diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs index 8d6bbdc..ef52325 100644 --- a/.settings/org.eclipse.core.resources.prefs +++ b/.settings/org.eclipse.core.resources.prefs @@ -1,2 +1,3 @@ eclipse.preferences.version=1 -encoding//src/burp/CAESOperator.java=UTF-8 +encoding//src/burp/BurpExtender.java=UTF-8 +encoding//src/custom/CAESOperator.java=UTF-8 diff --git a/README.md b/README.md index 5daa1cd..80da589 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,74 @@ -# Burp_Extender_ReSign -A burp extender that recalculate signature value automatically when you specified the signature algorithm at GUI. +# Resign v2.0# +## Description ## -Background: +A burp extender that recalculate signature value automatically after you modified request parameter value.but you need to know the signature algorithm detail and configure at GUI. +一个可以在你修改请求参数值后,自动从新计算sign的burp插件。但是前提是你需要知道具体的算法细节,并且在插件的GUI中配置。 -越来越多的移动开发者 开始使用签名算法来提高App的安全性。如果我们想要对App产生的请求进行测试,在知道具体算法的情况下,该插件可以帮你自动计算sign值。 -More and more mobile developers begin to use the signature algorithm to improve the security of App. If we want to test the App generated requests, in the case of we know the detail of signature algorithm, this burp extender can recalculate the sign value automatically. +![](http://i.imgur.com/4YQR4IT.png) + +## Background ## + + More and more mobile developers begin to use the signature algorithm to improve the security of App. when we test the App generated requests, always need to recalculate the sign value and update it again and again to make the request pass the server check. + +越来越多的移动开发者在App的请求中加入签名来提高安全性。当我们测试App生成的请求接口,总需要一次又一次地从新计算sign并更新sign值才能保证请求通过服务端的校验。 + +## Requirement ## + +Java 1.8 + +## Usage ## + +1. download this extender from [here](https://github.com/bit4woo/GUI_Burp_Extender_ReSign/releases "here") , and add to burp. + + +2. Use "Send to ReSign"![](http://i.imgur.com/kbThsZJ.png) + + +3. Chose take effect for. you can control which components take effect for by select or cancel the select on the Window top + + +4. Config + + +first, which parameters will take part in and how to sort. remove the ones that don't need, move up and down or click table header to sort. + +第一,决定哪些参数要参与签名,将不需要的参数移除;决定参数如何排序,可以通过“move up”和“move down”来自定义排序,也可以通过点击表头来实现升序降序排序。 + +second, which parameter is sign. select the sign parameter and click "Mark As Sign". + +第二,标记出签名字段,选择签名的字段,并点击“Mark As Sign”将其标记为sign字段。 + +thirdly, input the secrect key(md5 salt).if secret key will be use as a normal parameter, it should be like "key=secretkey" --a key value format;if the secret key will be append to the end when parameters have been oredered and combined, should be like "&key=secretkey"(there is a connector string usually, & is the connector string in this example.) + +第三,输入secret key(或者md5盐)。如果这个key将被当作和普通参数一样对待,那么它的格式应该是键值对的形式。如果key是在参数排好序、拼接好后附加在末尾,那么它应该包含一个连接符(如果需要的话)比如“&key=secretkey”。 + +finally, chose how to combine parameters. + +最后,决定怎样拼接参数。是否值使用value,不需要“key=”; 拼接是否需要使用连接字符,连接字符是什么(一般是&) + +**Caution:you can always click "show final string" to see whether the result string is you want.** + +**重要提示:如果对选项理解不清晰,你可以随时点击“show final string”看看拼接的效果。** + + + +## Change log ## + + +- support SHA1. +- support custome order. +- support parameter combine control: chose whether only use value; specify the connector string. +- adjust the scope policy that the extender config take effect:this extender is main for single request(like other burp origin components),that means you need to config again for each request. if the config are same in same domain, you don't need to do that again. + +- 增加SHA1算法支持。 +- 增加自定义排序支持。 +- 增加字符拼接控制:是否只使用value,指定拼接连接符。 +- 调整插件生效范围策略:主要针对单个请求(就像burp的原生组件一样),也就是说对于每个单独的请求都需从新配置。但是如果同域下其他接口的签名参数和方法完全一样,则可以不用重新配置。 + +## issue and contribute ## + +any issue and contribute are welcomed。 + +欢迎提issue,提bug。 \ No newline at end of file diff --git a/bin/.gitignore b/bin/.gitignore new file mode 100644 index 0000000..0c672cf --- /dev/null +++ b/bin/.gitignore @@ -0,0 +1,2 @@ +/burp/ +/custom/ diff --git a/bin/burp/BurpExtender$1.class b/bin/burp/BurpExtender$1.class index 3ff3d19..bc69c8e 100644 Binary files a/bin/burp/BurpExtender$1.class and b/bin/burp/BurpExtender$1.class differ diff --git a/bin/burp/BurpExtender$2.class b/bin/burp/BurpExtender$2.class index f8bd292..8e21c66 100644 Binary files a/bin/burp/BurpExtender$2.class and b/bin/burp/BurpExtender$2.class differ diff --git a/bin/burp/BurpExtender$3.class b/bin/burp/BurpExtender$3.class index eb99236..efab1c4 100644 Binary files a/bin/burp/BurpExtender$3.class and b/bin/burp/BurpExtender$3.class differ diff --git a/bin/burp/BurpExtender$4.class b/bin/burp/BurpExtender$4.class index 463901b..9d1f5f2 100644 Binary files a/bin/burp/BurpExtender$4.class and b/bin/burp/BurpExtender$4.class differ diff --git a/bin/burp/BurpExtender$5.class b/bin/burp/BurpExtender$5.class index cabf515..b9a948c 100644 Binary files a/bin/burp/BurpExtender$5.class and b/bin/burp/BurpExtender$5.class differ diff --git a/bin/burp/BurpExtender$6.class b/bin/burp/BurpExtender$6.class index 47df540..014bb30 100644 Binary files a/bin/burp/BurpExtender$6.class and b/bin/burp/BurpExtender$6.class differ diff --git a/bin/burp/BurpExtender$7.class b/bin/burp/BurpExtender$7.class index 42adb33..6643d96 100644 Binary files a/bin/burp/BurpExtender$7.class and b/bin/burp/BurpExtender$7.class differ diff --git a/bin/burp/BurpExtender$8.class b/bin/burp/BurpExtender$8.class index 3f5dbdd..57957a0 100644 Binary files a/bin/burp/BurpExtender$8.class and b/bin/burp/BurpExtender$8.class differ diff --git a/bin/burp/BurpExtender.class b/bin/burp/BurpExtender.class index 05cee14..0ac2da4 100644 Binary files a/bin/burp/BurpExtender.class and b/bin/burp/BurpExtender.class differ diff --git a/bin/burp/CAESOperator.class b/bin/burp/CAESOperator.class deleted file mode 100644 index ff1640f..0000000 Binary files a/bin/burp/CAESOperator.class and /dev/null differ diff --git a/bin/burp/CAESOperator_AES_256.class b/bin/burp/CAESOperator_AES_256.class deleted file mode 100644 index b78f7aa..0000000 Binary files a/bin/burp/CAESOperator_AES_256.class and /dev/null differ diff --git a/bin/burp/CBase64$Coder.class b/bin/burp/CBase64$Coder.class deleted file mode 100644 index 1bc7b55..0000000 Binary files a/bin/burp/CBase64$Coder.class and /dev/null differ diff --git a/bin/burp/CBase64$Decoder.class b/bin/burp/CBase64$Decoder.class deleted file mode 100644 index 6011f39..0000000 Binary files a/bin/burp/CBase64$Decoder.class and /dev/null differ diff --git a/bin/burp/CBase64$Encoder.class b/bin/burp/CBase64$Encoder.class deleted file mode 100644 index 892c786..0000000 Binary files a/bin/burp/CBase64$Encoder.class and /dev/null differ diff --git a/bin/burp/CBase64.class b/bin/burp/CBase64.class deleted file mode 100644 index f186ae7..0000000 Binary files a/bin/burp/CBase64.class and /dev/null differ diff --git a/bin/burp/CGUI$1.class b/bin/burp/CGUI$1.class deleted file mode 100644 index 6b409af..0000000 Binary files a/bin/burp/CGUI$1.class and /dev/null differ diff --git a/bin/burp/CGUI$2.class b/bin/burp/CGUI$2.class deleted file mode 100644 index 55bf843..0000000 Binary files a/bin/burp/CGUI$2.class and /dev/null differ diff --git a/bin/burp/CGUI$3.class b/bin/burp/CGUI$3.class deleted file mode 100644 index 250614e..0000000 Binary files a/bin/burp/CGUI$3.class and /dev/null differ diff --git a/bin/burp/CGUI$4.class b/bin/burp/CGUI$4.class deleted file mode 100644 index c322ccc..0000000 Binary files a/bin/burp/CGUI$4.class and /dev/null differ diff --git a/bin/burp/CGUI$5.class b/bin/burp/CGUI$5.class deleted file mode 100644 index ba56394..0000000 Binary files a/bin/burp/CGUI$5.class and /dev/null differ diff --git a/bin/burp/CGUI$6.class b/bin/burp/CGUI$6.class deleted file mode 100644 index 44a18c0..0000000 Binary files a/bin/burp/CGUI$6.class and /dev/null differ diff --git a/bin/burp/CGUI$7.class b/bin/burp/CGUI$7.class deleted file mode 100644 index 9cb5c08..0000000 Binary files a/bin/burp/CGUI$7.class and /dev/null differ diff --git a/bin/burp/CGUI.class b/bin/burp/CGUI.class deleted file mode 100644 index 14230d5..0000000 Binary files a/bin/burp/CGUI.class and /dev/null differ diff --git