diff --git a/.idea/jarRepositories.xml b/.idea/jarRepositories.xml
index 40a2eee..e926a90 100644
--- a/.idea/jarRepositories.xml
+++ b/.idea/jarRepositories.xml
@@ -8,13 +8,13 @@
-
-
+
+
-
-
+
+
diff --git a/.idea/misc.xml b/.idea/misc.xml
index aab66a4..9e41378 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -17,7 +17,7 @@
-
+
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index f4c9e48..96eba5b 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -9,14 +9,7 @@
-
-
-
-
-
-
-
-
+
@@ -35,9 +28,7 @@
@@ -367,7 +358,7 @@
-
+
@@ -396,24 +387,13 @@
-
-
-
-
-
-
-
-
+
@@ -442,6 +422,7 @@
+
@@ -455,13 +436,29 @@
-
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
diff --git a/README.assets/image-20220511142914622.png b/README.assets/image-20220511142914622.png
new file mode 100644
index 0000000..d672c26
Binary files /dev/null and b/README.assets/image-20220511142914622.png differ
diff --git a/README.md b/README.md
index 73044da..4707b63 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,12 @@ mvn package
+[Conanjun](https://github.com/Conanjun/passive-scan-client-and-sendto/commits?author=Conanjun)师傅的项目[Passive Scan Client and Sendto](https://github.com/Conanjun/passive-scan-client-and-sendto),增加了右键手动转发的菜单,拓展了插件的灵活性,已将该功能添加到本项目中。
+
+
+
## 0x04 一些被动式漏洞扫描器
+
* [GourdScanV2](https://github.com/ysrc/GourdScanV2) 由ysrc出品的基于sqlmapapi的被动式漏洞扫描器
* [xray](https://github.com/chaitin/xray) 由长亭科技出品的一款被动式漏洞扫描器
* [w13scan](https://github.com/boy-hack/w13scan) Passive Security Scanner (被动安全扫描器)
diff --git a/passive-scan-client.iml b/passive-scan-client.iml
index b20cb23..8a6528f 100644
--- a/passive-scan-client.iml
+++ b/passive-scan-client.iml
@@ -1,6 +1,6 @@
-
+
@@ -9,7 +9,7 @@
-
+
diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java
index d6dfb23..b950e3a 100644
--- a/src/main/java/burp/BurpExtender.java
+++ b/src/main/java/burp/BurpExtender.java
@@ -1,6 +1,8 @@
package burp;
import java.awt.Component;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
import java.io.PrintWriter;
import java.util.*;
import java.util.concurrent.ExecutorService;
@@ -9,9 +11,10 @@
import javax.swing.table.TableColumn;
import javax.swing.table.TableColumnModel;
-public class BurpExtender implements IBurpExtender,ITab,IProxyListener {
+
+public class BurpExtender implements IBurpExtender,ITab,IProxyListener, IContextMenuFactory {
public final static String extensionName = "Passive Scan Client";
- public final static String version ="0.3.0";
+ public final static String version ="0.4.0";
public static IBurpExtenderCallbacks callbacks;
public static IExtensionHelpers helpers;
public static PrintWriter stdout;
@@ -28,6 +31,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
this.helpers = callbacks.getHelpers();
this.stdout = new PrintWriter(callbacks.getStdout(),true);
this.stderr = new PrintWriter(callbacks.getStderr(),true);
+ callbacks.registerContextMenuFactory(this);//必须注册右键菜单Factory
callbacks.setExtensionName(extensionName + " " + version);
BurpExtender.this.gui = new GUI();
@@ -58,6 +62,50 @@ public void run() {
});
}
+ //callbacks.registerContextMenuFactory(this);//必须注册右键菜单Factory
+ // 实现右键 感谢原作者Conanjun
+ @Override
+ public List createMenuItems(IContextMenuInvocation invocation) {
+ final IHttpRequestResponse[] messages = invocation.getSelectedMessages();
+ JMenuItem i1 = new JMenuItem("Send to PassiveScanner");
+ i1.addActionListener(new ActionListener() {
+ @Override
+ public void actionPerformed(ActionEvent e) {
+ for (final IHttpRequestResponse message : messages) {
+ executorService.submit(new Runnable() {
+ @Override
+ public void run() {
+ synchronized (log) {
+ int row = log.size();
+ String method = helpers.analyzeRequest(message).getMethod();
+ byte[] req = message.getRequest();
+
+ String req_str = new String(req);
+ //向代理转发请求
+ Map mapResult = null;
+ try {
+ mapResult = HttpAndHttpsProxy.Proxy(message);
+ } catch (InterruptedException interruptedException) {
+ interruptedException.printStackTrace();
+ }
+
+
+ log.add(new LogEntry(row + 1,
+ callbacks.saveBuffersToTempFiles(message), helpers.analyzeRequest(message).getUrl(),
