Example 1 with Getter
use of burp.Getter in project knife by bit4woo.
the class ChineseTab method preHandle.
/**
* 如果有Unicode编码的内容,就进行escape操作,否则内容和原始内容一致。
* @param content
* @param isRequest
* @return
*/
public static byte[] preHandle(byte[] content, boolean isRequest, String originalCharSet) {
byte[] displayContent = content;
try {
String contentStr = new String(content, originalCharSet);
if (needtoconvert(contentStr)) {
// 先尝试进行JSON格式的美化,如果其中有Unicode编码也会自动完成转换
if (isJSON(content, isRequest)) {
try {
Getter getter = new Getter(helpers);
byte[] body = getter.getBody(isRequest, content);
List<String> headers = getter.getHeaderList(isRequest, content);
byte[] newBody = beauty(new String(body, originalCharSet)).getBytes(originalCharSet);
displayContent = helpers.buildHttpMessage(headers, newBody);
// 如果JSON美化成功,主动返回。
return displayContent;
} catch (Exception e) {
}
}
int i = 0;
do {
contentStr = StringEscapeUtils.unescapeJava(contentStr);
i++;
} while (needtoconvert(contentStr) && i < 3);
displayContent = contentStr.getBytes(originalCharSet);
}
} catch (UnsupportedEncodingException e1) {
}
return displayContent;
}
Also used :
Getter(burp.Getter)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Example 2 with Getter
use of burp.Getter in project knife by bit4woo.
the class InsertXSSAction method actionPerformed.
@Override
public void actionPerformed(ActionEvent event) {
IHttpRequestResponse[] selectedItems = invocation.getSelectedMessages();
IHttpRequestResponse messageInfo = selectedItems[0];
// 为了不影响原始request,通过final进行一次转换
byte[] newRequest = messageInfo.getRequest();
Getter getter = new Getter(helpers);
List<IParameter> paras = getter.getParas(messageInfo);
String xsspayload = burp.tableModel.getConfigValueByKey("XSS-Payload");
String charset = HttpMessageCharSet.getCharset(newRequest);
if (xsspayload == null)
return;
boolean jsonHandled = false;
for (IParameter para : paras) {
String value = para.getValue();
byte type = para.getType();
if (type == IParameter.PARAM_COOKIE || isInt(value)) {
continue;
} else if (type == IParameter.PARAM_JSON) {
// json参数的更新方法,这里只是针对body是json
if (!jsonHandled) {
// stdout.println(para.getValue());
List<String> headers = helpers.analyzeRequest(newRequest).getHeaders();
try {
String body = new String(getter.getBody(true, newRequest), charset);
if (isJSON(body)) {
body = updateJSONValue(body, xsspayload).toString();
newRequest = helpers.buildHttpMessage(headers, body.getBytes(charset));
jsonHandled = true;
}
} catch (Exception e) {
e.printStackTrace(stderr);
}
}
} else {
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlDecode(value);
}
if (isJSON(value)) {
// 当参数的值是json格式
try {
value = updateJSONValue(value, xsspayload).toString();
} catch (Exception e) {
e.printStackTrace(stderr);
}
} else {
value = value + xsspayload;
}
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlEncode(value);
}
IParameter newPara = helpers.buildParameter(para.getName(), value, para.getType());
newRequest = helpers.updateParameter(newRequest, newPara);
}
}
messageInfo.setRequest(newRequest);
}
Also used :
IParameter(burp.IParameter)
Getter(burp.Getter)
ArrayList(java.util.ArrayList)
List(java.util.List)
JSONException(org.json.JSONException)
IHttpRequestResponse(burp.IHttpRequestResponse)
Example 3 with Getter
use of burp.Getter in project knife by bit4woo.
the class JSONBeautifier method setMessage.
@Override
public void setMessage(byte[] content, boolean isRequest) {
try {
if (content == null) {
// clear our display
txtInput.setText("none".getBytes());
txtInput.setEditable(false);
} else {
// Get only the JSON part of the content
Getter getter = new Getter(helpers);
byte[] body = getter.getBody(isRequest, content);
List<String> headers = getter.getHeaderList(isRequest, content);
byte[] newContet = helpers.buildHttpMessage(headers, beauty(new String(body)).getBytes());
// newContet = CharSet.covertCharSetToByte(newContet);
txtInput.setText(newContet);
}
} catch (Exception e) {
workfine = false;
txtInput.setText(e.getStackTrace().toString().getBytes());
}
}
Also used :
Getter(burp.Getter)
Example 4 with Getter
use of burp.Getter in project knife by bit4woo.
the class RunSQLMap_Action method RequestToFile.
