Merge pull request #12 from Chave0v0/dev

修复已知bug

Author: Chave0v0

src/main/java/burp/api/montoya/core/ToolType.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Community Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+
+package burp.api.montoya.core;
+
+/**
+ * Tools in Burp Suite.
+ */
+public enum ToolType
+{
+    SUITE("Suite"),
+    TARGET("Target"),
+    PROXY("Proxy"),
+    SCANNER("Scanner"),
+    INTRUDER("Intruder"),
+    REPEATER("Repeater"),
+    LOGGER("Logger"),
+    SEQUENCER("Sequencer"),
+    DECODER("Decoder"),
+    COMPARER("Comparer"),
+    EXTENSIONS("Extensions"),
+    RECORDED_LOGIN_REPLAYER("Recorded login replayer"),
+    ORGANIZER("Organizer");
+
+    private final String toolName;
+
+    ToolType(String toolName)
+    {
+        this.toolName = toolName;
+    }
+
+    /**
+     * @return The tool name.
+     */
+    public String toolName()
+    {
+        return toolName;
+    }
+
+    /**
+     * @return The tool name.
+     */
+    @Override
+    public String toString()
+    {
+        return toolName;
+    }
+}

src/main/java/com/chave/Main.java

@@ -8,7 +8,6 @@
 import com.chave.editor.ResponseEditor;
 import com.chave.handler.APIHighLighterHandler;
 import com.chave.ui.MainUI;
-
 import java.io.*;
 
 public class Main implements BurpExtension {
@@ -22,7 +21,7 @@ public void initialize(MontoyaApi montoyaApi) {
         Logging log = API.logging();
 
         API.extension().setName("API Highlighter");
-        log.logToOutput("API Highlighter v2.1.0\n\n" +
+        log.logToOutput("API Highlighter v2.1.1\n\n" +
                 "Rebuild: Chave\n" +
                 "GitHub: https://github.com/Chave0v0/API-Highlighter\n");
 

src/main/java/com/chave/editor/RequestEditor.java

@@ -10,13 +10,13 @@
 import com.chave.config.SensitiveInfoConfig;
 import com.chave.service.SensitiveInfoMatchService;
 import com.chave.utils.Util;
-
 import javax.swing.*;
 import javax.swing.table.DefaultTableCellRenderer;
 import javax.swing.table.DefaultTableModel;
 import javax.swing.table.JTableHeader;
 import javax.swing.table.TableCellRenderer;
 import java.awt.*;
+import java.lang.reflect.InvocationTargetException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Set;
@@ -48,6 +48,12 @@ public void setRequestResponse(HttpRequestResponse requestResponse) {
         @Override
         public boolean isEnabledFor(HttpRequestResponse requestResponse) {
             HttpRequest request = requestResponse.request();
+
+            // 防止空指针
+            if (request == null) {
+                return false;
+            }
+
             try {
                 HashMap apiMatchResult = Util.getAPIMatchResult(request);
                 boolean isMatched = (boolean) apiMatchResult.get("isMatched");
@@ -60,6 +66,8 @@ public boolean isEnabledFor(HttpRequestResponse requestResponse) {
                 } else {
                     return false;
                 }
+            } catch (InvocationTargetException invocationTargetException) {
+                // 预期内异常
             } catch (Exception e) {
                 Main.API.logging().logToError(e);
             }

src/main/java/com/chave/editor/ResponseEditor.java

@@ -9,13 +9,13 @@
 import com.chave.config.SensitiveInfoConfig;
 import com.chave.service.SensitiveInfoMatchService;
 import com.chave.utils.Util;
-
 import javax.swing.*;
 import javax.swing.table.DefaultTableCellRenderer;
 import javax.swing.table.DefaultTableModel;
 import javax.swing.table.JTableHeader;
 import javax.swing.table.TableCellRenderer;
 import java.awt.*;
+import java.lang.reflect.InvocationTargetException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Set;
@@ -49,6 +49,12 @@ public void setRequestResponse(HttpRequestResponse requestResponse) {
         public boolean isEnabledFor(HttpRequestResponse requestResponse) {
             HttpResponse response = requestResponse.response();
             HttpRequest request = requestResponse.request();
+
+            // 防止空指针
+            if (response == null || request == null) {
+                return false;
+            }
+
             try {
                 HashMap apiMatchResult = Util.getAPIMatchResult(request);
                 boolean isMatched = (boolean) apiMatchResult.get("isMatched");
@@ -61,9 +67,10 @@ public boolean isEnabledFor(HttpRequestResponse requestResponse) {
                 } else {
                     return false;
                 }
+            } catch (InvocationTargetException invocationTargetException) {
+                // 预期内异常
             } catch (Exception e) {
                 Main.API.logging().logToError(e);
-                return false;
             }
             return false;
         }

src/main/java/com/chave/handler/APIHighLighterHandler.java

@@ -1,5 +1,6 @@
 package com.chave.handler;
 
