From 8cd9009549405e23b1f191adf69339f5f0264098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=B8=AD=E7=8E=8B?= <27958875@qq.com> Date: Fri, 21 May 2021 15:21:44 +0800 Subject: [PATCH] update --- bin/fakeIP.jar | Bin 0 -> 10384 bytes fakeIP.iml | 2 + pom.xml | 34 +++++++ src/main/java/burp/BurpExtender.java | 137 +++++++++++++++++++++++++++ src/main/java/burp/Config.java | 26 +++++ src/main/java/burp/Utils.java | 106 +++++++++++++++++++++ 6 files changed, 305 insertions(+) create mode 100644 bin/fakeIP.jar create mode 100644 fakeIP.iml create mode 100644 pom.xml create mode 100644 src/main/java/burp/BurpExtender.java create mode 100644 src/main/java/burp/Config.java create mode 100644 src/main/java/burp/Utils.java diff --git a/bin/fakeIP.jar b/bin/fakeIP.jar new file mode 100644 index 0000000000000000000000000000000000000000..948bc6bc2c242694ded304b630cdd24b9c954a72 GIT binary patch literal 10384 zcmb7q1z23k(l!YY+}&;P!EMk4m%-hg!QBavKyY{WAi>?;-GT%Q8X!pU1PSu9o6Tl# z?!EtWznd6R2OEQ8iq~V#}ZFX8R8aVK(XAV>a2duKTL!g<7qHNAvf(m4>6I@e=y|RW|bv<_6 z(3KT$UZcg!S2EEBt(^v{cUK{c5-Q%rUA*q70k6h#zed>-dbDYV5RJv_|-HS zfIqBKElDz_d-DgUeLhmLQ}pP(rU*u*zN!kNjV?Epq|aCSBgw__#%yz&5#-AL_182; z8D+R6izYP_2Qo9KpfFmG5~EXt)F*;6k@*H3O72Sq^4fzE*po34##qv6J0Z|>=+Eul zJH1A%NvnxGWz9wlfXu}QNH6-DXn4=BnDKmvw`>V>c-u${NF+Vlj$xUn3y^ZA&KA3Q zzh{}HBWk0NzYXFlI`o-bz*p|0FZvU>J-=?V8h)U%?-S<9^n%^ov z{t55qd=^(M-NIXqI7ld+VvP;&D*f)TSfX3ooVQ&*2pE^Yrf)*TGG7S-O74-)a(v< z^>BTS)WyLWmeQ?ft?uKYncgo*c6r(*I@c?T7LA`IAy7V|UKj!5dMSd!ZQfEG2&gUy9!^i7z`M#Daq~OxXQ4e6^5iBz^=fX6}?WcEu(1(U`b87EI<|@H0ELe zKrXHSoD%IZ)S03f5x~A-4QILhRTJ%lV2P_IVO00pWDp;&eLfD?D>ld80j2$huo)Y2 zHG74Wx4_dA&TmvB*Kfb^|oz+M&eJhUZY@vp}yc-kTkV$Tn*2dW-C$X4N$i zbg6w7g~mhFtp*%0K9hp{1ozz3zG)qkp$WAqvA~oQcbJD}g(5=y`m6nr8sc+@?Tk_P zEImwYz4h~l^XsNioxb=%TfEu;eonlq2pk~j`5gsnXy?E3XF19O3*(VL@Bb@*IDYcS z`Y-;>H-s~>kiq+FyXwSHZ}LQja&uWKcPW0k+&fZy)>v!GSANTc721b(5A`bHbRq#> zIvrB$PI{T)Jh`%XcYgW79;&iBeUO-Ru}bN6@c2{GtxyyNK~({P^OFoC*S`3$vZ9d? z=USH8s$vPtzDQY|UawOAS#u+2s~eQw4Bpr`Bh0<;@vrSVkyUzM{kuNJS$@2#&pC>_uE+Oy7+h}n{L(*0t}$*jh~ zEV?Yw!}P!#^9D5MgTY|~Q?4SkN$~&?VZ$5=I3~$A+BJEud-=J{y4C?X(2Z|4_KL2& zI50iX9T+XcqneNpUF`L}CnLW)7*FV_st@+Y_o27zCZt?wIzkPn?*~yu_D>R=Sral7 z14{Kh76fr(bNSQvE2!c6Fw=l?@UaC_NOl3O&{Q|GjjSm?f?K4>k+LF;a=R1H8YE!{ zZ$!QWln)V{`_wYNrJEyXZXM-#SN}c)R#M66n?