Skip to content

Commit

Permalink
将所有文案的硬编码,替换成语言包的引用;修改部分配置项的字段名;修改部分存放字典的目录名;取消对 'Payload Processing'…
Browse files Browse the repository at this point in the history 
… 规则参数值的空值检测;新增确认删除对话框,防止误删除 'Payload Processing' 规则
  • Loading branch information
@vaycore
vaycore committed Dec 20, 2024
1 parent c8fb8a2 commit 139eab0
Show file tree
Hide file tree
Showing 34 changed files with 424 additions and 294 deletions.
65 changes: 31 additions & 34 deletions extender/src/main/java/burp/BurpExtender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,7 @@
import burp.vaycore.onescan.OneScan;
import burp.vaycore.onescan.bean.FpData;
import burp.vaycore.onescan.bean.TaskData;
import burp.vaycore.onescan.common.Config;
import burp.vaycore.onescan.common.Constants;
import burp.vaycore.onescan.common.HttpReqRespAdapter;
import burp.vaycore.onescan.common.OnTabEventListener;
import burp.vaycore.onescan.common.*;
import burp.vaycore.onescan.info.OneScanInfoTab;
import burp.vaycore.onescan.manager.CollectManager;
import burp.vaycore.onescan.manager.FpManager;
Expand Down Expand Up @@ -150,7 +147,7 @@ private void initEvent() {
mCallbacks.registerContextMenuFactory((invocation) -> {
ArrayList<JMenuItem> items = new ArrayList<>();
// 扫描选定目标
JMenuItem sendToOneScanItem = new JMenuItem("Send to OneScan");
JMenuItem sendToOneScanItem = new JMenuItem(L.get("send_to_plugin"));
items.add(sendToOneScanItem);
sendToOneScanItem.addActionListener((event) -> new Thread(() -> {
IHttpRequestResponse[] messages = invocation.getSelectedMessages();
Expand All @@ -161,7 +158,7 @@ private void initEvent() {
// 选择 Payload 扫描
List<String> payloadList = WordlistManager.getItemList(WordlistManager.KEY_PAYLOAD);
if (!payloadList.isEmpty() && payloadList.size() > 1) {
JMenu menu = new JMenu("Use payload scan");
JMenu menu = new JMenu(L.get("use_payload_scan"));
items.add(menu);
ActionListener listener = (event) -> new Thread(() -> {
String action = event.getActionCommand();
Expand Down Expand Up @@ -232,8 +229,8 @@ private void doScan(IHttpRequestResponse httpReqResp, String from, String payloa
return;
}
// 检测 Host 是否在白名单、黑名单列表中
if (hostWhitelistFilter(host) || hostBlacklistFilter(host)) {
Logger.debug("doScan whitelist and blacklist filter host: %s", host);
if (hostAllowlistFilter(host) || hostBlocklistFilter(host)) {
Logger.debug("doScan allowlist and blocklist filter host: %s", host);
return;
}
// 收集数据(只收集代理流量的数据)
Expand All @@ -256,16 +253,16 @@ private void doScan(IHttpRequestResponse httpReqResp, String from, String payloa
}
Logger.debug("doScan receive: %s%s", getHostByUrl(url), url.getPath());
ArrayList<String> pathDict = getUrlPathDict(url.getPath());
List<String> payloads = WordlistManager.getPayload(payloadItem);
// 一级目录一级目录递减访问
for (int i = pathDict.size() - 1; i >= 0; i--) {
String path = pathDict.get(i);
// 拼接字典,发起请求
List<String> list = WordlistManager.getPayload(payloadItem);
for (String dict : list) {
for (String item : payloads) {
if (path.endsWith("/")) {
path = path.substring(0, path.length() - 1);
}
String urlPath = path + dict;
String urlPath = path + item;
runScanTask(httpReqResp, info, urlPath, "Scan");
}
}
Expand Down Expand Up @@ -300,8 +297,8 @@ private boolean includeMethodFilter(String method) {
* @param host Host
* @return true=拦截;false=不拦截
*/
private boolean hostWhitelistFilter(String host) {
List<String> list = WordlistManager.getWhiteHost();
private boolean hostAllowlistFilter(String host) {
List<String> list = WordlistManager.getHostAllowlist();
// 白名单为空,不启用白名单
if (list.isEmpty()) {
return false;
Expand All @@ -311,25 +308,25 @@ private boolean hostWhitelistFilter(String host) {
return false;
}
}
Logger.debug("hostWhitelistFilter filter host: %s", host);
Logger.debug("hostAllowlistFilter filter host: %s", host);
return true;
}

