Skip to content

V0.4 #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
R4ph4e1-0x01 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

V0.4 #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fafa5e8
Fix bugs, thanks for chen1sheng(pr#22 pr#21). Add a manual menu, than…
May 11, 2022
2fb60d9
Fix bugs, thanks for chen1sheng(pr#22 pr#21). Add a manual menu, than…
May 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .idea/jarRepositories.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .idea/misc.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

51 changes: 24 additions & 27 deletions .idea/workspace.xml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Binary file added README.assets/image-20220511142914622.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,12 @@ mvn package

![动图演示](./doc/show.gif)

[Conanjun](https://github.com/Conanjun/passive-scan-client-and-sendto/commits?author=Conanjun)师傅的项目[Passive Scan Client and Sendto](https://github.com/Conanjun/passive-scan-client-and-sendto),增加了右键手动转发的菜单,拓展了插件的灵活性,已将该功能添加到本项目中。

![image-20220511142914622](README.assets/image-20220511142914622.png)

## 0x04 一些被动式漏洞扫描器

* [GourdScanV2](https://github.com/ysrc/GourdScanV2) 由ysrc出品的基于sqlmapapi的被动式漏洞扫描器
* [xray](https://github.com/chaitin/xray) 由长亭科技出品的一款被动式漏洞扫描器
* [w13scan](https://github.com/boy-hack/w13scan) Passive Security Scanner (被动安全扫描器)
Expand Down
4 changes: 2 additions & 2 deletions passive-scan-client.iml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
<component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_7">
<component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
<output url="file://$MODULE_DIR$/target/classes" />
<output-test url="file://$MODULE_DIR$/target/test-classes" />
<content url="file://$MODULE_DIR$">
Expand All @@ -9,7 +9,7 @@
<sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
<excludeFolder url="file://$MODULE_DIR$/target" />
</content>
<orderEntry type="jdk" jdkName="1.7.0_21" jdkType="JavaSDK" />
<orderEntry type="jdk" jdkName="1.8 (2)" jdkType="JavaSDK" />
<orderEntry type="sourceFolder" forTests="false" />
<orderEntry type="library" name="Maven: net.portswigger.burp.extender:burp-extender-api:1.7.22" level="project" />
</component>
Expand Down
55 changes: 52 additions & 3 deletions src/main/java/burp/BurpExtender.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package burp;

import java.awt.Component;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.PrintWriter;
import java.util.*;
import java.util.concurrent.ExecutorService;
Expand All @@ -9,9 +11,10 @@
import javax.swing.table.TableColumn;
import javax.swing.table.TableColumnModel;

public class BurpExtender implements IBurpExtender,ITab,IProxyListener {

public class BurpExtender implements IBurpExtender,ITab,IProxyListener, IContextMenuFactory {
public final static String extensionName = "Passive Scan Client";
public final static String version ="0.3.0";
public final static String version ="0.4.0";
public static IBurpExtenderCallbacks callbacks;
public static IExtensionHelpers helpers;
public static PrintWriter stdout;
Expand All @@ -28,6 +31,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
this.helpers = callbacks.getHelpers();
this.stdout = new PrintWriter(callbacks.getStdout(),true);
this.stderr = new PrintWriter(callbacks.getStderr(),true);
callbacks.registerContextMenuFactory(this);//必须注册右键菜单Factory

callbacks.setExtensionName(extensionName + " " + version);
BurpExtender.this.gui = new GUI();
Expand Down Expand Up @@ -58,6 +62,50 @@ public void run() {
});
}

//callbacks.registerContextMenuFactory(this);//必须注册右键菜单Factory
// 实现右键 感谢原作者Conanjun
@Override
public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
final IHttpRequestResponse[] messages = invocation.getSelectedMessages();
JMenuItem i1 = new JMenuItem("Send to PassiveScanner");
i1.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
for (final IHttpRequestResponse message : messages) {
executorService.submit(new Runnable() {
@Override
public void run() {
synchronized (log) {
int row = log.size();
String method = helpers.analyzeRequest(message).getMethod();
byte[] req = message.getRequest();

String req_str = new String(req);
//向代理转发请求
Map<String, String> mapResult = null;
try {
mapResult = HttpAndHttpsProxy.Proxy(message);
} catch (InterruptedException interruptedException) {
interruptedException.printStackTrace();
}


log.add(new LogEntry(row + 1,
callbacks.saveBuffersToTempFiles(message), helpers.analyzeRequest(message).getUrl(),
method,
mapResult)
);
GUI.logTable.getHttpLogTableModel().fireTableRowsInserted(row, row);
}
}
});
}
}
});

return Arrays.asList(i1);
}



//
Expand Down Expand Up @@ -109,7 +157,8 @@ public void run() {
e.printStackTrace();
}

log.add(new LogEntry(iInterceptedProxyMessage.getMessageReference(),
//log.add(new LogEntry(iInterceptedProxyMessage.getMessageReference(),
log.add(new LogEntry(row + 1,
callbacks.saveBuffersToTempFiles(resrsp), helpers.analyzeRequest(resrsp).getUrl(),
method,
mapResult)
Expand Down
63 changes: 35 additions & 28 deletions src/main/java/burp/HttpAndHttpsProxy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ public static Map<String,String> Proxy(IHttpRequestResponse requestResponse) thr
}
}