+import burp.api.montoya.core.ToolType;
 import burp.api.montoya.http.handler.*;
 import burp.api.montoya.http.message.requests.HttpRequest;
 import burp.api.montoya.logging.Logging;
@@ -26,43 +27,43 @@ public APIHighLighterHandler() {
     @Override
     public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent requestToBeSent) {
         try {
-            HashMap apiMatchResult = Util.getAPIMatchResult(requestToBeSent);
-            boolean isMatched = (boolean) apiMatchResult.get("isMatched");
-            APIItem matchedItem = (APIItem) apiMatchResult.get("api");
-
-            if (isMatched) {
-                // 添加到arraylist中 为了检查对应response
-                if (messageIdList.get(requestToBeSent.messageId()) == null) {
-                    messageIdList.put(requestToBeSent.messageId(), requestToBeSent);
-                }
-
-                // 对匹配到的接口进行标记
-                Util.setAPIFound(matchedItem.getPath(), requestToBeSent);
-
-                // 匹配到进行高亮处理
-                Util.setHighlightColor(requestToBeSent, Color.YELLOW);
-
-                if (SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
-                    // 只对匹配到的接口进行敏感信息检查
-                    HashMap sensitiveInfoMatchResult = sensitiveInfoMatchService.sensitiveInfoMatch(requestToBeSent);
-                    if (!sensitiveInfoMatchResult.isEmpty()) {
-                        // 对history进行红色高亮处理
-                        Util.setHighlightColor(requestToBeSent, Color.ORANGE);
-
-                        // 标记result 存在敏感信息
-                        Util.setAPIResult(APIConfig.SENSITIVE_INFO_RESULT, matchedItem.getPath(), requestToBeSent);
-
+            // 只监听来自proxy与repeter的流量 减小检测量
+            if (requestToBeSent.toolSource().isFromTool(ToolType.PROXY) || requestToBeSent.toolSource().isFromTool(ToolType.REPEATER)) {
+                HashMap apiMatchResult = Util.getAPIMatchResult(requestToBeSent);
+                boolean isMatched = (boolean) apiMatchResult.get("isMatched");
+                APIItem matchedItem = (APIItem) apiMatchResult.get("api");
+
+                if (isMatched) {
+                    // 添加到arraylist中 为了检查对应response
+                    if (messageIdList.get(requestToBeSent.messageId()) == null) {
+                        messageIdList.put(requestToBeSent.messageId(), requestToBeSent);
                     }
-                }
 
+                    // 对匹配到的接口进行标记
+                    Util.setAPIFound(matchedItem.getPath(), requestToBeSent);
+
+                    // 匹配到进行高亮处理
+                    Util.setHighlightColor(requestToBeSent, Color.YELLOW);
+
+                    if (SensitiveInfoConfig.IS_CHECK_SENSITIVE_INFO) {
+                        // 只对匹配到的接口进行敏感信息检查
+                        HashMap sensitiveInfoMatchResult = sensitiveInfoMatchService.sensitiveInfoMatch(requestToBeSent);
+                        if (!sensitiveInfoMatchResult.isEmpty()) {
+                            // 对history进行红色高亮处理
+                            Util.setHighlightColor(requestToBeSent, Color.ORANGE);
+                            // 标记result 存在敏感信息
+                            Util.setAPIResult(APIConfig.SENSITIVE_INFO_RESULT, matchedItem.getPath(), requestToBeSent);
+                        }
+                    }
 
