From 6085cbbae9338a47417d7521c41db56809bdb9e9 Mon Sep 17 00:00:00 2001 From: S9MF <48114638+S9MF@users.noreply.github.com> Date: Fri, 30 Apr 2021 15:52:13 +0800 Subject: [PATCH] Add files via upload --- out/artifacts/sql_sup/sql-sup.jar | Bin 0 -> 17825 bytes pom.xml | 91 +++++++++++++++ sql-sup.iml | 2 + src/main/java/burp/BurpExtender.java | 33 ++++++ src/main/java/burp/Config.java | 94 +++++++++++++++ src/main/java/burp/ConfigDlg.java | 158 ++++++++++++++++++++++++++ src/main/java/burp/Menu.java | 90 +++++++++++++++ src/main/java/burp/PayloadGenera.java | 60 ++++++++++ src/main/java/burp/Util.java | 152 +++++++++++++++++++++++++ src/test/java/burp/AppTest.java | 20 ++++ 10 files changed, 700 insertions(+) create mode 100644 out/artifacts/sql_sup/sql-sup.jar create mode 100644 pom.xml create mode 100644 sql-sup.iml create mode 100644 src/main/java/burp/BurpExtender.java create mode 100644 src/main/java/burp/Config.java create mode 100644 src/main/java/burp/ConfigDlg.java create mode 100644 src/main/java/burp/Menu.java create mode 100644 src/main/java/burp/PayloadGenera.java create mode 100644 src/main/java/burp/Util.java create mode 100644 src/test/java/burp/AppTest.java diff --git a/out/artifacts/sql_sup/sql-sup.jar b/out/artifacts/sql_sup/sql-sup.jar new file mode 100644 index 0000000000000000000000000000000000000000..d88f91ef3bd8bb6cd942cc7317783e462b665a16 GIT binary patch literal 17825 zcmb8Xb9`i7w=Epowrv|7+qP{x9ad}`9XlP{wrzKe?j#+3-7mhUpZA<|?>(#jsjAc1R@ z`OD-VhY9~WR?O4Y%-+<@nZd-?$i*c^?OYvK4eec?L6!wy8ifJe+Rj$2UsSSEoqSO} zLa}hKu-q_GjdCm=E@yIZ3_H~i=;MjvUBybsv0DRKmE;4WZ?>e$@|UpfDsTTA`jSWCG<1s-46H zNi6V5w*Q1BF&%S1F+>fURG@)k;kF&fUh+wJIK=TsasCn3)$mQqs=f4T;tjhq~sVY=o*H!(@L>wz`u$ziDUvbcAJUku$WQ_;Cfsf zij**j%VV%eC*y%7&cgcUoLsr>HMd?LLA_CY5MQVD+Yqc$B^hIKrb7+pnu#)Pf>(gY!q4r>aaEz~r zkcwuvBgeDY3e$NZ%k$;M+ryH^&oSXpe;Bw6mXLWLIG;ep2G0feyR*C3Z_Y$ESe<9; z_h%F*m+}H>_s?yaTjS80H9E@AOCm})K%A$|-s_Z9GPjL4`!bmTo&X+m^7K3@>x_@= z{J}NvdAy5Nd6_Rl88Z*f>+WY4ONy>)2?XjwSH>YRXpo2&9tk>LK}kc6 zU{xXA@pWZ{VXaG$_(Yo?A(fNDg?*ZYV*Vn51-s`#wg{@r)%z5MRZAp(j`S?As4A6M ze9FrfjpCO`gCz!UqQ7b4Z@bkxB##y|mq(Cf524l%mFyi2?aY(W?isKmIw`80_Ufm4 zVNiMmlqR!gkT*i?lZmQ&H$nMYuJ;*xf4g)7>0RK)Rp1p86ch+38S>9y zvG+CmZ!rb=-@!t}!QR};;-6t6CuPHXK^!eK%{bUpOJGF)fU7YXD7K*JlMHuJwlIiQ zwuqCX4uYJS1T+NcNyCwEa%tg1;cS$^C&G$L94WFy)~irP7MTVM^Xs>n?cCS5nY_=y zPcS91AofF!xE^e>BTksGJXc0aL&|Voo0zGPIMO_+w>foHmgz{^OH9j7 zbK?_07M!kFW6+HMinR5*X{$_{fm(<7V zjW-SW%5%AW-ZxH%X1*v8yV9j*4%w5oAlqJ(sk7z_Jsv)Rov%96a^MMfwt7OY1r2u8 zl4?55O~>u4Y`AtZcvoyw?pqhlgPWY>BevbT?2nt4G}fKwJlEhkCleBWu(3sw#GZ)HiWp&- znHTW3bjjo|AroMF_Fyo{r=cf2D;fgo64&4q5E|dYmRP(C%5OR_%JOb-vu*CDnhi+1 zmd`x0QhQItJRkjpOl@{md`pZMdPx`6UJZ98UI%emZ?F_rWfE;Tm|{>Na`!VL^M<4(s)+nfUAk`jt$B!(G+@B7A1Cz?qH6IcwlO&IOh}t> z>F9MV)@^c*c4I^1Cg^4sKj<2o*7037njR%p8}LTpy~UT&z7nWz?acn1?nRE1@Hg$W zxYCgj$xR7K_Aoz|^cYi^*l1GJPo>`_BTNF>DLa@I1AZ=!!fDrja2sDqtgRAchZbW) z97)QaQbPY$KTfFVe=ve2;IRc`0#?d}vkfu1%f=31D2h6kBw|v_P<`G3AN`0_PcXtd7=tjE;@WI^%vX&VQY-i;TQC zehRu}Y?X?7igKlMo@l!jJ4Bo%DSJiujzm5tC!3&c2!RS*l>M2M**7AJrDzp6ks*G6 zAU?7&)iQ@-I6^6&Vecy(HHK&;B1ul+G*j>bF@^ZR`w3ARzuAX5=bHM;f;^1&;W zq`^c&G?B6~(izEj6xLQe;mn(an$d(rqoPHoBHBj%;_o=jHE}@?F?iJ2qSEjrTZP-^ z5FWykNdog~+{!%B$=CqbxMgzfYt(~2D#?{Y$ulBlb0n*j_F=eX5lJz^vvxdcT=8*u z5pT(Jit4yH%Y&(JHZ^ymsIgZO z&U)%;yw=){0vA`wB;!iGDDjL&MB(}I=z>|Kx#B#i07;VEJu8hJnea|qG~wz~7$47Z zJ=;l~;W8An=Z17dE6yz$azx-e83TQyePCGmqP4-G1y47c8z92jv9Gpm#zEOY7dGYR zImTBjUmZBoh`EnXa94r$!v(8}CE3#oV_r$3g;_Mwt|V$E5=AHNSBCQgXeInyqh6!9 z4iF2AWjp99qu<1J*0;SY>OD$Uae?$lnyD=6#MGOSA8^bmTgT~adc)0{KAlH?;dD8N?=tMt7Sf? z!jF(EIF}G9m79V5ME667>rc=}+5RRIeqWDfgZ0O!^Jk79Oagw;y|ogf*$Vi9Mh)Wr zp4lo4;?z`NAfPOe|K-fG{A*@abyOBUp}niGL(D7E5CsK!3Q-@S*cXBnDn{xG2lkys zO&j7glOv%}NC`b_OnaU^?LJ-P-4b%;%E8d5-4gHQUSDup%y9c~^nAQOK^vmz$XWK~ zN0R|e;S4p0p;V#21Vuw*VKNaLDi5p3LVHr|wgq5O9DG_v_) z>G@M4x_dm_7t;0*O5^xAR}H}jcRG6&seTpB-?4RKH zSDK|+`SUgk>jsCY7Lk}?g=n#Hlnal(+GA~g*~2crmD0mc$R8k7yAJuLq0tg2>vX?