From 51ce65ab5eb884860e3619b44e10e58c2784195a Mon Sep 17 00:00:00 2001 From: outlaws-bai Date: Thu, 11 Jul 2024 23:30:47 +0800 Subject: [PATCH] =?UTF-8?q?fix=20bug=20&&=20=E5=AE=8C=E6=88=90http=20hook?= =?UTF-8?q?=E7=9A=84=E5=BC=80=E5=8F=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 4 +- src/main/java/org/m2sec/Galaxy.java | 27 +++-- .../java/org/m2sec/core/common/ApiInfo.java | 2 - .../org/m2sec/core/common/CacheOption.java | 11 +- .../java/org/m2sec/core/common/Config.java | 4 + .../java/org/m2sec/core/common/Constants.java | 17 ++- .../java/org/m2sec/core/common/FileTools.java | 29 ++++- .../java/org/m2sec/core/common/Helper.java | 34 +++--- .../m2sec/core/httphook/JavaFileHooker.java | 1 + .../java/org/m2sec/core/models/Request.java | 2 - .../java/org/m2sec/core/models/Response.java | 2 - .../org/m2sec/core/models/UploadFile.java | 2 - .../org/m2sec/panels/httphook/GrpcImpl.java | 7 +- .../m2sec/panels/httphook/HttpHookPanel.java | 16 +-- .../org/m2sec/panels/httphook/JavaImpl.java | 16 ++- src/test/java/AesCbc.java | 104 ------------------ src/test/java/TempTest.java | 21 +--- src/test/java/TestSwing.java | 6 +- 18 files changed, 108 insertions(+), 197 deletions(-) delete mode 100644 src/test/java/AesCbc.java diff --git a/README.md b/README.md index 594512a..6cbbd51 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ **Galaxy** 是HTTP请求&响应全加密加签场景下的渗透测试解决方案,现在的载体是一款Burp插件。 -**场景1**:在Burp中看到且可编辑解密后的报文。 +**应对场景1**:在Burp中看到且可编辑解密后的报文。 -**场景2**:使用桌面的扫描器扫描明文请求。sqlmap、xray... +**应对场景2**:使用桌面的扫描器扫描明文请求。sqlmap、xray... 这些场景下的解决方案名为 [HttpHook](https://github.com/outlaws-bai/Galaxy/blob/main/docs/HttpHook.md) 。 diff --git a/src/main/java/org/m2sec/Galaxy.java b/src/main/java/org/m2sec/Galaxy.java index 1f81f19..115f47e 100644 --- a/src/main/java/org/m2sec/Galaxy.java +++ b/src/main/java/org/m2sec/Galaxy.java @@ -25,17 +25,22 @@ public class Galaxy implements BurpExtension { @Override public void initialize(MontoyaApi api) { - env = RuntimeEnv.BURP; - api.extension().setName(Constants.BURP_SUITE_EXT_NAME + "-" + Constants.VERSION); - api.logging().logToOutput(Constants.BURP_SUITE_EXT_INIT_DEF + "Version -> " + Constants.VERSION); - // 加载配置并初始化 - Config config = Helper.initAndLoadConfig(api); - // 注册UI - api.userInterface().registerSuiteTab(Constants.BURP_SUITE_EXT_NAME, new MainPanel(api, config)); - // 注册插件能力 - registerAbilities(api, config); - // 注册销毁事件 - api.extension().registerUnloadingHandler(() -> this.destroy(config)); + try { + env = RuntimeEnv.BURP; + api.extension().setName(Constants.BURP_SUITE_EXT_NAME + "-" + Constants.VERSION); + api.logging().logToOutput(Constants.BURP_SUITE_EXT_INIT_DEF + "Version -> " + Constants.VERSION); + // 加载配置并初始化 + Config config = Helper.initAndLoadConfig(api); + // 注册UI + api.userInterface().registerSuiteTab(Constants.BURP_SUITE_EXT_NAME, new MainPanel(api, config)); + // 注册插件能力 + registerAbilities(api, config); + // 注册销毁事件 + api.extension().registerUnloadingHandler(() -> this.destroy(config)); + } catch (Exception e) { + Helper.initExceptionClean(); + throw e; + } } diff --git a/src/main/java/org/m2sec/core/common/ApiInfo.java b/src/main/java/org/m2sec/core/common/ApiInfo.java index ce0ffc3..8165195 100644 --- a/src/main/java/org/m2sec/core/common/ApiInfo.java +++ b/src/main/java/org/m2sec/core/common/ApiInfo.java @@ -4,7 +4,6 @@ import lombok.Getter; import lombok.Setter; import lombok.ToString; -import lombok.experimental.Accessors; import org.m2sec.core.enums.ContentType; import org.m2sec.core.enums.Method; import org.m2sec.core.models.