admin/HaE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: admin:3.3.1
Branches Tags
admin:main admin:file admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0
...
compare: admin:4.2.1
Branches Tags
admin:file admin:main admin:network
admin:4.3.1 admin:4.3 admin:4.2.1 admin:4.2 admin:4.1.2 admin:4.1.1 admin:4.1 admin:4.0.5 admin:4.0.4 admin:4.0.3 admin:4.0.2 admin:4.0.1 admin:4.0 admin:3.4 admin:3.3.4 admin:3.3.3 admin:3.3.2 admin:3.3.1 admin:3.3 admin:3.2.2 admin:3.2.1 admin:3.2 admin:3.1 admin:3.0.2 admin:3.0.1 admin:3.0 admin:2.6.1 admin:2.6 admin:2.5.11 admin:2.5.10 admin:2.5.9 admin:2.5.8 admin:2.5.7 admin:2.5.6 admin:2.5.5 admin:2.5.4.1 admin:2.5.4 admin:2.5.3 admin:2.5.2 admin:2.5.1 admin:2.5 admin:2.4.7 admin:2.4.8 admin:2.4.6 admin:2.4.5 admin:2.4.4 admin:2.4.3 admin:2.4.2 admin:2.4.1 admin:2.4 admin:2.3 admin:2.2.3 admin:2.2.2 admin:2.2.1 admin:2.2 admin:2.1.5 admin:2.1.6 admin:2.1.4 admin:2.1.3 admin:2.1.2 admin:2.1.1 admin:2.1 admin:2.0.7 admin:2.0.6 admin:2.0.5 admin:2.0.4 admin:2.0.3 admin:2.0.2 admin:2.0.1 admin:2.0 admin:1.5.1 admin:1.5 admin:1.4.2 admin:1.4.1 admin:1.4 admin:1.3 admin:1.2 admin:1.1 admin:1.0

55 Commits
3.3.1 ... 4.2.1

Author SHA1 Message Date
gh0stkey
d71965ce10 Version: 4.2.1 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-05-08 11:29:09 +08:00
EvilChen
1ffe94e78d Update README_CN.md 2025-05-08 11:06:27 +08:00
EvilChen
3859f81b2a Update README.md 2025-05-08 11:06:05 +08:00
EvilChen
20ae5bc811 Update README.md 2025-05-08 10:45:58 +08:00
EvilChen
b7734ca710 Update README.md 2025-05-08 10:33:49 +08:00
gh0stkey
d75991043e Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-05-06 12:27:06 +08:00
gh0stkey
95e1cb4dc1 Version: 4.2 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-05-06 11:24:17 +08:00
gh0stkey
baa7270f46 Update 2025-04-25 16:17:59 +08:00
gh0stkey
0b1d502f79 Update 2025-04-25 15:50:24 +08:00
gh0stkey
8c7ac8f47d Update 2025-04-25 15:49:03 +08:00
gh0stkey
ec4a10753f Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-04-14 11:54:39 +08:00
gh0stkey
ed698b9861 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-04-03 11:26:02 +08:00
gh0stkey
c81094eb30 Version: 4.1.2 Update 
Signed-off-by: gh0stkey <24655118+gh0stkey@users.noreply.github.com>
 2025-04-02 10:36:21 +08:00
gh0stkey
3608c3dca8 Version: 4.1.1 Update 2025-03-25 11:47:27 +08:00
gh0stkey
124e4c14fd Version: 4.1.1 Update 2025-03-25 11:44:07 +08:00
gh0stkey
6adf30f25c Version: 4.1 Update 2025-03-21 21:33:07 +08:00
gh0stkey
4fbd241ebe Version: 4.1 Update 2025-03-21 21:23:14 +08:00
gh0stkey
20afa30822 Version: 4.1 Update 2025-03-21 21:22:11 +08:00
EvilChen
1a5ed2a6a3 Update README_CN.md 2025-03-12 18:30:09 +08:00
EvilChen
1bf2b461ba Update README.md 2025-03-12 18:29:56 +08:00
gh0stkey
79e2e58d48 Update 2025-03-12 13:06:46 +08:00
gh0stkey
bf0b7f0016 Update 2025-03-10 14:56:05 +08:00
EvilChen
69c2b59c8c Update README_CN.md 2025-03-05 11:25:48 +08:00
EvilChen
79655def48 Update README.md 2025-03-05 11:24:43 +08:00
gh0stkey
116aec0848 Update 2025-03-05 11:21:25 +08:00
gh0stkey
c5de042b4b Update 2025-02-18 16:59:57 +08:00
gh0stkey
5bc592c6f9 Update 2025-02-18 16:58:58 +08:00
gh0stkey
be2df6472b Update 2025-02-18 16:56:51 +08:00
gh0stkey
4a53f20649 Update 2025-02-17 16:06:25 +08:00
gh0stkey
704e760912 Update 2025-02-12 16:08:29 +08:00
gh0stkey
3ccfee5a02 Update 2025-02-11 19:12:34 +08:00
chen
819ef820f8 Update 2025-02-11 18:54:27 +08:00
chen
0c795af101 Version: 4.0.5 Update 2025-02-11 18:29:55 +08:00
gh0stkey
5977e82ca6 Version: 4.0.4 Update 2025-01-17 17:56:35 +08:00
gh0stkey
452f297f55 Version: 4.0.3 Update 2025-01-10 17:45:59 +08:00
gh0stkey
a06ef8e25e Version: 4.0.2 Update 2025-01-08 13:49:12 +08:00
EvilChen
7e53e250af Merge pull request #235 from 0Chencc/master 
修复了社区版会无法正常使用HaE的问题
 2025-01-08 13:47:38 +08:00
林晨
b686b5e75e 修复了社区版会无法正常使用HaE的问题 
社区版由于Scanner的问题无法使用HaE,加入了一处版本判断。
 2025-01-02 05:50:14 +08:00
gh0stkey
e83a6a1478 Version: 4.0.1 Update 2024-12-31 15:40:05 +08:00
gh0stkey
daacb2e146 Version: 4.0 Update 2024-12-21 15:34:45 +08:00
gh0stkey
1f1ca99f10 Update 2024-12-21 15:19:19 +08:00
gh0stkey
fa35b0a625 Version: 3.4 Update 2024-11-16 19:48:50 +08:00
gh0stkey
8ef98d20a9 Version: 3.4 Update 2024-11-16 18:42:15 +08:00
gh0stkey
e556abb6f7 Version: 3.4 Update 2024-11-16 18:06:49 +08:00
EvilChen
471aab5ea1 Merge pull request #221 from AabyssZG/master 
Update Rules.yml
 2024-10-24 11:48:57 +08:00
曾哥
76b475bd91 Update Rules.yml 2024-10-24 11:40:29 +08:00
gh0stkey
6014089594 Version: 3.3.4 Update 2024-10-14 16:35:20 +08:00
EvilChen
910658f2e0 Update 问题反馈.md 2024-09-23 00:05:40 +08:00
gh0stkey
8692b0a494 Version: 3.3.3 Update 2024-09-19 17:45:47 +08:00
gh0stkey
5419d4a679 Version: 3.3.3 Update 2024-09-19 17:11:55 +08:00
gh0stkey
ae8cb2fd25 Version: 3.3.3 Update 2024-09-19 17:08:46 +08:00
EvilChen
5b6bdbe5b6 Update README.md 2024-08-28 16:19:24 +08:00
EvilChen
ddb08e9a6e Update README.md 2024-08-28 16:18:25 +08:00
EvilChen
6a2f289d57 Update build.gradle 2024-08-26 10:04:57 +08:00
gh0stkey
84746a7089 Version: 3.3.2 Update 2024-08-23 22:03:31 +08:00
39 changed files with 1730 additions and 2018 deletions
Expand all files Collapse all files

4
.github/ISSUE_TEMPLATE/问题反馈.md vendored
View File

@@ -14,7 +14,9 @@ HaE 版本:
有无自定义规则: 有无自定义规则:
BurpSuite 版本: BurpSuite 版本:
操作系统版本: 操作系统版本:
有无仔细阅读README 是否阅读README
是否知晓注意事项:
是否查阅历史ISSUE
``` ```
## 问题详情 ## 问题详情

131
README.md
View File

@@ -1,77 +1,110 @@
<div align="center"> <div align="center">
<img src="images/logo.png" style="width: 20%" /> <img src="images/logo.png" style="width: 20%" />
<h4><a href="https://gh0st.cn/HaE/">赋能白帽,高效作战!</a></h4> <h4><a href="https://github.com/gh0stkey/HaE">Empower ethical hacker for efficient operations.</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a>中孚信息元亨实验室)<br>第二作者: <a href="https://github.com/0chencc">0chencc</a>米斯特安全团队)<br>第三作者: <a href="https://github.com/vaycore">vaycore</a>独立安全研究员</h5> <h5>First Author: <a href="https://github.com/gh0stkey">EvilChen</a>Zhongfu Information Yuanheng Laboratory<br>Second Author: <a href="https://github.com/0chencc">0chencc</a>Mystery Security Team<br>Third Author: <a href="https://github.com/vaycore">vaycore</a>Independent Security Researcher</h5>
</div> </div>
## 项目介绍 README Version: \[[English](README.md) | [简体中文](README_CN.md)\]
**HaE**是一款**网络安全(数据安全)领域**下的框架式项目,采用了**乐高积木式**模块化设计理念,巧妙地融入了**人工智能大模型辅助技术**实现对HTTP消息包含WebSocket精细化的标记和提取。 ## Project Introduction
通过运用**多引擎**的自定义正则表达式HaE能够准确匹配并处理HTTP请求与响应报文包含WebSocket对匹配成功的内容进行有效的标记和信息抽取从而提升网络安全数据安全领域下的**漏洞和数据分析效率**。 **HaE** is a framework-style project in the field of **cybersecurity (data security)**, adopting a **Lego brick-style** modular design philosophy to achieve fine-grained tagging and extraction of HTTP messages (including WebSocket).
> 随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。 By utilizing **multi-engine** customized regular expressions, HaE can accurately match and process HTTP requests and response messages (including WebSocket), effectively tagging and extracting information from successfully matched content. This enhances the **efficiency of vulnerability and data analysis** in the field of cybersecurity (data security).
**所获荣誉**: > With the adoption of front-end and back-end separation development models in modern web applications, the amount of captured HTTP request traffic during routine vulnerability discovery has correspondingly increased. Fully assessing a web application often requires spending considerable time on irrelevant messages. **The emergence of HaE aims to address such situations**, by using HaE, you can **effectively reduce** testing time, focusing more effort on **valuable and meaningful** messages, thus **improving the efficiency of vulnerability discovery**.
1. [入选2022年KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ) GitHub project address: https://github.com/gh0stkey/HaE
**注意事项**: GitCode project address: https://gitcode.com/gh0stkey/HaE
1. HaE 3.3版本开启了AI+新功能,该功能目前仅支持阿里的`Qwen-Long`模型(支持超长文本)和月之暗面的`moonshot-v1-128k`模型(支持短文本),请配置和使用时注意。 **Awards and Recognitions**:
2. HaE 3.0版本开始采用`Montoya API`进行开发使用新版HaE需要升级你的BurpSuite版本>=2023.12.1)。
3. HaE 2.6版本后对规则字段进行了更新,因此无法适配<=2.6版本的规则,请用户自行前往[规则转换页面](https://gh0st.cn/HaE/ConversionRule.html)进行转换。
4. HaE官方规则库存放在[Github](https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml)上,因此点击`Update`升级HaE官方规则库时需使用代理BApp审核考虑安全性不允许使用CDN
5. 自定义HaE规则必须用左右括号`()`将所需提取的表达式内容包含,例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`在HaE的规则中就需要变成`(rememberMe=delete)`
## 使用方法 1. [Selected for the 2022 KCon Arsenal](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
2. [Recognized as a GitCode G-Star Project](https://gitcode.com/gh0stkey/HaE)
插件装载: `Extender - Extensions - Add - Select File - Next` **Notes and Precautions**:
初次装载`HaE`会从Jar包中加载离线的规则库如果更新的话则会向官方规则库地址拉取`https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml`,配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下: 1. Starting with HaE version 3.0, development is done using the `Montoya API`. To use the new version of HaE, you need to upgrade your BurpSuite version (>=2023.12.1).
2. Custom HaE rules must enclose the expressions to be extracted within parentheses `()`. For example, if you want to match a response message from a **Shiro application**, the normal matching rule would be `rememberMe=delete`, but in HaE's rule format, it needs to be written as `(rememberMe=delete)`.
1. Linux/Mac用户的配置文件目录`~/.config/HaE/` ## Usage
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
除此之外,您也可以选择将配置文件存放在`HaE Jar包`的同级目录下的`/.config/HaE/`中,**以便于离线携带**。 **Plugin Installation**: `Extender - Extensions - Add - Select File - Next`
### 规则释义 When you load `HaE` for the first time, it will load the offline rule database from the Jar package. If you need to update the rules, click `Reinit` to reinitialize. The address of the built-in rule database can be found on GitHub:
`https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml`
HaE目前的规则一共有8个字段详细的含义如下所示 The configuration file (`Config.yml`) and rule file (`Rules.yml`) are stored in a fixed directory:
| 字段 | 含义 | 1. For Linux/Mac users: `~/.config/HaE/`
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 2. For Windows users: `%USERPROFILE%/.config/HaE/`
| Name | 规则名称,主要用于简短概括当前规则的作用。 |
| F-Regex | 规则正则主要用于填写正则表达式。在HaE中所需提取匹配的内容需要用`(``)`将正则表达式进行包裹。|
| S-Regex | 规则正则作用及使用同F-Regex。S-Regex为二次正则可以用于对F-Regex匹配的数据结果进行二次的匹配提取如不需要的情况下可以留空。|
| Format | 格式化输出在NFA引擎的正则表达式中我们可以通过`{0}``{1}``{2}`…的方式进行取分组格式化输出。默认情况下使用`{0}`即可。 |
| Scope | 规则作用域主要用于表示当前规则作用于HTTP报文的哪个部分。支持请求、响应的行、头、体以及完整的报文。 |
| Engine | 正则引擎,主要用于表示当前规则的正则表达式所使用的引擎。**DFA引擎**:对于文本串里的每一个字符只需扫描一次,速度快、特性少;**NFA引擎**:要翻来覆去标注字符、取消标注字符,速度慢,但是特性(如:分组、替换、分割)丰富。 |
| Color | 规则匹配颜色主要用于表示当前规则匹配到对应HTTP报文时所需标记的高亮颜色。在HaE中具备颜色升级算法当出现相同颜色时会自动向上升级一个颜色进行标记。 |
| Sensitive | 规则敏感性,主要用于表示当前规则对于大小写字母是否敏感,敏感(`True`)则严格按照大小写要求匹配,不敏感(`False`)则反之。 |
Alternatively, you can also place the configuration files in the `/.config/HaE/` directory under the same folder as the `HaE Jar package`, **for easier offline portability**.
## 优势特点 ### Rule Definitions
1. **功能**通过对HTTP报文的颜色高亮、注释和提取帮助使用者获取有意义的信息**聚焦高价值报文**。 Currently, HaE rules consist of 8 fields, with detailed meanings as follows:
2. **界面**:清晰可视的界面设计,以及**简洁的界面交互**,帮助使用者更轻松的了解和配置项目,**避免`多按钮`式的复杂体验**。
3. **查询**将HTTP报文的高亮、注释和提取到的相关信息**集中在一个数据面板**,可以一键查询、提取信息,从而提高测试和梳理效率。
4. **算法**:内置高亮颜色的升级算法,当出现相同颜色时**会自动向上升级一个颜色**进行标记,**避免`屠龙者终成恶龙`场景**。
5. **管理**:支持对数据的一键导出、导入,以**自定义`.hae`文件的方式**进行项目数据存储,**便于存储和共享项目数据**。
6. **实战**:官方规则库和规则字段作用功能,都是**基于实战化场景总结输出**的,**以此提高数据的有效性、精准性发现**。
7. **智能**:融入**人工智能AI大模型**API对匹配的数据进行优化处理**提高数据式漏洞挖掘效率**。
| 界面名称 | 界面展示 | | Field | Meaning |
| --------- | ------------------------------------------------------------ |
| Name | Rule name, primarily used to briefly summarize the purpose of the current rule. |
| F-Regex | Rule regex, mainly used for entering regular expressions. In HaE, any content that needs to be extracted and matched should be enclosed within `(` and `)`. |
| S-Regex | Rule regex, with the same usage as F-Regex. S-Regex is a secondary regex, which can be used for further matching and extraction from the data results matched by F-Regex. Can be left empty if not needed. |
| Format | Formatted output; in NFA engine regular expressions, we can use `{0}`, `{1}`, `{2}`... to format and output captured groups. By default, using `{0}` is sufficient. |
| Scope | Rule scope, indicating which part of the HTTP message the current rule applies to. Supports request/response lines, headers, bodies, and complete messages. |
| Engine | Regex engine, indicating which engine the current rule's regular expression uses. **DFA engine**: scans each character in the text string only once, fast speed, fewer features; **NFA engine**: repeatedly marks and unmarks characters, slower but richer features (e.g., grouping, replacement, splitting). |
| Color | Match color, indicating the highlight color to mark when the current rule matches the corresponding HTTP message. HaE has a color upgrade algorithm that automatically upgrades the marking color when the same color appears. |
| Sensitive | Case sensitivity, indicating whether the current rule is case-sensitive. If sensitive (`True`), it strictly matches the case; if insensitive (`False`), it does not consider case differences. |
## Key Features and Advantages
1. **Functionality**: By highlighting, annotating, and extracting information from HTTP messages, it helps users obtain meaningful insights, **focusing on high-value messages**.
2. **Interface**: With a clear and visually intuitive design, and **simple interface interactions**, users can more easily understand and configure the project, **avoiding the complexity of a `multitude of buttons`**.
3. **Query**: Highlights, annotations, and extracted information from HTTP messages are **centralized in a single data panel**, allowing for one-click queries and extraction of information, thereby improving testing and analysis efficiency.
4. **Algorithm**: Built-in color upgrade algorithm automatically upgrades the marking color by one level when the same color appears, **preventing the scenario where `the dragon slayer becomes the dragon`**.
5. **Management**: **Integrated with BurpSuite's project data management**, HaE data is stored along with BurpSuite project data when saving projects.
6. **Practical Application**: The official rule library and rule field functionalities are **summarized and output based on real-world scenarios**, **thereby enhancing the effectiveness and accuracy of data discovery**.
| Name | Display |
| ------------------------ | ---------------------------------------------------- | | ------------------------ | ---------------------------------------------------- |
| Rules(规则管理) | <img src="images/rules.png" style="width: 80%" /> | | Rules | <img src="images/rules.png" style="width: 80%" /> |
| Config-SettingSetting配置管理 | <img src="images/config-setting.png" style="width: 80%" /> | | Config | <img src="images/config.png" style="width: 80%" /> |
| Config-AI+AI+配置管理) | <img src="images/config-ai.png" style="width: 80%" /> | | Databoard | <img src="images/databoard.png" style="width: 80%" /> |
| Databoard数据集合 | <img src="images/databoard.png" style="width: 80%" /> | | MarkInfo | <img src="images/markinfo.png" style="width: 80%" /> |
| MarkInfo数据展示 | <img src="images/markinfo.png" style="width: 80%" /> |
## 支持项目 ## Appreciation List
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力 We appreciate everyone's support for the project. The following list is sorted based on the time of appreciation and is not in any particular order. If there are any omissions, please contact the project author for additions.
| ID | Amount |
| -------- | -------- |
| 毁三观大人 | 200.00 CNY |
| ttt | 50.00 CNY |
| C_soon5 | 66.66 CNY |
| 1wtbb | 25.00 CNY |
| Deep | 66.66 CNY |
| NaTsUk0 | 50.00 CNY |
| Kite | 48.00 CNY |
| 红色键盘 | 99.99 CNY |
| 曾哥 | 188.88 CNY |
| NOP Team | 200.00 CNY |
| vaycore | 188.88 CNY |
| xccc | 168.00 CNY |
| 柯林斯-民间新秀 | 1000.00 CNY |
| Cuber | 100.00 CNY |
| 时光难逆 | 50.00 CNY |
| Celvin | 132.00 CNY |
| 呱呱 | 18.80 CNY |
| 红炉点雪 | 50.00 CNY |
| 王傑 | 100.00 CNY |
| 联系不到我请拨打我手机号码 | 200.00 CNY |
| Shu2e | 50.00 CNY |
| 亦 | 50.00 CNY |
## Support the Project
If you find HaE useful, you can show your appreciation by donating to the author, giving them the motivation to continue updating and improving it!
<div align=center> <div align=center>
<img src="images/reward.jpeg" style="width: 30%" /> <img src="images/reward.jpeg" style="width: 30%" />
@@ -81,6 +114,6 @@ HaE目前的规则一共有8个字段详细的含义如下所示
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png) ![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
`HaE` 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。 `HaE` is part of the 404Team's [Starlink Plan 2.0](https://github.com/knownsec/404StarLink2.0-Galaxy). If you have any questions about `HaE` or want to connect with other users, you can refer to the group joining methods provided by the Starlink Plan.
