├── .idea
├── .gitignore
├── compiler.xml
├── encodings.xml
├── jarRepositories.xml
├── misc.xml
├── uiDesigner.xml
└── vcs.xml
├── README.md
├── pom.xml
└── src
└── main
├── java
└── AutoBurp
│ ├── bypass
│ ├── BypassBotDetection.java
│ ├── Constants.java
│ ├── DomainSettingsManager.java
│ ├── DomainSettingsPanel.java
│ ├── TLSContextMenuItemsProvider.java
│ ├── TriggerCipherGuesser.java
│ ├── Utilities.java
│ └── beens
│ │ ├── Browsers.java
│ │ ├── ClientCertificate.java
│ │ ├── DomainSettings.java
│ │ ├── HTTP.java
│ │ ├── HTTP2.java
│ │ ├── MatchAndReplace.java
│ │ ├── Negotiation.java
│ │ ├── OS.java
│ │ ├── ProjectOptions.java
│ │ ├── Proxy.java
│ │ ├── ProxySettings.java
│ │ ├── SSL.java
│ │ ├── TLSNegotiation.java
│ │ └── TLSSettings.java
│ ├── fingerprint
│ ├── FingerPrintScanner.java
│ ├── model
│ │ ├── FingerPrintRule.java
│ │ └── TableLogModel.java
│ ├── ui
│ │ ├── ControlPanel.java
│ │ ├── FingerPrintRulePanel.java
│ │ ├── FingerPrintTab.java
│ │ ├── LogTablePanel.java
│ │ ├── RequestResponsePanel.java
│ │ ├── TagsPanel.java
│ │ ├── WrapLayout.java
│ │ └── renderer
│ │ │ ├── CenterRenderer.java
│ │ │ └── HeaderIconRenderer.java
│ └── util
│ │ ├── FingerPrintUtils.java
│ │ ├── HTTPUtils.java
│ │ └── Utils.java
│ ├── fuzzer
│ ├── phone
│ │ └── PhoneFuzzer.java
│ └── upload
│ │ └── UploadFuzzer.java
│ └── generator
│ ├── PhonePayloadGeneratorFactory.java
│ └── UploadPayloadGenerator.java
└── resources
├── conf
└── finger-important.json
├── project_options.json
└── strings.properties
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # 默认忽略的文件
2 | /shelf/
3 | /workspace.xml
4 |
--------------------------------------------------------------------------------
/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/.idea/jarRepositories.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
14 |
15 |
16 |
17 |
18 |
--------------------------------------------------------------------------------
/.idea/uiDesigner.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | -
6 |
7 |
8 | -
9 |
10 |
11 | -
12 |
13 |
14 | -
15 |
16 |
17 | -
18 |
19 |
20 |
21 |
22 |
23 | -
24 |
25 |
26 |
27 |
28 |
29 | -
30 |
31 |
32 |
33 |
34 |
35 | -
36 |
37 |
38 |
39 |
40 |
41 | -
42 |
43 |
44 |
45 |
46 | -
47 |
48 |
49 |
50 |
51 | -
52 |
53 |
54 |
55 |
56 | -
57 |
58 |
59 |
60 |
61 | -
62 |
63 |
64 |
65 |
66 | -
67 |
68 |
69 |
70 |
71 | -
72 |
73 |
74 | -
75 |
76 |
77 |
78 |
79 | -
80 |
81 |
82 |
83 |
84 | -
85 |
86 |
87 |
88 |
89 | -
90 |
91 |
92 |
93 |
94 | -
95 |
96 |
97 |
98 |
99 | -
100 |
101 |
102 | -
103 |
104 |
105 | -
106 |
107 |
108 | -
109 |
110 |
111 | -
112 |
113 |
114 |
115 |
116 | -
117 |
118 |
119 | -
120 |
121 |
122 |
123 |
124 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AutoBurpFuzz
2 |
3 | # 简介
4 | 1.tls and http 浏览器指纹绕过
5 |
6 | 2.被动指纹扫描
7 |
8 | 3.文件上传 Intruder fuzz
9 |
10 | 4.手机号 Intruder fuzz
11 |
12 | # 本人环境参考
13 | > burp环境burpsuite 2025.2
14 | >
15 | > 工具环境:
16 | > java17编写
17 | > java17编译
18 |
19 | # tls指纹绕过使用方法
20 | 1.将需要绕过的域名,直接添加既可
21 |
22 | 
23 |
24 |
25 | # upload_fuzz使用方法
26 | 1.成功加载该插件,smb_fuzz和下面同理
27 |
28 | 2.将需要fuzz的包,传送到Intruder中
29 |
30 | 3.设置这种部位为payload地址
31 |
32 |
33 |
34 | 4.然后设置如下内容
35 |
36 |
37 |
38 |
39 |
40 | # 参考项目
41 | > https://github.com/T3nk0/Upload_Auto_Fuzz
42 | >
43 | > https://github.com/shuanx/BurpFingerPrint
44 | >
45 | > https://github.com/yuziiiiiiiiii/SMS_Bomb_Fuzzer
46 | >
47 | > https://github.com/PortSwigger/bypass-bot-detection
48 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.example
