Update CustomPayloadForAllInsertpointMenu.java

Author: bit4woo

src/knife/CustomPayloadForAllInsertpointMenu.java

@@ -10,6 +10,7 @@
 import javax.swing.JMenu;
 import javax.swing.JMenuItem;
 
+import org.apache.commons.lang3.StringUtils;
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -28,29 +29,31 @@
 
 /**
  * 将某个payload插入所有的插入点，比如XSS
- * @author bit4woo 
+ *
+ * @author bit4woo
  */
 
 //reference XXE_Menu.java
 public class CustomPayloadForAllInsertpointMenu extends JMenu {
 	/**
-	 * 
+	 *
 	 */
 	private static final long serialVersionUID = 1L;
 	public BurpExtender burp;
 
-	public CustomPayloadForAllInsertpointMenu(BurpExtender burp){
+	public CustomPayloadForAllInsertpointMenu(BurpExtender burp) {
 		try {
 			this.setText("^_^ Insert Payload For All");
 			this.burp = burp;
 
 			List<ConfigEntry> configs = GUI.getConfigTableModel().getConfigByType(ConfigEntry.Config_Custom_Payload);
-			List<ConfigEntry> configs1 = GUI.getConfigTableModel().getConfigByType(ConfigEntry.Config_Custom_Payload_Base64);
+			List<ConfigEntry> configs1 = GUI.getConfigTableModel()
+					.getConfigByType(ConfigEntry.Config_Custom_Payload_Base64);
 			configs.addAll(configs1);
-			for (ConfigEntry config:configs){
+			for (ConfigEntry config : configs) {
 				String name = config.getKey();
 				JMenuItem item = new JMenuItem(name);
-				item.addActionListener(new ForAllInserpointListener(burp,config));
+				item.addActionListener(new ForAllInserpointListener(burp, config));
 				add(item);
 			}
 		} catch (Exception e) {
@@ -68,7 +71,7 @@ class ForAllInserpointListener implements ActionListener {
 	public IBurpExtenderCallbacks callbacks;
 	public BurpExtender burp;
 
-	public ForAllInserpointListener(BurpExtender burp,ConfigEntry config) {
+	public ForAllInserpointListener(BurpExtender burp, ConfigEntry config) {
 		this.burp = burp;
 		this.invocation = burp.invocation;
 		this.helpers = burp.helpers;
@@ -82,51 +85,55 @@ public ForAllInserpointListener(BurpExtender burp,ConfigEntry config) {
 	public void actionPerformed(ActionEvent event) {
 		IHttpRequestResponse[] selectedItems = invocation.getSelectedMessages();
 		IHttpRequestResponse messageInfo = selectedItems[0];
-		byte[] newRequest = messageInfo.getRequest();//为了不影响原始request，通过final进行一次转换
+		byte[] newRequest = messageInfo.getRequest();// 为了不影响原始request，通过final进行一次转换
 
 		HelperPlus getter = new HelperPlus(helpers);
 		List<IParameter> paras = getter.getParameters(messageInfo);
 
 		String charset = CharsetUtils.detectCharset(newRequest);
-		String xsspayload  = config.getFinalValue(messageInfo);
-		if (xsspayload == null) return;
+		if (StringUtils.isEmpty(charset)) {
+			charset = "UTF-8";
+		}
+		String xsspayload = config.getFinalValue(messageInfo);
+		if (xsspayload == null)
+			return;
 
 		boolean jsonHandled = false;
-		for(IParameter para:paras) {
+		for (IParameter para : paras) {
 			String value = para.getValue();
 			byte type = para.getType();
 			if (type == IParameter.PARAM_COOKIE || isInt(value)) {
 				continue;
-			}else if (type == IParameter.PARAM_JSON ) {//json参数的更新方法，这里只是针对body是json
-				if (!jsonHandled){
-					//stdout.println(para.getValue());
+			} else if (type == IParameter.PARAM_JSON) {// json参数的更新方法，这里只是针对body是json
+				if (!jsonHandled) {
+					// stdout.println(para.getValue());
 					List<String> headers = helpers.analyzeRequest(newRequest).getHeaders();
 					try {
-						String body = new String(HelperPlus.getBody(true,newRequest),charset);
-						if (isJSON(body)){
-							body = updateJSONValue(body,xsspayload);
-							newRequest = helpers.buildHttpMessage(headers,body.getBytes(charset));
+						String body = new String(HelperPlus.getBody(true, newRequest), charset);
+						if (isJSON(body)) {
+							body = updateJSONValue(body, xsspayload);
+							newRequest = helpers.buildHttpMessage(headers, body.getBytes(charset));
 							jsonHandled = true;
 						}
 					} catch (Exception e) {
 						e.printStackTrace(stderr);
 					}
 				}
-			}else {
-				if (type == IParameter.PARAM_URL) {//url中的参数需要编码
+			} else {
+				if (type == IParameter.PARAM_URL) {// url中的参数需要编码
 					value = helpers.urlDecode(value);
 				}
-				if (isJSON(value)){//当参数的值是json格式
+				if (isJSON(value)) {// 当参数的值是json格式
 					try {
-						value = updateJSONValue(value,xsspayload);
+						value = updateJSONValue(value, xsspayload);
 					} catch (Exception e) {
 						e.printStackTrace(stderr);
 					}
-				}else {
-					value = value+xsspayload;
+				} else {
+					value = value + xsspayload;
 				}
 
