info tab逻辑更新

src/base/FindUrlAction.java

@@ -17,6 +17,7 @@
 import org.apache.commons.lang3.StringUtils;
 
 import com.bit4woo.utilbox.burp.HelperPlus;
+import com.bit4woo.utilbox.utils.IPAddressUtils;
 import com.bit4woo.utilbox.utils.SwingUtils;
 import com.bit4woo.utilbox.utils.TextUtils;
 import com.bit4woo.utilbox.utils.UrlUtils;
@@ -62,7 +63,7 @@ public FindUrlAction(BurpExtender burp, IContextMenuInvocation invocation) {
 		this.callbacks = BurpExtender.callbacks;
 	}
 
-	public static List<String> buildUrls(String baseurl, List<String> urlPath){
+	public static List<String> buildUrls(String baseurl, List<String> urlPath) {
 		List<String> result = new ArrayList<>();
 
 		for (String url : urlPath) {
@@ -73,7 +74,7 @@ public static List<String> buildUrls(String baseurl, List<String> urlPath){
 				result.add(url);
 				continue;
 			}
-			
+
 			if (url.startsWith("/")) {
 				url = url.replaceFirst("/", "");
 			}
@@ -104,7 +105,7 @@ public static void doSendRequest(List<String> full_urls, String refererToUse) {
 			} catch (Exception e) {
 				e.printStackTrace(BurpExtender.getStderr());
 			}
-			HashMap<String, String> headers = new HashMap<String,String>();
+			HashMap<String, String> headers = new HashMap<String, String>();
 			headers.put("Referer", refererToUse);
 			doRequest(inputQueue, headers);
 		} catch (Exception e1) {
@@ -122,10 +123,12 @@ public void run() {
 					return;
 				}
 				String originUrl = getOriginUrlOfMessage(messages[0]);
+				String referUrl = getReferUrlOfMessage(messages[0]);
+				String currentUrl = getFullUrlOfMessage(messages[0]);
 
 				List<String> urls = FindAllUrlsOfTarget(originUrl);
 
-				String baseurl = choseAndEditBaseURL(urls);
+				String baseurl = choseAndEditBaseURL(urls, referUrl, currentUrl);
 
 				if (null == baseurl) {
 					return;
@@ -143,7 +146,6 @@ public void run() {
 	}
 
 	/**
-	 * 
 	 * 根据当前web的originUrl找JS，特征就是referer以它开头
 	 *
 	 * @return
@@ -200,9 +202,9 @@ public static List<String> FindAllUrlsOfTarget(String originUrl) {
 				}
 			}
 		}
-		
+
 		Collections.sort(urls);
-		urls.add(0,originUrl);//把orginUrl放在最前面，它是baseUrl的概率比较高
+		urls.add(0, originUrl);//把orginUrl放在最前面，它是baseUrl的概率比较高
 		return urls;
 	}
 
@@ -217,9 +219,17 @@ public static String getOriginUrlOfMessage(IHttpRequestResponse message) {
 		return getOriginUrlOfMessage(message.getHttpService(), message.getRequest());
 	}
 
+	public static String getReferUrlOfMessage(IHttpRequestResponse message) {
+		return getReferUrlOfMessage(message.getHttpService(), message.getRequest());
+	}
+
+	public static String getFullUrlOfMessage(IHttpRequestResponse message) {
+		return getFullUrlOfMessage(message.getHttpService(), message.getRequest());
+	}
+
 	/**
-	 * 
 	 * 获取当前数据包的来源URL(OriginUrl),和请求包中的origin header是一个概念
+	 *
 	 * @param httpService
 	 * @param request
 	 * @return
@@ -239,6 +249,20 @@ public static String getOriginUrlOfMessage(IHttpService httpService, byte[] requ
 		}
 	}
 
+	public static String getReferUrlOfMessage(IHttpService httpService, byte[] request) {
+		HelperPlus getter = BurpExtender.getHelperPlus();
+
+		String current_referUrl = getter.getHeaderValueOf(true, request, "Referer");
+		return current_referUrl;
+	}
+
+
+	public static String getFullUrlOfMessage(IHttpService httpService, byte[] request) {
+		HelperPlus getter = BurpExtender.getHelperPlus();
+
+		String current_fullUrl = getter.getFullURL(httpService, request).toString();
+		return current_fullUrl;
+	}
 
 	public static List<String> findUrls(byte[] content) {
 		List<String> urls = new ArrayList<>();
@@ -276,7 +300,7 @@ public static List<String> findUrls(String content) {
 	 *
 	 * @param inputQueue
 	 */
-	public static void doRequest(BlockingQueue<RequestTask> inputQueue, HashMap<String,String> headers) {
+	public static void doRequest(BlockingQueue<RequestTask> inputQueue, HashMap<String, String> headers) {
 		if (CurrentProxy == null) {
 			CurrentProxy = Proxy.inputProxy();
 		}
@@ -311,24 +335,46 @@ public static int threadNumberShouldUse(int domainNum) {
 		}
 	}
 