8 | AutoBurpFuzz
9 | 2.0-SNAPSHOT
10 |
11 |
12 | 17
13 | 17
14 | UTF-8
15 |
16 |
17 |
18 | net.portswigger.burp.extender
19 | burp-extender-api
20 | 1.7.22
21 |
22 |
23 | com.google.code.gson
24 | gson
25 | 2.10.1
26 |
27 |
28 | net.portswigger.burp.extensions
29 | montoya-api
30 | 2024.12
31 |
32 |
33 |
34 |
35 |
36 | org.apache.maven.plugins
37 | maven-assembly-plugin
38 |
39 |
40 | package
41 |
42 | single
43 |
44 |
45 |
46 |
47 |
48 | jar-with-dependencies
49 |
50 |
51 |
52 |
53 |
54 |
--------------------------------------------------------------------------------
/src/main/java/AutoBurp/bypass/BypassBotDetection.java:
--------------------------------------------------------------------------------
1 | package AutoBurp.bypass;
2 |
3 | import AutoBurp.fingerprint.FingerPrintScanner;
4 | import AutoBurp.fingerprint.model.FingerPrintRule;
5 | import AutoBurp.fingerprint.ui.FingerPrintTab;
6 | import AutoBurp.fuzzer.phone.PhoneFuzzer;
7 | import AutoBurp.fuzzer.upload.UploadFuzzer;
8 | import burp.*;
9 | import burp.api.montoya.BurpExtension;
10 | import burp.api.montoya.MontoyaApi;
11 | import AutoBurp.bypass.beens.Browsers;
12 | import AutoBurp.bypass.beens.MatchAndReplace;
13 | import com.google.gson.Gson;
14 | import com.google.gson.reflect.TypeToken;
15 |
16 | import java.io.*;
17 | import java.lang.reflect.Type;
18 | import java.nio.charset.StandardCharsets;
19 | import java.util.*;
20 | import java.util.concurrent.BlockingQueue;
21 | import java.util.concurrent.Executors;
22 | import java.util.concurrent.LinkedBlockingQueue;
23 | import java.util.concurrent.ScheduledExecutorService;
24 | import java.util.concurrent.ThreadPoolExecutor;
25 | import java.util.concurrent.TimeUnit;
26 | import java.util.concurrent.atomic.AtomicInteger;
27 |
28 | public class BypassBotDetection implements BurpExtension, IBurpExtender, IIntruderPayloadGeneratorFactory, IProxyListener, IExtensionStateListener {
29 | private MontoyaApi montoyaApi;
30 | private IExtensionHelpers helpers;
31 | private IBurpExtenderCallbacks callbacks;
32 | private PrintWriter stdout;
33 | private PrintWriter stderr;
34 | private FingerPrintTab fingerPrintTab;
35 | private FingerPrintScanner fingerPrintScanner;
36 | private List fingerprintRules;
37 | private Set scannedUrls = Collections.synchronizedSet(new HashSet<>());
38 | private final ScheduledExecutorService memoryMonitor = Executors.newSingleThreadScheduledExecutor();
39 | private final AtomicInteger requestCount = new AtomicInteger(0);
40 | private final AtomicInteger successCount = new AtomicInteger(0);
41 |
42 | @Override
43 | public void initialize(MontoyaApi montoyaApi) {
44 | this.montoyaApi = montoyaApi;
45 | montoyaApi.extension().setName("综合Bypass");
46 | try {
47 | new Utilities(montoyaApi);
48 | BlockingQueue tasks = new LinkedBlockingQueue<>();
49 | ThreadPoolExecutor taskEngine = new ThreadPoolExecutor(1, 1, 1, TimeUnit.MINUTES, tasks);
50 | Utilities.saveTLSSettings();
51 |
52 |
53 | DomainSettingsManager.initialize(montoyaApi);
54 |
55 |
56 | montoyaApi.userInterface().registerContextMenuItemsProvider(new TLSContextMenuItemsProvider(taskEngine, montoyaApi));
57 |
58 |
59 | DomainSettingsPanel settingsPanel = new DomainSettingsPanel(montoyaApi);
60 | montoyaApi.userInterface().registerSuiteTab("TLS WAF", settingsPanel);
61 |
62 | montoyaApi.extension().registerUnloadingHandler(()-> {
63 | Utilities.unloaded.set(true);
64 | try {
65 | taskEngine.getQueue().clear();
66 | taskEngine.shutdown();
67 |
68 |