a/bin/burp/CMD5.class b/bin/burp/CMD5.class deleted file mode 100644 index 8a6aef1..0000000 Binary files a/bin/burp/CMD5.class and /dev/null differ diff --git a/bin/burp/CMapSort.class b/bin/burp/CMapSort.class deleted file mode 100644 index f78afb5..0000000 Binary files a/bin/burp/CMapSort.class and /dev/null differ diff --git a/bin/burp/CRecalculater.class b/bin/burp/CRecalculater.class deleted file mode 100644 index 3a3d200..0000000 Binary files a/bin/burp/CRecalculater.class and /dev/null differ diff --git a/bin/burp/CString2Other.class b/bin/burp/CString2Other.class deleted file mode 100644 index 459371c..0000000 Binary files a/bin/burp/CString2Other.class and /dev/null differ diff --git a/bin/burp/CUnicodeDecoder.class b/bin/burp/CUnicodeDecoder.class deleted file mode 100644 index 8fcc7fb..0000000 Binary files a/bin/burp/CUnicodeDecoder.class and /dev/null differ diff --git a/bin/burp/MapKeyComparator.class b/bin/burp/MapKeyComparator.class deleted file mode 100644 index edf0653..0000000 Binary files a/bin/burp/MapKeyComparator.class and /dev/null differ diff --git a/bin/burp/MapKeyComparatorDesc.class b/bin/burp/MapKeyComparatorDesc.class deleted file mode 100644 index c321208..0000000 Binary files a/bin/burp/MapKeyComparatorDesc.class and /dev/null differ diff --git a/bin/burp/MapValueComparator.class b/bin/burp/MapValueComparator.class deleted file mode 100644 index d21112d..0000000 Binary files a/bin/burp/MapValueComparator.class and /dev/null differ diff --git a/bin/burp/MapValueComparatorDesc.class b/bin/burp/MapValueComparatorDesc.class deleted file mode 100644 index d66ef03..0000000 Binary files a/bin/burp/MapValueComparatorDesc.class and /dev/null differ diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java index 5f9a9ed..455a4f2 100644 --- a/src/burp/BurpExtender.java +++ b/src/burp/BurpExtender.java @@ -1,12 +1,14 @@ package burp; import java.util.ArrayList; -import java.util.Arrays; import java.util.HashMap; +import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.awt.BorderLayout; +import java.awt.Color; + import javax.swing.JCheckBox; import javax.swing.JPanel; import javax.swing.JScrollPane; @@ -29,30 +31,37 @@ import javax.swing.table.DefaultTableModel; import javax.swing.table.TableModel; import javax.swing.table.TableRowSorter; +import javax.xml.crypto.Data; import java.awt.GridLayout; -import javax.swing.BoxLayout; import javax.swing.ButtonGroup; import javax.swing.JButton; import javax.swing.JTextArea; import java.awt.event.ActionListener; +import java.awt.event.MouseAdapter; +import java.awt.event.MouseEvent; import java.awt.event.ActionEvent; import java.awt.Component; import java.awt.Cursor; +import java.awt.Desktop; import java.io.PrintWriter; -import burp.CAESOperator; //AES�ӽ����㷨��ʵ���� +import java.net.URI; +import java.sql.Date; + import burp.IParameter; -import burp.CUnicodeDecoder; +import custom.CMD5; +import custom.CSHA1; + public class BurpExtender implements IBurpExtender, IHttpListener, ITab, IContextMenuFactory { private IBurpExtenderCallbacks callbacks; private IExtensionHelpers helpers; - private PrintWriter stdout;//�������ﶨ�����������registerExtenderCallbacks������ʵ������������ں����о�ֻ�Ǿֲ���������������ʵ��������ΪҪ�õ����������� + private PrintWriter stdout;//现在这里定义变量,再在registerExtenderCallbacks函数中实例化,如果都在函数中就只是局部变量,不能在这实例化,因为要用到其他参数。 public JCheckBox chckbxProxy; public JCheckBox chckbxScanner; public JCheckBox chckbxIntruder; @@ -65,11 +74,15 @@ public class BurpExtender implements IBurpExtender, IHttpListener, ITab, IContex public JTextField textFieldConnector; public JTextArea textAreaFinalString; public JCheckBox chckbxMD5; + public JCheckBox chckbxSHA1; public JCheckBox chckbxNewCheckBox_3; public JTextArea textAreaSign; public JPanel contentPane; private final ButtonGroup buttonGroup = new ButtonGroup(); - private JTextField textFieldBlackList; + private final ButtonGroup buttonGroup1 = new ButtonGroup(); + public String extenderName = "Resign v2.0 by bit4"; + private JTextField textFieldParaConnector; + public JLabel lblOrderMethod; @@ -79,20 +92,22 @@ public class BurpExtender implements IBurpExtender, IHttpListener, ITab, IContex public String howDealKey = ""; //sameAsPara or appendToEnd String signPara = null; //the key name of sign parameter private JTextField textFieldSign; + private JCheckBox chckbxOnlyUseValue; + // implement IBurpExtender @Override public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) - {//�����ز����ʱ�򣬻��������ķ����� + {//当加载插件的时候,会调用下面的方法。 stdout = new PrintWriter(callbacks.getStdout(), true); - //PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true); ����д���Ƕ��������ʵ����������ı��������µı���������֮ǰclass�е�ȫ�ֱ����ˡ� - stdout.println("ReSign v1.0 by bit4 https://github.com/bit4woo"); - //System.out.println("test"); ���������burp�� + //PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true); 这种写法是定义变量和实例化,这里的变量就是新的变量而不是之前class中的全局变量了。 + stdout.println(extenderName+" https://github.com/bit4woo"); + //System.out.println("test"); 不会输出到burp的 this.callbacks = callbacks; helpers = callbacks.getHelpers(); - callbacks.setExtensionName("ReSign v1.0 by bit4"); //������� - callbacks.registerHttpListener(this); //���û��ע�ᣬ�����processHttpMessage�����Dz�����Ч�ġ������������Ӧ���IJ�������Ӧ���DZ�Ҫ�� + callbacks.setExtensionName(extenderName); //插件名称 + callbacks.registerHttpListener(this); //如果没有注册,下面的processHttpMessage方法是不会生效的。处理请求和响应包的插件,这个应该是必要的 callbacks.registerContextMenuFactory(this); addMenuTab(); } @@ -100,78 +115,33 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) @Override public void processHttpMessage(int toolFlag,boolean messageIsRequest,IHttpRequestResponse messageInfo) { - if (toolFlag == (toolFlag&checkEnabledFor())){ //��ͬ��toolflag�����˲�ͬ��burp��� https://portswigger.net/burp/extender/api/constant-values.html#burp.IBurpExtenderCallbacks - if (messageIsRequest){ //����������д��� - - //��ȡ���ֲ�������Ϣ��ķ����������£��޷����֣�body��header��paramater - IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); //����Ϣ����н��� - //the method of get header - List headers = analyzeRequest.getHeaders(); //��ȡhttp����ͷ����Ϣ�����ؿ��Կ�����һ��python�е��б���java���ǽз���ʲô�ģ���ûŪ��� - //the method of get body - int bodyOffset = analyzeRequest.getBodyOffset(); - byte[] byte_Request = messageInfo.getRequest(); - String request = new String(byte_Request); //byte[] to String - String body = request.substring(bodyOffset); - byte[] byte_body = body.getBytes(); //String to byte[] - //the method of get parameter - List paras = analyzeRequest.getParameters(); - - - //����ͼ������ȡ������� - Map paraList = getPara(analyzeRequest);//��ȡ��Ҫ����sign����IJ������Զ����getPara�ų���blacklist�еIJ��� - signPara = textFieldSign.getText(); + if (toolFlag == (toolFlag&checkEnabledFor())){ //不同的toolflag代表了不同的burp组件 https://portswigger.net/burp/extender/api/constant-values.html#burp.IBurpExtenderCallbacks + if (messageIsRequest){ //对请求包进行处理 + IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); //对消息体进行解析 byte getSignParaType = getSignParaType(analyzeRequest); - - //�ж�һ�������Ƿ����ļ��ϴ�������//ͼ�ν���û���ⲿ�ֹ��ܣ���ʱ���� - boolean isFileUploadRequest =false; -// for (String header : headers){ -// //stdout.println(header); -// if (header.toLowerCase().indexOf("content-type")!=-1 && header.toLowerCase().indexOf("boundary")!=-1){//ͨ��httpͷ�е������ж���������Ƿ����ļ��ϴ������� -// isFileUploadRequest = true; -// } -// } - //*******************recalculate sign**************************// - if (isFileUploadRequest == false){ //��ijЩ������������������������� - if (getHost(analyzeRequest).endsWith(getHostFromUI()) && signPara != null && secretKey !=null && getSignParaType !