能跑通的demo了

bit4woo · May 17, 2018 · eb8b000 · eb8b000
1 parent d85817c
commit eb8b000
Show file tree

Hide file tree

Showing 6 changed files with 205 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,3 @@
+/bin/
+.project
+.classpath
diff --git a/README.md b/README.md
@@ -1 +1,46 @@
 # burp_collaborator_http_api
+
+A burp extender that let you use burp collaborator server within http api
+一个让你可以通过http API调用burp的collaborator服务器的插件
+
+
+
+接口说明：
+
+生成payload：
+http://127.0.0.1:8000/generatePayload
+
+获取payload的记录：
+
+http://127.0.0.1:8000/fetchFor?payload=e0f34wndn15gs5xyisqzw8nwyn4ds2
+
+它可以接受的请求类型包括: http\https\DNS\SMTP\SMTPS\FTP；demo版本暂不区分，后续有空会继续优化，提供特定类型的查询和数据提取。
+
+简单的python调用举例：
+```
+# !/usr/bin/env python
+# -*- coding:utf-8 -*-
+__author__ = 'bit4'
+__github__ = 'https://github.com/bit4woo'
+
+import requests
+
+proxy = {"http": "http://127.0.0.1:8888", "https": "https://127.0.0.1:8888"}
+url = "http://127.0.0.1:8000/generatePayload"
+response = requests.get(url)
+payload = response.text
+print payload
+requests.get("http://{0}".format(payload))
+url = "http://127.0.0.1:8000/fetchFor?payload={0}".format(payload.split(".")[0])
+res = requests.get(url)
+print  res.content
+
+```
+
+部署说明：
+
+to do
+
+docker部署：
+
+to do
diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java
@@ -5,11 +5,11 @@
 public class BurpExtender extends Thread implements IBurpExtender, IExtensionStateListener
 {
 	public String ExtenderName = "Collaborator HTTP API";
-	public String github = "https://github.com/bit4woo/BCHA";
+	public String github = "https://github.com/bit4woo/burp_collaborator_http_api";
 	public IBurpCollaboratorClientContext ccc;
 	public IExtensionHelpers helpers;
 	public PrintWriter stdout;//用于输出，主要用于代码调试
-	public CHTTPServer httpserver;
+	public HTTPServer httpserver;
 
 	@Override
 	public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
@@ -21,7 +21,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
 		callbacks.registerExtensionStateListener(this);
 		ccc = callbacks.createBurpCollaboratorClientContext();
 		helpers = callbacks.getHelpers();
-		httpserver = new CHTTPServer(this);//!!!传递this对象，以便httpserver中可以调用它的方法和属性!!!!
+		httpserver = new HTTPServer(this);//!!!传递this对象，以便httpserver中可以调用它的方法和属性!!!!
 		//stdout.println(this);
 		httpserver.run();
 		start();

diff --git a/src/burp/CHTTPServer.java b/src/burp/CHTTPServer.java
@@ -41,11 +41,13 @@ public void exit() {
 
