Skip to content

Commit 2c9a5ed

Browse files
committed
fix(burp): fix JSON request mistakenly detected as binary
- Update BinaryContentDetector to return text type immediately when Content-Type indicates text content (text/*, application/json, application/xml, etc.) - Skip body content detection for known text types to avoid false positives - Update version to 1.8.16 in both Montoya and Legacy API plugins
1 parent 3b80e48 commit 2c9a5ed

8 files changed

Lines changed: 20 additions & 10 deletions

File tree

src/burpEx/legacy-api/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
<groupId>com.sqlmapwebui</groupId>
88
<artifactId>sqlmap-webui-burp-legacy</artifactId>
9-
<version>1.8.14</version>
9+
<version>1.8.16</version>
1010
<packaging>jar</packaging>
1111

1212
<name>SQLMap WebUI Burp Extension (Legacy API)</name>

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BinaryContentDetector.java

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,12 @@ public static DetectionResult detect(IHttpRequestResponse requestResponse, IExte
134134
String contentType = getContentType(requestInfo);
135135
if (contentType != null && !contentType.isEmpty()) {
136136
DetectionResult contentTypeResult = checkContentType(contentType);
137-
if (contentTypeResult.isBinary()) {
137+
// 如果是已知文本类型,直接返回文本结果,不再进行后续检测
138+
if (!contentTypeResult.isBinary()) {
139+
return contentTypeResult;
140+
}
141+
// 如果是已知二进制类型,直接返回二进制结果
142+
if (contentTypeResult.getReason().startsWith("已知二进制类型")) {
138143
return contentTypeResult;
139144
}
140145
}
@@ -151,7 +156,7 @@ public static DetectionResult detect(IHttpRequestResponse requestResponse, IExte
151156
}
152157
}
153158

154-
// 3. 检查请求体是否包含二进制数据
159+
// 3. 检查请求体是否包含二进制数据(仅针对未知类型)
155160
int bodyOffset = requestInfo.getBodyOffset();
156161
if (bodyOffset < request.length) {
157162
byte[] body = Arrays.copyOfRange(request, bodyOffset, request.length);

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ public class BurpExtender implements IBurpExtender, IContextMenuFactory, ITab {
4343
private SqlmapUITab uiTab;
4444

4545
private static final String EXTENSION_NAME = "SQLMap WebUI";
46-
private static final String EXTENSION_VERSION = "1.0.0";
46+
private static final String EXTENSION_VERSION = "1.8.16";
4747

4848
/**
4949
* 过滤结果类 - 存储过滤后的纯文本请求和过滤统计

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*/
1212
public class AboutDialog extends JDialog {
1313

14-
private static final String VERSION = "1.7.9";
14+
private static final String VERSION = "1.8.16";
1515

1616
/**
1717
* 自定义Logo组件 - 绘制盾牌+注入针头图标

src/burpEx/montoya-api/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
<groupId>com.sqlmapwebui</groupId>
88
<artifactId>sqlmap-webui-burp-montoya</artifactId>
9-
<version>1.8.14</version>
9+
<version>1.8.16</version>
1010
<packaging>jar</packaging>
1111

1212
<name>SQLMap WebUI Burp Extension (Montoya API)</name>

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/BinaryContentDetector.java

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,12 @@ public static DetectionResult detect(HttpRequest request) {
125125
String contentType = getContentType(request);
126126
if (contentType != null && !contentType.isEmpty()) {
127127
DetectionResult contentTypeResult = checkContentType(contentType);
128-
if (contentTypeResult.isBinary()) {
128+
// 如果是已知文本类型,直接返回文本结果,不再进行后续检测
129+
if (!contentTypeResult.isBinary()) {
130+
return contentTypeResult;
131+
}
132+
// 如果是已知二进制类型,直接返回二进制结果
133+
if (contentTypeResult.getReason().startsWith("已知二进制类型")) {
129134
return contentTypeResult;
130135
}
131136
}
@@ -139,7 +144,7 @@ public static DetectionResult detect(HttpRequest request) {
139144
}
140145
}
141146

142-
// 3. 检查请求体是否包含二进制数据
147+
// 3. 检查请求体是否包含二进制数据(仅针对未知类型)
143148
byte[] body = request.body().getBytes();
144149
if (body != null && body.length > 0) {
145150
DetectionResult bodyResult = checkBodyForBinary(body);

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/SqlmapWebUIExtension.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
public class SqlmapWebUIExtension implements BurpExtension {
2020

2121
private static final String EXTENSION_NAME = "SQLMap WebUI";
22-
private static final String EXTENSION_VERSION = "1.0.0";
22+
private static final String EXTENSION_VERSION = "1.8.16";
2323

2424
private MontoyaApi api;
2525
private ConfigManager configManager;

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*/
1212
public class AboutDialog extends JDialog {
1313

14-
private static final String VERSION = "1.7.9";
14+
private static final String VERSION = "1.8.16";
1515

1616
/**
1717
* 自定义Logo组件 - 绘制盾牌+注入针头图标

0 commit comments

Comments
 (0)