Skip to content

Commit

Permalink
update
Browse files Browse the repository at this point in the history
  • Loading branch information
TheKingOfDuck authored May 21, 2021
1 parent 3bb487e commit 8cd9009
Show file tree
Hide file tree
Showing 6 changed files with 305 additions and 0 deletions.
Binary file added bin/fakeIP.jar
Binary file not shown.
2 changes: 2 additions & 0 deletions fakeIP.iml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="JAVA_MODULE" version="4" />
34 changes: 34 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>net.thekingofduck</groupId>
<artifactId>fakeIP</artifactId>
<version>1.0-SNAPSHOT</version>


<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>net.portswigger.burp.extender</groupId>
<artifactId>burp-extender-api</artifactId>
<version>LATEST</version>
</dependency>
</dependencies>



</project>
137 changes: 137 additions & 0 deletions src/main/java/burp/BurpExtender.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
package burp;

import javax.swing.*;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;

/**
* Project: fakeIP
* Date:2021/5/21 上午11:07
* @author CoolCat
* @version 1.0.0
* Github:https://github.com/TheKingOfDuck
* When I wirting my code, only God and I know what it does. After a while, only God knows.
*/
public class BurpExtender implements IBurpExtender, IContextMenuFactory,IIntruderPayloadGeneratorFactory, IIntruderPayloadGenerator, IHttpListener{
public static IExtensionHelpers helpers;
private String PLUGIN_NAME = "burpFakeIP";
private String VERSION = "1.0";
public static PrintWriter stdout;

@Override
public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) {
helpers = callbacks.getHelpers();

stdout = new PrintWriter(callbacks.getStdout(), true);
String banner = "[+] %s %s is loaded...\n" +
"[+] ####################################\n" +
"[+] Anthor: CoolCat\n" +
"[+] Blog: https://blog.thekingofduck.com/\n" +
"[+] Github: https://github.com/TheKingOfDuck\n" +
"[+] ####################################\n" +
"[+] Enjoy it~";
stdout.println(String.format(banner,PLUGIN_NAME,VERSION));

//注册菜单
callbacks.registerContextMenuFactory(this);
callbacks.registerIntruderPayloadGeneratorFactory(this);
callbacks.setExtensionName(PLUGIN_NAME);
callbacks.registerHttpListener(this);

}

@Override
public List<JMenuItem> createMenuItems(IContextMenuInvocation iContextMenuInvocation) {
List<JMenuItem> menus = new ArrayList();
JMenu menu = new JMenu(PLUGIN_NAME);

JMenuItem custom = new JMenuItem("customIP");
JMenuItem localhost = new JMenuItem("127.0.0.1");
JMenuItem random = new JMenuItem("randomIP");
JMenuItem autoXFF = new JMenuItem("AutoXFF");

menu.add(custom);
menu.add(localhost);
menu.add(random);
menu.add(autoXFF);

if(iContextMenuInvocation.getInvocationContext() != IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST){
return menus;
}
custom.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent arg0) {
String ip = JOptionPane.showInputDialog("Pls input ur ip:");
Utils.addfakeip(iContextMenuInvocation,ip);
}
});

localhost.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent arg0) {
Utils.addfakeip(iContextMenuInvocation,"127.0.0.1");
}
});

random.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent arg0) {
Utils.addfakeip(iContextMenuInvocation,Utils.getRandomIp());
}
});

autoXFF.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent arg0) {
String xff = JOptionPane.showInputDialog("Pls input ur XFF header name:","X-Forwarded-For");
String xffvalue = JOptionPane.showInputDialog("Pls input ur XFF header value:","$RandomIp$");
Config.AUTOXFF = xff;
Config.AUTOXFFVALUE = xffvalue;
}
});

menus.add(menu);
return menus;
}


@Override
public boolean hasMorePayloads() {
return true;
}

@Override
public byte[] getNextPayload(byte[] bytes) {
String payload = Utils.getRandomIp();
return payload.getBytes();
}

@Override
public void reset() {

}

@Override
public String getGeneratorName() {
return PLUGIN_NAME;
}

@Override
public IIntruderPayloadGenerator createNewInstance(IIntruderAttack iIntruderAttack) {
return this;
}

@Override
public void processHttpMessage(int i, boolean b, IHttpRequestResponse iHttpRequestResponse) {
if (b){
if (Config.AUTOXFFVALUE.equals("$RandomIp$")){
Utils.addfakeip(iHttpRequestResponse,Utils.getRandomIp());
}
Utils.addfakeip(iHttpRequestResponse,Config.AUTOXFFVALUE);

