Skip to content

Commit

Permalink
Merge pull request #13 from bit4woo/dev
Browse files Browse the repository at this point in the history 
to release v1.5
  • Loading branch information
@bit4woo
bit4woo authored Aug 15, 2019
2 parents 5aacc5e + 247b526 commit 65dc8ec
Show file tree
Hide file tree
Showing 13 changed files with 279 additions and 229 deletions.
4 changes: 4 additions & 0 deletions README-zh.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,10 @@
SQLMap-Options --- sqlmap命令的额外参数
![runsqlmap](img/runsqlmap.gif)

9. Insert XSS

一键对当前数据包中非数字型和非cookie的参数插入XSS payload

##### Tab

1. U2C
Expand Down
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ A extension that add some small function[ one key to update cookie, one key add

One key to run sqlmap with current selected request.

9. Insert XSS

One key to insert XSS payload to parameters that not in cookie and not number.

##### Tab

1. U2C
Expand Down
25 changes: 23 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,15 @@
</properties>
<modelVersion>4.0.0</modelVersion>
<groupId>com.bit4woo.burp</groupId>
<version>1.4</version>
<version>1.5</version>

<repositories>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>

<build>
<sourceDirectory>src</sourceDirectory>
<plugins>
Expand Down Expand Up @@ -60,6 +68,12 @@
<version>1.7.22</version>
</dependency>

<dependency>
<groupId>com.github.bit4woo</groupId>
<artifactId>burp-api-common</artifactId>
<version>v0.0.6</version>
</dependency>

<!-- https://mvnrepository.com/artifact/commons-codec/commons-codec <dependency>
<groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.11</version>
</dependency> -->
Expand All @@ -69,7 +83,7 @@
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.51</version>
<version>1.2.58</version>
</dependency>

<!-- Files -->
Expand Down Expand Up @@ -107,6 +121,13 @@
<version>2.3.1</version>
</dependency>

<!-- https://mvnrepository.com/artifact/org.json/json -->
<dependency>
<groupId>org.json</groupId>
<artifactId>json</artifactId>
<version>20180813</version>
</dependency>


</dependencies>

Expand Down
2 changes: 1 addition & 1 deletion src/U2C/JSONBeautifier.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public void setMessage(byte[] content, boolean isRequest)
//Take the input, determine request/response, parse as json, then print prettily.
Gson gson = new GsonBuilder().setPrettyPrinting().disableHtmlEscaping().serializeNulls().create();
//Get only the JSON part of the content
byte[] body = new Getter().getBody(isRequest, content);
byte[] body = new Getter(helpers).getBody(isRequest, content);
try {
JsonParser jp = new JsonParser();
JsonElement je = jp.parse(new String(body));
Expand Down
8 changes: 8 additions & 0 deletions src/U2C/U2CTab.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

import org.apache.commons.text.StringEscapeUtils;

import burp.BurpExtender;
import burp.IBurpExtenderCallbacks;
import burp.IExtensionHelpers;
import burp.IMessageEditorController;
Expand Down Expand Up @@ -38,6 +39,13 @@ public Component getUiComponent()
@Override
public boolean isEnabled(byte[] content, boolean isRequest)
{
try {
if (BurpExtender.jsonBeautifier.isEnabled(content, isRequest)) {
return false;
}
} catch (Exception e) {

}

if(content!=null && !isRequest && needtoconvert(new String(content))) {
originContent = content;
Expand Down
50 changes: 37 additions & 13 deletions src/burp/BurpExtender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,18 @@
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.util.*;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.swing.JMenu;
import javax.swing.JMenuItem;

import com.alibaba.fastjson.JSON;

import U2C.JSONBeautifier;
Expand All @@ -29,7 +35,19 @@
import hackbar.WebShell_Menu;
import hackbar.XSS_Menu;
import hackbar.XXE_Menu;
import knife.*;
import knife.AddHostToScopeMenu;
import knife.ChunkedEncodingMenu;
import knife.CookieUtils;
import knife.DismissMenu;
import knife.HeaderEntry;
import knife.InsertXSSMenu;
import knife.OpenWithBrowserMenu;
import knife.RunSQLMap;
import knife.SetCookieMenu;
import knife.SetCookieWithHistoryMenu;
import knife.UpdateCookieMenu;
import knife.UpdateCookieWithHistoryMenu;
import knife.UpdateHeaderMenu;

public class BurpExtender extends GUI implements IBurpExtender, IContextMenuFactory, ITab, IHttpListener,IProxyListener,IExtensionStateListener {