/**
* Host过滤黑名单
* Host黑名单过滤
*
* @param host Host
* @return true=拦截;false=不拦截
*/
private boolean hostBlacklistFilter(String host) {
List<String> list = WordlistManager.getBlackHost();
private boolean hostBlocklistFilter(String host) {
List<String> list = WordlistManager.getHostBlocklist();
// 黑名单为空,不启用黑名单
if (list.isEmpty()) {
return false;
}
for (String item : list) {
if (matchHost(host, item)) {
Logger.debug("hostBlacklistFilter filter host: %s (rule: %s)", host, item);
Logger.debug("hostBlocklistFilter filter host: %s (rule: %s)", host, item);
return true;
}
}
Expand Down Expand Up @@ -626,8 +623,8 @@ private byte[] handleHeader(IHttpRequestResponse httpReqResp, IRequestInfo info,
IHttpService service = httpReqResp.getHttpService();
// 配置的请求头
List<String> configHeader = getHeader();
// 要排除的请求头KEY列表
List<String> excludeHeader = getExcludeHeader();
// 要移除的请求头KEY列表
List<String> removeHeaders = getRemoveHeaders();
// 数据包自带的请求头
List<String> headers = info.getHeaders();
// 构建请求头
Expand All @@ -644,24 +641,24 @@ private byte[] handleHeader(IHttpRequestResponse httpReqResp, IRequestInfo info,
}
request.append(reqLine).append("\r\n");
}
// 请求头的参数处理(顺带处理排除的请求头
// 请求头的参数处理(顺带处理移除的请求头
for (int i = 1; i < headers.size(); i++) {
String item = headers.get(i);
String key = item.split(": ")[0];
// 是否需要排除当前KEY(优先级最高)
if (excludeHeader.contains(key)) {
// 是否需要移除当前请求头字段(优先级最高)
if (removeHeaders.contains(key)) {
continue;
}
// 如果是扫描的请求(只有 GET 请求),将 Content-Length 排除
// 如果是扫描的请求(只有 GET 请求),将 Content-Length 移除
if (from.equals("Scan") && "Content-Length".equalsIgnoreCase(key)) {
continue;
}
// 检测配置中是否存在当前请求头KEY
// 检测配置中是否存在当前请求头字段
List<String> matchList = configHeader.stream().filter(configHeaderItem -> {
if (StringUtils.isNotEmpty(configHeaderItem) && configHeaderItem.contains(": ")) {
String configHeaderKey = configHeaderItem.split(": ")[0];
// 检测是否需要排除当前KEY
if (excludeHeader.contains(key)) {
// 检测是否需要移除当前请求头字段
if (removeHeaders.contains(key)) {
return false;
}
return configHeaderKey.equals(key);
Expand All @@ -683,8 +680,8 @@ private byte[] handleHeader(IHttpRequestResponse httpReqResp, IRequestInfo info,
// 将配置里剩下的值全部填充到请求头中
for (String item : configHeader) {
String key = item.split(": ")[0];
// 检测是否需要排除当前KEY
if (excludeHeader.contains(key)) {
// 检测是否需要移除当前KEY
if (removeHeaders.contains(key)) {
continue;
}
request.append(item).append("\r\n");
Expand Down Expand Up @@ -713,11 +710,11 @@ private List<String> getHeader() {
return WordlistManager.getHeader();
}