-	public static List<String> findPossibleBaseURL(List<String> urls) {
+	public static List<String> findPossibleBaseURL(List<String> urls, String referUrl, String currentUrl) {
 		List<String> baseURLs = new ArrayList<>();
+
+		String referHost = "";
+		if (referUrl != null) {
+			referHost = UrlUtils.getHost(referUrl);
+		}
+
+		String currentHost = UrlUtils.getHost(currentUrl);
+
 		for (String tmpurl : urls) {
 			//这部分提取的是含有协议头的完整URL地址
 			if (tmpurl.toLowerCase().startsWith("http://")
 					|| tmpurl.toLowerCase().startsWith("https://")) {
-				if (!baseURLs.contains(tmpurl)) {
-					baseURLs.add(tmpurl);
+				String host = UrlUtils.getHost(tmpurl);
+				if (TextUtils.calculateSimilarity(referHost, host) > 0.5 || TextUtils.calculateSimilarity(currentHost, host) > 0.5) {
+					if (!baseURLs.contains(tmpurl)) {
+						baseURLs.add(tmpurl);
+					}
+				}
+
+				if (IPAddressUtils.isValidIPv4MayPort(host)) {
+					if (!baseURLs.contains(tmpurl)) {
+						baseURLs.add(tmpurl);
+					}
 				}
 			}
 		}
 		Collections.sort(baseURLs);
 		return baseURLs;
 	}
 
-
-	public static String choseAndEditBaseURL(List<String> inputs) {
-		inputs = findPossibleBaseURL(inputs);
+	/**
+	 * @param inputs
+	 * @param referUrl   当前数据包的refer
+	 * @param currentUrl 当前查找到url path数据包的URL
+	 * @return
+	 */
+	public static String choseAndEditBaseURL(List<String> inputs, String referUrl, String currentUrl) {
+		inputs = findPossibleBaseURL(inputs, referUrl, currentUrl);
 
 		int n = inputs.size() + 1;
 		String[] possibleValues = new String[n];
@@ -391,26 +437,27 @@ public static List<String> cleanUrls(List<String> urls) {
 		}
 		return urls;
 	}
-	
+
 	public static List<String> removeJsUrl(List<String> urls) {
 
 		urls = TextUtils.deduplicate(urls);
 		Iterator<String> it = urls.iterator();
 		while (it.hasNext()) {
 			String urlItem = it.next();
 			// 仅在判断中去除参数和片段
-	        String cleanUrl = urlItem.split("\\?")[0].split("#")[0];
-
-	        // 判断是否以指定后缀结尾
-	        if (cleanUrl.endsWith(".js") || cleanUrl.endsWith(".vue") || cleanUrl.endsWith(".scss")) {
-	            it.remove();
-	        }
-
-	        if (cleanUrl.contains("node_modules")) {
-	            it.remove();
-	        }
-
+			String cleanUrl = urlItem.split("\\?")[0].split("#")[0];
+
+			// 判断是否以指定后缀结尾
+			if (cleanUrl.endsWith(".js") || cleanUrl.endsWith(".vue") || cleanUrl.endsWith(".scss")) {
+				it.remove();
+			} else if (cleanUrl.contains("node_modules")) {
+				it.remove();
+			}
 		}
 		return urls;
 	}
+
+	public static void main(String[] args) {
+
+	}
 }

src/base/MimeTypesList.java

@@ -44,7 +44,7 @@ public static List<String> genMIMETypeListAsPathBlackList() {
         	}
 
             String item  =typeStr+"/"+subTypeStr;
-            System.out.println(item);
+            //System.out.println(item);
 
             if (!result.contains(item)) {
             	result.add(item);

src/messageTab/Info/InfoPanel.java

@@ -23,11 +23,23 @@ public class InfoPanel extends JPanel {
     private final JLabel statusLabel = new JLabel("   0 matches");
     boolean isRequest;
 
-    InfoTable table;
+    public static JPanel headPanel;
+    public InfoTable table;
 	private InfoTab InfoTab;
 
 
-    public InfoTab getInfoTab() {
+
+    public static JPanel getHeadPanel() {
+		return headPanel;
+	}
+
+
+	public static void setHeadPanel(JPanel headPanel) {
+		InfoPanel.headPanel = headPanel;
+	}
+
+
+	public InfoTab getInfoTab() {
 		return InfoTab;
 	}
 
@@ -52,8 +64,8 @@ public void setTable(InfoTable table) {
         setBorder(new EmptyBorder(5, 5, 5, 5));
         setLayout(new BorderLayout(0, 0));
 
-        JPanel buttonPanel = new JPanel(new FlowLayout(FlowLayout.CENTER));
-        add(buttonPanel, BorderLayout.NORTH);
+        headPanel = new InfoPanelHeadPanel();
+        add(headPanel, BorderLayout.NORTH);
 
