修改成burp 扫描插件

Author: sw0rd1ight

.gradle/7.1/executionHistory/executionHistory.bin

@@ -3,7 +3,7 @@ plugins {
 }
 
 group 'org.example'
-version '1.1-SNAPSHOT'
+version '1.2-SNAPSHOT'
 
 repositories {
     mavenCentral()

.gradle/7.1/executionHistory/executionHistory.lock

@@ -1,280 +1,85 @@
 package burp;
 
-import javax.swing.*;
-import javax.swing.table.AbstractTableModel;
-import javax.swing.table.TableModel;
-import java.awt.*;
 import java.io.PrintWriter;
-import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
 
-public class BurpExtender extends AbstractTableModel implements IBurpExtender, ITab, IHttpListener, IMessageEditorController
-{
+public class BurpExtender implements IBurpExtender,IScannerCheck{
+
     private IBurpExtenderCallbacks callbacks;
     private IExtensionHelpers helpers;
-    private JSplitPane splitPane;
-    private IMessageEditor requestViewer;
-    private IMessageEditor responseViewer;
-    private final List<LogEntry> log = new ArrayList<LogEntry>();
-    private IHttpRequestResponse currentlyDisplayedItem;
     private PrintWriter stdout;
     private PrintWriter stderr;
-
-
-    //
-    // implement IBurpExtender
-    //
-    
     @Override
-    public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
-    {
-        // keep a reference to our callbacks object
+    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
         this.callbacks = callbacks;
+        this.helpers = callbacks.getHelpers();
+        callbacks.setExtensionName("Json Xss Finder");
+        callbacks.registerScannerCheck(this);
 
         stdout = new PrintWriter(callbacks.getStdout(), true);
         stderr = new PrintWriter(callbacks.getStderr(), true);
-        // obtain an extension helpers object
-        helpers = callbacks.getHelpers();
-        stdout.println(System.getProperty("user.dir"));
-        stdout.println("Load Plugin Success");
-
-//        this.callbacks.restoreState(new File("xss.file"));
-
-        // set our extension name
-        callbacks.setExtensionName("Json Xss Finder");
-
-        
-        // create our UI
-        SwingUtilities.invokeLater(new Runnable() 
-        {
-            @Override
-            public void run()
-            {
-                // main split pane
-                splitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
-                        
-                // table of log entries
-                Table logTable = new Table(BurpExtender.this);
-                JScrollPane scrollPane = new JScrollPane(logTable);// add scroll
-                splitPane.setLeftComponent(scrollPane);
-
-                // tabs with request/response viewers
-                JTabbedPane tabs = new JTabbedPane();
-                requestViewer = callbacks.createMessageEditor(BurpExtender.this, false);
-                responseViewer = callbacks.createMessageEditor(BurpExtender.this, false);
-                tabs.addTab("Request", requestViewer.getComponent());
-                tabs.addTab("Response", responseViewer.getComponent());
-                splitPane.setRightComponent(tabs);
-
-                // customize our UI components
-                callbacks.customizeUiComponent(splitPane);
-                callbacks.customizeUiComponent(logTable);
-                callbacks.customizeUiComponent(scrollPane);
-                callbacks.customizeUiComponent(tabs);
-                
-                // add the custom tab to Burp's UI
-                callbacks.addSuiteTab(BurpExtender.this);
-                
-                // register ourselves as an HTTP listener
-                callbacks.registerHttpListener(BurpExtender.this);
-            }
-        });
-    }
-
-
-
 
+        stdout.println(System.getProperty("user.dir"));
+        stdout.println("Load Json Xss Finder Plugin Success");
 
 
-    //
-    // implement ITab
-    //
 
-    @Override
-    public String getTabCaption()
-    {
-        return "Json Xss Finder";
     }
 
-    @Override
-    public Component getUiComponent()
+    //todo getmatches and highlight
+    private List<int[]> getMatches(byte[] response, byte[] match)
     {
-        return splitPane;
-    }
+        List<int[]> matches = new ArrayList<int[]>();
 
-    //
-    // implement IHttpListener
-    //
-    
-    @Override
-    public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo)
-    {
-        // only process responses
-        if (!messageIsRequest)
+        int start = 0;
+        while (start < response.length)
         {
-            // create a new log entry with the message details
-            synchronized(log)
-            {
-                IResponseInfo responseInfo = helpers.analyzeResponse(messageInfo.getResponse());
-                IRequestInfo requestInfo = helpers.analyzeRequest(messageInfo.getRequest());
-
-                String statedMimeType = responseInfo.getStatedMimeType();
-//                String inferredMimeType = responseInfo.getInferredMimeType(); burp has bug
-
-                int bodyOffset = responseInfo.getBodyOffset();
-                String resp =  new String(messageInfo.getResponse(), StandardCharsets.UTF_8);
-                String rBody = resp.substring(bodyOffset);
-
-
-
-                if(statedMimeType.equals("HTML")&&Utils.IsJSON(rBody)){
-                    int row = log.size();
-                    log.add(new LogEntry(requestInfo.getMethod(), callbacks.saveBuffersToTempFiles(messageInfo),
-                            helpers.analyzeRequest(messageInfo).getUrl()));
-                    fireTableRowsInserted(row, row);
-
-
-
-                }
-
-            }
+            start = helpers.indexOf(response, match, true, start, response.length);
+            if (start == -1)
+                break;
+            matches.add(new int[] { start, start + match.length });
+            start += match.length;
         }
-    }
 