{6JVwrH$^bpV3&E~nZlt@r70r-R3ok;L<^Xr~q0*RyfKt`qt%kIQQ1 z-FzPwA7Bkp3joaP>cou%JNQSeD`riD4%r(|dPRdggJ6Rsk;9Rr39?vC39{Hf;V0oI z5u71U;;Z8$B2UJ9JfZS)Y)hybsiOJt6{O!^ol9O{lcA@*>S2vNmiKggpWy8#)vbf&EEs^_2$nzt_(w4^pg4a4-BQs z8Ph)xS!T8~`ZB_&2exm)HRx*=?YxRrt5k6|P^z;P+~sS)3xHK!#h~W9H1p|gSaHan zXo;Ajis+TbKk%cL6Dygrc_kjkjLBgy+}!@qDAcpkd%&4Q{Tj*-s5 zycriJtxI8oMU5e##fTKYjzkjv#;L}~d&+RFY*TXxGX!PZMNMBhJu@-E+ihaaU z)b-v`H|?F{4T>K;<{41YAvI4WB_}0H{Cj|a>=318e)z~lDY(wHJFeqSsbBe5rzQiizrJcQkGI~x1_~aep@EQ#Z^$eqjLP!QQ zHaJEGY7gcRs0psUT_K$SOUitH7hUme>V)9!l|P%YeSn?)J?y{sg#!fBHigH&Ao*Vh zmTW(5>JOi+VuiOag9J~Pr&_LwSmXT;%_>6MN?9cUX2WL*)yyH)7GjR{=#nXax?~aZ zDNZ@_qcOqDvF1zDhx_k$a9!XwQorCqH_y0!)-2SwDg7K{=BLEeXh@_Zq__l-76IUh zOnwB2EnS3~Yc4WvWk`xmpo|CeBZ8IBj6DJS&WnM5oS;zB6D+1VEGkv7MY=C-BIhx| zJlN+9x*6{q{`y`#9`S%u$&w8>XFL|a=KaGl{TO_JmIpmnhkTx#zo@2xDQfks%aR6n|2)k z)kn>B)wQLD76T0U;pje-N;spsO*g9Lk}t91p>+&kC>6&ayY0j zrtm%x`kQD<$wdKi96q$^EJl_r|HNeZScZq5DKt3Zw_Ktx)}aS1GoAW*WeqVMVhc^dLkXXrmIvYLyfjq?xkWojUJ6RQzCbhblk z`E481xowpRm*PaCXy`XqFJz_mdJ6sWneyqAq}}3dT2uAh%yXZ>DxE;JDV+4Z8Oary ztFs)<^+(L3d`D;1uBg;UgeKPW(4MM0&V5$9XTQ_B>i%ji-RELk^b#7Rmk?M5#S`R+ zWyjpTeDaNT)z3ZXl)0@H=D7Q1Z^)*PQ5zXqOf;HR6LpA=DEx+K-1!Ebt2bqY!lnv^ zH(?{#B0Fdj#xXdEzhFU6`S1vxd!rWfE<^RcmHOWBMhI|u#kw(Fox)B} zSkH~Ygp1aVNCQ98vX{`}u*R9*I!B9_t!a=riN@Sv?>NU2FiussNYQT9w9%dtf@o1wR)H%--ONWX4l>$36k(#9XT5I{2@bk=i?$m8Out&JMl zby<{H%W|VCjk5Fz@TuHTLRm9)w)T)Ubo~n4z+oBkSH;l6wdkrVV%27sp3igS{>s%a z!|-n3G&pvI)2{X`(1ts{cHA_5E?HW+(AGXX)s<15Pjd{5iATS+IgUke@AL6wIw0f< z+qkFh*`aWfVMdM-UT~tg8C_;j;uv!OA_h`PIN$yxMgf<-0$SoTCmG*71vN8b5@l{P z>hbo38bndKno(T!!EnhnMng zWX45NWE+;;DN$rww0yo{Z*A^P#@SXfnm#zG4gZ_RX8zt?Vnj@jIO*FQvg(4zW?mfCuSYjlofT6SD@}kE*Y@ zYlSbBzFHBgUWBbGbB}Jj>`S4G-Jp0&r9z=eEg&f%VmZvPrz$4N>EGhLQO~SwTiRGsid} zUD`c%+QH0KZnBJjc6zNxa#?@5ZdPP>Le_k4LiaFBtxX{F@x}z`2myGJ2P`J0UW#YEyY z&mitMb7|6}sAEGlu!j+~s0`s|h9b)Id6UAbrDK#@b)0_pvUWpNv{b2SxmlE7f+lC2ruiZ;R2HJ(m)t_y2;}&X#(n0g)j3$m zx3lle+%Ud!V##5!O$>BGBRkHyeR}(l5;eRyIY0KPfpE_SPeZGg1{bl+TkX_g36k9F zbPv#ix@H+Fjm*aJ9th2a>Iy&yZ$)XeU8qX)TWp$(13hrIr_zz!4VN`<%njE0BcxI7n3GqE~XzGMwsQc zHmAVTkIUFdN#7;ef=NgO0-C$%c03)>W0l4(6*&pdkBMHs2$R)luu5Y$sGEI7hU@Zj zw7$a5K<|SvkXSqw4)0MQ<391bI!Rw129Q*|Iazyl0};*iL1tLJp)ut}XettAT`yis*XHzLj!iQj)Q28R+ zKZV_a%uI7OD7S&<+0{=xmq|=~2C0a({Se@l zF~BSs?