         InfoTableModel model = new InfoTableModel();
         table = new InfoTable(model,this);

src/messageTab/Info/InfoPanelHeadPanel.java

@@ -0,0 +1,26 @@
+package messageTab.Info;
+
+import java.awt.FlowLayout;
+
+import javax.swing.JLabel;
+import javax.swing.JPanel;
+
+public class InfoPanelHeadPanel extends JPanel {
+
+	JLabel baseUrllabelKey = new JLabel("Base URL: ");
+	JLabel baseUrllabelValue = new JLabel("");
+
+	public InfoPanelHeadPanel(){
+	    this.setLayout(new FlowLayout(FlowLayout.CENTER));
+	    this.add(baseUrllabelKey);
+	    this.add(baseUrllabelValue);
+
+	}
+
+	public void setBaseUrl(String url) {
+		if (url!=null) {
+			baseUrllabelValue.setText(url);
+		}
+	}
+
+}

src/messageTab/Info/InfoTab.java

@@ -143,6 +143,11 @@ protected Void doInBackground() throws Exception {
 						InfoEntry aaa = new InfoEntry(email, InfoEntry.Type_Email);
 						((InfoPanel) panel).getTable().getInfoTableModel().addNewInfoEntry(aaa);
 					}
+
+					if (((InfoPanel) panel).getTable().getInfoTableModel().getRowCount()==0) {
+						InfoEntry aaa = new InfoEntry("No Info To Display", InfoEntry.Type_URL);
+						((InfoPanel) panel).getTable().getInfoTableModel().addNewInfoEntry(aaa);
+					}
 
 					return null;
 				}

src/messageTab/Info/InfoTable.java

@@ -123,7 +123,8 @@ public void mouseClicked(MouseEvent e) {
 					InfoTable target = (InfoTable) e.getSource();
 					int row = target.getSelectedRow();
 					int column = target.getSelectedColumn();
-
+
+					if (column ==-1) return;
 					//双击浏览器打开url
 					if (headers[column].equalsIgnoreCase("Value")) {//双击url在浏览器中打开
 						try {
@@ -172,13 +173,31 @@ public String getOriginUrl() {
 		return FindUrlAction.getOriginUrlOfMessage(controller.getHttpService(), controller.getRequest());
 	}
 
+	public String getReferUrl() {
+		IMessageEditorController controller = infoPanel.getInfoTab().getController();
+		return FindUrlAction.getReferUrlOfMessage(controller.getHttpService(), controller.getRequest());
+	}
+
+	public String getFullUrl() {
+		IMessageEditorController controller = infoPanel.getInfoTab().getController();
+		return FindUrlAction.getFullUrlOfMessage(controller.getHttpService(), controller.getRequest());
+	}
+
+
 	public List<String> getAllUrlsOfTarget() {
 		IMessageEditorController controller = infoPanel.getInfoTab().getController();
 		return FindUrlAction.FindAllUrlsOfTarget(controller.getHttpService(), controller.getRequest(), controller.getResponse());
 	}
-
+
+	/**
+	 * 增加基于refer和当前URL的过滤
+	 * @param allUrlsOfTarget
+	 * @return
+	 */
 	public String choseBaseUrlToRequest(List<String> allUrlsOfTarget) {
-		return FindUrlAction.choseAndEditBaseURL(allUrlsOfTarget);
+		String referUrl = getReferUrl();
+		String currentUrl = getFullUrl();
+		return FindUrlAction.choseAndEditBaseURL(allUrlsOfTarget,referUrl,currentUrl);
 	}
 	/**
 	 * 从已有记录中直接获取【构建URL所需要的基准URL（BaseURL）】，或者从数据包中查找并选择 

src/messageTab/Info/InfoTableMenu.java

@@ -40,10 +40,12 @@ public void actionPerformed(ActionEvent actionEvent) {
 			public void actionPerformed(ActionEvent actionEvent) {
 				String originUrl = infoTable.getOriginUrl();
 				List<String> allUrlsOfTarget = infoTable.getAllUrlsOfTarget();
+
 				String baseurl = infoTable.choseBaseUrlToRequest(allUrlsOfTarget);
 
 				if (StringUtils.isNotEmpty(originUrl) && StringUtils.isNotEmpty(baseurl)) {
 					FindUrlAction.httpServiceBaseUrlMap.put(originUrl, baseurl);
+					((InfoPanelHeadPanel)(InfoPanel.getHeadPanel())).setBaseUrl(baseurl);
 				}
 			}
 		});
@@ -59,7 +61,9 @@ public void actionPerformed(ActionEvent actionEvent) {
 
 				if (StringUtils.isNotEmpty(originUrl) && StringUtils.isNotEmpty(baseurl)) {
 					FindUrlAction.httpServiceBaseUrlMap.put(originUrl, baseurl);
+					((InfoPanelHeadPanel)(InfoPanel.getHeadPanel())).setBaseUrl(baseurl);
 				}
+
 			}
 		});