( z_~ZN)E{6Q-L~KDS0cVz>luw1%Q5MfreE57!ls^NFOg{}>q+#T3s-5~&QjZlv$c{{x zHw%2I(i}q>nM{Kd8G2u)si4=-yFhBzEQma5zvOIhJHHmcWpqPm8P91iVIkO{Z+^$= zz$L#;4vQ52h9D;dzW_$B6&5TtTznwb{z28`tw60%P2n?eW&R#6Ne_}9q86QLTf7u; zR%}RPz4RAiyNdZ$MesXE@Y@mCfucDS=O5gv>vGCJoN5@wp-W)4($pg^n|4pp%ykO6?R?jmCsxag_A zi;Ip6X$Ln`L%uj+}k+a2xCGfr7bO+q<{Z7*=ag{e0onTwsHv9D8A6-R@)WATE zHq$QO+(nO zUBJ;?>39foqaa`(1 zH=i;I!0gXSd)U?0S95tM-q2?Z4!8m8tWDN_btuaK$s5E?^ax@z7K)WfI8w~15o~5v zGXa>h24kyqj%${|j4N_#`8-H)2}ur^-ug{nWBI3M+J^iYFL1$$5j*Um@*Y{AB5Egm zmxfr(_%k$2hpueE2t;B!lVThMXiWMnlNC`YHT(jEIg`yUbO{_^N+vhxz2cd6hLo zEw|WHXZ)Df3^GV1foeUN3J!S)J6fy?3&8Nl$T9$wi3>iDGN5E z#^k9Hep|`;K=CwGhSM7E((+FpkMhgRDHf_1a^gDs`?9Emi-G=^gT`q(8HJXwS_EKr zoZe?*&4hk#-=@t;R*CKhMaRb-!|aD*t;;Dv7>=Jy;@zl3SYu$>)W3ZiF`O&AP|xH* ze_$_+Xtc0mm-H#0c9R|6dO1NlM zv#FBk1!1-K(IJ26E^1Q%L{UDbx+2?)4A}d;ZZEkmg|{5mC)^q&Vb+*AcU|&|6-g74 zSfpxRG;hlGQ^G>2_27FN$;>Di$R6O|3)1s0N(=q3RHO2L3ploa18(gX;L!N(K$1d$ zjX!Y+=@!Z}v4pnfcE0E%faFpd`D*-Ty23(PZ%$D4d_5q=VWt5|PpbA7gr*k|q+_?nyl(1Zqk3tCaN7?8_T!nPjrkex6ib zhvQI(4i-#tlyyW>qp}3FjKmZ0O$$qvT{TusVh|VG!#oA`;gh~Z(s1|W0uIKi{sku+ zB{S(Q!|}T}03?nx&oHx4+T#y9%$>svRQ>!rS3J#|Z2b67)K&JJup+AR+15}I z%%&#rCZBl;uQ{bGlho)cXvPFajct!UZ;#@uH^9g$ErOFfm^mkO3^X5kl9hRl9GZ28 zip{8@O4!xrosi5#NZlA0&pDB*0dM5)7YogKP&(l%n#f*oaqI!K1Jx#S+Nf$aH%hHRNlY~{#-@HeWmk%Tv+$1iJFrY^&TrrIh8&#zBZ@L$+fuLlGD zh;MFgD!ue!O}e0irr&G1_TPEje%XHP-fL^g^Tp}K+oSzNdS&QH87vRs!Mr-Kdj-T{ zR7>~*5?_}_{>ZdCv#SsB_bSpcV(Y4dsn7#b23Y99%7;sjU_LFP#l=!;YM zbDWH4{4FIJ-{4ac3W51+IZ&Vk7T@?TGjyK0?_k^v7!!8h5fMS!4fn8uBp1zIddQ3n z7sFmi2&3dvVMtP^Oj<~Eh`pdUNP1WoO7|dxg7j&MV`Q4|cw8xVp7{+}FeBs*I^V!< zCHNCg_w-i>rtfkkxn?)?g1NAU;JGLC`Zos~z*YVC{=Sp}Ji|Ni`MD`O15vt>*R0<` zAp}itNFfBxZ%`Q~72Z6@;_{$Jn*aqAm2TuI$|@k>)sf~^N^okJSlDYNjnw!l)6s#TdUKGM-O17oY#@b z5#t>0MPRb(us#;&|B-z4}& zx_GOqYEE0rdPt*pS!ScG8{u-1Du2+}nufi+qC%Pot=%&#Qbvup_6yB9U&Hv&q%&*7 z)+8P$Yg)$Ghr_@-C^XyP!dQB{>_H|RE>m9LFiYkfi3x2Xizp7mP_7^rjOSId2ER02}=>-VFUwhgi}74RzT!GeJRvH9z<~wxK|J@9!ZK<&YSugsy{Ubn_U_D3C{KO&#L~l# zgqvGcmzlA6qtY=br>$a7GBq75PPVRDkhKvGtxAEBoHuxJD!4%UYUUPMz_ze!IN@7d zE=6?lwLG?kVjluO!R3t+MOnX7kFTb70p*8i4c7byx{aSJF8ofQCN-(pi6&>gDV&t` zVzsn3XXSTK>1u^CsiDQEZ(bdc*k z*^^|p%&*Gv@aT#O>{c>mGvR~8J49*i8nwLnC3kI)EB1t>or2?XU)ZI#)Q440A(G~fjA0CT^}uTF^3Bz#IC@ZjhEiNm zY%v7!yRa>+9WeeWUyz`n8eiHS+QRjO0l5%mw3i;7g;&MnSs8pbR$q5)n7N3tjKBHK zaG)O;${zsL4T;oJ5I_ZG(2D!+$XGONkLF4oPY&BqluaHLj<>uTwJ#oL!Ik^n^-B@% zK*w%J$fgf;+X($kht;Rt>%_EZJfxEZu2n3&xtIh!B#ea^B|R!~XIB$PSRdN(y zRV@QIqB$yLnqX};BK^g$mniA^O-j|rEpgHFJB4wo_9Tn3=CCQmM1!4sKqkz? zN3F4JfjG1g4ow}BQPr?24(h^bzq|ymc|K~2XF%pP^Q0(5!wuZ=uGnNTW2BcS=!&wB z9wm%Z7gh|oF$+edmL?g-9z;C~XCwq2MpnIOSs5}lT`_Hs?8Shy6IRncaTQveaSB%? zj}yrELP(pzN==(4tMaW#_pC&77_oVwn9PwpclUwB!GWphP~AoSD$Al5)vP}08gE8* zX59L#a@tte{ zT&H{ZP7o2!vOT<}J8lYyvxm&MlHT26uZBCI6p9e4!rnAacGVE{jlO(<{7#05`;kQ^ zercx(zl4pySWTDzN%fF3vv>P9p&6s9r?MfA#&3fQCcG$bIS)ciSPi_!#jLnKA73Je zH{aR>J+$k8GmCsTtVBbmrj7cpl*hVIRJ1T=Lilr)aPdc#EETI2-&}N~$Mv?)RU6^D z;K%zVcmTSuAPj8O&jwRtya|&hAX*B6K?w?h;fe?aM?HrXxJ@SJNQDtc)I98`&0c!Y z7VvEz$JatkypWnNolHpSRu|v*%d~4l0~5n4sDt(24n5@zHTfSB_X~S9cNB3gzr!=$ zEXoCfza;w;sh88oSBBzK$2)iiZk}FVk9lsa-IsH3pi;Pa(}jwbWN`!EpZYEDSn= zqu3kE9j;2JHHwigyH5+&3yn^8H#e|7l<_tt5D-ei0k_#w7f}mut7U1l(T|`RyPt*D z-_MD26C3Jqi+{4GiU|fo9dr%0_3f=oV&2T3^+Tr)kVZA;4kO#uoez>!TTOiKh?3#v zXmUoC5u2I#f)`i8?+NqbcR@W&T>ukmd9yyk zTYQ&K$KtTrw&B69TZn8yekuCy_}meF+8%FUi5t@vqL$JxVd%8U~eGxm#TdVYg8hg=cT{nrzW2*m$8X#d4k{{}6p6dHdH z7zAJrY)cJTsc)2mm<7qn?X5Q@eB3@rC%^M%G2>x)jtSL*hwfw4qS95Pg^tj#?p3b6 zl#))lxX3sCYU6QR;BhnV3^DKB57H3XW}uGQ0%K(u>R6&KATmZqlWoEbR&b-v(F{!E zHY(HxqeiEd*wIy@`QE<{)m!<+h=@tc#`Q~Vhc-NDwY!@h_|}r&y<4Er+iKkXJqRhk z#DU===WFkZ3`j#L=+AD=A-Of{4Q-b`W*{ta12uX`^#nT%0f}nnz_37OQ#p9*} zSkqZiB~(JfFnXf{=7!f)2IknfoFc?x9dRg<<^!SMA41ST3^oAtPhFvH6yAyJ$B zOYsuNNFV(}Uc3HI`?