diff --git a/burp/BurpExtender.java b/burp/BurpExtender.java index 4d22b72..b7f626d 100644 --- a/burp/BurpExtender.java +++ b/burp/BurpExtender.java @@ -72,16 +72,16 @@ public class BurpExtender implements IBurpExtender, IHttpListener, IMessageEdito public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) { this.callbacks = callbacks; - this.helpers = callbacks.getHelpers(); + BurpExtender.helpers = callbacks.getHelpers(); // 设置插件名字和版本 - String version = "1.5"; + String version = "1.5.1"; callbacks.setExtensionName(String.format("HaE (%s) - Highlighter and Extractor", version)); // 定义输出 stdout = new PrintWriter(callbacks.getStdout(), true); stdout.println("@Author: EvilChen"); - stdout.println("@Blog: cn.gh0st.cn"); + stdout.println("@Blog: gh0st.cn"); // UI SwingUtilities.invokeLater(new Runnable() { @@ -174,7 +174,10 @@ public void actionPerformed(ActionEvent arg0) { rules.add("red"); rules.add("response"); rules.add("any"); + rules.add("nfa"); dtm.addRow(rules); + // 新增之后刷新Table,防止存在未刷新删除导致错位 + ft.fillTable(configFilePath, table); } }); panel_1.add(btnNewRule); @@ -206,7 +209,7 @@ public void actionPerformed(ActionEvent e) { new Object[][] { }, new String[] { - "Loaded", "Name", "Regex", "Color", "Scope", "Action" + "Loaded", "Name", "Regex", "Color", "Scope", "Action", "Engine" } )); scrollPane.setViewportView(table); @@ -216,6 +219,7 @@ public void actionPerformed(ActionEvent e) { table.getColumnModel().getColumn(0).setCellEditor(new DefaultCellEditor(new JCheckBox())); table.getColumnModel().getColumn(4).setCellEditor(new DefaultCellEditor(new JComboBox(Config.scopeArray))); table.getColumnModel().getColumn(5).setCellEditor(new DefaultCellEditor(new JComboBox(Config.actionArray))); + table.getColumnModel().getColumn(6).setCellEditor(new DefaultCellEditor(new JComboBox(Config.engineArray))); JLabel lblNewLabel = new JLabel("@EvilChen Love YuChen."); lblNewLabel.setHorizontalAlignment(SwingConstants.CENTER); @@ -237,6 +241,7 @@ public void tableChanged(TableModelEvent e) { jsonObj1.put("color", (String) dtm.getValueAt(i, 3)); jsonObj1.put("scope", (String) dtm.getValueAt(i, 4)); jsonObj1.put("action", (String) dtm.getValueAt(i, 5)); + jsonObj1.put("engine", (String) dtm.getValueAt(i, 6)); // 添加数据 jsonObj.put((String) dtm.getValueAt(i, 1), jsonObj1); } @@ -290,11 +295,6 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ return; } if (messageIsRequest) { - try { - String c = new String(content, "UTF-8").intern(); - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - } jsonObj = ec.matchRegex(content, "request", "highlight", configFilePath); } else { content = messageInfo.getResponse(); @@ -304,11 +304,6 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ if (mh.matchMIME(mimeList)) { return; } - try { - String c = new String(content, "UTF-8").intern(); - } catch (UnsupportedEncodingException e) { - e.printStackTrace(); - } jsonObj = ec.matchRegex(content, "response", "highlight", configFilePath); } @@ -358,7 +353,6 @@ public boolean isEnabled(byte[] content, boolean isRequest) { return false; } - if (isRequest) { JSONObject jsonObj = ec.matchRegex(content, "request", "extract", configFilePath); if (jsonObj.length() != 0) { diff --git a/burp/Config.java b/burp/Config.java index 5610284..869e89e 100644 --- a/burp/Config.java +++ b/burp/Config.java @@ -1,11 +1,16 @@ package burp; public class Config { - public static String initConfigContent = "{\"Email\":{\"loaded\":true,\"scope\":\"response\",\"regex\":\"([\\\\w-]+(?:\\\\.