69 | memoryMonitor.shutdownNow();
70 | if (fingerPrintScanner != null) {
71 | fingerPrintScanner.shutdown();
72 | }
73 | }finally {
74 | Utilities.loadTLSSettings();
75 |
76 | }
77 | });
78 |
79 | Thread thread = new Thread(() -> {
80 | try {
81 | Thread.sleep(3000);
82 | } catch (InterruptedException e) {
83 | Thread.currentThread().interrupt();
84 | }
85 |
86 | Utilities.updateTLSSettings(Constants.BROWSERS_PROTOCOLS.get(Browsers.FIREFOX.name), Constants.BROWSERS_CIPHERS.get(Browsers.FIREFOX.name));
87 | Utilities.updateProxySettings(MatchAndReplace.create(Browsers.FIREFOX));
88 | });
89 | thread.start();
90 |
91 | montoyaApi.logging().logToOutput("Auto Fuzz & FingerPrint loaded successfully - Author: e0e1 - Version: 2.0");
92 | montoyaApi.logging().logToOutput("github: https://github.com/eeeeeeeeee-code/AutoFuzzBurp");
93 |
94 | } catch (Exception e) {
95 | montoyaApi.logging().logToError(e.getMessage());
96 | }
97 | }
98 |
99 | @Override
100 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
101 | this.callbacks = callbacks;
102 | this.helpers = callbacks.getHelpers();
103 | this.stdout = new PrintWriter(callbacks.getStdout(), true);
104 | this.stderr = new PrintWriter(callbacks.getStderr(), true);
105 | callbacks.setExtensionName("Bot Detection Bypass & Auto Fuzz");
106 |
107 |
108 | callbacks.registerIntruderPayloadGeneratorFactory(this);
109 |
110 |
111 | PhoneFuzzer phoneFuzzer = new PhoneFuzzer(this.helpers, callbacks);
112 | callbacks.registerIntruderPayloadGeneratorFactory(phoneFuzzer);
113 |
114 |
115 | loadFingerPrintRules();
116 |
117 |
118 | fingerPrintTab = new FingerPrintTab(callbacks, helpers);
119 | callbacks.addSuiteTab(fingerPrintTab);
120 |
121 |
122 | fingerPrintTab.setRulePanel(fingerprintRules);
123 |
124 |
125 | fingerPrintScanner = new FingerPrintScanner(callbacks, helpers, fingerprintRules, fingerPrintTab, scannedUrls, requestCount, successCount);
126 |
127 |
128 | fingerPrintTab.setScanner(fingerPrintScanner);
129 |
130 |
131 | callbacks.registerProxyListener(this);
132 |
133 |
134 | callbacks.registerExtensionStateListener(this);
135 |
136 |
137 | startMemoryMonitor();
138 | }
139 |
140 | private void loadFingerPrintRules() {
141 | try {
142 |
143 | File localFile = new File("finger-important.json");
144 | InputStream inputStream = null;
145 |
146 | if (localFile.exists() && localFile.isFile()) {
147 |
148 | inputStream = new FileInputStream(localFile);
149 |
150 | } else {
151 |
152 | ClassLoader classLoader = getClass().getClassLoader();
153 | inputStream = classLoader.getResourceAsStream("conf/finger-important.json");
154 |
155 | if (inputStream != null) {
156 |
157 | try (InputStream resourceStream = classLoader.getResourceAsStream("conf/finger-important.json");
158 | FileOutputStream outputStream = new FileOutputStream(localFile)) {
159 |
160 | if (resourceStream != null) {
161 | byte[] buffer = new byte[1024];
162 | int length;
163 | while ((length = resourceStream.read(buffer)) > 0) {
164 | outputStream.write(buffer, 0, length);
165 | }
166 |
167 |
168 |
169 | inputStream = new FileInputStream(localFile);
170 | }
171 | } catch (Exception e) {
172 | stderr.println("[!] 复制资源文件到当前目录失败: " + e.getMessage());
173 | }
174 | }
175 | }
176 |
177 | if (inputStream == null) {
178 | stderr.println("[!] 无法加载指纹规则文件");
179 | fingerprintRules = new ArrayList<>();
180 | return;
181 | }
182 |
183 | try (BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) {
184 | Gson gson = new Gson();
185 | Type fingerprintRuleListType = new TypeToken