^C109GfSAsspW)J103Q|1hQ$=tX?OT&py$NXU$EmFs?W8=%u z@II<*5hyxe%(0?uTpnZ0aQ5{?rC_IPNqV0qo`C!68-rl9scXM{xt zWU+#d_(i0Oy>YqgaV4Rd09s}e3=kF`a?F$O8{fk3t!Sz3q>)A?6EPO5)yb#W(lHDM37LBThD(*Ob}giEL;M%v$d>D=;mvHOe6_ z{~@NjX`F877PeQgaO|u}{#X+)yo7Zut@7?1My!PBoo&=jPWD*<&(-T`{qpDGSQE(1 zcV2s{Mt&y>w%k5@>9K+KYjI>sR+sT#QcjcCiV8_QqgN|t2B0S~W4 zC|`Gutp!iDR_m1d>~I_E>`d#V@Sia)`s(XLc`>fmSBGO`d|DMQvww=r8@m3ix!`4N zhul&!$Mjzt=j;CWhtl3|;q!GwR;7O`ylM36H7!NrNr^u&Xx@%<8n`QTo887@x;B0*EEW+C*#<1+-nifWg3Rttk$-&djUrj$!me1aPCJgW47cYFnKB3u(k1j}j zf;mUa771FWiP#{2A_ZBLO<1};p%lAwH6VF{+haV4>|?|pXMuT;-=$G^+#a3NI{pdz z`v$apzt9x^CBAh0x(Wa11P$@uY}M}s?Vm(dimHqQt{N8qO05%xyh#V5H4)!Bh&zhM zdPxXMX<$4`_I{D1c=;sA*?Jqh3ODPOXEvKLq_Cu9I6CiO5PnwK)*=b=Gw^F%@;l66 z8!JV176nSGdG}-6j>qfN+j(9NKaj?4Mg(iCvEjI==tQMdrws|f3iO)XX(}Y}jBH!M zSlmYj!dxzTxBbTq_EWDY&I-J*B}vq?k#7h%C?}k+t)UW8(;?Tmj^&uVgc}%2L$k?? z3&@Q;~UYTEz)d@Ua4x?W(w~7x1a746|4ApSS5Z)7+Ac` z+C**gaSUjZJwO#MwQ85mZYjNEME*P9Y}e%%+SjhR7E*I{Jv350N{{RT8I1VTiwmdE zne&wsCGEt1*vAw&H7+CeFxl8-R+VprN;7d>K43rbZo?|v7ZUteO!S^Vm_6{SwA?!M zMd;Vt^N8`=%aT+^_smf4(JZ&`57i|tj*;+2DD#HoTXH^secXCS?7?K~r35K8@MKxB z`zUoF_;}sDopyNHxwgDtad`Z^wvbEMGPap?+12y0DPIsxel^#Jqt{wxRAkAK6{3 z&F~Wn*bFN4?%ph}DPDljG%Tg?82#=Gx;92}estU;5dp-W#nBfOh`Nohg z9~v~hvn)Y*jKYKCKC-yWqynV6xK4zgsg3PDSy zy7@WwVY%EMnmN}8A2!tio%)&H0Q=?_i>Q@if_l8zIYK3y6UW>y6mxyxokLCyb+;Vb zds-$>iBRDBLtd)P^7PZJTxA0p8NO$q?-x%vj#s^RFtVV0Zv+N)*@< zLvZ&IJh(`WRfjPp-#6Ij%t!plN%k&ak9OU4YeGmjH{t=?EE#_?5aO1BB-F3Vj?k?~ zjyssHovwXmN9AaDsmcAAz`^QD9L|uN4qnQG-2P~vML69+1Uy&vzpQ?8Hvr?^=L&aI zH7?eu{qYU%OyE&0jhDC_g@%bWvyKIyF&VVpP9jw9S)2dxx-9~ZA%m&j&=|rBR1Fm) z640j5FXCmEe6nW3(RM+v<@dU!s_W6=h zA%$dM->0CT!M4E9oh;J4Ie-W)o~e23U^MBZ`c#F!Dnd!$Vm%PokVEH}rP|!m5|)q69L!6_Uqom#gPhi#(Sw!H?(f9zYsS z`Cl;amFO&6t4X7Iaprlh_GR#qO%LzX&>jzSm+Hz$0p$1-nh6|_ZoV0M(1bs0S}z+l^ac=jmWdimwr_Hc4yb3-chbtM@-uWT?{kuxskEp7W5KyYCkwbJFM;37Y7@LI<0CmYRHc& zl)t;vL0nGSt8Xe>5Aiid9WU$kg&a2q-GlFe2WhybK}DuUn7Xg{T9?=^P!~Dp+Hiww zyC3Qqc^gadO>mjbxZbgKZ%dMu)S1`NF!oxwO}QmKaMRalwX;!vTNDOmp1~ z2W6XgY(CF>1BX_0*N@GIyV{ozG11HL18#M7<&zmQIjCT-nH|J96*ZLIB<_tO@l4Dl zmS>~|1cOO`?@MBYrwg{5{X|v=$xLj_>xXXf6yJ)-o$3xQIDbULu|ao9daVH!&xSfN z7LU|iflowg?#`3iN-|>clEPhpXLxmH5HkIl!@};UH z^;|lm3j|1$E&dn~7)gVLd?{kP$QLSy6GZ-JWR++A6Xroi14cC6!&;5zOu|j589ehE zk!0mf^m2S3@FQ|WV&BoGA&usJ6b(|QUMBHY+9#+lY9|pDE?flObGz&A658YQfO3K+CJ@3{%GSh}H6pK1=W^IY7 zMq>=7s>E7dWpQhFi)yh2?2Bc3>I7V|zbKVe>)FRGX?PDbRisYSFE)f1*pl+}9h{%> zjo^KSB&WXTW`kqIQ298(dH-j?Ki5Q<0=0E{Fd(3LwBf9y<-WO>~ajeQCr4hZliBPR3}ha!{)2@E8of;Q}p^Be072^^bbB1BqU|2FQ9 zuBYDDY}3+VSDkX%Ufn(qwBNqy?pC?cuHCZbW}{Q>*3#6zvFxrz|MkOXCu=N3wvfJu z@G-~dn)@WzXZj=Chl0`fVUZOmHL5I@BO75?ftf6f6=xd45kcY1@t_kg_s2n&Cq;n6 zo-oj7fQ8?aOWP}^^W7y->H)VD|Mh^!;hllCr;r3vsh_8ke^2FJt*dOG758fso_^xM zBiZ$Yv!|H#J1(JqN=0|=fy1o_kADE6^fz|ySIH6e*Dh1Pt+3CtH*q`|(r&P~3eLCi zUgKHLPZosRi96R)avvy%m)p?0JGV8lk2fk(Z?XfQEuR$dX&to(K3jPjj7Yz>Abxx~ zzz0_N6f?AfsG!? z@_ei$5uTT2Zq*w2b5F`yqp`Y!xS>=^7rMRFAnUSW$yTJrz-_Q10vit^fG>9A9wnq|*^N-&u6Vz7WYIuI6ocfJ3iz>6Cwz`_$@zq{Fmn;zl*7 z7H!U&eQ{ER=Xzlk=cOh#o%wK4Q3eYn3U9Tl0iBbjU#;EDe1(&0tU7AV_JZs|Asa)E z6tpbv(0umgd4n>aLX=KeCThY!W0Y#?A%k2D-=}=%P1xs@v9okB5q1gne9=rK$C5oy zgCGx=MO#As z7Nskk{PBP{E%~T`4V^JChG%=MN8D-Nc(AOr7cw2a*3q*iOT#SplzxNr!>Ygb>jAiS zr&HaE^!Vsa>zzOA(m<~R6RSCcuFSi`p7IXDz`A&G-D_0)iz-j0A}Q=;B*q|gXu_2MUvgWZpB6}0#{ ztVOfmgR-wQRmC^5U^CJJ8e|DDX?9yyir!uo>+Gw#3W?`JXk6!kgp?LeQnsx%XQ=K85;1v&xr=>8t5G!ce-T*px$doS;Jb6oP<)rpTFbZx^iU5 z7O|+Cnsjm^@AZX7Ys7F>lO|ZnnI0qvBX}67?tAP@Hl$-d=w&(gWKBnn@=a}^D44T0 zE3{M|CX`80(-1u`KxOl-pC?mUTi8j*ev6VL7t z(Yvm+N|T6u5MUAXg(Ej+=$IZuQ;S{OUp7W#@pW31W67q8=JDr|h%#dvT;mrJR8%-- zrDU8!+2n>hUFzw6!|?ocQFG=sBy{6QiV_^-Oeibkc4C?#ICVIYNwkLa1m1S-b9L$I zN;qbnN#;RarzYa#h-bL1?;AWFaP^<)OwVZaOQ0LU0c9vlRnT9!3z-4(_A8@C3B=Yz zz9Nfz&?1Wqd~-ynWGf{xe5Mha6%l3tO$K$#!a1asa4mo)wK|qDI^IenDhK?u1dMdGoJZ;}>$G z^Tqme$`l+o4fV2(IL1kOTa18Mmh%R+@OWIr;#6x89}p#h)Id~ zbR|M3><_cS8jGi|83Me%oQKA2G#-an?jo+zJ020CfYrd*Y-&=QU}E?2YOlN^zB*Lw z7Oq+Tj`6{mdHyZHDt$ASaa?PH=Cp@6X?