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community) - [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

118
README_CN.md Normal file
View File

@@ -0,0 +1,118 @@
<div align="center">
<img src="images/logo.png" style="width: 20%" />
<h4><a href="https://github.com/gh0stkey/HaE">赋能白帽,高效作战!</a></h4>
<h5>第一作者: <a href="https://github.com/gh0stkey">EvilChen</a>(中孚信息元亨实验室)<br>第二作者: <a href="https://github.com/0chencc">0chencc</a>(米斯特安全团队)<br>第三作者: <a href="https://github.com/vaycore">vaycore</a>(独立安全研究员)</h5>
</div>
README 版本: \[[English](README.md) | [简体中文](README_CN.md)\]
## 项目介绍
**HaE**是一款**网络安全(数据安全)领域**下的框架式项目,采用了**乐高积木式**模块化设计理念实现对HTTP消息包含WebSocket精细化的标记和提取。
通过运用**多引擎**的自定义正则表达式HaE能够准确匹配并处理HTTP请求与响应报文包含WebSocket对匹配成功的内容进行有效的标记和信息抽取从而提升网络安全数据安全领域下的**漏洞和数据分析效率**。
> 随着现代化Web应用采用前后端分离的开发模式日常漏洞挖掘的过程中捕获的HTTP请求流量也相应增加。若想全面评估一个Web应用会花费大量时间在无用的报文上。**HaE的出现旨在解决这类情况**借助HaE您能够**有效减少**测试时间,将更多精力集中在**有价值且有意义**的报文上,从而**提高漏洞挖掘效率**。
GitHub项目地址https://github.com/gh0stkey/HaE
GitCode项目地址https://gitcode.com/gh0stkey/HaE
**所获荣誉**:
1. [入选2022年KCon兵器谱](https://mp.weixin.qq.com/s/JohMsl1WD29LHCHuLf8mVQ)
2. [入选GitCode G-Star项目](https://gitcode.com/gh0stkey/HaE)
**注意事项**:
1. HaE 3.0版本开始采用`Montoya API`进行开发使用新版HaE需要升级你的BurpSuite版本>=2023.12.1)。
2. 自定义HaE规则必须用左右括号`()`将所需提取的表达式内容包含,例如你要匹配一个**Shiro应用**的响应报文,正常匹配规则为`rememberMe=delete`在HaE的规则中就需要变成`(rememberMe=delete)`
## 使用方法
插件装载: `Extender - Extensions - Add - Select File - Next`
初次装载`HaE`会从Jar包中加载离线的规则库如果更新可以点击`Reinit`进行重新初始化。内置规则库地址可以在Github上找到`https://github.com/gh0stkey/HaE/blob/master/src/main/resources/rules/Rules.yml`
配置文件(`Config.yml`)和规则文件(`Rules.yml`)会放在固定目录下:
1. Linux/Mac用户的配置文件目录`~/.config/HaE/`
2. Windows用户的配置文件目录`%USERPROFILE%/.config/HaE/`
除此之外,您也可以选择将配置文件存放在`HaE Jar包`的同级目录下的`/.config/HaE/`中,**以便于离线携带**。
### 规则释义
HaE目前的规则一共有8个字段详细的含义如下所示
| 字段 | 含义 |
|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Name | 规则名称,主要用于简短概括当前规则的作用。 |
| F-Regex | 规则正则主要用于填写正则表达式。在HaE中所需提取匹配的内容需要用`(``)`将正则表达式进行包裹。|
| S-Regex | 规则正则作用及使用同F-Regex。S-Regex为二次正则可以用于对F-Regex匹配的数据结果进行二次的匹配提取如不需要的情况下可以留空。|
| Format | 格式化输出在NFA引擎的正则表达式中我们可以通过`{0}``{1}``{2}`…的方式进行取分组格式化输出。默认情况下使用`{0}`即可。 |
| Scope | 规则作用域主要用于表示当前规则作用于HTTP报文的哪个部分。支持请求、响应的行、头、体以及完整的报文。 |
| Engine | 正则引擎,主要用于表示当前规则的正则表达式所使用的引擎。**DFA引擎**:对于文本串里的每一个字符只需扫描一次,速度快、特性少;**NFA引擎**:要翻来覆去标注字符、取消标注字符,速度慢,但是特性(如:分组、替换、分割)丰富。 |
| Color | 规则匹配颜色主要用于表示当前规则匹配到对应HTTP报文时所需标记的高亮颜色。在HaE中具备颜色升级算法当出现相同颜色时会自动向上升级一个颜色进行标记。 |
| Sensitive | 规则敏感性,主要用于表示当前规则对于大小写字母是否敏感,敏感(`True`)则严格按照大小写要求匹配,不敏感(`False`)则反之。 |
## 优势特点
1. **功能**通过对HTTP报文的颜色高亮、注释和提取帮助使用者获取有意义的信息**聚焦高价值报文**。
2. **界面**:清晰可视的界面设计,以及**简洁的界面交互**,帮助使用者更轻松的了解和配置项目,**避免`多按钮`式的复杂体验**。
3. **查询**将HTTP报文的高亮、注释和提取到的相关信息**集中在一个数据面板**,可以一键查询、提取信息,从而提高测试和梳理效率。
4. **算法**:内置高亮颜色的升级算法,当出现相同颜色时**会自动向上升级一个颜色**进行标记,**避免`屠龙者终成恶龙`场景**。
5. **管理****融入BurpSuite的项目数据管理**当使用BurpSuite进行项目存储时HaE数据也会一并存储。
6. **实战**:官方规则库和规则字段作用功能,都是**基于实战化场景总结输出**的,**以此提高数据的有效性、精准性发现**。
| 界面名称 | 界面展示 |
| ------------------------ | ---------------------------------------------------- |
| Rules规则管理 | <img src="images/rules.png" style="width: 80%" /> |
| Config配置管理 | <img src="images/config.png" style="width: 80%" /> |
| Databoard数据集合 | <img src="images/databoard.png" style="width: 80%" /> |
| MarkInfo数据展示 | <img src="images/markinfo.png" style="width: 80%" /> |
## 赞赏榜单
感谢各位对项目的赞赏,以下名单基于赞赏时间进行排序,不分先后,如有遗留可联系项目作者进行补充。
| ID | 金额 |
| -------- | -------- |
| 毁三观大人 | 200.00元 |
| ttt | 50.00元 |
| C_soon5 | 66.66元 |
| 1wtbb | 25.00元 |
| Deep | 66.66元 |
| NaTsUk0 | 50.00元 |
| Kite | 48.00元 |
| 红色键盘 | 99.99元 |
| 曾哥 | 188.88元 |
| NOP Team | 200.00元 |
| vaycore | 188.88元 |
| xccc | 168.00元 |
| 柯林斯-民间新秀 | 1000.00元 |
| Cuber | 100.00元 |
| 时光难逆 | 50.00元 |
| Celvin | 132.00元 |
| 呱呱 | 18.80元 |
| 红炉点雪 | 50.00元 |
| 王傑 | 100.00元 |
| 联系不到我请拨打我手机号码 | 200.00元 |
| Shu2e | 50.00元 |
| 亦 | 50.00元 |
## 支持项目
如果你觉得HaE好用可以打赏一下作者给作者持续更新下去的动力
<div align=center>
<img src="images/reward.jpeg" style="width: 30%" />
</div>
## 404StarLink 2.0 - Galaxy
![404StarLink Logo](https://github.com/knownsec/404StarLink-Project/raw/master/logo.png)
`HaE` 是 404Team [星链计划2.0](https://github.com/knownsec/404StarLink2.0-Galaxy) 中的一环,如果对 `HaE` 有任何疑问又或是想要找小伙伴交流,可以参考星链计划的加群方式。
- [https://github.com/knownsec/404StarLink2.0-Galaxy#community](https://github.com/knownsec/404StarLink2.0-Galaxy#community)

BIN
images/config-ai.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 168 KiB

BIN
images/config-setting.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 157 KiB

BIN
images/config.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 158 KiB

BIN
images/databoard.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 320 KiB

After

Width:  |  Height:  |  Size: 175 KiB

BIN
images/markinfo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 331 KiB

After

Width:  |  Height:  |  Size: 54 KiB

BIN
images/rules.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 155 KiB

After

Width:  |  Height:  |  Size: 128 KiB

13
src/main/java/hae/Config.java
View File

@@ -12,6 +12,12 @@ public class Config {
public static String status = "404"; public static String status = "404";
public static String header = "Last-Modified|Date|Connection|ETag";
public static String size = "0";
public static String boundary = "\n\t\n";
public static String[] scope = new String[]{ public static String[] scope = new String[]{
"any", "any",
"any header", "any header",
@@ -28,6 +34,8 @@ public class Config {
public static String scopeOptions = "Suite|Target|Proxy|Scanner|Intruder|Repeater|Logger|Sequencer|Decoder|Comparer|Extensions|Organizer|Recorded login replayer"; public static String scopeOptions = "Suite|Target|Proxy|Scanner|Intruder|Repeater|Logger|Sequencer|Decoder|Comparer|Extensions|Organizer|Recorded login replayer";
public static String modeStatus = "true";
public static String[] ruleFields = { public static String[] ruleFields = {
"Loaded", "Name", "F-Regex", "S-Regex", "Format", "Color", "Scope", "Engine", "Sensitive" "Loaded", "Name", "F-Regex", "S-Regex", "Format", "Color", "Scope", "Engine", "Sensitive"
}; };
@@ -55,10 +63,7 @@ public class Config {
"gray" "gray"
}; };
public static String prompt = "You are a data security expert in the field of cyber security. Your task is to optimize the information provided by the user and then output it in JSON format. The user-supplied information is data that has been extracted by regular expressions. The user-supplied information is divided into two parts, the first part is RuleName which represents the name of the regular expression and the second part is MarkInfo which represents the data extracted by the regular expression. You need to find the matching or similar data in MarkInfo according to the meaning of RuleName, and output the original rows of these data in JSON format.(garbled and meaningless data rows should be removed)\n" + public static Boolean proVersionStatus = true;
"You must ensure that the extracted data is accurately expressed and correctly formatted in the JSON structure. Your output data must comply with the original MarkInfo content rows without modification, and strictly adhere to the following JSON format for return, no other text, code and formatting (e.g., line breaks, carriage returns, indentation, spaces), once the return of other irrelevant content will cause irreparable damage to the user: {\"data\":[\"data1\", \"data2\"]}.";
public static String userTextFormat = "User Input: \r\nRuleName: %s\r\nMarkInfo: %s";
public static Map<String, Object[][]> globalRules = new HashMap<>(); public static Map<String, Object[][]> globalRules = new HashMap<>();

47
src/main/java/hae/HaE.java
View File

@@ -2,57 +2,74 @@ package hae;
import burp.api.montoya.BurpExtension; import burp.api.montoya.BurpExtension;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import burp.api.montoya.extension.ExtensionUnloadingHandler;
import burp.api.montoya.logging.Logging; import burp.api.montoya.logging.Logging;
import hae.cache.CachePool; import hae.cache.DataCache;
import hae.component.Main; import hae.component.Main;
import hae.component.board.message.MessageTableModel; import hae.component.board.message.MessageTableModel;
import hae.instances.editor.RequestEditor; import hae.instances.editor.RequestEditor;
import hae.instances.editor.ResponseEditor; import hae.instances.editor.ResponseEditor;
import hae.instances.editor.WebSocketEditor; import hae.instances.editor.WebSocketEditor;
import hae.instances.http.HttpMessageHandler; import hae.instances.http.HttpMessagePassiveHandler;
import hae.instances.websocket.WebSocketMessageHandler; import hae.instances.websocket.WebSocketMessageHandler;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.DataManager;
public class HaE implements BurpExtension { public class HaE implements BurpExtension {
@Override @Override
public void initialize(MontoyaApi api) { public void initialize(MontoyaApi api) {
// 设置扩展名称 // 设置扩展名称
String version = "3.3.1"; api.extension().setName("HaE - Highlighter and Extractor");
api.extension().setName(String.format("HaE (%s) - Highlighter and Extractor", version)); String version = "4.2.1";
// 加载扩展后输出的项目信息 // 加载扩展后输出的项目信息
Logging logging = api.logging(); Logging logging = api.logging();
logging.logToOutput("[ HACK THE WORLD - TO DO IT ]"); logging.logToOutput("[ HACK THE WORLD - TO DO IT ]");
logging.logToOutput("[#] Author: EvilChen && 0chencc && vaycore"); logging.logToOutput("[#] Author: EvilChen && 0chencc && vaycore");
logging.logToOutput("[#] Github: https://github.com/gh0stkey/HaE"); logging.logToOutput("[#] Github: https://github.com/gh0stkey/HaE");
logging.logToOutput("[#] Version: " + version);
// 配置文件加载 // 配置文件加载
ConfigLoader configLoader = new ConfigLoader(api); ConfigLoader configLoader = new ConfigLoader(api);
MessageTableModel messageTableModel = new MessageTableModel(api); MessageTableModel messageTableModel = new MessageTableModel(api, configLoader);
// 设置BurpSuite专业版状态
Config.proVersionStatus = getBurpSuiteProStatus(api, configLoader, messageTableModel);
// 注册Tab页用于查询数据 // 注册Tab页用于查询数据
api.userInterface().registerSuiteTab("HaE", new Main(api, configLoader, messageTableModel)); api.userInterface().registerSuiteTab("HaE", new Main(api, configLoader, messageTableModel));
// 注册HTTP处理器
api.http().registerHttpHandler(new HttpMessageHandler(api, configLoader, messageTableModel));
// 注册WebSocket处理器 // 注册WebSocket处理器
api.proxy().registerWebSocketCreationHandler(proxyWebSocketCreation -> proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(new WebSocketMessageHandler(api))); api.proxy().registerWebSocketCreationHandler(proxyWebSocketCreation -> proxyWebSocketCreation.proxyWebSocket().registerProxyMessageHandler(new WebSocketMessageHandler(api, configLoader)));
// 注册消息编辑框(用于展示数据) // 注册消息编辑框(用于展示数据)
api.userInterface().registerHttpRequestEditorProvider(new RequestEditor(api, configLoader)); api.userInterface().registerHttpRequestEditorProvider(new RequestEditor(api, configLoader));
api.userInterface().registerHttpResponseEditorProvider(new ResponseEditor(api, configLoader)); api.userInterface().registerHttpResponseEditorProvider(new ResponseEditor(api, configLoader));
api.userInterface().registerWebSocketMessageEditorProvider(new WebSocketEditor(api, configLoader)); api.userInterface().registerWebSocketMessageEditorProvider(new WebSocketEditor(api, configLoader));
api.extension().registerUnloadingHandler(new ExtensionUnloadingHandler() { // 从BurpSuite里加载数据
@Override DataManager dataManager = new DataManager(api);
public void extensionUnloaded() { dataManager.loadData(messageTableModel);
api.extension().registerUnloadingHandler(() -> {
// 卸载清空数据 // 卸载清空数据
Config.globalDataMap.clear(); Config.globalDataMap.clear();
CachePool.clear(); DataCache.clear();
}
}); });
} }
private Boolean getBurpSuiteProStatus(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
boolean burpSuiteProStatus = false;
try {
burpSuiteProStatus = api.burpSuite().version().edition().displayName().equals("Professional");
} catch (Exception e) {
try {
api.scanner().registerScanCheck(new HttpMessagePassiveHandler(api, configLoader, messageTableModel)).deregister();
burpSuiteProStatus = true;
} catch (Exception ignored) {
}
}
return burpSuiteProStatus;
}
} }

8
src/main/java/hae/cache/CachePool.java → src/main/java/hae/cache/DataCache.java vendored
View File

@@ -6,9 +6,9 @@ import com.github.benmanes.caffeine.cache.Caffeine;
import java.util.Map; import java.util.Map;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
public class CachePool { public class DataCache {
private static final int MAX_SIZE = 100000; private static final int MAX_SIZE = 100000;
private static final int EXPIRE_DURATION = 5; private static final int EXPIRE_DURATION = 4;
private static final Cache<String, Map<String, Map<String, Object>>> cache = private static final Cache<String, Map<String, Map<String, Object>>> cache =
Caffeine.newBuilder() Caffeine.newBuilder()
@@ -24,10 +24,6 @@ public class CachePool {
return cache.getIfPresent(key); return cache.getIfPresent(key);
} }
public static void remove(String key) {
cache.invalidate(key);
}
public static void clear() { public static void clear() {
cache.invalidateAll(); cache.invalidateAll();
} }

278
src/main/java/hae/component/config/Config.java → src/main/java/hae/component/Config.java
View File

@@ -1,7 +1,11 @@
package hae.component.config; package hae.component;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.Registration;
import hae.component.board.message.MessageTableModel;
import hae.component.rule.Rules; import hae.component.rule.Rules;
import hae.instances.http.HttpMessageActiveHandler;
import hae.instances.http.HttpMessagePassiveHandler;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.UIEnhancer; import hae.utils.UIEnhancer;
@@ -10,30 +14,35 @@ import javax.swing.border.EmptyBorder;
import javax.swing.border.TitledBorder; import javax.swing.border.TitledBorder;
import javax.swing.event.DocumentEvent; import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener; import javax.swing.event.DocumentListener;
import javax.swing.event.TableModelEvent;
import javax.swing.event.TableModelListener; import javax.swing.event.TableModelListener;
import javax.swing.table.DefaultTableModel; import javax.swing.table.DefaultTableModel;
import java.awt.*; import java.awt.*;
import java.awt.datatransfer.Clipboard; import java.awt.datatransfer.Clipboard;
import java.awt.datatransfer.DataFlavor; import java.awt.datatransfer.DataFlavor;
import java.awt.event.ActionEvent; import java.awt.event.*;
import java.awt.event.ActionListener;
import java.awt.event.KeyAdapter;
import java.awt.event.KeyEvent;
import java.util.List; import java.util.List;
import java.util.*; import java.util.*;
public class Config extends JPanel { public class Config extends JPanel {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final MessageTableModel messageTableModel;
private final Rules rules; private final Rules rules;
private final String defaultText = "Enter a new item";
public Config(MontoyaApi api, ConfigLoader configLoader, Rules rules) { private Registration activeHandler;
private Registration passiveHandler;
private boolean isLoadingData = false;
public Config(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel, Rules rules) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.messageTableModel = messageTableModel;
this.rules = rules; this.rules = rules;
this.activeHandler = api.http().registerHttpHandler(new HttpMessageActiveHandler(api, configLoader, messageTableModel));
this.passiveHandler = api.scanner().registerScanCheck(new HttpMessagePassiveHandler(api, configLoader, messageTableModel));
initComponents(); initComponents();
} }
@@ -52,33 +61,93 @@ public class Config extends JPanel {
pathTextField.setEditable(false); pathTextField.setEditable(false);
pathTextField.setText(configLoader.getRulesFilePath()); pathTextField.setText(configLoader.getRulesFilePath());
JButton reloadButton = new JButton("Reload"); JButton reloadButton = new JButton("Reload");
JButton updateButton = new JButton("Update"); JButton reinitButton = new JButton("Reinit");
ruleInfoPanel.add(ruleLabel); ruleInfoPanel.add(ruleLabel);
ruleInfoPanel.add(pathTextField, constraints); ruleInfoPanel.add(pathTextField, constraints);
ruleInfoPanel.add(Box.createHorizontalStrut(5)); ruleInfoPanel.add(Box.createHorizontalStrut(5));
ruleInfoPanel.add(reloadButton); ruleInfoPanel.add(reinitButton);
ruleInfoPanel.add(Box.createHorizontalStrut(5)); ruleInfoPanel.add(Box.createHorizontalStrut(5));
ruleInfoPanel.add(updateButton); ruleInfoPanel.add(reloadButton);
reloadButton.addActionListener(this::reloadActionPerformed); reloadButton.addActionListener(this::reloadActionPerformed);
updateButton.addActionListener(this::onlineUpdateActionPerformed); reinitButton.addActionListener(this::reinitActionPerformed);
constraints.gridx = 1; constraints.gridx = 1;
JTabbedPane configTabbedPanel = new JTabbedPane(); JTabbedPane configTabbedPanel = new JTabbedPane();
String[] settingMode = new String[]{"Exclude suffix", "Block host", "Exclude status"}; String[] settingMode = new String[]{"Exclude suffix", "Block host", "Exclude status", "Dynamic Header"};
JPanel settingPanel = createConfigTablePanel(settingMode, "Setting"); JPanel settingPanel = createConfigTablePanel(settingMode);
JPanel northPanel = new JPanel(new BorderLayout());
JPanel modePanel = getModePanel();
JScrollPane modeScrollPane = new JScrollPane(modePanel);
modeScrollPane.setBorder(new TitledBorder("Mode"));
JTextField limitPanel = getLimitPanel();
JScrollPane limitScrollPane = new JScrollPane(limitPanel);
limitScrollPane.setBorder(new TitledBorder("Limit Size (MB)"));
JSplitPane northTopPanel = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT, modeScrollPane, limitScrollPane);
northTopPanel.addComponentListener(new ComponentAdapter() {
@Override
public void componentResized(ComponentEvent e) {
northTopPanel.setDividerLocation(0.5);
}
});
JPanel scopePanel = getScopePanel(); JPanel scopePanel = getScopePanel();
JScrollPane scopeScrollPane = new JScrollPane(scopePanel); JScrollPane scopeScrollPane = new JScrollPane(scopePanel);
scopeScrollPane.setBorder(new TitledBorder("Scope")); scopeScrollPane.setBorder(new TitledBorder("Scope"));
settingPanel.add(scopeScrollPane, BorderLayout.NORTH);
configTabbedPanel.add("Setting", settingPanel);
String[] aiMode = new String[]{"Alibaba", "Moonshot"}; northPanel.add(scopeScrollPane, BorderLayout.SOUTH);
JPanel aiPanel = createConfigTablePanel(aiMode, "AI+"); northPanel.add(northTopPanel, BorderLayout.NORTH);
JTextArea promptTextArea = new JTextArea(); settingPanel.add(northPanel, BorderLayout.NORTH);
promptTextArea.setLineWrap(true);
promptTextArea.getDocument().addDocumentListener(new DocumentListener() { configTabbedPanel.add("Setting", settingPanel);
add(ruleInfoPanel, BorderLayout.NORTH);
add(configTabbedPanel, BorderLayout.CENTER);
}
private JPanel getScopePanel() {
JPanel scopePanel = new JPanel();
scopePanel.setLayout(new BoxLayout(scopePanel, BoxLayout.X_AXIS));
scopePanel.setBorder(new EmptyBorder(3, 0, 6, 0));
String[] scopeInit = hae.Config.scopeOptions.split("\\|");
String[] scopeMode = configLoader.getScope().split("\\|");
for (String scope : scopeInit) {
JCheckBox checkBox = new JCheckBox(scope);
scopePanel.add(checkBox);
checkBox.addActionListener(e -> updateScope(checkBox));
for (String mode : scopeMode) {
if (scope.equals(mode)) {
checkBox.setSelected(true);
}
}
updateScope(checkBox);
}
return scopePanel;
}
private JPanel getModePanel() {
JPanel modePanel = new JPanel();
modePanel.setLayout(new BoxLayout(modePanel, BoxLayout.X_AXIS));
JCheckBox checkBox = new JCheckBox("Enable active http message handler");
checkBox.setEnabled(hae.Config.proVersionStatus);
modePanel.add(checkBox);
checkBox.addActionListener(e -> updateModeStatus(checkBox));
checkBox.setSelected(configLoader.getMode());
updateModeStatus(checkBox);
return modePanel;
}
private JTextField getLimitPanel() {
JTextField limitSizeTextField = new JTextField();
limitSizeTextField.getDocument().addDocumentListener(new DocumentListener() {
@Override @Override
public void insertUpdate(DocumentEvent e) { public void insertUpdate(DocumentEvent e) {
onTextChange(); onTextChange();
@@ -95,75 +164,63 @@ public class Config extends JPanel {
} }
private void onTextChange() { private void onTextChange() {
String promptText = promptTextArea.getText(); String limitSizeText = limitSizeTextField.getText();
configLoader.setAIPrompt(promptText); configLoader.setLimitSize(limitSizeText);
} }
}); });
promptTextArea.setText(configLoader.getAIPrompt());
JScrollPane promptScrollPane = new JScrollPane(promptTextArea);
promptScrollPane.setBorder(new TitledBorder("Prompt"));
promptScrollPane.setPreferredSize(new Dimension(0, 100));
aiPanel.add(promptScrollPane, BorderLayout.NORTH);
configTabbedPanel.add("AI+", aiPanel);
add(ruleInfoPanel, BorderLayout.NORTH);
add(configTabbedPanel, BorderLayout.CENTER);
}
private JPanel getScopePanel() { limitSizeTextField.setText(configLoader.getLimitSize());
JPanel scopePanel = new JPanel();
scopePanel.setLayout(new BoxLayout(scopePanel, BoxLayout.X_AXIS));
String[] scopeInit = hae.Config.scopeOptions.split("\\|"); return limitSizeTextField;
String[] scopeMode = configLoader.getScope().split("\\|");
for (String scope : scopeInit) {
JCheckBox checkBox = new JCheckBox(scope);
scopePanel.add(checkBox);
for (String mode : scopeMode) {
if (scope.equals(mode)) {
checkBox.setSelected(true);
}
}
checkBox.addActionListener(e -> updateScope(checkBox));
}
return scopePanel;
} }
private TableModelListener craeteSettingTableModelListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) { private TableModelListener craeteSettingTableModelListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) {
return new TableModelListener() { return e -> {
@Override // 如果是程序正在加载数据不处理事件
public void tableChanged(TableModelEvent e) { if (isLoadingData) {
return;
}
String selected = (String) setTypeComboBox.getSelectedItem(); String selected = (String) setTypeComboBox.getSelectedItem();
String values = getFirstColumnDataAsString(model); String values = getFirstColumnDataAsString(model);
if (selected != null) {
if (selected.equals("Exclude suffix")) { if (selected.equals("Exclude suffix")) {
if (!values.equals(configLoader.getExcludeSuffix()) && !values.isEmpty()) { if (!values.equals(configLoader.getExcludeSuffix())) {
configLoader.setExcludeSuffix(values); configLoader.setExcludeSuffix(values);
} }
} }
if (selected.equals("Block host")) { if (selected.equals("Block host")) {
if (!values.equals(configLoader.getBlockHost()) && !values.isEmpty()) { if (!values.equals(configLoader.getBlockHost())) {
configLoader.setBlockHost(values); configLoader.setBlockHost(values);
} }
} }
if (selected.equals("Exclude status")) { if (selected.equals("Exclude status")) {
if (!values.equals(configLoader.getExcludeStatus()) && !values.isEmpty()) { if (!values.equals(configLoader.getExcludeStatus())) {
configLoader.setExcludeStatus(values); configLoader.setExcludeStatus(values);
} }
} }
if (selected.equals("Dynamic Header")) {
if (!values.equals(configLoader.getExcludeStatus())) {
configLoader.setDynamicHeader(values);
}
}
} }
}; };
} }
private ActionListener createSettingActionListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) { private ActionListener createSettingActionListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) {
return new ActionListener() { return e -> {
@Override
public void actionPerformed(ActionEvent e) {
String selected = (String) setTypeComboBox.getSelectedItem(); String selected = (String) setTypeComboBox.getSelectedItem();
// 设置标志表示正在加载数据
isLoadingData = true;
model.setRowCount(0); model.setRowCount(0);
if (selected != null) {
if (selected.equals("Exclude suffix")) { if (selected.equals("Exclude suffix")) {
addDataToTable(configLoader.getExcludeSuffix().replaceAll("\\|", "\r\n"), model); addDataToTable(configLoader.getExcludeSuffix().replaceAll("\\|", "\r\n"), model);