+FS&&3Jp})v|?i{wj1tw=%sM-7%E~O+i2ZY@7PXbhxMnptG<+@G0<<?g3G+7-ZAgUDocbBI=b z#_EmL0nJ6au+A2ly*?aU`8;P@_+eBRvHAxlp*d}jB}8e`~Vw_ zaUk@1M@$dE>Ca_ttzdD+-Nf0`@l0GQ&UI0^?4$Cl$v%BX6{gtu=q=?JtcjGIjDSN0>0WQD&j%Ui*6N*rBTqFR!XC$|sU` z?9R_kw2*-U;kvy@QVF zNM8nREB{`W|FK;88Bq&cAO3M_^teWV_j6GC&o%cSW79;9U=tz@f`?4tHQ>5NcQBMg z*PN?HAYnRofnwHeODq&mDJeeb8z8#?Y?|riE@MoWiLDJmVv2ccmJ9_OS63Zh$n-L? zX3(H}4eEBaHNMSM)a;<+vg7j0W#kP1gYT9tl>27360p}4pDfG}PKbDb>Zxx&YV;;s zwU=%`mhrhMwvhleD;dg`B@S8m=9Y&9c{a{qHhQ!|*kDoL)(nFXmN+zxnm2ctgh0{e zHLDO_zqSD0z;3SxMFd`dH{SkXysl{QI7 zl)c!goHzL0y&KG0H=~iah7B{)#igpZK|h*mTghfHgKz%kAYz?quHk}@=SN3mNxw9X zGx6RXt1mBFO!2UWq4D(IuBWJP#JImN&#^OIzv})p^+r_i4IK6?TE^VuL1>%)5RGz$ zEp81!Nr4!YCWDGb|IT%Vt@IOv=9lSIb>jfBBk5%ql=S@i?_>UZM;eM))`Gd@3+9mo zi0a5GuqN*~W4RAay!hFxR8gg3)a+K((^-TQBLTd_zO4kYT z^gLBT3g)^J^{sPA;9;)w&?nkpqezI_djiH1urhiYc@TpJa{>XjB&Fi!C*z*xu9q^z zxR?Q7Q{%R@u@L8h0=W7yfH=JANi9_Sn)!Jo6Mx+~aD{70XEx1bd&aQwwf|0Qqdf-7 z_hJ*R5i=0n*St@Oi(caWYDw^=Z)ozzY=qsx-2J3p_QHBH2VogU$l48Tc?vsBK4Y<= z9@^b!WgDnUbT#zz-8NHtqonU?E$l?g z>a`Qg&f?65nqq*U3jLuN7lp-I)9!k(Y%QsVSRnJb_;-jJHiE)fv%scy$%ruMMlA7k6`o#Oa%Lt!r^{P#KNm{nhAYaYAzFNk zjLEbEiHgYkx*#8qZ2wo8mM?S6(y8v{io^pZ@DC0TBM>i=9=50uuJ`Dhct?+{_G-(# zvyYOd+dUbV#Z%r6%4<-@?sUwI6YP4-%wK8JJ6CX+$N@$^!O8Jx$hfNw)jF|AM{P$? znG%wAM#~v1WBevRdrbQOe-vu6CFyGJm|N7_j87b}QUV=BVDAePWLD zYWhSY)?~U|QjjBDhwB#Q*y@V^zMC9~K1iqy!US>S)fM;(_MT;^R@v@7t(f9sk<(BD zhJkfsDc~k=sBb9J7gu~WDJuCU@nIXPM7MeTT&w5%*I+60Wv{V(ZJS4{v4g>O)qPmp zAU2`-{*vqrTsgDt+xa1Ve!E31KC`1pCYucNXFIg+?sMNtaK)bw&D_nY<-?C3jM&4^ z9a)-?o%V9u+87#%LwMxf^dKn4tq+&r zWqEki^)vll+10D4(a<5KMt=2eF6%vBSsnH1q^yXA3C)hhPP9A!bk+$XSRS@y5q55M z6Qd<9WCvkZqUlP?wF!BU#BAd_p`Y&9Sd^_RihXFnWdSHlahdu$KzD znX;5Rx{Y1YgDuV^B&dh4Lg5>on*#XH!eKqRLJYfY()7Tjz=fhEjF>qFbIfz{;D;4XQB40Gp=!(raSGgnQ zR2EjmjC4NPl`bf)ayPe%9^y}YdD~Wo&+~ z3&UK0C9rjGk<_alPxRsvRJ-ZB^QK#O=q$g_LLkscAR5bq0Br;3GrOH+J4kiYjQ|?o zw5;cr2_$v{Rp0g+W1uCdC5zf8EUE7r=>lJaV&C;0V}E`V9`A^}aKH3(KLLUwI+KJH zImLTXl^zE9QqbE?UmUb|SBBf!0JM?PS0QD5?|nP!vBGqbVGPOv66JlS=4Mtoam54? z*BO%V;>u!n$8HwmOJ`NnRr`+TJaKtz zfyxZHsh|T68gBy;%DIX$lMdE!UR5I@Nk+k)R)oMgzbo$vNr3rVckNS(7i);hxq*2s zTaLzW0>+7$je5E2KDf)~o@3^bAWx$J_(CYr?dGJeBkN#1`~?(@Vb6;&6l(LbVsAFH z^20hH0?0Z`Gh;8B-lsu!K6;K2CSDU+lu>{4ulquI_ki-noBrJcDw#MITq`v0R&_rIt^jI7P1 z75_$g964##EAO7M*CjuBjI%thFSGm~P#o-SnLTW60^{XW&dIR@FYjQt(xt~0fnz>x-gqH?umuhuy5Fc$L#4PLSQR_?vf!X9(ra*EpShXCK zbJB%~j%hfK|{ zgytKVtSY_Nodi0%$R=w8mvajV@CKB-$)kvb*nC}S2Ei+Oa$e zkJZLiY=^^aHlX&%iS)0Wtx-}CXYQhG4T_|q))4RIhPecHOVw{Pj+9}kyFe>A`%}?