为什么要用ruby?ruby语法编码比jython相对简单,编码格式相对舒服,例如标题可以使用中文:
jruby安装就是一路next就不讲了,安装好jruby后别忘了设置环境变量 JRUBY_HOME 指向到jruby根目录否则不能使用require语句,如下图:
接下来参照 https://gems.ruby-china.com 重新定位 gem 和 bundle的镜像
之后在vscode中安装插件并配置如下
1: ruby Solargraph (语法服务器)在设置中需要手工开启如下两个地方,可以直接搜索Solargraph:
2: 安装endwise 插件 (end自动补齐)
3: gem install rubocop
4: 重启vscode
参照之前的套路使用一个插件文件和一个热更新的代码,每次hello.rb都会启动run.rb并执行
hello.rb代码如下:
#encoding: utf-8
# frozen_string_literal: true
# author: k4n5ha0
# 第二行开启了冻结字符串请注意使用方式
require 'java'
require 'pathname'
java_import 'burp.IBurpExtender'
java_import 'burp.IHttpListener'
java_import 'burp.IProxyListener'
java_import 'burp.IScannerListener'
java_import 'burp.IExtensionStateListener'
class BurpExtender
include IExtensionStateListener
include IScannerListener
include IProxyListener
include IHttpListener
include IBurpExtender
#
# implement IBurpExtender
#
def registerExtenderCallbacks(callbacks)
# keep a reference to our callbacks object
@callbacks = callbacks
@helpers = callbacks.getHelpers
# set our extension name
callbacks.setExtensionName "\u65E0\u654C"
# obtain our output stream
@stdout = java.io.PrintWriter.new callbacks.getStdout, true
@stderr = java.io.PrintWriter.new callbacks.getStderr, true
@realpath = Pathname.new(__FILE__).realpath
# register ourselves as an HTTP listener
callbacks.registerHttpListener self
# register ourselves as a Proxy listener
# callbacks.registerProxyListener self
# register ourselves as a Scanner listener
# callbacks.registerScannerListener self
# register ourselves as an extension state listener
callbacks.registerExtensionStateListener self
end
#
# implement IHttpListener
#
def processHttpMessage(toolFlag, messageIsRequest, messageInfo)
# @stdout.println(
# (messageIsRequest ? 'HTTP request to ' : 'HTTP response from ') +
# messageInfo.getHttpService.toString +
# ' [' + @callbacks.getToolName(toolFlag) + ']'
# )
request = messageInfo.getRequest()
response = messageInfo.getResponse()
url = @helpers.analyzeRequest(messageInfo.getHttpService(),messageInfo.getRequest()).getUrl()
eval(File.read('run.rb')) if File.exist?('run.rb')
end
#
# implement IProxyListener
#
# def processProxyMessage(messageIsRequest, message)
# @stdout.println(
# (messageIsRequest ? "Proxy request to " : "Proxy response from ") +
# message.getMessageInfo.getHttpService.toString)
# end
#
# implement IScannerListener
#
# def newScanIssue(issue)
# @stdout.println "New scan issue: #{issue.getIssueName}"
# end
#
# implement IExtensionStateListener
#
def extensionUnloaded
@stdout.println 'Extension was unloaded'
end
end
可以看出其实写ruby代码大大少于python的代码,因为很多处理都是ruby内部解决的
我们现在实现一个自动提示response中含有pass内容并且标红的代码
#encoding: utf-8
# frozen_string_literal: true
# author: k4n5ha0
# 第二行开启了冻结字符串请注意使用方式
require 'java'
java_import 'burp.IBurpExtender'
java_import 'burp.IHttpListener'
java_import 'burp.IMessageEditorTab'
java_import 'burp.IMessageEditorTabFactory'
def check(instr, keystr)
if instr.downcase.index(keystr)
return true
end
end
class BurpExtender
include IBurpExtender, IHttpListener, IMessageEditorTabFactory
def registerExtenderCallbacks(callbacks)
@callbacks = callbacks
callbacks.setExtensionName("pass查找器")
callbacks.registerMessageEditorTabFactory self
callbacks.registerHttpListener self
end
def createNewInstance(controller, editable)
MakeTabs.new(@callbacks, editable)
end
def processHttpMessage(toolFlag, messageIsRequest, messageInfo)
unless messageIsRequest
if check(messageInfo.getResponse().to_s(), 'pass')
messageInfo.setHighlight('red')
end
if check(messageInfo.getResponse().to_s(), 'cdk')
messageInfo.setHighlight('red')
end
end
end
end
class MakeTabs
include IMessageEditorTab
def initialize(callbacks, editable)
@stderr = callbacks.get_stderr()
@helper = callbacks.get_helpers()
@txt_input = callbacks.create_text_editor()
@editable = editable
@callbacks = callbacks
end
def getTabCaption
"数据提示"
end
def getUiComponent
@txt_input.get_component()
end
def isEnabled(content, isRequest)
not isRequest
end
def setMessage(content, isRequest)
unless isRequest
if content.nil? or content.empty?
@txt_input.text = "HTTP Reponse is nil or empty.".to_java_bytes
else
seekingstr = ''
if check(content.to_s(), 'pass')
seekingstr += "find pass!\n"
end
if check(content.to_s(), 'cdk')
seekingstr += "find cdx!\n"
end
@txt_input.text = seekingstr.to_java_bytes
end
end
return true
end
def getMessage
return @txt_input.getText
end
def isModifed
return @txt_input.text_modified?
end
end
效果如图
来源:oschina
链接:https://my.oschina.net/9199771/blog/3168081