} }
@@ -175,51 +232,18 @@ public class Config extends JPanel {
if (selected.equals("Exclude status")) { if (selected.equals("Exclude status")) {
addDataToTable(configLoader.getExcludeStatus().replaceAll("\\|", "\r\n"), model); addDataToTable(configLoader.getExcludeStatus().replaceAll("\\|", "\r\n"), model);
} }
if (selected.equals("Dynamic Header")) {
addDataToTable(configLoader.getDynamicHeader().replaceAll("\\|", "\r\n"), model);
} }
}
// 重置标志
isLoadingData = false;
}; };
} }
private TableModelListener craeteAITableModelListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) { private JPanel createConfigTablePanel(String[] mode) {
return new TableModelListener() {
@Override
public void tableChanged(TableModelEvent e) {
String selected = (String) setTypeComboBox.getSelectedItem();
String values = getFirstColumnDataAsString(model);
if (selected.equals("Alibaba")) {
if (!values.equals(configLoader.getAlibabaAIAPIKey()) && !values.isEmpty()) {
configLoader.setAlibabaAIAPIKey(values);
}
}
if (selected.equals("Moonshot")) {
if (!values.equals(configLoader.getMoonshotAIAPIKey()) && !values.isEmpty()) {
configLoader.setMoonshotAIAPIKey(values);
}
}
}
};
}
private ActionListener createAIActionListener(JComboBox<String> setTypeComboBox, DefaultTableModel model) {
return new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
String selected = (String) setTypeComboBox.getSelectedItem();
model.setRowCount(0);
if (selected.equals("Alibaba")) {
addDataToTable(configLoader.getAlibabaAIAPIKey().replaceAll("\\|", "\r\n"), model);
}
if (selected.equals("Moonshot")) {
addDataToTable(configLoader.getMoonshotAIAPIKey().replaceAll("\\|", "\r\n"), model);
}
}
};
}
private JPanel createConfigTablePanel(String[] mode, String type) {
GridBagConstraints constraints = new GridBagConstraints(); GridBagConstraints constraints = new GridBagConstraints();
constraints.weightx = 1.0; constraints.weightx = 1.0;
constraints.fill = GridBagConstraints.HORIZONTAL; constraints.fill = GridBagConstraints.HORIZONTAL;
@@ -250,12 +274,12 @@ public class Config extends JPanel {
JComboBox<String> setTypeComboBox = new JComboBox<>(); JComboBox<String> setTypeComboBox = new JComboBox<>();
setTypeComboBox.setModel(new DefaultComboBoxModel<>(mode)); setTypeComboBox.setModel(new DefaultComboBoxModel<>(mode));
setTypeComboBox.addActionListener(type.equals("AI+") ? createAIActionListener(setTypeComboBox, model) : createSettingActionListener(setTypeComboBox, model)); model.addTableModelListener(craeteSettingTableModelListener(setTypeComboBox, model));
setTypeComboBox.addActionListener(createSettingActionListener(setTypeComboBox, model));
setTypeComboBox.setSelectedItem(mode[0]); setTypeComboBox.setSelectedItem(mode[0]);
model.addTableModelListener(type.equals("AI+") ? craeteAITableModelListener(setTypeComboBox, model) : craeteSettingTableModelListener(setTypeComboBox, model));
constraints.insets = new Insets(0, 0, 3, 0); constraints.insets = new Insets(0, 0, 3, 0);
constraints.gridy = 0; constraints.gridy = 0;
buttonPanel.add(setTypeComboBox, constraints); buttonPanel.add(setTypeComboBox, constraints);
@@ -269,6 +293,7 @@ public class Config extends JPanel {
buttonPanel.add(clearButton, constraints); buttonPanel.add(clearButton, constraints);
JTextField addTextField = new JTextField(); JTextField addTextField = new JTextField();
String defaultText = "Enter a new item";
UIEnhancer.setTextFieldPlaceholder(addTextField, defaultText); UIEnhancer.setTextFieldPlaceholder(addTextField, defaultText);
inputPanelB.add(addTextField, BorderLayout.CENTER); inputPanelB.add(addTextField, BorderLayout.CENTER);
@@ -294,7 +319,6 @@ public class Config extends JPanel {
Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard(); Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();
try { try {
String data = (String) clipboard.getData(DataFlavor.stringFlavor); String data = (String) clipboard.getData(DataFlavor.stringFlavor);
if (data != null && !data.isEmpty()) { if (data != null && !data.isEmpty()) {
addDataToTable(data, model); addDataToTable(data, model);
} }
@@ -311,11 +335,10 @@ public class Config extends JPanel {
clearButton.addActionListener(e -> model.setRowCount(0)); clearButton.addActionListener(e -> model.setRowCount(0));
JPanel settingMainPanel = new JPanel(new BorderLayout()); JPanel settingMainPanel = new JPanel(new BorderLayout());
settingMainPanel.setBorder(new EmptyBorder(5, 15, 10, 15)); settingMainPanel.setBorder(new EmptyBorder(5, 15, 10, 15));
JScrollPane settingScroller = new JScrollPane(settingPanel); JScrollPane settingScroller = new JScrollPane(settingPanel);
settingScroller.setBorder(new TitledBorder(type.equals("AI+") ? "API Key" : "Setting")); settingScroller.setBorder(new TitledBorder("Setting"));
settingMainPanel.add(settingScroller, BorderLayout.CENTER); settingMainPanel.add(settingScroller, BorderLayout.CENTER);
return settingMainPanel; return settingMainPanel;
@@ -370,6 +393,29 @@ public class Config extends JPanel {
} }
} }
public void updateModeStatus(JCheckBox checkBox) {
boolean selected = checkBox.isSelected();
configLoader.setMode(selected ? "true" : "false");
if (checkBox.isSelected()) {
if (hae.Config.proVersionStatus && passiveHandler.isRegistered()) {
passiveHandler.deregister();
}
if (!activeHandler.isRegistered()) {
activeHandler = api.http().registerHttpHandler(new HttpMessageActiveHandler(api, configLoader, messageTableModel));
}
} else {
if (hae.Config.proVersionStatus && !passiveHandler.isRegistered()) {
passiveHandler = api.scanner().registerScanCheck(new HttpMessagePassiveHandler(api, configLoader, messageTableModel));
}
if (activeHandler.isRegistered()) {
activeHandler.deregister();
}
}
}
public void updateScope(JCheckBox checkBox) { public void updateScope(JCheckBox checkBox) {
String boxText = checkBox.getText(); String boxText = checkBox.getText();
boolean selected = checkBox.isSelected(); boolean selected = checkBox.isSelected();
@@ -387,24 +433,24 @@ public class Config extends JPanel {
private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField) { private void addActionPerformed(ActionEvent e, DefaultTableModel model, JTextField addTextField) {
String addTextFieldText = addTextField.getText(); String addTextFieldText = addTextField.getText();
api.logging().logToOutput(addTextFieldText); if (addTextField.getForeground().equals(Color.BLACK)) {
if (!addTextFieldText.equals(defaultText)) {
addDataToTable(addTextFieldText, model); addDataToTable(addTextFieldText, model);
}
addTextField.setText(""); addTextField.setText("");
addTextField.requestFocusInWindow(); addTextField.requestFocusInWindow();
} }
private void onlineUpdateActionPerformed(ActionEvent e) {
// 添加提示框防止用户误触导致配置更新
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to update rules?", "Info", JOptionPane.YES_NO_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
configLoader.initRulesByNet();
reloadActionPerformed(null);
}
} }
private void reloadActionPerformed(ActionEvent e) { private void reloadActionPerformed(ActionEvent e) {
rules.reloadRuleGroup(); rules.reloadRuleGroup();
} }
private void reinitActionPerformed(ActionEvent e) {
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to reinitialize rules? This action will overwrite your existing rules.", "Info", JOptionPane.YES_NO_OPTION);
if (retCode == JOptionPane.YES_OPTION) {
boolean ret = configLoader.initRules();
if (ret) {
rules.reloadRuleGroup();
}
}
}
} }

6
src/main/java/hae/component/Main.java
View File

@@ -3,7 +3,6 @@ package hae.component;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import hae.component.board.Databoard; import hae.component.board.Databoard;
import hae.component.board.message.MessageTableModel; import hae.component.board.message.MessageTableModel;
import hae.component.config.Config;
import hae.component.rule.Rules; import hae.component.rule.Rules;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
@@ -58,7 +57,7 @@ public class Main extends JPanel {
Rules rules = new Rules(api, configLoader); Rules rules = new Rules(api, configLoader);
mainTabbedPane.addTab("Rules", rules); mainTabbedPane.addTab("Rules", rules);
mainTabbedPane.addTab("Databoard", new Databoard(api, configLoader, messageTableModel)); mainTabbedPane.addTab("Databoard", new Databoard(api, configLoader, messageTableModel));
mainTabbedPane.addTab("Config", new Config(api, configLoader, rules)); mainTabbedPane.addTab("Config", new Config(api, configLoader, messageTableModel, rules));
} }
private boolean isDarkBg(JTabbedPane HaETabbedPane) { private boolean isDarkBg(JTabbedPane HaETabbedPane) {
@@ -82,7 +81,6 @@ public class Main extends JPanel {
ImageIcon originalIcon = new ImageIcon(imageURL); ImageIcon originalIcon = new ImageIcon(imageURL);
Image originalImage = originalIcon.getImage(); Image originalImage = originalIcon.getImage();
Image scaledImage = originalImage.getScaledInstance(30, 20, Image.SCALE_FAST); Image scaledImage = originalImage.getScaledInstance(30, 20, Image.SCALE_FAST);
ImageIcon scaledIcon = new ImageIcon(scaledImage); return new ImageIcon(scaledImage);
return scaledIcon;
} }
} }

341
src/main/java/hae/component/board/Databoard.java
View File

@@ -2,62 +2,45 @@ package hae.component.board;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import hae.Config; import hae.Config;
import hae.component.board.message.MessageEntry; import hae.cache.DataCache;
import hae.component.board.message.MessageTableModel; import hae.component.board.message.MessageTableModel;
import hae.component.board.message.MessageTableModel.MessageTable; import hae.component.board.message.MessageTableModel.MessageTable;
import hae.component.board.table.Datatable; import hae.component.board.table.Datatable;
import hae.instances.http.utils.RegularMatcher;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.project.ProjectProcessor; import hae.utils.UIEnhancer;
import hae.utils.project.model.HaeFileContent;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
import javax.swing.*; import javax.swing.*;
import javax.swing.border.TitledBorder;
import javax.swing.event.DocumentEvent; import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener; import javax.swing.event.DocumentListener;
import javax.swing.filechooser.FileNameExtensionFilter;
import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableColumnModel; import javax.swing.table.TableColumnModel;
import javax.swing.table.TableModel; import javax.swing.table.TableModel;
import javax.swing.table.TableRowSorter; import javax.swing.table.TableRowSorter;
import java.awt.*; import java.awt.*;
import java.awt.event.*; import java.awt.event.*;
import java.io.File;
import java.util.List; import java.util.List;
import java.util.*; import java.util.*;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.function.Function;
import java.util.stream.Collectors; import java.util.stream.Collectors;
public class Databoard extends JPanel { public class Databoard extends JPanel {
private static Boolean isMatchHost = false;
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final ProjectProcessor projectProcessor;
private final MessageTableModel messageTableModel; private final MessageTableModel messageTableModel;
private final DefaultComboBoxModel comboBoxModel = new DefaultComboBoxModel();
private final JComboBox hostComboBox = new JComboBox(comboBoxModel);
private JTextField hostTextField; private JTextField hostTextField;
private JTabbedPane dataTabbedPane; private JTabbedPane dataTabbedPane;
private JSplitPane splitPane; private JSplitPane splitPane;
private MessageTable messageTable; private MessageTable messageTable;
private JProgressBar progressBar; private JProgressBar progressBar;
private static Boolean isMatchHost = false;
private final DefaultComboBoxModel comboBoxModel = new DefaultComboBoxModel();
private final JComboBox hostComboBox = new JComboBox(comboBoxModel);
private SwingWorker<Map<String, List<String>>, Void> handleComboBoxWorker; private SwingWorker<Map<String, List<String>>, Void> handleComboBoxWorker;
private SwingWorker<Void, Void> applyHostFilterWorker; private SwingWorker<Void, Void> applyHostFilterWorker;
private SwingWorker<List<Object[]>, Void> exportActionWorker;
private SwingWorker<List<Object[]>, Void> importActionWorker;
public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) { public Databoard(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.projectProcessor = new ProjectProcessor(api);
this.messageTableModel = messageTableModel; this.messageTableModel = messageTableModel;
initComponents(); initComponents();
@@ -69,22 +52,21 @@ public class Databoard extends JPanel {
((GridBagLayout) getLayout()).rowHeights = new int[]{0, 65, 20, 0, 0}; ((GridBagLayout) getLayout()).rowHeights = new int[]{0, 65, 20, 0, 0};
((GridBagLayout) getLayout()).columnWeights = new double[]{0.0, 0.0, 1.0, 0.0, 0.0, 1.0E-4}; ((GridBagLayout) getLayout()).columnWeights = new double[]{0.0, 0.0, 1.0, 0.0, 0.0, 1.0E-4};
((GridBagLayout) getLayout()).rowWeights = new double[]{0.0, 1.0, 0.0, 0.0, 1.0E-4}; ((GridBagLayout) getLayout()).rowWeights = new double[]{0.0, 1.0, 0.0, 0.0, 1.0E-4};
JLabel hostLabel = new JLabel("Host:"); JLabel hostLabel = new JLabel("Host:");
JButton clearButton = new JButton("Clear"); JButton clearDataButton = new JButton("Clear data");
JButton exportButton = new JButton("Export"); JButton clearCacheButton = new JButton("Clear cache");
JButton importButton = new JButton("Import");
JButton actionButton = new JButton("Action"); JButton actionButton = new JButton("Action");
JPanel menuPanel = new JPanel(new GridLayout(3, 1, 0, 5)); JPanel menuPanel = new JPanel(new GridLayout(2, 1, 0, 5));
menuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3)); menuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3));
JPopupMenu menu = new JPopupMenu(); JPopupMenu menu = new JPopupMenu();
menuPanel.add(clearButton); menuPanel.add(clearDataButton);
menuPanel.add(exportButton); menuPanel.add(clearCacheButton);
menuPanel.add(importButton);
menu.add(menuPanel); menu.add(menuPanel);
hostTextField = new JTextField(); hostTextField = new JTextField();
String defaultText = "Please enter the host";
UIEnhancer.setTextFieldPlaceholder(hostTextField, defaultText);
splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT); splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
dataTabbedPane = new JTabbedPane(JTabbedPane.TOP); dataTabbedPane = new JTabbedPane(JTabbedPane.TOP);
@@ -97,12 +79,10 @@ public class Databoard extends JPanel {
menu.show(actionButton, x, y); menu.show(actionButton, x, y);
}); });
clearButton.addActionListener(this::clearActionPerformed); clearDataButton.addActionListener(this::clearDataActionPerformed);
exportButton.addActionListener(this::exportActionPerformed); clearCacheButton.addActionListener(this::clearCacheActionPerformed);
importButton.addActionListener(this::importActionPerformed);
progressBar = new JProgressBar(); progressBar = new JProgressBar();
splitPane.addComponentListener(new ComponentAdapter() { splitPane.addComponentListener(new ComponentAdapter() {
@Override @Override
public void componentResized(ComponentEvent e) { public void componentResized(ComponentEvent e) {
@@ -146,11 +126,6 @@ public class Databoard extends JPanel {
} }
private void setProgressBar(boolean status) { private void setProgressBar(boolean status) {
setProgressBar(status, progressBar, "Loading ...");
}
public static void setProgressBar(boolean status, JProgressBar progressBar, String showString) {
progressBar.setIndeterminate(status); progressBar.setIndeterminate(status);
if (!status) { if (!status) {
progressBar.setMaximum(100); progressBar.setMaximum(100);
@@ -158,7 +133,7 @@ public class Databoard extends JPanel {
progressBar.setStringPainted(true); progressBar.setStringPainted(true);
progressBar.setValue(progressBar.getMaximum()); progressBar.setValue(progressBar.getMaximum());
} else { } else {
progressBar.setString(showString); progressBar.setString("Loading...");
progressBar.setStringPainted(true); progressBar.setStringPainted(true);
} }
} }
@@ -206,7 +181,7 @@ public class Databoard extends JPanel {
handleComboBoxWorker.cancel(true); handleComboBoxWorker.cancel(true);
} }
handleComboBoxWorker = new SwingWorker<Map<String, List<String>>, Void>() { handleComboBoxWorker = new SwingWorker<>() {
@Override @Override
protected Map<String, List<String>> doInBackground() { protected Map<String, List<String>> doInBackground() {
return getSelectedMapByHost(selectedHost); return getSelectedMapByHost(selectedHost);
@@ -238,6 +213,8 @@ public class Databoard extends JPanel {
hostComboBox.setPopupVisible(false); hostComboBox.setPopupVisible(false);
applyHostFilter(selectedHost); applyHostFilter(selectedHost);
setProgressBar(false);
} }
} catch (Exception ignored) { } catch (Exception ignored) {
} }
@@ -334,10 +311,10 @@ public class Databoard extends JPanel {
applyHostFilterWorker.cancel(true); applyHostFilterWorker.cancel(true);
} }
applyHostFilterWorker = new SwingWorker<Void, Void>() { applyHostFilterWorker = new SwingWorker<>() {
@Override @Override
protected Void doInBackground() throws Exception { protected Void doInBackground() {
RowFilter<Object, Object> rowFilter = new RowFilter<Object, Object>() { RowFilter<Object, Object> rowFilter = new RowFilter<>() {
public boolean include(Entry<?, ?> entry) { public boolean include(Entry<?, ?> entry) {
if (cleanedText.equals("*")) { if (cleanedText.equals("*")) {
return true; return true;
@@ -353,281 +330,29 @@ public class Databoard extends JPanel {
return null; return null;
} }
@Override
protected void done() {
setProgressBar(false);
}
}; };
applyHostFilterWorker.execute(); applyHostFilterWorker.execute();
} }
private List<String> getHostByList() { private List<String> getHostByList() {
if (!Config.globalDataMap.keySet().isEmpty()) { List<String> result = new ArrayList<>();
return new ArrayList<>(Config.globalDataMap.keySet()); if (!Config.globalDataMap.isEmpty()) {
} result = new ArrayList<>(Config.globalDataMap.keySet());
return new ArrayList<>();
} }
private void exportActionPerformed(ActionEvent e) { return result;
String selectedHost = hostTextField.getText().trim();
if (selectedHost.isEmpty()) {
return;
} }
String exportDir = selectDirectory(true); private void clearCacheActionPerformed(ActionEvent e) {
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to clear cache?", "Info",
if (exportDir.isEmpty()) { JOptionPane.YES_NO_OPTION);
return; if (retCode == JOptionPane.YES_OPTION) {
} DataCache.clear();
if (exportActionWorker != null && !exportActionWorker.isDone()) {
exportActionWorker.cancel(true);
}
exportActionWorker = new SwingWorker<List<Object[]>, Void>() {
@Override
protected List<Object[]> doInBackground() {
ConcurrentHashMap<String, Map<String, List<String>>> dataMap = Config.globalDataMap;
return exportData(selectedHost, exportDir, dataMap);
}
@Override
protected void done() {
try {
List<Object[]> taskStatusList = get();
if (!taskStatusList.isEmpty()) {
JOptionPane.showMessageDialog(Databoard.this, generateTaskStatusPane(taskStatusList), "Info", JOptionPane.INFORMATION_MESSAGE);
}
} catch (Exception ignored) {
}
}
};
exportActionWorker.execute();
}
private JScrollPane generateTaskStatusPane(List<Object[]> dataList) {
String[] columnNames = {"#", "Filename", "Status"};
DefaultTableModel taskStatusTableModel = new DefaultTableModel(columnNames, 0);
JTable taskStatusTable = new JTable(taskStatusTableModel);
for (Object[] data : dataList) {
int rowCount = taskStatusTable.getRowCount();
int id = rowCount > 0 ? (Integer) taskStatusTable.getValueAt(rowCount - 1, 0) + 1 : 1;
Object[] rowData = new Object[data.length + 1];
rowData[0] = id;
System.arraycopy(data, 0, rowData, 1, data.length);
taskStatusTableModel.addRow(rowData);
}
TableRowSorter<DefaultTableModel> sorter = new TableRowSorter<>(taskStatusTableModel);
taskStatusTable.setRowSorter(sorter);
JScrollPane scrollPane = new JScrollPane(taskStatusTable);
scrollPane.setBorder(new TitledBorder("Task status"));
scrollPane.setPreferredSize(new Dimension(500, 300));
int paneWidth = scrollPane.getPreferredSize().width;
taskStatusTable.getColumnModel().getColumn(0).setPreferredWidth((int) (paneWidth * 0.1));
taskStatusTable.getColumnModel().getColumn(1).setPreferredWidth((int) (paneWidth * 0.7));
taskStatusTable.getColumnModel().getColumn(2).setPreferredWidth((int) (paneWidth * 0.2));
return scrollPane;
}
private List<Object[]> exportData(String selectedHost, String exportDir, Map<String, Map<String, List<String>>> dataMap) {
return dataMap.entrySet().stream()
.filter(entry -> selectedHost.equals("*") || StringProcessor.matchesHostPattern(entry.getKey(), selectedHost))
.filter(entry -> !entry.getKey().contains("*"))
.map(entry -> exportEntry(entry, exportDir))
.filter(Objects::nonNull)
.collect(Collectors.toList());
}
private Object[] exportEntry(Map.Entry<String, Map<String, List<String>>> entry, String exportDir) {
String key = entry.getKey();
Map<String, List<String>> ruleMap = entry.getValue();
if (ruleMap == null || ruleMap.isEmpty()) {
return null;
}
List<MessageEntry> messageEntryList = messageTableModel.getLogs();
Map<MessageEntry, String> entryUUIDMap = messageEntryList.stream()
.collect(Collectors.toMap(
messageEntry -> messageEntry,
messageEntry -> StringProcessor.getRandomUUID(),
(existing, replacement) -> existing
));
Map<String, Map<String, Object>> httpMap = processEntries(
messageEntryList,
key,
entryUUIDMap,
this::createHttpItemMap
);
Map<String, Map<String, Object>> urlMap = processEntries(
messageEntryList,
key,
entryUUIDMap,
this::creteUrlItemMap
);
String hostName = key.replace(":", "_");
String filename = String.format("%s/%s-%s.hae", exportDir, StringProcessor.getCurrentTime(), hostName);
boolean createdStatus = projectProcessor.createHaeFile(filename, key, ruleMap, urlMap, httpMap);
return new Object[]{filename, createdStatus};
}
private Map<String, Map<String, Object>> processEntries(List<MessageEntry> messageEntryList, String key, Map<MessageEntry, String> entryUUIDMap, Function<MessageEntry, Map<String, Object>> mapFunction) {
return messageEntryList.stream()
.filter(messageEntry -> !StringProcessor.getHostByUrl(messageEntry.getUrl()).isEmpty())
.filter(messageEntry -> StringProcessor.getHostByUrl(messageEntry.getUrl()).equals(key))
.collect(Collectors.toMap(
entryUUIDMap::get,
mapFunction,
(existing, replacement) -> existing
));
}
private Map<String, Object> creteUrlItemMap(MessageEntry entry) {
Map<String, Object> urlItemMap = new LinkedHashMap<>();
urlItemMap.put("url", entry.getUrl());
urlItemMap.put("method", entry.getMethod());
urlItemMap.put("status", entry.getStatus());
urlItemMap.put("length", entry.getLength());
urlItemMap.put("comment", entry.getComment());
urlItemMap.put("color", entry.getColor());
urlItemMap.put("size", String.valueOf(entry.getRequestResponse().request().toByteArray().length()));
return urlItemMap;
}
private Map<String, Object> createHttpItemMap(MessageEntry entry) {
Map<String, Object> httpItemMap = new LinkedHashMap<>();
httpItemMap.put("request", entry.getRequestResponse().request().toByteArray().getBytes());
httpItemMap.put("response", entry.getRequestResponse().response().toByteArray().getBytes());
return httpItemMap;
}
private void importActionPerformed(ActionEvent e) {
String exportDir = selectDirectory(false);
if (exportDir.isEmpty()) {
return;
}
if (importActionWorker != null && !importActionWorker.isDone()) {
importActionWorker.cancel(true);
}
importActionWorker = new SwingWorker<List<Object[]>, Void>() {
@Override
protected List<Object[]> doInBackground() {
List<String> filesWithExtension = findFilesWithExtension(new File(exportDir), ".hae");
return filesWithExtension.stream()
.map(Databoard.this::importData)
.collect(Collectors.toList());
}
@Override
protected void done() {
try {
List<Object[]> taskStatusList = get();
if (!taskStatusList.isEmpty()) {
JOptionPane.showMessageDialog(Databoard.this, generateTaskStatusPane(taskStatusList), "Info", JOptionPane.INFORMATION_MESSAGE);
