package burp;
import java.awt.Color;
import java.awt.Component;
import java.awt.FlowLayout;
import java.awt.event.FocusEvent;
import java.awt.event.FocusListener;
import java.awt.event.ItemEvent;
import java.awt.event.ItemListener;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.swing.ButtonGroup;
import javax.swing.JCheckBox;
import javax.swing.JLabel;
import javax.swing.JOptionPane;
import javax.swing.JPanel;
import javax.swing.JRadioButton;
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.JTabbedPane;
import javax.swing.JTable;
import javax.swing.JTextField;
import javax.swing.SwingUtilities;
import javax.swing.table.AbstractTableModel;
import javax.swing.table.TableModel;
import java.io.PrintWriter;
public class BurpExtender extends AbstractTableModel implements IBurpExtender,
ITab, IMessageEditorController, IHttpListener {
private IBurpExtenderCallbacks callbacks;
private IExtensionHelpers helpers;
private JSplitPane splitPane;
private IMessageEditor requestViewer;
private IMessageEditor responseViewer;
private final List<LogEntry> log = new ArrayList<LogEntry>();
private IHttpRequestResponse currentlyDisplayedItem;
private PrintWriter stdout;
private boolean isOpen = true;// 锟斤拷锟斤拷欠锟斤拷锟叫�
private String hostFilter ="";
private String customHeaderNameValue ="";
private String customParaNameValue ="";
private String customJsonParaNameValue = "";
@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) {
this.callbacks = callbacks;
// PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true);
this.stdout = new PrintWriter(callbacks.getStdout(), true);
helpers = callbacks.getHelpers();
callbacks.setExtensionName("Random X-forward-For"); // 锟斤拷锟斤拷锟斤拷锟�
// 锟斤拷始锟斤拷锟斤拷锟皆讹拷锟斤拷UI
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
// 锟斤拷锟斤拷锟�
splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
JTabbedPane topTabs = new JTabbedPane();
// HistoryLog 锟斤拷图
Table logTable = new Table(BurpExtender.this);
JScrollPane scrollPane = new JScrollPane(logTable);
// 锟斤拷锟斤拷锟斤拷options锟斤拷锟斤拷示锟斤拷锟�
JPanel optionsPanel = BurpExtender.this.createOptionsPanel();
// 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷习氩匡拷锟斤拷校锟斤拷锟斤拷锟斤拷锟絫ab页
topTabs.add("Options", optionsPanel);
topTabs.add("HistoryLog", scrollPane);
splitPane.setLeftComponent(topTabs);
// request/response 锟斤拷图
JTabbedPane tabs = new JTabbedPane();
requestViewer = callbacks.createMessageEditor(
BurpExtender.this, false);
responseViewer = callbacks.createMessageEditor(
BurpExtender.this, false);
// 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷掳氩匡拷锟斤拷校锟斤拷锟斤拷锟斤拷锟絫ab页
tabs.addTab("Request", requestViewer.getComponent());
tabs.addTab("Response", responseViewer.getComponent());
splitPane.setRightComponent(tabs);
// 锟皆讹拷锟斤拷锟皆硷拷锟斤拷锟斤拷锟�
callbacks.customizeUiComponent(splitPane);
callbacks.customizeUiComponent(topTabs);
callbacks.customizeUiComponent(tabs);
// 锟斤拷Burp锟斤拷锟斤拷远锟斤拷锟斤拷锟斤拷锟絫ab页
callbacks.addSuiteTab(BurpExtender.this);
// 注锟斤拷HTTP listener
callbacks.registerHttpListener(BurpExtender.this);
}
});
}
@Override
public void processHttpMessage(int toolFlag, boolean messageIsRequest,
IHttpRequestResponse messageInfo) {
//锟斤拷锟斤拷锟斤拷未锟斤拷锟矫o拷锟斤拷锟斤拷锟斤拷锟斤拷执锟斤拷
if (!isOpen)return;
// this.stdout.println("ddddd");
try {
// 锟斤拷同锟斤拷toolflag锟斤拷锟斤拷锟剿诧拷同锟斤拷burp锟斤拷锟斤拷锟斤拷锟絀NTRUDER,SCANNER,PROXY,SPIDER
if (toolFlag == callbacks.TOOL_PROXY || toolFlag == callbacks.TOOL_INTRUDER
|| toolFlag == callbacks.TOOL_SCANNER || toolFlag == callbacks.TOOL_SPIDER) {
if (messageIsRequest) { // 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷写锟斤拷锟�
IRequestInfo analyzeRequest = helpers
.analyzeRequest(messageInfo); // 锟斤拷锟斤拷息锟斤拷锟斤拷薪锟斤拷锟�
String request = new String(messageInfo.getRequest());
byte[] body = request.substring(
analyzeRequest.getBodyOffset()).getBytes();
//锟斤拷取http锟斤拷锟斤拷头锟斤拷锟斤拷息锟斤拷锟斤拷锟斤拷headers锟斤拷锟斤拷锟斤拷锟叫憋拷
List<String> headers = analyzeRequest.getHeaders();
if(! customHeaderNameValue.isEmpty()){
// String oneHeaderString = customHeaderName + ":" + customHeaderValue;
headers.add(customHeaderNameValue);
}