*; @@ -23,7 +22,6 @@ @Getter @Setter @ToString -@Accessors(chain = true) @AllArgsConstructor public class ApiInfo { private Version version; diff --git a/src/main/java/org/m2sec/core/common/CacheOption.java b/src/main/java/org/m2sec/core/common/CacheOption.java index 5a9d4a3..2305033 100644 --- a/src/main/java/org/m2sec/core/common/CacheOption.java +++ b/src/main/java/org/m2sec/core/common/CacheOption.java @@ -1,10 +1,6 @@ package org.m2sec.core.common; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.Setter; -import lombok.ToString; -import lombok.experimental.Accessors; +import lombok.*; import org.m2sec.core.enums.HttpHookWay; import java.io.File; @@ -17,7 +13,7 @@ @Getter @Setter @ToString -@Accessors(chain = true) +@NoArgsConstructor @AllArgsConstructor public class CacheOption { private HttpHookWay hookWay; @@ -29,6 +25,7 @@ public class CacheOption { private boolean hookStart; public String getScriptPath(String item, String suffix) { - return Constants.HTTP_HOOK_EXAMPLES_FILE_DIR + File.separator + item + suffix; + return Constants.HTTP_HOOK_EXAMPLES_DIR + File.separator + item + suffix; } + } \ No newline at end of file diff --git a/src/main/java/org/m2sec/core/common/Config.java b/src/main/java/org/m2sec/core/common/Config.java index dd861b4..011c776 100644 --- a/src/main/java/org/m2sec/core/common/Config.java +++ b/src/main/java/org/m2sec/core/common/Config.java @@ -26,6 +26,10 @@ public class Config { private CacheOption option; + public static Config ofDisk() { + return ofDisk(null); + } + public static Config ofDisk(MontoyaApi api) { return ofDisk(api, Constants.OPTION_FILE_PATH, Constants.SETTING_FILE_PATH); } diff --git a/src/main/java/org/m2sec/core/common/Constants.java b/src/main/java/org/m2sec/core/common/Constants.java index 6dd07e9..2bf48b6 100644 --- a/src/main/java/org/m2sec/core/common/Constants.java +++ b/src/main/java/org/m2sec/core/common/Constants.java @@ -27,14 +27,21 @@ public class Constants { public static final String TMP_FILE_DIR = WORK_DIR + File.separator + "tmp"; public static final String EXTRACT_FILE_DIR = WORK_DIR + File.separator + "extract"; - public static final String HTTP_HOOK_EXAMPLES_FILE_DIR = WORK_DIR + File.separator + "examples"; + public static final String HTTP_HOOK_EXAMPLES_DIR_NAME = "examples"; - public static final String TEMPLATE_FILE_DIR = WORK_DIR + File.separator + "templates"; - public static final String OPTION_FILE_PATH = WORK_DIR + File.separator + "option.yaml"; - public static final String SETTING_FILE_PATH = WORK_DIR + File.separator + "setting.yaml"; + public static final String TEMPLATE_DIR_NAME = "templates"; + public static final String HTTP_HOOK_EXAMPLES_DIR = WORK_DIR + File.separator + HTTP_HOOK_EXAMPLES_DIR_NAME; + + public static final String TEMPLATE_DIR = WORK_DIR + File.separator + TEMPLATE_DIR_NAME; + + public static final String OPTION_FILE_NAME = "option.yaml"; + public static final String SETTING_FILE_NAME = "setting.yaml"; + + public static final String OPTION_FILE_PATH = WORK_DIR + File.separator + OPTION_FILE_NAME; + public static final String SETTING_FILE_PATH = WORK_DIR + File.separator + SETTING_FILE_NAME; public static final String LOG_FILE_PATH = WORK_DIR + File.separator + "run.log"; - public static final String BYPASS_HOST_CHECK_TEMPLATE_FILE_PATH = TEMPLATE_FILE_DIR + File.separator + + public static final String BYPASS_HOST_CHECK_TEMPLATE_FILE_PATH = TEMPLATE_DIR + File.separator + "bypassHostCheckTemplate.txt"; public static final String HTTP_HEADER_CONTENT_LENGTH = "Content-Length"; diff --git a/src/main/java/org/m2sec/core/common/FileTools.java b/src/main/java/org/m2sec/core/common/FileTools.java index a731bf5..1f712e9 100644 --- a/src/main/java/org/m2sec/core/common/FileTools.java +++ b/src/main/java/org/m2sec/core/common/FileTools.java @@ -35,7 +35,7 @@ public static String readResourceAsString(String path) { } - public static void cpResourceFileToTarget(String resourceFilePath, String targetDir) { + public static void cpResourceToTargetIfExist(String resourceFilePath, String targetDir) { Path targetDirPath = Paths.get(targetDir); Path targetPath = targetDirPath.resolve(new File(resourceFilePath).getName()); writeFile(targetPath.toAbsolutePath().toString(), readResourceAsString(resourceFilePath)); @@ -91,8 +91,11 @@ public static void createDirs(String... dirs) { } public static void createFiles(String... filePaths) { - for (String filePath : filePaths) { - Path path = Paths.get(filePath); + createFiles(Stream.of(filePaths).map(Paths::get).toArray(Path[]::new)); + } + + public static void createFiles(Path... filePaths) { + for (Path path : filePaths) { try { if (!Files.exists(path.getParent())) { Files.createDirectories(path.getParent()); @@ -122,13 +125,29 @@ public static void deleteFileIfExist(File... files) { public static void writeFile(String targetFilePath, String content) { try { - Files.write(Paths.get(targetFilePath), content.getBytes()); + Path path = Paths.get(targetFilePath); + if (!Files.exists(path)) createFiles(path); + Files.write(path, content.getBytes()); } catch (IOException e) { throw new RuntimeException(e); } } - public static void copyResourceDirToTargetDir(String sourceDir, String targetDir) { + public static void writeFileIfEmptyOfResource(String resourceName, String filepath) { + Path path = Paths.get(filepath); + if (!Files.exists(path) || readFileAsString(filepath).isBlank()) { + writeFile(filepath, readResourceAsString(resourceName)); + } + } + + public static void writeFileIfEmpty(String targetFilePath, String content) { + String raw = readFileAsString(targetFilePath); + if (raw.isBlank()) { + writeFile(targetFilePath, content); + } + } + + public static void copyDirResourcesToTargetDirIfEmpty(String sourceDir, String targetDir) { try { // 获取目标目录路径 Path targetPath = Paths.get(targetDir); diff --git a/src/main/java/org/m2sec/core/common/Helper.java b/src/main/java/org/m2sec/core/common/Helper.java index dbced96..b1f6ad0 100644 --- a/src/main/java/org/m2sec/core/common/Helper.java +++ b/src/main/java/org/m2sec/core/common/Helper.java @@ -27,27 +27,25 @@ public static Config initAndLoadConfig(MontoyaApi api) { // add加解密程序 Security.addProvider(new BouncyCastleProvider()); - // 加载配置文件 - Config config = Config.ofDisk(api); - - // 初始化log - Helper.initLogger(Constants.LOG_FILE_PATH, config.getSetting().getLogLevel().name()); - log.debug("load config success! {}", config); - // 创建必要的文件和路径 FileTools.createDirs(Constants.WORK_DIR, // 插件工作路径 