c0ny1
diff --git a/‎LICENSE‎
Lines changed: 21 additions & 21 deletions b/‎LICENSE‎
Lines changed: 21 additions & 21 deletions
diff --git a/‎README.md‎
Lines changed: 14 additions & 2 deletions b/‎README.md‎
Lines changed: 14 additions & 2 deletions
diff --git a/‎doc/config.png‎
13.4 KB b/‎doc/config.png‎
13.4 KB
diff --git a/‎doc/menu.png‎
8.24 KB b/‎doc/menu.png‎
8.24 KB
diff --git a/‎src/burp/BurpExtender.java‎
Lines changed: 96 additions & 0 deletions b/‎src/burp/BurpExtender.java‎
Lines changed: 96 additions & 0 deletions
diff --git a/‎src/burp/Config.java‎
Lines changed: 15 additions & 0 deletions b/‎src/burp/Config.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎src/burp/ConfigDlg.java‎
Lines changed: 137 additions & 0 deletions b/‎src/burp/ConfigDlg.java‎
Lines changed: 137 additions & 0 deletions
diff --git a/‎src/burp/IBurpExtender.java‎
Lines changed: 29 additions & 0 deletions b/‎src/burp/IBurpExtender.java‎
Lines changed: 29 additions & 0 deletions
@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2019 残亦
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2019 残亦
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -1,2 +1,14 @@
-# chunked-coding-converter
-Burp suite 分块传输辅助插件
+# chunked-coding-converter|Burp suite 分块传输辅助插件
+
+本插件主要用于分块传输绕WAF，不了解分块传输绕WAF的请阅读文末的文章。
+
+## 插件使用
+
+![菜单](doc/menu.png)
+
+![配置](doc/config.png)
+
+## 相关文章
+* [利用分块传输吊打所有WAF](https://www.anquanke.com/post/id/169738)
+* [在HTTP协议层面绕过WAF](https://www.freebuf.com/news/193659.html)
+* [编写Burp分块传输插件绕WAF](https://mp.weixin.qq.com/s?__biz=Mzg3NjA4MTQ1NQ==&mid=2247483787&idx=1&sn=54c33727696f8ee6d67f997acc11ab89&chksm=cf36f9cbf84170dd7da9b48b3365fb05d7ccec6bdeff480d0c38962f712e400a40b2b38dc467&token=360242838&lang=zh_CN#rd)
@@ -0,0 +1,96 @@
+package burp;
+
+
+import java.io.PrintWriter;
+import java.net.URL;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+
+public class BurpExtender implements IBurpExtender,IHttpListener,IProxyListener {
+    private IBurpExtenderCallbacks callbacks;
+    private IExtensionHelpers helpers;
+    private String extensionName = "chunked-converter";
+    private String version ="0.1";
+    private PrintWriter stdout;
+    private PrintWriter stderr;
+    private ScheduledExecutorService executor = Executors.newSingleThreadScheduledExecutor();
+    private ExecutorService executorService = Executors.newSingleThreadExecutor();
+    @Override
+    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
+        this.callbacks = callbacks;
+        this.helpers = callbacks.getHelpers();
+        callbacks.setExtensionName(String.format("%s %s",extensionName,version));
+        callbacks.registerContextMenuFactory(new Menu(callbacks));
+        callbacks.registerHttpListener(this);
+        callbacks.registerProxyListener(this);
+        stdout = new PrintWriter(callbacks.getStdout(),true);
+        stderr = new PrintWriter(callbacks.getStderr(),true);
+        stdout.println(getBanner());
+    }
+
+    @Override
+    public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
+        //代理不走这，否则两次修改会导致数据包存在问题
+        if(messageIsRequest && isValidTool(toolFlag) && (toolFlag != IBurpExtenderCallbacks.TOOL_PROXY)){
+            IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo.getRequest());
+            //stdout.println(messageInfo.getRequest().toString());
+            //stdout.println(reqInfo.getContentType());
+            //stdout.println(reqInfo.getMethod());
+
+            if(reqInfo.getMethod().equals("POST") && reqInfo.getContentType() == IRequestInfo.CONTENT_TYPE_URL_ENCODED){
+                try {
+                    byte[] request = Transfer.encoding(helpers, messageInfo, Config.splite_len,Config.isComment);
+                    if (request != null) {
+                        messageInfo.setRequest(request);
+                    }
+                } catch (Exception e) {
+                    stderr.println(e.getMessage());
+                }
+            }
+        }
+    }
+
+    @Override
+    public void processProxyMessage(final boolean messageIsRequest, final IInterceptedProxyMessage proxyMessage) {
+        if(messageIsRequest && isValidTool(IBurpExtenderCallbacks.TOOL_PROXY)){
+            IHttpRequestResponse messageInfo = proxyMessage.getMessageInfo();
+            IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo.getRequest());
+
+            if(reqInfo.getMethod().equals("POST") && reqInfo.getContentType() == IRequestInfo.CONTENT_TYPE_URL_ENCODED){
+                try {
