diff --git a/src/main/java/UI/Tags.java b/src/main/java/UI/Tags.java index 2cdddad..ad9971a 100644 --- a/src/main/java/UI/Tags.java +++ b/src/main/java/UI/Tags.java @@ -95,10 +95,14 @@ public void mouseClicked(java.awt.event.MouseEvent evt) { Tags.this.Rtable = new JTabbedPane(); Tags.this.HRequestTextEditor = Tags.this.callbacks.createMessageEditor(Tags.this, false); Tags.this.HResponseTextEditor = Tags.this.callbacks.createMessageEditor(Tags.this, false); + + Tags.this.Ltable.addTab("Request", Tags.this.HRequestTextEditor.getComponent()); Tags.this.Rtable.addTab("Response", Tags.this.HResponseTextEditor.getComponent()); // 将子选项卡添加进主选项卡 + Tags.this.HjSplitPane.setResizeWeight(0.5D); + Tags.this.HjSplitPane.setDividerSize(3); Tags.this.HjSplitPane.add(Tags.this.Ltable, "left"); Tags.this.HjSplitPane.add(Tags.this.Rtable, "right"); @@ -108,7 +112,9 @@ public void mouseClicked(java.awt.event.MouseEvent evt) { // 将两个页面插入容器 tabs.addTab("VulDisplay", Tags.this.splitPane); - tabs.addTab("Config", Config_l.$$$getRootComponent$$$()); +// JTabbedPane ConfigView = new JTabbedPane(); +// ConfigView.addTab("Rules",); + tabs.addTab("Config",Config_l.$$$getRootComponent$$$()); // 将容器置于顶层 top.setTopComponent(tabs); diff --git a/src/main/java/burp/Bfunc.java b/src/main/java/burp/Bfunc.java index 6b55803..3c9a1bb 100644 --- a/src/main/java/burp/Bfunc.java +++ b/src/main/java/burp/Bfunc.java @@ -1,10 +1,12 @@ package burp; +import func.vulscan; import yaml.YamlUtil; import javax.swing.*; import java.util.*; +import java.util.regex.Pattern; public class Bfunc { @@ -120,5 +122,118 @@ public static Collection StatusCodeProc(String state){ + public static String ProcTemplateLanguag(String url, IHttpRequestResponse HttpRequestResponse, vulscan vul,Boolean escape){ + + + + if (url.contains("{{") && url.contains("}}")){ + String marking = url.substring(url.indexOf("{{"), url.lastIndexOf("}}") + 2); + String markingContent = marking.replace("{{", "").replace("}}", "").toLowerCase(); + String[] parts = markingContent.split("\\."); + IHttpService httpservice = HttpRequestResponse.getHttpService(); + switch (parts[0]){ + case "request": + IRequestInfo request = vul.burp.help.analyzeRequest(HttpRequestResponse); + switch (parts[1]){ + case "head": + Map heads = Bfunc.ProceHead(request.getHeaders()); + if (parts[2].equals("host") && parts.length >3){ + switch (parts[3]){ + case "main": + return replaceOn(url,marking,Bfunc.AnalyHost(heads.get("host"),"main"),escape); + case "name": + return replaceOn(url,marking,Bfunc.AnalyHost(heads.get("host"),"name"),escape); + } + } + return replaceOn(url,marking,heads.get(parts[2]),escape); + case "method": + return replaceOn(url,marking,request.getMethod(),escape); + case "path": + return replaceOn(url,marking,request.getUrl().getPath().substring(1),escape); + case "url": + return replaceOn(url,marking,request.getUrl().toString(),escape); + case "protocol": + return replaceOn(url,marking,httpservice.getProtocol(),escape); + case "port": + return replaceOn(url,marking,String.valueOf(httpservice.getPort()),escape); + } + + case "response": + byte[] xiangying = HttpRequestResponse.getResponse(); + if (xiangying != null){ + IResponseInfo response = vul.burp.help.analyzeResponse(xiangying); + switch (parts[1]){ + case "head": + Map heads = Bfunc.ProceHead(response.getHeaders()); + return replaceOn(url,marking,heads.get(parts[2]),escape); + case "status": + return replaceOn(url,marking,String.valueOf(response.getStatusCode()),escape); + } + } + + + + } + + } + + + + return url; + } + + private static String replaceOn(String url,String one,String two,Boolean escape){ + if (two != null) { + if (escape) { + return url.replace(one, Pattern.quote(two)); + } else { + return url.replace(one, two); + } + } + return url.replace(one, ""); + } + + public static String AnalyHost(String host, String mode){ + String domain = host.split(":")[0]; + if (host.matches("^\\d+\\.\\d+\\.\\d+\\.\\d+$")) { + return host; + } + String[] parts = domain.split("\\."); + + if (parts[parts.length-1].equals("cn") && parts[parts.length-2].equals("com")){ + if (mode.equals("main")){ + domain = parts[parts.length-3] + "." + parts[parts.length-2] + "." + parts[parts.length-1]; + return domain; + }else if(mode.equals("name")){ + return parts[parts.length - 3]; + } + + }else { + if (mode.equals("main")){ + domain = parts[parts.length-2] + "." + parts[parts.length-1]; + return domain; + }else if(mode.equals("name")){ + String lastPart = parts[parts.length - 1]; + return parts[parts.length - 2]; + } + + } + return domain; + } + + + public static Map ProceHead(List heads){ + heads.remove(heads.get(0)); + Map headmap = new HashMap(); + for (String head:heads){ + String key = head.substring(0, head.indexOf(":")).toLowerCase(); + String value = head.substring(head.indexOf(":") + 2); + headmap.put(key,value); + } + return headmap; + + } + + } diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java index da2d38b..d491912 100644 --- a/src/main/java/burp/BurpExtender.java +++ b/src/main/java/burp/BurpExtender.java @@ -35,6 +35,7 @@ public class BurpExtender implements IBurpExtender, IScannerCheck, IContextMenuF public boolean Carry_head = false; public boolean on_off = false; public boolean Bypass = false; + public boolean DomainScan = false; public static String Download_Yaml_protocol = "https"; public static String Download_Yaml_host = "raw.githubusercontent.com"; public static int Download_Yaml_port = 443; @@ -60,9 +61,10 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { this.tags = new Tags(callbacks, Config_l); // this.views = Bfunc.Get_Views(); call.printOutput("@Info: Loading RouteVulScan success"); - call.printOutput("@Version: RouteVulScan 1.4"); + call.printOutput("@Version: RouteVulScan 1.5"); call.printOutput("@From: Code by F6JO"); call.printOutput("@Github: https://github.com/F6JO/RouteVulScan"); + call.printOutput(""); call.setExtensionName(EXPAND_NAME); call.registerScannerCheck(this); call.registerContextMenuFactory(this); diff --git a/src/main/java/burp/Config.java b/src/main/java/burp/Config.java index 44e53d7..225618c 100644 --- a/src/main/java/burp/Config.java +++ b/src/main/java/burp/Config.java @@ -203,19 +203,29 @@ public Config(BurpExtender burp) { carry_head_button.setBounds(150, 5, 90, 23); carry_head_Button_action(carry_head_button, Primary); + + // DomainScan按钮 + JButton DomainScan_button = new JButton("DomainScan_On"); + DomainScan_button.setBounds(300, 5, 90, 23); + DomainScan_Button_action(DomainScan_button, DomainScan_button.getBackground()); + + + // bypass按钮 JButton bypass_button = new JButton("Bypass_On"); - bypass_button.setBounds(300, 5, 90, 23); + bypass_button.setBounds(450, 5, 90, 23); bypass_Button_action(bypass_button, bypass_button.getBackground()); + + // Filter_Host 文本展示框 JLabel Filter_Host = new JLabel("Filter_Host:"); - Filter_Host.setBounds(473, -10, 100, 50); + Filter_Host.setBounds(623, -10, 100, 50); // Host 输入框 JTextField Host_txtfield = new JTextField(); //创建文本框 Host_txtfield.setText("*"); //设置文本框的内容 - Host_txtfield.setBounds(548, 5, 572, 20); + Host_txtfield.setBounds(698, 5, 572, 20); burp.Host_txtfield = Host_txtfield; @@ -224,6 +234,7 @@ public Config(BurpExtender burp) { one.add(txtfield1); one.add(Online_Update_button); one.add(load_button); + one.add(DomainScan_button); one.add(bypass_button); one.add(add_button); one.add(edit_button); @@ -301,6 +312,26 @@ public void actionPerformed(ActionEvent e) { } + private void DomainScan_Button_action(JButton Button_one, Color Primary) { + + Button_one.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + if (burp.DomainScan) { + burp.DomainScan = false; + Button_one.setText("DomainScan_On"); + Button_one.setBackground(Primary); + } else { + burp.DomainScan = true; + Button_one.setText("DomainScan_Off"); + Button_one.setBackground(Color.green); + } + + } + }); + } + + private void Online_Update_Yaml(JButton Button_one) { Button_one.addActionListener(new ActionListener() { diff --git a/src/main/java/func/threads.java b/src/main/java/func/threads.java index bae06a4..2c28827 100644 --- a/src/main/java/func/threads.java +++ b/src/main/java/func/threads.java @@ -4,7 +4,6 @@ import burp.Bfunc; import burp.IExtensionHelpers; import burp.IHttpRequestResponse; -import burp.IHttpService; import com.sun.jmx.snmp.tasks.Task; import java.net.MalformedURLException; @@ -45,17 +44,16 @@ private static void go(Map zidian, vulscan vul, IHttpRequestResp String name = (String) zidian.get("name"); boolean loaded = (boolean) zidian.get("loaded"); - String urll = (String) zidian.get("url"); - String re = (String) zidian.get("re"); + String urll = Bfunc.ProcTemplateLanguag((String) zidian.get("url"),newHttpRequestResponse,vul,false); + String re = Bfunc.ProcTemplateLanguag((String) zidian.get("re"),newHttpRequestResponse,vul,true); String info = (String) zidian.get("info"); - String state = (String) zidian.get("state"); +// String state = (String) zidian.get("state"); Collection states = Bfunc.StatusCodeProc((String) zidian.get("state")); if (loaded) { URL url = null; try { url = new URL(vul.burp.help.analyzeRequest(newHttpRequestResponse).getUrl().getProtocol(), vul.burp.help.analyzeRequest(newHttpRequestResponse).getUrl().getHost(), vul.burp.help.analyzeRequest(newHttpRequestResponse).getUrl().getPort(), String.valueOf(vul.Path_record) + urll); - } catch (MalformedURLException e) { e.printStackTrace(); } diff --git a/src/main/java/func/vulscan.java b/src/main/java/func/vulscan.java index 0be6531..2945017 100644 --- a/src/main/java/func/vulscan.java +++ b/src/main/java/func/vulscan.java @@ -65,7 +65,9 @@ public vulscan(BurpExtender burp, BurpAnalyzedRequest Root_Request) { paths = new String[]{""}; } List Bypass_List = (List) Yaml_Map.get("Bypass_List"); - LaunchPath(true,domainNames,Listx,newHttpRequestResponse,heads,Bypass_List); + if (burp.DomainScan) { + LaunchPath(true, domainNames, Listx, newHttpRequestResponse, heads, Bypass_List); + } LaunchPath(false,paths,Listx,newHttpRequestResponse,heads,Bypass_List);