#buMcy|)VUuoo-x=|)Iqr|>>ETWAl)IX) z@%LYM#Elchm4?Sg5al zbN;-lI`m8X(gqmPAsGa3lpGZ&4xyumzZRyGNq^`F_cGSB;#*ugo_epZ;( zW_(Nj6!jQuDJ)Ti8N>gX6b>buCaoVOYFmH2%Hx<`_NF4$iKNrjH6*9YDTJnS_zKw7 zDXBFBe|dzcPiw!{#A%|Hi+0`IGyDXr;|!q0MV0(*Vpwg<+R_c`tfo6XWA8d_Z`l-X z`8Ku|uW2bUd`vh!p8INw>_Wp%otg89yO_D_hp3^`l4rJ9fsVh~!HBjBYp42+GRAr9 zD4$jOnica=g#t&RT}7~a268H#f&<;JQucW=a@KE;8XA#MsRbS1BR|Eh%+NolV_`<6 z+I$ip-^dET7n&a|g)@Sg=*`<@28}y_4s08sIm(0jp#yJM0c_UC_9A=6S4hUh#J2!; zzqyerc`>8hfE+tgttvAqTWVJPY+n!&E70*^Z=Q$NFn@2`M}mMaqxe4f_F=a!5zDB< z@7*#KJ;d_`JE~{$DazrUvK_I2M}Y9ykanHuGg84R4kOh!hBE^w{2Pv$@CfH_B`@S>=py8k-n{OZ+;$5Zz69}FmZpA{ zJ$Q)eUd#ErsuL!m{4vbCwrL|{XolXcLl6E-oB3jZvbG9G$Q|UIA3@(0Yx*LZBRdZI zaC8_GJsOlef$&g`qG7@-9{XVVgdnt4)U*io;D+dJx0aAPtBM-14CSD_2jblP0}i@grTG!83PDkLKpoVM5WT)QzPWWTZYe>4+Tyi}fm)3i<#5-0pg zJ}4zc1toT=_GxZVSJaCVGsu|che{7_iZKa9>v^AU0kQn}#Kv2;`ewfl=fQ~NK9Fzc znT@2Aobbnsq)Jq5bP^VaMyf7k+gF_J3ADWYy?B5S4S&^M_^yZIKZ^Cp;7d^ZmNt)>~(R?--Ph@Ev9 zkI<3fTFx2E0}WWKfv4|MuRqUW_B!|u^;|I;!kA9zjw^1h*{5;)Un%rR#9+_7ik=jV zWb}xcRziGDA~aAmGHHttP2^#{!q`J!2hwfKf#dZT>i|jyGKRm(X+ot+rruA@1+g(i%NQ-QvEeBIX#i5@K z6h|FzH!aXvHu>HF~#pDLcqqCm-PN8sw)$KaO19=jFsTA@w(P5Be-Ql-c zJ5w}Jh#O)D4XB_Er!YOsp%$wou)cvlaJq8Xj1@JxD_!cFR-7(${nQ{{7uw9qIgP!n zcO>)BO|x@=;?^mml^gmy@gftc2mbeZ(asE$A8k0l_=0f|bN<81%2}65|1rEfF0oiK8BkQ!mx%HgTmK z%=)g3WgX1jADL@aiXgE&Hn5vITAc|=e~69yhrXxG@sB5VN8$*I==rN>a97Ygjat>7 z9X74J@|^=+nHJA__CrYjNOZvQ$Inw+laEWhQup-4%2SDpD!Ni;9|+wkWpBB$xq0o- zTH5R!z;r}x@>EqlH|M;W0) zsdkqwb6xJh3qsHHlit@{tPAyggK$(XDO?t5jfjDiqm^x+02@g3WEqCO+C5Isi1H`7 z@Ae-UO`nkw*EyXaEhEI^0n;Yn$V;mf>)=Y>@PvaYTeh_7;91j#ZZBR{XEpr6P55Bb z?N=0!E>wDCge^8Qb?1vm9yWO*UYAHUyx@A>QzDi%J_s{OEk|e!T(qT3rYg8m&VrUM zd7~~nW-3{c&ett%q+VBB2x`eb)l*yPCpC6=Xe{1lQc2NA947YUhtJD}BhUUdl=GY} z7i1hB_cnFyV&S7;mBT{Q*F+@O&dUmQ2)-GsKI!)(H)IA%K5rmBjQixB{nzK7pbp&U z*UVJN>I~2PeRZSP;L9S8q2V?vqNBaJz;s}Zr~)$q3VGrFOK0_tde#T=>>Td zK=uPD0>U;KsOJ%{F|BFKgeFa0VZ?&dI-4Ut*@tph76^HUH94x!>mxoFrLw|m13u-? zSWVj^b|Y;rgx8*lEuDFllu*-2c!DDNTT)qqBe*+LygL&*gaf3>Udb$RO2<-n@Jh#Y zZ9P&yK^mU4ti5wt7?qF7$2)~HG^p=I#yjORI7c5b%(hD=d5d;PuU`(kB)1XAe4ro0 zQSdPJH%Acm$@pD*sD_}KGaA9#WDAMKt8?Yf94bqkVTInwUlGc)?o{&%yJfAJdfe$0 z`18wZv)ey*0qaC)c=UDQnN=p%#V%)9-Lj(;;a5@JD zE>d)#A4iVI6BDgA!^#Pb3cPIz<{T@GqX4zuM@Y*z5}atV-RfM=)_aF@6N~3dH{Uxk zO5VO8absLFT88Nny|>Dy_1tFXL09W0fKynewTmer%Tzh;p}>8>)qQp(OF6l8Mw`T} zCb}I;%j9`ZnwwiYJbhTM>)T?kPdh-8D^jpCK27v+kpSNrH#aaF_{;?~=KR0gx20;V* zYx{;jd$oUW-|*L<{Pp%9X2SnvGl$>5{ck6~+q(a3==|N*{nt?aMP&TL$)8Q$f13a9 z`uwwN@ORheU&HlRJ=GuPfAoORK!-G@E=fAR4z zY5G5X{8jMw)&l+-?{xp2&;Nc-{siyePb-o6 dUta#=@)Tvje@S9MK#0Fy+rPw#YN6ks{yzg*T9yC+ literal 0 HcmV?d00001 diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..e2d848a --- /dev/null +++ b/pom.xml @@ -0,0 +1,91 @@ + + + + 4.0.0 + + burp + sql-sup + 1.0-SNAPSHOT + + sql-sup + + http://www.example.com + + + UTF-8 + 1.7 + 1.7 + + + + + junit + junit + 4.11 + test + + + + net.portswigger.burp.extender + burp-extender-api + 1.7.22 + + + + + + + + + maven-clean-plugin + 3.1.0 + + + + maven-resources-plugin + 3.0.2 + + + maven-compiler-plugin + 3.8.0 + + + maven-surefire-plugin + 2.22.1 + + + maven-jar-plugin + 3.0.2 + + + maven-install-plugin + 2.5.2 + + + maven-deploy-plugin + 2.8.2 + + + + maven-site-plugin + 3.7.1 + + + maven-project-info-reports-plugin + 3.0.0 + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 8 + 8 + + + + + diff --git a/sql-sup.iml b/sql-sup.iml new file mode 100644 index 0000000..4098198 --- /dev/null +++ b/sql-sup.iml @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java new file mode 100644 index 0000000..6f6042b --- /dev/null +++ b/src/main/java/burp/BurpExtender.java @@ -0,0 +1,33 @@ +package burp; + +import java.io.PrintWriter; + +public class BurpExtender implements IBurpExtender { + + public static IBurpExtenderCallbacks callbacks; + public static IExtensionHelpers helpers; + private String extensionName = "sql-sup(辅助)"; + private String version ="0.1"; + public static PrintWriter out; + + @Override + public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { + this.callbacks = callbacks; + this.helpers = callbacks.getHelpers(); + callbacks.setExtensionName(String.format("%s %s",extensionName,version)); + out = new PrintWriter(callbacks.getStdout(), true); + callbacks.registerContextMenuFactory(new Menu()); + callbacks.registerIntruderPayloadGeneratorFactory(new PayloadGenera()); + out.println(getBanner()); + } + + public String getBanner(){ + String bannerInfo = + "[+] ##############################################\n" + + "[+] " + extensionName + " v" + version +"\n" + + "[+] anthor: S9MF\n" + + "[+] github: https://github.com/S9MF/sql-sup\n" + + "[+] ##############################################"; + return bannerInfo; + } +} diff --git a/src/main/java/burp/Config.java b/src/main/java/burp/Config.java new file mode 100644 index 0000000..49b5ba4 --- /dev/null +++ b/src/main/java/burp/Config.java @@ -0,0 +1,94 @@ +package burp; + +public class Config { + private static Integer params_len = 1; + private static Integer key_len = 1; + private static Integer value_len = 1; + private static Integer number_len = 1; + private static Integer fuzz_number = 1; + private static String filePath; + + public static String getFilePath() { + String val = BurpExtender.callbacks.loadExtensionSetting("filePath"); + try { + return String.valueOf(val); + }catch (Exception e) { + return Config.filePath; + } + } + + public static void setFilePath(String filePath) { + BurpExtender.callbacks.saveExtensionSetting("filePath", String.valueOf(filePath)); + Config.filePath = filePath; + } + + public static Integer getFuzz_number() { + String val = BurpExtender.callbacks.loadExtensionSetting("fuzz_number"); + try { + return Integer.valueOf(val); + }catch (Exception e) { + return Config.fuzz_number; + } + } + + public static void setFuzz_number(Integer fuzz_number) { + BurpExtender.callbacks.saveExtensionSetting("fuzz_number", String.valueOf(fuzz_number)); + Config.fuzz_number = fuzz_number; + } + + public static Integer getParams_len() { + String val = BurpExtender.callbacks.loadExtensionSetting("params_len"); + try { + return Integer.valueOf(val); + }catch (Exception e) { + return Config.params_len; + } + } + + public static void setParams_len(Integer params_len) { + BurpExtender.callbacks.saveExtensionSetting("params_len", String.valueOf(params_len)); + Config.params_len = params_len; + } + + public static Integer getKey_len() { + String val = BurpExtender.callbacks.loadExtensionSetting("key_len"); + try { + return Integer.valueOf(val); + }catch (Exception e) { + return Config.key_len; + } + } + + public static void setKey_len(Integer key_len) { + BurpExtender.callbacks.saveExtensionSetting("key_len", String.valueOf(key_len)); + Config.key_len = key_len; + } + + public static Integer getValue_len() { + String val = BurpExtender.callbacks.loadExtensionSetting("value_len"); + try { + return Integer.valueOf(val); + }catch (Exception e) { + return Config.value_len; + } + } + + public static void setValue_len(Integer value_len) { + BurpExtender.callbacks.saveExtensionSetting("value_len", String.valueOf(value_len)); + Config.value_len = value_len; + } + + public static Integer getNumber_len() { + String val = BurpExtender.callbacks.loadExtensionSetting("number_len"); + try { + return Integer.valueOf(val); + }catch (Exception e) { + return Config.number_len; + } + } + + public static void setNumber_len(Integer number_len) { + BurpExtender.callbacks.saveExtensionSetting("number_len", String.valueOf(number_len)); + Config.number_len = number_len; + } +} diff --git a/src/main/java/burp/ConfigDlg.java b/src/main/java/burp/ConfigDlg.java new file mode 100644 index 0000000..474823e --- /dev/null +++ b/src/main/java/burp/ConfigDlg.java @@ -0,0 +1,158 @@ +package burp; + +import javax.swing.