Merge pull request #13 from bit4woo/dev

to release v1.5

Author: bit4woo

README-zh.md

@@ -86,6 +86,10 @@
     SQLMap-Options --- sqlmap命令的额外参数
    ![runsqlmap](img/runsqlmap.gif)
 
+9. Insert XSS
+
+   一键对当前数据包中非数字型和非cookie的参数插入XSS payload
+
 ##### Tab
 
 1. U2C

README.md

@@ -45,6 +45,10 @@ A extension that add some small function[ one key to update cookie, one key add
 
    One key to run sqlmap with current selected request.
 
+9. Insert XSS
+
+   One key to insert XSS payload to parameters that not in cookie and not number.
+
 ##### Tab
 
 1. U2C

pom.xml

@@ -6,7 +6,15 @@
 	</properties>
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.bit4woo.burp</groupId>
-	<version>1.4</version>
+	<version>1.5</version>
+
+	<repositories>
+		<repository>
+			<id>jitpack.io</id>
+			<url>https://jitpack.io</url>
+		</repository>
+	</repositories>
+
 	<build>
 		<sourceDirectory>src</sourceDirectory>
 		<plugins>
@@ -60,6 +68,12 @@
 			<version>1.7.22</version>
 		</dependency>
 
+		<dependency>
+			<groupId>com.github.bit4woo</groupId>
+			<artifactId>burp-api-common</artifactId>
+			<version>v0.0.6</version>
+		</dependency>
+
 		<!-- https://mvnrepository.com/artifact/commons-codec/commons-codec <dependency> 
 			<groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.11</version> 
 			</dependency> -->
@@ -69,7 +83,7 @@
 		<dependency>
 			<groupId>com.alibaba</groupId>
 			<artifactId>fastjson</artifactId>
-			<version>1.2.51</version>
+			<version>1.2.58</version>
 		</dependency>
 
 		<!-- Files -->
@@ -107,6 +121,13 @@
 			<version>2.3.1</version>
 		</dependency>
 
+		<!-- https://mvnrepository.com/artifact/org.json/json -->
+		<dependency>
+			<groupId>org.json</groupId>
+			<artifactId>json</artifactId>
+			<version>20180813</version>
+		</dependency>
+
 
 	</dependencies>
 

src/U2C/JSONBeautifier.java

@@ -67,7 +67,7 @@ public void setMessage(byte[] content, boolean isRequest)
              //Take the input, determine request/response, parse as json, then print prettily.
              Gson gson = new GsonBuilder().setPrettyPrinting().disableHtmlEscaping().serializeNulls().create();
              //Get only the JSON part of the content
-             byte[] body = new Getter().getBody(isRequest, content);
+             byte[] body = new Getter(helpers).getBody(isRequest, content);
              try {
                  JsonParser jp = new JsonParser();
                  JsonElement je = jp.parse(new String(body));

src/U2C/U2CTab.java

@@ -6,6 +6,7 @@
 
 import org.apache.commons.text.StringEscapeUtils;
 
+import burp.BurpExtender;
 import burp.IBurpExtenderCallbacks;
 import burp.IExtensionHelpers;
 import burp.IMessageEditorController;
@@ -38,6 +39,13 @@ public Component getUiComponent()
     @Override
     public boolean isEnabled(byte[] content, boolean isRequest)
     {
+    	try {
+			if (BurpExtender.jsonBeautifier.isEnabled(content, isRequest)) {
+				return false;
+			}
+		} catch (Exception e) {
+			
+		}
 
     	if(content!=null && !isRequest && needtoconvert(new String(content))) {
     		originContent = content;

src/burp/BurpExtender.java

@@ -4,12 +4,18 @@
 import java.io.PrintWriter;
 import java.io.UnsupportedEncodingException;
 import java.net.URL;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import javax.swing.JMenu;
 import javax.swing.JMenuItem;
+
 import com.alibaba.fastjson.JSON;
 
 import U2C.JSONBeautifier;
@@ -29,7 +35,19 @@
 import hackbar.WebShell_Menu;
 import hackbar.XSS_Menu;
 import hackbar.XXE_Menu;
-import knife.*;
+import knife.AddHostToScopeMenu;
+import knife.ChunkedEncodingMenu;
+import knife.CookieUtils;
+import knife.DismissMenu;
+import knife.HeaderEntry;
+import knife.InsertXSSMenu;
+import knife.OpenWithBrowserMenu;
+import knife.RunSQLMap;
+import knife.SetCookieMenu;
+import knife.SetCookieWithHistoryMenu;
+import knife.UpdateCookieMenu;
+import knife.UpdateCookieWithHistoryMenu;
+import knife.UpdateHeaderMenu;
 
 public class BurpExtender extends GUI implements IBurpExtender, IContextMenuFactory, ITab, IHttpListener,IProxyListener,IExtensionStateListener {
 
@@ -44,6 +62,7 @@ public class BurpExtender extends GUI implements IBurpExtender, IContextMenuFact
 	public PrintWriter stderr;
 	public IContextMenuInvocation context;
 	public int proxyServerIndex=-1;
+	public static JSONBeautifier jsonBeautifier;
 
 
 	@Override
@@ -67,11 +86,14 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
 		}
 		table.setupTypeColumn();//call this function must after table data loaded !!!!
 