}
} catch (Exception ignored) {
}
}
};
importActionWorker.execute();
}
private Object[] importData(String filename) {
ExecutorService executor = Executors.newFixedThreadPool(Runtime.getRuntime().availableProcessors() * 2);
HaeFileContent haeFileContent = projectProcessor.readHaeFile(filename);
boolean readStatus = haeFileContent != null;
List<Callable<Void>> tasks = new ArrayList<>();
if (readStatus) {
try {
String host = haeFileContent.getHost();
haeFileContent.getDataMap().forEach((key, value) -> RegularMatcher.putDataToGlobalMap(host, key, value));
haeFileContent.getUrlMap().forEach((key, urlItemMap) -> {
tasks.add(() -> {
String url = urlItemMap.get("url");
String comment = urlItemMap.get("comment");
String color = urlItemMap.get("color");
String length = urlItemMap.get("length");
String method = urlItemMap.get("method");
String status = urlItemMap.get("status");
String path = haeFileContent.getHttpPath();
messageTableModel.add(null, url, method, status, length, comment, color, key, path);
return null;
});
});
executor.invokeAll(tasks);
} catch (Exception e) {
api.logging().logToError("importData: " + e.getMessage());
} finally {
executor.shutdown();
} }
} }
return new Object[]{filename, readStatus}; private void clearDataActionPerformed(ActionEvent e) {
}
private List<String> findFilesWithExtension(File directory, String extension) {
List<String> filePaths = new ArrayList<>();
if (directory.isDirectory()) {
File[] files = directory.listFiles();
if (files != null) {
for (File file : files) {
if (file.isDirectory()) {
filePaths.addAll(findFilesWithExtension(file, extension));
} else if (file.isFile() && file.getName().toLowerCase().endsWith(extension)) {
filePaths.add(file.getAbsolutePath());
}
}
}
} else {
filePaths.add(directory.getAbsolutePath());
}
return filePaths;
}
private String selectDirectory(boolean forDirectories) {
JFileChooser chooser = new JFileChooser();
chooser.setCurrentDirectory(new java.io.File(configLoader.getRulesFilePath()));
chooser.setDialogTitle(String.format("Select a Directory%s", forDirectories ? "" : " or File"));
FileNameExtensionFilter filter = new FileNameExtensionFilter(".hae Files", "hae");
chooser.addChoosableFileFilter(filter);
chooser.setFileFilter(filter);
chooser.setFileSelectionMode(forDirectories ? JFileChooser.DIRECTORIES_ONLY : JFileChooser.FILES_AND_DIRECTORIES);
chooser.setAcceptAllFileFilterUsed(!forDirectories);
if (chooser.showOpenDialog(this) == JFileChooser.APPROVE_OPTION) {
File selectedDirectory = chooser.getSelectedFile();
return selectedDirectory.getAbsolutePath();
}
return "";
}
private void clearActionPerformed(ActionEvent e) {
int retCode = JOptionPane.showConfirmDialog(this, "Do you want to clear data?", "Info", int retCode = JOptionPane.showConfirmDialog(this, "Do you want to clear data?", "Info",
JOptionPane.YES_NO_OPTION); JOptionPane.YES_NO_OPTION);
String host = hostTextField.getText(); String host = hostTextField.getText();
@@ -661,8 +386,8 @@ public class Databoard extends JPanel {
keysToRemove.forEach(Config.globalDataMap::remove); keysToRemove.forEach(Config.globalDataMap::remove);
if (Config.globalDataMap.keySet().size() == 1 && Config.globalDataMap.keySet().stream().anyMatch(key -> key.equals("*"))) { if (Config.globalDataMap.size() == 1 && Config.globalDataMap.keySet().stream().anyMatch(key -> key.equals("*"))) {
Config.globalDataMap.keySet().remove("*"); Config.globalDataMap.remove("*");
} }
messageTableModel.deleteByHost(host); messageTableModel.deleteByHost(host);

14
src/main/java/hae/component/board/message/MessageEntry.java
View File

@@ -11,10 +11,8 @@ public class MessageEntry {
private final String status; private final String status;
private final String color; private final String color;
private final String method; private final String method;
private final String hash;
private final String path;
MessageEntry(HttpRequestResponse requestResponse, String method, String url, String comment, String length, String color, String status, String hash, String path) { MessageEntry(HttpRequestResponse requestResponse, String method, String url, String comment, String length, String color, String status) {
this.requestResponse = requestResponse; this.requestResponse = requestResponse;
this.method = method; this.method = method;
this.url = url; this.url = url;
@@ -22,8 +20,6 @@ public class MessageEntry {
this.length = length; this.length = length;
this.color = color; this.color = color;
this.status = status; this.status = status;
this.hash = hash;
this.path = path;
} }
public String getColor() { public String getColor() {
@@ -53,12 +49,4 @@ public class MessageEntry {
public HttpRequestResponse getRequestResponse() { public HttpRequestResponse getRequestResponse() {
return this.requestResponse; return this.requestResponse;
} }
public String getHash() {
return this.hash;
}
public String getPath() {
return this.path;
}
} }

333
src/main/java/hae/component/board/message/MessageTableModel.java
View File

@@ -1,18 +1,17 @@
package hae.component.board.message; package hae.component.board.message;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.ByteArray;
import burp.api.montoya.http.message.HttpHeader; import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.HttpRequestResponse; import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse; import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.persistence.PersistedObject;
import burp.api.montoya.ui.UserInterface; import burp.api.montoya.ui.UserInterface;
import burp.api.montoya.ui.editor.HttpRequestEditor; import burp.api.montoya.ui.editor.HttpRequestEditor;
import burp.api.montoya.ui.editor.HttpResponseEditor; import burp.api.montoya.ui.editor.HttpResponseEditor;
import hae.Config; import hae.Config;
import hae.cache.CachePool; import hae.utils.ConfigLoader;
import hae.utils.project.FileProcessor; import hae.utils.DataManager;
import hae.utils.string.HashCalculator;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
import javax.swing.*; import javax.swing.*;
@@ -23,6 +22,8 @@ import javax.swing.table.TableRowSorter;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.text.MessageFormat; import java.text.MessageFormat;
import java.util.*; import java.util.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@@ -30,15 +31,17 @@ import static burp.api.montoya.ui.editor.EditorOptions.READ_ONLY;
public class MessageTableModel extends AbstractTableModel { public class MessageTableModel extends AbstractTableModel {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader;
private final MessageTable messageTable; private final MessageTable messageTable;
private final JSplitPane splitPane; private final JSplitPane splitPane;
private final LinkedList<MessageEntry> log = new LinkedList<>(); private final LinkedList<MessageEntry> log = new LinkedList<>();
private final LinkedList<MessageEntry> filteredLog; private final LinkedList<MessageEntry> filteredLog;
private SwingWorker<Void, Void> currentWorker; private SwingWorker<Void, Void> currentWorker;
public MessageTableModel(MontoyaApi api) { public MessageTableModel(MontoyaApi api, ConfigLoader configLoader) {
this.filteredLog = new LinkedList<>(); this.filteredLog = new LinkedList<>();
this.api = api; this.api = api;
this.configLoader = configLoader;
JTabbedPane messageTab = new JTabbedPane(); JTabbedPane messageTab = new JTabbedPane();
UserInterface userInterface = api.userInterface(); UserInterface userInterface = api.userInterface();
@@ -53,14 +56,25 @@ public class MessageTableModel extends AbstractTableModel {
messageTable.setAutoCreateRowSorter(true); messageTable.setAutoCreateRowSorter(true);
// Length字段根据大小进行排序 // Length字段根据大小进行排序
TableRowSorter<DefaultTableModel> sorter = getDefaultTableModelTableRowSorter();
messageTable.setRowSorter(sorter);
messageTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
// 请求/响应文本框
JScrollPane scrollPane = new JScrollPane(messageTable);
scrollPane.setHorizontalScrollBarPolicy(JScrollPane.HORIZONTAL_SCROLLBAR_ALWAYS);
scrollPane.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS);
splitPane.setLeftComponent(scrollPane);
splitPane.setRightComponent(messageTab);
}
private TableRowSorter<DefaultTableModel> getDefaultTableModelTableRowSorter() {
TableRowSorter<DefaultTableModel> sorter = (TableRowSorter<DefaultTableModel>) messageTable.getRowSorter(); TableRowSorter<DefaultTableModel> sorter = (TableRowSorter<DefaultTableModel>) messageTable.getRowSorter();
sorter.setComparator(4, new Comparator<String>() { sorter.setComparator(4, (Comparator<String>) (s1, s2) -> {
@Override
public int compare(String s1, String s2) {
Integer age1 = Integer.parseInt(s1); Integer age1 = Integer.parseInt(s1);
Integer age2 = Integer.parseInt(s2); Integer age2 = Integer.parseInt(s2);
return age1.compareTo(age2); return age1.compareTo(age2);
}
}); });
// Color字段根据颜色顺序进行排序 // Color字段根据颜色顺序进行排序
@@ -81,48 +95,31 @@ public class MessageTableModel extends AbstractTableModel {
return -1; return -1;
} }
}); });
messageTable.setRowSorter(sorter); return sorter;
messageTable.setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
// 请求/相应文本框
JScrollPane scrollPane = new JScrollPane(messageTable);
scrollPane.setHorizontalScrollBarPolicy(JScrollPane.HORIZONTAL_SCROLLBAR_ALWAYS);
scrollPane.setVerticalScrollBarPolicy(JScrollPane.VERTICAL_SCROLLBAR_ALWAYS);
splitPane.setLeftComponent(scrollPane);
splitPane.setRightComponent(messageTab);
} }
public void add(HttpRequestResponse messageInfo, String url, String method, String status, String length, String comment, String color, String hash, String path) { public synchronized void add(HttpRequestResponse messageInfo, String url, String method, String status, String length, String comment, String color, boolean flag) {
synchronized (log) { synchronized (log) {
boolean isDuplicate = false; if (messageInfo == null) {
MessageEntry logEntry = new MessageEntry(messageInfo, method, url, comment, length, color, status, hash, path); return;
byte[] reqByteA = new byte[0];
byte[] resByteA = new byte[0];
if (messageInfo != null) {
HttpRequest httpRequest = messageInfo.request();
HttpResponse httpResponse = messageInfo.response();
reqByteA = httpRequest.toByteArray().getBytes();
resByteA = httpResponse.toByteArray().getBytes();
} }
// 比较Hash如若存在重复的请求或响应则不放入消息内容里 boolean isDuplicate = false;
try { try {
if (!log.isEmpty()) { if (!log.isEmpty() && flag) {
String host = StringProcessor.getHostByUrl(url);
for (MessageEntry entry : log) { for (MessageEntry entry : log) {
HttpRequestResponse reqResMessage = entry.getRequestResponse(); if (host.equals(StringProcessor.getHostByUrl(entry.getUrl()))) {
byte[] reqByteB = reqResMessage.request().toByteArray().getBytes(); if (isRequestDuplicate(
byte[] resByteB = reqResMessage.response().toByteArray().getBytes(); messageInfo, entry.getRequestResponse(),
try { url, entry.getUrl(),
// 通过URL、请求和响应报文、匹配数据内容多维度进行对比 comment, entry.getComment(),
if ((entry.getUrl().equals(url) || (Arrays.equals(reqByteB, reqByteA) || Arrays.equals(resByteB, resByteA))) && (areMapsEqual(getCacheData(reqByteB), getCacheData(reqByteA)) && areMapsEqual(getCacheData(resByteB), getCacheData(resByteA)))) { color, entry.getColor()
)) {
isDuplicate = true; isDuplicate = true;
break; break;
} }
} catch (Exception ignored) {
} }
} }
} }
@@ -130,10 +127,84 @@ public class MessageTableModel extends AbstractTableModel {
} }
if (!isDuplicate) { if (!isDuplicate) {
log.add(logEntry); if (flag) {
persistData(messageInfo, comment, color);
}
log.add(new MessageEntry(messageInfo, method, url, comment, length, color, status));
}
} }
} }
private boolean isRequestDuplicate(
HttpRequestResponse newReq, HttpRequestResponse existingReq,
String newUrl, String existingUrl,
String newComment, String existingComment,
String newColor, String existingColor) {
try {
// 基础属性匹配
String normalizedNewUrl = normalizeUrl(newUrl);
String normalizedExistingUrl = normalizeUrl(existingUrl);
boolean basicMatch = normalizedNewUrl.equals(normalizedExistingUrl);
// 请求响应内容匹配
byte[] newReqBytes = newReq.request().toByteArray().getBytes();
byte[] newResBytes = newReq.response().toByteArray().getBytes();
byte[] existingReqBytes = existingReq.request().toByteArray().getBytes();
byte[] existingResBytes = existingReq.response().toByteArray().getBytes();
boolean contentMatch = Arrays.equals(newReqBytes, existingReqBytes) &&
Arrays.equals(newResBytes, existingResBytes);
// 注释和颜色匹配
boolean metadataMatch = areCommentsEqual(newComment, existingComment) &&
newColor.equals(existingColor);
return (basicMatch || contentMatch) && metadataMatch;
} catch (Exception e) {
return false;
}
}
private String normalizeUrl(String url) {
if (url == null) {
return "";
}
String normalized = url.trim().toLowerCase();
while (normalized.endsWith("/")) {
normalized = normalized.substring(0, normalized.length() - 1);
}
return normalized.replaceAll("//", "/");
}
private boolean areCommentsEqual(String comment1, String comment2) {
if (comment1 == null || comment2 == null) {
return false;
}
try {
// 将注释按规则拆分并排序
Set<String> rules1 = new TreeSet<>(Arrays.asList(comment1.split(", ")));
Set<String> rules2 = new TreeSet<>(Arrays.asList(comment2.split(", ")));
return rules1.equals(rules2);
} catch (Exception e) {
return false;
}
}
private void persistData(HttpRequestResponse messageInfo, String comment, String color) {
try {
DataManager dataManager = new DataManager(api);
PersistedObject persistedObject = PersistedObject.persistedObject();
persistedObject.setHttpRequestResponse("messageInfo", messageInfo);
persistedObject.setString("comment", comment);
persistedObject.setString("color", color);
String uuidIndex = StringProcessor.getRandomUUID();
dataManager.putData("message", uuidIndex, persistedObject);
} catch (Exception e) {
api.logging().logToError("Data persistence error: " + e.getMessage());
}
} }
public void deleteByHost(String filterText) { public void deleteByHost(String filterText) {
@@ -144,7 +215,7 @@ public class MessageTableModel extends AbstractTableModel {
currentWorker.cancel(true); currentWorker.cancel(true);
} }
currentWorker = new SwingWorker<Void, Void>() { currentWorker = new SwingWorker<>() {
@Override @Override
protected Void doInBackground() { protected Void doInBackground() {
for (int i = 0; i < log.size(); i++) { for (int i = 0; i < log.size(); i++) {
@@ -171,46 +242,40 @@ public class MessageTableModel extends AbstractTableModel {
public void applyHostFilter(String filterText) { public void applyHostFilter(String filterText) {
filteredLog.clear(); filteredLog.clear();
log.forEach(entry -> {
MessageEntry finalEntry = getEntryByFile(entry);
String host = StringProcessor.getHostByUrl(finalEntry.getUrl());
if (!host.isEmpty()) {
if (StringProcessor.matchesHostPattern(host, filterText) || filterText.contains("*")) {
filteredLog.add(finalEntry);
}
}
});
fireTableDataChanged(); fireTableDataChanged();
int batchSize = 500;
// 分批处理数据
List<MessageEntry> batch = new ArrayList<>(batchSize);
int count = 0;
for (MessageEntry entry : log) {
String host = StringProcessor.getHostByUrl(entry.getUrl());
if (!host.isEmpty() && (StringProcessor.matchesHostPattern(host, filterText) || filterText.contains("*"))) {
batch.add(entry);
count++;
// 当批次达到指定大小时更新UI
if (count % batchSize == 0) {
final List<MessageEntry> currentBatch = new ArrayList<>(batch);
SwingUtilities.invokeLater(() -> {
filteredLog.addAll(currentBatch);
fireTableDataChanged();
});
batch.clear();
} }
private MessageEntry getEntryByFile(MessageEntry entry) {
HttpRequestResponse requestResponse = entry.getRequestResponse();
if (requestResponse == null) {
String url = entry.getUrl();
String method = entry.getMethod();
String status = entry.getStatus();
String comment = entry.getComment();
String color = entry.getColor();
String path = entry.getPath();
String hash = entry.getHash();
int length = Integer.parseInt(entry.getLength());
byte[] contents = FileProcessor.readFileContent(path, hash);
if (contents.length > length) {
byte[] response = Arrays.copyOf(contents, length);
byte[] request = Arrays.copyOfRange(contents, length, contents.length);
requestResponse = StringProcessor.createHttpRequestResponse(url, request, response);
int index = log.indexOf(entry);
entry = new MessageEntry(requestResponse, method, url, comment, String.valueOf(length), color, status, "", "");
log.set(index, entry);
} }
} }
return entry; // 处理最后一批
if (!batch.isEmpty()) {
final List<MessageEntry> finalBatch = new ArrayList<>(batch);
SwingUtilities.invokeLater(() -> {
filteredLog.addAll(finalBatch);
fireTableDataChanged();
});
}
} }
public void applyMessageFilter(String tableName, String filterText) { public void applyMessageFilter(String tableName, String filterText) {
@@ -227,13 +292,13 @@ public class MessageTableModel extends AbstractTableModel {
String requestBody = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8); String requestBody = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8);
String requestHeaders = httpRequest.headers().stream() String requestHeaders = httpRequest.headers().stream()
.map(HttpHeader::toString) .map(HttpHeader::toString)
.collect(Collectors.joining("\n")); .collect(Collectors.joining("\r\n"));
String responseString = new String(httpResponse.toByteArray().getBytes(), StandardCharsets.UTF_8); String responseString = new String(httpResponse.toByteArray().getBytes(), StandardCharsets.UTF_8);
String responseBody = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8); String responseBody = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8);
String responseHeaders = httpResponse.headers().stream() String responseHeaders = httpResponse.headers().stream()
.map(HttpHeader::toString) .map(HttpHeader::toString)
.collect(Collectors.joining("\n")); .collect(Collectors.joining("\r\n"));
Config.globalRules.keySet().forEach(i -> { Config.globalRules.keySet().forEach(i -> {
for (Object[] objects : Config.globalRules.get(i)) { for (Object[] objects : Config.globalRules.get(i)) {
@@ -323,56 +388,6 @@ public class MessageTableModel extends AbstractTableModel {
return isMatch; return isMatch;
} }
private Map<String, Map<String, Object>> getCacheData(byte[] content) {
String hashIndex = HashCalculator.calculateHash(content);
return CachePool.get(hashIndex);
}
private boolean areMapsEqual(Map<String, Map<String, Object>> map1, Map<String, Map<String, Object>> map2) {
if (map1 == null || map2 == null) {
return false;
}
if (map1.size() != map2.size()) {
return false;
}
for (String key : map1.keySet()) {
if (!map2.containsKey(key)) {
return false;
}
if (areInnerMapsEqual(map1.get(key), map2.get(key))) {
return false;
}
}
return true;
}
private boolean areInnerMapsEqual(Map<String, Object> innerMap1, Map<String, Object> innerMap2) {
if (innerMap1.size() != innerMap2.size()) {
return true;
}
for (String key : innerMap1.keySet()) {
if (!innerMap2.containsKey(key)) {
return true;
}
Object value1 = innerMap1.get(key);
Object value2 = innerMap2.get(key);
// 如果值是Map则递归对比
if (value1 instanceof Map && value2 instanceof Map) {
if (areInnerMapsEqual((Map<String, Object>) value1, (Map<String, Object>) value2)) {
return true;
}
} else if (!value1.equals(value2)) {
return true;
}
}
return false;
}
public JSplitPane getSplitPane() { public JSplitPane getSplitPane() {
return splitPane; return splitPane;
} }
@@ -381,10 +396,6 @@ public class MessageTableModel extends AbstractTableModel {
return messageTable; return messageTable;
} }
public LinkedList<MessageEntry> getLogs() {
return log;
}
@Override @Override
public int getRowCount() { public int getRowCount() {
return filteredLog.size(); return filteredLog.size();
@@ -434,62 +445,40 @@ public class MessageTableModel extends AbstractTableModel {
} }
public class MessageTable extends JTable { public class MessageTable extends JTable {
private MessageEntry messageEntry; private final ExecutorService executorService;
private SwingWorker<ByteArray[], Void> currentWorker;
private int lastSelectedIndex = -1;
private final HttpRequestEditor requestEditor; private final HttpRequestEditor requestEditor;
private final HttpResponseEditor responseEditor; private final HttpResponseEditor responseEditor;
private int lastSelectedIndex = -1;
public MessageTable(TableModel messageTableModel, HttpRequestEditor requestEditor, HttpResponseEditor responseEditor) { public MessageTable(TableModel messageTableModel, HttpRequestEditor requestEditor, HttpResponseEditor responseEditor) {
super(messageTableModel); super(messageTableModel);
this.requestEditor = requestEditor; this.requestEditor = requestEditor;
this.responseEditor = responseEditor; this.responseEditor = responseEditor;
this.executorService = Executors.newSingleThreadExecutor();
} }
@Override @Override
public void changeSelection(int row, int col, boolean toggle, boolean extend) { public void changeSelection(int row, int col, boolean toggle, boolean extend) {
super.changeSelection(row, col, toggle, extend); super.changeSelection(row, col, toggle, extend);
if (currentWorker != null && !currentWorker.isDone()) {
currentWorker.cancel(true);
}
currentWorker = new SwingWorker<>() {
@Override
protected ByteArray[] doInBackground() {
int selectedIndex = convertRowIndexToModel(row); int selectedIndex = convertRowIndexToModel(row);
if (lastSelectedIndex != selectedIndex) { if (lastSelectedIndex != selectedIndex) {
lastSelectedIndex = selectedIndex; lastSelectedIndex = selectedIndex;
messageEntry = filteredLog.get(selectedIndex); executorService.execute(this::getSelectedMessage);
}
}
private void getSelectedMessage() {
MessageEntry messageEntry = filteredLog.get(lastSelectedIndex);
HttpRequestResponse httpRequestResponse = messageEntry.getRequestResponse(); HttpRequestResponse httpRequestResponse = messageEntry.getRequestResponse();
ByteArray requestByte = httpRequestResponse.request().toByteArray(); requestEditor.setRequest(HttpRequest.httpRequest(messageEntry.getRequestResponse().httpService(), httpRequestResponse.request().toByteArray()));
ByteArray responseByte = httpRequestResponse.response().toByteArray(); int responseSizeWithMb = httpRequestResponse.response().toString().length() / 1024 / 1024;
if ((responseSizeWithMb < Integer.parseInt(configLoader.getLimitSize())) || configLoader.getLimitSize().equals("0")) {
ByteArray[] httpByteArray = new ByteArray[2]; responseEditor.setResponse(httpRequestResponse.response());
httpByteArray[0] = requestByte; } else {
httpByteArray[1] = responseByte; responseEditor.setResponse(HttpResponse.httpResponse("Exceeds length limit."));
return httpByteArray; }
}
return null;
}
@Override
protected void done() {
try {
ByteArray[] retByteArray = get();
if (retByteArray != null) {
requestEditor.setRequest(HttpRequest.httpRequest(messageEntry.getRequestResponse().httpService(), retByteArray[0]));
responseEditor.setResponse(HttpResponse.httpResponse(retByteArray[1]));
}
} catch (Exception ignored) {
}
}
};
currentWorker.execute();
} }
} }
} }

157
src/main/java/hae/component/board/table/AIPower.java
View File

@@ -1,157 +0,0 @@
package hae.component.board.table;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.RequestOptions;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.reflect.TypeToken;
import hae.Config;
import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import okhttp3.*;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.reflect.Type;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class AIPower {
private final MontoyaApi api;
private final HttpUtils httpUtils;
private final ConfigLoader configLoader;
private final String apiAuth;
private final String aiModel;
private final String aiBaseUrl;
public AIPower(MontoyaApi api, ConfigLoader configLoader, String aiModel, String aiBaseUrl, String[] apiKey) {
this.api = api;
this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.aiModel = aiModel;
this.aiBaseUrl = aiBaseUrl;
this.apiAuth = String.format("Bearer %s", apiKey[new Random().nextInt(apiKey.length)]);