if (!customParaNameValue.isEmpty()){
String bodyString = new String (body);
String newbodyString = MyHelp.replacePara( bodyString, customParaNameValue);
body = newbodyString.getBytes();
}
if (!customJsonParaNameValue.isEmpty()){
String bodyString = new String (body);
String newbodyString = MyHelp.replaceJsonPara( bodyString, customJsonParaNameValue);
body = newbodyString.getBytes();
}
//锟斤拷锟斤拷锟斤拷装锟斤拷锟斤拷锟斤拷息
byte[] newRequest = helpers.buildHttpMessage(headers, body);
messageInfo.setRequest(newRequest);// 锟斤拷锟斤拷锟斤拷锟斤拷锟铰碉拷锟斤拷锟斤拷锟�
}
//锟斤拷锟斤拷锟较拷锟紿istoryLog锟斤拷录锟叫o拷锟斤拷UI锟斤拷示锟斤拷
synchronized (log) {
int row = log.size();
// if(messageInfo == null ) return ;
byte [] test = messageInfo.getResponse();
if (test == null){
// this.stdout.println("nullll");
return ;
}
// IHttpService httpService = messageInfo.getHttpService();
String host = messageInfo.getHttpService().getHost();
this.stdout.println("host:" + host);
if (!hostFilter.equals(""))
{
if( host.indexOf(hostFilter) == -1){
return ;
}
}
short httpcode = helpers.analyzeResponse(
messageInfo.getResponse()).getStatusCode();
log.add(new LogEntry(toolFlag, callbacks
.saveBuffersToTempFiles(messageInfo), helpers
.analyzeRequest(messageInfo).getUrl(), httpcode));
fireTableRowsInserted(row, row);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 锟斤拷锟斤拷options锟斤拷图锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷
* @return options 锟斤拷图锟斤拷锟斤拷
* @author t0data 2016-11-18 锟斤拷锟斤拷5:51:45
*/
public JPanel createOptionsPanel() {
final JPanel optionsPanel = new JPanel();
optionsPanel.setLayout(new FlowLayout());
//锟角凤拷锟斤拷锟斤拷X-forward-For锟斤拷选锟斤拷
final JCheckBox isOpenCheck = new JCheckBox("globalSwitch", false);
JLabel hostFilterLabel = new JLabel("<html> host filter name</html>");
final JTextField hostFilterText = new JTextField("", 15);
JLabel customHeaderLabel = new JLabel("<html> header name:value</html>");
final JTextField customHeaderText = new JTextField("", 20);
JLabel customParaLabel = new JLabel("<html> custom para name=value</html>");
final JTextField customParaText = new JTextField("", 20);
JLabel customJsonParaLabel = new JLabel("<html> custom json name:value</html>");
final JTextField customJsonText = new JTextField("", 20);
//为锟斤拷选锟斤拷偷锟窖★拷锟脚ワ拷锟接硷拷锟斤拷锟铰硷拷
isOpenCheck.addItemListener(new ItemListener() {
public void itemStateChanged(ItemEvent e) {
if (isOpenCheck.isSelected()) {
isOpen = true;
} else {
isOpen = false;
}
}
});
hostFilterText.addFocusListener(new FocusListener() {
@Override
public void focusLost(FocusEvent e) {
// TODO Auto-generated method stub
hostFilter = hostFilterText.getText().toString();
}
@Override
public void focusGained(FocusEvent e) {
// TODO Auto-generated method stub
}
});
customHeaderText.addFocusListener(new FocusListener() {
@Override
public void focusLost(FocusEvent e) {
// TODO Auto-generated method stub
customHeaderNameValue = customHeaderText.getText().toString();
}
@Override
public void focusGained(FocusEvent e) {
// TODO Auto-generated method stub
}
});
customParaText.addFocusListener(new FocusListener() {
@Override
public void focusLost(FocusEvent e) {
// TODO Auto-generated method stub
customParaNameValue = customParaText.getText().toString();
}
@Override
public void focusGained(FocusEvent e) {
// TODO Auto-generated method stub
}
});
customJsonText.addFocusListener(new FocusListener() {
@Override
public void focusLost(FocusEvent e) {
// TODO Auto-generated method stub
customJsonParaNameValue = customJsonText.getText().toString();
}
@Override
public void focusGained(FocusEvent e) {
// TODO Auto-generated method stub
}
});
optionsPanel.add(isOpenCheck);
optionsPanel.add(hostFilterLabel);
optionsPanel.add(hostFilterText);
optionsPanel.add(customHeaderLabel);
optionsPanel.add(customHeaderText);
optionsPanel.add(customParaLabel);
optionsPanel.add(customParaText);
optionsPanel.add(customJsonParaLabel);
optionsPanel.add(customJsonText);
return optionsPanel;
}
/**
* IP值锟斤拷锟缴猴拷锟斤拷
* @param isAuto 锟角凤拷锟皆讹拷锟斤拷锟斤拷
* @return IP值
* @author t0data 2016-11-18 锟斤拷锟斤拷5:56:09
*/
@Override
public String getTabCaption() {