+                    byte[] request = Transfer.encoding(helpers, messageInfo, Config.splite_len,Config.isComment);
+                    if (request != null) {
+                        messageInfo.setRequest(request);
+                    }
+                } catch (Exception e) {
+                    stderr.println(e.getMessage());
+                }
+            }
+        }
+    }
+
+    private boolean isValidTool(int toolFlag){
+        return (Config.act_on_all_tools ||
+                (Config.act_on_proxy && toolFlag== IBurpExtenderCallbacks.TOOL_PROXY) ||
+                (Config.act_on_intruder && toolFlag== IBurpExtenderCallbacks.TOOL_INTRUDER) ||
+                (Config.act_on_repeater && toolFlag== IBurpExtenderCallbacks.TOOL_REPEATER) ||
+                (Config.act_on_scanner && toolFlag== IBurpExtenderCallbacks.TOOL_SCANNER) ||
+                (Config.act_on_sequencer && toolFlag== IBurpExtenderCallbacks.TOOL_SEQUENCER) ||
+                (Config.act_on_spider && toolFlag== IBurpExtenderCallbacks.TOOL_SPIDER) ||
+                (Config.act_on_extender && toolFlag== IBurpExtenderCallbacks.TOOL_EXTENDER) ||
+                (Config.act_on_target && toolFlag== IBurpExtenderCallbacks.TOOL_TARGET));
+    }
+
+    public String getBanner(){
+        String bannerInfo =
+                "[+]\n"
+                        + "[+] ###############################################\n"
+                        + "[+]    " + extensionName + " v" + version +"\n"
+                        + "[+]    anthor: c0ny1\n"
+                        + "[+]    email:  [email protected]\n"
+                        + "[+]    github: http://github.com/c0ny1/chunked-coding-converter\n"
+                        + "[+] ##############################################";
+        return bannerInfo;
+    }
+}
@@ -0,0 +1,15 @@
+package burp;
+
+public class Config {
+    public static int splite_len = 2;
+    public static boolean isComment = true;
+    public static boolean act_on_all_tools = false;
+    public static boolean act_on_target = false;
+    public static boolean act_on_proxy = false;
+    public static boolean act_on_spider = false;
+    public static boolean act_on_intruder = false;
+    public static boolean act_on_repeater = false;
+    public static boolean act_on_scanner = false;
+    public static boolean act_on_extender = false;
+    public static boolean act_on_sequencer = false;
+}
@@ -0,0 +1,137 @@
+package burp;
+
+import javax.swing.*;
+import java.awt.*;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+
+public class ConfigDlg extends JDialog {
+    private final JPanel mainPanel = new JPanel();
+    private final JPanel topPanel =  new JPanel();
+    private final JPanel centerPanel = new JPanel();
+    private final JPanel bottomPanel = new JPanel();;
+    private final JLabel lbSplitLen = new JLabel("Split length:");;
+    private final JSpinner spSplitLen = new JSpinner(new SpinnerNumberModel(2, 1, 100, 1));
+    private final JLabel lbRange = new JLabel("(1-100)");
+    private final JCheckBox cbComment = new JCheckBox("Is Comment");
+    private final JLabel lbActOnModel = new JLabel("Act on:");
+    private final JCheckBox chkAllTools = new JCheckBox("All Tools");
+    private final JCheckBox chkSpider = new JCheckBox("Spider");
+    private final JCheckBox chkIntruder = new JCheckBox("Intruder");
+    private final JCheckBox chkScanner = new JCheckBox("Scanner");
+    private final JCheckBox chkRepeater = new JCheckBox("Repeater");
+    private final JCheckBox chkSequencer = new JCheckBox("Sequencer");
+    private final JCheckBox chkProxy = new JCheckBox("Proxy");
+    private final JCheckBox chkExtender = new JCheckBox("Extender");
+    private final JCheckBox chkTarget = new JCheckBox("Target");
+    private final JButton btCancel = new JButton("Cancel");
+    private final JButton btSave = new JButton("Save");
+
+    public ConfigDlg(){
+        initGUI();
+        initEvent();
+        initValue();
+    }
+    private void initGUI(){
+        topPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
+        topPanel.add(lbSplitLen);
+        topPanel.add(spSplitLen);
+        topPanel.add(lbRange);
+        topPanel.add(cbComment);
+        cbComment.setSelected(true);
+
+        centerPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
+        centerPanel.add(lbActOnModel);
+        centerPanel.add(chkAllTools);
+        centerPanel.add(chkTarget);
+        centerPanel.add(chkProxy);
+        centerPanel.add(chkSpider);
+        centerPanel.add(chkIntruder);
+        centerPanel.add(chkRepeater);
