From 6e5e6c4912a972dc91a8495bb2918f791d6bf07c Mon Sep 17 00:00:00 2001
From: xm17 <27048404+kN6jq@users.noreply.github.com>
Date: Thu, 18 Jul 2024 11:03:24 +0800
Subject: [PATCH] fix
---
pom.xml | 6 ++----
src/main/java/burp/ui/RouteUI.java | 7 +++----
src/main/java/burp/ui/SocksUI.java | 4 ++--
src/main/java/burp/ui/SqlUI.java | 9 ++++-----
src/main/java/burp/utils/Utils.java | 13 +++----------
5 files changed, 14 insertions(+), 25 deletions(-)
diff --git a/pom.xml b/pom.xml
index 0316ffd..ece93ef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
org.xm17
gatherBurp
- 1.1.0-SNAPSHOT
+ 1.1.1-SNAPSHOT
jar
gatherBurp
@@ -39,14 +39,12 @@
sqlite-jdbc
3.43.2.2
-
com.alibaba
fastjson
1.2.83
-
net.portswigger.burp.extender
burp-extender-api
@@ -60,7 +58,7 @@
cn.hutool
hutool-core
- 5.8.16
+ 5.8.28
diff --git a/src/main/java/burp/ui/RouteUI.java b/src/main/java/burp/ui/RouteUI.java
index 9a0e13a..ba3494c 100644
--- a/src/main/java/burp/ui/RouteUI.java
+++ b/src/main/java/burp/ui/RouteUI.java
@@ -2,7 +2,6 @@
import burp.*;
import burp.bean.RouteBean;
-import burp.dao.RouteDao;
import burp.utils.CustomScanIssue;
import burp.utils.ExpressionUtils;
import burp.utils.Utils;
@@ -14,13 +13,12 @@
import java.awt.event.ActionEvent;
import java.net.MalformedURLException;
import java.net.URL;
-import java.util.*;
import java.util.List;
+import java.util.*;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import static burp.dao.RouteDao.*;
-import static burp.utils.Utils.getSuffix;
/**
* @Author Xm17
@@ -89,7 +87,7 @@ public void init() {
// 获取payload
- List routeList = getRouteLists();
+ routeList = getRouteLists();
setupUI();
setupData();
@@ -208,6 +206,7 @@ public void actionPerformed(ActionEvent e) {
RouteBean routeBean1 = routeLists.get(i);
routelog.add(new RouteEntry(i, routeBean1.getEnable(), routeBean1.getName(), routeBean1.getPath(), routeBean1.getExpress()));
}
+ routeList = getRouteLists();
ruleTable.updateUI();
}
});
diff --git a/src/main/java/burp/ui/SocksUI.java b/src/main/java/burp/ui/SocksUI.java
index b2ca21e..26cc6f0 100644
--- a/src/main/java/burp/ui/SocksUI.java
+++ b/src/main/java/burp/ui/SocksUI.java
@@ -88,7 +88,7 @@ public void writeIpPortSettings(IBurpExtenderCallbacks callbacks,String ip,Strin
try{
- String jsonStr = FileUtil.readString(Utils.SocksConfigFile("socks.json"), "utf-8");
+ String jsonStr = FileUtil.readString(Utils.SocksConfigFile("socks.json"),"utf-8");
JSONObject jsonObject = JSON.parseObject(jsonStr);
boolean dns_over_socks_update = jsonObject.getBoolean("dns_over_socks");
boolean use_user_options_update = jsonObject.getBoolean("use_user_options");
@@ -144,7 +144,7 @@ public void writeIpPortSettings(IBurpExtenderCallbacks callbacks,String ip,Strin
public void isEnableSettings(IBurpExtenderCallbacks callbacks,boolean enable) {
try{
- String jsonStr = FileUtil.readString(Utils.SocksConfigFile("socks.json"), "utf-8");
+ String jsonStr = FileUtil.readString(Utils.SocksConfigFile("socks.json"),"utf-8");
JSONObject jsonObject = JSON.parseObject(jsonStr);
boolean dns_over_socks_update = jsonObject.getBoolean("dns_over_socks");