=-1){//���ͼ������ϵĸ��ֲ��������뱸�˲Ž��С� - byte[] new_Request = messageInfo.getRequest(); - String str = combineString(paraList); - CMD5 getMD5 = new CMD5(); - String newSign = getMD5.GetMD5Code(str); - //stdout.println("New Sign:"+newSign); //�����extender��UI���ڣ�������ʹ������һЩ�ж� - //���°��ķ������� - //���²��� - IParameter newPara = helpers.buildParameter(signPara, newSign, getSignParaType); //�����µIJ���,���������PARAM_JSON���ͣ���������Dz����õ� - //IParameter newPara = helpers.buildParameter(key, aesvalue, PARAM_BODY); //Ҫʹ�����PARAM_BODY �Dz�����Ҫ��ʵ����IParameter�ࡣ - new_Request = helpers.updateParameter(new_Request, newPara); //�����µ�������������Ƿ���һupdateParameter - // new_Request = helpers.buildHttpMessage(headers, byte_body); //����޸���header�������޸���body��������ͨ��updateParameter��ʹ����������� - -// //����������json���ݸ�ʽ�е�ʱ����Ҫ�õ����·����� -// //�����url�еIJ�����ֵ�� xxx=json��ʽ���ַ��� ������ʽ��ʱ��getParametersӦ�����޷���ȡ����ײ�ļ�ֵ�Եġ���Ҫ�������еIJ���Ҳ��Ҫʹ�����µķ����� -// JSONObject jsonObject = JSON.parseObject(body); -// JSONObject header = jsonObject.getJSONObject("header"); -// header.replace("sign", sign); -// jsonObject.replace("header", header); -// body = JSON.toJSONString(jsonObject); - - messageInfo.setRequest(new_Request);//���������µ������ - stdout.println(new String(messageInfo.getRequest())); - stdout.print("\r\n"); - /* to verify the updated result - for (IParameter para : helpers.analyzeRequest(messageInfo).getParameters()){ - stdout.println(para.getValue()); - } - */ - - } - } - - - - } - } - - } + //*******************recalculate sign**************************// + if (getHost(analyzeRequest).equals(getHostFromUI()) && getSignParaType !=-1){//检查图形面板上的各种参数,都齐备了才进行。 + byte[] new_Request = messageInfo.getRequest(); + String str = combineString(getUpdatedParaBaseOnTable(analyzeRequest),getOnlyValueConfig(),getParaConnector()); + stdout.println("Combined String:"+str); + String newSign = calcSign(str); + stdout.println("New Sign:"+newSign); //输出到extender的UI窗口,可以让使用者有一些判断 + //更新参数 + IParameter newPara = helpers.buildParameter(signPara, newSign, getSignParaType); //构造新的参数,如果参数是PARAM_JSON类型,这个方法是不适用的 + new_Request = helpers.updateParameter(new_Request, newPara); //构造新的请求包,这里是方法一updateParameter + messageInfo.setRequest(new_Request);//设置最终新的请求包 + //stdout.println(new String(messageInfo.getRequest())); + //stdout.print("\r\n"); + /* to verify the updated result + for (IParameter para : helpers.analyzeRequest(messageInfo).getParameters()){ + stdout.println(para.getValue()); + } + */ + } + } + } + } public void CGUI() { @@ -214,7 +184,31 @@ public void CGUI() { contentPane.add(panel_1, BorderLayout.SOUTH); panel_1.setLayout(new FlowLayout(FlowLayout.LEFT, 5, 5)); - JLabel lblNewLabel = new JLabel("ReSign v1.0 by bit4 https://github.com/bit4woo"); + JLabel lblNewLabel = new JLabel(extenderName+" https://github.com/bit4woo"); + lblNewLabel.addMouseListener(new MouseAdapter() { + @Override + public void mouseClicked(MouseEvent e) { + try { + URI uri = new URI("https://github.com/bit4woo"); + Desktop desktop = Desktop.getDesktop(); + if(Desktop.isDesktopSupported()&&desktop.isSupported(Desktop.Action.BROWSE)){ + desktop.browse(uri); + } + } catch (Exception e2) { + // TODO: handle exception + BurpExtender.this.callbacks.printError(e2.getMessage()); + } + + } + @Override + public void mouseEntered(MouseEvent e) { + lblNewLabel.setForeground(Color.BLUE); + } + @Override + public void mouseExited(MouseEvent e) { + lblNewLabel.setForeground(Color.BLACK); + } + }); lblNewLabel.setHorizontalAlignment(SwingConstants.LEFT); panel_1.add(lblNewLabel); @@ -227,14 +221,14 @@ public void CGUI() { panel.add(panel_5, BorderLayout.NORTH); panel_5.setLayout(new GridLayout(0, 1, 0, 0)); - JLabel lblDomain = new JLabel("Domain:"); - panel_5.add(lblDomain); + JLabel lblURL = new JLabel("Domain:"); + panel_5.add(lblURL); textFieldDomain = new JTextField(); panel_5.add(textFieldDomain); textFieldDomain.setColumns(20); - JLabel lblParas = new JLabel("Parameters:(Click Table Header To Sort)"); + JLabel lblParas = new JLabel("[1] Parameters:(Click Table Header To Sort Or Move Up And Down To Custom)"); panel_5.add(lblParas); JScrollPane panel_6 = new JScrollPane(); @@ -242,6 +236,24 @@ public void CGUI() { panel.add(panel_6, BorderLayout.CENTER); table = new JTable(); + table.getTableHeader().addMouseListener(new MouseAdapter() { + @Override + public void mouseClicked(MouseEvent e) { + try { + sortedColumn = table.getRowSorter().getSortKeys().get(0).getColumn(); + //System.out.println(sortedColumn); + sortedMethod = table.getRowSorter().getSortKeys().get(0).getSortOrder(); + System.out.println(sortedMethod); //ASCENDING DESCENDING + } catch (Exception e1) { + sortedColumn = -1; + sortedMethod = null; + BurpExtender.this.callbacks.printError(e1.getMessage()); + } +// System.out.println(sortedColumn); +// System.out.println(sortedMethod); + lblOrderMethod.setText(table.getColumnName(sortedColumn)+" "+sortedMethod); + } + }); table.setColumnSelectionAllowed(true); table.setCellSelectionEnabled(true); table.setSurrendersFocusOnKeystroke(true); @@ -263,93 +275,137 @@ public void CGUI() { panel.add(panel_7, BorderLayout.EAST); GridBagLayout gbl_panel_7 = new GridBagLayout(); gbl_panel_7.columnWidths = new int[]{93, 0}; - gbl_panel_7.rowHeights = new int[]{23, 0, 0, 0, 0, 0, 0, 0}; + gbl_panel_7.rowHeights = new int[]{23, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; gbl_panel_7.columnWeights = new double[]{1.0, Double.MIN_VALUE}; - gbl_panel_7.rowWeights = new double[]{0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, Double.MIN_VALUE}; + gbl_panel_7.rowWeights = new double[]{0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, Double.MIN_VALUE}; panel_7.setLayout(gbl_panel_7); - JButton btnNewButton = new JButton("Remove"); - btnNewButton.addActionListener(new ActionListener() { + + JButton btnMarkAsSign = new JButton("Mark As Sign Para"); + btnMarkAsSign.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - DefaultTableModel tableModel = (DefaultTableModel) table.getModel(); if (table.getSelectedRow() != -1){ - tableModel.removeRow(table.getSelectedRow());//���һ��ɾ�����У� + signPara = table.getValueAt(table.getSelectedRow(), 0).toString(); + textFieldSign.setText(signPara); } } }); - GridBagConstraints gbc_btnNewButton = new GridBagConstraints(); - gbc_btnNewButton.insets = new Insets(0, 0, 5, 0); - gbc_btnNewButton.gridx = 0; - gbc_btnNewButton.gridy = 0; - panel_7.add(btnNewButton, gbc_btnNewButton); - JButton btnAdd = new JButton("Add"); - btnAdd.addActionListener(new ActionListener() { + + JButton btnMoveDown = new JButton("Move Down"); + btnMoveDown.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - DefaultTableModel model = (DefaultTableModel) table.getModel(); - model.addRow(new Object[]{"k","v"}); + if (table.getSelectedRow() != -1 && table.getSelectedRow()+1 <= table.getRowCount()-1){ + try{ + int row = table.getSelectedRow(); + String xkey = table.getValueAt(row, 0).toString(); + String xvalue = table.getValueAt(row, 1).toString(); + + String tmpkey = table.getValueAt(row+1, 0).toString(); + String tmpvalue = table.getValueAt(row+1, 1).toString(); + + //do exchange + tableModel.setValueAt(tmpkey, row, 0); + tableModel.setValueAt(tmpvalue, row, 1); + + tableModel.setValueAt(xkey, row+1, 0); + tableModel.setValueAt(xvalue, row+1, 1); + + table.setRowSelectionInterval(row+1, row+1);//set the line selected + + lblOrderMethod.setText("Custom Order"); + }catch(Exception e1){ + BurpExtender.this.callbacks.printError(e1.getMessage()); + + } + + + } } }); - GridBagConstraints gbc_btnAdd = new GridBagConstraints(); - gbc_btnAdd.insets = new Insets(0, 0, 5, 0); - gbc_btnAdd.gridx = 0; - gbc_btnAdd.gridy = 1; - panel_7.add(btnAdd, gbc_btnAdd); - JButton btnNewButton_1 = new JButton("Add To Black List"); - btnNewButton_1.addActionListener(new ActionListener() { + JButton btnMoveUp = new JButton("Move Up"); + btnMoveUp.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - String blackListString = textFieldBlackList.getText(); - List blackList = Arrays.asList(blackListString.split(" ")); - if (table.getSelectedRow() != -1){ - String x = table.getValueAt(table.getSelectedRow(), 0).toString(); - if (!blackList.contains(x) & x != "" & x != null) - blackListString +=" "+x; + if (table.getSelectedRow() != -1 && table.getSelectedRow()-1 >=0){ + try { + int row = table.getSelectedRow(); + String xkey = table.getValueAt(row, 0).toString(); + String xvalue = table.getValueAt(row, 1).toString(); + + String tmpkey = table.getValueAt(row-1, 0).toString(); + String tmpvalue = table.getValueAt(row-1, 1).toString(); + + //do exchange + tableModel.setValueAt(tmpkey, row, 0); + tableModel.setValueAt(tmpvalue, row, 1); + + tableModel.setValueAt(xkey, row-1, 0); + tableModel.setValueAt(xvalue, row-1, 1); + + table.setRowSelectionInterval(row-1, row-1); + + lblOrderMethod.setText("Custom Order"); + } catch (Exception e2) { + // TODO: handle exception + BurpExtender.this.callbacks.printError(e2.getMessage()); + } + } - textFieldBlackList.setText(blackListString); } }); - GridBagConstraints gbc_btnNewButton_1 = new GridBagConstraints(); - gbc_btnNewButton_1.insets = new Insets(0, 0, 5, 0); - gbc_btnNewButton_1.gridx = 0; - gbc_btnNewButton_1.gridy = 2; - panel_7.add(btnNewButton_1, gbc_btnNewButton_1); - - JButton button = new JButton("Show Final String"); - button.addActionListener(new ActionListener() { + JButton btnAdd = new JButton("Add"); + btnAdd.