     public void run(){
 		server.createContext("/generatePayload", new generatePayload(this.ccc));
-		server.createContext("/fetchAllCollaboratorInteractions", new fetchAllCollaboratorInteractions(this.ccc));
-		server.createContext("/fetchCollaboratorInteractionsFor", new fetchCollaboratorInteractionsFor(this.ccc,this.helpers,this.stdout));
-		server.createContext("/fetchAllInfiltratorInteractions", new fetchAllInfiltratorInteractions(this.ccc));
-		server.createContext("/fetchInfiltratorInteractionsFor", new fetchInfiltratorInteractionsFor(this.ccc));
-		server.createContext("/getCollaboratorServerLocation", new getCollaboratorServerLocation(this.ccc));
+		//server.createContext("/fetchAllCollaboratorInteractions", new fetchAllCollaboratorInteractions(this.ccc));
+		//server.createContext("/fetchCollaboratorInteractionsFor", new fetchCollaboratorInteractionsFor(this.ccc,this.helpers,this.stdout));
+		server.createContext("/fetchFor", new fetchCollaboratorInteractionsFor(this.ccc,this.helpers,this.stdout));
+
+		//server.createContext("/fetchAllInfiltratorInteractions", new fetchAllInfiltratorInteractions(this.ccc));
+		//server.createContext("/fetchInfiltratorInteractionsFor", new fetchInfiltratorInteractionsFor(this.ccc));
+		//server.createContext("/getCollaboratorServerLocation", new getCollaboratorServerLocation(this.ccc));
 		ExecutorService httpThreadPool = Executors.newFixedThreadPool(10);//
 		server.setExecutor(httpThreadPool);
 		server.start();
@@ -99,14 +101,20 @@ public fetchCollaboratorInteractionsFor(IBurpCollaboratorClientContext ccc,IExte
         @Override
         public void handle(HttpExchange t) throws IOException {
         	//http://127.0.0.1:8000/fetchCollaboratorInteractionsFor?payload=xxxxx
+        	//http://127.0.0.1:8000/fetchFor?payload=xxxxx
         	Map<String, String> params = queryToMap(t.getRequestURI().getQuery()); 
         	String payload =  params.get("payload");
     		final List<IBurpCollaboratorInteraction> bci = ccc.fetchCollaboratorInteractionsFor(payload);
     		stdout.println(bci.size()+" record found:\n");
     		String response ="";
     		for (IBurpCollaboratorInteraction interaction : bci) {
     			final Map<String, String> props = interaction.getProperties();
-    			stdout.println(props);
+    			response = response + props.toString();
+    			stdout.println("------------------------");
+    			stdout.println(props.toString());
+    			stdout.print("\n");
+    			stdout.println(response);
+    			stdout.println("------------------------");
 
     			/*
     			for (final Map.Entry<String, String> entry : props.entrySet()) {
@@ -119,11 +127,9 @@ public void handle(HttpExchange t) throws IOException {
     					final byte[] buf = InetAddress.getByName(v).getAddress();
     				}
     			}*/
-    		} 
+    			}
             t.sendResponseHeaders(200, response.length());
             OutputStream os = t.getResponseBody();
-            stdout.println(response.getBytes().length);
-            stdout.println(response.getBytes().toString());
             os.write(response.getBytes());
             os.close();
         }

diff --git a/src/burp/CHTTPServerTest.java b/src/burp/CHTTPServerTest.java
@@ -4,6 +4,8 @@
 import java.io.OutputStream;
 import java.net.InetSocketAddress;
 import java.net.Socket;
+import java.util.HashMap;
+import java.util.Map;
 
 import com.sun.net.httpserver.HttpExchange;
 import com.sun.net.httpserver.HttpHandler;
@@ -20,7 +22,7 @@ public CHTTPServerTest(IBurpCollaboratorClientContext ccc,
 	}
 
     public static void main(String[] args) throws Exception {
-        HttpServer server = HttpServer.create(new InetSocketAddress(8000), 0);
+        HttpServer server = HttpServer.create(new InetSocketAddress(8001), 0);
         server.createContext("/getProperty", new getProperty());
 
         server.createContext("/generatePayload", new generatePayload());
@@ -54,10 +56,14 @@ static class generatePayload implements HttpHandler {
         @Override
         public void handle(HttpExchange t) throws IOException {
             String response = "This is the response";
+            System.out.println(response.getBytes().length);
+            System.out.println(response.getBytes().toString());
             t.sendResponseHeaders(200, response.length());
             OutputStream os = t.getResponseBody();
             os.write(response.getBytes());
             os.close();
+            System.out.println(response.getBytes().length);
+            System.out.println(response.getBytes().toString());
         }
     }
 
@@ -74,6 +80,8 @@ public void handle(HttpExchange t) throws IOException {
     static class fetchCollaboratorInteractionsFor implements HttpHandler {
         @Override
         public void handle(HttpExchange t) throws IOException {
+        	Map<String, String> params = queryToMap(t.getRequestURI().getQuery()); 
+        	String payload =  params.get("payload");
             String response = "This is the response";
             t.sendResponseHeaders(200, response.length());
             OutputStream os = t.getResponseBody();
@@ -111,6 +119,17 @@ public void handle(HttpExchange t) throws IOException {
             os.close();
         }
     }
-
+    public static Map<String, String> queryToMap(String query){
+        Map<String, String> result = new HashMap<String, String>();
+        for (String param : query.split("&")) {
+            String pair[] = param.split("=");
+            if (pair.length>1) {
+                result.put(pair[0], pair[1]);
+            }else{
+                result.put(pair[0], "");
+            }
+        }
+        return result;
+    }
 