return "Logger-for-xxx";
}
@Override
public Component getUiComponent() {
return splitPane;
}
@Override
public int getRowCount() {
return log.size();
}
@Override
public int getColumnCount() {
return 3;
}
@Override
public String getColumnName(int columnIndex) {
switch (columnIndex) {
case 0:
return "Tool";
case 1:
return "URL";
case 2:
return "STATUS";
default:
return "";
}
}
@Override
public Class<?> getColumnClass(int columnIndex) {
return String.class;
}
@Override
public Object getValueAt(int rowIndex, int columnIndex) {
LogEntry logEntry = log.get(rowIndex);
switch (columnIndex) {
case 0:
return callbacks.getToolName(logEntry.tool);
case 1:
return logEntry.url.toString();
case 2:
return logEntry.httpCode;
default:
return "";
}
}
//
// implement IMessageEditorController
// this allows our request/response viewers to obtain details about the
// messages being displayed
//
@Override
public byte[] getRequest() {
return currentlyDisplayedItem.getRequest();
}
@Override
public byte[] getResponse() {
return currentlyDisplayedItem.getResponse();
}
@Override
public IHttpService getHttpService() {
return currentlyDisplayedItem.getHttpService();
}
//
// extend JTable to handle cell selection
//
private class Table extends JTable {
public Table(TableModel tableModel) {
super(tableModel);
}
@Override
public void changeSelection(int row, int col, boolean toggle,
boolean extend) {
// show the log entry for the selected row
LogEntry logEntry = log.get(row);
requestViewer.setMessage(logEntry.requestResponse.getRequest(),
true);
responseViewer.setMessage(logEntry.requestResponse.getResponse(),
false);
currentlyDisplayedItem = logEntry.requestResponse;
super.changeSelection(row, col, toggle, extend);
}
}
//
// class to hold details of each log entry
//
private static class LogEntry {
final int tool;
final IHttpRequestResponsePersisted requestResponse;
final URL url;
final short httpCode;
LogEntry(int tool, IHttpRequestResponsePersisted requestResponse,
URL url, short httpCode) {
this.tool = tool;
this.requestResponse = requestResponse;
this.url = url;
this.httpCode = httpCode;
}
}
}
package burp;
import java.io.PrintWriter;
public class MyHelp {
public static void main(String[] args) {
// TODO Auto-generated method stub PrintWriter out ,
replaceJsonPara("[{\"tttttt\":1,\"bbb\":\"ttt\"},{\"ttt\":1}]", "tttttt:2");
// replacePara("username=aaa&value=bbb&token=ccc", "value=ddd");
}
public static String replaceJsonPara(String str, String nameAndValue) {
System.out.print(str);
String[] sArray=nameAndValue.split(":") ;
String name = sArray[0];
String value =sArray[1];
if (str.indexOf(name) == -1) return str;
int start = str.indexOf(name);
int end = str.indexOf(",", start);
String newstrString = str.substring(0, start) + name + "\":" + value + str.substring(end) ;
System.out.print(newstrString);
return newstrString;
}
public static String replacePara(String str, String nameAndValue){
String[] sArray=nameAndValue.split("=") ;
String name = sArray[0];
String value =sArray[1];
System.out.println("name " + name);
System.out.println("value " + value);
if (str.indexOf(name) == -1) return str;
System.out.println("dddddd111");
// System.out.println(str[2:]);
int start = str.indexOf(name);
int end = str.indexOf("&", start);
String newstrString = "";
if (end == -1){
newstrString = str.substring(0, start) + name +"=" + value ;
}else
{
newstrString = str.substring(0, start) + name +"=" + value + str.substring(end);
}
System.out.println("dddd:" + newstrString);
return newstrString;
}
}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<script src="jquery.js" > </script>
</head>
<body>
<button id="button"> kjjj</button>
<script>
$("button").click(function() {
console.log("ddddd1111");
var data =[{'aaa':1,'bbb':'ttt'},{'ttt':1}];
$.ajax({
url: '/testJson.php',
type: 'POST',
dataType: 'json',
contentType: 'application/json;charset=UTF-8',
data: JSON.stringify(data),
success: function (data, status) {
console.log(data);
}
});
})
</script>
</body>
</html>
2129
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
