Skip to content

Commit

Permalink
[v1.1.0] support multi-threaded concurrency
Browse files Browse the repository at this point in the history
  • Loading branch information
@p0desta
p0desta committed Dec 4, 2021
1 parent d0a6f6e commit b117ba0
Show file tree
Hide file tree
Showing 11 changed files with 127 additions and 87 deletions.
4 changes: 1 addition & 3 deletions Bypass403/src/main/java/Main/Bypass.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,17 @@ public class Bypass {
final String length;
final IHttpRequestResponsePersisted requestResponse;
final URL url;
final long time;
final short status;
final String mimeType;
final String method;

public Bypass(String timestamp, String method , String length, IHttpRequestResponsePersisted requestResponse, URL url, short status, String mimeType, long time) {
public Bypass(String timestamp, String method , String length, IHttpRequestResponsePersisted requestResponse, URL url, short status, String mimeType) {

this.timestamp = timestamp;
this.method = method;
this.length = length;
this.requestResponse = requestResponse;
this.url = url;
this.time = time;
this.status = status;
this.mimeType = mimeType;
}
Expand Down
142 changes: 85 additions & 57 deletions Bypass403/src/main/java/Main/BypassMain.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,12 @@
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

public class BypassMain implements IContextMenuFactory {
// private static int thread_num = 5;

public List<BaseRequest> make_suffix(String prefix, String target) {
List<BaseRequest> baseRequestList = new ArrayList();
Map<String, String> headers = new HashMap();
Expand Down Expand Up @@ -165,13 +169,6 @@ public List<BaseRequest> make_payload(String path) {
allRequests.addAll(make_suffix(prefix, target));
}


// allRequests.addAll(make_suffix(prefix, target + "/"));
//
// allRequests.addAll(make_suffix(prefix, target));



// 对负一节点进行fuzz
if (paths.length > 1) {
suffix = paths[paths.length-1];
Expand Down Expand Up @@ -199,6 +196,70 @@ public List<BaseRequest> make_payload(String path) {
}


class Run_request implements Runnable {
private BaseRequest baseRequest;
private String old_path;
private String old_request;
private String old_method;
private IHttpRequestResponse iHttpRequestResponse;

public Run_request(BaseRequest baseRequest, String old_path, String old_request, String old_method,IHttpRequestResponse iHttpRequestResponse) {
this.baseRequest = baseRequest;
this.old_method = old_method;
this.old_path = old_path;
this.old_request = old_request;
this.iHttpRequestResponse = iHttpRequestResponse;
}

@Override
public void run() {

String method = baseRequest.method;
String path = baseRequest.path;
Map<String, String> headers = baseRequest.headers;
String new_request = "";

new_request = old_request.replaceFirst(old_path, path);
if (method == "GET") {
if (headers != null) {
new_request = old_request.replaceFirst(old_path, path);

for(Map.Entry<String, String> map: headers.entrySet()) {
String key = map.getKey();
String value = map.getValue();
new_request = new_request.replaceFirst("User-Agent: ", key + ": " + value + "\r\nUser-Agent: ");
}

}
} else if(method == "POST"){
if(old_method == "GET") {
new_request = old_request.replaceFirst("GET", "POST");
} else if (old_method == "POST") {
new_request = old_request.replaceFirst("POST", "GET");
}

} else if (method == "TRACE") {
if(old_method == "GET") {
new_request = old_request.replaceFirst("GET", "TRACE");
} else if (old_method == "POST") {
new_request = old_request.replaceFirst("POST", "TRACE");
}
}

try {
IHttpRequestResponse resRequestReponse = Utils.callbacks.makeHttpRequest(iHttpRequestResponse.getHttpService(), Utils.helpers.stringToBytes(new_request));
if (resRequestReponse != null) {
addLog(resRequestReponse, 0, 0, 0);
}


}catch(Throwable ee) {

}
}
}


@Override
public List<JMenuItem> createMenuItems(final IContextMenuInvocation invocation) {
List<JMenuItem> list;
Expand All @@ -209,63 +270,26 @@ public List<JMenuItem> createMenuItems(final IContextMenuInvocation invocation)

jMenuItem.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) {
IHttpRequestResponse iHttpRequestResponse = invocation.getSelectedMessages()[0];