 }
diff --git a/src/burp/HTTPServer.java b/src/burp/HTTPServer.java
@@ -0,0 +1,118 @@
+package burp;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.net.InetSocketAddress;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+import com.sun.net.httpserver.HttpExchange;
+import com.sun.net.httpserver.HttpHandler;
+import com.sun.net.httpserver.HttpServer;
+
+public class HTTPServer extends Thread{
+	private final IBurpCollaboratorClientContext ccc;
+	private final IExtensionHelpers helpers;
+	private final PrintWriter stdout;
+	private final BurpExtender BE;
+	HttpServer server;
+
+	public HTTPServer(BurpExtender BE) {
+		this.ccc = BE.ccc;
+		this.helpers = BE.helpers;
+		this.stdout = BE.stdout;
+		this.BE = BE;
+		try {
+			server = HttpServer.create(new InetSocketAddress(8000), 0);
+			String ip_port = server.getAddress().toString();
+			this.stdout.println("Http server started at "+ip_port);
+		} catch (IOException e) {
+			this.stdout.println(e);
+		}
+	}
+	public void exit() {
+		server.stop(0);
+		this.stdout.println("Http server stopped!");
+	}
+
+    public void run(){
+		server.createContext("/generatePayload", new generatePayload(this.ccc));
+    	//http://127.0.0.1:8000/fetchFor?payload=xxxxx
+		server.createContext("/fetchFor", new fetchCollaboratorInteractionsFor(this.BE));
+		ExecutorService httpThreadPool = Executors.newFixedThreadPool(10);//
+		server.setExecutor(httpThreadPool);
+		server.start();
+
+    }
+
+    static class generatePayload implements HttpHandler {
+    	private final IBurpCollaboratorClientContext ccc;
+
+    	public generatePayload(IBurpCollaboratorClientContext ccc) {
+    		this.ccc = ccc;
+    	}//python中的__init__()
+
+        @Override
+        public void handle(HttpExchange t) throws IOException {
+            String payload = ccc.generatePayload(true);
+            String response = payload;
+            t.sendResponseHeaders(200, response.length());
+            OutputStream os = t.getResponseBody();
+            os.write(response.getBytes());
+            os.close();
+        }
+    }
+
+    static class fetchCollaboratorInteractionsFor implements HttpHandler {
+    	private final IBurpCollaboratorClientContext ccc;
+    	private final IExtensionHelpers helpers;
+    	private final PrintWriter stdout;
+
+    	public fetchCollaboratorInteractionsFor(BurpExtender BE) {
+    		this.ccc = BE.ccc;
+    		this.helpers = BE.helpers;
+    		this.stdout = BE.stdout;
+    	}
+
+        @Override
+        public void handle(HttpExchange t) throws IOException {
+
+        	Map<String, String> params = queryToMap(t.getRequestURI().getQuery()); 
+        	String payload =  params.get("payload");
+    		final List<IBurpCollaboratorInteraction> bci = ccc.fetchCollaboratorInteractionsFor(payload);
+    		stdout.println(bci.size()+" record found:\n");
+    		String response ="";
+    		for (IBurpCollaboratorInteraction interaction : bci) {
+    			final Map<String, String> props = interaction.getProperties();
+    			response += props.toString();
+    			stdout.println(props);
+    			stdout.print("\n");
+
+    		}
+            //t.sendResponseHeaders(200, response.length());//长度如果不匹配，输出将没有内容；大概是时间中文编码导致的获取长度不一致。
+    		//https://docs.oracle.com/javase/7/docs/jre/api/net/httpserver/spec/com/sun/net/httpserver/HttpExchange.html
+            t.sendResponseHeaders(200,0);
+
+            OutputStream os = t.getResponseBody();
+            os.write(response.getBytes());
+            os.close();
+        }
+    }
+
+    public static Map<String, String> queryToMap(String query){
+        Map<String, String> result = new HashMap<String, String>();
+        for (String param : query.split("&")) {
+            String pair[] = param.split("=");
+            if (pair.length>1) {
+                result.put(pair[0], pair[1]);
+            }else{
+                result.put(pair[0], "");
+            }
+        }
+        return result;
+    }
+}