[\\\\w-]+)*@(?:[\\\\w](?:[\\\\w-]*[\\\\w])?\\\\.)+[\\\\w](?:[\\\\w-]*[\\\\w])?)\",\"action\":\"any\",\"color\":\"yellow\"}}"; + public static String initConfigContent = "{\"Email\":{\"loaded\":true,\"scope\":\"response\",\"regex\":\"([\\\\w-]+(?:\\\\.[\\\\w-]+)*@(?:[\\\\w](?:[\\\\w-]*[\\\\w])?\\\\.)+[\\\\w](?:[\\\\w-]*[\\\\w])?)\",\"action\":\"any\",\"color\":\"yellow\", \"engine\":\"nfa\"}}"; + public static String[] colorArray = new String[] {"red", "orange", "yellow", "green", "cyan", "blue", "pink", "magenta", "gray"}; public static String[] scopeArray = new String[] {"any", "response", "request"}; public static String[] actionArray = new String[] {"any", "extract", "highight"}; - public static String excludeSuffix = "7z|aif|aifc|aiff|au|bmp|cmx|cod|css|doc|docx|gif|gz|ico|ief|jfif|jpe|jpeg|jpg|m3u|mid|mp2|mp3|mpa|mpe|mpeg|mpg|mpp|mpv2|otf|pbm|pdf|pgm|png|pnm|ppm|ra|ram|rar|ras|rgb|rmi|snd|svg|tar|tif|tiff|ttf|wav|woff|woff2|xbm|xpm|xwd|zip"; - public static String[] excludeMIME = new String[] {"application/msword", "application/vnd.ms-project", "application/x-gzip", "application/x-tar", "application/zip", "audio/basic", "audio/mid", "audio/mpeg", "audio/x-aiff", "audio/x-mpegurl", "audio/x-pn-realaudio", "audio/x-wav", "image/bmp", "image/cis-cod", "image/gif", "image/ief", "image/jpeg", "image/png", "image/pipeg", "image/svg+xml", "image/tiff", "image/x-cmu-raster", "image/x-cmx", "image/x-icon", "image/x-portable-anymap", "image/x-portable-bitmap", "image/x-portable-graymap", "image/x-portable-pixmap", "image/x-rgb", "image/x-xbitmap", "image/x-xpixmap", "image/x-xwindowdump", "text/css", "video/mpeg", "video/mpeg", "application/font-woff"}; + public static String[] engineArray = new String[] {"nfa", "dfa"}; + + public static String excludeSuffix = "3g2|3gp|7z|aac|abw|aif|aifc|aiff|arc|au|avi|azw|bin|bmp|bz|bz2|cmx|cod|csh|css|csv|doc|docx|eot|epub|gif|gz|ico|ics|ief|jar|jfif|jpe|jpeg|jpg|m3u|mid|midi|mjs|mp2|mp3|mpa|mpe|mpeg|mpg|mpkg|mpp|mpv2|odp|ods|odt|oga|ogv|ogx|otf|pbm|pdf|pgm|png|pnm|ppm|ppt|pptx|ra|ram|rar|ras|rgb|rmi|rtf|snd|svg|swf|tar|tif|tiff|ttf|txt|vsd|wav|weba|webm|webp|woff|woff2|xbm|xls|xlsx|xpm|xul|xwd|zip|zip"; + + public static String[] excludeMIME = new String[] {"application/epub+zip", "application/font-woff", "application/java-archive", "application/msword", "application/octet-stream", "application/ogg", "application/pdf", "application/rtf", "application/vnd.amazon.ebook", "application/vnd.apple.installer+xml", "application/vnd.mozilla.xul+xml", "application/vnd.ms-excel", "application/vnd.ms-fontobject", "application/vnd.ms-powerpoint", "application/vnd.ms-project", "application/vnd.oasis.opendocument.presentation", "application/vnd.oasis.opendocument.spreadsheet", "application/vnd.oasis.opendocument.text", "application/vnd.openxmlformats-officedocument.presentationml.presentation", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", "application/vnd.openxmlformats-officedocument.wordprocessingml.document", "application/vnd.visio", "application/x-7z-compressed", "application/x-abiword", "application/x-bzip", "application/x-bzip2", "application/x-csh", "application/x-freearc", "application/x-gzip", "application/x-rar-compressed", "application/x-shockwave-flash", "application/x-tar", "application/zip", "audio/3gpp", "audio/3gpp2", "audio/aac", "audio/basic", "audio/mid", "audio/midi