From 93e14256422111d24777ca5a0a4e873995d18ce2 Mon Sep 17 00:00:00 2001 From: vankyver Date: Mon, 15 Apr 2024 22:50:20 +0300 Subject: [PATCH] RELEASE-1.3 --- pom.xml | 7 +++-- src/main/java/burp/HttpClient.java | 28 +++++++++++++------ src/main/java/burp/gui/TabComponent.java | 6 +--- src/main/java/burp/gui/path/PathsTable.java | 2 +- src/main/java/burp/tasks/PathScanTask.java | 2 +- .../java/burp/tasks/SoftwareScanTask.java | 2 +- 6 files changed, 27 insertions(+), 20 deletions(-) diff --git a/pom.xml b/pom.xml index f3bf2ac..06bb015 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ burp-vulners-scanner burp-vulners-scanner - 1.2 + 1.3 UTF-8 @@ -37,12 +37,13 @@ org.jtwig jtwig-core - 5.85.3.RELEASE + 5.87.0.RELEASE + org.json json - 20160810 + 20231013 diff --git a/src/main/java/burp/HttpClient.java b/src/main/java/burp/HttpClient.java index 509fd51..1cdfdb8 100644 --- a/src/main/java/burp/HttpClient.java +++ b/src/main/java/burp/HttpClient.java @@ -8,8 +8,8 @@ public class HttpClient { - private static String VULNERS_API_HOST = "vulners.com"; - private static String VULNERS_API_PATH = "/api/v3/burp/"; + private static final String VULNERS_API_HOST = "vulners.com"; + private static final String VULNERS_API_PATH = "/api/v3/burp/"; private final IBurpExtenderCallbacks callbacks; private final IExtensionHelpers helpers; @@ -21,21 +21,31 @@ public class HttpClient { this.helpers = helpers; } + public JSONObject post(String action, Map params) { + return request("POST", action, params); + } + public JSONObject get(String action, Map params) { + return request("GET", action, params); + } + + public JSONObject request(String method, String action, Map params) { List headers = new ArrayList<>(); - headers.add("POST " + VULNERS_API_PATH + action + "/ HTTP/1.1"); + headers.add( method + " " + VULNERS_API_PATH + action + "/ HTTP/1.1"); headers.add("Host: " + VULNERS_API_HOST); - headers.add("User-Agent: vulners-burpscanner-v-1.2"); + headers.add("User-Agent: vulners-burpscanner-v-1.3"); headers.add("Content-type: application/json"); JSONObject jsonBody = new JSONObject(); - if (burpExtender.getApiKey() != null) { - jsonBody = jsonBody.put("apiKey", burpExtender.getApiKey()); - } + if (!method.equals("GET")) { + if (burpExtender.getApiKey() != null) { + jsonBody = jsonBody.put("apiKey", burpExtender.getApiKey()); + } - for (Map.Entry p: params.entrySet()) { - jsonBody = jsonBody.put(p.getKey(), p.getValue()); + for (Map.Entry p: params.entrySet()) { + jsonBody = jsonBody.put(p.getKey(), p.getValue()); + } } byte[] request = helpers.buildHttpMessage(headers, helpers.stringToBytes(jsonBody.toString())); diff --git a/src/main/java/burp/gui/TabComponent.java b/src/main/java/burp/gui/TabComponent.java index 8414832..a44dc37 100644 --- a/src/main/java/burp/gui/TabComponent.java +++ b/src/main/java/burp/gui/TabComponent.java @@ -7,23 +7,18 @@ import burp.gui.rules.RulesTableListener; import burp.gui.software.SoftwareTable; import burp.models.Domain; -import burp.models.Software; -import burp.models.Vulnerability; import com.intellij.uiDesigner.core.GridConstraints; import com.intellij.uiDesigner.core.GridLayoutManager; import com.intellij.uiDesigner.core.Spacer; import javax.swing.*; import java.awt.*; -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; import java.awt.event.MouseAdapter; import java.awt.event.MouseEvent; import java.io.IOException; import java.net.URI; import java.util.HashMap; import java.util.Map; -import java.util.Set; public class TabComponent { private JPanel rootPanel; @@ -148,6 +143,7 @@ public RulesTable getRulesTable() { } public void setAPIKey(String apiKey) { + System.out.println("Setting API key: " + apiKey); if (apiKey != null) { txtApi.setText(apiKey); } diff --git a/src/main/java/burp/gui/path/PathsTable.java b/src/main/java/burp/gui/path/PathsTable.java index 7598af3..2c4d407 100644 --- a/src/main/java/burp/gui/path/PathsTable.java +++ b/src/main/java/burp/gui/path/PathsTable.java @@ -15,7 +15,7 @@ public boolean isCellEditable(int row, int column) { } }; model.addColumn("Domain"); - model.addColumn("path"); + model.addColumn("Path"); model.addColumn("CVSS Score"); model.addColumn("Vulnerabilities"); diff --git a/src/main/java/burp/tasks/PathScanTask.java b/src/main/java/burp/tasks/PathScanTask.java index f727194..a7312ae 100644 --- a/src/main/java/burp/tasks/PathScanTask.java +++ b/src/main/java/burp/tasks/PathScanTask.java @@ -25,7 +25,7 @@ public PathScanTask(VulnersRequest vulnersRequest, HttpClient httpClient, Consum @Override public void run() { - JSONObject data = httpClient.get("path", new HashMap() {{ + JSONObject data = httpClient.post("path", new HashMap() {{ put("path", vulnersRequest.getPath()); }}); diff --git a/src/main/java/burp/tasks/SoftwareScanTask.java b/src/main/java/burp/tasks/SoftwareScanTask.java index e3e8b6b..55ec797 100644 --- a/src/main/java/burp/tasks/SoftwareScanTask.java +++ b/src/main/java/burp/tasks/SoftwareScanTask.java @@ -28,7 +28,7 @@ public void run() { Software software = vulnersRequest.getSoftware(); - JSONObject data = httpClient.get("software", new HashMap(){{ + JSONObject data = httpClient.post("software", new HashMap() {{ put("software", software.getAlias()); put("version", software.getVersion()); put("type", software.getMatchType());