class BurpExtender(IBurpExtender, IContextMenuFactory, ITab, IProxyListener): """ BurpSuite插件类 """ def __init__(self): self.plugin_name = u'orz Plugin' self.panel = None self.callbacks = None self.DEBUG = True self.context = None self.helpers = None self.log_box_width = 1000 self.log_box_height = 400 self.tools = Tools() self.now_version = VERSION def registerExtenderCallbacks(self, callbacks): # 注册插件 self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.callbacks.setExtensionName(self.plugin_name) # 绘制标签页UI self.tab_ui() self.callbacks.customizeUiComponent(self.panel) self.callbacks.addSuiteTab(self) self.callbacks.registerProxyListener(self) self.callbacks.registerContextMenuFactory(self) print('Plugin load successfully!') self.tools.log('INFO', '插件加载成功 - 当前版本: {}'.format(VERSION)) self.tools.log('INFO', '当前debug模式: {}'.format(self.DEBUG)) # 窗口大小检查线程 log_box_thread = threading.Thread(target=self.reset_log_box_size) log_box_thread.setDaemon(True) log_box_thread.start() return def createMenuItems(self, invocation): # 创建菜单右键菜单选项 self.context = invocation menu_list = JMenu('orz Plugin') if self.context.getToolFlag() == 0x40: menu_list.add( JMenuItem(u'添加IP伪造请求头', actionPerformed=self.update_client_src_ip)) menu_list.add( JMenuItem(u'生成DNSLog Payload', actionPerformed=self.dnslog_payload)) # DEBUG 按钮 menu_list.add( JMenuItem('orz - DEBUG', actionPerformed=self.debug_fun)) return [menu_list] def tab_ui(self): self.panel = JPanel() self.panel.setLayout(None) self.ui_client_dnslog_label_1 = JLabel('-' * 10 + u' IP伪造请求头 & DNSLog 配置 ' + '-' * 155) self.ui_client_dnslog_label_1.setBounds(20, 10, 1000, 28) self.ui_client_ip_label_1 = JLabel(u'伪造IP: ') self.ui_client_ip_label_1.setBounds(20, 40, 70, 30) self.ui_client_ip = JTextField('127.0.0.1') self.ui_client_ip.setBounds(80, 40, 200, 28) self.ui_client_url_label_1 = JLabel(u'dnslog url: ') self.ui_client_url_label_1.setBounds(10, 80, 70, 30) self.ui_client_url = JTextField('http://examlpe.com') self.ui_client_url.setBounds(80, 80, 200, 28) self.ui_button_label = JLabel('-' * 210) self.ui_button_label.setBounds(20, 110, 1000, 28) #self.ui_web_test_button = JButton(u'登录测试', actionPerformed=self.login_test) #self.ui_web_test_button.setBounds(20, 140, 100, 28) self.ui_save_button = JButton(u'保存配置', actionPerformed=self.save_configuration) self.ui_save_button.setBounds(20, 140, 100, 28) self.ui_debug_button = JButton('Debug', actionPerformed=self.debug_fun) self.ui_debug_button.setBounds(135, 140, 100, 28) self.panel.add(self.ui_debug_button) self.ui_log_box = JTextArea('') self.ui_log_box.setLineWrap(True) self.ui_log_box.setEditable(False) self.ui_log_scroll_pane = JScrollPane(self.ui_log_box) self.ui_log_scroll_pane.setBounds(20, 190, self.log_box_width, self.log_box_height) self.panel.add(self.ui_client_dnslog_label_1) self.panel.add(self.ui_client_ip_label_1) self.panel.add(self.ui_client_ip) self.panel.add(self.ui_client_url_label_1) self.panel.add(self.ui_client_url) self.panel.add(self.ui_button_label) #self.panel.add(self.ui_web_test_button) self.panel.add(self.ui_save_button) self.panel.add(self.ui_log_scroll_pane) self.tools.panel = self.panel self.tools.log_box = self.ui_log_box self.tools.log_scroll_pane = self.ui_log_scroll_pane def getTabCaption(self): # 设置标签页名称 return self.plugin_name def getUiComponent(self): # 设置标签页UI return self.panel def processProxyMessage(self, message_is_request, message): """ 处理Proxy请求 url: http://biubiu.com:80/h/p?id=24&a=123 request_methond: POST GET etc cookie: 顾名思义 content_type: 如 application/json; charset=UTF-8 request_header: 包含coolie的头 request_body: 顾名思义 host: 主机名 port: 端口号 protocol: 协议,如http、https url_parameters:url中的参数信息, 