udpate

src/main/java/burp/IProxyScanner.java

@@ -90,6 +90,12 @@ private void startDatabaseMonitor() {
                         ApiDataModel mergeApiData = FingerUtils.FingerFilter(HTTPUtils.makeGetRequest(onePathData));
                         mergeApiData.setHavingImportant(BurpExtender.getDataBaseService().hasImportantPathDataByUrl(Utils.getUriFromUrl(mergeApiData.getUrl())));
                         BurpExtender.getDataBaseService().updateApiDataModelByUrl(mergeApiData);
+                    } else if(!(onePathData = BurpExtender.getDataBaseService().fetchAndMarkSinglePathAsCrawlingByNewParentPath()).isEmpty()){
+
+                        BurpExtender.getStdout().println("[+] 正在爬取模式二提取url： " + onePathData.get("url") + onePathData.get("path"));
+                        ApiDataModel mergeApiData = FingerUtils.FingerFilter(HTTPUtils.makeGetRequest(onePathData));
+                        mergeApiData.setHavingImportant(BurpExtender.getDataBaseService().hasImportantPathDataByUrl(Utils.getUriFromUrl(mergeApiData.getUrl())));
+                        BurpExtender.getDataBaseService().updateApiDataModelByUrl(mergeApiData);
                     }else if (!(url = BurpExtender.getDataBaseService().fetchAndMarkApiData()).equals("")){
                         BurpExtender.getStdout().println("进入匹配二模式");
                         // 步骤一：读取该url对应的非爬取的url
@@ -108,7 +114,8 @@ private void startDatabaseMonitor() {
                                 if (key.contains(keyToCheck)) {
                                     // 提取出parent
                                     String parentPath = key.replace(keyToCheck, "");
-                                    BurpExtender.getStdout().println(key + ", parentPath: " + parentPath);
+                                    BurpExtender.getStdout().println(key + ", parentPath: " + parentPath +  ", " + isFindUrl.get(keyToCheck));
+                                    BurpExtender.getDataBaseService().updatePathDataMayNewParentPath(parentPath, (String) isFindUrl.get(keyToCheck));
                                     break; // 找到一个就足够了，不需要继续循环
                                 }
                             }

src/main/java/burp/dataModel/DatabaseService.java

@@ -371,6 +371,27 @@ public synchronized ApiDataModel selectApiDataModelByUri(String uri) {
     }
 
 
+    public synchronized void updatePathDataMayNewParentPath(String mayNewParentPath, String jsFindUrl) {
+        String sql = "UPDATE path_data SET "
+                + " mayNewParentPath=?, "
+                + " isTryNewParentPath=? "
+                + "WHERE isTryNewParentPath is NULL AND mayNewParentPath IS NULL AND jsFindUrl = ?";
+        try (Connection conn = this.connect();
+             PreparedStatement pstmt = conn.prepareStatement(sql)) {
+
+            // 设置更新语句中的参数
+            pstmt.setString(1, mayNewParentPath);
+            pstmt.setBoolean(2, false);
+            pstmt.setString(3, jsFindUrl);
+
+            // 执行更新
+            pstmt.executeUpdate();
+        } catch (Exception e) {
+            BurpExtender.getStderr().println("[-]更新数据库报错： URL=" + jsFindUrl);
+            e.printStackTrace(BurpExtender.getStderr());
+        }
+    }
+
     // Method to update an ApiDataModel
     public synchronized void updateApiDataModelByUrl(ApiDataModel model) {
         String sql = "UPDATE api_data SET "
@@ -811,6 +832,43 @@ public synchronized Map<String, Object> fetchAndMarkSinglePathAsCrawling() {
         return filteredPathData;
     }
 
+    public synchronized Map<String, Object> fetchAndMarkSinglePathAsCrawlingByNewParentPath() {
+        // 事务开启
+        Map<String, Object> filteredPathData = new HashMap<>();
+
+        // 首先选取一条记录的ID
+        String selectSQL = "SELECT id, path_data, url, path, mayNewParentPath FROM path_data WHERE isTryNewParentPath = 0 LIMIT 1;";
+        String updateSQL = "UPDATE path_data SET isTryNewParentPath = 1 WHERE id = ?;";
+
+        try (PreparedStatement selectStatement = connection.prepareStatement(selectSQL)) {
+            ResultSet rs = selectStatement.executeQuery();
+            if (rs.next()) {
+                int selectedId = rs.getInt("id");
+                String selectedPathData = rs.getString("path_data");
+                String url = rs.getString("url");
+                String path = rs.getString("mayNewParentPath") + rs.getString("path");
+
+                try (PreparedStatement updateStatement = connection.prepareStatement(updateSQL)) {
+                    updateStatement.setInt(1, selectedId);
+                    int affectedRows = updateStatement.executeUpdate();
+                    if (affectedRows > 0) {
+                        // 序列化 path_data
+                        Object deserializedPathData = deserializePathData(selectedPathData);
+                        filteredPathData.put("id", selectedId);
+                        filteredPathData.put("path_data", deserializedPathData);
+                        filteredPathData.put("url", url);
+                        filteredPathData.put("path", path);
+                    }
+                }
+            }
+        } catch (Exception e) {
+            BurpExtender.getStderr().println("[-] Error fetchAndMarkSinglePathAsCrawling: ");
+            e.printStackTrace(BurpExtender.getStderr());
+        }
+
+        return filteredPathData;
+    }
+
     public synchronized int getJSCrawledTotalCountPathDataWithIsJsFindUrl() {
         String sql = "SELECT COUNT(*) FROM path_data WHERE isJsFindUrl = ?";
         int count = 0;

src/main/resources/conf/finger-important.json

@@ -740,6 +740,19 @@
       "isOpen": true,
       "accuracy": "high"
     },
+    {
+      "match": "keyword",
+      "location": "body",
+      "keyword": [
+        "<pwd>",
+        "<admin_user>"
+      ],
+      "type": "敏感内容",
+      "describe": "管理员账号、管理员密码",
+      "isImportant": true,
+      "isOpen": true,
+      "accuracy": "high"
+    },
     {
       "match": "keyword",
       "location": "body",