||||
String result = da.extractString(obj);
|
String result = da.extractString(obj);
|
||||||
extractRequestContent = result.getBytes();
|
extractRequestContent = result.getBytes();
|
||||||
@@ -165,14 +174,14 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
|
|||||||
} else {
|
} else {
|
||||||
|
|
||||||
// 获取报文头
|
// 获取报文头
|
||||||
List<String> tmpHeaders1 = helpers.analyzeResponse(content).getHeaders();
|
List<String> responseTmpHeaders = helpers.analyzeResponse(content).getHeaders();
|
||||||
String headers1 = String.join("\n", tmpHeaders1);
|
String responseHeaders = String.join("\n", responseTmpHeaders);
|
||||||
// 获取报文主体
|
// 获取报文主体
|
||||||
int bodyOffset1 = helpers.analyzeResponse(content).getBodyOffset();
|
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
|
||||||
byte[] byteRequest1 = controller.getResponse();
|
byte[] byteResponse = controller.getResponse();
|
||||||
byte[] body = Arrays.copyOfRange(byteRequest1, bodyOffset1, byteRequest1.length);
|
byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length);
|
||||||
|
|
||||||
obj = ec.matchRegex(content, headers1, body, "response");
|
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
|
||||||
if (obj.size() > 0) {
|
if (obj.size() > 0) {
|
||||||
String result = da.extractString(obj);
|
String result = da.extractString(obj);
|
||||||
extractResponseContent = result.getBytes();
|
extractResponseContent = result.getBytes();
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ public class ExtractContent {
|
|||||||
String matchContent = "";
|
String matchContent = "";
|
||||||
for (Object[] objects : rules.get(i)) {
|
for (Object[] objects : rules.get(i)) {
|
||||||
// 遍历获取规则
|
// 遍历获取规则
|
||||||
List<String> result = new ArrayList<String>();
|
List<String> result = new ArrayList<>();
|
||||||
Map<String, Object> tmpMap = new HashMap<>();
|
Map<String, Object> tmpMap = new HashMap<>();
|
||||||
|
|
||||||
String name = objects[1].toString();
|
String name = objects[1].toString();
|
||||||
@@ -38,7 +38,7 @@ public class ExtractContent {
|
|||||||
String scope = objects[4].toString();
|
String scope = objects[4].toString();
|
||||||
String engine = objects[5].toString();
|
String engine = objects[5].toString();
|
||||||
// 判断规则是否开启与作用域
|
// 判断规则是否开启与作用域
|
||||||
if (loaded && (scopeString.contains(scope) || scope.equals("any"))) {
|
if (loaded && (scope.contains(scopeString) || scope.equals("any"))) {
|
||||||
switch (scope) {
|
switch (scope) {
|
||||||
case "any":
|
case "any":
|
||||||
case "request":
|
case "request":
|
||||||
|
|||||||
@@ -18,8 +18,8 @@ import java.util.Map;
|
|||||||
public class LoadRule {
|
public class LoadRule {
|
||||||
private static String filePath = "Config.yml";
|
private static String filePath = "Config.yml";
|
||||||
public LoadRule(String configfile){
|
public LoadRule(String configfile){
|
||||||
init();
|
|
||||||
filePath = configfile;
|
filePath = configfile;
|
||||||
|
init();
|
||||||
}
|
}
|
||||||
|
|
||||||
// 初始化配置
|
// 初始化配置
|
||||||
|
|||||||
Reference in New Issue
Block a user