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - String str = combineString(getParaFromTable()); - textAreaFinalString.setText(str); + DefaultTableModel model = (DefaultTableModel) table.getModel(); + model.addRow(new Object[]{"key","value"}); + lblOrderMethod.setText("Custom Order"); } }); - GridBagConstraints gbc_button = new GridBagConstraints(); - gbc_button.insets = new Insets(0, 0, 5, 0); - gbc_button.gridx = 0; - gbc_button.gridy = 4; - panel_7.add(button, gbc_button); - - JButton btnMarkAsSign = new JButton("Mark As Sign Para"); - btnMarkAsSign.addActionListener(new ActionListener() { + JButton btnNewButton = new JButton("Remove"); + btnNewButton.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { + DefaultTableModel tableModel = (DefaultTableModel) table.getModel(); if (table.getSelectedRow() != -1){ - signPara = table.getValueAt(table.getSelectedRow(), 0).toString(); - textFieldSign.setText(signPara); - - //add to blacklist - String blackListString = textFieldBlackList.getText(); - List blackList = Arrays.asList(blackListString.split(" ")); - if (!blackList.contains(signPara) & signPara != "" & signPara != null) - blackListString +=" "+signPara; - textFieldBlackList.setText(blackListString); + tableModel.removeRow(table.getSelectedRow()); } + lblOrderMethod.setText("Custom Order"); } }); + + + lblOrderMethod = new JLabel("Custom Order"); + GridBagConstraints gbc_lblOrderMethod = new GridBagConstraints(); + gbc_lblOrderMethod.insets = new Insets(0, 0, 5, 0); + gbc_lblOrderMethod.gridx = 0; + gbc_lblOrderMethod.gridy = 0; + panel_7.add(lblOrderMethod, gbc_lblOrderMethod); + GridBagConstraints gbc_btnNewButton = new GridBagConstraints(); + gbc_btnNewButton.insets = new Insets(0, 0, 5, 0); + gbc_btnNewButton.gridx = 0; + gbc_btnNewButton.gridy = 1; + panel_7.add(btnNewButton, gbc_btnNewButton); + GridBagConstraints gbc_btnAdd = new GridBagConstraints(); + gbc_btnAdd.insets = new Insets(0, 0, 5, 0); + gbc_btnAdd.gridx = 0; + gbc_btnAdd.gridy = 2; + panel_7.add(btnAdd, gbc_btnAdd); + GridBagConstraints gbc_btnMoveUp = new GridBagConstraints(); + gbc_btnMoveUp.insets = new Insets(0, 0, 5, 0); + gbc_btnMoveUp.gridx = 0; + gbc_btnMoveUp.gridy = 3; + panel_7.add(btnMoveUp, gbc_btnMoveUp); + GridBagConstraints gbc_btnMoveDown = new GridBagConstraints(); + gbc_btnMoveDown.insets = new Insets(0, 0, 5, 0); + gbc_btnMoveDown.gridx = 0; + gbc_btnMoveDown.gridy = 4; + panel_7.add(btnMoveDown, gbc_btnMoveDown); GridBagConstraints gbc_btnMarkAsSign = new GridBagConstraints(); gbc_btnMarkAsSign.insets = new Insets(0, 0, 5, 0); gbc_btnMarkAsSign.gridx = 0; - gbc_btnMarkAsSign.gridy = 3; + gbc_btnMarkAsSign.gridy = 6; panel_7.add(btnMarkAsSign, gbc_btnMarkAsSign); textFieldSign = new JTextField(); @@ -361,6 +417,26 @@ public void actionPerformed(ActionEvent e) { panel_7.add(textFieldSign, gbc_textFieldSign); textFieldSign.setColumns(10); + JButton button = new JButton("Show Final String"); + button.addActionListener(new ActionListener() { + public void actionPerformed(ActionEvent e) { + //System.out.println(getOnlyValueConfig()); + //System.out.println(getSignPara()); + if (getSignPara().equals("")){ + textAreaFinalString.setText("error! sign parameter must be specified!"); + }else{ + String str = combineString(getParaFromTable(),getOnlyValueConfig(),getParaConnector()); + textAreaFinalString.setText(str); + } + + } + }); + GridBagConstraints gbc_button = new GridBagConstraints(); + gbc_button.insets = new Insets(0, 0, 5, 0); + gbc_button.gridx = 0; + gbc_button.gridy = 9; + panel_7.add(button, gbc_button); + JPanel panel_8 = new JPanel(); @@ -368,7 +444,7 @@ public void actionPerformed(ActionEvent e) { panel.add(panel_8, BorderLayout.SOUTH); panel_8.setLayout(new GridLayout(0, 1, 0, 0)); - JLabel lblSecretKey = new JLabel("Secret Key :"); + JLabel lblSecretKey = new JLabel("[2] Secret Key :"); panel_8.add(lblSecretKey); textFieldSecretKey = new JTextField(); @@ -377,22 +453,28 @@ public void actionPerformed(ActionEvent e) { textFieldSecretKey.setColumns(50); - chckbxSameAsPara = new JCheckBox("Add secret key as a parameter, to sort with parameters"); + chckbxSameAsPara = new JCheckBox("Add secret key as a parameter. eg. key=secretkey"); panel_8.add(chckbxSameAsPara); chckbxSameAsPara.setSelected(true); buttonGroup.add(chckbxSameAsPara); - chckbxAppendToEnd = new JCheckBox("Append to the end of sorted Parameters(should contain connect string, such as & :)"); + chckbxAppendToEnd = new JCheckBox("Append to the end of sorted Parameters. eg. &key=secretkey"); panel_8.add(chckbxAppendToEnd); buttonGroup.add(chckbxAppendToEnd); - JLabel lblNewLabel_1 = new JLabel("Para Black List : "); + JLabel lblNewLabel_1 = new JLabel("[3] How To Combine\uFF1A "); panel_8.add(lblNewLabel_1); - textFieldBlackList = new JTextField(); - panel_8.add(textFieldBlackList); - textFieldBlackList.setColumns(50); + chckbxOnlyUseValue = new JCheckBox("Only Use Value"); + panel_8.add(chckbxOnlyUseValue); + + JLabel lblConnecStringBetween = new JLabel("connection string between each parameter"); + panel_8.add(lblConnecStringBetween); + textFieldParaConnector = new JTextField(); + textFieldParaConnector.setText("&"); + panel_8.add(textFieldParaConnector); + textFieldParaConnector.setColumns(50); JPanel panel_2 = new JPanel(); @@ -436,13 +518,24 @@ public void actionPerformed(ActionEvent e) { gbc_chckbxMD5.gridx = 0; gbc_chckbxMD5.gridy = 1; panel_10.add(chckbxMD5, gbc_chckbxMD5); + buttonGroup1.add(chckbxMD5); + + chckbxSHA1 = new JCheckBox("SHA1"); + chckbxSHA1.setSelected(true); + GridBagConstraints gbc_chckbxSHA1 = new GridBagConstraints(); + gbc_chckbxSHA1.insets = new Insets(0, 0, 5, 5); + gbc_chckbxSHA1.gridx = 1; + gbc_chckbxSHA1.gridy = 1; + panel_10.add(chckbxSHA1, gbc_chckbxSHA1); + buttonGroup1.add(chckbxSHA1); chckbxNewCheckBox_3 = new JCheckBox("To be Continue"); + chckbxNewCheckBox_3.setSelected(true); chckbxNewCheckBox_3.setEnabled(false); GridBagConstraints gbc_chckbxNewCheckBox_3 = new GridBagConstraints(); - gbc_chckbxNewCheckBox_3.insets = new Insets(0, 0, 5, 5); + gbc_chckbxNewCheckBox_3.insets = new Insets(0, 0, 5, 0); gbc_chckbxNewCheckBox_3.anchor = GridBagConstraints.NORTHWEST; - gbc_chckbxNewCheckBox_3.gridx = 1; + gbc_chckbxNewCheckBox_3.gridx = 2; gbc_chckbxNewCheckBox_3.gridy = 1; panel_10.add(chckbxNewCheckBox_3, gbc_chckbxNewCheckBox_3); @@ -452,9 +545,7 @@ public void actionPerformed(ActionEvent e) { JButton btnSign = new JButton("Sign"); btnSign.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - CMD5 getMD5 = new CMD5(); - String sign = getMD5.GetMD5Code(textAreaFinalString.getText()); - textAreaSign.setText(sign); + textAreaSign.setText(calcSign(textAreaFinalString.getText())); } }); panel_11.add(btnSign); @@ -463,13 +554,13 @@ public void actionPerformed(ActionEvent e) { - //���ִ�ͼ�������ߴ����ݰ���ȡ��������ȡ���õĺ�����--start + //各种从图形面板或者从数据包获取参数,获取配置的函数。