private List<String> getExcludeHeader() {
if (!mDataBoardTab.hasExcludeHeader()) {
private List<String> getRemoveHeaders() {
if (!mDataBoardTab.hasRemoveHeader()) {
return new ArrayList<>();
}
return WordlistManager.getExcludeHeader();
return WordlistManager.getRemoveHeaders();
}

private List<ProcessingItem> getPayloadProcess() {
Expand Down Expand Up @@ -1180,13 +1177,13 @@ public void addToBlackHost(ArrayList<String> hosts) {
if (hosts == null || hosts.isEmpty()) {
return;
}
List<String> list = WordlistManager.getList(WordlistManager.KEY_BLACK_HOST);
List<String> list = WordlistManager.getList(WordlistManager.KEY_HOST_BLOCKLIST);
for (String host : hosts) {
if (!list.contains(host)) {
list.add(host);
}
}
WordlistManager.putList(WordlistManager.KEY_BLACK_HOST, list);
WordlistManager.putList(WordlistManager.KEY_HOST_BLOCKLIST, list);
mOneScan.getConfigPanel().refreshHostTab();
}

Expand Down
20 changes: 17 additions & 3 deletions extender/src/main/java/burp/vaycore/common/filter/FilterRule.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package burp.vaycore.common.filter;

import burp.vaycore.onescan.common.L;

import java.util.ArrayList;

/**
Expand Down Expand Up @@ -82,9 +84,21 @@ public class FilterRule {
/**
* 操作符文本字符串
*/
public static final String[] OPERATE_ITEMS = {"请选择",
"等于", "不等于", "大于", "大于等于", "小于", "小于等于",
"开头是", "开头不是", "结尾是", "结尾不是", "包含", "不包含"};
public static final String[] OPERATE_ITEMS = {
L.get("table_filter_rule.please_select"),
L.get("table_filter_rule.equal_to"),
L.get("table_filter_rule.not_equal_to"),
L.get("table_filter_rule.greater_than"),
L.get("table_filter_rule.greater_than_or_equal_to"),
L.get("table_filter_rule.less_than"),
L.get("table_filter_rule.less_than_or_equal_to"),
L.get("table_filter_rule.starts_with"),
L.get("table_filter_rule.not_starts_with"),
L.get("table_filter_rule.ends_with"),
L.get("table_filter_rule.not_ends_with"),
L.get("table_filter_rule.contains"),
L.get("table_filter_rule.not_contains"),
};

/**
* 操作符
Expand Down
22 changes: 12 additions & 10 deletions extender/src/main/java/burp/vaycore/common/filter/TableFilterPanel.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import burp.vaycore.common.layout.VFlowLayout;
import burp.vaycore.common.layout.VLayout;
import burp.vaycore.common.utils.StringUtils;
import burp.vaycore.onescan.common.L;

