admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:2.0.7
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
...
compare: admin:2.1.1
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

2 Commits
2.0.7 ... 2.1.1

Author SHA1 Message Date
AnonymousUser
4ef766dd82 Version: 2.1.1 Update 2021-10-21 23:42:15 +08:00
AnonymousUser
5d9f590977 Version: 2.1 Update 2021-09-12 15:23:54 +08:00
4 changed files with 126 additions and 87 deletions
Expand all files Collapse all files

1
README.md
View File

@@ -36,6 +36,7 @@ https://gh0st.cn/HaE/
4. 配置文件采用YAML格式存储更加便于阅读和修改 4. 配置文件采用YAML格式存储更加便于阅读和修改
5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象 5. 内置简单缓存,在“多正则、大数据”的场景下减少卡顿现象
6. **支持标签分页**,点击`...`即可添加新的标签页,对着标签页右键即可删除 6. **支持标签分页**,点击`...`即可添加新的标签页,对着标签页右键即可删除
7. 高亮信息添加的同时添加Comment便于查找请求
![-w477](images/16000720732851.jpg) ![-w477](images/16000720732851.jpg)

118
src/main/java/burp/BurpExtender.java
View File

@@ -5,12 +5,10 @@ import burp.ui.MainUI;
import javax.swing.*; import javax.swing.*;
import java.awt.*; import java.awt.*;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.util.Map; import java.util.ArrayList;
import java.util.List;
/* /*
* @author EvilChen * @author EvilChen
@@ -21,11 +19,9 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
private static PrintWriter stdout; private static PrintWriter stdout;
private IBurpExtenderCallbacks callbacks; private IBurpExtenderCallbacks callbacks;
private static IExtensionHelpers helpers; private static IExtensionHelpers helpers;
MatchHTTP mh = new MatchHTTP();
ExtractContent ec = new ExtractContent();
DoAction da = new DoAction();
GetColorKey gck = new GetColorKey(); GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor(); UpgradeColor uc = new UpgradeColor();
ProcessMessage pm = new ProcessMessage();
@Override @Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
@@ -33,12 +29,12 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
this.callbacks = callbacks; this.callbacks = callbacks;
BurpExtender.helpers = callbacks.getHelpers(); BurpExtender.helpers = callbacks.getHelpers();
String version = "2.0.7"; String version = "2.1.1";
callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version)); callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version));
// 定义输出 // 定义输出
stdout = new PrintWriter(callbacks.getStdout(), true); stdout = new PrintWriter(callbacks.getStdout(), true);
stdout.println("@UI Author: 0chencc");
stdout.println("@Core Author: EvilChen"); stdout.println("@Core Author: EvilChen");
stdout.println("@UI Author: 0chencc");
stdout.println("@Github: https://github.com/gh0stkey/HaE"); stdout.println("@Github: https://github.com/gh0stkey/HaE");
// UI // UI
SwingUtilities.invokeLater(this::initialize); SwingUtilities.invokeLater(this::initialize);
@@ -67,45 +63,29 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
// 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4 // 判断是否是响应且该代码作用域为REPEATER、INTRUDER、PROXY分别对应toolFlag 64、32、4
if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) { if (toolFlag == 64 || toolFlag == 32 || toolFlag == 4) {
Map<String, Map<String, Object>> obj; byte[] content;
// 流量清洗
String urlString = helpers.analyzeRequest(messageInfo.getHttpService(), messageInfo.getRequest()).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return;
}
if (messageIsRequest) { if (messageIsRequest) {
byte[] byteRequest = messageInfo.getRequest(); content = messageInfo.getRequest();
// 获取报文头
List<String> requestTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), byteRequest).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
// 获取报文主体
int requestBodyOffset = helpers.analyzeRequest(messageInfo.getHttpService(), byteRequest).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(byteRequest, requestBodyOffset, byteRequest.length);
obj = ec.matchRegex(byteRequest, requestHeaders, requestBody, "request");
} else { } else {
byte[] byteResponse = messageInfo.getResponse(); content = messageInfo.getResponse();
// 获取报文头
List<String> responseTmpHeaders = helpers.analyzeRequest(messageInfo.getHttpService(), byteResponse).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
// 获取报文主体
int responseBodyOffset = helpers.analyzeResponse(byteResponse).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(byteResponse, responseBodyOffset, byteResponse.length);
obj = ec.matchRegex(byteResponse, responseHeaders, responseBody, "response");
} }
String c = new String(content, StandardCharsets.UTF_8).intern();
List<String> colorList = da.highlightList(obj); List<String> result = pm.processMessageByContent(helpers, messageInfo.getHttpService(), content, messageIsRequest, true);
if (colorList.size() != 0) { if (result != null && !result.isEmpty() && result.size() > 0) {
String originalColor = messageInfo.getHighlight();
String originalComment = messageInfo.getComment();
List<String> colorList = new ArrayList<>();
if (originalColor != null) {
colorList.add(originalColor);
}
colorList.add(result.get(0));
String color = uc.getEndColor(gck.getColorKeys(colorList)); String color = uc.getEndColor(gck.getColorKeys(colorList));
messageInfo.setHighlight(color); messageInfo.setHighlight(color);
String addComment = String.join(", ", result.get(1));
String resComment = originalComment != null ? String.format("%s, %s", originalComment, addComment) : addComment;
messageInfo.setComment(resComment);
} }
} }
@@ -136,52 +116,20 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito
@Override @Override
public boolean isEnabled(byte[] content, boolean isRequest) { public boolean isEnabled(byte[] content, boolean isRequest) {
Map<String, Map<String, Object>> obj; String c = new String(content, StandardCharsets.UTF_8).intern();
List<String> result = pm.processMessageByContent(helpers, controller.getHttpService(), content, isRequest, false);
if (isRequest) { if (result != null && !result.isEmpty()) {
try { if (isRequest) {
// 流量清洗 extractRequestContent = result.get(0).getBytes();
String urlString = helpers.analyzeRequest(controller.getHttpService(), controller.getRequest()).getUrl().toString(); } else {
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString; extractResponseContent = result.get(0).getBytes();
// 正则判断
if (mh.matchSuffix(urlString)) {
return false;
}
} catch (Exception e) {
return false;
}
IRequestInfo iRequestInfo = helpers.analyzeRequest(controller.getHttpService(), content);
// 获取报文头
List<String> requestTmpHeaders = iRequestInfo.getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
// 获取报文主体
int requestBodyOffset = iRequestInfo.getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
if (obj.size() > 0) {
String result = da.extractString(obj);
extractRequestContent = result.getBytes();
return true;
}
} else {
IResponseInfo iResponseInfo = helpers.analyzeResponse(content);
// 获取报文头
List<String> responseTmpHeaders = iResponseInfo.getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
// 获取报文主体
int responseBodyOffset = iResponseInfo.getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
if (obj.size() > 0) {
String result = da.extractString(obj);
extractResponseContent = result.getBytes();
return true;
} }
return true;
} }
return false; return false;
} }
@Override @Override

