图片不用处理
String mimeInferred = helpers.analyzeResponse(messageInfo.getResponse()).getInferredMimeType();if ((mimeInferred.equalsIgnoreCase("JPEG"))|| (mimeInferred.equalsIgnoreCase("PNG"))|| (mimeInferred.equalsIgnoreCase("TIFF"))|| (mimeInferred.equalsIgnoreCase("GIF"))) {
扫描到结果上报到系统里(不常用:没必要到他系统里,有地方log下来即可)
callbacks.addScanIssue(new CustomScanIssue(messageInfo.getHttpService(),helpers.analyzeRequest(messageInfo).getUrl(),new IHttpRequestResponse[]{callbacks.applyMarkers(messageInfo, null, match)},"Information disclosure at ImageMagick at converter tool","The response contains sensitive internal server information","Medium"));}
respInfo.getStatusCode()中定义过滤没必要的处理的statusCode.
- helpers.indexOf(request,helpers.stringToBytes(“<@/“), true, 0, request.length) > -1 比较byte中是否存在某某。
toolFlag指示了发起请求或收到响应的Burp工具的ID(判断是在哪里,Repeater、Proxy、Scanner等)
调试发起Request请求
IHttpRequestResponse resp = callbacks.makeHttpRequest(messageInfo.getHttpService(), helpers.buildHttpMessage(reqInfo.getHeaders(), bodyss));
避免重复死循环发起请求
if (toolFlag == 4) { // 避免循环}
Java并发使用executor.submit (具体再细看看)
executor.submit(() -> autoRepeater.modifyAndSendRequestAndLog(toolFlag,messageInfo));
若有收获,就点个赞吧
0 人点赞
