BurpSuite获取req和resp数据

  1. package burp;
  2. import java.io.PrintWriter;
  3. import java.util.ArrayList;
  4. import java.util.Arrays;
  5. import java.util.List;
  7. public class BurpExtender implements IBurpExtender, IHttpListener,
  8.         IProxyListener, IScannerListener, IExtensionStateListener
  9. {
  10.     private IBurpExtenderCallbacks callbacks;
  11.     private PrintWriter stdout;
  12.     private IExtensionHelpers helpers;
  13.     //
  14.     // implement IBurpExtender
  15.     //
  17.     @Override
  18.     public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
  19.     {
  20.         // keep a reference to our callbacks object
  21.         this.callbacks = callbacks;
  22.         helpers = callbacks.getHelpers();
  23.         // set our extension name
  24.         callbacks.setExtensionName("VulnScan(20181121001)");
  26.         // obtain our output stream
  27.         stdout = new PrintWriter(callbacks.getStdout(), true);
  29.         // register ourselves as an HTTP listener
  30.         callbacks.registerHttpListener(this);
  32.         // register ourselves as a Proxy listener
  33. //        callbacks.registerProxyListener(this);
  35.         // register ourselves as a Scanner listener
  36. //        callbacks.registerScannerListener(this);
  38.         // register ourselves as an extension state listener
  39. //        callbacks.registerExtensionStateListener(this);
  40.     }
  42.     @Override
  43.     public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo)
  44.     {
  45. if (messageIsRequest){
  46.     //此时response为空.
  47.     IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
  48.     List<String> headers = reqInfo.getHeaders();
  49.     String hostname = messageInfo.getHttpService().getHost();
  50.     int port = messageInfo.getHttpService().getPort();
  51.     byte[] body = Arrays.copyOfRange(
  52.             messageInfo.getRequest(),
  53.             reqInfo.getBodyOffset(),
  54.             messageInfo.getRequest().length);
  55.     String s = new String(body);
  56. //    stdout.println("requests----------");
  57. //    stdout.println(reqInfo.getUrl());
  58. //    stdout.println(reqInfo.getMethod());
  59. //    stdout.println("hostname:" + hostname);
  60. //    stdout.println("headers:" + headers);
  61. //    stdout.println("body:" + s);
  62. }else{
  63.     //response
  64.     byte[] responseBytes = messageInfo.getResponse();
  65.     IResponseInfo respInfo = helpers.analyzeResponse(responseBytes);
  66.     List<String> headers = respInfo.getHeaders();
  67.     IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
  68.     String hostname = messageInfo.getHttpService().getHost();
  69.     String myurl = reqInfo.getUrl().toString();
  70.     stdout.println(reqInfo.getUrl());
  71.     if (!hostname.equals("clients4.google.com") && myurl.indexOf("")){
  72.         stdout.println("response----------");
  73.         stdout.println(reqInfo.getUrl());
  74.         stdout.println(hostname);
  75.         String s = new String(responseBytes);
  76.         stdout.println(s);
  77.         byte[] body = Arrays.copyOfRange(
  78.                 messageInfo.getResponse(),
  79.                 respInfo.getBodyOffset(),
  80.                 messageInfo.getResponse().length);
  81.         String ss = new String(body);
  82.         stdout.println("body:" + ss);
  83.     }
  85. //    stdout.println("headers:" + headers);
  89.     // header or something
  91.     //stdout.println(messageInfo.getResponse());
  92. }
  93. //        stdout.println(messageInfo.getRequest());
  94. //        stdout.println(messageInfo.getResponse());
  95. //        stdout.println(messageInfo.getHttpService());
  96. //        stdout.println(
  97. //                (messageIsRequest ? "HTTP request to " : "HTTP response from ") +
  98. //                        messageInfo.getHttpService() +
  99. //                        " [" + callbacks.getToolName(toolFlag) + "]");
  100.     }
  102.     //
  103.     // implement IProxyListener
  104.     //
  106.     @Override
  107.     public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message)
  108.     {
  109.         stdout.println(
  110.                 (messageIsRequest ? "Proxy request to " : "Proxy response from ") +
  111.                         message.getMessageInfo().getHttpService());
  112.     }
  114.     //
  115.     // implement IScannerListener
  116.     //
  118.     @Override
  119.     public void newScanIssue(IScanIssue issue)
  120.     {
  121.         stdout.println("New scan issue: " + issue.getIssueName());
  122.     }
  124.     //
  125.     // implement IExtensionStateListener
  126.     //
  128.     @Override
  129.     public void extensionUnloaded()
  130.     {
  131.         stdout.println("Extension was unloaded");
  132.     }
  133. }