+		
+		jsonBeautifier = new JSONBeautifier(null, false, helpers, callbacks);
+		
 		//各项数据初始化完成后在进行这些注册操作，避免插件加载时的空指针异常
 		callbacks.setExtensionName(this.ExtensionName);
 		callbacks.registerContextMenuFactory(this);// for menus
 		callbacks.registerMessageEditorTabFactory(new U2CTab(null, false, helpers, callbacks));// for U2C
-		callbacks.registerMessageEditorTabFactory(new JSONBeautifier(null, false, helpers, callbacks));
+		callbacks.registerMessageEditorTabFactory(jsonBeautifier);
 		callbacks.addSuiteTab(BurpExtender.this);
 		callbacks.registerHttpListener(this);
 		callbacks.registerProxyListener(this);
@@ -100,6 +122,10 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
 
 		if (context == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST) {
 
+			if (this.tableModel.getConfigByKey("XSS-Payload")!=null){
+				menu_list.add(new InsertXSSMenu(this));
+			}
+			
 			menu_list.add(new UpdateCookieMenu(this));
 			if (this.config.getUsedCookie()!=null){
 				menu_list.add(new UpdateCookieWithHistoryMenu(this));
@@ -200,7 +226,9 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
 		if (cookieToSetMap != null && !cookieToSetMap.isEmpty()){//第二次调用如果cookie不为空，就走到这里
 
 			IHttpRequestResponse messageInfo = message.getMessageInfo();
-			String CurrentUrl = messageInfo.getHttpService().toString();
+			//String CurrentUrl = messageInfo.getHttpService().toString();//这个方法获取到的url包含默认端口！
+			Getter getter = new Getter(helpers);
+			String CurrentUrl = getter.getShortUrl(messageInfo);
 			//stderr.println(CurrentUrl+" "+targetUrl);
 			HeaderEntry cookieToSet = cookieToSetMap.get(CurrentUrl);
 			if (cookieToSet != null){
@@ -212,7 +240,6 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
 					byte[] newRequest = CookieUtils.updateCookie(messageInfo,cookieValue);
 					messageInfo.setRequest(newRequest);
 				}else {
-					Getter getter = new Getter(helpers);
 					List<String> responseHeaders = getter.getHeaderList(false,messageInfo);
 					byte[] responseBody = getter.getBody(false,messageInfo);
 					List<String> setHeaders = GetSetCookieHeaders(cookieValue);
@@ -240,10 +267,7 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
 
 			URL url = getter.getURL(messageInfo);
 			String host = getter.getHost(messageInfo);
-			String path = url.getPath();
-			String firstLineOfHeader = getter.getHeaderFirstLine(messageIsRequest,messageInfo);
-			LinkedHashMap headers = getter.getHeaderHashMap(messageIsRequest,messageInfo);
-			IHttpService service = messageInfo.getHttpService();
+			LinkedHashMap<String, String> headers = getter.getHeaderMap(messageIsRequest,messageInfo);
 			byte[] body = getter.getBody(messageIsRequest,messageInfo);
 
 			boolean isRequestChanged = false;
@@ -332,8 +356,9 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
 							int port = Integer.parseInt(proxyList.get(proxyServerIndex).split(":")[1].trim());
 
 							messageInfo.setHttpService(helpers.buildHttpService(proxyhost, port, messageInfo.getHttpService().getProtocol()));
-
-							firstLineOfHeader = firstLineOfHeader.replaceFirst(path, url.toString().split("\\?",0)[0]);
+							
+							String method = helpers.analyzeRequest(messageInfo).getMethod();
+							headers.put(method, url.toString());
 							isRequestChanged = true;
 							//success or failed,need to check?
 						}
@@ -344,7 +369,7 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
 			}
 			if (isRequestChanged){
 				//set final request
-				List<String> headerList = getter.HeaderMapToList(firstLineOfHeader,headers);
+				List<String> headerList = getter.headerMapToHeaderList(headers);
 				messageInfo.setRequest(helpers.buildHttpMessage(headerList,body));
 			}
 
@@ -396,5 +421,4 @@ public boolean isDismissedHost(String host){
 		return false;
 	}
 
-
 }