Expand All @@ -44,6 +62,7 @@ public class BurpExtender extends GUI implements IBurpExtender, IContextMenuFact
public PrintWriter stderr;
public IContextMenuInvocation context;
public int proxyServerIndex=-1;
public static JSONBeautifier jsonBeautifier;


@Override
Expand All @@ -67,11 +86,14 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
}
table.setupTypeColumn();//call this function must after table data loaded !!!!


jsonBeautifier = new JSONBeautifier(null, false, helpers, callbacks);

//各项数据初始化完成后在进行这些注册操作,避免插件加载时的空指针异常
callbacks.setExtensionName(this.ExtensionName);
callbacks.registerContextMenuFactory(this);// for menus
callbacks.registerMessageEditorTabFactory(new U2CTab(null, false, helpers, callbacks));// for U2C
callbacks.registerMessageEditorTabFactory(new JSONBeautifier(null, false, helpers, callbacks));
callbacks.registerMessageEditorTabFactory(jsonBeautifier);
callbacks.addSuiteTab(BurpExtender.this);
callbacks.registerHttpListener(this);
callbacks.registerProxyListener(this);
Expand Down Expand Up @@ -100,6 +122,10 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {

if (context == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST) {

if (this.tableModel.getConfigByKey("XSS-Payload")!=null){
menu_list.add(new InsertXSSMenu(this));
}

menu_list.add(new UpdateCookieMenu(this));
if (this.config.getUsedCookie()!=null){
menu_list.add(new UpdateCookieWithHistoryMenu(this));
Expand Down Expand Up @@ -200,7 +226,9 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
if (cookieToSetMap != null && !cookieToSetMap.isEmpty()){//第二次调用如果cookie不为空,就走到这里

IHttpRequestResponse messageInfo = message.getMessageInfo();
String CurrentUrl = messageInfo.getHttpService().toString();
//String CurrentUrl = messageInfo.getHttpService().toString();//这个方法获取到的url包含默认端口!
Getter getter = new Getter(helpers);
String CurrentUrl = getter.getShortUrl(messageInfo);
//stderr.println(CurrentUrl+" "+targetUrl);
HeaderEntry cookieToSet = cookieToSetMap.get(CurrentUrl);
if (cookieToSet != null){
Expand All @@ -212,7 +240,6 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
byte[] newRequest = CookieUtils.updateCookie(messageInfo,cookieValue);
messageInfo.setRequest(newRequest);
}else {
Getter getter = new Getter(helpers);
List<String> responseHeaders = getter.getHeaderList(false,messageInfo);
byte[] responseBody = getter.getBody(false,messageInfo);
List<String> setHeaders = GetSetCookieHeaders(cookieValue);
Expand Down Expand Up @@ -240,10 +267,7 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ

URL url = getter.getURL(messageInfo);
String host = getter.getHost(messageInfo);
String path = url.getPath();
String firstLineOfHeader = getter.getHeaderFirstLine(messageIsRequest,messageInfo);
LinkedHashMap headers = getter.getHeaderHashMap(messageIsRequest,messageInfo);
IHttpService service = messageInfo.getHttpService();
LinkedHashMap<String, String> headers = getter.getHeaderMap(messageIsRequest,messageInfo);
byte[] body = getter.getBody(messageIsRequest,messageInfo);

boolean isRequestChanged = false;
Expand Down Expand Up @@ -332,8 +356,9 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
int port = Integer.parseInt(proxyList.get(proxyServerIndex).split(":")[1].trim());

messageInfo.setHttpService(helpers.buildHttpService(proxyhost, port, messageInfo.getHttpService().getProtocol()));

firstLineOfHeader = firstLineOfHeader.replaceFirst(path, url.toString().split("\\?",0)[0]);

String method = helpers.analyzeRequest(messageInfo).getMethod();
headers.put(method, url.toString());
isRequestChanged = true;
//success or failed,need to check?
}
Expand All @@ -344,7 +369,7 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
}
if (isRequestChanged){
//set final request
List<String> headerList = getter.HeaderMapToList(firstLineOfHeader,headers);
List<String> headerList = getter.headerMapToHeaderList(headers);
messageInfo.setRequest(helpers.buildHttpMessage(headerList,body));
}

Expand Down Expand Up @@ -396,5 +421,4 @@ public boolean isDismissedHost(String host){
return false;
}


}
Loading

0 comments on commit 65dc8ec

Please sign in to comment.