+ method,
+ mapResult)
+ );
+ GUI.logTable.getHttpLogTableModel().fireTableRowsInserted(row, row);
+ }
+ }
+ });
+ }
+ }
+ });
+
+ return Arrays.asList(i1);
+ }
+
//
@@ -109,7 +157,8 @@ public void run() {
e.printStackTrace();
}
- log.add(new LogEntry(iInterceptedProxyMessage.getMessageReference(),
+ //log.add(new LogEntry(iInterceptedProxyMessage.getMessageReference(),
+ log.add(new LogEntry(row + 1,
callbacks.saveBuffersToTempFiles(resrsp), helpers.analyzeRequest(resrsp).getUrl(),
method,
mapResult)
diff --git a/src/main/java/burp/HttpAndHttpsProxy.java b/src/main/java/burp/HttpAndHttpsProxy.java
index e1864b3..2724e20 100644
--- a/src/main/java/burp/HttpAndHttpsProxy.java
+++ b/src/main/java/burp/HttpAndHttpsProxy.java
@@ -51,6 +51,7 @@ public static Map Proxy(IHttpRequestResponse requestResponse) thr
}
}
+ //感谢chen1sheng的pr,已经修改了我漏修复的https转发bug,并解决了header截断的bug。
public static Map HttpsProxy(String url, List headers,byte[] body, String proxy, int port,String username,String password){
Map mapResult = new HashMap();
String status = "";
@@ -85,31 +86,51 @@ public static Map HttpsProxy(String url, List headers,byt
httpsConn.setSSLSocketFactory(sc.getSocketFactory());
httpsConn.setHostnameVerifier(new TrustAnyHostnameVerifier());
// 设置通用的请求属性
+ //设置控制请求方法的Flag
+ String methodFlag = "";
+ // 设置通用的请求属性
for(String header:headers){
if(header.startsWith("GET") ||
header.startsWith("POST") ||
header.startsWith("PUT")){
+ if(header.startsWith("GET")){
+ methodFlag = "GET";
+ }
+ else if(header.startsWith("POST")||
+ header.startsWith("PUT")){
+ methodFlag = "POST";
+ }//在循环中重复设置了methodFlag,代码非常的丑陋冗余,请见谅
continue;
- }
+ }//判断结束后以键值对的方式获取header
String[] h = header.split(":");
String header_key = h[0].trim();
String header_value = h[1].trim();
httpsConn.setRequestProperty(header_key, header_value);
+ //BurpExtender.stdout.println(header_key + ":" + header_value);
}
- // 发送POST请求必须设置如下两行
- httpsConn.setDoOutput(true);
- httpsConn.setDoInput(true);
+ if (methodFlag.equals("GET")){
+ // 发送GET请求必须设置如下两行
+ httpsConn.setDoOutput(false);
+ httpsConn.setDoInput(true);
- // 获取URLConnection对象对应的输出流
- out = new PrintWriter(httpsConn.getOutputStream());
+ // 获取URLConnection对象的连接
+ httpsConn.connect();
+ }
+ else if(methodFlag.equals("POST")){
+ // 发送POST请求必须设置如下两行
+ httpsConn.setDoOutput(true);
+ httpsConn.setDoInput(true);
- if(body != null) {
- // 发送请求参数
- out.print(new String(body));
+ // 获取URLConnection对象对应的输出流
+ out = new PrintWriter(httpsConn.getOutputStream());
+ if(body != null) {
+ // 发送请求参数
+ out.print(new String(body));
+ }
+ // flush输出流的缓冲
+ out.flush();
}
- // flush输出流的缓冲
- out.flush();
// 定义BufferedReader输入流来读取URL的响应
in = new BufferedReader(
new InputStreamReader(httpsConn.getInputStream()));
@@ -120,7 +141,7 @@ public static Map HttpsProxy(String url, List headers,byt
}
// 断开连接
httpsConn.disconnect();
- //BurpExtender.stdout.println("====result===="+result);
+ BurpExtender.stdout.println("====result===="+result);
// 获取响应头
Map> mapHeaders = httpsConn.getHeaderFields();
for (Map.Entry> entry : mapHeaders.entrySet()) {
@@ -210,21 +231,6 @@ public static Map HttpProxy(String url,List headers,byte[
httpsConn.setRequestProperty(headerKey, headerValue);
}
-
- // 设置通用的请求属性
- for(String header:headers){
- if(header.startsWith("GET") ||
- header.startsWith("POST") ||
- header.startsWith("PUT")){
- continue;
- }
- String[] h = header.split(":");
- String header_key = h[0].trim();
- String header_value = h[1].trim();
- //BurpExtender.stdout.println("key: " + h[0].trim());
- //BurpExtender.stdout.println("value: " + h[1].trim());
- httpsConn.setRequestProperty(header_key, header_value);
- }
//设置控制请求方法的Flag
String methodFlag = "";
// 设置通用的请求属性
@@ -245,6 +251,7 @@ else if(header.startsWith("POST")||
String header_key = h[0].trim();
String header_value = h[1].trim();
httpsConn.setRequestProperty(header_key, header_value);
+ //BurpExtender.stdout.println(header_key + ":" + header_value);
}
if (methodFlag.equals("GET")){
@@ -356,4 +363,4 @@ public boolean verify(String hostname, SSLSession session) {
return true;
}
}
-}
+}
\ No newline at end of file