--start public int checkEnabledFor(){ //get values that should enable this extender for which Component. int status = 0; if (chckbxIntruder.isSelected()){ - status +=32; + status += 32; } if(chckbxProxy.isSelected()){ status += 4; @@ -496,32 +587,124 @@ else if (chckbxSameAsPara.isSelected()) { } } - public void getSortConfig() { - try { - sortedColumn = table.getRowSorter().getSortKeys().get(0).getColumn(); - //System.out.println(sortedColumn); - sortedMethod = table.getRowSorter().getSortKeys().get(0).getSortOrder(); - //System.out.println(sortedMethod); //ASCENDING DESCENDING - } catch (Exception e) { - sortedColumn = -1; //û�е����ͷ�������� - sortedMethod = null; + public boolean getOnlyValueConfig() { + if(chckbxOnlyUseValue.isSelected()){ + return true; + }else{ + return false; + } + } + public String getParaConnector() { + return textFieldParaConnector.getText(); + } + + public String getSignPara(){ + return textFieldSign.getText(); + } + + public String getSignAlgorithm() { + if (chckbxMD5.isSelected()){ + return "MD5"; + }else if (chckbxSHA1.isSelected()) { + return "SHA1"; + }else { + return "null"; } } + + //两个核心方法:1是拼接字符串,2是计算出sign + public String calcSign(String str){ + String sign = "Sign Error"; + //System.out.print(getSignAlgorithm()); + if (getSignAlgorithm().equals("MD5")){ + sign = CMD5.GetMD5Code(str); + }else if (getSignAlgorithm().equals("SHA1")) { + sign = CSHA1.SHA1(str); + } + return sign; + } + + + //两个核心方法:1是拼接字符串,2是计算出sign + public String combineString(Map paraMap, boolean onlyValue, String paraConnector) { + getSecKeyConfig(); + + String finalString = ""; + + + if (howDealKey.equals("sameAsPara")){ + secretKey = textFieldSecretKey.getText(); + if(secretKey.contains("=") & secretKey.split("=").length==2){ + paraMap.put(secretKey.split("=")[0], secretKey.split("=")[1]); + } + } + + + if (lblOrderMethod.getText().equals("Custom Order")){//sortedColumn == -1 || + for(Map.Entrypara:paraMap.entrySet()){ + if (!finalString.equals("")){ + finalString += paraConnector; + } + if (onlyValue){ + finalString += para.getValue(); + }else { + finalString += para; + } + } + }else if(sortedColumn == 0) { + if (sortedMethod.toString() == "ASCENDING"){ + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByKey(paraMap,"ASCENDING"), onlyValue, paraConnector); + }else if (sortedMethod.toString() == "DESCENDING") { + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByKey(paraMap,"DESCENDING"), onlyValue, paraConnector); + } + } + else if (sortedColumn == 1) { + if (sortedMethod.toString() == "ASCENDING"){ + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByValue(paraMap,"ASCENDING"), onlyValue, paraConnector); + }else if (sortedMethod.toString() == "DESCENDING") { + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByValue(paraMap,"DESCENDING"), onlyValue, paraConnector); + } + } + + + if (howDealKey.equals("appendToEnd")){ + secretKey = textFieldSecretKey.getText(); + finalString += secretKey; + } + return finalString; + } + + + //根据GUI中的有序参数列表,更新当前请求的参数列表。 + public Map getUpdatedParaBaseOnTable(IRequestInfo analyzeRequest){ + List paras = analyzeRequest.getParameters();//当body是json格式的时候,这个方法也可以正常获取到键值对,牛掰。但是PARAM_JSON等格式不能通过updateParameter方法来更新。 + Map paraMap = getParaFromTable(); + for (IParameter para:paras){ + if (paraMap.keySet().contains(para.getName())){ + if (paraMap.get(para.getName()).equals("")){ + paraMap.put(para.getName(),Long.toString(System.currentTimeMillis())); + }else { + paraMap.put(para.getName(), para.getValue()); + } + + } + } + return paraMap ; + } + public Map getPara(IRequestInfo analyzeRequest){ - List paras = analyzeRequest.getParameters();//��body��json��ʽ��ʱ���������Ҳ����������ȡ����ֵ�ԣ�ţ��������PARAM_JSON�ȸ�ʽ����ͨ��updateParameter���������¡� + List paras = analyzeRequest.getParameters();//当body是json格式的时候,这个方法也可以正常获取到键值对,牛掰。但是PARAM_JSON等格式不能通过updateParameter方法来更新。 Map paraMap = new HashMap(); for (IParameter para:paras){ - if (!getBlackList().contains(para.getName())){ - paraMap.put(para.getName(), para.getValue()); - } + paraMap.put(para.getName(), para.getValue()); } return paraMap ; } public byte getSignParaType(IRequestInfo analyzeRequest){ - List paras = analyzeRequest.getParameters();//��body��json��ʽ��ʱ���������Ҳ����������ȡ����ֵ�ԣ�ţ��������PARAM_JSON�ȸ�ʽ����ͨ��updateParameter���������¡� + List paras = analyzeRequest.getParameters();//当body是json格式的时候,这个方法也可以正常获取到键值对,牛掰。但是PARAM_JSON等格式不能通过updateParameter方法来更新。 byte signParaType = -1; for (IParameter para:paras){ if (para.getName().equals(signPara)){ @@ -533,14 +716,15 @@ public byte getSignParaType(IRequestInfo analyzeRequest){ } public Map getParaFromTable(){ - Map tableParas = new HashMap(); + Map tableParas = new LinkedHashMap(); for (int i=0; i getParaFromTable(){ return tableParas; } - public String getHost(IRequestInfo analyzeRequest){ List headers = analyzeRequest.getHeaders(); String domain = ""; @@ -560,71 +743,16 @@ public String getHost(IRequestInfo analyzeRequest){ return domain ; } - public List getBlackList() { - return Arrays.asList(textFieldBlackList.getText().split(" ")); - } - - public String getHostFromUI(){ String domain = ""; domain = textFieldDomain.getText(); return domain ; } - //���ִ�ͼ�������ߴ����ݰ���ȡ��������ȡ���õĺ�����--end - - - - - - //��ϳ�signǰ���ַ����� - public String combineString(Map paraMap) { - getSecKeyConfig(); - getSortConfig(); - String finalString = ""; - - - if (howDealKey.equals("sameAsPara")){ - secretKey = textFieldSecretKey.getText(); - if(secretKey.contains("=") & secretKey.split("=").length==2){ - paraMap.put(secretKey.split("=")[0], secretKey.split("=")[1]); - } - } - - if (sortedColumn == -1){//δ�������� - for(Map.Entrypara:paraMap.entrySet()){ - if (!finalString.equals("")){ - finalString += "&"; - } - finalString += para.getKey()+"="+para.getValue(); - } - }else if(sortedColumn == 0) { - if (sortedMethod.toString() == "ASCENDING"){ - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByKey(paraMap,"ASCENDING"), "&"); - }else if (sortedMethod.toString() == "DESCENDING") { - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByKey(paraMap,"DESCENDING"), "&"); - } - } - else if (sortedColumn == 1) { - if (sortedMethod.toString() == "ASCENDING"){ - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByValue(paraMap,"ASCENDING"), "&"); - }else if (sortedMethod.toString() == "DESCENDING") { - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByValue(paraMap,"DESCENDING"), "&"); - } - } - - - if (howDealKey.equals("appendToEnd")){ - secretKey = textFieldSecretKey.getText(); - finalString += secretKey; - } - return finalString; - } - - - + //各种从图形面板或者从数据包获取参数,获取配置的函数。--end + - //�����Ǹ���burp����ķ��� --start + //以下是各种burp必须的方法 --start public void addMenuTab() { @@ -633,15 +761,15 @@ public void addMenuTab() public void run() { BurpExtender.this.CGUI(); - BurpExtender.this.callbacks.addSuiteTab(BurpExtender.this); //�����BurpExtender.thisʵ����ָITab����Ҳ����getUiComponent()�е�contentPane.���������CGUI()������ʼ���� - //������ﱨjava.lang.NullPointerException: Component cannot be null ������Ҫ�Ų�contentPane�ij�ʼ���Ƿ���ȷ�� + BurpExtender.this.callbacks.addSuiteTab(BurpExtender.this); //这里的BurpExtender.this实质是指ITab对象,也就是getUiComponent()中的contentPane.这个参数由CGUI()函数初始化。 + //如果这里报java.lang.NullPointerException: Component cannot be null 错误,需要排查contentPane的初始化是否正确。 } }); } - //ITab����ʵ�ֵ��������� + //ITab必须实现的两个方法 @Override public String getTabCaption() { // TODO Auto-generated method stub @@ -652,14 +780,14 @@ public Component getUiComponent() { // TODO Auto-generated method stub return this.contentPane; } - //ITab����ʵ�ֵ��������� + //ITab必须实现的两个方法 - //IContextMenuFactory ����ʵ�ֵķ��� + //IContextMenuFactory 必须实现的方法 @Override public List createMenuItems(IContextMenuInvocation invocation) - { //��Ҫ��ǩ��ע�ᣡ��callbacks.registerContextMenuFactory(this); + { //需要在签名注册!!callbacks.registerContextMenuFactory(this); IHttpRequestResponse[] messages = invocation.getSelectedMessages(); List list = new ArrayList(); if((messages != null) && (messages.length > 0)) @@ -680,9 +808,11 @@ public void actionPerformed(ActionEvent e) textFieldDomain.setText(getHost(analyzeRequest)); DefaultTableModel tableModel = (DefaultTableModel) table.getModel(); - tableModel.setRowCount(0);//Ϊ�����֮ǰ������ + tableModel.setRowCount(0);//为了清空之前的数据 Map paraMap = getPara(analyzeRequest); + //stdout.println(paraMap); + //stdout.print(paraMap.keySet()); for(String key:paraMap.keySet()){ tableModel.addRow(new Object[]{key,paraMap.get(key)}); } @@ -697,6 +827,6 @@ public void actionPerformed(ActionEvent e) } return list; } - //����burp����ķ��� --end + //各种burp必须的方法 --end } \ No newline at end of file diff --git a/src/burp/CAESOperator.java b/src/custom/CAESOperator.java similarity index 99% rename from src/burp/CAESOperator.java rename to src/custom/CAESOperator.java index 227bc66..7001324 100644 --- a/src/burp/CAESOperator.java +++ b/src/custom/CAESOperator.