- z@SQb7XEW&^?Sv10pzdDw>0iIG@tC8&)m4+*QzS`{A_;pFMe;gJ9BSr^^XwHlkt=Z% zn--(K--O83h3p$pym9}i#CJ0HmLow4?leD92T=!}`$dal=I&=EJVNCmujr*u*xu^z zX<`!R(!kQ82fjolrksbnUYkBT9amJ=nK`S0i4-C#M?XAtm&x`cd2|2Gy#4vxu5e8E_xmqhgUhDXl$Jx5g2wxoCstbWV!O!LtSFsydbgep{}8rQegc% z5XbY$dBw>WJPVU-Km?g3p->IC;|`^OPo82!|MzsF$0vC#=ulsT|2Y2L)qbh{=k%gKg#Re{ezcGKzt#Sc zZ1fA^Kj;7ass3lhLyxC_Wdr?e>yJu*&juKl=Vwp z4Cz0$;;+Eg?=Zi|B7VV)p!@~%kI2OD+P_a4e`y=w|A$8Wm_q&n`FG3xhnfFT(4ih4 z&dC2ksh>vwCpG?E`46-Iqx_*v_IUX>AAczSCnxaV;r?&~zu@%$7r4Kj!cWxy>=u6F z=KJOUA5i~t62D&G4_5zfkA8uNQ2h^Y;IAhC0shN6DS~02{egq__+xtXWpaQ&uKpiQ C9u}Yg literal 0 HcmV?d00001 diff --git a/fakeIP.iml b/fakeIP.iml new file mode 100644 index 0000000..78b2cc5 --- /dev/null +++ b/fakeIP.iml @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..b7b081a --- /dev/null +++ b/pom.xml @@ -0,0 +1,34 @@ + + + 4.0.0 + + net.thekingofduck + fakeIP + 1.0-SNAPSHOT + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + 1.8 + 1.8 + + + + + + + net.portswigger.burp.extender + burp-extender-api + LATEST + + + + + + \ No newline at end of file diff --git a/src/main/java/burp/BurpExtender.java b/src/main/java/burp/BurpExtender.java new file mode 100644 index 0000000..c1cbfcd --- /dev/null +++ b/src/main/java/burp/BurpExtender.java @@ -0,0 +1,137 @@ +package burp; + +import javax.swing.*; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.List; + +/** + * Project: fakeIP + * Date:2021/5/21 上午11:07 + * @author CoolCat + * @version 1.0.0 + * Github:https://github.com/TheKingOfDuck + * When I wirting my code, only God and I know what it does. After a while, only God knows. + */ +public class BurpExtender implements IBurpExtender, IContextMenuFactory,IIntruderPayloadGeneratorFactory, IIntruderPayloadGenerator, IHttpListener{ + public static IExtensionHelpers helpers; + private String PLUGIN_NAME = "burpFakeIP"; + private String VERSION = "1.0"; + public static PrintWriter stdout; + + @Override + public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) { + helpers = callbacks.getHelpers(); + + stdout = new PrintWriter(callbacks.getStdout(), true); + String banner = "[+] %s %s is loaded...