9
src/main/java/burp/action/DoAction.java
View File

@@ -21,13 +21,18 @@ public class DoAction {
return result[0]; return result[0];
} }
public List<String> highlightList(Map<String, Map<String, Object>> obj) { public List<List<String>> highlightAndComment(Map<String, Map<String, Object>> obj) {
List<String> colorList = new ArrayList<>(); List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
List<List<String>> result = new ArrayList<>();
obj.keySet().forEach(i->{ obj.keySet().forEach(i->{
Map<String, Object> tmpMap = obj.get(i); Map<String, Object> tmpMap = obj.get(i);
String color = tmpMap.get("color").toString(); String color = tmpMap.get("color").toString();
colorList.add(color); colorList.add(color);
commentList.add(i);
}); });
return colorList; result.add(colorList);
result.add(commentList);
return result;
} }
} }

85
src/main/java/burp/action/ProcessMessage.java Normal file
View File

@@ -0,0 +1,85 @@
package burp.action;
import burp.IExtensionHelpers;
import burp.IHttpService;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
public class ProcessMessage {
MatchHTTP mh = new MatchHTTP();
ExtractContent ec = new ExtractContent();
DoAction da = new DoAction();
GetColorKey gck = new GetColorKey();
UpgradeColor uc = new UpgradeColor();
public List<String> processMessageByContent(IExtensionHelpers helpers, IHttpService httpService, byte[] content, boolean isRequest, boolean messageInfo) {
List<String> result = new ArrayList<>();;
Map<String, Map<String, Object>> obj;
if (isRequest) {
try {
// 流量清洗
String urlString = helpers.analyzeRequest(httpService, content).getUrl().toString();
urlString = urlString.indexOf("?") > 0 ? urlString.substring(0, urlString.indexOf("?")) : urlString;
// 正则判断
if (mh.matchSuffix(urlString)) {
return result;
}
} catch (Exception e) {
return result;
}
// 获取报文头
List<String> requestTmpHeaders = helpers.analyzeRequest(httpService, content).getHeaders();
String requestHeaders = String.join("\n", requestTmpHeaders);
// 获取报文主体
int requestBodyOffset = helpers.analyzeRequest(httpService, content).getBodyOffset();
byte[] requestBody = Arrays.copyOfRange(content, requestBodyOffset, content.length);
obj = ec.matchRegex(content, requestHeaders, requestBody, "request");
} else {
try {
// 流量清洗
String inferredMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getInferredMimeType().toLowerCase());
String statedMimeType = String.format("hae.%s", helpers.analyzeResponse(content).getStatedMimeType().toLowerCase());
// 正则判断
if (mh.matchSuffix(statedMimeType) || mh.matchSuffix(inferredMimeType)) {
return result;
}
} catch (Exception e) {
return result;
}
// 获取报文头
List<String> responseTmpHeaders = helpers.analyzeResponse(content).getHeaders();
String responseHeaders = String.join("\n", responseTmpHeaders);
// 获取报文主体
int responseBodyOffset = helpers.analyzeResponse(content).getBodyOffset();
byte[] responseBody = Arrays.copyOfRange(content, responseBodyOffset, content.length);
obj = ec.matchRegex(content, responseHeaders, responseBody, "response");
}
if (messageInfo) {
List<List<String>> resultList = da.highlightAndComment(obj);
List<String> colorList = resultList.get(0);
List<String> commentList = resultList.get(1);
if (colorList.size() != 0 && commentList.size() != 0) {
String color = uc.getEndColor(gck.getColorKeys(colorList));
result.add(color);
result.add(String.join(", ", commentList));
}
} else {
if (obj.size() > 0) {
result.add(da.extractString(obj));
}
}
return result;
}
}