Constants.TMP_FILE_DIR, // 临时文件路径 - Constants.EXTRACT_FILE_DIR, // 提取文件路径 - Constants.HTTP_HOOK_EXAMPLES_FILE_DIR, // http hook examples - Constants.TEMPLATE_FILE_DIR // templates + Constants.EXTRACT_FILE_DIR // 提取文件路径 ); - FileTools.createFiles(Constants.OPTION_FILE_PATH); // cp resources 文件到工作目录下 - FileTools.cpResourceFileToTarget("setting.yaml", Constants.WORK_DIR); - FileTools.cpResourceFileToTarget("option.yaml", Constants.WORK_DIR); - FileTools.copyResourceDirToTargetDir("examples", Constants.HTTP_HOOK_EXAMPLES_FILE_DIR); - FileTools.copyResourceDirToTargetDir("templates", Constants.TEMPLATE_FILE_DIR); + FileTools.writeFileIfEmptyOfResource(Constants.SETTING_FILE_NAME, Constants.SETTING_FILE_PATH); + FileTools.writeFileIfEmptyOfResource(Constants.OPTION_FILE_NAME, Constants.OPTION_FILE_PATH); + FileTools.copyDirResourcesToTargetDirIfEmpty(Constants.HTTP_HOOK_EXAMPLES_DIR_NAME, + Constants.HTTP_HOOK_EXAMPLES_DIR); + FileTools.copyDirResourcesToTargetDirIfEmpty(Constants.TEMPLATE_DIR_NAME, Constants.TEMPLATE_DIR); + + // 加载配置文件 + Config config = Config.ofDisk(api); + + // 初始化log + Helper.initLogger(Constants.LOG_FILE_PATH, config.getSetting().getLogLevel().name()); + log.debug("load config success! {}", config); return config; } @@ -73,7 +71,9 @@ public static void initLogger(String logFilePath, String level) { public static void deleteLogFile() { LoggerContext loggerContext = (LoggerContext) LoggerFactory.getILoggerFactory(); + if (loggerContext == null) return; FileAppender fileAppender = (FileAppender) loggerContext.getLogger("root").getAppender("FILE"); + if (fileAppender == null) return; fileAppender.stop(); FileTools.deleteFileIfExist(fileAppender.getFile()); } @@ -85,4 +85,8 @@ public static void cleanTmpDir() { } } + public static void initExceptionClean() { + + } + } diff --git a/src/main/java/org/m2sec/core/httphook/JavaFileHooker.java b/src/main/java/org/m2sec/core/httphook/JavaFileHooker.java index 18a5c9b..21f1bd6 100644 --- a/src/main/java/org/m2sec/core/httphook/JavaFileHooker.java +++ b/src/main/java/org/m2sec/core/httphook/JavaFileHooker.java @@ -32,6 +32,7 @@ public class JavaFileHooker extends AbstractHttpHooker { @Override public void init(CacheOption cache1) { + cache = cache1; String javaFilePath = cache1.getScriptPath(cache1.getJavaSelectItem(), ".java"); init(javaFilePath); diff --git a/src/main/java/org/m2sec/core/models/Request.java b/src/main/java/org/m2sec/core/models/Request.java index a660a23..ea562a3 100644 --- a/src/main/java/org/m2sec/core/models/Request.java +++ b/src/main/java/org/m2sec/core/models/Request.java @@ -6,7 +6,6 @@ import com.google.protobuf.ByteString; import lombok.Getter; import lombok.Setter; -import lombok.experimental.Accessors; import lombok.extern.slf4j.Slf4j; import org.m2sec.core.common.Constants; import org.m2sec.core.common.Tuple; @@ -28,7 +27,6 @@ @Getter @Setter @Slf4j -@Accessors(chain = true) public class Request { /** * is https? diff --git a/src/main/java/org/m2sec/core/models/Response.java b/src/main/java/org/m2sec/core/models/Response.java index 3b3367d..a6144df 100644 --- a/src/main/java/org/m2sec/core/models/Response.java +++ b/src/main/java/org/m2sec/core/models/Response.java @@ -6,7 +6,6 @@ import lombok.AllArgsConstructor; import lombok.Getter; import lombok.Setter; -import lombok.experimental.Accessors; import