  1. BurpSuite获取reqresp数据
  2. package burp;
  3. import java.io.PrintWriter;
  4. import java.util.ArrayList;
  5. import java.util.Arrays;
  6. import java.util.List;
  7. public class BurpExtender implements IBurpExtender, IHttpListener,
  8.         IProxyListener, IScannerListener, IExtensionStateListener
  9. {
  10.     private IBurpExtenderCallbacks callbacks;
  11.     private PrintWriter stdout;
  12.     private IExtensionHelpers helpers;
  13.     //
  14.     // implement IBurpExtender
  15.     //
  16.     @Override
  17.     public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
  18.     {
  19.         // keep a reference to our callbacks object
  20.         this.callbacks = callbacks;
  21.         helpers = callbacks.getHelpers();
  22.         // set our extension name
  23.         callbacks.setExtensionName("VulnScan(20181121001)");
  24.         // obtain our output stream
  25.         stdout = new PrintWriter(callbacks.getStdout(), true);
  26.         // register ourselves as an HTTP listener
  27.         callbacks.registerHttpListener(this);
  28.         // register ourselves as a Proxy listener
  29. //        callbacks.registerProxyListener(this);
  30.         // register ourselves as a Scanner listener
  31. //        callbacks.registerScannerListener(this);
  32.         // register ourselves as an extension state listener
  33. //        callbacks.registerExtensionStateListener(this);
  34.     }
  35.     @Override
  36.     public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo)
  37.     {
  38. if (messageIsRequest){
  39.     //此时response为空.
  40.     IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
  41.     List<String> headers = reqInfo.getHeaders();
  42.     String hostname = messageInfo.getHttpService().getHost();
  43.     int port = messageInfo.getHttpService().getPort();
  44.     byte[] body = Arrays.copyOfRange(
  45.             messageInfo.getRequest(),
  46.             reqInfo.getBodyOffset(),
  47.             messageInfo.getRequest().length);
  48.     String s = new String(body);
  49. //    stdout.println("requests----------");
  50. //    stdout.println(reqInfo.getUrl());
  51. //    stdout.println(reqInfo.getMethod());
  52. //    stdout.println("hostname:" + hostname);
  53. //    stdout.println("headers:" + headers);
  54. //    stdout.println("body:" + s);
  55. }else{
  56.     //response
  57.     byte[] responseBytes = messageInfo.getResponse();
  58.     IResponseInfo respInfo = helpers.analyzeResponse(responseBytes);
  59.     List<String> headers = respInfo.getHeaders();
  60.     IRequestInfo reqInfo = helpers.analyzeRequest(messageInfo);
  61.     String hostname = messageInfo.getHttpService().getHost();
  62.     String myurl = reqInfo.getUrl().toString();
  63.     stdout.println(reqInfo.getUrl());
  64.     if (!hostname.equals("clients4.google.com") && myurl.indexOf("")){
  65.         stdout.println("response----------");
  66.         stdout.println(reqInfo.getUrl());
  67.         stdout.println(hostname);
  68.         String s = new String(responseBytes);
  69.         stdout.println(s);
  70.         byte[] body = Arrays.copyOfRange(
  71.                 messageInfo.getResponse(),
  72.                 respInfo.getBodyOffset(),
  73.                 messageInfo.getResponse().length);
  74.         String ss = new String(body);
  75.         stdout.println("body:" + ss);
  76.     }
  77. //    stdout.println("headers:" + headers);
  78.     // header or something
  79.     //stdout.println(messageInfo.getResponse());
  80. }
  81. //        stdout.println(messageInfo.getRequest());
  82. //        stdout.println(messageInfo.getResponse());
  83. //        stdout.println(messageInfo.getHttpService());
  84. //        stdout.println(
  85. //                (messageIsRequest ? "HTTP request to " : "HTTP response from ") +
  86. //                        messageInfo.getHttpService() +
  87. //                        " [" + callbacks.getToolName(toolFlag) + "]");
  88.     }
  89.     //
  90.     // implement IProxyListener
  91.     //
  92.     @Override
  93.     public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message)
  94.     {
  95.         stdout.println(
  96.                 (messageIsRequest ? "Proxy request to " : "Proxy response from ") +
  97.                         message.getMessageInfo().getHttpService());
  98.     }
  99.     //
  100.     // implement IScannerListener
  101.     //
  102.     @Override
  103.     public void newScanIssue(IScanIssue issue)
  104.     {
  105.         stdout.println("New scan issue: " + issue.getIssueName());
  106.     }
  107.     //
  108.     // implement IExtensionStateListener
  109.     //
  110.     @Override
  111.     public void extensionUnloaded()
  112.     {
  113.         stdout.println("Extension was unloaded");
  114.     }
  115. }

参考代码