BurpDnsLog一个bug修复

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>org.pmiaowu</groupId>
     <artifactId>BurpFastJsonScan</artifactId>
-    <version>2.0.0</version>
+    <version>2.0.1</version>
 
     <dependencies>
         <!-- https://mvnrepository.com/artifact/net.portswigger.burp.extender/burp-extender-api -->

src/main/java/burp/Application/RemoteCmdExtension/ExtensionMethod/RemoteCmdScan.java

@@ -33,6 +33,7 @@ public class RemoteCmdScan extends AAppExtension {
 
     private String sendDnsLogUrl;
 
+    private ArrayList<String> keyArrayList = new ArrayList<>();
     private ArrayList<String> dnsLogUrlArrayList = new ArrayList<>();
     private ArrayList<IHttpRequestResponse> httpRequestResponseArrayList = new ArrayList<>();
 
@@ -103,10 +104,10 @@ private void runExtension() {
         }
 
         // 这里进行二次判断
-        for (int i = 0; i < this.dnsLogUrlArrayList.size(); i++) {
+        for (int i = 0; i < this.keyArrayList.size(); i++) {
             // dnslog 内容匹配判断
-            if (!dnsLogBodyContent.contains(this.dnsLogUrlArrayList.get(i))) {
-                if ((i + 1) != this.dnsLogUrlArrayList.size()) {
+            if (!dnsLogBodyContent.contains(this.keyArrayList.get(i))) {
+                if ((i + 1) != this.keyArrayList.size()) {
                     continue;
                 } else {
                     return;
@@ -120,12 +121,14 @@ private void runExtension() {
     }
 
     private void remoteCmdDetection(String payload) {
-        String dnsLogUrl = CustomHelpers.randomStr(8) + "." + this.dnsLog.run().getTemporaryDomainName();
+        String key = CustomHelpers.randomStr(15);
+        String dnsLogUrl = key + "." + this.dnsLog.run().getTemporaryDomainName();
 
         // 发送请求
         IHttpRequestResponse newHttpRequestResponse = analyzedRequest.makeHttpRequest(payload.replace("dnslog-url", dnsLogUrl), null);
 
         // 相关变量设置
+        this.keyArrayList.add(key);
         this.dnsLogUrlArrayList.add(dnsLogUrl);
         this.httpRequestResponseArrayList.add(newHttpRequestResponse);
 
@@ -136,7 +139,7 @@ private void remoteCmdDetection(String payload) {
         }
 
         // dnslog 内容匹配判断
-        if (!dnsLogBodyContent.contains(dnsLogUrl)) {
+        if (!dnsLogBodyContent.contains(key)) {
             return;
         }
 

src/main/java/burp/BurpExtender.java

@@ -16,7 +16,7 @@
 
 public class BurpExtender implements IBurpExtender, IScannerCheck {
     public static String NAME = "FastJsonScan";
-    public static String VERSION = "2.0.0";
+    public static String VERSION = "2.0.1";
 
     private IBurpExtenderCallbacks callbacks;
     private IExtensionHelpers helpers;

src/main/java/burp/DnsLogModule/ExtensionMethod/BurpDnsLog.java

@@ -18,6 +18,8 @@ public class BurpDnsLog extends DnsLogAbstract {
 
     private IBurpCollaboratorClientContext burpCollaboratorClientContext;
 
+    private String dnslogContent = null;
+
     public BurpDnsLog(IBurpExtenderCallbacks callbacks) {
         this.callbacks = callbacks;
         this.helpers = callbacks.getHelpers();
@@ -50,21 +52,21 @@ public String getBodyContent() {
 
             Map<String, String> properties = iterator.next().getProperties();
             if (properties.size() == 0) {
-                return null;
+                return this.dnslogContent;
             }
 
             String content = null;
             for (String property : properties.keySet()) {
                 String text = properties.get(property);
                 if (property.equals("raw_query")) {
-                    text = Arrays.toString(this.helpers.base64Decode(text));
+                    text = new String(this.helpers.base64Decode(text));
                 }
-
                 content += text + " ";
             }
-            return content;
+            this.dnslogContent += content;
+            return this.dnslogContent;
         }
-        return null;
+        return this.dnslogContent;
     }
 
     @Override