*; +import javax.swing.event.ChangeEvent; +import javax.swing.event.ChangeListener; +import javax.swing.filechooser.FileNameExtensionFilter; +import java.awt.*; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.io.File; + +public class ConfigDlg extends JDialog { + //定义组件 + private final JPanel mainPanel = new JPanel(); + private final JPanel toPanel = new JPanel(); + private final JPanel centerPanel = new JPanel(); + private final JPanel bottomPanel = new JPanel();; + private final JSpinner spNum = new JSpinner(new SpinnerNumberModel(1,1,200,1)); + private final JSpinner spKey = new JSpinner(new SpinnerNumberModel(1,1,200,1)); + private final JSpinner spValue = new JSpinner(new SpinnerNumberModel(1,1,200,1)); + private final JSpinner spNumber = new JSpinner(new SpinnerNumberModel(1,1,600,1)); + private final JSpinner spFuzzNumber = new JSpinner(new SpinnerNumberModel(1,1,20,1)); + private final JLabel kbText = new JLabel("byte字节"); + private final JLabel filePathText = new JLabel(); + private final JButton btCancel = new JButton("Cancel"); + private final JButton btSave = new JButton("Save"); + private final JButton bCalc = new JButton("Calc"); + private final JButton bSelect = new JButton("浏览"); + + public ConfigDlg() { + initGUI(); + initEvent(); + initValue(); + this.setTitle("SQLSup Config"); + } + //初始化组件 + private void initGUI() { + toPanel.setLayout(new FlowLayout(FlowLayout.LEFT)); + toPanel.add(new JLabel("参数个数:")); + toPanel.add(spNum); + toPanel.add(new JLabel("(1-200)")); + toPanel.add(new JLabel(" key value:")); + toPanel.add(spKey); + toPanel.add(new JLabel("-")); + toPanel.add(spValue); + toPanel.add(new JLabel("(1-200)")); + toPanel.add(new JLabel(" number:")); + toPanel.add(spNumber); + toPanel.add(new JLabel("(1-600)")); + toPanel.add(kbText); + + centerPanel.setLayout(new FlowLayout(FlowLayout.LEFT)); + centerPanel.add(new JLabel("Fuzz个数:")); + centerPanel.add(spFuzzNumber); + centerPanel.add(new JLabel("(1-20)")); + centerPanel.add(bSelect); + centerPanel.add(filePathText); + + + bottomPanel.setLayout(new FlowLayout(FlowLayout.CENTER)); + bottomPanel.add(btSave); + bottomPanel.add(bCalc); + bottomPanel.add(btCancel); + btSave.setToolTipText("Save(保存)配置"); + bCalc.setToolTipText("先Save(保存),再Calc(计算)"); + btCancel.setToolTipText("Cancel(取消)"); + + mainPanel.setLayout(new BorderLayout()); + mainPanel.add(toPanel,BorderLayout.NORTH); + mainPanel.add(centerPanel,BorderLayout.CENTER); + mainPanel.add(bottomPanel,BorderLayout.SOUTH); + + this.setModal(true); + this.setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE); + this.add(mainPanel); + //使配置窗口自动适应控件大小,防止部分控件无法显示 + this.pack(); + //居中显示配置窗口 + Dimension screensize=Toolkit.getDefaultToolkit().getScreenSize(); + this.setBounds(screensize.width/2-this.getWidth()/2,screensize.height/2-this.getHeight()/2,this.getWidth(),this.getHeight()); + } + //组件的事件响应 + private void initEvent() { + //取消按钮 + btCancel.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + ConfigDlg.this.dispose(); + } + }); + //保存按钮 + btSave.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + Integer params_len = (Integer)spNum.getValue(); + Integer key_len = (Integer)spKey.getValue(); + Integer value_len = (Integer)spValue.getValue(); + Integer number_len = (Integer)spNumber.getValue(); + Integer fuzz_number = (Integer) spFuzzNumber.getValue(); + + Config.setParams_len(params_len); + Config.setKey_len(key_len); + Config.setValue_len(value_len); + Config.setNumber_len(number_len); + Config.setFuzz_number(fuzz_number); + + } + }); + //显示kb 先Save然后Calc + bCalc.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + byte[] bytes = Util.getRandomString(Config.getKey_len(), Config.getValue_len(), Config.getNumber_len()).getBytes(); + int kbNum = bytes.length; + String result = kbNum +""; + kbText.setText("(" + result+ "byte)"); + } + }); + //选择按钮 + bSelect.