格式{'id':23,'a':123} """ if message_is_request and self.DEBUG: request = message.getMessageInfo().getRequest() analyzedRequest = self.helpers.analyzeRequest( message.getMessageInfo().getHttpService(), request) request_headers = analyzedRequest.getHeaders() request_body = request[analyzedRequest.getBodyOffset():].tostring() url = str(analyzedRequest.getUrl()) host = message.getMessageInfo().getHttpService().getHost() port = message.getMessageInfo().getHttpService().getPort() protocol = message.getMessageInfo().getHttpService().getProtocol() request_methond = str(analyzedRequest.getMethod()) parameters = analyzedRequest.getParameters() url_parameters = {} for parameter in parameters: if parameter.getType() == 0: url_parameters[str(parameter.getName())] = str( parameter.getValue()) cookie = "" content_type = "" request_header = {} for header in request_headers[2:]: header = str(header).strip() header_temp = header.split(':') request_header[header_temp[0].strip()] = ':'.join( header_temp[1:]).strip() if header.startswith("Cookie:"): cookie_temp = header.split(':') cookie = ':'.join(cookie_temp[1:]).strip() continue if header.startswith("Content-Type"): content_type = ':'.join(header.split(':')[1:]).strip() # self.tools.log('content_type', content_type) # self.tools.log('request_methond', request_methond) # self.tools.log('url', url) #self.tools.log('request_header', request_header) # self.tools.log('cookie', cookie) self.tools.http_deal(url, request_methond, cookie, content_type, request_header, request_body) # 多线程 # proxy_thread = threading.Thread(target=self.tools.http_deal, args=( # url, request_methond, cookie, content_type, request_header, request_body)) # proxy_thread.setDaemon(True) # proxy_thread.start() # 新增处理线程 def login_test(self, event): # 生产环境Web方式获取Cookie测试 return def save_configuration(self, event): self.tools.client_src_ip = str(self.ui_client_ip.getText()).strip() self.tools.dnslog_url = str(self.ui_client_url.getText()).strip() self.tools.log('INFO', '配置保存成功') def reset_log_box_size(self): while self.tools.runtime(): time.sleep(1) new_width = int(self.panel.rootPane.getSize().width) - 40 new_height = int(self.panel.rootPane.getSize().height) - 290 if new_width != self.log_box_width or new_height != self.log_box_height: self.log_box_width = new_width self.log_box_height = new_height self.ui_log_scroll_pane.setBounds(20, 190, self.log_box_width, self.log_box_height) self.panel.updateUI() def debug_fun(self, event): if self.DEBUG: self.DEBUG = False self.tools.log('INFO', 'set debug = False') else: self.DEBUG = True self.tools.log('INFO', 'set debug = True') def update_web_cookie(self): http_traffic = self.context.getSelectedMessages()[0] traffic_analyze = self.helpers.analyzeRequest(http_traffic) return def web_cookie_web_prod(self, event): self.update_web_cookie() def update_client_src_ip(self, event): add_header = [ 'X-Originating-IP', 'X-Forwarded-For', 'X-Remote-IP', 'X-Remote-Addr', 'X-Client-IP', 'X-Real-IP', 'Proxy-Cllient-IP', 'HTTP_CLIENT_IP', 'HTTP_X_FORWARDED_FOR' ] http_traffic = self.context.getSelectedMessages()[0] traffic_analyze = self.helpers.analyzeRequest(http_traffic) new_headers = [] tmp_add_header = map(str.lower, add_header) for header in traffic_analyze.getHeaders(): tmp_header = header.split(':')[0].strip().lower() if tmp_header not in tmp_add_header: new_headers.append(header) new_headers += map( lambda x: '{}: {}'.format(x, self.tools.client_src_ip), add_header) new_request = self.helpers.buildHttpMessage( new_headers, http_traffic.getRequest()[traffic_analyze.getBodyOffset():]) http_traffic.setRequest(new_request) def dnslog_payload(self, event): self.tools.msg_box('功能暂未实现,待更新')