引入 MontoyaAPI 依赖包；兼容 HaE 3.0 版本；更新版本号为 1.6.0

pom.xml

@@ -6,11 +6,11 @@
 
     <groupId>burp.vaycore</groupId>
     <artifactId>onescan</artifactId>
-    <version>1.5.2</version>
+    <version>1.6.0</version>
 
     <properties>
         <plugin.name>OneScan</plugin.name>
-        <jdk.version>8</jdk.version>
+        <jdk.version>17</jdk.version>
         <maven.compiler.source>${jdk.version}</maven.compiler.source>
         <maven.compiler.target>${jdk.version}</maven.compiler.target>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -22,6 +22,11 @@
             <artifactId>burp-extender-api</artifactId>
             <version>2.3</version>
         </dependency>
+        <dependency>
+            <groupId>net.portswigger.burp.extensions</groupId>
+            <artifactId>montoya-api</artifactId>
+            <version>2023.12.1</version>
+        </dependency>
 
         <dependency>
             <groupId>com.google.code.gson</groupId>
@@ -43,7 +48,7 @@
             <plugin>
                 <artifactId>maven-assembly-plugin</artifactId>
                 <configuration>
-                    <finalName>${plugin.name}-v${version}-jdk${jdk.version}</finalName>
+                    <finalName>${plugin.name}-v${version}</finalName>
                     <appendAssemblyId>false</appendAssemblyId>
                     <descriptorRefs>
                         <descriptorRef>jar-with-dependencies</descriptorRef>

src/main/java/burp/BurpExtender.java

@@ -1,10 +1,10 @@
 package burp;
 
+import burp.hae.HaE;
 import burp.vaycore.common.helper.DomainHelper;
 import burp.vaycore.common.helper.QpsLimiter;
 import burp.vaycore.common.log.Logger;
 import burp.vaycore.common.utils.*;
-import burp.vaycore.hae.HaE;
 import burp.vaycore.onescan.OneScan;
 import burp.vaycore.onescan.bean.FpData;
 import burp.vaycore.onescan.bean.TaskData;

src/main/java/burp/vaycore/hae/BurpCallbacksAdapter.java → src/main/java/burp/hae/BurpCallbacksAdapter.java

@@ -1,4 +1,4 @@
-package burp.vaycore.hae;
+package burp.hae;
 
 import burp.*;
 
@@ -57,12 +57,12 @@ public OutputStream getStderr() {
 
     @Override
     public void printOutput(String s) {
-
+        callbacks.printOutput(s);
     }
 
     @Override
     public void printError(String s) {
-
+        callbacks.printError(s);
     }
 
     @Override
@@ -343,12 +343,12 @@ public void doPassiveScan(String s, int i, boolean b, byte[] bytes, byte[] bytes
 
     @Override
     public IHttpRequestResponse makeHttpRequest(IHttpService iHttpService, byte[] bytes) {
-        return null;
+        return this.callbacks.makeHttpRequest(iHttpService, bytes);
     }
 
     @Override
     public IHttpRequestResponse makeHttpRequest(IHttpService iHttpService, byte[] bytes, boolean b) {
-        return null;
+        return this.callbacks.makeHttpRequest(iHttpService, bytes, b);
     }
 
     @Override
@@ -378,7 +378,7 @@ public byte[] makeHttp2Request(IHttpService iHttpService, List<IHttpHeader> list
 
     @Override
     public boolean isInScope(URL url) {
-        return false;
+        return this.callbacks.isInScope(url);
     }
 
     @Override
@@ -468,7 +468,7 @@ public void setProxyInterceptionEnabled(boolean b) {
 