String old_path = Utils.helpers.analyzeRequest(iHttpRequestResponse).getUrl().getPath();
String old_request = Utils.helpers.bytesToString(iHttpRequestResponse.getRequest());
String old_method = Utils.helpers.analyzeRequest(iHttpRequestResponse).getMethod();

new Thread(() -> {
IHttpRequestResponse iHttpRequestResponse = invocation.getSelectedMessages()[0];

String old_path = Utils.helpers.analyzeRequest(iHttpRequestResponse).getUrl().getPath();
String old_request = Utils.helpers.bytesToString(iHttpRequestResponse.getRequest());
String old_method = Utils.helpers.analyzeRequest(iHttpRequestResponse).getMethod();

List<BaseRequest> allRequests;
allRequests = make_payload(old_path);

for(BaseRequest baseRequest: allRequests) {
int thread_num = Utils.panel.getThreadNum();

String method = baseRequest.method;
String path = baseRequest.path;
Map<String, String> headers = baseRequest.headers;
String new_request = "";

new_request = old_request.replaceFirst(old_path, path);
if (method == "GET") {
if (headers != null) {
new_request = old_request.replaceFirst(old_path, path);

for(Map.Entry<String, String> map: headers.entrySet()) {
String key = map.getKey();
String value = map.getValue();
new_request = new_request.replaceFirst("User-Agent: ", key + ": " + value + "\r\nUser-Agent: ");
}

}
} else if(method == "POST"){
if(old_method == "GET") {
new_request = old_request.replaceFirst("GET", "POST");
} else if (old_method == "POST") {
new_request = old_request.replaceFirst("POST", "GET");
}

} else if (method == "TRACE") {
if(old_method == "GET") {
new_request = old_request.replaceFirst("GET", "TRACE");
} else if (old_method == "POST") {
new_request = old_request.replaceFirst("POST", "TRACE");
}
}

try {
IHttpRequestResponse resRequestReponse = Utils.callbacks.makeHttpRequest(iHttpRequestResponse.getHttpService(), Utils.helpers.stringToBytes(new_request));
if (resRequestReponse != null) {
addLog(resRequestReponse, 0, 0, 0);
}


}catch(Throwable ee) {

}

Utils.out("start thread, number: " + String.valueOf(thread_num) + " path: " + old_path);
ExecutorService es = Executors.newFixedThreadPool(thread_num);
for(BaseRequest baseRequest: allRequests) {
es.submit(new Run_request(baseRequest, old_path, old_request, old_method, iHttpRequestResponse));
}
es.shutdown();
}).start();

}
Expand All @@ -283,8 +307,12 @@ private void addLog(IHttpRequestResponse messageInfo, int toolFlag, long time, i
Utils.callbacks.saveBuffersToTempFiles(messageInfo),
Utils.helpers.analyzeRequest(messageInfo).getUrl(),
Utils.helpers.analyzeResponse(messageInfo.getResponse()).getStatusCode(),
Utils.helpers.analyzeResponse(messageInfo.getResponse()).getStatedMimeType(),
time));
Utils.helpers.analyzeResponse(messageInfo.getResponse()).getStatedMimeType()));
Utils.panel.getBypassTableModel().fireTableRowsInserted(row, row);
}


// public void setThread_num(int number) {
// thread_num = number;
// }
}
7 changes: 3 additions & 4 deletions Bypass403/src/main/java/Main/BypassTable.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,13 +42,12 @@ public class BypassTable extends JTable implements IMessageEditorController {
this.requestViewer = BurpExtender.callbacks.createMessageEditor(this, false);
this.responseViewer = BurpExtender.callbacks.createMessageEditor(this, false);
setAutoResizeMode(JTable.AUTO_RESIZE_ALL_COLUMNS);
getColumnModel().getColumn(0).setMinWidth(180);
getColumnModel().getColumn(0).setMinWidth(250);
getColumnModel().getColumn(1).setMinWidth(100);
getColumnModel().getColumn(2).setMinWidth(100);
getColumnModel().getColumn(3).setPreferredWidth(1000);
getColumnModel().getColumn(4).setMinWidth(80);
getColumnModel().getColumn(3).setPreferredWidth(1100);
getColumnModel().getColumn(4).setMinWidth(100);
getColumnModel().getColumn(5).setMinWidth(100);
getColumnModel().getColumn(6).setMinWidth(100);
setAutoCreateRowSorter(true);
}