/*
* 请求包存入文件
*/
public String RequestToFile(IHttpRequestResponse message) {
try {
Getter getter = new Getter(helpers);
String host = getter.getHost(message);
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MMdd-HHmmss");
String timeString = simpleDateFormat.format(new Date());
String filename = host + "." + timeString + ".req";
String basedir = (String) System.getProperties().get("java.io.tmpdir");
String configBasedir = burp.tableModel.getConfigValueByKey("SQLMap-Request-File-Path");
if (configBasedir != null && new File(configBasedir).exists()) {
basedir = configBasedir;
}
File requestFile = new File(basedir, filename);
FileUtils.writeByteArrayToFile(requestFile, message.getRequest());
return requestFile.getAbsolutePath();
} catch (IOException e) {
e.printStackTrace(stderr);
return null;
}
}
Also used :
Getter(burp.Getter)
IOException(java.io.IOException)
SimpleDateFormat(java.text.SimpleDateFormat)
File(java.io.File)
Date(java.util.Date)
Example 5 with Getter
use of burp.Getter in project knife by bit4woo.
the class ForAllInserpointListener method actionPerformed.
@Override
public void actionPerformed(ActionEvent event) {
IHttpRequestResponse[] selectedItems = invocation.getSelectedMessages();
IHttpRequestResponse messageInfo = selectedItems[0];
// 为了不影响原始request,通过final进行一次转换
byte[] newRequest = messageInfo.getRequest();
Getter getter = new Getter(helpers);
List<IParameter> paras = getter.getParas(messageInfo);
String charset = HttpMessageCharSet.getCharset(newRequest);
String xsspayload;
try {
xsspayload = new String(getPayload(event.getActionCommand()), charset);
} catch (UnsupportedEncodingException e1) {
xsspayload = new String(getPayload(event.getActionCommand()));
}
if (xsspayload == null)
return;
boolean jsonHandled = false;
for (IParameter para : paras) {
String value = para.getValue();
byte type = para.getType();
if (type == IParameter.PARAM_COOKIE || isInt(value)) {
continue;
} else if (type == IParameter.PARAM_JSON) {
// json参数的更新方法,这里只是针对body是json
if (!jsonHandled) {
// stdout.println(para.getValue());
List<String> headers = helpers.analyzeRequest(newRequest).getHeaders();
try {
String body = new String(getter.getBody(true, newRequest), charset);
if (isJSON(body)) {
body = updateJSONValue(body, xsspayload).toString();
newRequest = helpers.buildHttpMessage(headers, body.getBytes(charset));
jsonHandled = true;
}
} catch (Exception e) {
e.printStackTrace(stderr);
}
}
} else {
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlDecode(value);
}
if (isJSON(value)) {
// 当参数的值是json格式
try {
value = updateJSONValue(value, xsspayload).toString();
} catch (Exception e) {
e.printStackTrace(stderr);
}
} else {
value = value + xsspayload;
}
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlEncode(value);
}
IParameter newPara = helpers.buildParameter(para.getName(), value, para.getType());
newRequest = helpers.updateParameter(newRequest, newPara);
}
}
messageInfo.setRequest(newRequest);
}
Also used :
IParameter(burp.IParameter)
Getter(burp.Getter)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ArrayList(java.util.ArrayList)
List(java.util.List)
JSONException(org.json.JSONException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IHttpRequestResponse(burp.IHttpRequestResponse)
Aggregations
Getter (burp.Getter)29
IHttpRequestResponse (burp.IHttpRequestResponse)17
File (java.io.File)7
IOException (java.io.IOException)6
IParameter (burp.IParameter)4
SimpleDateFormat (java.text.SimpleDateFormat)4
Date (java.util.Date)4
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
URL (java.net.URL)3
ArrayList (java.util.ArrayList)3
List (java.util.List)2
JSONException (org.json.JSONException)2
LineEntry (title.LineEntry)2
IExtensionHelpers (burp.IExtensionHelpers)1
IHttpService (burp.IHttpService)1
IResponseInfo (burp.IResponseInfo)1
CharsetDetector (com.ibm.icu.text.CharsetDetector)1
CharsetMatch (com.ibm.icu.text.CharsetMatch)1
Iterator (java.util.Iterator)1