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.util.Scanner; @@ -6,7 +6,7 @@ import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; -import burp.CBase64; +import custom.CBase64; /**AES 是一种可逆加密算法,对用户的敏感信息加密处理 * 对原始数据进行AES加密后,在进行Base64编码转化; diff --git a/src/burp/CAESOperator_AES_256.java b/src/custom/CAESOperator_AES_256.java similarity index 99% rename from src/burp/CAESOperator_AES_256.java rename to src/custom/CAESOperator_AES_256.java index 186fb90..2c166b8 100644 --- a/src/burp/CAESOperator_AES_256.java +++ b/src/custom/CAESOperator_AES_256.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.io.UnsupportedEncodingException; import java.math.BigInteger; diff --git a/src/burp/CBase64.java b/src/custom/CBase64.java similarity index 99% rename from src/burp/CBase64.java rename to src/custom/CBase64.java index fe209c7..c5ab20b 100644 --- a/src/burp/CBase64.java +++ b/src/custom/CBase64.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.io.UnsupportedEncodingException; diff --git a/src/burp/CGUI.java b/src/custom/CGUI.java similarity index 60% rename from src/burp/CGUI.java rename to src/custom/CGUI.java index 1c8f75f..226b20b 100644 --- a/src/burp/CGUI.java +++ b/src/custom/CGUI.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.awt.BorderLayout; import java.awt.EventQueue; @@ -24,16 +24,24 @@ import javax.swing.table.TableModel; import javax.swing.table.TableRowSorter; import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec; +import javax.xml.parsers.FactoryConfigurationError; + +import burp.IParameter; +import burp.IRequestInfo; +import custom.CMapSort; +import custom.CSHA1; import java.awt.GridLayout; import javax.swing.JButton; import javax.swing.JTextArea; import java.awt.event.ActionListener; +import java.net.URI; import java.net.URLDecoder; import java.security.Signature; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; +import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.util.SortedMap; @@ -41,6 +49,8 @@ import java.awt.Dimension; import javax.swing.JSplitPane; import java.awt.Cursor; +import java.awt.Desktop; + import javax.swing.BoxLayout; import javax.swing.border.LineBorder; import java.awt.Color; @@ -48,7 +58,8 @@ import javax.swing.ButtonGroup; import javax.swing.ButtonModel; -import burp.CMapSort; +import java.awt.event.MouseAdapter; +import java.awt.event.MouseEvent; public class CGUI extends JFrame { public JCheckBox chckbxProxy; @@ -66,16 +77,24 @@ public class CGUI extends JFrame { public JCheckBox chckbxNewCheckBox_3; public JTextArea textAreaSign; private JLabel lblconnector; + public String extenderName = "Resign v2.0 by bit4"; + public String secretKey; - public int sortedColumn; + public int sortedColumn = -1; public SortOrder sortedMethod; private final ButtonGroup buttonGroup = new ButtonGroup(); + private final ButtonGroup buttonGroup1 = new ButtonGroup(); String howDealKey = ""; //sameAsPara or appendToEnd - private JTextField textFieldBlackList; + private JTextField textFieldParaConnector; String signPara; //the key name of sign parameter private JTextField textFieldSign; + private JCheckBox chckbxOnlyUseValue; + private JLabel lblOrderMethod; + + RowSorter sorter; + private JCheckBox chckbxSHA1; /** * Launch the application. @@ -99,7 +118,7 @@ public void run() { public CGUI() { setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); - setBounds(100, 100, 939, 614); + setBounds(100, 100, 939, 694); JPanel contentPane = new JPanel(); contentPane.setBorder(new EmptyBorder(5, 5, 5, 5)); contentPane.setLayout(new BorderLayout(0, 0)); @@ -138,7 +157,30 @@ public CGUI() { contentPane.add(panel_1, BorderLayout.SOUTH); panel_1.setLayout(new FlowLayout(FlowLayout.LEFT, 5, 5)); - JLabel lblNewLabel = new JLabel("Resign v1.0 by bit4 https://github.com/bit4woo"); + JLabel lblNewLabel = new JLabel(extenderName+" https://github.com/bit4woo"); + lblNewLabel.addMouseListener(new MouseAdapter() { + @Override + public void mouseClicked(MouseEvent e) { + try { + URI uri = new URI("https://github.com/bit4woo"); + Desktop desktop = Desktop.getDesktop(); + if(Desktop.isDesktopSupported()&&desktop.isSupported(Desktop.Action.BROWSE)){ + desktop.browse(uri); + } + } catch (Exception e2) { + // TODO: handle exception + } + + } + @Override + public void mouseEntered(MouseEvent e) { + lblNewLabel.setForeground(Color.BLUE); + } + @Override + public void mouseExited(MouseEvent e) { + lblNewLabel.setForeground(Color.BLACK); + } + }); lblNewLabel.setHorizontalAlignment(SwingConstants.LEFT); panel_1.add(lblNewLabel); @@ -151,14 +193,14 @@ public CGUI() { panel.add(panel_5, BorderLayout.NORTH); panel_5.setLayout(new GridLayout(0, 1, 0, 0)); - JLabel lblDomain = new JLabel("Domain:"); - panel_5.add(lblDomain); + JLabel lblURL = new JLabel("Domain:"); + panel_5.add(lblURL); textFieldDomain = new JTextField(); panel_5.add(textFieldDomain); textFieldDomain.setColumns(20); - JLabel lblParas = new JLabel("Parameters:(Click Table Header To Sort)"); + JLabel lblParas = new JLabel("[1] Parameters:(Click Table Header To Sort Or Move Up And Down To Custom)"); panel_5.add(lblParas); JScrollPane panel_6 = new JScrollPane(); @@ -166,6 +208,23 @@ public CGUI() { panel.add(panel_6, BorderLayout.CENTER); table = new JTable(); + table.getTableHeader().addMouseListener(new MouseAdapter() { + @Override + public void mouseClicked(MouseEvent e) { + try { + sortedColumn = table.getRowSorter().getSortKeys().get(0).getColumn(); + //System.out.println(sortedColumn); + sortedMethod = table.getRowSorter().getSortKeys().get(0).getSortOrder(); + System.out.println(sortedMethod); //ASCENDING DESCENDING + } catch (Exception e1) { + sortedColumn = -1; //û�е����ͷ�������� + sortedMethod = null; + } +// System.out.println(sortedColumn); +// System.out.println(sortedMethod); + lblOrderMethod.setText(table.getColumnName(sortedColumn)+" "+sortedMethod); + } + }); table.setColumnSelectionAllowed(true); table.setCellSelectionEnabled(true); table.setSurrendersFocusOnKeystroke(true); @@ -178,7 +237,7 @@ public CGUI() { new String[] { "Key", "Value" }); - RowSorter sorter = new TableRowSorter(tableModel); + sorter = new TableRowSorter(tableModel); table.setRowSorter(sorter); panel_6.setViewportView(table); table.setModel(tableModel); @@ -194,86 +253,127 @@ public CGUI() { gbl_panel_7.rowWeights = new double[]{0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 0.0, Double.MIN_VALUE}; panel_7.setLayout(gbl_panel_7); - JButton btnNewButton = new JButton("Remove"); - btnNewButton.addActionListener(new ActionListener() { + JButton btnMarkAsSign = new JButton("Mark As Sign Para"); + btnMarkAsSign.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - DefaultTableModel tableModel = (DefaultTableModel) table.getModel(); if (table.getSelectedRow() != -1){ - tableModel.removeRow(table.getSelectedRow());//���һ��ɾ�����У� + signPara = table.getValueAt(table.getSelectedRow(), 0).toString(); + textFieldSign.setText(signPara); } } }); - GridBagConstraints gbc_btnNewButton = new GridBagConstraints(); - gbc_btnNewButton.insets = new Insets(0, 0, 5, 0); - gbc_btnNewButton.gridx = 0; - gbc_btnNewButton.gridy = 0; - panel_7.add(btnNewButton, gbc_btnNewButton); - JButton btnAdd = new JButton("Add"); - btnAdd.addActionListener(new ActionListener() { + JButton btnMoveDown = new JButton("Move Down"); + btnMoveDown.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - DefaultTableModel model = (DefaultTableModel) table.getModel(); - model.addRow(new Object[]{"k","v"}); + if (table.getSelectedRow() != -1 && table.getSelectedRow()+1 <= table.getRowCount()-1){ + try{ + int row = table.getSelectedRow(); + String xkey = table.getValueAt(row, 0).toString(); + String xvalue = table.getValueAt(row, 1).toString(); + + String tmpkey = table.getValueAt(row+1, 0).toString(); + String tmpvalue = table.getValueAt(row+1, 1).toString(); + + //do exchange + tableModel.setValueAt(tmpkey, row, 0); + tableModel.setValueAt(tmpvalue, row, 1); + + tableModel.setValueAt(xkey, row+1, 0); + tableModel.setValueAt(xvalue, row+1, 1); + + table.setRowSelectionInterval(row+1, row+1);//set the line selected + + lblOrderMethod.setText("Custom Order"); + }catch(Exception e1){ + + } + + + } } }); - GridBagConstraints gbc_btnAdd = new GridBagConstraints(); - gbc_btnAdd.insets = new Insets(0, 0, 5, 0); - gbc_btnAdd.gridx = 0; - gbc_btnAdd.gridy = 1; - panel_7.add(btnAdd, gbc_btnAdd); - JButton btnNewButton_1 = new JButton("Add To Black List"); - btnNewButton_1.addActionListener(new ActionListener() { + JButton btnMoveUp = new JButton("Move Up"); + btnMoveUp.