-
Notifications
You must be signed in to change notification settings - Fork 169
/
Copy pathTriggerParamGuesser.java
128 lines (104 loc) · 4.55 KB
/
TriggerParamGuesser.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
package burp;
import org.apache.commons.collections4.queue.CircularFifoQueue;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.*;
import java.util.concurrent.ThreadPoolExecutor;
import static java.lang.Math.min;
import static org.apache.commons.lang3.math.NumberUtils.max;
class TriggerParamGuesser implements ActionListener, Runnable {
private IHttpRequestResponse[] reqs;
private boolean backend;
private byte type;
private ParamGrabber paramGrabber;
private ThreadPoolExecutor taskEngine;
private ConfigurableSettings config;
TriggerParamGuesser(IHttpRequestResponse[] reqs, boolean backend, byte type, ParamGrabber paramGrabber, ThreadPoolExecutor taskEngine) {
this.taskEngine = taskEngine;
this.paramGrabber = paramGrabber;
this.backend = backend;
this.reqs = reqs;
this.type = type;
}
public void actionPerformed(ActionEvent e) {
ConfigurableSettings config = Utilities.globalSettings.showSettings();
if (config != null) {
this.config = config;
//Runnable runnable = new TriggerParamGuesser(reqs, backend, type, paramGrabber, taskEngine, config);
(new Thread(this)).start();
}
}
public void run() {
int queueSize = taskEngine.getQueue().size();
Utilities.log("Adding "+reqs.length+" tasks to queue of "+queueSize);
queueSize += reqs.length;
int thread_count = taskEngine.getCorePoolSize();
int stop = config.getInt("rotation interval");
if (queueSize < thread_count) {
stop = 256;
}
ArrayList<IHttpRequestResponse> reqlist = new ArrayList<>(Arrays.asList(reqs));
Collections.shuffle(reqlist);
int cache_size = thread_count;
if (config.getBoolean("max one per host")) {
cache_size = queueSize;
}
Set<String> keyCache = new HashSet<>();
boolean useKeyCache = config.getBoolean("max one per host+status");
Queue<String> cache = new CircularFifoQueue<>(cache_size);
HashSet<String> remainingHosts = new HashSet<>();
boolean canSkip = false;
byte[] noCache = "no-cache".getBytes();
if (config.getBoolean("skip uncacheable") && (type == IParameter.PARAM_COOKIE || type == Utilities.PARAM_HEADER)) {
canSkip = true;
}
int i = 0;
int queued = 0;
// every pass adds at least one item from every host
while(!reqlist.isEmpty()) {
Utilities.log("Loop "+i++);
Iterator<IHttpRequestResponse> left = reqlist.iterator();
while (left.hasNext()) {
IHttpRequestResponse req = left.next();
String host = req.getHttpService().getHost();
String key = req.getHttpService().getProtocol()+host;
if (req.getResponse() != null) {
if (canSkip && Utilities.containsBytes(req.getResponse(), noCache)) {
continue;
}
IResponseInfo info = Utilities.helpers.analyzeResponse(req.getResponse());
key = key + info.getStatusCode() + info.getInferredMimeType();
}
if (useKeyCache && keyCache.contains(key)) {
left.remove();
continue;
}
if (!cache.contains(host)) {
cache.add(host);
keyCache.add(key);
left.remove();
Utilities.log("Adding request on "+host+" to queue");
queued++;
taskEngine.execute(new ParamGuesser(Utilities.callbacks.saveBuffersToTempFiles(req), backend, type, paramGrabber, taskEngine, stop, config));
} else {
remainingHosts.add(host);
}
}
if(config.getBoolean("max one per host")) {
break;
}
if (remainingHosts.size() <= 1 && !useKeyCache) {
left = reqlist.iterator();
while (left.hasNext()) {
queued++;
taskEngine.execute(new ParamGuesser(Utilities.callbacks.saveBuffersToTempFiles(left.next()), backend, type, paramGrabber, taskEngine, stop, config));
}
break;
}
else {
cache = new CircularFifoQueue<>(max(min(remainingHosts.size()-1, thread_count), 1));
}
}
Utilities.out("Queued " + queued + " attacks");
}
}