boolean use_user_options_update = jsonObject.getBoolean("use_user_options");
diff --git a/src/main/java/burp/ui/SqlUI.java b/src/main/java/burp/ui/SqlUI.java
index d2d1f70..f4e18df 100644
--- a/src/main/java/burp/ui/SqlUI.java
+++ b/src/main/java/burp/ui/SqlUI.java
@@ -27,7 +27,6 @@
import static burp.IParameter.*;
import static burp.dao.SqlDao.*;
-import static burp.utils.Utils.getSuffix;
/**
* @Author Xm17
@@ -195,11 +194,11 @@ public static void Check(IHttpRequestResponse[] responses, boolean isSend) {
checkedDoubleQuote.getResponse().length != checkedTripleQuote.getResponse().length &&
checkedSingleQuote.getResponse().length != checkedTripleQuote.getResponse().length) {
if (formattedScore2 == formattedScore4 && (formattedScore2 != formattedScore3 || formattedScore3 != formattedScore4)) {
- addToVulStr(logid, "参数" + paraName + "存在盲注");
+ addToVulStr(logid, "参数" + paraName + "可能存在盲注");
IScanIssue issues = null;
try {
issues = new CustomScanIssue(checkedDoubleQuote.getHttpService(), new URL(url), new IHttpRequestResponse[]{checkedDoubleQuote},
- "SqlInject Blind", "SqlInject 发现盲注",
+ "SqlInject Blind", "SqlInject 发现可能存在盲注",
"High", "Certain");
Utils.callbacks.addScanIssue(issues);
} catch (MalformedURLException e) {
@@ -316,11 +315,11 @@ public static void Check(IHttpRequestResponse[] responses, boolean isSend) {
double formattedScore4 = Double.parseDouble(String.format("%.2f", score4));
if (formattedScore2 == formattedScore4 && (formattedScore2 != formattedScore3 || formattedScore3 != formattedScore4)) {
- addToVulStr(logid, "参数" + paraName + "存在盲注");
+ addToVulStr(logid, "参数" + paraName + "可能存在盲注");
IScanIssue issues = null;
try {
issues = new CustomScanIssue(checkedJsonDoubleQuote.getHttpService(), new URL(url), new IHttpRequestResponse[]{checkedJsonDoubleQuote},
- "SqlInject Blind", "SqlInject 发现盲注",
+ "SqlInject Blind", "SqlInject 发现可能存在盲注",
"High", "Certain");
Utils.callbacks.addScanIssue(issues);
} catch (MalformedURLException e) {
diff --git a/src/main/java/burp/utils/Utils.java b/src/main/java/burp/utils/Utils.java
index c8c9ba2..a9382fc 100644
--- a/src/main/java/burp/utils/Utils.java
+++ b/src/main/java/burp/utils/Utils.java
@@ -5,11 +5,10 @@
import burp.IHttpRequestResponse;
import cn.hutool.core.io.FileUtil;
-import java.io.File;
-import java.io.IOException;
-import java.io.PrintWriter;
+import java.io.*;
import java.net.URL;
import java.net.URLEncoder;
+import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@@ -25,7 +24,7 @@ public class Utils {
public static PrintWriter stdout;
public static PrintWriter stderr;
public static String name = "GatherBurp";
- public static String version = "1.1.0";
+ public static String version = "1.1.1";
public static String author = "Xm17";
public static String workdir = System.getProperty("user.home") + "/.gather/";
public static boolean isSelect = false;
@@ -216,12 +215,6 @@ public static List getSuffix() {
return suffix;
}
-
- // 返回当前时间戳
- public static String getTimeNow() {
- return String.valueOf(System.currentTimeMillis() / 1000);
- }
-
// 替换字符串中的特殊字符
public static String ReplaceChar(String input) {
// 使用正则表达式替换特殊字符