From 1c02b04daf19ed224a77ebd8db6df1dd9591b5e0 Mon Sep 17 00:00:00 2001 From: c0ny1 <1627639645@qq.com> Date: Fri, 6 Aug 2021 00:44:27 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3=E5=90=88=E5=B9=B6=E5=AD=98?= =?UTF-8?q?=E5=9C=A8=E6=B3=A8=E9=87=8A=E7=9A=84=E5=88=86=E5=9D=97=E5=86=85?= =?UTF-8?q?=E5=AE=B9=E5=A4=B1=E8=B4=A5=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/burp/Transfer.java | 22 ++++++++--- src/main/test/TransferTest.java | 64 +++++++++++++++++++++++++++++++- 2 files changed, 79 insertions(+), 7 deletions(-) diff --git a/src/main/java/burp/Transfer.java b/src/main/java/burp/Transfer.java index d263a3c..87f99da 100644 --- a/src/main/java/burp/Transfer.java +++ b/src/main/java/burp/Transfer.java @@ -7,6 +7,9 @@ * 编码解码类,负责对目标请求进行编码解码 */ public class Transfer { + public static final byte http_0 = 48; + public static final byte http_r = 13; // \r + public static final byte http_n = 10; // \n /** * 对请求包进行chunked编码 * @param requestResponse 要处理的请求响应对象 @@ -110,7 +113,7 @@ public static byte[] splitReqBody(byte[] reqBody,int minChunkedLen,int maxChunke byte_encoding_body = joinByteArray(byte_encoding_body,b); byte_encoding_body = joinByteArray(byte_encoding_body,"\r\n".getBytes()); } - byte_encoding_body = joinByteArray(byte_encoding_body,"0\n\n".getBytes()); + byte_encoding_body = joinByteArray(byte_encoding_body,"0\r\n\r\n".getBytes()); return byte_encoding_body; } @@ -134,7 +137,14 @@ public static byte[] mergeReqBody(byte[] chunkedReqBody){ byte[] chunkedLen = new byte[length]; System.arraycopy(chunkedReqBody, j, chunkedLen, 0, length); j = i + 2; - int cLen = Util.hexToDecimal(new String(chunkedLen)); + int cLen; + String strChunkedLen = new String(chunkedLen); + if(strChunkedLen.contains(";")){// 如果存在注释 + cLen = Util.hexToDecimal(strChunkedLen.substring(0,strChunkedLen.indexOf(";"))); + }else{ + cLen = Util.hexToDecimal(strChunkedLen); + } + // 根据分块长度获取分块内容 byte[] chunked = new byte[cLen]; System.arraycopy(chunkedReqBody, j, chunked, 0, cLen); @@ -145,9 +155,11 @@ public static byte[] mergeReqBody(byte[] chunkedReqBody){ } // 处理结尾0\n\n - if(chunkedReqBody[i] == "0".getBytes()[0] - && chunkedReqBody[i+1] == "\n".getBytes()[0] - && chunkedReqBody[i+2] == "\n".getBytes()[0]){ + if(chunkedReqBody[i] == http_0 + && chunkedReqBody[i+1] == http_r + && chunkedReqBody[i+2] == http_n + && chunkedReqBody[i+2] == http_r + && chunkedReqBody[i+3] == http_n){ break; } } diff --git a/src/main/test/TransferTest.java b/src/main/test/TransferTest.java index 3d79359..afa1819 100644 --- a/src/main/test/TransferTest.java +++ b/src/main/test/TransferTest.java @@ -21,9 +21,69 @@ public static void TestSplitReqBody(){ } + public static void TestOk(){ + String body = "3;IWFbM4mTXBxSq7cjU2ZOrdg\r\n" + + "ser\r\n" + + "1;XcM0dC2gATfT2cMaX\r\n" + + "v\r\n" + + "1;HL3RZyqc2kk5E2ZRu0djQOu\r\n" + + "i\r\n" + + "3;AwPNeJDu\r\n" + + "ce=\r\n" + + "1;kvFfaa9\r\n" + + "h\r\n" + + "1;VwZXqUfdKcL\r\n" + + "t\r\n" + + "3;g0IdgC\r\n" + + "tps\r\n" + + "2;EHIqC5t\r\n" + + "%3\r\n" + + "3;6P49NW26kLv\r\n" + + "A%2\r\n" + + "1;Mg1IZGijv5keoWV3Pex\r\n" + + "F\r\n" + + "2;gYn0nPRoS5xfLEvE\r\n" + + "%2\r\n" + + "1;XqBYhlH0KbqUD1TKk\r\n" + + "F\r\n" + + "1;ToE8BVCsBm5VKj0C\r\n" + + "y\r\n" + + "2;2FLXZwRSXUAQ6ilT5pggbHUE\r\n" + + "un\r\n" + + "1;BZoEH3S3GqHU4Gqj0QxKj3\r\n" + + ".\r\n" + + "1;F5ddaFsfKx1MTjMEedJh\r\n" + + "s\r\n" + + "2;eqijFldn5Cga4tLA\r\n" + + "cn\r\n" + + "3;Vcb0BzTALRJKv6ji9duogGfwO\r\n" + + "yw.\r\n" + + "2;BVGq0Efdg\r\n" + + "co\r\n" + + "2;fvCiZ\r\n" + + "m%\r\n" + + "3;12ViYBzk3q67b\r\n" + + "2Fp\r\n" + + "1;Lb1uT4\r\n" + + "o\r\n" + + "1;brgH3py6bSqWI1qK\r\n" + + "r\r\n" + + "3;pNtzewGd2XM3lAH\r\n" + + "tal\r\n" + + "3;5NAfSvlZmv0D\r\n" + + "%2F\r\n" + + "0\n" + + "\n"; + + byte[] newBody = Transfer.mergeReqBody(body.getBytes()); + System.out.println(new String(newBody)); + + } + public static void main(String[] args) { - TestMergeReqBody(); - TestSplitReqBody(); +// TestMergeReqBody(); +// TestSplitReqBody(); + TestOk(); } }