audio/x-midi", "audio/mpeg", "audio/ogg", "audio/wav", "audio/webm", "audio/x-aiff", "audio/x-mpegurl", "audio/x-pn-realaudio", "audio/x-wav", "font/otf", "font/ttf", "font/woff", "font/woff2", "image/bmp", "image/cis-cod", "image/gif", "image/ief", "image/jpeg", "image/pipeg", "image/png", "image/svg+xml", "image/tiff", "image/vnd.microsoft.icon", "image/webp", "image/x-cmu-raster", "image/x-cmx", "image/x-icon", "image/x-portable-anymap", "image/x-portable-bitmap", "image/x-portable-graymap", "image/x-portable-pixmap", "image/x-rgb", "image/x-xbitmap", "image/x-xpixmap", "image/x-xwindowdump", "text/calendar", "text/css", "text/csv", "video/3gpp", "video/3gpp2", "video/mpeg", "video/ogg", "video/webm", "video/x-msvideo"}; + public static String outputTplString = "[%s]\n%s\n\n"; } diff --git a/burp/action/ExtractContent.java b/burp/action/ExtractContent.java index 7efe8d7..b8f1347 100644 --- a/burp/action/ExtractContent.java +++ b/burp/action/ExtractContent.java @@ -1,7 +1,6 @@ package burp.action; import java.util.ArrayList; -import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; @@ -9,6 +8,10 @@ import org.json.JSONObject; import burp.file.ReadFile; +import dk.brics.automaton.Automaton; +import dk.brics.automaton.AutomatonMatcher; +import dk.brics.automaton.RegExp; +import dk.brics.automaton.RunAutomaton; import jregex.Matcher; import jregex.Pattern; @@ -32,17 +35,31 @@ public JSONObject matchRegex(byte[] content, String scopeString, String actionSt String scope = jsonObj1.getString("scope"); String action = jsonObj1.getString("action"); String color = jsonObj1.getString("color"); + String engine = jsonObj1.getString("engine"); + List result = new ArrayList(); if(isLoaded && (scope.equals(scopeString) || scope.equals("any")) && (action.equals(actionString) || action.equals("any"))) { - Pattern pattern = new Pattern(regex); - Matcher matcher = pattern.matcher(contentString); - while (matcher.find()) { - // 添加匹配数据至list - // 强制用户使用()包裹正则 - result.add(matcher.group(1)); + if (engine.equals("nfa")) { + Pattern pattern = new Pattern(regex); + Matcher matcher = pattern.matcher(contentString); + while (matcher.find()) { + // 添加匹配数据至list + // 强制用户使用()包裹正则 + result.add(matcher.group(1)); + } + } else { + RegExp regexpr = new RegExp(regex); + Automaton auto = regexpr.toAutomaton(); + RunAutomaton runAuto = new RunAutomaton(auto, true); + AutomatonMatcher autoMatcher = runAuto.newMatcher(contentString); + while (autoMatcher.find()) { + // 添加匹配数据至list + // 强制用户使用()包裹正则 + result.add(autoMatcher.group()); + } } - + // 去除重复内容 HashSet tmpList = new HashSet(result); result.clear(); diff --git a/burp/ui/FillTable.java b/burp/ui/FillTable.java index 6891639..8eec998 100644 --- a/burp/ui/FillTable.java +++ b/burp/ui/FillTable.java @@ -30,6 +30,7 @@ public void fillTable(String configFilePath, JTable table) { String color = jsonObj1.getString("color"); String scope = jsonObj1.getString("scope"); String action = jsonObj1.getString("action"); + String engine = jsonObj1.getString("engine"); // 填充数据 Vector rules = new Vector(); rules.add(loaded); @@ -38,6 +39,7 @@ public void fillTable(String configFilePath, JTable table) { rules.add(color); rules.add(scope); rules.add(action); + rules.add(engine); dtm.addRow(rules); } }