-				if (type == IParameter.PARAM_URL) {//url中的参数需要编码
+				if (type == IParameter.PARAM_URL) {// url中的参数需要编码
 					value = helpers.urlEncode(value);
 				}
 				IParameter newPara = helpers.buildParameter(para.getName(), value, para.getType());
@@ -144,7 +151,7 @@ public static boolean isInt(String input) {
 			try {
 				long l = Long.valueOf(input);
 				return true;
-			}catch(Exception e1) {
+			} catch (Exception e1) {
 
 			}
 			return false;
@@ -154,12 +161,12 @@ public static boolean isInt(String input) {
 	public static boolean isJSON(String test) {
 		if (isJSONObject(test) || isJSONArray(test)) {
 			return true;
-		}else {
+		} else {
 			return false;
 		}
 	}
 
-	//org.json
+	// org.json
 	public static boolean isJSONObject(String test) {
 		try {
 			new JSONObject(test);
@@ -169,7 +176,6 @@ public static boolean isJSONObject(String test) {
 		}
 	}
 
-
 	public static boolean isJSONArray(String test) {
 		try {
 			new JSONArray(test);
@@ -179,57 +185,56 @@ public static boolean isJSONArray(String test) {
 		}
 	}
 
-	//org.json
+	// org.json
 	public static String updateJSONValue(String JSONString, String payload) throws Exception {
 
 		if (isJSONObject(JSONString)) {
 			JSONObject obj = new JSONObject(JSONString);
 			Iterator<String> iterator = obj.keys();
 			while (iterator.hasNext()) {
-				String key = (String) iterator.next();		// We need to know keys of Jsonobject
+				String key = (String) iterator.next(); // We need to know keys of Jsonobject
 				String value = obj.get(key).toString();
 
-
 				if (isJSONObject(value)) {// if it's jsonobject
 					String newValue = updateJSONValue(value, payload);
-					obj.put(key,new JSONObject(newValue));
-				}else if (isJSONArray(value)) {// if it's jsonarray
+					obj.put(key, new JSONObject(newValue));
+				} else if (isJSONArray(value)) {// if it's jsonarray
 					String newValue = updateJSONValue(value, payload);
-					obj.put(key,new JSONArray(newValue));
-				}else {
-					if (!isBooleanOrNumber(value)){
-						obj.put(key, value+payload);
+					obj.put(key, new JSONArray(newValue));
+				} else {
+					if (!isBooleanOrNumber(value)) {
+						obj.put(key, value + payload);
 					}
 				}
 			}
 			return obj.toString();
-		}else if(isJSONArray(JSONString)) {
+		} else if (isJSONArray(JSONString)) {
 			JSONArray jArray = new JSONArray(JSONString);
 
 			ArrayList<String> newjArray = new ArrayList<String>();
-			for (int i=0;i<jArray.length();i++) {//无论Array中的元素是JSONObject还是String都转换成String进行处理即可
+			for (int i = 0; i < jArray.length(); i++) {// 无论Array中的元素是JSONObject还是String都转换成String进行处理即可
 				String item = jArray.get(i).toString();
-				String newitem = updateJSONValue(item,payload);
+				String newitem = updateJSONValue(item, payload);
 				newjArray.add(newitem);
 			}
 			return newjArray.toString();
-		}else {
-			return JSONString+payload;
+		} else {
+			return JSONString + payload;
 		}
 	}
 
 	public static boolean isBooleanOrNumber(String input) {
-		if (input.equalsIgnoreCase("true") || input.equalsIgnoreCase("false")){
+		if (input.equalsIgnoreCase("true") || input.equalsIgnoreCase("false")) {
 			return true;
-		}else{
+		} else {
 			return isNumeric(input);
 		}
 	}
 
-	public static boolean isNumeric(String str){
-		for(int i=str.length();--i>=0;){
-			int chr=str.charAt(i);
-			if(chr<48 || chr>57) {
+	public static boolean isNumeric(String str) {
+		for (int i = str.length(); --i >= 0;) {
+			int chr = str.charAt(i);
+			if (chr < 48 || chr > 57) {
 				return false;
 			}
 		}