     @Override
     public String[] getBurpVersion() {
-        return new String[0];
+        return this.callbacks.getBurpVersion();
     }
 
     public void setExtensionFilename(String filename) {

src/main/java/burp/vaycore/hae/HaE.java → src/main/java/burp/hae/HaE.java

@@ -1,8 +1,24 @@
-package burp.vaycore.hae;
+package burp.hae;
 
 import burp.*;
+import burp.api.montoya.BurpExtension;
+import burp.api.montoya.MontoyaApi;
+import burp.api.montoya.core.Annotations;
+import burp.api.montoya.core.ByteArray;
+import burp.api.montoya.core.HighlightColor;
+import burp.api.montoya.core.ToolType;
+import burp.api.montoya.http.handler.RequestToBeSentAction;
+import burp.api.montoya.http.handler.ResponseReceivedAction;
+import burp.api.montoya.http.message.requests.HttpRequest;
+import burp.api.montoya.http.message.responses.HttpResponse;
+import burp.hae.montoya.MontoyaApiImpl;
+import burp.hae.montoya.http.HttpImpl;
+import burp.hae.montoya.http.HttpRequestToBeSentImpl;
+import burp.hae.montoya.http.HttpResponseReceivedImpl;
+import burp.hae.montoya.http.HttpServiceImpl;
 import burp.vaycore.common.helper.UIHelper;
 import burp.vaycore.common.log.Logger;
+import burp.vaycore.common.utils.ClassUtils;
 import burp.vaycore.common.utils.FileUtils;
 import burp.vaycore.common.utils.StringUtils;
 import burp.vaycore.onescan.OneScan;
@@ -22,6 +38,7 @@ public class HaE {
     private static BurpExtender sExtender;
     private static IBurpExtenderCallbacks sCallbacks;
     private static BurpCallbacksAdapter sAdapter;
+    private static MontoyaApi sMontoyaApi;
     private static IHttpListener sHttpListener;
     private static Component sMainUI;
 
@@ -78,8 +95,6 @@ public static void loadPlugin(String pluginPath, LoadPluginCallback callback) {
         try {
             URL u = new File(pluginPath).toURI().toURL();
             ClassLoader loader = new URLClassLoader(new URL[]{u});
-            Class<?> c = loader.loadClass("burp.BurpExtender");
-            IBurpExtender extender = (IBurpExtender) c.newInstance();
             sAdapter = new BurpCallbacksAdapter(sCallbacks);
             sAdapter.setExtensionFilename(pluginPath);
             // 监听 UI 组件设置（等 UI 设置之后，再对各项参数进行检测和初始化）
@@ -100,7 +115,26 @@ public static void loadPlugin(String pluginPath, LoadPluginCallback callback) {
                 Logger.info("HaE load success! info: %s", name);
                 callback.onLoadSuccess();
             });
-            extender.registerExtenderCallbacks(sAdapter);
+            Class<?> c;
+            try {
+                c = loader.loadClass("burp.BurpExtender");
+                IBurpExtender extender = (IBurpExtender) ClassUtils.newObjectByClass(c);
+                if (extender != null) {
+                    extender.registerExtenderCallbacks(sAdapter);
+                } else {
+                    throw new IllegalStateException("BurpExtender load failed.");
+                }
+            } catch (ClassNotFoundException e) {
+                // 尝试加载 HaE 3.0 版本入口
+                c = loader.loadClass("hae.HaE");
+                BurpExtension extension = (BurpExtension) ClassUtils.newObjectByClass(c);
+                if (extension != null) {
+                    sMontoyaApi = new MontoyaApiImpl(sAdapter);
+                    extension.initialize(sMontoyaApi);
+                } else {
+                    throw new IllegalStateException("BurpExtension load failed.");
+                }
+            }
         } catch (Exception e) {
             callback.onLoadError("HaE load exception: " + e);
         }
@@ -125,6 +159,7 @@ public static boolean unloadPlugin() {
             UIHelper.refreshUI(oneScan);
             sHttpListener = null;
             sMainUI = null;
+            sMontoyaApi = null;
             sAdapter = null;
             System.gc();
             Logger.info("HaE unload success!");
@@ -148,17 +183,56 @@ public static boolean hasInstall() {
     }
 