org.m2sec.core.common.Constants; import org.m2sec.rpc.HttpHook; @@ -19,7 +18,6 @@ */ @Getter @Setter -@Accessors(chain = true) @AllArgsConstructor public class Response { private String version; diff --git a/src/main/java/org/m2sec/core/models/UploadFile.java b/src/main/java/org/m2sec/core/models/UploadFile.java index e366cc3..f4bc6b5 100644 --- a/src/main/java/org/m2sec/core/models/UploadFile.java +++ b/src/main/java/org/m2sec/core/models/UploadFile.java @@ -3,7 +3,6 @@ import lombok.AllArgsConstructor; import lombok.Getter; import lombok.Setter; -import lombok.experimental.Accessors; /** * @author: outlaws-bai @@ -12,7 +11,6 @@ */ @Getter @Setter -@Accessors(chain = true) @AllArgsConstructor public class UploadFile { private String filename; diff --git a/src/main/java/org/m2sec/panels/httphook/GrpcImpl.java b/src/main/java/org/m2sec/panels/httphook/GrpcImpl.java index a45f16c..b272c45 100644 --- a/src/main/java/org/m2sec/panels/httphook/GrpcImpl.java +++ b/src/main/java/org/m2sec/panels/httphook/GrpcImpl.java @@ -4,7 +4,6 @@ import org.m2sec.core.common.CacheOption; import org.m2sec.core.common.Constants; import org.m2sec.core.enums.HttpHookWay; -import org.m2sec.core.httphook.AbstractHttpHooker; import org.m2sec.core.httphook.GRpcHooker; import org.m2sec.panels.SwingTools; @@ -41,14 +40,14 @@ private void initPanel() { grpcConnPanel.add(grpcConnTextField); add(grpcConnPanel, BorderLayout.CENTER); - setData(); + setPanelData(); } - private void setData() { + private void setPanelData() { grpcConnTextField.setText(cache.getGrpcConn()); } - public String getData() { + public String getUserTypeData() { return grpcConnTextField.getText(); } diff --git a/src/main/java/org/m2sec/panels/httphook/HttpHookPanel.java b/src/main/java/org/m2sec/panels/httphook/HttpHookPanel.java index 735e948..48f0919 100644 --- a/src/main/java/org/m2sec/panels/httphook/HttpHookPanel.java +++ b/src/main/java/org/m2sec/panels/httphook/HttpHookPanel.java @@ -4,7 +4,6 @@ import lombok.extern.slf4j.Slf4j; import org.m2sec.Galaxy; import org.m2sec.core.common.CacheOption; -import org.m2sec.core.common.Config; import org.m2sec.core.enums.HttpHookWay; import org.m2sec.core.enums.RunStatus; import org.m2sec.panels.SwingTools; @@ -127,13 +126,14 @@ private void initPanel() { SwingTools.changeComponentStatus(hookResponseCheckBox, isStop); if (!isStop) { - cache.setHookStart(true) - .setHookWay(HttpHookWay.valueOf((String) comboBox.getSelectedItem())) - .setRequestCheckExpression(checkELTextField.getText()) - .setHookRequest(hookRequestCheckBox.isSelected()) - .setHookResponse(hookResponseCheckBox.isSelected()) - .setGrpcConn(rpcImpl.getData()) - .setJavaSelectItem(javaImpl.getData()); + // 设置本次所选择的配置 + cache.setHookStart(true); + cache.setHookWay(HttpHookWay.valueOf((String) comboBox.getSelectedItem())); + cache.setRequestCheckExpression(checkELTextField.getText()); + cache.setHookRequest(hookRequestCheckBox.isSelected()); + cache.setHookResponse(hookResponseCheckBox.isSelected()); + cache.setGrpcConn(rpcImpl.getUserTypeData()); + cache.setJavaSelectItem(javaImpl.getData()); hookService.start(cache); } else { hookService.stop(cache); diff --git a/src/main/java/org/m2sec/panels/httphook/JavaImpl.java b/src/main/java/org/m2sec/panels/httphook/JavaImpl.java index dbafcfc..f630921 100644 --- a/src/main/java/org/m2sec/panels/httphook/JavaImpl.java +++ b/src/main/java/org/m2sec/panels/httphook/JavaImpl.java @@ -94,7 +94,8 @@ private void initPanel() { if (filename != null) { String filepath = getFilePath(filename.replace(javaFileSuffix, "")); FileTools.createFiles(filepath); - String content = Render.renderTemplate(FileTools.readResourceAsString("templates/HttpHookTemplate.java"), + String content = Render.renderTemplate(FileTools.readResourceAsString("templates/HttpHookTemplate" + + ".java"), new HashMap<>(Map.of("filename", filename))); FileTools.writeFile(filepath, content); reloadExamples(codeCombo); @@ -110,12 +111,17 @@ private void initPanel() { }); setData(); - codeTextArea.setText(FileTools.readFileAsString(getFilePath((String) codeCombo.getSelectedItem()))); } private void setData() { - codeCombo.setSelectedItem(cache.getJavaSelectItem()); + String javaSelectItem = cache.getJavaSelectItem(); + if (javaSelectItem != null && !javaSelectItem.isBlank()) { + codeCombo.setSelectedItem(cache.getJavaSelectItem()); + }else { + codeCombo.setSelectedIndex(0); + } + codeTextArea.setText(FileTools.readFileAsString(getFilePath((String) codeCombo.getSelectedItem()))); } public String getData() { @@ -124,13 +130,13 @@ public String getData() { private void reloadExamples(JComboBox codeCombo) { codeCombo.removeAllItems(); - List examples = FileTools.listDir(Constants.HTTP_HOOK_EXAMPLES_FILE_DIR); + List examples = FileTools.listDir(Constants.HTTP_HOOK_EXAMPLES_DIR); examples.stream().filter(x -> new File(x).getName().endsWith(javaFileSuffix)).forEach(x -> codeCombo.addItem(new File(x).getName().replace(javaFileSuffix, ""))); setData(); } private String getFilePath(String item) { - return Constants.HTTP_HOOK_EXAMPLES_FILE_DIR + File.separator + item + javaFileSuffix; + return Constants.HTTP_HOOK_EXAMPLES_DIR + File.separator + item + javaFileSuffix; } public void resetCodeTheme() { diff --git a/src/test/java/AesCbc.java b/src/test/java/AesCbc.java deleted file mode 100644 index bd9216f..0000000 --- a/src/test/java/AesCbc.java +++ /dev/null @@ -1,104 +0,0 @@ -import org.m2sec.core.utils.*; -import org.m2sec.core.models.*; - -import javax.annotation.Nullable; -import java.util.HashMap; -import java.util.Map; - -/** - * The available classes are as follows... - * models:可能用到的DataObject - * https://github.com/outlaws-bai/Galaxy/tree/main/src/main/java/org/m2sec/core/models - * utils:可能用到的工具类 - * https://github.com/outlaws-bai/Galaxy/tree/main/src/main/java/org/m2sec/core/utils - */ -public class AesCbc { - - private static final String ALGORITHM = "AES/CBC/PKCS5Padding"; - private static final byte[] secret = "32byteslongsecretkeyforaes256!aa".getBytes(); - private static final byte[] iv = "16byteslongiv456".getBytes(); - private static final Map paramMap = new HashMap<>(Map.of("iv", iv)); - - private static byte[] getData(byte[] content) { - return CodeUtil.b64decode((String) JsonUtil.jsonStrToMap(new String(content)).get("data")); - } - - private static byte[] toData(byte[] content) { - HashMap jsonBody = new HashMap<>(); - jsonBody.put("data", CodeUtil.b64encodeToString(content)); - return JsonUtil.toJsonStr(jsonBody).getBytes(); - } - - /** - * HTTP请求从客户端到达Burp时被调用。在此处完成请求解密的代码就可以在Burp中看到明文的请求报文。 - * - * @param request Request 请求对象 - * @return 经过处理后的request对象,返回null代表不需要处理 - */ - @Nullable - public static Request hookRequestToBurp(Request request) { - // 获取需要解密的数据 - byte[] encryptedData = getData(request.getContent()); - // 调用内置函数解密 - byte[] data = CryptoUtil.aesDecrypt(ALGORITHM, encryptedData, secret, paramMap); - // 更新body为已加密的数据 - request.setContent(data); - return request; - } - - /** - * HTTP请求从Burp将要发送到Server时被调用。在此处完成请求加密的代码就可以将加密后的请求报文发送到Server。 - * - * @param request Request 请求对象 - * @return 经过处理后的request对象,返回null代表不需要处理 - */ - @Nullable - public static Request hookRequestToServer(Request request) { - // 获取被解密的数据 - byte[] data = request.getContent(); - // 调用内置函数加密回去 - byte[] encryptedData = CryptoUtil.aesEncrypt(ALGORITHM, data, secret, paramMap); - // 将已加密的数据转换为Server可识别的格式 - byte[] body = toData(encryptedData); - // 更新body - request.setContent(body); - return request; - } - - /** - * HTTP请求从Server到达Burp时被调用。在此处完成响应解密的代码就可以在Burp中看到明文的响应报文。 - * - * @param response Response 响应对象 - * @return 经过处理后的response对象,返回null代表不需要处理 - */ - @Nullable - public static Response hookResponseToBurp(Response response) { - // 获取需要解密的数据 - byte[] encryptedData = getData(response.getContent()); - // 调用内置函数解密 - byte[] data = CryptoUtil.aesDecrypt(ALGORITHM, encryptedData, secret, paramMap); - // 更新body - response.setContent(data); - return response; - } - - /** - * HTTP请求从Burp将要发送到Client时被调用。在此处完成响应加密的代码就可以将加密后的响应报文返回给Client。 - * - * @param response Response 响应对象 - * @return 经过处理后的response对象,返回null代表不需要处理 - */ - @Nullable - public static Response hookResponseToClient(Response response) { - // 获取被解密的数据 - byte[] data = response.getContent(); - // 调用内置函数加密回去 - byte[] encryptedData = CryptoUtil.aesEncrypt(ALGORITHM, data, secret, paramMap); - // 更新body - // 将已加密的数据转换为Server可识别的格式 - byte[] body = toData(encryptedData); - // 更新body - response.setContent(body); - return response; - } -} diff --git a/src/test/java/TempTest.java b/src/test/java/TempTest.java index 8211504..4a1e38b 100644 --- a/src/test/java/TempTest.java +++ b/src/test/java/TempTest.java @@ -1,8 +1,5 @@ import org.junit.jupiter.api.Test; -import javax.swing.*; -import java.awt.*; - /** * @author: outlaws-bai * @date: 2024/7/9 22:06 @@ -15,25 +12,9 @@ public void test() { } @Test - public void test2(){ + public void test2() { } public static void main(String[] args) { - // 创建 JFrame - JFrame frame = new JFrame("JPanel Background Color Example"); - frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); - frame.setSize(400, 300); - - // 创建 JPanel - JPanel panel = new JPanel(); - - // 设置背景颜色 - panel.setBackground(Color.CYAN); // 你可以使用其他颜色,例如 Color.RED, Color.GREEN 等 - - // 将 JPanel 添加到 JFrame - frame.add(panel); - - // 显示 JFrame - frame.setVisible(true); } } diff --git a/src/test/java/TestSwing.java b/src/test/java/TestSwing.java index 18dee7b..83e9c5f 100644 --- a/src/test/java/TestSwing.java +++ b/src/test/java/TestSwing.java @@ -1,5 +1,5 @@ -import org.m2sec.Galaxy; import org.m2sec.core.common.Config; +import org.m2sec.panels.MainPanel; import javax.swing.*; @@ -15,8 +15,8 @@ public static void main(String[] args) { JFrame frame = new JFrame("Java Syntax Highlighting"); frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); frame.setSize(800, 600); - Config config = new Config(); - frame.add(Galaxy.getMainPanel(config, null)); + Config config = Config.ofDisk(); + frame.add(new MainPanel(null, config)); // 窗体可见 frame.setVisible(true);