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - String blackListString = textFieldBlackList.getText(); - List blackList = Arrays.asList(blackListString.split(" ")); - if (table.getSelectedRow() != -1){ - String x = table.getValueAt(table.getSelectedRow(), 0).toString(); - if (!blackList.contains(x) & x != "" & x != null) - blackListString +=" "+x; + if (table.getSelectedRow() != -1 && table.getSelectedRow()-1 >=0){ + try { + int row = table.getSelectedRow(); + String xkey = table.getValueAt(row, 0).toString(); + String xvalue = table.getValueAt(row, 1).toString(); + + String tmpkey = table.getValueAt(row-1, 0).toString(); + String tmpvalue = table.getValueAt(row-1, 1).toString(); + + //do exchange + tableModel.setValueAt(tmpkey, row, 0); + tableModel.setValueAt(tmpvalue, row, 1); + + tableModel.setValueAt(xkey, row-1, 0); + tableModel.setValueAt(xvalue, row-1, 1); + + table.setRowSelectionInterval(row-1, row-1); + + lblOrderMethod.setText("Custom Order"); + } catch (Exception e2) { + // TODO: handle exception + } + } - textFieldBlackList.setText(blackListString); } }); - GridBagConstraints gbc_btnNewButton_1 = new GridBagConstraints(); - gbc_btnNewButton_1.insets = new Insets(0, 0, 5, 0); - gbc_btnNewButton_1.gridx = 0; - gbc_btnNewButton_1.gridy = 2; - panel_7.add(btnNewButton_1, gbc_btnNewButton_1); - JButton button = new JButton("Show Final String"); - button.addActionListener(new ActionListener() { + JButton btnAdd = new JButton("Add"); + btnAdd.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - String str = combineString(getParaFromTable()); - textAreaFinalString.setText(str); + DefaultTableModel model = (DefaultTableModel) table.getModel(); + model.addRow(new Object[]{"key","value"}); + lblOrderMethod.setText("Custom Order"); } }); - GridBagConstraints gbc_button = new GridBagConstraints(); - gbc_button.insets = new Insets(0, 0, 5, 0); - gbc_button.gridx = 0; - gbc_button.gridy = 3; - panel_7.add(button, gbc_button); - JButton btnMarkAsSign = new JButton("Mark As Sign Para"); - btnMarkAsSign.addActionListener(new ActionListener() { + JButton btnNewButton = new JButton("Remove"); + btnNewButton.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { + DefaultTableModel tableModel = (DefaultTableModel) table.getModel(); if (table.getSelectedRow() != -1){ - signPara = table.getValueAt(table.getSelectedRow(), 0).toString(); - textFieldSign.setText(signPara); - - //add to blacklist - String blackListString = textFieldBlackList.getText(); - List blackList = Arrays.asList(blackListString.split(" ")); - if (!blackList.contains(signPara) & signPara != "" & signPara != null) - blackListString +=" "+signPara; - textFieldBlackList.setText(blackListString); + tableModel.removeRow(table.getSelectedRow());//���һ��ɾ�����У� } + lblOrderMethod.setText("Custom Order"); } }); + + lblOrderMethod = new JLabel("Custom Order"); + GridBagConstraints gbc_lblOrderMethod = new GridBagConstraints(); + gbc_lblOrderMethod.insets = new Insets(0, 0, 5, 0); + gbc_lblOrderMethod.gridx = 0; + gbc_lblOrderMethod.gridy = 0; + panel_7.add(lblOrderMethod, gbc_lblOrderMethod); + GridBagConstraints gbc_btnNewButton = new GridBagConstraints(); + gbc_btnNewButton.insets = new Insets(0, 0, 5, 0); + gbc_btnNewButton.gridx = 0; + gbc_btnNewButton.gridy = 1; + panel_7.add(btnNewButton, gbc_btnNewButton); + GridBagConstraints gbc_btnAdd = new GridBagConstraints(); + gbc_btnAdd.insets = new Insets(0, 0, 5, 0); + gbc_btnAdd.gridx = 0; + gbc_btnAdd.gridy = 2; + panel_7.add(btnAdd, gbc_btnAdd); + GridBagConstraints gbc_btnMoveUp = new GridBagConstraints(); + gbc_btnMoveUp.insets = new Insets(0, 0, 5, 0); + gbc_btnMoveUp.gridx = 0; + gbc_btnMoveUp.gridy = 3; + panel_7.add(btnMoveUp, gbc_btnMoveUp); + GridBagConstraints gbc_btnMoveDown = new GridBagConstraints(); + gbc_btnMoveDown.insets = new Insets(0, 0, 5, 0); + gbc_btnMoveDown.gridx = 0; + gbc_btnMoveDown.gridy = 4; + panel_7.add(btnMoveDown, gbc_btnMoveDown); GridBagConstraints gbc_btnMarkAsSign = new GridBagConstraints(); gbc_btnMarkAsSign.insets = new Insets(0, 0, 5, 0); gbc_btnMarkAsSign.gridx = 0; - gbc_btnMarkAsSign.gridy = 4; + gbc_btnMarkAsSign.gridy = 6; panel_7.add(btnMarkAsSign, gbc_btnMarkAsSign); textFieldSign = new JTextField(); @@ -285,13 +385,32 @@ public void actionPerformed(ActionEvent e) { panel_7.add(textFieldSign, gbc_textFieldSign); textFieldSign.setColumns(10); + JButton button = new JButton("Show Final String"); + button.addActionListener(new ActionListener() { + public void actionPerformed(ActionEvent e) { + //System.out.println(getOnlyValueConfig()); + //System.out.println(getSignPara()); + if (getSignPara().equals("")){ + textAreaFinalString.setText("error! sign parameter must be specified!"); + }else{ + String str = combineString(getParaFromTable(),getOnlyValueConfig(),getParaConnector()); + textAreaFinalString.setText(str); + } + } + }); + GridBagConstraints gbc_button = new GridBagConstraints(); + gbc_button.insets = new Insets(0, 0, 5, 0); + gbc_button.gridx = 0; + gbc_button.gridy = 9; + panel_7.add(button, gbc_button); + JPanel panel_8 = new JPanel(); panel_8.setBorder(new EtchedBorder(EtchedBorder.LOWERED, null, null)); panel.add(panel_8, BorderLayout.SOUTH); panel_8.setLayout(new GridLayout(0, 1, 0, 0)); - JLabel lblSecretKey = new JLabel("Secret Key :"); + JLabel lblSecretKey = new JLabel("[2] Secret Key :"); panel_8.add(lblSecretKey); textFieldSecretKey = new JTextField(); @@ -305,16 +424,23 @@ public void actionPerformed(ActionEvent e) { chckbxSameAsPara.setSelected(true); buttonGroup.add(chckbxSameAsPara); - chckbxAppendToEnd = new JCheckBox("Append to the end of sorted Parameters(should contain connect string, such as & :)"); + chckbxAppendToEnd = new JCheckBox("Append to the end of sorted Parameters(should contains connection string, such as & :)"); panel_8.add(chckbxAppendToEnd); buttonGroup.add(chckbxAppendToEnd); - JLabel lblNewLabel_1 = new JLabel("Para Black List\uFF1A "); + JLabel lblNewLabel_1 = new JLabel("[3] How To Combine\uFF1A "); panel_8.add(lblNewLabel_1); - textFieldBlackList = new JTextField(); - panel_8.add(textFieldBlackList); - textFieldBlackList.setColumns(50); + chckbxOnlyUseValue = new JCheckBox("Only Use Value"); + panel_8.add(chckbxOnlyUseValue); + + JLabel lblConnecStringBetween = new JLabel("connection string between each parameter"); + panel_8.add(lblConnecStringBetween); + + textFieldParaConnector = new JTextField(); + textFieldParaConnector.setText("&"); + panel_8.add(textFieldParaConnector); + textFieldParaConnector.setColumns(50); JPanel panel_2 = new JPanel(); panel_2.setBorder(new EtchedBorder(EtchedBorder.LOWERED, null, null)); @@ -357,13 +483,24 @@ public void actionPerformed(ActionEvent e) { gbc_chckbxMD5.gridx = 0; gbc_chckbxMD5.gridy = 1; panel_10.add(chckbxMD5, gbc_chckbxMD5); + buttonGroup1.add(chckbxMD5); + + chckbxSHA1 = new JCheckBox("SHA1"); + chckbxSHA1.setSelected(true); + GridBagConstraints gbc_chckbxSHA1 = new GridBagConstraints(); + gbc_chckbxSHA1.insets = new Insets(0, 0, 5, 5); + gbc_chckbxSHA1.gridx = 1; + gbc_chckbxSHA1.gridy = 1; + panel_10.add(chckbxSHA1, gbc_chckbxSHA1); + buttonGroup1.add(chckbxSHA1); chckbxNewCheckBox_3 = new JCheckBox("To be Continue"); + chckbxNewCheckBox_3.setSelected(true); chckbxNewCheckBox_3.setEnabled(false); GridBagConstraints gbc_chckbxNewCheckBox_3 = new GridBagConstraints(); - gbc_chckbxNewCheckBox_3.insets = new Insets(0, 0, 5, 5); + gbc_chckbxNewCheckBox_3.insets = new Insets(0, 0, 5, 0); gbc_chckbxNewCheckBox_3.anchor = GridBagConstraints.NORTHWEST; - gbc_chckbxNewCheckBox_3.gridx = 1; + gbc_chckbxNewCheckBox_3.gridx = 2; gbc_chckbxNewCheckBox_3.gridy = 1; panel_10.add(chckbxNewCheckBox_3, gbc_chckbxNewCheckBox_3); @@ -373,8 +510,14 @@ public void actionPerformed(ActionEvent e) { JButton btnSign = new JButton("Sign"); btnSign.addActionListener(new