-                // 刷新列表
-                Util.flushAPIList(Main.UI.getHighlighterMainUI().getApiTable());
+                    // 刷新列表
+                    Util.flushAPIList(Main.UI.getHighlighterMainUI().getApiTable());
+                }
             }
-
         } catch (Exception e) {
             log.logToError("request handler异常");
         }
+
         return null;
     }
 

src/main/java/com/chave/service/APIMatchService.java

@@ -7,7 +7,6 @@
 import com.chave.config.UserConfig;
 import com.chave.pojo.APIItem;
 import com.chave.utils.Util;
-
 import java.util.HashMap;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -50,7 +49,7 @@ public HashMap<String, Object> exactMatch(HttpRequest request) {
                 }
             } else {
                 // 处理有 PathVariable 的情况
-                Pattern pattern = Pattern.compile("^" + Util.convertPathToRegex(apiItem.getPath()) + "$");
+                Pattern pattern = Pattern.compile("^" + Util.convertPathToRegex(apiItem.getPath()) + "$", Pattern.CASE_INSENSITIVE);
                 Matcher matcher = pattern.matcher(path);
                 if (isMatched = matcher.matches()) {
                     if (UserConfig.IS_CHECK_HTTP_METHOD && apiItem.getMethod() != null) {
@@ -95,14 +94,14 @@ public HashMap<String, Object> semiFuzzMatch(HttpRequest request) {
 
             try {
                 // 声明没有 PathVariable 情况下的正则
-                pattern = Pattern.compile("^(/[^/]+)?" + apiItem.getPath() + "(/.*)?$");
+                pattern = Pattern.compile("^(/[^/]+)?" + apiItem.getPath() + "(/.*)?$", Pattern.CASE_INSENSITIVE);
             } catch (Exception e) {
                 // 如果正则编译捕获异常,并且有"{",认为是有PathVariable的情况，重新生成正则。
                 if (apiItem.getPath().contains("{")) {
-                    pattern = Pattern.compile("^(/[^/]+)?" + Util.convertPathToRegex(apiItem.getPath()) + "(/.*)?$");
+                    pattern = Pattern.compile("^(/[^/]+)?" + Util.convertPathToRegex(apiItem.getPath()) + "(/.*)?$", Pattern.CASE_INSENSITIVE);
                 } else {
                     // 其他情况认为是预期外的异常，直接输出log
-                    log.logToError(e);
+                    log.logToError("半精确匹配出现异常" + e.getCause());
                 }
             }
 
@@ -146,9 +145,9 @@ public HashMap<String, Object> fuzzMatch(HttpRequest request) {
             }
 
             if (UserConfig.IS_ANALYZE_PATHVARIABLE) {
-                pattern = Pattern.compile(".*" + Util.convertPathToRegex(apiItem.getPath()) + ".*");
+                pattern = Pattern.compile(".*" + Util.convertPathToRegex(apiItem.getPath()) + ".*", Pattern.CASE_INSENSITIVE);
             } else {
-                pattern = Pattern.compile(".*" + Pattern.quote(apiItem.getPath()) + ".*");
+                pattern = Pattern.compile(".*" + Pattern.quote(apiItem.getPath()) + ".*", Pattern.CASE_INSENSITIVE);
             }
 
 

src/main/java/com/chave/ui/HighlighterMainUI.java

@@ -213,15 +213,15 @@ public void actionPerformed(ActionEvent e) {
                         try {
                             APIItem item;
                             if (method == null) {
-                                item = new APIItem(path.toLowerCase());
+                                item = new APIItem(path);
                             } else {
-                                item = new APIItem(method.toUpperCase(), path.toLowerCase());
+                                item = new APIItem(method.toUpperCase(), path);
                             }
                             if (!Util.checkAPIItemExist(item)) {
                                 APIConfig.TARGET_API.add(item);
                             }
                         } catch (Exception exception) {
-                            log.logToError(exception);
+                            log.logToError("导入api出现异常" + exception.getCause());
                             continue;
                         }
 
@@ -232,7 +232,7 @@ public void actionPerformed(ActionEvent e) {
                         }
 
                         try {
-                            APIItem item = new APIItem(line.trim().toLowerCase());
+                            APIItem item = new APIItem(line.trim());
                             if (!Util.checkAPIItemExist(item)) {
                                 APIConfig.TARGET_API.add(item);
                             }
@@ -250,7 +250,7 @@ public void actionPerformed(ActionEvent e) {
                     userInputTextArea.setText("");
                     Util.flushAPIList(apiTable);
                 } catch (Exception exception) {
-                    System.out.println(exception);
+                    log.logToError("导入api后刷新异常" + exception.getCause());
                 }
 
             }

src/main/java/com/chave/utils/Util.java

@@ -12,7 +12,6 @@
 import com.chave.service.APIMatchService;
 import org.yaml.snakeyaml.DumperOptions;
 import org.yaml.snakeyaml.Yaml;
-
 import javax.swing.*;
 import javax.swing.table.DefaultTableModel;
 import java.io.*;