\n" + + "[+] ####################################\n" + + "[+] Anthor: CoolCat\n" + + "[+] Blog: https://blog.thekingofduck.com/\n" + + "[+] Github: https://github.com/TheKingOfDuck\n" + + "[+] ####################################\n" + + "[+] Enjoy it~"; + stdout.println(String.format(banner,PLUGIN_NAME,VERSION)); + + //注册菜单 + callbacks.registerContextMenuFactory(this); + callbacks.registerIntruderPayloadGeneratorFactory(this); + callbacks.setExtensionName(PLUGIN_NAME); + callbacks.registerHttpListener(this); + + } + + @Override + public List createMenuItems(IContextMenuInvocation iContextMenuInvocation) { + List menus = new ArrayList(); + JMenu menu = new JMenu(PLUGIN_NAME); + + JMenuItem custom = new JMenuItem("customIP"); + JMenuItem localhost = new JMenuItem("127.0.0.1"); + JMenuItem random = new JMenuItem("randomIP"); + JMenuItem autoXFF = new JMenuItem("AutoXFF"); + + menu.add(custom); + menu.add(localhost); + menu.add(random); + menu.add(autoXFF); + + if(iContextMenuInvocation.getInvocationContext() != IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST){ + return menus; + } + custom.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent arg0) { + String ip = JOptionPane.showInputDialog("Pls input ur ip:"); + Utils.addfakeip(iContextMenuInvocation,ip); + } + }); + + localhost.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent arg0) { + Utils.addfakeip(iContextMenuInvocation,"127.0.0.1"); + } + }); + + random.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent arg0) { + Utils.addfakeip(iContextMenuInvocation,Utils.getRandomIp()); + } + }); + + autoXFF.addActionListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent arg0) { + String xff = JOptionPane.showInputDialog("Pls input ur XFF header name:","X-Forwarded-For"); + String xffvalue = JOptionPane.showInputDialog("Pls input ur XFF header value:","$RandomIp$"); + Config.AUTOXFF = xff; + Config.AUTOXFFVALUE = xffvalue; + } + }); + + menus.add(menu); + return menus; + } + + + @Override + public boolean hasMorePayloads() { + return true; + } + + @Override + public byte[] getNextPayload(byte[] bytes) { + String payload = Utils.getRandomIp(); + return payload.getBytes(); + } + + @Override + public void reset() { + + } + + @Override + public String getGeneratorName() { + return PLUGIN_NAME; + } + + @Override + public IIntruderPayloadGenerator createNewInstance(IIntruderAttack iIntruderAttack) { + return this; + } + + @Override + public void processHttpMessage(int i, boolean b, IHttpRequestResponse iHttpRequestResponse) { + if (b){ + if (Config.AUTOXFFVALUE.equals("$RandomIp$")){ + Utils.addfakeip(iHttpRequestResponse,Utils.getRandomIp()); + } + Utils.addfakeip(iHttpRequestResponse,Config.AUTOXFFVALUE); + + } + } +} diff --git a/src/main/java/burp/Config.java b/src/main/java/burp/Config.java new file mode 100644 index 0000000..4d8ec59 --- /dev/null +++ b/src/main/java/burp/Config.java @@ -0,0 +1,26 @@ +package burp; + +import java.util.Arrays; +import java.util.List; + +/** + * Project: fakeIP + * Date:2021/5/21 上午11:56 + * + * @author CoolCat + * @version 1.0.0 + * Github:https://github.com/TheKingOfDuck + * When I wirting my code, only God and I know what it does. After a while, only God knows. + */ +public class Config { + public static List HEADER_LIST = Arrays.asList( + "X-Forwarded-For","X-Forwarded","Forwarded-For","Forwarded", "X-Forwarded-Host", + "X-remote-IP","X-remote-addr","True-Client-IP","X-Client-IP","Client-IP","X-Real-IP", + "Ali-CDN-Real-IP","Cdn-Src-Ip","Cdn-Real-Ip","CF-Connecting-IP","X-Cluster-Client-IP", + "WL-Proxy-Client-IP", "Proxy-Client-IP","Fastly-Client-Ip","True-Client-Ip","X-Originating-IP", + "X-Host","X-Custom-IP-Authorization" + ); + + public static String AUTOXFF = "X-Forwarded-For"; + public static String AUTOXFFVALUE = "$RandomIp$"; +} diff --git a/src/main/java/burp/Utils.java b/src/main/java/burp/Utils.java new file mode 100644 index 0000000..9535630 --- /dev/null +++ b/src/main/java/burp/Utils.java @@ -0,0 +1,106 @@ +package burp; + +import java.io.UnsupportedEncodingException; +import java.util.List; +import java.util.Random; +import java.util.stream.Collectors; + +/** + * Project: fakeIP + * Date:2021/5/21 上午11:30 + * + * @author CoolCat + * @version 1.0.0 + * Github:https://github.com/TheKingOfDuck + * When I wirting my code, only God and I know what it does. After a while, only God knows. + */ +public class Utils { + + public static void addfakeip(IContextMenuInvocation iContextMenuInvocation,String ip) { + + //获取原请求信息 + IHttpRequestResponse currentRequest = iContextMenuInvocation.getSelectedMessages()[0]; + IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(currentRequest); + List headers = requestInfo.getHeaders(); + + //去除header中本身已经有的字段 + List templist = Config.HEADER_LIST; + for (String header:headers) { + String hkey = header.split(":")[0]; + templist = templist.stream().filter( key -> !key.equals(hkey)).collect(Collectors.toList()); + } + for (String headerkey:templist) { + headers.add(String.format("%s: %s",headerkey,ip)); + } + + //更新header + byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(currentRequest).getBytes()); + currentRequest.setRequest(newMessage); + + } + + + public static void addfakeip(IHttpRequestResponse iHttpRequestResponse,String ip) { + + //获取原请求信息 + IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(iHttpRequestResponse); + List headers = requestInfo.getHeaders(); + + //为每个请求添加一个Header + headers = headers.stream().filter( key -> !key.equals(Config.AUTOXFF)).collect(Collectors.toList()); + headers.add(String.format("%s: %s",Config.AUTOXFF,ip)); + + //更新header + byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(iHttpRequestResponse).getBytes()); + iHttpRequestResponse.setRequest(newMessage); + + } + + private static String getHttpRequestBody(IHttpRequestResponse httpRequestResponse) { + byte[] request = httpRequestResponse.getRequest(); + IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(request); + + int httpBodyOffset = requestInfo.getBodyOffset(); + int httpBodyLength = request.length - httpBodyOffset; + String httpBody = null; + try { + httpBody = new String(request, httpBodyOffset, httpBodyLength, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + return httpBody; + } + + public static String getRandomIp() { + + // ip范围 ref:https://blog.csdn.net/zhengxiongwei/article/details/78486146 + int[][] range = { + {607649792, 608174079}, + {1038614528, 1039007743}, + {1783627776, 1784676351}, + {2035023872, 2035154943}, + {2078801920, 2079064063}, + {-1950089216, -1948778497}, + {-1425539072, -1425014785}, + {-1236271104, -1235419137}, + {-770113536, -768606209}, + {-569376768, -564133889}, + }; + + Random random = new Random(); + int index = random.nextInt(10); + String ip = num2ip(range[index][0] + new Random().nextInt(range[index][1] - range[index][0])); + return ip; + } + + public static String num2ip(int ip) { + int[] b = new int[4]; + String ipStr = ""; + b[0] = (int) ((ip >> 24) & 0xff); + b[1] = (int) ((ip >> 16) & 0xff); + b[2] = (int) ((ip >> 8) & 0xff); + b[3] = (int) (ip & 0xff); + ipStr = Integer.toString(b[0]) + "." + Integer.toString(b[1]) + "." + Integer.toString(b[2]) + "." + Integer.toString(b[3]); + return ipStr; + } +}