use of burp.Getter in project knife by bit4woo.
the class ChineseTab method preHandle.
/**
* 如果有Unicode编码的内容,就进行escape操作,否则内容和原始内容一致。
* @param content
* @param isRequest
* @return
*/
public static byte[] preHandle(byte[] content, boolean isRequest, String originalCharSet) {
byte[] displayContent = content;
try {
String contentStr = new String(content, originalCharSet);
if (needtoconvert(contentStr)) {
// 先尝试进行JSON格式的美化,如果其中有Unicode编码也会自动完成转换
if (isJSON(content, isRequest)) {
try {
Getter getter = new Getter(helpers);
byte[] body = getter.getBody(isRequest, content);
List<String> headers = getter.getHeaderList(isRequest, content);
byte[] newBody = beauty(new String(body, originalCharSet)).getBytes(originalCharSet);
displayContent = helpers.buildHttpMessage(headers, newBody);
// 如果JSON美化成功,主动返回。
return displayContent;
} catch (Exception e) {
}
}
int i = 0;
do {
contentStr = StringEscapeUtils.unescapeJava(contentStr);
i++;
} while (needtoconvert(contentStr) && i < 3);
displayContent = contentStr.getBytes(originalCharSet);
}
} catch (UnsupportedEncodingException e1) {
}
return displayContent;
}
use of burp.Getter in project knife by bit4woo.
the class InsertXSSAction method actionPerformed.
@Override
public void actionPerformed(ActionEvent event) {
IHttpRequestResponse[] selectedItems = invocation.getSelectedMessages();
IHttpRequestResponse messageInfo = selectedItems[0];
// 为了不影响原始request,通过final进行一次转换
byte[] newRequest = messageInfo.getRequest();
Getter getter = new Getter(helpers);
List<IParameter> paras = getter.getParas(messageInfo);
String xsspayload = burp.tableModel.getConfigValueByKey("XSS-Payload");
String charset = HttpMessageCharSet.getCharset(newRequest);
if (xsspayload == null)
return;
boolean jsonHandled = false;
for (IParameter para : paras) {
String value = para.getValue();
byte type = para.getType();
if (type == IParameter.PARAM_COOKIE || isInt(value)) {
continue;
} else if (type == IParameter.PARAM_JSON) {
// json参数的更新方法,这里只是针对body是json
if (!jsonHandled) {
// stdout.println(para.getValue());
List<String> headers = helpers.analyzeRequest(newRequest).getHeaders();
try {
String body = new String(getter.getBody(true, newRequest), charset);
if (isJSON(body)) {
body = updateJSONValue(body, xsspayload).toString();
newRequest = helpers.buildHttpMessage(headers, body.getBytes(charset));
jsonHandled = true;
}
} catch (Exception e) {
e.printStackTrace(stderr);
}
}
} else {
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlDecode(value);
}
if (isJSON(value)) {
// 当参数的值是json格式
try {
value = updateJSONValue(value, xsspayload).toString();
} catch (Exception e) {
e.printStackTrace(stderr);
}
} else {
value = value + xsspayload;
}
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlEncode(value);
}
IParameter newPara = helpers.buildParameter(para.getName(), value, para.getType());
newRequest = helpers.updateParameter(newRequest, newPara);
}
}
messageInfo.setRequest(newRequest);
}
use of burp.Getter in project knife by bit4woo.
the class JSONBeautifier method setMessage.
@Override
public void setMessage(byte[] content, boolean isRequest) {
try {
if (content == null) {
// clear our display
txtInput.setText("none".getBytes());
txtInput.setEditable(false);
} else {
// Get only the JSON part of the content
Getter getter = new Getter(helpers);
byte[] body = getter.getBody(isRequest, content);
List<String> headers = getter.getHeaderList(isRequest, content);
byte[] newContet = helpers.buildHttpMessage(headers, beauty(new String(body)).getBytes());
// newContet = CharSet.covertCharSetToByte(newContet);
txtInput.setText(newContet);
}
} catch (Exception e) {
workfine = false;
txtInput.setText(e.getStackTrace().toString().getBytes());
}
}
use of burp.Getter in project knife by bit4woo.
the class RunSQLMap_Action method RequestToFile.
/*
* 请求包存入文件
*/
public String RequestToFile(IHttpRequestResponse message) {
try {
Getter getter = new Getter(helpers);
String host = getter.getHost(message);
SimpleDateFormat simpleDateFormat = new SimpleDateFormat("MMdd-HHmmss");
String timeString = simpleDateFormat.format(new Date());
String filename = host + "." + timeString + ".req";
String basedir = (String) System.getProperties().get("java.io.tmpdir");
String configBasedir = burp.tableModel.getConfigValueByKey("SQLMap-Request-File-Path");
if (configBasedir != null && new File(configBasedir).exists()) {
basedir = configBasedir;
}
File requestFile = new File(basedir, filename);
FileUtils.writeByteArrayToFile(requestFile, message.getRequest());
return requestFile.getAbsolutePath();
} catch (IOException e) {
e.printStackTrace(stderr);
return null;
}
}
use of burp.Getter in project knife by bit4woo.
the class ForAllInserpointListener method actionPerformed.
@Override
public void actionPerformed(ActionEvent event) {
IHttpRequestResponse[] selectedItems = invocation.getSelectedMessages();
IHttpRequestResponse messageInfo = selectedItems[0];
// 为了不影响原始request,通过final进行一次转换
byte[] newRequest = messageInfo.getRequest();
Getter getter = new Getter(helpers);
List<IParameter> paras = getter.getParas(messageInfo);
String charset = HttpMessageCharSet.getCharset(newRequest);
String xsspayload;
try {
xsspayload = new String(getPayload(event.getActionCommand()), charset);
} catch (UnsupportedEncodingException e1) {
xsspayload = new String(getPayload(event.getActionCommand()));
}
if (xsspayload == null)
return;
boolean jsonHandled = false;
for (IParameter para : paras) {
String value = para.getValue();
byte type = para.getType();
if (type == IParameter.PARAM_COOKIE || isInt(value)) {
continue;
} else if (type == IParameter.PARAM_JSON) {
// json参数的更新方法,这里只是针对body是json
if (!jsonHandled) {
// stdout.println(para.getValue());
List<String> headers = helpers.analyzeRequest(newRequest).getHeaders();
try {
String body = new String(getter.getBody(true, newRequest), charset);
if (isJSON(body)) {
body = updateJSONValue(body, xsspayload).toString();
newRequest = helpers.buildHttpMessage(headers, body.getBytes(charset));
jsonHandled = true;
}
} catch (Exception e) {
e.printStackTrace(stderr);
}
}
} else {
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlDecode(value);
}
if (isJSON(value)) {
// 当参数的值是json格式
try {
value = updateJSONValue(value, xsspayload).toString();
} catch (Exception e) {
e.printStackTrace(stderr);
}
} else {
value = value + xsspayload;
}
if (type == IParameter.PARAM_URL) {
// url中的参数需要编码
value = helpers.urlEncode(value);
}
IParameter newPara = helpers.buildParameter(para.getName(), value, para.getType());
newRequest = helpers.updateParameter(newRequest, newPara);
}
}
messageInfo.setRequest(newRequest);
}
Aggregations