Expand Down
8 changes: 1 addition & 7 deletions Bypass403/src/main/java/Main/BypassTableModel.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ public int getRowCount() {

public int getColumnCount() {

return 7;
return 6;
}

@Override
Expand All @@ -58,8 +58,6 @@ public String getColumnName(int columnIndex) {
case 4:
return "MIME Type";
case 5:
return "Timeout";
case 6:
return "HTTP Status";
default:
return "";
Expand All @@ -81,8 +79,6 @@ public Class<?> getColumnClass(int columnIndex) {
case 4:
return String.class;
case 5:
return Long.class;
case 6:
return Short.class;
default:
return Object.class;
Expand All @@ -105,8 +101,6 @@ public Object getValueAt(int rowIndex, int columnIndex) {
case 4:
return bypassEntry.mimeType;
case 5:
return bypassEntry.time;
case 6:
return bypassEntry.status;
default:
return "";
Expand Down
29 changes: 19 additions & 10 deletions Bypass403/src/main/java/Main/MainPanel.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,25 +2,20 @@

import burp.BurpExtender;
import burp.ITab;
import org.apache.commons.lang3.StringUtils;

import java.awt.Color;
import java.awt.Component;
import java.awt.FlowLayout;
import javax.swing.BorderFactory;
import javax.swing.BoxLayout;
import javax.swing.JButton;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.JTabbedPane;
import javax.swing.*;

/**
* Main display panel
*/
public class MainPanel extends JPanel implements ITab {

private BypassTableModel bypassTableModel;
private JTextField threadNumText;

public MainPanel() {

Expand All @@ -45,9 +40,14 @@ public MainPanel() {
splitPane.setRightComponent(tabs);

JPanel controlPanel = new JPanel(new FlowLayout(FlowLayout.LEFT));
//
// JLabel toolLabel = new JLabel("Tool: ");
// controlPanel.add(toolLabel);

JLabel toolLabel = new JLabel("Select tool: ");
controlPanel.add(toolLabel);
JLabel filterLabel = new JLabel("Thread Num:");
controlPanel.add(filterLabel);
threadNumText = new JTextField(10);
controlPanel.add(threadNumText);

JButton clearButton = new JButton("Clear");

Expand Down Expand Up @@ -75,6 +75,15 @@ public Component getUiComponent() {
return this;
}

public int getThreadNum() {

if(StringUtils.isBlank(threadNumText.getText())) {
return 5;
}

return Integer.parseInt(threadNumText.getText());
}

public BypassTableModel getBypassTableModel() {

return bypassTableModel;
Expand Down
6 changes: 3 additions & 3 deletions Bypass403/src/main/java/burp/BurpExtender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ public class BurpExtender implements IBurpExtender {
private IExtensionHelpers helpers;
public static IBurpExtenderCallbacks callbacks;
private MainPanel panel;
private String NAME = "bypass 403";
private String VERSION = "1.0.0";
private String NAME = "Bypass 403";
private String VERSION = "1.1.0";

public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
{
Expand All @@ -36,7 +36,7 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)

private void banner() {
this.stdout.println("===================================");
this.stdout.println(String.format("%s loader success", NAME));
this.stdout.println(String.format("%s loaded success", NAME));
this.stdout.println(String.format("version: %s", VERSION));
this.stdout.println("===================================");
}
Expand Down
18 changes: 15 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,33 @@
# AutoBypass403-BurpSuite
A burpsuite plugin help me automatic bypass 403.

## ChangeLog

#### 2021-12-04

* support multi-threaded concurrency

#### 2021-12-02

- First public release

## How to Run ##

1. Download Bypass.jar

2. Burpsuite Extender add Bypass.jar

![image-20211202220840462](README_picture/image-20211202220840462.png)
![image-20211204120709887](README_picture/image-20211204120709887.png)



3. Select the request, right click "send to bypass 403"

![image-20211202221317291](README_picture/image-20211202221317291.png)

4. Select the plug-in table and analyze the results
4. Select the plugin table and analyze the results

![image-20211202221443507](README_picture/image-20211202221443507.png)
![image-20211204120817213](README_picture/image-20211204120817213.png)



Expand Down
Binary file removed README_picture/image-20211202220840462.png
View file
Binary file not shown.
Binary file removed README_picture/image-20211202221443507.png
View file
Binary file not shown.
Binary file added README_picture/image-20211204120709887.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added README_picture/image-20211204120817213.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit b117ba0

Please sign in to comment.