添加新功能,修复老bug

BurpFastJsonScan.iml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
+    <output url="file://$MODULE_DIR$/target/classes" />
+    <output-test url="file://$MODULE_DIR$/target/test-classes" />
+    <content url="file://$MODULE_DIR$">
+      <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
+      <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
+      <excludeFolder url="file://$MODULE_DIR$/target" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+    <orderEntry type="library" name="Maven: net.portswigger.burp.extender:burp-extender-api:2.3" level="project" />
+    <orderEntry type="library" name="Maven: com.github.kevinsawicki:http-request:6.0" level="project" />
+    <orderEntry type="library" name="Maven: org.yaml:snakeyaml:1.29" level="project" />
+  </component>
+</module>

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.github.pmiaowu</groupId>
     <artifactId>BurpFastJsonScan</artifactId>
-    <version>2.1.3</version>
+    <version>2.2.0</version>
 
     <dependencies>
         <!-- https://mvnrepository.com/artifact/net.portswigger.burp.extender/burp-extender-api -->

src/main/java/burp/Application/CmdEchoExtension/CmdEcho.java

@@ -5,13 +5,16 @@
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
 
+import burp.Bootstrap.GlobalVariableReader;
 import burp.IBurpExtenderCallbacks;
 
 import burp.Bootstrap.YamlReader;
 import burp.Bootstrap.BurpAnalyzedRequest;
 import burp.Application.ExtensionInterface.IAppExtension;
 
 public class CmdEcho {
+    private GlobalVariableReader globalVariableReader;
+
     private IBurpExtenderCallbacks callbacks;
 
     private BurpAnalyzedRequest analyzedRequest;
@@ -24,10 +27,13 @@ public class CmdEcho {
     private Date startDate = new Date();
 
     public CmdEcho(
+            GlobalVariableReader globalVariableReader,
             IBurpExtenderCallbacks callbacks,
             BurpAnalyzedRequest analyzedRequest,
             YamlReader yamlReader,
             String callClassName) throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException {
+        this.globalVariableReader = globalVariableReader;
+
         this.callbacks = callbacks;
         this.analyzedRequest = analyzedRequest;
 
@@ -47,13 +53,15 @@ private void init(String callClassName) throws ClassNotFoundException, NoSuchMet
 
         Class c = Class.forName("burp.Application.CmdEchoExtension.ExtensionMethod." + callClassName);
         Constructor cConstructor = c.getConstructor(
+                GlobalVariableReader.class,
                 IBurpExtenderCallbacks.class,
                 BurpAnalyzedRequest.class,
                 YamlReader.class,
                 List.class,
                 Date.class,
                 Integer.class);
         this.cmdEcho = (IAppExtension) cConstructor.newInstance(
+                this.globalVariableReader,
                 this.callbacks,
                 this.analyzedRequest,
                 this.yamlReader,

src/main/java/burp/Application/CmdEchoExtension/ExtensionMethod/CmdEchoScan.java

@@ -8,15 +8,14 @@
 
 import burp.*;
 
-import burp.Bootstrap.CustomBurpHelpers;
-import burp.Bootstrap.YamlReader;
-import burp.Bootstrap.CustomHelpers;
-import burp.Bootstrap.BurpAnalyzedRequest;
+import burp.Bootstrap.*;
 import burp.Application.ExtensionInterface.AAppExtension;
 
 import burp.CustomErrorException.TaskTimeoutException;
 
 public class CmdEchoScan extends AAppExtension {
+    private GlobalVariableReader globalVariableReader;
+
     private IBurpExtenderCallbacks callbacks;
     private IExtensionHelpers helpers;
 
@@ -34,9 +33,12 @@ public class CmdEchoScan extends AAppExtension {
     // 命令输出点
     private String commandOutputPoint;
 
-    public CmdEchoScan(IBurpExtenderCallbacks callbacks, BurpAnalyzedRequest analyzedRequest,
+    public CmdEchoScan(GlobalVariableReader globalVariableReader,
+                       IBurpExtenderCallbacks callbacks, BurpAnalyzedRequest analyzedRequest,
                        YamlReader yamlReader, List<String> payloads,
                        Date startDate, Integer maxExecutionTime) {
+        this.globalVariableReader = globalVariableReader;
+
         this.callbacks = callbacks;
         this.helpers = callbacks.getHelpers();
 
@@ -57,6 +59,11 @@ public CmdEchoScan(IBurpExtenderCallbacks callbacks, BurpAnalyzedRequest analyze
 
     private void runExtension() {
         for (String payload : this.payloads) {
+            // 这个参数为true说明插件已经被卸载,退出所有任务,避免继续扫描
+            if (this.globalVariableReader.getBooleanData("isExtensionUnload")) {
+                return;
+            }
+
             if (this.isIssue()) {
                 return;
             }

src/main/java/burp/Application/RemoteCmdExtension/ExtensionMethod/RemoteCmdScan.java

@@ -8,6 +8,7 @@
 
 import burp.*;
 