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + JFileChooser fileChooser = new JFileChooser(); + fileChooser.addChoosableFileFilter(new FileNameExtensionFilter("文本文件(*.txt)", "txt")); + int result = fileChooser.showOpenDialog(null); + if (result == fileChooser.APPROVE_OPTION) { + String filePath = fileChooser.getSelectedFile().getPath(); + Config.setFilePath(filePath); + } + } + }); + } + //为控件赋值 + public void initValue() { + spNum.setValue(Config.getParams_len()); + spKey.setValue(Config.getKey_len()); + spValue.setValue(Config.getValue_len()); + spNumber.setValue(Config.getNumber_len()); + spFuzzNumber.setValue(Config.getFuzz_number()); + filePathText.setText(Config.getFilePath()); + } +} + + + + + + + + + + + + + + + + diff --git a/src/main/java/burp/Menu.java b/src/main/java/burp/Menu.java new file mode 100644 index 0000000..465032b --- /dev/null +++ b/src/main/java/burp/Menu.java @@ -0,0 +1,90 @@ +package burp; + +import javax.swing.*; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +public class Menu implements IContextMenuFactory { + @Override + public List createMenuItems(IContextMenuInvocation invocation) { + List menuList = new ArrayList<>(); + + JMenu sqlSupMenu = new JMenu("sql-sup(辅助)"); + JMenuItem paramoVerflowMenu = new JMenuItem("参数溢出"); + JMenuItem garbageDataMenu = new JMenuItem("垃圾数据"); + JMenuItem config = new JMenuItem("设置"); + + sqlSupMenu.add(paramoVerflowMenu); + sqlSupMenu.add(garbageDataMenu); + sqlSupMenu.add(config); + + paramoVerflowMenu.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + IHttpRequestResponse iReqResp = invocation.getSelectedMessages()[0]; + byte[] request = new byte[0]; + try { + request = Util.paramoVerflowAction(iReqResp, Util.getSelect(invocation), Config.getParams_len()); + } catch (UnsupportedEncodingException ex) { + ex.printStackTrace(); + } + if (iReqResp != null) { + iReqResp.setRequest(request); + } + } + }); + + garbageDataMenu.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + IHttpRequestResponse iReqResp = invocation.getSelectedMessages()[0]; + byte[] request = new byte[0]; + try { + request = Util.garbageDataAction(iReqResp, Util.getSelect(invocation)); + } catch (UnsupportedEncodingException ex) { + ex.printStackTrace(); + } + if (iReqResp != null) { + iReqResp.setRequest(request); + } + } + }); + + config.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + ConfigDlg dlg = new ConfigDlg(); + BurpExtender.callbacks.customizeUiComponent(dlg); + dlg.setVisible(true); + } + }); + + menuList.add(sqlSupMenu); + return menuList; + } +} + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/main/java/burp/PayloadGenera.java b/src/main/java/burp/PayloadGenera.java new file mode 100644 index 0000000..a362b2b --- /dev/null +++ b/src/main/java/burp/PayloadGenera.java @@ -0,0 +1,60 @@ +package burp; + +import java.io.File; +import java.io.IOException; +import java.util.List; + +import static burp.Util.getFileContent; + +public class PayloadGenera implements IIntruderPayloadGeneratorFactory { + public static final byte[][] PAYLOADS = getPayloads(); + @Override + public String getGeneratorName() { + return "parameter fuzz"; + } + + @Override + public IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack) { + return new ParameterFuzz(); + } + + public static byte[][] getPayloads() { + File file = new File(Config.getFilePath()); + if (!file.exists()) { + try { + file = new File("parameter.txt"); + file.createNewFile(); + } catch (IOException e) { + e.printStackTrace(); + } + } + List parameterList = getFileContent(file); + List list2 = Util.permutation(parameterList, Config.getFuzz_number()); + byte[][] letter = new byte[list2.size()][]; + for (int i = 0; i < list2.size(); i++) { + letter[i] = list2.get(i).getBytes(); + } + return letter; + } + + + class ParameterFuzz implements IIntruderPayloadGenerator { + int payloadIndex; + @Override + public void reset() { + payloadIndex = 0; + } + + @Override + public boolean hasMorePayloads() { + return payloadIndex < PAYLOADS.length; + } + + @Override + public byte[] getNextPayload(byte[] baseValue) { + byte[] payloads = PAYLOADS[payloadIndex]; + payloadIndex++; + return payloads; + } + } +} diff --git a/src/main/java/burp/Util.java b/src/main/java/burp/Util.java new file mode 100644 index 0000000..23f0045 --- /dev/null +++ b/src/main/java/burp/Util.java @@ -0,0 +1,152 @@ +package burp; + +import java.io.