}
// Stream Response
public String chatWithAPI(String ruleName, String data) {
OkHttpClient httpClient = new OkHttpClient();
String fileId = uploadFileToAIService(ruleName, data);
Gson gson = new Gson();
if (fileId != null) {
String chatUrl = String.format("%s/chat/completions", aiBaseUrl);
String chatMessage = generateJsonData(configLoader.getAIPrompt(), fileId);
Request request = new Request.Builder()
.url(chatUrl)
.header("Authorization", apiAuth)
.post(RequestBody.create(MediaType.parse("application/json"), chatMessage))
.build();
try (Response response = httpClient.newCall(request).execute()) {
if (!response.isSuccessful()) {
throw new IOException("Unexpected code " + response);
}
BufferedReader reader = new BufferedReader(new InputStreamReader(response.body().byteStream()));
StringBuilder chatReturn = new StringBuilder();
String line;
while ((line = reader.readLine()) != null) {
if (line.startsWith("data: ") && !line.contains("[DONE]")) {
String jsonData = line.substring(6);
Type type = new TypeToken<Map<String, Object>>() {
}.getType();
Map<String, Object> map = gson.fromJson(jsonData, type);
String content = getDeltaContent(map);
if (content != null) {
chatReturn.append(content);
}
}
}
deleteFileOnAIService(fileId);
return chatReturn.toString();
} catch (Exception e) {
return "";
}
}
return "";
}
private String getDeltaContent(Map<String, Object> map) {
List<Map<String, Map<String, String>>> choices = (List<Map<String, Map<String, String>>>) map.get("choices");
if (choices != null && !choices.isEmpty()) {
Map<String, String> delta = choices.get(0).get("delta");
return delta.get("content");
}
return null;
}
private String uploadFileToAIService(String ruleName, String data) {
String uploadUrl = String.format("%s/files", aiBaseUrl);
String uploadParam = "file";
String filename = "hae.txt";
String content = String.format(Config.userTextFormat, ruleName, data);
HttpRequest uploadFileRequest = httpUtils.generateRequestByMultipartUploadMethod(uploadUrl, uploadParam, filename, content).withAddedHeader("Authorization", apiAuth);
HttpRequestResponse uploadFileRequestResponse = api.http().sendRequest(uploadFileRequest, RequestOptions.requestOptions().withUpstreamTLSVerification());
String responseBody = uploadFileRequestResponse.response().bodyToString();
Pattern pattern = Pattern.compile("\"id\":\"(.*?)\",");
Matcher matcher = pattern.matcher(responseBody);
return matcher.find() ? matcher.group(1) : null;
}
private void deleteFileOnAIService(String fileId) {
String deleteFileUrl = String.format("%s/files/%s", aiBaseUrl, fileId);
HttpRequest deleteFileRequest = httpUtils.generateRequestByDeleteMethod(deleteFileUrl).withAddedHeader("Authorization", apiAuth);
api.http().sendRequest(deleteFileRequest, RequestOptions.requestOptions().withUpstreamTLSVerification());
}
private String getFileContentOnAiService(String fileId) {
String getFileContentUrl = String.format("%s/files/%s/content", aiBaseUrl, fileId);
HttpRequest getFileContentRequest = HttpRequest.httpRequestFromUrl(getFileContentUrl).withAddedHeader("Authorization", apiAuth);
HttpRequestResponse getFileRequestResponse = api.http().sendRequest(getFileContentRequest, RequestOptions.requestOptions().withUpstreamTLSVerification());
String responseBody = getFileRequestResponse.response().bodyToString();
Pattern pattern = Pattern.compile("\"content\":\"(.*?)\",\"file_type\"");
Matcher matcher = pattern.matcher(responseBody);
return matcher.find() ? matcher.group(1) : null;
}
private String generateJsonData(String prompt, String fileId) {
Map<String, Object> data = new HashMap<>();
data.put("model", aiModel);
data.put("stream", true);
data.put("messages", new Object[]{
new HashMap<String, Object>() {{
put("role", "system");
put("content", prompt);
}},
new HashMap<String, Object>() {{
put("role", "system");
put("content", aiModel.equals("qwen-long") ? String.format("fileid://%s", fileId) : getFileContentOnAiService(fileId));
}},
new HashMap<String, Object>() {{
put("role", "user");
put("content", "Start");
}}
});
Gson gson = new GsonBuilder().setPrettyPrinting().create();
return gson.toJson(data);
}
}

232
src/main/java/hae/component/board/table/Datatable.java
View File

@@ -1,9 +1,6 @@
package hae.component.board.table; package hae.component.board.table;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import hae.component.board.Databoard;
import hae.component.board.message.MessageTableModel; import hae.component.board.message.MessageTableModel;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.UIEnhancer; import hae.utils.UIEnhancer;
@@ -11,21 +8,17 @@ import hae.utils.UIEnhancer;
import javax.swing.*; import javax.swing.*;
import javax.swing.event.DocumentEvent; import javax.swing.event.DocumentEvent;
import javax.swing.event.DocumentListener; import javax.swing.event.DocumentListener;
import javax.swing.event.PopupMenuEvent;
import javax.swing.event.PopupMenuListener;
import javax.swing.table.DefaultTableModel; import javax.swing.table.DefaultTableModel;
import javax.swing.table.TableColumn; import javax.swing.table.TableColumn;
import javax.swing.table.TableRowSorter; import javax.swing.table.TableRowSorter;
import java.awt.*; import java.awt.*;
import java.awt.datatransfer.Clipboard; import java.awt.datatransfer.Clipboard;
import java.awt.datatransfer.StringSelection; import java.awt.datatransfer.StringSelection;
import java.awt.event.ActionEvent;
import java.awt.event.MouseAdapter; import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent; import java.awt.event.MouseEvent;
import java.lang.reflect.Type; import java.util.ArrayList;
import java.util.Comparator; import java.util.Comparator;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.regex.Pattern; import java.util.regex.Pattern;
public class Datatable extends JPanel { public class Datatable extends JPanel {
@@ -34,45 +27,36 @@ public class Datatable extends JPanel {
private final JTable dataTable; private final JTable dataTable;
private final DefaultTableModel dataTableModel; private final DefaultTableModel dataTableModel;
private final JTextField searchField; private final JTextField searchField;
private final JTextField secondSearchField;
private final TableRowSorter<DefaultTableModel> sorter; private final TableRowSorter<DefaultTableModel> sorter;
private final JCheckBox searchMode = new JCheckBox("Reverse search"); private final JCheckBox searchMode = new JCheckBox("Reverse search");
private final JCheckBox regexMode = new JCheckBox("Regex mode");
private final String tabName; private final String tabName;
private final JProgressBar progressBar;
private final JPopupMenu aiEmpoweredMenu;
private final JPanel footerPanel; private final JPanel footerPanel;
private SwingWorker<Void, Void> doubleClickWorker;
public Datatable(MontoyaApi api, ConfigLoader configLoader, String tabName, List<String> dataList) { public Datatable(MontoyaApi api, ConfigLoader configLoader, String tabName, List<String> dataList) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.tabName = tabName; this.tabName = tabName;
this.progressBar = new JProgressBar();
String[] columnNames = {"#", "Information"}; String[] columnNames = {"#", "Information"};
this.dataTableModel = new DefaultTableModel(columnNames, 0); this.dataTableModel = new DefaultTableModel(columnNames, 0);
this.dataTable = new JTable(dataTableModel); this.dataTable = new JTable(dataTableModel);
this.sorter = new TableRowSorter<>(dataTableModel); this.sorter = new TableRowSorter<>(dataTableModel);
this.searchField = new JTextField(); this.searchField = new JTextField(10);
this.aiEmpoweredMenu = new JPopupMenu(); this.secondSearchField = new JTextField(10);
this.footerPanel = new JPanel(new BorderLayout(0, 5)); this.footerPanel = new JPanel(new BorderLayout(0, 5));
initComponents(dataList); initComponents(dataList);
} }
private void initComponents(List<String> dataList) { private void initComponents(List<String> dataList) {
progressBar.setVisible(false); dataTable.setRowSorter(sorter);
// 设置ID排序 // 设置ID排序
sorter.setComparator(0, new Comparator<Integer>() { sorter.setComparator(0, (Comparator<Integer>) Integer::compareTo);
@Override
public int compare(Integer s1, Integer s2) {
return s1.compareTo(s2);
}
});
dataTable.setRowSorter(sorter);
TableColumn idColumn = dataTable.getColumnModel().getColumn(0);
idColumn.setMaxWidth(50);
for (String item : dataList) { for (String item : dataList) {
if (!item.isEmpty()) { if (!item.isEmpty()) {
@@ -80,11 +64,7 @@ public class Datatable extends JPanel {
} }
} }
// 设置灰色默认文本 UIEnhancer.setTextFieldPlaceholder(searchField, "Search");
String searchText = "Search";
UIEnhancer.setTextFieldPlaceholder(searchField, searchText);
// 监听输入框内容输入、更新、删除
searchField.getDocument().addDocumentListener(new DocumentListener() { searchField.getDocument().addDocumentListener(new DocumentListener() {
@Override @Override
public void insertUpdate(DocumentEvent e) { public void insertUpdate(DocumentEvent e) {
@@ -103,75 +83,62 @@ public class Datatable extends JPanel {
}); });
UIEnhancer.setTextFieldPlaceholder(secondSearchField, "Second search");
secondSearchField.getDocument().addDocumentListener(new DocumentListener() {
@Override
public void insertUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void removeUpdate(DocumentEvent e) {
performSearch();
}
@Override
public void changedUpdate(DocumentEvent e) {
performSearch();
}
});
// 设置布局 // 设置布局
JScrollPane scrollPane = new JScrollPane(dataTable); JScrollPane scrollPane = new JScrollPane(dataTable);
scrollPane.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS); scrollPane.setVerticalScrollBarPolicy(ScrollPaneConstants.VERTICAL_SCROLLBAR_ALWAYS);
TableColumn idColumn = dataTable.getColumnModel().getColumn(0);
idColumn.setPreferredWidth(50);
idColumn.setMaxWidth(100);
setLayout(new BorderLayout(0, 5)); setLayout(new BorderLayout(0, 5));
JPanel optionsPanel = new JPanel(); JPanel optionsPanel = new JPanel();
optionsPanel.setLayout(new BoxLayout(optionsPanel, BoxLayout.X_AXIS)); optionsPanel.setLayout(new BoxLayout(optionsPanel, BoxLayout.X_AXIS));
// Settings按钮 // Settings按钮
JPanel settingMenuPanel = new JPanel(new GridLayout(1, 1)); JPanel settingMenuPanel = new JPanel(new GridLayout(2, 1));
settingMenuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3)); settingMenuPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3));
JPopupMenu settingMenu = new JPopupMenu(); JPopupMenu settingMenu = new JPopupMenu();
settingMenuPanel.add(searchMode); settingMenuPanel.add(searchMode);
settingMenuPanel.add(regexMode);
regexMode.setSelected(true);
searchMode.addItemListener(e -> performSearch()); searchMode.addItemListener(e -> performSearch());
settingMenu.add(settingMenuPanel); settingMenu.add(settingMenuPanel);
JButton settingsButton = new JButton("Settings"); JButton settingsButton = new JButton("Settings");
setMenuShow(settingMenu, settingsButton); setMenuShow(settingMenu, settingsButton);
// AI Empowered按钮
JPanel aiEmpoweredPanel = new JPanel(new GridLayout(2, 1));
aiEmpoweredPanel.setBorder(BorderFactory.createEmptyBorder(3, 3, 3, 3));
JButton empoweredByAlibabaButton = new JButton("Alibaba - QwenLong");
empoweredByAlibabaButton.addActionListener(e -> {
aiEmpoweredByAlibabaActionPerformed(e, tabName, getTableData(dataTable));
});
JButton empoweredByMoonshotButton = new JButton("Moonshot - Kimi");
empoweredByMoonshotButton.addActionListener(e -> {
aiEmpoweredByMoonshotActionPerformed(e, tabName, getTableData(dataTable));
});
aiEmpoweredPanel.add(empoweredByAlibabaButton);
aiEmpoweredPanel.add(empoweredByMoonshotButton);
aiEmpoweredMenu.add(aiEmpoweredPanel);
JButton aiEmpoweredButton = new JButton("AI Empowered");
setMenuShow(aiEmpoweredMenu, aiEmpoweredButton);
aiEmpoweredMenu.addPopupMenuListener(new PopupMenuListener() {
@Override
public void popupMenuWillBecomeVisible(PopupMenuEvent e) {
empoweredByAlibabaButton.setEnabled(!configLoader.getAlibabaAIAPIKey().isEmpty());
empoweredByMoonshotButton.setEnabled(!configLoader.getMoonshotAIAPIKey().isEmpty());
}
@Override
public void popupMenuWillBecomeInvisible(PopupMenuEvent e) {
}
@Override
public void popupMenuCanceled(PopupMenuEvent e) {
}
});
optionsPanel.add(settingsButton); optionsPanel.add(settingsButton);
optionsPanel.add(Box.createHorizontalStrut(5)); optionsPanel.add(Box.createHorizontalStrut(5));
optionsPanel.add(searchField); optionsPanel.add(searchField);
optionsPanel.add(Box.createHorizontalStrut(5)); optionsPanel.add(Box.createHorizontalStrut(5));
optionsPanel.add(aiEmpoweredButton); optionsPanel.add(secondSearchField);
footerPanel.setBorder(BorderFactory.createEmptyBorder(2, 3, 5, 3)); footerPanel.setBorder(BorderFactory.createEmptyBorder(2, 3, 5, 3));
footerPanel.add(optionsPanel, BorderLayout.CENTER); footerPanel.add(optionsPanel, BorderLayout.CENTER);
footerPanel.add(progressBar, BorderLayout.SOUTH);
add(scrollPane, BorderLayout.CENTER); add(scrollPane, BorderLayout.CENTER);
add(footerPanel, BorderLayout.SOUTH); add(footerPanel, BorderLayout.SOUTH);
setProgressBar(false);
} }
private void setMenuShow(JPopupMenu menu, JButton button) { private void setMenuShow(JPopupMenu menu, JButton button) {
@@ -184,9 +151,6 @@ public class Datatable extends JPanel {
}); });
} }
private void setProgressBar(boolean status) {
Databoard.setProgressBar(status, progressBar, "AI+ ...");
}
private void addRowToTable(Object[] data) { private void addRowToTable(Object[] data) {
int rowCount = dataTableModel.getRowCount(); int rowCount = dataTableModel.getRowCount();
@@ -197,82 +161,65 @@ public class Datatable extends JPanel {
dataTableModel.addRow(rowData); dataTableModel.addRow(rowData);
} }
private void aiEmpoweredByAlibabaActionPerformed(ActionEvent e, String ruleName, String data) {
AIPower aiPower = new AIPower(api, configLoader, "qwen-long", "https://dashscope.aliyuncs.com/compatible-mode/v1", configLoader.getAlibabaAIAPIKey().split("\\|"));
aiEmpoweredButtonAction(ruleName, data, aiPower);
}
private void aiEmpoweredByMoonshotActionPerformed(ActionEvent e, String ruleName, String data) {
AIPower aiPower = new AIPower(api, configLoader, "moonshot-v1-128k", "https://api.moonshot.cn/v1", configLoader.getMoonshotAIAPIKey().split("\\|"));
aiEmpoweredButtonAction(ruleName, data, aiPower);
}
private void aiEmpoweredButtonAction(String ruleName, String data, AIPower aiPower) {
progressBar.setVisible(true);
aiEmpoweredMenu.setVisible(true);
setProgressBar(true);
SwingWorker<String, Void> worker = new SwingWorker<String, Void>() {
@Override
protected String doInBackground() throws Exception {
return aiPower.chatWithAPI(ruleName, data);
}
@Override
protected void done() {
setProgressBar(false);
try {
String chatReturn = get();
if (!chatReturn.isEmpty()) {
Gson gson = new Gson();
Type type = new TypeToken<Map<String, Object>>() {
}.getType();
Map<String, List<String>> map = gson.fromJson(chatReturn, type);
dataTableModel.setRowCount(0);
for (String item : map.get("data")) {
if (!item.isEmpty()) {
addRowToTable(new Object[]{item});
}
}
JOptionPane.showMessageDialog(Datatable.this, "AI+ has completed the AI empowered work.", "AI+ Info", JOptionPane.INFORMATION_MESSAGE);
} else {
JOptionPane.showMessageDialog(Datatable.this, "AI+ returns null, please check!", "AI+ Info", JOptionPane.WARNING_MESSAGE);
}
} catch (Exception ignored) {
JOptionPane.showMessageDialog(Datatable.this, "AI+ returns error, please check!", "AI+ Info", JOptionPane.ERROR_MESSAGE);
}
}
};
worker.execute();
aiEmpoweredMenu.setVisible(false);
}
private void performSearch() { private void performSearch() {
RowFilter<Object, Object> firstRowFilter = getObjectObjectRowFilter(searchField, true);
RowFilter<Object, Object> secondRowFilter = getObjectObjectRowFilter(secondSearchField, false);
if (searchField.getForeground().equals(Color.BLACK)) { if (searchField.getForeground().equals(Color.BLACK)) {
RowFilter<Object, Object> rowFilter = new RowFilter<Object, Object>() { sorter.setRowFilter(firstRowFilter);
if (secondSearchField.getForeground().equals(Color.BLACK)) {
List<RowFilter<Object, Object>> filters = new ArrayList<>();
filters.add(firstRowFilter);
filters.add(secondRowFilter);
sorter.setRowFilter(RowFilter.andFilter(filters));
}
}
}
private RowFilter<Object, Object> getObjectObjectRowFilter(JTextField searchField, boolean firstFlag) {
return new RowFilter<>() {
public boolean include(Entry<?, ?> entry) { public boolean include(Entry<?, ?> entry) {
String searchFieldTextText = searchField.getText(); String searchFieldTextText = searchField.getText();
searchFieldTextText = searchFieldTextText.toLowerCase();
String entryValue = ((String) entry.getValue(1)).toLowerCase();
boolean filterReturn = searchFieldTextText.isEmpty();
boolean firstFlagReturn = searchMode.isSelected() && firstFlag;
if (regexMode.isSelected()) {
Pattern pattern = null; Pattern pattern = null;
try { try {
pattern = Pattern.compile(searchFieldTextText, Pattern.CASE_INSENSITIVE); pattern = Pattern.compile(searchFieldTextText, Pattern.CASE_INSENSITIVE);
} catch (Exception ignored) { } catch (Exception ignored) {
} }
String entryValue = ((String) entry.getValue(1)).toLowerCase();
searchFieldTextText = searchFieldTextText.toLowerCase();
if (pattern != null) { if (pattern != null) {
return searchFieldTextText.isEmpty() || pattern.matcher(entryValue).find() != searchMode.isSelected(); filterReturn = filterReturn || pattern.matcher(entryValue).find() != firstFlagReturn;
} else {
return searchFieldTextText.isEmpty() || entryValue.contains(searchFieldTextText) != searchMode.isSelected();
} }
} else {
filterReturn = filterReturn || entryValue.contains(searchFieldTextText) != firstFlagReturn;
}
return filterReturn;
} }
}; };
sorter.setRowFilter(rowFilter);
} }
private void handleDoubleClick(int selectedRow, MessageTableModel messagePanel) {
if (doubleClickWorker != null && !doubleClickWorker.isDone()) {
doubleClickWorker.cancel(true);
}
doubleClickWorker = new SwingWorker<>() {
@Override
protected Void doInBackground() {
String rowData = dataTable.getValueAt(selectedRow, 1).toString();
SwingUtilities.invokeLater(() -> {
if (!isCancelled()) {
messagePanel.applyMessageFilter(tabName, rowData);
}
});
return null;
}
};
doubleClickWorker.execute();
} }
public void setTableListener(MessageTableModel messagePanel) { public void setTableListener(MessageTableModel messagePanel) {
@@ -298,30 +245,13 @@ public class Datatable extends JPanel {
if (e.getClickCount() == 2) { if (e.getClickCount() == 2) {
int selectedRow = dataTable.getSelectedRow(); int selectedRow = dataTable.getSelectedRow();
if (selectedRow != -1) { if (selectedRow != -1) {
String rowData = dataTable.getValueAt(selectedRow, 1).toString(); handleDoubleClick(selectedRow, messagePanel);
messagePanel.applyMessageFilter(tabName, rowData);
} }
} }
} }
}); });
} }
private String getTableData(JTable table) {
StringBuilder selectData = new StringBuilder();
int rowCount = table.getRowCount();
for (int i = 0; i < rowCount; i++) {
selectData.append(table.getValueAt(i, 1).toString()).append("\r\n");
}
if (!selectData.isEmpty()) {
selectData.delete(selectData.length() - 2, selectData.length());
} else {
return "";
}
return selectData.toString();
}
public String getSelectedDataAtTable(JTable table) { public String getSelectedDataAtTable(JTable table) {
int[] selectRows = table.getSelectedRows(); int[] selectRows = table.getSelectedRows();
StringBuilder selectData = new StringBuilder(); StringBuilder selectData = new StringBuilder();

4
src/main/java/hae/component/rule/Rule.java
View File

@@ -97,7 +97,7 @@ public class Rule extends JPanel {
Display ruleDisplay = new Display(); Display ruleDisplay = new Display();
ruleDisplay.formatTextField.setText("{0}"); ruleDisplay.formatTextField.setText("{0}");
int showState = JOptionPane.showConfirmDialog(this, ruleDisplay, "Add Rule", JOptionPane.OK_OPTION); int showState = JOptionPane.showConfirmDialog(this, ruleDisplay, "Add Rule", JOptionPane.YES_NO_OPTION);
if (showState == YES_OPTION) { if (showState == YES_OPTION) {
Vector<Object> ruleData = new Vector<>(); Vector<Object> ruleData = new Vector<>();
ruleData.add(false); ruleData.add(false);
@@ -132,7 +132,7 @@ public class Rule extends JPanel {
ruleDisplay.formatTextField.setEnabled(ruleDisplay.engineComboBox.getSelectedItem().toString().equals("nfa")); ruleDisplay.formatTextField.setEnabled(ruleDisplay.engineComboBox.getSelectedItem().toString().equals("nfa"));
int showState = JOptionPane.showConfirmDialog(this, ruleDisplay, "Edit Rule", JOptionPane.OK_OPTION); int showState = JOptionPane.showConfirmDialog(this, ruleDisplay, "Edit Rule", JOptionPane.YES_NO_OPTION);
if (showState == 0) { if (showState == 0) {
int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow()); int select = ruleTable.convertRowIndexToModel(ruleTable.getSelectedRow());
model.setValueAt(ruleDisplay.ruleNameTextField.getText(), select, 1); model.setValueAt(ruleDisplay.ruleNameTextField.getText(), select, 1);

90
src/main/java/hae/component/rule/Rules.java
View File

@@ -11,12 +11,41 @@ import java.awt.event.*;
public class Rules extends JTabbedPane { public class Rules extends JTabbedPane {
private final MontoyaApi api; private final MontoyaApi api;
private ConfigLoader configLoader;
private final RuleProcessor ruleProcessor; private final RuleProcessor ruleProcessor;
private final JTextField ruleGroupNameTextField; private final JTextField ruleGroupNameTextField;
private ConfigLoader configLoader;
private Component tabComponent; private Component tabComponent;
private int selectedIndex; private int selectedIndex;
private final Action cancelActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
if (selectedIndex >= 0) {
setTabComponentAt(selectedIndex, tabComponent);
ruleGroupNameTextField.setVisible(false);
ruleGroupNameTextField.setPreferredSize(null);
selectedIndex = -1;
tabComponent = null;
requestFocusInWindow();
}
}
};
private final Action renameTitleActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
String title = ruleGroupNameTextField.getText();
if (!title.isEmpty() && selectedIndex >= 0) {
String oldName = getTitleAt(selectedIndex);
setTitleAt(selectedIndex, title);
if (!oldName.equals(title)) {
ruleProcessor.renameRuleGroup(oldName, title);
}
}
cancelActionPerformed.actionPerformed(null);
}
};
public Rules(MontoyaApi api, ConfigLoader configLoader) { public Rules(MontoyaApi api, ConfigLoader configLoader) {
this.api = api; this.api = api;
@@ -30,8 +59,6 @@ public class Rules extends JTabbedPane {
private void initComponents() { private void initComponents() {
reloadRuleGroup(); reloadRuleGroup();
JTabbedPane tabbedPane = this;
JMenuItem deleteMenuItem = new JMenuItem("Delete"); JMenuItem deleteMenuItem = new JMenuItem("Delete");
JPopupMenu popupMenu = new JPopupMenu(); JPopupMenu popupMenu = new JPopupMenu();
popupMenu.add(deleteMenuItem); popupMenu.add(deleteMenuItem);
@@ -49,9 +76,11 @@ public class Rules extends JTabbedPane {
addMouseListener(new MouseAdapter() { addMouseListener(new MouseAdapter() {
@Override @Override
public void mousePressed(MouseEvent e) { public void mousePressed(MouseEvent e) {
int index = getSelectedIndex(); int index = indexAtLocation(e.getX(), e.getY());
Rectangle r = getBoundsAt(index); if (index < 0) {
if (r.contains(e.getPoint()) && index >= 0) { return;
}
switch (e.getButton()) { switch (e.getButton()) {
case MouseEvent.BUTTON1: case MouseEvent.BUTTON1:
if (e.getClickCount() == 2) { if (e.getClickCount() == 2) {
@@ -68,10 +97,14 @@ public class Rules extends JTabbedPane {
ruleGroupNameTextField.setMinimumSize(ruleGroupNameTextField.getPreferredSize()); ruleGroupNameTextField.setMinimumSize(ruleGroupNameTextField.getPreferredSize());
} }
} else if (e.getClickCount() == 1) { } else if (e.getClickCount() == 1) {
if ("...".equals(getTitleAt(getSelectedIndex()))) { String title = getTitleAt(index);
String title = ruleProcessor.newRule(); if ("...".equals(title)) {
Rule newRule = new Rule(api, configLoader, Config.ruleTemplate, tabbedPane); // 阻止默认的选中行为