+import burp.Bootstrap.GlobalVariableReader;
 import burp.CustomScanIssue;
 import burp.DnsLogModule.DnsLog;
 import burp.Bootstrap.YamlReader;
@@ -17,6 +18,8 @@
 import burp.CustomErrorException.TaskTimeoutException;
 
 public class RemoteCmdScan extends AAppExtension {
+    private GlobalVariableReader globalVariableReader;
+
     private IBurpExtenderCallbacks callbacks;
     private IExtensionHelpers helpers;
 
@@ -37,9 +40,12 @@ public class RemoteCmdScan extends AAppExtension {
     private ArrayList<String> dnsLogUrlArrayList = new ArrayList<>();
     private ArrayList<IHttpRequestResponse> httpRequestResponseArrayList = new ArrayList<>();
 
-    public RemoteCmdScan(IBurpExtenderCallbacks callbacks, BurpAnalyzedRequest analyzedRequest,
+    public RemoteCmdScan(GlobalVariableReader globalVariableReader,
+                         IBurpExtenderCallbacks callbacks, BurpAnalyzedRequest analyzedRequest,
                          DnsLog dnsLog, YamlReader yamlReader, List<String> payloads,
                          Date startDate, Integer maxExecutionTime) {
+        this.globalVariableReader = globalVariableReader;
+
         this.callbacks = callbacks;
         this.helpers = callbacks.getHelpers();
 
@@ -62,6 +68,11 @@ public RemoteCmdScan(IBurpExtenderCallbacks callbacks, BurpAnalyzedRequest analy
 
     private void runExtension() {
         for (String payload : this.payloads) {
+            // 这个参数为true说明插件已经被卸载,退出所有任务,避免继续扫描
+            if (this.globalVariableReader.getBooleanData("isExtensionUnload")) {
+                return;
+            }
+
             // 说明接收到了dnslog请求确定是FastJson
             if (this.isIssue()) {
                 return;

src/main/java/burp/Application/RemoteCmdExtension/RemoteCmd.java

@@ -5,6 +5,7 @@
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
 
+import burp.Bootstrap.GlobalVariableReader;
 import burp.IBurpExtenderCallbacks;
 
 import burp.DnsLogModule.DnsLog;
@@ -13,6 +14,8 @@
 import burp.Application.ExtensionInterface.IAppExtension;
 
 public class RemoteCmd {
+    private GlobalVariableReader globalVariableReader;
+
     private IBurpExtenderCallbacks callbacks;
 
     private BurpAnalyzedRequest analyzedRequest;
@@ -27,11 +30,14 @@ public class RemoteCmd {
     private Date startDate = new Date();
 
     public RemoteCmd(
+            GlobalVariableReader globalVariableReader,
             IBurpExtenderCallbacks callbacks,
             BurpAnalyzedRequest analyzedRequest,
             DnsLog dnsLog,
             YamlReader yamlReader,
             String callClassName) throws ClassNotFoundException, NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException {
+        this.globalVariableReader = globalVariableReader;
+
         this.callbacks = callbacks;
         this.analyzedRequest = analyzedRequest;
 
@@ -53,6 +59,7 @@ private void init(String callClassName) throws ClassNotFoundException, NoSuchMet
 
         Class c = Class.forName("burp.Application.RemoteCmdExtension.ExtensionMethod." + callClassName);
         Constructor cConstructor = c.getConstructor(
+                GlobalVariableReader.class,
                 IBurpExtenderCallbacks.class,
                 BurpAnalyzedRequest.class,
                 DnsLog.class,
@@ -61,6 +68,7 @@ private void init(String callClassName) throws ClassNotFoundException, NoSuchMet
                 Date.class,
                 Integer.class);
         this.remoteCmd = (IAppExtension) cConstructor.newInstance(
+                this.globalVariableReader,
                 this.callbacks,
                 this.analyzedRequest,
                 this.dnsLog,

src/main/java/burp/Bootstrap/GlobalVariableReader.java

@@ -0,0 +1,36 @@
+package burp.Bootstrap;
+
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class GlobalVariableReader {
+    private ConcurrentHashMap booleanMap;
+
+    public GlobalVariableReader() {
+        this.booleanMap = new ConcurrentHashMap<String, Boolean>();
+    }
+
+    public Map<String, Boolean> getBooleanMap() {
+        return this.booleanMap;
+    }
+
+    public Boolean getBooleanData(String key) {
+        return this.getBooleanMap().get(key);
+    }
+
+    public void putBooleanData(String key, Boolean b) {
+        if (key == null || key.length() <= 0) {
+            throw new IllegalArgumentException("key不能为空");
+        }
+
+        synchronized (this.getBooleanMap()) {
+            this.getBooleanMap().put(key, b);
+        }
+    }
+
+    public void delBooleanData(String key) {
+        if (this.getBooleanMap().get(key) != null) {
+            this.getBooleanMap().remove(key);
+        }
+    }
+}