}
}
}
26 changes: 26 additions & 0 deletions src/main/java/burp/Config.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
package burp;

import java.util.Arrays;
import java.util.List;

/**
* Project: fakeIP
* Date:2021/5/21 上午11:56
*
* @author CoolCat
* @version 1.0.0
* Github:https://github.com/TheKingOfDuck
* When I wirting my code, only God and I know what it does. After a while, only God knows.
*/
public class Config {
public static List<String> HEADER_LIST = Arrays.asList(
"X-Forwarded-For","X-Forwarded","Forwarded-For","Forwarded", "X-Forwarded-Host",
"X-remote-IP","X-remote-addr","True-Client-IP","X-Client-IP","Client-IP","X-Real-IP",
"Ali-CDN-Real-IP","Cdn-Src-Ip","Cdn-Real-Ip","CF-Connecting-IP","X-Cluster-Client-IP",
"WL-Proxy-Client-IP", "Proxy-Client-IP","Fastly-Client-Ip","True-Client-Ip","X-Originating-IP",
"X-Host","X-Custom-IP-Authorization"
);

public static String AUTOXFF = "X-Forwarded-For";
public static String AUTOXFFVALUE = "$RandomIp$";
}
106 changes: 106 additions & 0 deletions src/main/java/burp/Utils.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
package burp;

import java.io.UnsupportedEncodingException;
import java.util.List;
import java.util.Random;
import java.util.stream.Collectors;

/**
* Project: fakeIP
* Date:2021/5/21 上午11:30
*
* @author CoolCat
* @version 1.0.0
* Github:https://github.com/TheKingOfDuck
* When I wirting my code, only God and I know what it does. After a while, only God knows.
*/
public class Utils {

public static void addfakeip(IContextMenuInvocation iContextMenuInvocation,String ip) {

//获取原请求信息
IHttpRequestResponse currentRequest = iContextMenuInvocation.getSelectedMessages()[0];
IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(currentRequest);
List<String> headers = requestInfo.getHeaders();

//去除header中本身已经有的字段
List<String> templist = Config.HEADER_LIST;
for (String header:headers) {
String hkey = header.split(":")[0];
templist = templist.stream().filter( key -> !key.equals(hkey)).collect(Collectors.toList());
}
for (String headerkey:templist) {
headers.add(String.format("%s: %s",headerkey,ip));
}

//更新header
byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(currentRequest).getBytes());
currentRequest.setRequest(newMessage);

}


public static void addfakeip(IHttpRequestResponse iHttpRequestResponse,String ip) {

//获取原请求信息
IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(iHttpRequestResponse);
List<String> headers = requestInfo.getHeaders();

//为每个请求添加一个Header
headers = headers.stream().filter( key -> !key.equals(Config.AUTOXFF)).collect(Collectors.toList());
headers.add(String.format("%s: %s",Config.AUTOXFF,ip));

//更新header
byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(iHttpRequestResponse).getBytes());
iHttpRequestResponse.setRequest(newMessage);

}

private static String getHttpRequestBody(IHttpRequestResponse httpRequestResponse) {
byte[] request = httpRequestResponse.getRequest();
IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(request);

int httpBodyOffset = requestInfo.getBodyOffset();
int httpBodyLength = request.length - httpBodyOffset;
String httpBody = null;
try {
httpBody = new String(request, httpBodyOffset, httpBodyLength, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
return httpBody;
}

public static String getRandomIp() {

// ip范围 ref:https://blog.csdn.net/zhengxiongwei/article/details/78486146
int[][] range = {
{607649792, 608174079},
{1038614528, 1039007743},
{1783627776, 1784676351},
{2035023872, 2035154943},
{2078801920, 2079064063},
{-1950089216, -1948778497},
{-1425539072, -1425014785},
{-1236271104, -1235419137},
{-770113536, -768606209},
{-569376768, -564133889},
};

Random random = new Random();
int index = random.nextInt(10);
String ip = num2ip(range[index][0] + new Random().nextInt(range[index][1] - range[index][0]));
return ip;
}

public static String num2ip(int ip) {
int[] b = new int[4];
String ipStr = "";
b[0] = (int) ((ip >> 24) & 0xff);
b[1] = (int) ((ip >> 16) & 0xff);
b[2] = (int) ((ip >> 8) & 0xff);
b[3] = (int) (ip & 0xff);
ipStr = Integer.toString(b[0]) + "." + Integer.toString(b[1]) + "." + Integer.toString(b[2]) + "." + Integer.toString(b[3]);
return ipStr;
}
}

0 comments on commit 8cd9009

Please sign in to comment.