Burp插件开发(一)

从零开始开发Burp插件

/images/BurpExtender(1)/Untitled.png

在burp目录中新建java文件,以官方示例helloworld为例

/images/BurpExtender(1)/Untitled%201.png

E:\JavaWorkSpace\BurpApi>mkdir build

E:\JavaWorkSpace\BurpApi>javac -d build burp/*

E:\JavaWorkSpace\BurpApi>jar -cf hello.jar -C build burp //-cf createFile

E:\JavaWorkSpace\BurpApi>

/images/BurpExtender(1)/Untitled%202.png

0x01 helloWorld解析

第一步,新建入口类BurpExtender

/images/BurpExtender(1)/Untitled%203.png

alt+insert+重写方法

ctrl+O 重写方法

重写注册方法registerExtenderCallbacks

package burp;

import java.io.PrintWriter;

//BurpExtender 入口類 實現接口
public class BurpExtender implements IBurpExtender{
    //申明回調對象
    private IBurpExtenderCallbacks callbacks;
    //聲明輔助類-工具箱可以實現類型轉換
    private IExtensionHelpers helpers;
    //聲明輸出流-方便調試輸出
    private PrintWriter stdout;

    @Override
    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
        this.callbacks =callbacks; //定義回調對象
        this.helpers =callbacks.getHelpers(); //從回調對象中獲取helpers
        this.stdout =new PrintWriter(callbacks.getStdout(),true); //定義輸出流自動刷新

        callbacks.setExtensionName("new extend demo"); //設置插件名

        stdout.println("hello new extend"); //輸出字符串

    }
}

/images/BurpExtender(1)/Untitled%204.png

构建jar

/images/BurpExtender(1)/Untitled%205.png

/images/BurpExtender(1)/Untitled%206.png

/images/BurpExtender(1)/Untitled%207.png

/images/BurpExtender(1)/Untitled%208.png

构建基本配置

/images/BurpExtender(1)/Untitled%209.png

/images/BurpExtender(1)/Untitled%2010.png

/images/BurpExtender(1)/Untitled%2011.png

/images/BurpExtender(1)/Untitled%2012.png

/images/BurpExtender(1)/Untitled%2013.png

0x02 简单的插件编写

package burp;

import java.io.PrintWriter;
import java.sql.PseudoColumnUsage;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

//BurpExtender 入口類 實現接口
public class BurpExtender implements IBurpExtender,IHttpListener{
    //申明回調對象
    private IBurpExtenderCallbacks callbacks;
    //聲明輔助類-工具箱可以實現類型轉換
    private IExtensionHelpers helpers;
    //聲明輸出流-方便調試輸出
    private PrintWriter stdout;

    //正則樣本
    private final static byte[][][] regex ={
            {"qq".getBytes(),"qq:[1-9][0-9]{4,}".getBytes()},
            {"email".getBytes(),"[a-zA-Z_]{1,}[0-9]{0,}@(([a-zA-z0-9]-*){1,}\\.){1,3}[a-zA-z\\-]{1,}".getBytes()},
            {"phoneNum".getBytes(),"1[356789]\\d{9}".getBytes()}
    };

    @Override
    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
        this.callbacks =callbacks; //定義回調對象
        this.helpers =callbacks.getHelpers(); //從回調對象中獲取helpers
        this.stdout =new PrintWriter(callbacks.getStdout(),true); //定義輸出流自動刷新

        callbacks.setExtensionName("GetInfo"); //設置插件名
        stdout.println("new extend import"); //輸出字符串

        callbacks.registerHttpListener(this); //注冊監聽器
    }

    @Override
    public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
        //toolFlag從哪個工具組件傳輸過來的 messageIsRequest判斷是相應還是請求 messageInfo數據内對象

        if ((toolFlag == 4|toolFlag ==8) && !messageIsRequest){ //toolFlag 4 代理 8 spider messageIsRequest取反
            byte[] res =messageInfo.getResponse(); //從response中獲取數據包
            String resString = helpers.bytesToString(res); //helpers將bytes准換為字符串
            for(byte[][] reg:regex){
                String type = new String(reg[0]);
                String regex = new String(reg[1]);
                Pattern r = Pattern.compile(regex,Pattern.CASE_INSENSITIVE);
                Matcher m =r.matcher(resString);
                while (m.find()){
                    stdout.println(type+":"+m.group());
                }
            }
        } 
    }
}

/images/BurpExtender(1)/Untitled%2014.png

comments powered by Disqus