-    //
-    // extend AbstractTableModel
-    //
-    
-    @Override
-    public int getRowCount()
-    {
-        return log.size();
+        return matches;
     }
 
     @Override
-    public int getColumnCount()
-    {
-        return 3;
-    }
+    public List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse) {
 
-    @Override
-    public String getColumnName(int columnIndex)
-    {
-        switch (columnIndex)
-        {
-            case 0:
-                return "ID";
-            case 1:
-                return "METHOD";
-            case 2:
-                return "URL";
-            default:
-                return "";
-        }
-    }
+        IResponseInfo iResponseInfo = helpers.analyzeResponse(baseRequestResponse.getResponse());
+        IRequestInfo iRequestInfo = helpers.analyzeRequest(baseRequestResponse.getRequest());
 
-    @Override
-    public Class<?> getColumnClass(int columnIndex)
-    {
-        return String.class;
-    }
+        String stateMimeType = iResponseInfo.getStatedMimeType();
+        int rBodyOffset = iResponseInfo.getBodyOffset();
+        String resp = new String(baseRequestResponse.getResponse(), StandardCharsets.UTF_8);
+        String rBody = resp.substring(rBodyOffset);
 
-    @Override
-    public Object getValueAt(int rowIndex, int columnIndex)
-    {
-        LogEntry logEntry = log.get(rowIndex);
+        if(stateMimeType.equals("HTML")&&Utils.IsJSON(rBody)){
+            List<IScanIssue> issues = new ArrayList<>(1);
+            issues.add(new CustomScanIssue(baseRequestResponse.getHttpService(),helpers.analyzeRequest(baseRequestResponse).getUrl(),
+                    new IHttpRequestResponse[]{callbacks.applyMarkers(baseRequestResponse, null, null)},
+                    "Json Xss","Content-type: text/html","High"));
+
+            return issues;
 
-        switch (columnIndex)
-        {
-            case 0:
-                return rowIndex;
-            case 1:
-                return logEntry.method;
-            case 2:
-                return logEntry.url.toString();
-            default:
-                return "";
         }
-    }
 
-    //
-    // implement IMessageEditorController
-    // this allows our request/response viewers to obtain details about the messages being displayed
-    //
-    
-    @Override
-    public byte[] getRequest()
-    {
-        return currentlyDisplayedItem.getRequest();
-    }
 
-    @Override
-    public byte[] getResponse()
-    {
-        return currentlyDisplayedItem.getResponse();
-    }
 
-    @Override
-    public IHttpService getHttpService()
-    {
-        return currentlyDisplayedItem.getHttpService();
+        return null;
     }
 
-    //
-    // extend JTable to handle cell selection
-    //
-
-
-
-    
-    private class Table extends JTable
-    {
-        public Table(TableModel tableModel)
-        {
-            super(tableModel);
-        }
-        
-        @Override
-        public void changeSelection(int row, int col, boolean toggle, boolean extend)
-        {
-            // show the log entry for the selected row
-            LogEntry logEntry = log.get(row);
-            requestViewer.setMessage(logEntry.requestResponse.getRequest(), true);
-            responseViewer.setMessage(logEntry.requestResponse.getResponse(), false);
-            currentlyDisplayedItem = logEntry.requestResponse;
-            
-            super.changeSelection(row, col, toggle, extend);
-        }
-
-
+    @Override
+    public List<IScanIssue> doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) {
+        return null;
     }
-    
-    //
-    // class to hold details of each log entry
-    //
-    
-    private static class LogEntry
-    {
-        final IHttpRequestResponsePersisted requestResponse;
-        final URL url;
-        final String method;
 
-        LogEntry(String method, IHttpRequestResponsePersisted requestResponse, URL url)
-        {
-            this.method = method;
-            this.requestResponse = requestResponse;
-            this.url = url;
-        }
-
-        @Override
-        public String toString() {
-            return "LogEntry{" +
-                    "requestResponse=" + requestResponse +
-                    ", url=" + url +
-                    ", method='" + method + '\'' +
-                    '}';
-        }
+    //todo
+    @Override
+    public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) {
+        return 0;
     }
 }