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Random; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +public class Util { + //获取用户选择 + public static String getSelect(IContextMenuInvocation invocation) { + int start = invocation.getSelectionBounds()[0]; + int end = invocation.getSelectionBounds()[1]; + IHttpRequestResponse[] messages =invocation.getSelectedMessages(); + String select = new String(messages[0].getRequest()).substring(start, end); + return select; + } + //参数溢出 + public static byte[] paramoVerflowAction (IHttpRequestResponse requestResponse, String select, int paramslen) throws UnsupportedEncodingException { + //获取body + byte[] request = requestResponse.getRequest(); + IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(request); + int bodyOffset = requestInfo.getBodyOffset(); + int body_length = request.length - bodyOffset; + String body = new String(request, bodyOffset, body_length, "UTF-8"); + //获取header + List headers = BurpExtender.helpers.analyzeRequest(request).getHeaders(); + String oldStr = headers.get(0); + + //处理POST/GET选择 + byte[] bytes = new byte[]{}; + if (requestInfo.getMethod().equals("POST")) { + StringBuffer str = new StringBuffer(); + for (int i = 0; i < paramslen; i++) { + str.append("&"); + str.append(select); + } + //修改body部分 + String newBody = body.replaceFirst(select, select+str); + bytes = BurpExtender.helpers.buildHttpMessage(headers, newBody.getBytes()); + } else if (requestInfo.getMethod().equals("GET")) { + StringBuffer str = new StringBuffer(); + for (int i = 0; i < paramslen; i++) { + str.append("&"); + str.append(select); + } + String newStr = oldStr.replaceFirst(select,select+str); + headers.set(0, newStr); + bytes = BurpExtender.helpers.buildHttpMessage(headers, body.getBytes()); + } + + return bytes; + } + //垃圾数据 + public static byte[] garbageDataAction (IHttpRequestResponse requestResponse, String select) throws UnsupportedEncodingException { + //获取body + byte[] request = requestResponse.getRequest(); + IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(request); + int bodyOffset = requestInfo.getBodyOffset(); + int body_length = request.length - bodyOffset; + String body = new String(request, bodyOffset, body_length, "UTF-8"); + + //获取header + List headers = BurpExtender.helpers.analyzeRequest(request).getHeaders(); + String oldStr = headers.get(0); + + //处理请求 + byte[] bytes = new byte[]{}; + if (requestInfo.getMethod().equals("POST")) { + String newBody = body.replace(select, getRandomString(Config.getKey_len(), Config.getValue_len(), Config.getNumber_len())); + bytes = BurpExtender.helpers.buildHttpMessage(headers, newBody.getBytes()); + } else if (requestInfo.getMethod().equals("GET")) { + String newStr = oldStr.replaceFirst(select, getRandomString(Config.getKey_len(), Config.getValue_len(), Config.getNumber_len())); + headers.set(0, newStr); + bytes = BurpExtender.helpers.buildHttpMessage(headers, body.getBytes()); + } + return bytes; + } + //生成垃圾键值对数据 key参数长度,value数据长度, num键值对数量 + public static String getRandomString(int key, int value, int num){ + String str="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + Random random=new Random(); + + StringBuffer sb3=new StringBuffer(); + for (int j = 0; j < num; j++) { + + StringBuffer sb=new StringBuffer(); + for(int i=0;i