ActionListener() { public void actionPerformed(ActionEvent e) { - CMD5 getMD5 = new CMD5(); - String sign = getMD5.GetMD5Code(textAreaFinalString.getText()); + String sign = "Sign Error"; + //System.out.print(getSignAlgorithm()); + if (getSignAlgorithm().equals("MD5")){ + CMD5 getMD5 = new CMD5(); + sign = getMD5.GetMD5Code(textAreaFinalString.getText()); + }else if (getSignAlgorithm().equals("SHA1")) { + sign = CSHA1.SHA1(textAreaFinalString.getText()); + } textAreaSign.setText(sign); } }); @@ -412,21 +555,32 @@ else if (chckbxSameAsPara.isSelected()) { } } - public void getSortConfig() { - try { - sortedColumn = table.getRowSorter().getSortKeys().get(0).getColumn(); - //System.out.println(sortedColumn); - sortedMethod = table.getRowSorter().getSortKeys().get(0).getSortOrder(); - System.out.println(sortedMethod); //ASCENDING DESCENDING - } catch (Exception e) { - sortedColumn = -1; //û�е����ͷ�������� - sortedMethod = null; + public boolean getOnlyValueConfig() { + if(chckbxOnlyUseValue.isSelected()){ + return true; + }else{ + return false; } } + public String getParaConnector() { + return textFieldParaConnector.getText(); + } - public String combineString(Map paraMap) { + + + public String getSignAlgorithm() { + if (chckbxMD5.isSelected()){ + return "MD5"; + }else if (chckbxSHA1.isSelected()) { + return "SHA1"; + }else { + return "null"; + } + } + + public String combineString(Map paraMap, boolean onlyValue, String paraConnector) { getSecKeyConfig(); - getSortConfig(); + String finalString = ""; @@ -437,25 +591,30 @@ public String combineString(Map paraMap) { } } - if (sortedColumn == -1){//δ�������� + + if (sortedColumn == -1 || lblOrderMethod.equals("Custom Order")){//δ�������� for(Map.Entrypara:paraMap.entrySet()){ if (!finalString.equals("")){ - finalString += "&"; + finalString += paraConnector; + } + if (onlyValue){ + finalString += para.getValue(); + }else { + finalString += para; } - finalString += para.getKey()+"="+para.getValue(); } }else if(sortedColumn == 0) { if (sortedMethod.toString() == "ASCENDING"){ - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByKey(paraMap,"ASCENDING"), "&"); + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByKey(paraMap,"ASCENDING"), onlyValue, paraConnector); }else if (sortedMethod.toString() == "DESCENDING") { - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByKey(paraMap,"DESCENDING"), "&"); + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByKey(paraMap,"DESCENDING"), onlyValue, paraConnector); } } else if (sortedColumn == 1) { if (sortedMethod.toString() == "ASCENDING"){ - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByValue(paraMap,"ASCENDING"), "&"); + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByValue(paraMap,"ASCENDING"), onlyValue, paraConnector); }else if (sortedMethod.toString() == "DESCENDING") { - finalString = burp.CMapSort.combineMapEntry(burp.CMapSort.sortMapByValue(paraMap,"DESCENDING"), "&"); + finalString = custom.CMapSort.combineMapEntry(custom.CMapSort.sortMapByValue(paraMap,"DESCENDING"), onlyValue, paraConnector); } } @@ -468,34 +627,34 @@ else if (sortedColumn == 1) { } - public Map getPara(IRequestInfo analyzeRequest){ + public LinkedHashMap getPara(IRequestInfo analyzeRequest){ List paras = analyzeRequest.getParameters(); - Map paraMap = new HashMap(); + LinkedHashMap paraMap = getParaFromTable();//�ӱ����л�ȡ�����Map��ֻҪ���¾ͺ� for (IParameter para:paras){ - if (!getBlackList().contains(para.getName())){ + if (paraMap.containsKey(para.getName())){ paraMap.put(para.getName(), para.getValue()); } } return paraMap ; } - public Map getParaFromTable(){ - Map tableParas = new HashMap(); + public LinkedHashMap getParaFromTable(){ + LinkedHashMap tableParas = new LinkedHashMap(); for (int i=0; i getBlackList() { - return Arrays.asList(textFieldBlackList.getText().split(" ")); + public String getSignPara(){ + return textFieldSign.getText(); } } diff --git a/src/burp/CMD5.java b/src/custom/CMD5.java similarity index 99% rename from src/burp/CMD5.java rename to src/custom/CMD5.java index 9160831..cb21961 100644 --- a/src/burp/CMD5.java +++ b/src/custom/CMD5.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; diff --git a/src/burp/CMapSort.java b/src/custom/CMapSort.java similarity index 87% rename from src/burp/CMapSort.java rename to src/custom/CMapSort.java index 987b693..a4e87c3 100644 --- a/src/burp/CMapSort.java +++ b/src/custom/CMapSort.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.util.*; import java.util.Map.Entry; @@ -51,13 +51,22 @@ public static Map sortMapByValue(Map map, String } - public static String combineMapEntry(Map map, String connector){ + public static String combineMapEntry(Map map, Boolean onlyValue, String connector){ String result = ""; - for (Map.Entry entry : map.entrySet()){ - if (!result.equals("")){ - result += connector; + if (onlyValue) { + for (Map.Entry entry : map.entrySet()){ + if (!result.equals("")){ + result += connector; + } + result += entry.getValue(); + } + }else { + for (Map.Entry entry : map.entrySet()){ + if (!result.equals("")){ + result += connector; + } + result += entry; } - result += entry; } return result; } @@ -90,7 +99,7 @@ public static void main (String[] args) { //System.out.println(entry.getKey() + " " + entry.getValue()); System.out.println(entry); } - System.out.println(combineMapEntry(resultMap1, "&")); + System.out.println(combineMapEntry(resultMap1, false,"&")); } } diff --git a/src/burp/CRecalculater.java b/src/custom/CRecalculater.java similarity index 91% rename from src/burp/CRecalculater.java rename to src/custom/CRecalculater.java index 8d916c2..618e305 100644 --- a/src/burp/CRecalculater.java +++ b/src/custom/CRecalculater.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.util.Map; diff --git a/src/custom/CSHA1.java b/src/custom/CSHA1.java new file mode 100644 index 0000000..828dcc4 --- /dev/null +++ b/src/custom/CSHA1.java @@ -0,0 +1,70 @@ +package custom; + +import java.io.UnsupportedEncodingException; +import java.security.InvalidKeyException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyGenerator; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; + +public class CSHA1 { + + public static String SHA1(String decript) { + try { + MessageDigest digest = java.security.MessageDigest + .getInstance("SHA-1"); + digest.update(decript.getBytes()); + byte messageDigest[] = digest.digest(); + // Create Hex String + StringBuffer hexString = new StringBuffer(); + // �ֽ�����ת��Ϊ ʮ������ �� + for (int i = 0; i < messageDigest.length; i++) { + String shaHex = Integer.toHexString(messageDigest[i] & 0xFF); + if (shaHex.length() < 2) { + hexString.append(0); + } + hexString.append(shaHex); + } + return hexString.toString(); + + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return ""; + } + + public static String SHA(String decript) { + try { + MessageDigest digest = java.security.MessageDigest + .getInstance("SHA"); + digest.update(decript.getBytes()); + byte messageDigest[] = digest.digest(); + // Create Hex String + StringBuffer hexString = new StringBuffer(); + // �ֽ�����ת��Ϊ ʮ������ �� + for (int i = 0; i < messageDigest.length; i++) { + String shaHex = Integer.toHexString(messageDigest[i] & 0xFF); + if (shaHex.length() < 2) { + hexString.append(0); + } + hexString.append(shaHex); + } + return hexString.toString(); + + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return ""; + } + + public static void main(String[] args) { + System.out.println(SHA1("6.1.7482c91a92b3f5f6ba09bdb3e31153d1d")); + } +} \ No newline at end of file diff --git a/src/burp/CString2Other.java b/src/custom/CString2Other.java similarity index 99% rename from src/burp/CString2Other.java rename to src/custom/CString2Other.java index ad202fd..3720bd5 100644 --- a/src/burp/CString2Other.java +++ b/src/custom/CString2Other.java @@ -1,4 +1,4 @@ -package burp; +package custom; import java.util.HashMap; diff --git a/src/burp/CUnicodeDecoder.java b/src/custom/CUnicodeDecoder.java similarity index 99% rename from src/burp/CUnicodeDecoder.java rename to src/custom/CUnicodeDecoder.java index 4e441b1..6bf4c6a 100644 --- a/src/burp/CUnicodeDecoder.java +++ b/src/custom/CUnicodeDecoder.java @@ -1,4 +1,4 @@ -package burp; +package custom; /** * ������