Skip to content

Commit 7b180bd

Browse files
c0ny1c0ny1
committed
禁止对已编码请求包重复编码,禁止对未编码请求包解码
1 parent 41efc25 commit 7b180bd

File tree

4 files changed

+56
-16
lines changed

4 files changed

+56
-16
lines changed

src/main/java/burp/BurpExtender.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44

55
public class BurpExtender implements IBurpExtender,IHttpListener,IProxyListener {
66
public static IBurpExtenderCallbacks callbacks;
7-
private IExtensionHelpers helpers;
7+
public static IExtensionHelpers helpers;
88
private String extensionName = "Chunked coding converter";
99
private String version ="0.1";
1010
public static PrintWriter stdout;

src/main/java/burp/Config.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,6 @@ public static void setMin_chunked_len(Integer min_chunked_len) {
3333

3434
public static Integer getMax_chunked_len() {
3535
String val = BurpExtender.callbacks.loadExtensionSetting("max_chunked_len");
36-
BurpExtender.stdout.println("[+] max_chunked_len: " + val);
3736
try {
3837
return Integer.valueOf(val);
3938
}catch(Exception e){

src/main/java/burp/Menu.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,12 @@ public void actionPerformed(ActionEvent arg0) {
5151
return;
5252
}
5353

54+
// 不重复编码
55+
if(Transfer.isChunked(iReqResp)){
56+
JOptionPane.showConfirmDialog(null,"The request has been chunked encoded,Do not repeat the encoding!","Warning",JOptionPane.CLOSED_OPTION,JOptionPane.WARNING_MESSAGE);
57+
return;
58+
}
59+
5460
try {
5561
byte[] request = Transfer.encoding(m_helpers, iReqResp, Config.getMin_chunked_len(),Config.getMax_chunked_len(),Config.isAddComment(),Config.getMin_comment_len(),Config.getMax_comment_len());
5662
if (request != null) {
@@ -66,6 +72,13 @@ public void actionPerformed(ActionEvent arg0) {
6672

6773
public void actionPerformed(ActionEvent arg0) {
6874
IHttpRequestResponse iReqResp = invocation.getSelectedMessages()[0];
75+
76+
// 进制对未编码请求解码
77+
if(!Transfer.isChunked(iReqResp)){
78+
JOptionPane.showConfirmDialog(null,"The request is unencoded and cannot be decoded!","Warning",JOptionPane.CLOSED_OPTION,JOptionPane.WARNING_MESSAGE);
79+
return;
80+
}
81+
6982
try {
7083
byte[] request = Transfer.decoding(m_helpers,iReqResp);
7184
if (request != null) {

src/main/java/burp/Transfer.java

Lines changed: 42 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,18 @@ public static byte[] encoding(IExtensionHelpers helpers, IHttpRequestResponse r
1515
return request;
1616
}
1717

18+
List<String> headers = helpers.analyzeRequest(request).getHeaders();
19+
Iterator<String> iter = headers.iterator();
20+
while (iter.hasNext()) {
21+
//不对请求包重复编码
22+
if (((String)iter.next()).contains("Transfer-Encoding")) {
23+
return request;
24+
}
25+
}
26+
//Add Transfer-Encoding header
27+
headers.add("Transfer-Encoding: chunked");
28+
29+
//encoding
1830
List<String> str_list = Util.getStrList1(body,minChunkedLen,maxChunkedLen);
1931
String encoding_body = "";
2032
for(String str:str_list){
@@ -30,15 +42,8 @@ public static byte[] encoding(IExtensionHelpers helpers, IHttpRequestResponse r
3042
}
3143
encoding_body += "0\r\n\r\n";
3244

33-
List<String> headers = helpers.analyzeRequest(request).getHeaders();
3445

35-
Iterator<String> iter = headers.iterator();
36-
while (iter.hasNext()) {
37-
if (((String)iter.next()).contains("Transfer-Encoding")) {
38-
iter.remove();
39-
}
40-
}
41-
headers.add("Transfer-Encoding: chunked");
46+
4247
return helpers.buildHttpMessage(headers,encoding_body.getBytes());
4348
}
4449

@@ -48,7 +53,22 @@ public static byte[] decoding(IExtensionHelpers helpers, IHttpRequestResponse re
4853
int bodyOffset = requestInfo.getBodyOffset();
4954
String body = new String(request, bodyOffset, request.length - bodyOffset, "UTF-8");
5055

51-
// decoding
56+
// Delete Transfer-Encoding header
57+
List<String> headers = helpers.analyzeRequest(request).getHeaders();
58+
Iterator<String> iter = headers.iterator();
59+
Boolean isChunked = false;//是否被分块编码过
60+
while (iter.hasNext()) {
61+
if (((String)iter.next()).contains("Transfer-Encoding")) {
62+
iter.remove();
63+
isChunked = true;
64+
}
65+
}
66+
//不对未编码过的请求包解码
67+
if(!isChunked){
68+
return request;
69+
}
70+
71+
//Decoding
5272
String[] array_body = body.split("\r\n");
5373
List<String> list_string_body = Arrays.asList(array_body);
5474
List list_body = new ArrayList(list_string_body);
@@ -61,15 +81,23 @@ public static byte[] decoding(IExtensionHelpers helpers, IHttpRequestResponse re
6181
}
6282
}
6383

64-
// del Transfer-Encoding header
65-
List<String> headers = helpers.analyzeRequest(request).getHeaders();
84+
return helpers.buildHttpMessage(headers,decoding_body.getBytes());
85+
}
86+
87+
/**
88+
* 通过数据包头部是否存在Transfer-Encoding头,来判断其是否被编码
89+
* @param requestResponse
90+
* @return 是否被编码
91+
*/
92+
public static boolean isChunked(IHttpRequestResponse requestResponse){
93+
byte[] request = requestResponse.getRequest();
94+
List<String> headers = BurpExtender.helpers.analyzeRequest(request).getHeaders();
6695
Iterator<String> iter = headers.iterator();
6796
while (iter.hasNext()) {
6897
if (((String)iter.next()).contains("Transfer-Encoding")) {
69-
iter.remove();
98+
return true;
7099
}
71100
}
72-
73-
return helpers.buildHttpMessage(headers,decoding_body.getBytes());
101+
return false;
74102
}
75103
}

0 commit comments

Comments
 (0)