insertTab(title, null, newRule, null, getTabCount() - 1); e.consume();
// 直接创建新标签
String newTitle = ruleProcessor.newRule();
Rule newRule = new Rule(api, configLoader, Config.ruleTemplate, Rules.this);
insertTab(newTitle, null, newRule, null, getTabCount() - 1);
setSelectedIndex(getTabCount() - 2); setSelectedIndex(getTabCount() - 2);
} else { } else {
renameTitleActionPerformed.actionPerformed(null); renameTitleActionPerformed.actionPerformed(null);
@@ -79,7 +112,7 @@ public class Rules extends JTabbedPane {
} }
break; break;
case MouseEvent.BUTTON3: case MouseEvent.BUTTON3:
if (!"...".equals(getTitleAt(getSelectedIndex()))) { if (!"...".equals(getTitleAt(index))) {
popupMenu.show(e.getComponent(), e.getX(), e.getY()); popupMenu.show(e.getComponent(), e.getX(), e.getY());
} }
break; break;
@@ -87,7 +120,6 @@ public class Rules extends JTabbedPane {
break; break;
} }
} }
}
}); });
@@ -119,38 +151,6 @@ public class Rules extends JTabbedPane {
} }
} }
} }
private final Action renameTitleActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
String title = ruleGroupNameTextField.getText();
if (!title.isEmpty() && selectedIndex >= 0) {
String oldName = getTitleAt(selectedIndex);
setTitleAt(selectedIndex, title);
if (!oldName.equals(title)) {
ruleProcessor.renameRuleGroup(oldName, title);
}
}
cancelActionPerformed.actionPerformed(null);
}
};
private final Action cancelActionPerformed = new AbstractAction() {
@Override
public void actionPerformed(ActionEvent e) {
if (selectedIndex >= 0) {
setTabComponentAt(selectedIndex, tabComponent);
ruleGroupNameTextField.setVisible(false);
ruleGroupNameTextField.setPreferredSize(null);
selectedIndex = -1;
tabComponent = null;
requestFocusInWindow();
}
}
};
} }

50
src/main/java/hae/instances/editor/RequestEditor.java
View File

@@ -9,6 +9,7 @@ import burp.api.montoya.ui.Selection;
import burp.api.montoya.ui.editor.extension.EditorCreationContext; import burp.api.montoya.ui.editor.extension.EditorCreationContext;
import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor; import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider; import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
import hae.Config;
import hae.component.board.table.Datatable; import hae.component.board.table.Datatable;
import hae.instances.http.utils.MessageProcessor; import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
@@ -30,6 +31,28 @@ public class RequestEditor implements HttpRequestEditorProvider {
this.configLoader = configLoader; this.configLoader = configLoader;
} }
public static boolean isListHasData(List<Map<String, String>> dataList) {
if (dataList != null && !dataList.isEmpty()) {
Map<String, String> dataMap = dataList.get(0);
return dataMap != null && !dataMap.isEmpty();
}
return false;
}
public static void generateTabbedPaneFromResultMap(MontoyaApi api, ConfigLoader configLoader, JTabbedPane tabbedPane, List<Map<String, String>> result) {
tabbedPane.removeAll();
if (result != null && !result.isEmpty()) {
Map<String, String> dataMap = result.get(0);
if (dataMap != null && !dataMap.isEmpty()) {
dataMap.keySet().forEach(i -> {
String[] extractData = dataMap.get(i).split(Config.boundary);
Datatable dataPanel = new Datatable(api, configLoader, i, Arrays.asList(extractData));
tabbedPane.addTab(i, dataPanel);
});
}
}
}
@Override @Override
public ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreationContext editorCreationContext) { public ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreationContext editorCreationContext) {
return new Editor(api, configLoader, editorCreationContext); return new Editor(api, configLoader, editorCreationContext);
@@ -41,17 +64,16 @@ public class RequestEditor implements HttpRequestEditorProvider {
private final HttpUtils httpUtils; private final HttpUtils httpUtils;
private final EditorCreationContext creationContext; private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor; private final MessageProcessor messageProcessor;
private final JTabbedPane jTabbedPane = new JTabbedPane();
private HttpRequestResponse requestResponse; private HttpRequestResponse requestResponse;
private List<Map<String, String>> dataList; private List<Map<String, String>> dataList;
private final JTabbedPane jTabbedPane = new JTabbedPane();
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) { public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader); this.httpUtils = new HttpUtils(api, configLoader);
this.creationContext = creationContext; this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api, configLoader);
} }
@Override @Override
@@ -117,26 +139,4 @@ public class RequestEditor implements HttpRequestEditorProvider {
return false; return false;
} }
} }
public static boolean isListHasData(List<Map<String, String>> dataList) {
if (dataList != null && !dataList.isEmpty()) {
Map<String, String> dataMap = dataList.get(0);
return dataMap != null && !dataMap.isEmpty();
}
return false;
}
public static void generateTabbedPaneFromResultMap(MontoyaApi api, ConfigLoader configLoader, JTabbedPane tabbedPane, List<Map<String, String>> result) {
tabbedPane.removeAll();
if (result != null && !result.isEmpty()) {
Map<String, String> dataMap = result.get(0);
if (dataMap != null && !dataMap.isEmpty()) {
dataMap.keySet().forEach(i -> {
String[] extractData = dataMap.get(i).split("\n");
Datatable dataPanel = new Datatable(api, configLoader, i, Arrays.asList(extractData));
tabbedPane.addTab(i, dataPanel);
});
}
}
}
} }

5
src/main/java/hae/instances/editor/ResponseEditor.java
View File

@@ -41,17 +41,16 @@ public class ResponseEditor implements HttpResponseEditorProvider {
private final HttpUtils httpUtils; private final HttpUtils httpUtils;
private final EditorCreationContext creationContext; private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor; private final MessageProcessor messageProcessor;
private final JTabbedPane jTabbedPane = new JTabbedPane();
private HttpRequestResponse requestResponse; private HttpRequestResponse requestResponse;
private List<Map<String, String>> dataList; private List<Map<String, String>> dataList;
private final JTabbedPane jTabbedPane = new JTabbedPane();
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) { public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader); this.httpUtils = new HttpUtils(api, configLoader);
this.creationContext = creationContext; this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api, configLoader);
} }
@Override @Override

5
src/main/java/hae/instances/editor/WebSocketEditor.java
View File

@@ -36,16 +36,15 @@ public class WebSocketEditor implements WebSocketMessageEditorProvider {
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final EditorCreationContext creationContext; private final EditorCreationContext creationContext;
private final MessageProcessor messageProcessor; private final MessageProcessor messageProcessor;
private final JTabbedPane jTabbedPane = new JTabbedPane();
private ByteArray message; private ByteArray message;
private List<Map<String, String>> dataList; private List<Map<String, String>> dataList;
private final JTabbedPane jTabbedPane = new JTabbedPane();
public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) { public Editor(MontoyaApi api, ConfigLoader configLoader, EditorCreationContext creationContext) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.creationContext = creationContext; this.creationContext = creationContext;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api, configLoader);
} }
@Override @Override

23
src/main/java/hae/instances/http/HttpMessageHandler.java → src/main/java/hae/instances/http/HttpMessageActiveHandler.java
View File

@@ -17,7 +17,7 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
public class HttpMessageHandler implements HttpHandler { public class HttpMessageActiveHandler implements HttpHandler {
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader; private final ConfigLoader configLoader;
private final HttpUtils httpUtils; private final HttpUtils httpUtils;
@@ -29,14 +29,13 @@ public class HttpMessageHandler implements HttpHandler {
private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> ""); private final ThreadLocal<String> host = ThreadLocal.withInitial(() -> "");
private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new); private final ThreadLocal<List<String>> colorList = ThreadLocal.withInitial(ArrayList::new);
private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new); private final ThreadLocal<List<String>> commentList = ThreadLocal.withInitial(ArrayList::new);
private final ThreadLocal<HttpRequest> httpRequest = new ThreadLocal<>();
public HttpMessageHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) { public HttpMessageActiveHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api; this.api = api;
this.configLoader = configLoader; this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader); this.httpUtils = new HttpUtils(api, configLoader);
this.messageTableModel = messageTableModel; this.messageTableModel = messageTableModel;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api, configLoader);
} }
@Override @Override
@@ -47,7 +46,6 @@ public class HttpMessageHandler implements HttpHandler {
Annotations annotations = httpRequestToBeSent.annotations(); Annotations annotations = httpRequestToBeSent.annotations();
try { try {
httpRequest.set(httpRequestToBeSent);
host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url())); host.set(StringProcessor.getHostByUrl(httpRequestToBeSent.url()));
} catch (Exception e) { } catch (Exception e) {
api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage()); api.logging().logToError("handleHttpRequestToBeSent: " + e.getMessage());
@@ -70,29 +68,26 @@ public class HttpMessageHandler implements HttpHandler {
setColorAndCommentList(messageProcessor.processRequest(host.get(), request, true)); setColorAndCommentList(messageProcessor.processRequest(host.get(), request, true));
setColorAndCommentList(messageProcessor.processResponse(host.get(), httpResponseReceived, true)); setColorAndCommentList(messageProcessor.processResponse(host.get(), httpResponseReceived, true));
// 设置高亮颜色和注释
if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) { if (!colorList.get().isEmpty() && !commentList.get().isEmpty()) {
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(request, httpResponseReceived);
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get())); String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList.get()));
annotations.setHighlightColor(HighlightColor.highlightColor(color)); annotations.setHighlightColor(HighlightColor.highlightColor(color));
String comment = StringProcessor.mergeComment(String.join(", ", commentList.get())); String comment = StringProcessor.mergeComment(String.join(", ", commentList.get()));
annotations.setNotes(comment); annotations.setNotes(comment);
HttpRequestResponse httpRequestResponse = HttpRequestResponse.httpRequestResponse(httpRequest.get(), httpResponseReceived); String method = request.method();
String url = request.url();
// 添加到Databoard
String method = httpRequest.get().method();
String url = httpRequest.get().url();
String status = String.valueOf(httpResponseReceived.statusCode()); String status = String.valueOf(httpResponseReceived.statusCode());
String length = String.valueOf(httpResponseReceived.toByteArray().length()); String length = String.valueOf(httpResponseReceived.toByteArray().length());
// 后台提交防止线程阻塞
new SwingWorker<Void, Void>() { new SwingWorker<Void, Void>() {
@Override @Override
protected Void doInBackground() { protected Void doInBackground() {
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, "", ""); messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, true);
return null; return null;
} }
}.run(); }.execute();
} }
} catch (Exception e) { } catch (Exception e) {
api.logging().logToError("handleHttpResponseReceived: " + e.getMessage()); api.logging().logToError("handleHttpResponseReceived: " + e.getMessage());

97
src/main/java/hae/instances/http/HttpMessagePassiveHandler.java Normal file
View File

@@ -0,0 +1,97 @@
package hae.instances.http;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.scanner.AuditResult;
import burp.api.montoya.scanner.ConsolidationAction;
import burp.api.montoya.scanner.ScanCheck;
import burp.api.montoya.scanner.audit.insertionpoint.AuditInsertionPoint;
import burp.api.montoya.scanner.audit.issues.AuditIssue;
import hae.component.board.message.MessageTableModel;
import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import hae.utils.http.HttpUtils;
import hae.utils.string.StringProcessor;
import javax.swing.*;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import static burp.api.montoya.scanner.AuditResult.auditResult;
import static burp.api.montoya.scanner.ConsolidationAction.KEEP_BOTH;
import static burp.api.montoya.scanner.ConsolidationAction.KEEP_EXISTING;
import static java.util.Collections.emptyList;
public class HttpMessagePassiveHandler implements ScanCheck {
private final MontoyaApi api;
private final ConfigLoader configLoader;
private final HttpUtils httpUtils;
private final MessageTableModel messageTableModel;
private final MessageProcessor messageProcessor;
public HttpMessagePassiveHandler(MontoyaApi api, ConfigLoader configLoader, MessageTableModel messageTableModel) {
this.api = api;
this.configLoader = configLoader;
this.httpUtils = new HttpUtils(api, configLoader);
this.messageTableModel = messageTableModel;
this.messageProcessor = new MessageProcessor(api, configLoader);
}
@Override
public AuditResult activeAudit(HttpRequestResponse httpRequestResponse, AuditInsertionPoint auditInsertionPoint) {
return auditResult(emptyList());
}
@Override
public AuditResult passiveAudit(HttpRequestResponse httpRequestResponse) {
List<String> colorList = new ArrayList<>();
List<String> commentList = new ArrayList<>();
HttpRequest request = httpRequestResponse.request();
HttpResponse response = httpRequestResponse.response();
boolean matches = httpUtils.verifyHttpRequestResponse(httpRequestResponse, "Proxy");
if (!matches) {
try {
String host = StringProcessor.getHostByUrl(request.url());
setColorAndCommentList(messageProcessor.processRequest(host, request, true), colorList, commentList);
setColorAndCommentList(messageProcessor.processResponse(host, response, true), colorList, commentList);
String url = request.url();
String method = request.method();
String status = String.valueOf(response.statusCode());
String color = messageProcessor.retrieveFinalColor(messageProcessor.retrieveColorIndices(colorList));
String comment = StringProcessor.mergeComment(String.join(", ", commentList));
String length = String.valueOf(response.toByteArray().length());
new SwingWorker<Void, Void>() {
@Override
protected Void doInBackground() {
messageTableModel.add(httpRequestResponse, url, method, status, length, comment, color, true);
return null;
}
}.execute();
} catch (Exception e) {
api.logging().logToError("passiveAudit: " + e.getMessage());
}
}
return auditResult(emptyList());
}
private void setColorAndCommentList(List<Map<String, String>> result, List<String> colorList, List<String> commentList) {
if (result != null && !result.isEmpty()) {
colorList.add(result.get(0).get("color"));
commentList.add(result.get(1).get("comment"));
}
}
@Override
public ConsolidationAction consolidateIssues(AuditIssue newIssue, AuditIssue existingIssue) {
return existingIssue.name().equals(newIssue.name()) ? KEEP_EXISTING : KEEP_BOTH;
}
}

77
src/main/java/hae/instances/http/utils/MessageProcessor.java
View File

@@ -5,28 +5,26 @@ import burp.api.montoya.http.message.HttpHeader;
import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse; import burp.api.montoya.http.message.responses.HttpResponse;
import hae.Config; import hae.Config;
import hae.utils.ConfigLoader;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.*; import java.util.*;
import java.util.stream.Collectors; import java.util.stream.Collectors;
public class MessageProcessor { public class MessageProcessor {
private final MontoyaApi api; private final MontoyaApi api;
private final RegularMatcher regularMatcher; private final RegularMatcher regularMatcher;
private String finalColor = ""; public MessageProcessor(MontoyaApi api, ConfigLoader configLoader) {
public MessageProcessor(MontoyaApi api) {
this.api = api; this.api = api;
this.regularMatcher = new RegularMatcher(api); this.regularMatcher = new RegularMatcher(api, configLoader);
} }
public List<Map<String, String>> processMessage(String host, String message, boolean flag) { public List<Map<String, String>> processMessage(String host, String message, boolean flag) {
Map<String, Map<String, Object>> obj = null; Map<String, Map<String, Object>> obj = null;
try { try {
obj = regularMatcher.match(host, "any", message, message, message); obj = regularMatcher.performRegexMatching(host, "any", message, message, message);
} catch (Exception ignored) { } catch (Exception ignored) {
} }
@@ -41,9 +39,9 @@ public class MessageProcessor {
String body = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8); String body = new String(httpResponse.body().getBytes(), StandardCharsets.UTF_8);
String header = httpResponse.headers().stream() String header = httpResponse.headers().stream()
.map(HttpHeader::toString) .map(HttpHeader::toString)
.collect(Collectors.joining("\n")); .collect(Collectors.joining("\r\n"));
obj = regularMatcher.match(host, "response", response, header, body); obj = regularMatcher.performRegexMatching(host, "response", response, header, body);
} catch (Exception ignored) { } catch (Exception ignored) {
} }
@@ -58,9 +56,9 @@ public class MessageProcessor {
String body = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8); String body = new String(httpRequest.body().getBytes(), StandardCharsets.UTF_8);
String header = httpRequest.headers().stream() String header = httpRequest.headers().stream()
.map(HttpHeader::toString) .map(HttpHeader::toString)
.collect(Collectors.joining("\n")); .collect(Collectors.joining("\r\n"));
obj = regularMatcher.match(host, "request", request, header, body); obj = regularMatcher.performRegexMatching(host, "request", request, header, body);
} catch (Exception ignored) { } catch (Exception ignored) {
} }
@@ -78,10 +76,10 @@ public class MessageProcessor {
List<String> commentList = resultList.get(1); List<String> commentList = resultList.get(1);
if (!colorList.isEmpty() && !commentList.isEmpty()) { if (!colorList.isEmpty() && !commentList.isEmpty()) {
String color = retrieveFinalColor(retrieveColorIndices(colorList)); String color = retrieveFinalColor(retrieveColorIndices(colorList));
Map<String, String> colorMap = new HashMap<String, String>() {{ Map<String, String> colorMap = new HashMap<>() {{
put("color", color); put("color", color);
}}; }};
Map<String, String> commentMap = new HashMap<String, String>() {{ Map<String, String> commentMap = new HashMap<>() {{
put("comment", String.join(", ", commentList)); put("comment", String.join(", ", commentList));
}}; }};
highlightList.add(colorMap); highlightList.add(colorMap);
@@ -138,41 +136,38 @@ public class MessageProcessor {
return indices; return indices;
} }
private void upgradeColors(List<Integer> colorList) { private String upgradeColors(List<Integer> colorList) {
int colorSize = colorList.size(); if (colorList == null || colorList.isEmpty()) {
String[] colorArray = Config.color; return Config.color[0];
colorList.sort(Comparator.comparingInt(Integer::intValue)); }
int i = 0;
List<Integer> stack = new ArrayList<>(); // 创建副本避免修改原始数据
while (i < colorSize) { List<Integer> indices = new ArrayList<>(colorList);
if (stack.isEmpty()) { indices.sort(Comparator.comparingInt(Integer::intValue));
stack.add(colorList.get(i));
} else { // 处理颜色升级
if (!Objects.equals(colorList.get(i), stack.stream().reduce((first, second) -> second).orElse(99999999))) { for (int i = 1; i < indices.size(); i++) {
stack.add(colorList.get(i)); if (indices.get(i).equals(indices.get(i - 1))) {
} else { // 如果发现重复的颜色索引,将当前索引降级
stack.set(stack.size() - 1, stack.get(stack.size() - 1) - 1); indices.set(i - 1, indices.get(i - 1) - 1);
} }
} }
i++;
} // 获取最终的颜色索引
// 利用HashSet删除重复元素 int finalIndex = indices.stream()
HashSet tmpList = new HashSet(stack); .min(Integer::compareTo)
if (stack.size() == tmpList.size()) { .orElse(0);
stack.sort(Comparator.comparingInt(Integer::intValue));
if (stack.get(0) < 0) { // 处理负数索引情况
finalColor = colorArray[0]; if (finalIndex < 0) {
} else { return Config.color[0];
finalColor = colorArray[stack.get(0)];
}
} else {
upgradeColors(stack);
} }
return Config.color[finalIndex];
} }
public String retrieveFinalColor(List<Integer> colorList) { public String retrieveFinalColor(List<Integer> colorList) {
upgradeColors(colorList); return upgradeColors(colorList);
return finalColor;
} }
} }

193
src/main/java/hae/instances/http/utils/RegularMatcher.java
View File

@@ -1,12 +1,16 @@
package hae.instances.http.utils; package hae.instances.http.utils;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import burp.api.montoya.persistence.PersistedList;
import burp.api.montoya.persistence.PersistedObject;
import dk.brics.automaton.Automaton; import dk.brics.automaton.Automaton;
import dk.brics.automaton.AutomatonMatcher; import dk.brics.automaton.AutomatonMatcher;
import dk.brics.automaton.RegExp; import dk.brics.automaton.RegExp;
import dk.brics.automaton.RunAutomaton; import dk.brics.automaton.RunAutomaton;
import hae.Config; import hae.Config;
import hae.cache.CachePool; import hae.cache.DataCache;
import hae.utils.ConfigLoader;
import hae.utils.DataManager;
import hae.utils.string.HashCalculator; import hae.utils.string.HashCalculator;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
@@ -17,28 +21,101 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
public class RegularMatcher { public class RegularMatcher {
private static final Map<String, Pattern> nfaPatternCache = new ConcurrentHashMap<>();
private static final Map<String, RunAutomaton> dfaAutomatonCache = new ConcurrentHashMap<>();
private final MontoyaApi api; private final MontoyaApi api;
private final ConfigLoader configLoader;
public RegularMatcher(MontoyaApi api) { public RegularMatcher(MontoyaApi api, ConfigLoader configLoader) {
this.api = api; this.api = api;
this.configLoader = configLoader;
}
public synchronized static void updateGlobalMatchCache(MontoyaApi api, String host, String name, List<String> dataList, boolean flag) {
// 添加到全局变量中便于Databoard检索
if (!Objects.equals(host, "") && host != null) {
Config.globalDataMap.compute(host, (existingHost, existingMap) -> {
Map<String, List<String>> gRuleMap = Optional.ofNullable(existingMap).orElse(new ConcurrentHashMap<>());
gRuleMap.merge(name, new ArrayList<>(dataList), (existingList, newList) -> {
Set<String> combinedSet = new LinkedHashSet<>(existingList);
combinedSet.addAll(newList);
return new ArrayList<>(combinedSet);
});
if (flag) {
// 数据存储在BurpSuite空间内
try {
DataManager dataManager = new DataManager(api);
PersistedObject persistedObject = PersistedObject.persistedObject();
gRuleMap.forEach((kName, vList) -> {
PersistedList<String> persistedList = PersistedList.persistedStringList();
persistedList.addAll(vList);
persistedObject.setStringList(kName, persistedList);
});
dataManager.putData("data", host, persistedObject);
} catch (Exception ignored) {
}
}
return gRuleMap;
});
String[] splitHost = host.split("\\.");
String onlyHost = host.split(":")[0];
String anyHost = (splitHost.length > 2 && !StringProcessor.matchHostIsIp(onlyHost)) ? StringProcessor.replaceFirstOccurrence(onlyHost, splitHost[0], "*") : "";
if (!Config.globalDataMap.containsKey(anyHost) && !anyHost.isEmpty()) {
// 添加通配符Host实际数据从查询哪里将所有数据提取
Config.globalDataMap.put(anyHost, new HashMap<>());
}
if (!Config.globalDataMap.containsKey("*")) {
// 添加通配符全匹配,同上
Config.globalDataMap.put("*", new HashMap<>());
}
}
}