import javax.swing.*;
import javax.swing.border.EmptyBorder;
Expand Down Expand Up @@ -51,22 +52,22 @@ private void initView() {
JPanel columnPanel = new JPanel();
add(columnPanel);
columnPanel.setLayout(new HLayout(10, true));
JLabel filterLabel = new JLabel("Select column:");
JLabel filterLabel = new JLabel(L.get("table_filter.select_column"));
columnPanel.add(filterLabel);
mColumnList = new JComboBox<>(mColumns);
mColumnList.setSelectedIndex(mLastColumnIndex);
mColumnList.addItemListener(this);
columnPanel.add(mColumnList,"20%");
columnPanel.add(mColumnList, "20%");
columnPanel.add(new JPanel(), "1w");
// 添加过滤
JButton addItemBtn = new JButton("Add filter");
addItemBtn.setToolTipText("Add filter");
JButton addItemBtn = new JButton(L.get("table_filter.add_filter"));
addItemBtn.setToolTipText(L.get("table_filter.add_filter"));
addItemBtn.setActionCommand("add-filter-item");
addItemBtn.addActionListener(this);
columnPanel.add(addItemBtn, "20%");
// 清除过滤
JButton clearBtn = new JButton("Clear");
clearBtn.setToolTipText("Clear");
JButton clearBtn = new JButton(L.get("table_filter.clear"));
clearBtn.setToolTipText(L.get("table_filter.clear"));
clearBtn.setActionCommand("clear-filter-item");
clearBtn.addActionListener(this);
columnPanel.add(clearBtn, "15%");
Expand Down Expand Up @@ -111,10 +112,10 @@ private void addRuleItem(int logic, int operate, String value) {
radioBtnPanel.setBorder(new EmptyBorder(0, 5, 0, 0));
panel.add(radioBtnPanel);
radioBtnPanel.setLayout(new HLayout(10));
JRadioButton andRadioBtn = new JRadioButton("AND");
JRadioButton andRadioBtn = new JRadioButton(L.get("table_filter.and"));
andRadioBtn.setFocusable(false);
andRadioBtn.setSelected(logic == FilterRule.LOGIC_AND);
JRadioButton orRadioBtn = new JRadioButton("OR");
JRadioButton orRadioBtn = new JRadioButton(L.get("table_filter.or"));
orRadioBtn.setFocusable(false);
orRadioBtn.setSelected(logic == FilterRule.LOGIC_OR);
UIHelper.createRadioGroup(andRadioBtn, orRadioBtn);
Expand All @@ -130,7 +131,7 @@ private void addRuleItem(int logic, int operate, String value) {
rulePanel.add(operateBox);
JTextField input = new JTextField(value);
rulePanel.add(input, "1w");
JButton delBtn = new JButton("X");
JButton delBtn = new JButton(L.get("table_filter.x"));
rulePanel.add(delBtn, "40px");
delBtn.setEnabled(logic > 0);
delBtn.addActionListener(e -> {
Expand Down Expand Up @@ -311,7 +312,8 @@ public void actionPerformed(ActionEvent e) {
* @param callback 对话框回调接口
*/
public void showDialog(DialogCallback callback) {
int state = UIHelper.showCustomDialog("Setup filter", new String[]{"OK", "Cancel", "Reset"}, this);
int state = UIHelper.showCustomDialog(L.get("table_filter_dialog.title"),
new String[]{L.get("ok"), L.get("cancel"), L.get("reset")}, this);
if (state == JOptionPane.YES_OPTION) {
ArrayList<FilterRule> filterRules = exportRules();
ArrayList<TableFilter<AbstractTableModel>> filters = exportTableFilters();
Expand Down
9 changes: 5 additions & 4 deletions extender/src/main/java/burp/vaycore/common/helper/UIHelper.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package burp.vaycore.common.helper;

import burp.vaycore.common.log.Logger;
import burp.vaycore.onescan.common.L;

import javax.swing.*;
import javax.swing.table.TableCellRenderer;
Expand Down Expand Up @@ -153,11 +154,11 @@ public static void setTableHeaderAlign(JTable table, int align) {
}

public static void showTipsDialog(String message) {
showTipsDialog("提示", message);
showTipsDialog(L.get("hint"), message);
}

public static void showTipsDialog(String message, Component parentComponent) {
showTipsDialog("提示", message, parentComponent);
showTipsDialog(L.get("hint"), message, parentComponent);
}

public static void showTipsDialog(String title, String message) {
Expand All @@ -175,7 +176,7 @@ public static void showTipsDialog(String title, String message, Component parent
* @return 用户的选择({@link JOptionPane#OK_OPTION} or {@link JOptionPane#CANCEL_OPTION})
*/
public static int showOkCancelDialog(String message) {
return showOkCancelDialog("提示", message);
return showOkCancelDialog(L.get("hint"), message);
}

/**
Expand All @@ -186,7 +187,7 @@ public static int showOkCancelDialog(String message) {
* @return 用户的选择({@link JOptionPane#OK_OPTION} or {@link JOptionPane#CANCEL_OPTION})
*/
public static int showOkCancelDialog(String message, Component parentComponent) {
return showOkCancelDialog("提示", message, parentComponent);
return showOkCancelDialog(L.get("hint"), message, parentComponent);
}

/**
Expand Down
Loading

0 comments on commit 139eab0

Please sign in to comment.