+        centerPanel.add(chkScanner);
+        centerPanel.add(chkSequencer);
+        centerPanel.add(chkExtender);
+
+        bottomPanel.setLayout(new FlowLayout(FlowLayout.CENTER));
+        bottomPanel.add(btCancel);
+        bottomPanel.add(btSave);
+
+        mainPanel.setLayout(new BorderLayout());
+        mainPanel.add(topPanel,BorderLayout.NORTH);
+        mainPanel.add(centerPanel,BorderLayout.CENTER);
+        mainPanel.add(bottomPanel,BorderLayout.SOUTH);
+
+        this.setModal(true);
+        this.setSize(580,140);
+        Dimension screensize=Toolkit.getDefaultToolkit().getScreenSize();
+        this.setBounds(screensize.width/2-this.getWidth()/2,screensize.height/2-this.getHeight()/2,this.getWidth(),this.getHeight());
+        this.setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE);
+        this.add(mainPanel);
+    }
+
+    private void initEvent(){
+        chkAllTools.addActionListener(new ActionListener() {
+            @Override
+            public void actionPerformed(ActionEvent e) {
+                if(chkAllTools.isSelected()){
+                    chkTarget.setSelected(true);
+                    chkProxy.setSelected(true);
+                    chkSpider.setSelected(true);
+                    chkIntruder.setSelected(true);
+                    chkRepeater.setSelected(true);
+                    chkScanner.setSelected(true);
+                    chkExtender.setSelected(true);
+                }else{
+                    chkTarget.setSelected(false);
+                    chkProxy.setSelected(false);
+                    chkSpider.setSelected(false);
+                    chkIntruder.setSelected(false);
+                    chkRepeater.setSelected(false);
+                    chkScanner.setSelected(false);
+                    chkExtender.setSelected(false);
+                }
+
+            }
+        });
+
+        btCancel.addActionListener(new ActionListener() {
+            @Override
+            public void actionPerformed(ActionEvent e) {
+                ConfigDlg.this.dispose();
+            }
+        });
+
+        btSave.addActionListener(new ActionListener() {
+            @Override
+            public void actionPerformed(ActionEvent e) {
+                Config.splite_len = (int)spSplitLen.getValue();
+                Config.isComment = cbComment.isSelected();
+                Config.act_on_all_tools = chkAllTools.isSelected();
+                Config.act_on_target = chkTarget.isSelected();
+                Config.act_on_proxy = chkProxy.isSelected();
+                Config.act_on_spider = chkSpider.isSelected();
+                Config.act_on_intruder = chkIntruder.isSelected();
+                Config.act_on_repeater = chkRepeater.isSelected();
+                Config.act_on_scanner = chkScanner.isSelected();
+                Config.act_on_sequencer = chkSequencer.isSelected();
+                Config.act_on_extender = chkExtender.isSelected();
+                ConfigDlg.this.dispose();
+            }
+        });
+
+    }
+
+    public void initValue(){
+        spSplitLen.setValue(Config.splite_len);
+        cbComment.setSelected(Config.isComment);
+        chkAllTools.setSelected(Config.act_on_all_tools);
+        chkTarget.setSelected(Config.act_on_target);
+        chkProxy.setSelected(Config.act_on_proxy);
+        chkSpider.setSelected(Config.act_on_spider);
+        chkIntruder.setSelected(Config.act_on_intruder);
+        chkRepeater.setSelected(Config.act_on_repeater);
+        chkScanner.setSelected(Config.act_on_scanner);
+        chkSequencer.setSelected(Config.act_on_sequencer);
+        chkExtender.setSelected(Config.act_on_extender);
+    }
+}
@@ -0,0 +1,29 @@
+package burp;/*
+ * @(#)burp.IBurpExtender.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of burp Suite Free Edition
+ * and burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * All extensions must implement this interface.
+ *
+ * Implementations must be called BurpExtender, in the package burp, must be
+ * declared public, and must provide a default (public, no-argument)
+ * constructor.
+ */
+public interface IBurpExtender
+{
+    /**
+     * This method is invoked when the extension is loaded. It registers an
+     * instance of the
+     * <code>burp.IBurpExtenderCallbacks</code> interface, providing methods that may
+     * be invoked by the extension to perform various actions.
+     *
+     * @param callbacks An
+     * <code>burp.IBurpExtenderCallbacks</code> object.
+     */
+    void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
+}