public Map<String, Map<String, Object>> performRegexMatching(String host, String type, String message, String header, String body) {
// 删除动态响应头再进行存储
String originalMessage = message;
String dynamicHeader = configLoader.getDynamicHeader();
if (!dynamicHeader.isBlank()) {
String modifiedHeader = header.replaceAll(String.format("(%s):.*?\r\n", configLoader.getDynamicHeader()), "");
message = message.replace(header, modifiedHeader);
} }
public Map<String, Map<String, Object>> match(String host, String type, String message, String header, String body) {
// 先从缓存池里判断是否有已经匹配好的结果
String messageIndex = HashCalculator.calculateHash(message.getBytes()); String messageIndex = HashCalculator.calculateHash(message.getBytes());
Map<String, Map<String, Object>> map = CachePool.get(messageIndex);
if (map != null) { // 从数据缓存中读取
return map; Map<String, Map<String, Object>> dataCacheMap = DataCache.get(messageIndex);
} else {
// 存在则返回
if (dataCacheMap != null) {
return dataCacheMap;
}
// 最终返回的结果 // 最终返回的结果
String firstLine = originalMessage.split("\\r?\\n", 2)[0];
Map<String, Map<String, Object>> finalMap = applyMatchingRules(host, type, originalMessage, firstLine, header, body);
// 数据缓存写入,有可能是空值,当作匹配过的索引不再匹配
DataCache.put(messageIndex, finalMap);
return finalMap;
}
private Map<String, Map<String, Object>> applyMatchingRules(String host, String type, String message, String firstLine, String header, String body) {
Map<String, Map<String, Object>> finalMap = new HashMap<>(); Map<String, Map<String, Object>> finalMap = new HashMap<>();
Config.globalRules.keySet().parallelStream().forEach(i -> { Config.globalRules.keySet().parallelStream().forEach(i -> {
for (Object[] objects : Config.globalRules.get(i)) { for (Object[] objects : Config.globalRules.get(i)) {
// 多线程执行,一定程度上减少阻塞现象
String matchContent = ""; String matchContent = "";
// 遍历获取规则 // 遍历获取规则
List<String> result = new ArrayList<>(); List<String> result;
Map<String, Object> tmpMap = new HashMap<>(); Map<String, Object> tmpMap = new HashMap<>();
boolean loaded = (Boolean) objects[0]; boolean loaded = (Boolean) objects[0];
@@ -53,6 +130,7 @@ public class RegularMatcher {
// 判断规则是否开启与作用域 // 判断规则是否开启与作用域
if (loaded && (scope.contains(type) || scope.contains("any") || type.equals("any"))) { if (loaded && (scope.contains(type) || scope.contains("any") || type.equals("any"))) {
// 在此处检查内容是否缓存,缓存则返回为空
switch (scope) { switch (scope) {
case "any": case "any":
case "request": case "request":
@@ -71,14 +149,19 @@ public class RegularMatcher {
break; break;
case "request line": case "request line":
case "response line": case "response line":
matchContent = message.split("\\r?\\n", 2)[0]; matchContent = firstLine;
break; break;
default: default:
break; break;
} }
// 匹配内容为空则跳出
if (matchContent.isBlank()) {
break;
}
try { try {
result.addAll(matchByRegex(f_regex, s_regex, matchContent, format, engine, sensitive)); result = new ArrayList<>(executeRegexEngine(f_regex, s_regex, matchContent, format, engine, sensitive));
} catch (Exception e) { } catch (Exception e) {
api.logging().logToError(String.format("[x] Error Info:\nName: %s\nRegex: %s", name, f_regex)); api.logging().logToError(String.format("[x] Error Info:\nName: %s\nRegex: %s", name, f_regex));
api.logging().logToError(e.getMessage()); api.logging().logToError(e.getMessage());
@@ -92,59 +175,26 @@ public class RegularMatcher {
if (!result.isEmpty()) { if (!result.isEmpty()) {
tmpMap.put("color", color); tmpMap.put("color", color);
String dataStr = String.join("\n", result); String dataStr = String.join(Config.boundary, result);
tmpMap.put("data", dataStr); tmpMap.put("data", dataStr);
String nameAndSize = String.format("%s (%s)", name, result.size()); String nameAndSize = String.format("%s (%s)", name, result.size());
finalMap.put(nameAndSize, tmpMap); finalMap.put(nameAndSize, tmpMap);
putDataToGlobalMap(host, name, result); updateGlobalMatchCache(api, host, name, result, true);
} }
} }
} }
}); });
CachePool.put(messageIndex, finalMap);
return finalMap; return finalMap;
} }
}
public static void putDataToGlobalMap(String host, String name, List<String> dataList) { private List<String> executeRegexEngine(String f_regex, String s_regex, String content, String format, String engine, boolean sensitive) {
// 添加到全局变量中便于Databoard检索
if (!Objects.equals(host, "") && host != null) {
Config.globalDataMap.compute(host, (existingHost, existingMap) -> {
Map<String, List<String>> gRuleMap = Optional.ofNullable(existingMap).orElse(new ConcurrentHashMap<>());
gRuleMap.merge(name, new ArrayList<>(dataList), (existingList, newList) -> {
Set<String> combinedSet = new LinkedHashSet<>(existingList);
combinedSet.addAll(newList);
return new ArrayList<>(combinedSet);
});
return gRuleMap;
});
String[] splitHost = host.split("\\.");
String onlyHost = host.split(":")[0];
String anyHost = (splitHost.length > 2 && !StringProcessor.matchHostIsIp(onlyHost)) ? StringProcessor.replaceFirstOccurrence(onlyHost, splitHost[0], "*") : "";
if (!Config.globalDataMap.containsKey(anyHost) && anyHost.length() > 0) {
// 添加通配符Host实际数据从查询哪里将所有数据提取
Config.globalDataMap.put(anyHost, new HashMap<>());
}
if (!Config.globalDataMap.containsKey("*")) {
// 添加通配符全匹配,同上
Config.globalDataMap.put("*", new HashMap<>());
}
}
}
private List<String> matchByRegex(String f_regex, String s_regex, String content, String format, String engine, boolean sensitive) {
List<String> retList = new ArrayList<>(); List<String> retList = new ArrayList<>();
if ("nfa".equals(engine)) { if ("nfa".equals(engine)) {
Matcher matcher = createPatternMatcher(f_regex, content, sensitive); Matcher matcher = createPatternMatcher(f_regex, content, sensitive);
retList.addAll(extractMatches(s_regex, format, sensitive, matcher)); retList.addAll(extractRegexMatchResults(s_regex, format, sensitive, matcher));
} else { } else {
// DFA不支持格式化输出因此不关注format // DFA不支持格式化输出因此不关注format
String newContent = content; String newContent = content;
@@ -154,44 +204,44 @@ public class RegularMatcher {
newFirstRegex = f_regex.toLowerCase(); newFirstRegex = f_regex.toLowerCase();
} }
AutomatonMatcher autoMatcher = createAutomatonMatcher(newFirstRegex, newContent); AutomatonMatcher autoMatcher = createAutomatonMatcher(newFirstRegex, newContent);
retList.addAll(extractMatches(s_regex, autoMatcher, content)); retList.addAll(extractRegexMatchResults(s_regex, autoMatcher, content));
} }
return retList; return retList;
} }
private List<String> extractMatches(String s_regex, String format, boolean sensitive, Matcher matcher) { private List<String> extractRegexMatchResults(String s_regex, String format, boolean sensitive, Matcher matcher) {
List<String> matches = new ArrayList<>(); List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) { if (s_regex.isEmpty()) {
matches.addAll(getFormatString(matcher, format)); matches.addAll(formatMatchResults(matcher, format));
} else { } else {
while (matcher.find()) { while (matcher.find()) {
String matchContent = matcher.group(1); String matchContent = matcher.group(1);
if (!matchContent.isEmpty()) { if (!matchContent.isEmpty()) {
matcher = createPatternMatcher(s_regex, matchContent, sensitive); matcher = createPatternMatcher(s_regex, matchContent, sensitive);
matches.addAll(getFormatString(matcher, format)); matches.addAll(formatMatchResults(matcher, format));
} }
} }
} }
return matches; return matches;
} }
private List<String> extractMatches(String s_regex, AutomatonMatcher autoMatcher, String content) { private List<String> extractRegexMatchResults(String s_regex, AutomatonMatcher autoMatcher, String content) {
List<String> matches = new ArrayList<>(); List<String> matches = new ArrayList<>();
if (s_regex.isEmpty()) { if (s_regex.isEmpty()) {
matches.addAll(getFormatString(autoMatcher, content)); matches.addAll(formatMatchResults(autoMatcher, content));
} else { } else {
while (autoMatcher.find()) { while (autoMatcher.find()) {
String s = autoMatcher.group(); String s = autoMatcher.group();
if (!s.isEmpty()) { if (!s.isEmpty()) {
autoMatcher = createAutomatonMatcher(s_regex, getSubString(content, s)); autoMatcher = createAutomatonMatcher(s_regex, extractMatchedContent(content, s));
matches.addAll(getFormatString(autoMatcher, content)); matches.addAll(formatMatchResults(autoMatcher, content));
} }
} }
} }
return matches; return matches;
} }
private List<String> getFormatString(Matcher matcher, String format) { private List<String> formatMatchResults(Matcher matcher, String format) {
List<Integer> indexList = parseIndexesFromString(format); List<Integer> indexList = parseIndexesFromString(format);
List<String> stringList = new ArrayList<>(); List<String> stringList = new ArrayList<>();
@@ -204,20 +254,20 @@ public class RegularMatcher {
return ""; return "";
}).toArray(); }).toArray();
stringList.add(MessageFormat.format(reorderIndex(format), params)); stringList.add(MessageFormat.format(normalizeFormatIndexes(format), params));
} }
} }
return stringList; return stringList;
} }
private List<String> getFormatString(AutomatonMatcher matcher, String content) { private List<String> formatMatchResults(AutomatonMatcher matcher, String content) {
List<String> stringList = new ArrayList<>(); List<String> stringList = new ArrayList<>();
while (matcher.find()) { while (matcher.find()) {
String s = matcher.group(0); String s = matcher.group(0);
if (!s.isEmpty()) { if (!s.isEmpty()) {
stringList.add(getSubString(content, s)); stringList.add(extractMatchedContent(content, s));
} }
} }
@@ -225,14 +275,21 @@ public class RegularMatcher {
} }
private Matcher createPatternMatcher(String regex, String content, boolean sensitive) { private Matcher createPatternMatcher(String regex, String content, boolean sensitive) {
Pattern pattern = sensitive ? Pattern.compile(regex) : Pattern.compile(regex, Pattern.CASE_INSENSITIVE); Pattern pattern = nfaPatternCache.computeIfAbsent(regex, k -> {
int flags = sensitive ? 0 : Pattern.CASE_INSENSITIVE;
return Pattern.compile(regex, flags);
});
return pattern.matcher(content); return pattern.matcher(content);
} }
private AutomatonMatcher createAutomatonMatcher(String regex, String content) { private AutomatonMatcher createAutomatonMatcher(String regex, String content) {
RunAutomaton runAuto = dfaAutomatonCache.computeIfAbsent(regex, k -> {
RegExp regexp = new RegExp(regex); RegExp regexp = new RegExp(regex);
Automaton auto = regexp.toAutomaton(); Automaton auto = regexp.toAutomaton();
RunAutomaton runAuto = new RunAutomaton(auto, true); return new RunAutomaton(auto, true);
});
return runAuto.newMatcher(content); return runAuto.newMatcher(content);
} }
@@ -251,15 +308,16 @@ public class RegularMatcher {
return indexes; return indexes;
} }
private String getSubString(String content, String s) { private String extractMatchedContent(String content, String s) {
byte[] contentByte = api.utilities().byteUtils().convertFromString(content); byte[] contentByte = api.utilities().byteUtils().convertFromString(content);
byte[] sByte = api.utilities().byteUtils().convertFromString(s); byte[] sByte = api.utilities().byteUtils().convertFromString(s);
int startIndex = api.utilities().byteUtils().indexOf(contentByte, sByte, false, 1, contentByte.length); int startIndex = api.utilities().byteUtils().indexOf(contentByte, sByte, false, 1, contentByte.length);
int endIndex = startIndex + s.length(); int endIndex = startIndex + s.length();
return content.substring(startIndex, endIndex); return content.substring(startIndex, endIndex);
} }
private String reorderIndex(String format) { private String normalizeFormatIndexes(String format) {
Pattern pattern = Pattern.compile("\\{(\\d+)}"); Pattern pattern = Pattern.compile("\\{(\\d+)}");
Matcher matcher = pattern.matcher(format); Matcher matcher = pattern.matcher(format);
int count = 0; int count = 0;
@@ -269,6 +327,7 @@ public class RegularMatcher {
format = format.replace(matchStr, newStr); format = format.replace(matchStr, newStr);
count++; count++;
} }
return format; return format;
} }
} }

7
src/main/java/hae/instances/websocket/WebSocketMessageHandler.java
View File

@@ -4,6 +4,7 @@ import burp.api.montoya.MontoyaApi;
import burp.api.montoya.core.HighlightColor; import burp.api.montoya.core.HighlightColor;
import burp.api.montoya.proxy.websocket.*; import burp.api.montoya.proxy.websocket.*;
import hae.instances.http.utils.MessageProcessor; import hae.instances.http.utils.MessageProcessor;
import hae.utils.ConfigLoader;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@@ -12,9 +13,9 @@ public class WebSocketMessageHandler implements ProxyMessageHandler {
private final MontoyaApi api; private final MontoyaApi api;
private final MessageProcessor messageProcessor; private final MessageProcessor messageProcessor;
public WebSocketMessageHandler(MontoyaApi api) { public WebSocketMessageHandler(MontoyaApi api, ConfigLoader configLoader) {
this.api = api; this.api = api;
this.messageProcessor = new MessageProcessor(api); this.messageProcessor = new MessageProcessor(api, configLoader);
} }
@Override @Override
@@ -22,7 +23,7 @@ public class WebSocketMessageHandler implements ProxyMessageHandler {
String message = interceptedTextMessage.payload(); String message = interceptedTextMessage.payload();
List<Map<String, String>> result = messageProcessor.processMessage("", message, true); List<Map<String, String>> result = messageProcessor.processMessage("", message, true);
if (result != null && !result.isEmpty() && result.size() > 0) { if (result != null && !result.isEmpty()) {
interceptedTextMessage.annotations().setHighlightColor(HighlightColor.highlightColor(result.get(0).get("color"))); interceptedTextMessage.annotations().setHighlightColor(HighlightColor.highlightColor(result.get(0).get("color")));
interceptedTextMessage.annotations().setNotes(result.get(1).get("comment")); interceptedTextMessage.annotations().setNotes(result.get(1).get("comment"));
} }

185
src/main/java/hae/utils/ConfigLoader.java
View File

@@ -1,12 +1,11 @@
package hae.utils; package hae.utils;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.RequestOptions;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import hae.Config; import hae.Config;
import org.yaml.snakeyaml.DumperOptions; import org.yaml.snakeyaml.DumperOptions;
import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.SafeConstructor;
import org.yaml.snakeyaml.representer.Representer; import org.yaml.snakeyaml.representer.Representer;
import java.io.*; import java.io.*;
@@ -24,10 +23,7 @@ public class ConfigLoader {
public ConfigLoader(MontoyaApi api) { public ConfigLoader(MontoyaApi api) {
this.api = api; this.api = api;
DumperOptions dop = new DumperOptions(); this.yaml = createSecureYaml();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer(dop);
this.yaml = new Yaml(representer, dop);
String configPath = determineConfigPath(); String configPath = determineConfigPath();
this.configFilePath = String.format("%s/%s", configPath, "Config.yml"); this.configFilePath = String.format("%s/%s", configPath, "Config.yml");
@@ -46,12 +42,36 @@ public class ConfigLoader {
File rulesFilePath = new File(this.rulesFilePath); File rulesFilePath = new File(this.rulesFilePath);
if (!(rulesFilePath.exists() && rulesFilePath.isFile())) { if (!(rulesFilePath.exists() && rulesFilePath.isFile())) {
initRulesByRes(); initRules();
} }
Config.globalRules = getRules(); Config.globalRules = getRules();
} }
private static boolean isValidConfigPath(String configPath) {
File configPathFile = new File(configPath);
return configPathFile.exists() && configPathFile.isDirectory();
}
private Yaml createSecureYaml() {
// 配置 LoaderOptions 进行安全限制
LoaderOptions loaderOptions = new LoaderOptions();
// 禁用注释处理
loaderOptions.setProcessComments(false);
// 禁止递归键
loaderOptions.setAllowRecursiveKeys(false);
// 配置 DumperOptions 控制输出格式
DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
// 创建 Representer
Representer representer = new Representer(dop);
// 使用 SafeConstructor创建安全的 YAML 实例
return new Yaml(new SafeConstructor(loaderOptions), representer, dop);
}
private String determineConfigPath() { private String determineConfigPath() {
// 优先级1用户根目录 // 优先级1用户根目录
String userConfigPath = String.format("%s/.config/HaE", System.getProperty("user.home")); String userConfigPath = String.format("%s/.config/HaE", System.getProperty("user.home"));
@@ -70,15 +90,15 @@ public class ConfigLoader {
return userConfigPath; return userConfigPath;
} }
private static boolean isValidConfigPath(String configPath) {
File configPathFile = new File(configPath);
return configPathFile.exists() && configPathFile.isDirectory();
}
public void initConfig() { public void initConfig() {
Map<String, Object> r = new LinkedHashMap<>(); Map<String, Object> r = new LinkedHashMap<>();
r.put("excludeSuffix", getExcludeSuffix()); r.put("ExcludeSuffix", getExcludeSuffix());
r.put("blockHost", getBlockHost()); r.put("BlockHost", getBlockHost());
r.put("ExcludeStatus", getExcludeStatus());
r.put("LimitSize", getLimitSize());
r.put("HaEScope", getScope());
r.put("DynamicHeader", getDynamicHeader());
try { try {
Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8); Writer ws = new OutputStreamWriter(Files.newOutputStream(Paths.get(configFilePath)), StandardCharsets.UTF_8);
yaml.dump(r, ws); yaml.dump(r, ws);
@@ -97,12 +117,7 @@ public class ConfigLoader {
try { try {
InputStream inputStream = Files.newInputStream(Paths.get(getRulesFilePath())); InputStream inputStream = Files.newInputStream(Paths.get(getRulesFilePath()));
DumperOptions dop = new DumperOptions(); Map<String, Object> rulesMap = yaml.load(inputStream);
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer(dop);
Map<String, Object> rulesMap = new Yaml(representer, dop).load(inputStream);
String[] fieldKeys = {"loaded", "name", "f_regex", "s_regex", "format", "color", "scope", "engine", "sensitive"};
Object rulesObj = rulesMap.get("rules"); Object rulesObj = rulesMap.get("rules");
if (rulesObj instanceof List) { if (rulesObj instanceof List) {
@@ -114,9 +129,9 @@ public class ConfigLoader {
if (ruleObj instanceof List) { if (ruleObj instanceof List) {
List<Map<String, Object>> ruleData = (List<Map<String, Object>>) ruleObj; List<Map<String, Object>> ruleData = (List<Map<String, Object>>) ruleObj;
for (Map<String, Object> ruleFields : ruleData) { for (Map<String, Object> ruleFields : ruleData) {
Object[] valuesArray = new Object[fieldKeys.length]; Object[] valuesArray = new Object[Config.ruleFields.length];
for (int i = 0; i < fieldKeys.length; i++) { for (int i = 0; i < Config.ruleFields.length; i++) {
valuesArray[i] = ruleFields.get(fieldKeys[i]); valuesArray[i] = ruleFields.get(Config.ruleFields[i].toLowerCase().replace("-", "_"));
} }
data.add(valuesArray); data.add(valuesArray);
} }
@@ -134,38 +149,66 @@ public class ConfigLoader {
return rules; return rules;
} }
public String getAlibabaAIAPIKey() {
return getValueFromConfig("AlibabaAIAPIKey", "");
}
public String getMoonshotAIAPIKey() {
return getValueFromConfig("MoonshotAIAPIKey", "");
}
public String getAIPrompt() {
return getValueFromConfig("AIPrompt", Config.prompt);
}
public String getBlockHost() { public String getBlockHost() {
return getValueFromConfig("BlockHost", Config.host); return getValueFromConfig("BlockHost", Config.host);
} }
public void setBlockHost(String blockHost) {
setValueToConfig("BlockHost", blockHost);
}
public String getExcludeSuffix() { public String getExcludeSuffix() {
return getValueFromConfig("ExcludeSuffix", Config.suffix); return getValueFromConfig("ExcludeSuffix", Config.suffix);
} }
public void setExcludeSuffix(String excludeSuffix) {
setValueToConfig("ExcludeSuffix", excludeSuffix);
}
public String getExcludeStatus() { public String getExcludeStatus() {
return getValueFromConfig("ExcludeStatus", Config.status); return getValueFromConfig("ExcludeStatus", Config.status);
} }
public void setExcludeStatus(String status) {
setValueToConfig("ExcludeStatus", status);
}
public String getDynamicHeader() {
return getValueFromConfig("DynamicHeader", Config.header);
}
public void setDynamicHeader(String header) {
setValueToConfig("DynamicHeader", header);
}
public String getLimitSize() {
return getValueFromConfig("LimitSize", Config.size);
}
public void setLimitSize(String size) {
setValueToConfig("LimitSize", size);
}
public String getScope() { public String getScope() {
return getValueFromConfig("HaEScope", Config.scopeOptions); return getValueFromConfig("HaEScope", Config.scopeOptions);
} }
private String getValueFromConfig(String name, String value) { public void setScope(String scope) {
setValueToConfig("HaEScope", scope);
}
public boolean getMode() {
return getValueFromConfig("HaEModeStatus", Config.modeStatus).equals("true");
}
public void setMode(String mode) {
setValueToConfig("HaEModeStatus", mode);
}
private String getValueFromConfig(String name, String defaultValue) {
File yamlSetting = new File(configFilePath); File yamlSetting = new File(configFilePath);
if (!yamlSetting.exists() || !yamlSetting.isFile()) { if (!yamlSetting.exists() || !yamlSetting.isFile()) {
return value; return defaultValue;
} }
try (InputStream inorder = Files.newInputStream(Paths.get(configFilePath))) { try (InputStream inorder = Files.newInputStream(Paths.get(configFilePath))) {
@@ -177,35 +220,7 @@ public class ConfigLoader {
} catch (Exception ignored) { } catch (Exception ignored) {
} }
return value; return defaultValue;
}
public void setAlibabaAIAPIKey(String apiKey) {
setValueToConfig("AlibabaAIAPIKey", apiKey);
}
public void setMoonshotAIAPIKey(String apiKey) {
setValueToConfig("MoonshotAIAPIKey", apiKey);
}
public void setAIPrompt(String prompt) {
setValueToConfig("AIPrompt", prompt);
}
public void setExcludeSuffix(String excludeSuffix) {
setValueToConfig("ExcludeSuffix", excludeSuffix);
}
public void setBlockHost(String blockHost) {
setValueToConfig("BlockHost", blockHost);
}
public void setExcludeStatus(String status) {
setValueToConfig("ExcludeStatus", status);
}
public void setScope(String scope) {
setValueToConfig("HaEScope", scope);
} }
private void setValueToConfig(String name, String value) { private void setValueToConfig(String name, String value) {
@@ -231,11 +246,12 @@ public class ConfigLoader {
} }
} }
public void initRulesByRes() { public boolean initRules() {
boolean isCopySuccess = copyRulesToFile(this.rulesFilePath); boolean ret = copyRulesToFile(this.rulesFilePath);
if (!isCopySuccess) { if (!ret) {
api.extension().unload(); api.extension().unload();
} }
return ret;
} }
private boolean copyRulesToFile(String targetFilePath) { private boolean copyRulesToFile(String targetFilePath) {
@@ -258,33 +274,4 @@ public class ConfigLoader {
return false; return false;
} }
public void initRulesByNet() {
Thread t = new Thread() {
public void run() {
pullRules();
}
};
t.start();
try {
t.join(10000);
} catch (Exception ignored) {
}
}
private void pullRules() {
try {
String url = "https://raw.githubusercontent.com/gh0stkey/HaE/gh-pages/Rules.yml";
HttpRequest httpRequest = HttpRequest.httpRequestFromUrl(url);
HttpRequestResponse requestResponse = api.http().sendRequest(httpRequest, RequestOptions.requestOptions().withUpstreamTLSVerification());
String responseBody = requestResponse.response().bodyToString();
if (responseBody.contains("rules")) {
FileOutputStream fileOutputStream = new FileOutputStream(rulesFilePath);
fileOutputStream.write(responseBody.getBytes());
fileOutputStream.close();
}
} catch (Exception ignored) {
api.extension().unload();
}
}
} }

137
src/main/java/hae/utils/DataManager.java Normal file
View File

@@ -0,0 +1,137 @@
package hae.utils;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.persistence.PersistedList;
import burp.api.montoya.persistence.PersistedObject;
import burp.api.montoya.persistence.Persistence;
import hae.component.board.message.MessageTableModel;
import hae.instances.http.utils.RegularMatcher;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
public class DataManager {
private final MontoyaApi api;
private final Persistence persistence;