     public static void processHttpMessage(IHttpRequestResponse messageInfo) {
-        if (sHttpListener != null) {
-            byte[] response = messageInfo.getResponse();
-            boolean messageIsRequest = response == null || response.length == 0;
-            try {
-                // 调用进行处理
+        byte[] respRaw = messageInfo.getResponse();
+        boolean messageIsRequest = respRaw == null || respRaw.length == 0;
+        try {
+            // 调用事件处理
+            if (sHttpListener != null) {
                 sHttpListener.processHttpMessage(IBurpExtenderCallbacks.TOOL_PROXY, messageIsRequest, messageInfo);
-            } catch (Exception e) {
-                // 打印HaE处理时抛出的错误（为了不影响任务面板显示的请求结果）
-                Logger.error("HaE plugin error: " + e);
+            } else if (sMontoyaApi != null) {
+                montoyaProcessHttpMessage(messageIsRequest, messageInfo);
             }
+        } catch (Exception e) {
+            // 打印HaE处理时抛出的错误（为了不影响任务面板显示的请求结果）
+            Logger.error("HaE plugin error: " + e);
+        }
+    }
+
+    /**
+     * 使 processHttpMessage 方法兼容 MontoyaAPI
+     *
+     * @param messageIsRequest 是否只是请求
+     * @param messageInfo      请求响应信息实例
+     */
+    private static void montoyaProcessHttpMessage(boolean messageIsRequest, IHttpRequestResponse messageInfo) {
+        byte[] respRaw = messageInfo.getResponse();
+        HttpImpl http = (HttpImpl) sMontoyaApi.http();
+        // 构建 Annotations 类
+        String comment = messageInfo.getComment();
+        String colorName = messageInfo.getHighlight();
+        Annotations annotations = Annotations.annotations(comment, HighlightColor.highlightColor(colorName));
+        // 构建 HttpRequest 类
+        HttpServiceImpl service = new HttpServiceImpl(messageInfo.getHttpService());
+        HttpRequest request = HttpRequest.httpRequest(service, ByteArray.byteArray(messageInfo.getRequest()));
+        HttpRequestToBeSentImpl sent = new HttpRequestToBeSentImpl(request, annotations, ToolType.PROXY);
+        // 调用 Request 事件处理
+        RequestToBeSentAction sentAction = http.httpHandler().handleHttpRequestToBeSent(sent);
+        // 构建 HttpResponse 类
+        annotations = sentAction.annotations();
+        if (messageIsRequest) {
+            respRaw = new byte[0];
         }
+        HttpResponse response = HttpResponse.httpResponse(ByteArray.byteArray(respRaw));
+        HttpResponseReceivedImpl received = new HttpResponseReceivedImpl(request, response,
+                annotations, ToolType.PROXY);
+        // 调用 Response 事件处理
+        ResponseReceivedAction receivedAction = http.httpHandler().handleHttpResponseReceived(received);
+        annotations = receivedAction.annotations();
+        // HaE 高亮
+        comment = annotations.notes();
+        colorName = annotations.highlightColor().displayName().toLowerCase();
+        messageInfo.setComment(comment);
+        messageInfo.setHighlight(colorName);
     }
 
     /**

src/main/java/burp/hae/MessageEditorController.java

@@ -0,0 +1,49 @@
+package burp.hae;
+
+import burp.IHttpService;
+import burp.IMessageEditorController;
+
+/**
+ * 请求响应编辑器组件的控制器
+ * <p>
+ * Created by vaycore on 2024-05-07.
+ */
+public class MessageEditorController implements IMessageEditorController {
+
+    private IHttpService service;
+    private byte[] request;
+    private byte[] response;
+
+    @Override
+    public IHttpService getHttpService() {
+        return this.service;
+    }
+
+    @Override
+    public byte[] getRequest() {
+        if (this.request == null || this.request.length == 0) {
+            return new byte[0];
+        }
+        return this.request;
+    }
+
+    @Override
+    public byte[] getResponse() {
+        if (this.response == null || this.response.length == 0) {
+            return new byte[0];
+        }
+        return this.response;
+    }
+
+    public void setHttpService(IHttpService service) {
+        this.service = service;
+    }
+
+    public void setRequest(byte[] request) {
+        this.request = request;
+    }
+
+    public void setResponse(byte[] response) {
+        this.response = response;
+    }
+}