//感谢chen1sheng的pr,已经修改了我漏修复的https转发bug,并解决了header截断的bug。
public static Map<String,String> HttpsProxy(String url, List<String> headers,byte[] body, String proxy, int port,String username,String password){
Map<String,String> mapResult = new HashMap<String,String>();
String status = "";
Expand Down Expand Up @@ -85,31 +86,51 @@ public static Map<String,String> HttpsProxy(String url, List<String> headers,byt
httpsConn.setSSLSocketFactory(sc.getSocketFactory());
httpsConn.setHostnameVerifier(new TrustAnyHostnameVerifier());
// 设置通用的请求属性
//设置控制请求方法的Flag
String methodFlag = "";
// 设置通用的请求属性
for(String header:headers){
if(header.startsWith("GET") ||
header.startsWith("POST") ||
header.startsWith("PUT")){
if(header.startsWith("GET")){
methodFlag = "GET";
}
else if(header.startsWith("POST")||
header.startsWith("PUT")){
methodFlag = "POST";
}//在循环中重复设置了methodFlag,代码非常的丑陋冗余,请见谅
continue;
}
}//判断结束后以键值对的方式获取header
String[] h = header.split(":");
String header_key = h[0].trim();
String header_value = h[1].trim();
httpsConn.setRequestProperty(header_key, header_value);
//BurpExtender.stdout.println(header_key + ":" + header_value);
}
// 发送POST请求必须设置如下两行
httpsConn.setDoOutput(true);
httpsConn.setDoInput(true);

if (methodFlag.equals("GET")){
// 发送GET请求必须设置如下两行
httpsConn.setDoOutput(false);
httpsConn.setDoInput(true);

// 获取URLConnection对象对应的输出流
out = new PrintWriter(httpsConn.getOutputStream());
// 获取URLConnection对象的连接
httpsConn.connect();
}
else if(methodFlag.equals("POST")){
// 发送POST请求必须设置如下两行
httpsConn.setDoOutput(true);
httpsConn.setDoInput(true);

if(body != null) {
// 发送请求参数
out.print(new String(body));
// 获取URLConnection对象对应的输出流
out = new PrintWriter(httpsConn.getOutputStream());
if(body != null) {
// 发送请求参数
out.print(new String(body));
}
// flush输出流的缓冲
out.flush();
}
// flush输出流的缓冲
out.flush();
// 定义BufferedReader输入流来读取URL的响应
in = new BufferedReader(
new InputStreamReader(httpsConn.getInputStream()));
Expand All @@ -120,7 +141,7 @@ public static Map<String,String> HttpsProxy(String url, List<String> headers,byt
}
// 断开连接
httpsConn.disconnect();
//BurpExtender.stdout.println("====result===="+result);
BurpExtender.stdout.println("====result===="+result);
// 获取响应头
Map<String, List<String>> mapHeaders = httpsConn.getHeaderFields();
for (Map.Entry<String, List<String>> entry : mapHeaders.entrySet()) {
Expand Down Expand Up @@ -210,21 +231,6 @@ public static Map<String,String> HttpProxy(String url,List<String> headers,byte[
httpsConn.setRequestProperty(headerKey, headerValue);
}


// 设置通用的请求属性
for(String header:headers){
if(header.startsWith("GET") ||
header.startsWith("POST") ||
header.startsWith("PUT")){
continue;
}
String[] h = header.split(":");
String header_key = h[0].trim();
String header_value = h[1].trim();
//BurpExtender.stdout.println("key: " + h[0].trim());
//BurpExtender.stdout.println("value: " + h[1].trim());
httpsConn.setRequestProperty(header_key, header_value);
}
//设置控制请求方法的Flag
String methodFlag = "";
// 设置通用的请求属性
Expand All @@ -245,6 +251,7 @@ else if(header.startsWith("POST")||
String header_key = h[0].trim();
String header_value = h[1].trim();
httpsConn.setRequestProperty(header_key, header_value);
//BurpExtender.stdout.println(header_key + ":" + header_value);
}

if (methodFlag.equals("GET")){
Expand Down Expand Up @@ -356,4 +363,4 @@ public boolean verify(String hostname, SSLSession session) {
return true;
}
}
}
}