public DataManager(MontoyaApi api) {
this.api = api;
this.persistence = api.persistence();
}
public synchronized void putData(String dataType, String dataName, PersistedObject persistedObject) {
if (persistence.extensionData().getChildObject(dataName) != null) {
persistence.extensionData().deleteChildObject(dataName);
}
persistence.extensionData().setChildObject(dataName, persistedObject);
saveIndex(dataType, dataName);
}
public synchronized void loadData(MessageTableModel messageTableModel) {
// 1. 获取索引
PersistedList<String> dataIndex = persistence.extensionData().getStringList("data"); // 数据索引
PersistedList<String> messageIndex = persistence.extensionData().getStringList("message"); // 消息索引
// 2. 从索引获取数据
loadHaEData(dataIndex);
loadMessageData(messageIndex, messageTableModel);
}
private void saveIndex(String indexName, String indexValue) {
PersistedList<String> indexList = persistence.extensionData().getStringList(indexName);
if (indexList != null && !indexList.isEmpty()) {
persistence.extensionData().deleteStringList(indexName);
} else if (indexList == null) {
indexList = PersistedList.persistedStringList();
}
if (!indexList.contains(indexValue)) {
indexList.add(indexValue);
}
persistence.extensionData().setStringList(indexName, indexList);
}
private void loadHaEData(PersistedList<String> dataIndex) {
if (dataIndex != null && !dataIndex.isEmpty()) {
dataIndex.forEach(index -> {
PersistedObject dataObj = persistence.extensionData().getChildObject(index);
try {
dataObj.stringListKeys().forEach(dataKey -> RegularMatcher.updateGlobalMatchCache(api, index, dataKey, dataObj.getStringList(dataKey).stream().toList(), false));
} catch (Exception ignored) {
}
});
}
}
private void loadMessageData(PersistedList<String> messageIndex, MessageTableModel messageTableModel) {
if (messageIndex == null || messageIndex.isEmpty()) {
return;
}
// 直接转换为List简化处理
List<String> indexList = messageIndex.stream()
.filter(Objects::nonNull)
.map(Object::toString)
.toList();
if (indexList.isEmpty()) {
return;
}
final int batchSize = 2000;
final int threadCount = Math.max(8, Runtime.getRuntime().availableProcessors() * 2);
ExecutorService executorService = Executors.newWorkStealingPool(threadCount);
try {
// 分批处理
for (int i = 0; i < indexList.size(); i += batchSize) {
int endIndex = Math.min(i + batchSize, indexList.size());
List<String> batch = indexList.subList(i, endIndex);
processBatch(batch, messageTableModel);
}
} finally {
executorService.shutdown();
}
}
private void processBatch(List<String> batch, MessageTableModel messageTableModel) {
batch.forEach(index -> {
try {
PersistedObject dataObj = persistence.extensionData().getChildObject(index);
if (dataObj != null) {
HttpRequestResponse messageInfo = dataObj.getHttpRequestResponse("messageInfo");
if (messageInfo != null) {
addMessageToModel(messageInfo, dataObj, messageTableModel);
}
}
} catch (Exception e) {
api.logging().logToError("processBatch: " + e.getMessage());
}
});
}
private void addMessageToModel(HttpRequestResponse messageInfo, PersistedObject dataObj, MessageTableModel messageTableModel) {
HttpRequest request = messageInfo.request();
HttpResponse response = messageInfo.response();
messageTableModel.add(
messageInfo,
request.url(),
request.method(),
String.valueOf(response.statusCode()),
String.valueOf(response.toByteArray().length()),
dataObj.getString("comment"),
dataObj.getString("color"),
false
);
}
}

24
src/main/java/hae/utils/UIEnhancer.java
View File

@@ -7,24 +7,38 @@ import java.awt.event.FocusListener;
public class UIEnhancer { public class UIEnhancer {
public static void setTextFieldPlaceholder(JTextField textField, String placeholderText) { public static void setTextFieldPlaceholder(JTextField textField, String placeholderText) {
textField.setForeground(Color.GRAY); // 使用客户端属性来存储占位符文本和占位符状态
textField.setText(placeholderText); textField.putClientProperty("placeholderText", placeholderText);
textField.putClientProperty("isPlaceholder", true);
// 设置占位符文本和颜色
setPlaceholderText(textField);
textField.addFocusListener(new FocusListener() { textField.addFocusListener(new FocusListener() {
@Override @Override
public void focusGained(FocusEvent e) { public void focusGained(FocusEvent e) {
if (textField.getText().equals(placeholderText)) { // 当获得焦点且文本是占位符时,清除文本并更改颜色
if ((boolean) textField.getClientProperty("isPlaceholder")) {
textField.setText(""); textField.setText("");
textField.setForeground(Color.BLACK); textField.setForeground(Color.BLACK);
textField.putClientProperty("isPlaceholder", false);
} }
} }
@Override @Override
public void focusLost(FocusEvent e) { public void focusLost(FocusEvent e) {
// 当失去焦点且文本为空时,设置占位符文本和颜色
if (textField.getText().isEmpty()) { if (textField.getText().isEmpty()) {
textField.setForeground(Color.GRAY); setPlaceholderText(textField);
textField.setText(placeholderText);
} }
} }
}); });
} }
private static void setPlaceholderText(JTextField textField) {
String placeholderText = (String) textField.getClientProperty("placeholderText");
textField.setForeground(Color.GRAY);
textField.setText(placeholderText);
textField.putClientProperty("isPlaceholder", true);
}
} }

52
src/main/java/hae/utils/http/HttpUtils.java
View File

@@ -3,9 +3,7 @@ package hae.utils.http;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.HttpRequestResponse; import burp.api.montoya.http.message.HttpRequestResponse;
import burp.api.montoya.http.message.requests.HttpRequest; import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.http.message.requests.HttpTransformation;
import burp.api.montoya.http.message.responses.HttpResponse; import burp.api.montoya.http.message.responses.HttpResponse;
import burp.api.montoya.utilities.RandomUtils;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.string.StringProcessor; import hae.utils.string.StringProcessor;
@@ -21,43 +19,41 @@ public class HttpUtils {
this.configLoader = configLoader; this.configLoader = configLoader;
} }
public HttpRequest generateRequestByMultipartUploadMethod(String url, String name, String filename, String content) {
HttpRequest baseRequest = HttpRequest.httpRequestFromUrl(url).withTransformationApplied(HttpTransformation.TOGGLE_METHOD);
String boundary = api.utilities().randomUtils().randomString(32, RandomUtils.CharacterSet.ASCII_LETTERS);
StringBuilder newBody = new StringBuilder();
newBody.append(String.format("--%s\r\nContent-Disposition: form-data; name=\"%s\"; filename=\"%s\"\r\n\r\n%s\r\n", boundary, name, filename, content));
newBody.append(String.format("--%s\r\nContent-Disposition: form-data; name=\"%s\"\r\n\r\n%s\r\n", boundary, "purpose", "file-extract"));
newBody.append("--").append(boundary).append("--\r\n");
baseRequest = baseRequest.withUpdatedHeader("Content-Type", "multipart/form-data; boundary=" + boundary).withBody(newBody.toString());
return baseRequest;
}
public HttpRequest generateRequestByDeleteMethod(String url) {
return HttpRequest.httpRequestFromUrl(url).withMethod("DELETE");
}
public boolean verifyHttpRequestResponse(HttpRequestResponse requestResponse, String toolType) { public boolean verifyHttpRequestResponse(HttpRequestResponse requestResponse, String toolType) {
HttpRequest request = requestResponse.request(); HttpRequest request = requestResponse.request();
HttpResponse response = requestResponse.response(); HttpResponse response = requestResponse.response();
boolean retStatus = false;
try {
String host = StringProcessor.getHostByUrl(request.url()); String host = StringProcessor.getHostByUrl(request.url());
String[] hostList = configLoader.getBlockHost().split("\\|");
boolean isBlockHost = isBlockHost(hostList, host);
boolean isBlockHost = false;
String blockHost = configLoader.getBlockHost();
if (!blockHost.isBlank()) {
String[] hostList = configLoader.getBlockHost().split("\\|");
isBlockHost = isBlockHost(hostList, host);
}
boolean isExcludeSuffix = false;
String suffix = configLoader.getExcludeSuffix();
if (!suffix.isBlank()) {
List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|")); List<String> suffixList = Arrays.asList(configLoader.getExcludeSuffix().split("\\|"));
boolean isExcludeSuffix = suffixList.contains(request.fileExtension().toLowerCase()); isExcludeSuffix = suffixList.contains(request.fileExtension().toLowerCase());
}
boolean isToolScope = !configLoader.getScope().contains(toolType); boolean isToolScope = !configLoader.getScope().contains(toolType);
boolean isExcludeStatus = false;
String status = configLoader.getExcludeStatus();
if (!status.isBlank()) {
List<String> statusList = Arrays.asList(configLoader.getExcludeStatus().split("\\|")); List<String> statusList = Arrays.asList(configLoader.getExcludeStatus().split("\\|"));
boolean isExcludeStatus = statusList.contains(String.valueOf(response.statusCode())); isExcludeStatus = statusList.contains(String.valueOf(response.statusCode()));
}
return isExcludeSuffix || isBlockHost || isToolScope || isExcludeStatus; retStatus = isExcludeSuffix || isBlockHost || isToolScope || isExcludeStatus;
} catch (Exception ignored) {
}
return retStatus;
} }
private boolean isBlockHost(String[] hostList, String host) { private boolean isBlockHost(String[] hostList, String host) {

47
src/main/java/hae/utils/project/FileProcessor.java
View File

@@ -1,47 +0,0 @@
package hae.utils.project;
import java.io.File;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Comparator;
public class FileProcessor {
public static void deleteDirectoryWithContents(Path pathToBeDeleted) {
if (pathToBeDeleted != null) {
try {
Files.walk(pathToBeDeleted)
.sorted(Comparator.reverseOrder())
.map(Path::toFile)
.forEach(File::delete);
} catch (Exception ignored) {
}
}
}
public static byte[] readFileContent(String basePath, String fileName) {
Path filePath = Paths.get(basePath, fileName);
Path path = Paths.get(basePath);
try {
byte[] fileContent = Files.readAllBytes(filePath);
Files.deleteIfExists(filePath);
boolean isEmpty = isDirectoryEmpty(path);
if (isEmpty) {
Files.deleteIfExists(path);
}
return fileContent;
} catch (Exception e) {
return new byte[0];
}
}
private static boolean isDirectoryEmpty(Path directory) throws Exception {
try (DirectoryStream<Path> dirStream = Files.newDirectoryStream(directory)) {
return !dirStream.iterator().hasNext();
}
}
}

187
src/main/java/hae/utils/project/ProjectProcessor.java
View File

@@ -1,187 +0,0 @@
package hae.utils.project;
import burp.api.montoya.MontoyaApi;
import hae.utils.project.model.HaeFileContent;
import org.yaml.snakeyaml.LoaderOptions;
import org.yaml.snakeyaml.Yaml;
import java.io.*;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.util.*;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
public class ProjectProcessor {
private final MontoyaApi api;
public ProjectProcessor(MontoyaApi api) {
this.api = api;
}
public boolean createHaeFile(String haeFilePath, String host, Map<String, List<String>> dataMap, Map<String, Map<String, Object>> urlMap, Map<String, Map<String, Object>> httpMap) {
ExecutorService executor = Executors.newFixedThreadPool(Runtime.getRuntime().availableProcessors() * 2);
List<Callable<Void>> tasks = new ArrayList<>();
ByteArrayOutputStream dataYamlStream = new ByteArrayOutputStream();
ByteArrayOutputStream urlYamlStream = new ByteArrayOutputStream();
Yaml yaml = new Yaml();
yaml.dump(dataMap, new OutputStreamWriter(dataYamlStream, StandardCharsets.UTF_8));
yaml.dump(urlMap, new OutputStreamWriter(urlYamlStream, StandardCharsets.UTF_8));
try (ZipOutputStream zipOut = new ZipOutputStream(new FileOutputStream(haeFilePath))) {
zipOut.putNextEntry(new ZipEntry("info"));
zipOut.write(host.getBytes(StandardCharsets.UTF_8));
zipOut.closeEntry();
zipOut.putNextEntry(new ZipEntry("data"));
zipOut.write(dataYamlStream.toByteArray());
zipOut.closeEntry();
zipOut.putNextEntry(new ZipEntry("url"));
zipOut.write(urlYamlStream.toByteArray());
zipOut.closeEntry();
for (String httpHash : httpMap.keySet()) {
Map<String, Object> httpItem = httpMap.get(httpHash);
tasks.add(() -> {
try {
ByteArrayOutputStream httpOutStream = new ByteArrayOutputStream();
byte[] request = (byte[]) httpItem.get("request");
byte[] response = (byte[]) httpItem.get("response");
httpOutStream.write(response);
httpOutStream.write(request);
synchronized (zipOut) {
zipOut.putNextEntry(new ZipEntry(String.format("http/%s", httpHash)));
zipOut.write(httpOutStream.toByteArray());
zipOut.closeEntry();
}
} catch (Exception e) {
api.logging().logToError("createHaeFile: " + e.getMessage());
}
return null;
});
}
executor.invokeAll(tasks);
} catch (Exception e) {
api.logging().logToError("createHaeFile: " + e.getMessage());
return false;
} finally {
executor.shutdown();
}
return true;
}
public HaeFileContent readHaeFile(String haeFilePath) {
ExecutorService executor = Executors.newFixedThreadPool(Runtime.getRuntime().availableProcessors() * 2);
List<Callable<Void>> tasks = new ArrayList<>();
HaeFileContent haeFileContent = new HaeFileContent(api);
LoaderOptions loaderOptions = new LoaderOptions();
loaderOptions.setMaxAliasesForCollections(Integer.MAX_VALUE);
loaderOptions.setCodePointLimit(Integer.MAX_VALUE);
Yaml yaml = new Yaml(loaderOptions);
Path tempDirectory = null;
try {
if (hasValidStructure(haeFilePath)) {
tempDirectory = Files.createTempDirectory("hae");
haeFileContent.setHttpPath(tempDirectory.toString());
try (ZipFile zipFile = new ZipFile(haeFilePath)) {
Enumeration<? extends ZipEntry> entries = zipFile.entries();
while (entries.hasMoreElements()) {
ZipEntry entry = entries.nextElement();
String fileName = entry.getName();
if (fileName.startsWith("http/")) {
Path filePath = tempDirectory.resolve(fileName.substring("http/".length()));
tasks.add(() -> {
try (InputStream in = zipFile.getInputStream(entry)) {
Files.copy(in, filePath, StandardCopyOption.REPLACE_EXISTING);
} catch (IOException e) {
api.logging().logToError("readHaeFile: " + e.getMessage());
}
return null;
});
} else {
try (InputStream in = zipFile.getInputStream(entry)) {
switch (fileName) {
case "info" ->
haeFileContent.setHost(new String(in.readAllBytes(), StandardCharsets.UTF_8));
case "data" ->
haeFileContent.setDataMap(yaml.load(new InputStreamReader(in, StandardCharsets.UTF_8)));
case "url" ->
haeFileContent.setUrlMap(yaml.load(new InputStreamReader(in, StandardCharsets.UTF_8)));
}
}
}
}
executor.invokeAll(tasks);
}
}
} catch (Exception e) {
api.logging().logToError("readHaeFile: " + e.getMessage());
if (tempDirectory != null) {
FileProcessor.deleteDirectoryWithContents(tempDirectory);
}
haeFileContent = null;
} finally {
executor.shutdown();
}
return haeFileContent;
}
private boolean hasValidStructure(String zipFilePath) {
Set<String> requiredRootEntries = new HashSet<>();
requiredRootEntries.add("info");
requiredRootEntries.add("data");
requiredRootEntries.add("url");
boolean hasHttpDirectoryWithFiles = false;
try {
ZipFile zipFile = new ZipFile(zipFilePath);
Enumeration<? extends ZipEntry> entries = zipFile.entries();
while (entries.hasMoreElements()) {
ZipEntry entry = entries.nextElement();
String name = entry.getName();
if (!entry.isDirectory() && !name.contains("/")) {
requiredRootEntries.remove(name);
}
if (name.startsWith("http/") && !entry.isDirectory()) {
hasHttpDirectoryWithFiles = true;
}
if (requiredRootEntries.isEmpty() && hasHttpDirectoryWithFiles) {
break;
}
}
zipFile.close();
} catch (Exception ignored) {
}
return requiredRootEntries.isEmpty() && hasHttpDirectoryWithFiles;
}
}

76
src/main/java/hae/utils/project/model/HaeFileContent.java
View File

@@ -1,76 +0,0 @@
package hae.utils.project.model;
import burp.api.montoya.MontoyaApi;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
public class HaeFileContent {
private final MontoyaApi api;
private String host;
private String httpPath;
private final Map<String, List<String>> dataMap;
private final Map<String, Map<String, String>> urlMap;
public HaeFileContent(MontoyaApi api) {
this.api = api;
this.dataMap = new HashMap<>();
this.urlMap = new HashMap<>();
}
public String getHost() {
return host;
}
public Map<String, List<String>> getDataMap() {
return dataMap;
}
public Map<String, Map<String, String>> getUrlMap() {
return urlMap;
}
public String getHttpPath() {
return httpPath;
}
public void setHost(String host) {
this.host = host;
}
public void setHttpPath(String path) {
this.httpPath = path;
}
public void setDataMap(Map<String, List<Object>> dataMap) {
for (Map.Entry<String, List<Object>> entry : dataMap.entrySet()) {
List<String> values = new ArrayList<>();
for (Object value : entry.getValue()) {
try {
values.add(new String((byte[]) value, StandardCharsets.UTF_8));
} catch (Exception e) {
values.add(value.toString());
}
}
this.dataMap.put(entry.getKey(), values);
}
}
public void setUrlMap(Map<String, Map<String, Object>> urlMap) {
for (Map.Entry<String, Map<String, Object>> entry : urlMap.entrySet()) {
Map<String, String> newValues = new HashMap<>();
Map<String, Object> values = entry.getValue();
for (String key : values.keySet()) {
try {
newValues.put(key, new String((byte[]) values.get(key), StandardCharsets.UTF_8));
} catch (Exception e) {
newValues.put(key, values.get(key).toString());
}
}
this.urlMap.put(entry.getKey(), newValues);
}
}
}

3
src/main/java/hae/utils/rule/RuleProcessor.java
View File

@@ -2,6 +2,7 @@ package hae.utils.rule;
import burp.api.montoya.MontoyaApi; import burp.api.montoya.MontoyaApi;
import hae.Config; import hae.Config;
import hae.cache.DataCache;
import hae.utils.ConfigLoader; import hae.utils.ConfigLoader;
import hae.utils.rule.model.Group; import hae.utils.rule.model.Group;
import hae.utils.rule.model.Info; import hae.utils.rule.model.Info;
@@ -27,6 +28,8 @@ public class RuleProcessor {
} }
public void rulesFormatAndSave() { public void rulesFormatAndSave() {
DataCache.clear();
DumperOptions dop = new DumperOptions(); DumperOptions dop = new DumperOptions();
dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK); dop.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK);
Representer representer = new Representer(dop); Representer representer = new Representer(dop);

88
src/main/resources/rules/Rules.yml
View File

@@ -46,6 +46,24 @@ rules:
scope: response body scope: response body
engine: dfa engine: dfa
sensitive: false sensitive: false
- name: PDF.js Viewer
loaded: true
f_regex: (pdf.worker)
s_regex: ''
format: '{0}'
color: green
scope: response body
engine: dfa
sensitive: false
- name: Vite DevMode
loaded: true
f_regex: (/@vite/client)
s_regex: ''
format: '{0}'
color: red
scope: response body
engine: dfa
sensitive: true
- group: Maybe Vulnerability - group: Maybe Vulnerability
rule: rule:
- name: Java Deserialization - name: Java Deserialization
@@ -93,6 +111,24 @@ rules:
scope: request scope: request
engine: dfa engine: dfa
sensitive: false sensitive: false
- name: Passwd File
loaded: true
f_regex: (/root:/bin/bash)
s_regex: ''
format: '{0}'
color: red
scope: response body
engine: dfa
sensitive: true
- name: Win.ini File
loaded: true
f_regex: (for 16-bit app)
s_regex: ''
format: '{0}'
color: red
scope: response body
engine: dfa
sensitive: true
- group: Basic Information - group: Basic Information
rule: rule:
- name: Email - name: Email
@@ -115,7 +151,7 @@ rules:
sensitive: true sensitive: true
- name: Chinese Mobile Number - name: Chinese Mobile Number
loaded: true loaded: true
f_regex: '[^\w]((?:(?:\+|00)86)?1(?:(?:3[\d])|(?:4[5-79])|(?:5[0-35-9])|(?:6[5-7])|(?:7[0-8])|(?:8[\d])|(?:9[189]))\d{8})[^\w]' f_regex: '[^\w]((?:(?:\+|0{0,2})86)?1(?:(?:3[\d])|(?:4[5-79])|(?:5[0-35-9])|(?:6[5-7])|(?:7[0-8])|(?:8[\d])|(?:9[189]))\d{8})[^\w]'
s_regex: '' s_regex: ''
format: '{0}' format: '{0}'
color: orange color: orange
@@ -153,7 +189,7 @@ rules:
sensitive: false sensitive: false
- name: Windows File/Dir Path - name: Windows File/Dir Path
loaded: true loaded: true
f_regex: '[^\w](([a-zA-Z]:\\(?:\w+\\?)*)|([a-zA-Z]:\\(?:\w+\\)*\w+\.\w+))' f_regex: '[^\w]([a-zA-Z]:\\\\?(?:[^<>:/\\|?*]+\\\\?)*)([^<>:/\\|?*]+(?:\.[^<>:/\\|?*]+)?)'
s_regex: '' s_regex: ''
format: '{0}' format: '{0}'
color: green color: green
@@ -162,8 +198,9 @@ rules:
sensitive: true sensitive: true
- name: Password Field - name: Password Field
loaded: true loaded: true
f_regex: ((|'|")(|[\w]{1,10})([p](ass|wd|asswd|assword))(|[\w]{1,10})(|'|")(:|=)( f_regex: (((|\\)(|'|")(|[\.\w]{1,10})([p](ass|wd|asswd|assword))(|[\.\w]{1,10})(|\\)(|'|")(
|)('|")(.*?)('|")(|,)) |)(:|[=]{1,3}|![=]{1,2}|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})([p](ass|wd|asswd|assword))(|[\.\w]{1,10})(|\\)(|'|")))
s_regex: '' s_regex: ''
format: '{0}' format: '{0}'
color: yellow color: yellow
@@ -172,8 +209,9 @@ rules:
sensitive: false sensitive: false
- name: Username Field - name: Username Field
loaded: true loaded: true
f_regex: ((|'|")(|[\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\w]{1,10})(|'|")(:|=)( f_regex: (((|\\)(|'|")(|[\.\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\.\w]{1,10})(|\\)(|'|")(
|)('|")(.*?)('|")(|,)) |)(:|=|!=|[\)]{0,1}\.val\()( |)(|\\)('|")([^'"]+?)(|\\)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})(([u](ser|name|sername))|(account)|((((create|update)((d|r)|(by|on|at)))|(creator))))(|[\.\w]{1,10})(|\\)(|'|")))
s_regex: '' s_regex: ''
format: '{0}' format: '{0}'
color: green color: green
@@ -209,14 +247,26 @@ rules:
sensitive: false sensitive: false
- name: Sensitive Field - name: Sensitive Field
loaded: true loaded: true
f_regex: ((\[)?('|")?([\w]{0,10})((key)|(secret)|(token)|(config)|(auth)|(access)|(admin)|(ticket))([\w]{0,10})('|")?(\])?( f_regex: (((\[)?('|")?([\.\w]{0,10})(key|secret|token|config|auth|access|admin|ticket)([\.\w]{0,10})('|")?(\])?(
|)(:|=)( |)('|")(.*?)('|")(|,)) |)(:|=|!=|[\)]{0,1}\.val\()( |)('|")([^'"]+?)('|")(|,|\)))|((|\\)('|")([^'"]+?)(|\\)('|")(|\\)(|'|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})(key|secret|token|config|auth|access|admin|ticket)(|[\.\w]{1,10})(|\\)(|'|")))
s_regex: '' s_regex: ''
format: '{0}' format: '{0}'
color: yellow color: yellow
scope: response scope: response
engine: nfa engine: nfa
sensitive: false sensitive: false
- name: Mobile Number Field
loaded: true
f_regex: '(((|\\)(|''|")(|[\w]{1,10})(mobile|phone|sjh|shoujihao|concat)(|[\.\w]{1,10})(|\\)(|''|")(
|)(:|=|!=|[\)]{0,1}\.val\()( |)(|\\)(''|")([^''"]+?)(|\\)(''|")(|,|\)))|((|\\)(''|")([^''"]+?)(|\\)(''|")(|\\)(|''|")(
|)(:|[=]{1,3}|![=]{1,2})( |)(|[\.\w]{1,10})(mobile|phone|sjh|shoujihao|concat)(|[\.\w]{1,10})(|\\)(|''|"))) '
s_regex: ''
format: '{0}'
color: green
scope: response body
engine: nfa
sensitive: false
- group: Other - group: Other
rule: rule:
- name: Linkfinder - name: Linkfinder
@@ -237,15 +287,6 @@ rules:
scope: response body scope: response body
engine: dfa engine: dfa
sensitive: false sensitive: false
- name: HTML Notes
loaded: true
f_regex: (<!--.*?-->)
s_regex: ''
format: '{0}'
color: magenta
scope: response body
engine: nfa
sensitive: false
- name: Create Script - name: Create Script
loaded: true loaded: true
f_regex: (\{[^{}]*\}\s*\[[^\s]*\]\s*\+\s*"[^\s]*\.js") f_regex: (\{[^{}]*\}\s*\[[^\s]*\]\s*\+\s*"[^\s]*\.js")
@@ -257,7 +298,7 @@ rules:
sensitive: false sensitive: false
- name: URL Schemes - name: URL Schemes
loaded: true loaded: true
f_regex: ((?![http]|[https])(([-A-Za-z0-9]{1,20})://[-A-Za-z0-9+&@#/%?=~_|!:,.;]+[-A-Za-z0-9+&@#/%=~_|])) f_regex: (\b(?![\w]{0,10}?https?://)(([A-Za-z0-9-\.]{1,20})://([-\w+&@#/%?=~_|!:,.;]*[-\w+&@#/%=~_|])?))
s_regex: '' s_regex: ''
format: '{0}' format: '{0}'
color: yellow color: yellow
@@ -283,7 +324,7 @@ rules:
engine: nfa engine: nfa
sensitive: true sensitive: true
- name: Request URI - name: Request URI
loaded: true loaded: false
f_regex: ' ((?!.*\.js(\?.*)?$)(.*?[^.js$])) ' f_regex: ' ((?!.*\.js(\?.*)?$)(.*?[^.js$])) '
s_regex: '' s_regex: ''
format: '{0}' format: '{0}'
@@ -291,3 +332,12 @@ rules:
scope: request line scope: request line
engine: nfa engine: nfa
sensitive: false sensitive: false
- name: 302 Location
loaded: true
f_regex: 'Location: (.*?)\n'
s_regex: ''
format: '{0}'
color: gray
scope: response header
engine: nfa
sensitive: false