fix: 修复 HTTP 方法显示和 Host 头重复问题

后端修复:
- Task.py: 使用 self.method 而不是根据 body 推断方法
- TaskRequest.py: 添加 method 字段到请求模型
- taskService.py: 传递 method 参数并返回给前端
- 更新所有 API 端点，传递 method 参数到 star_task

Burp 插件修复:
- legacy-api/BurpExtender.java: 提取 method 并添加到 JSON payload
- montoya-api/SqlmapContextMenuProvider.java: 使用 PayloadBuilder 工具类
- montoya-api/util/PayloadBuilder.java: 新增工具类，正确处理 method 字段
- montoya-api/util/LoggerUtil.java: 新增日志工具类

前端修复:
- AddTask/index.vue: 添加 method 到请求数据
- task.ts: 添加 method 类型定义，优先使用后端返回的 method
- requestFormatter.ts: 修复 Host 头重复问题

Author: lanshuizhiyue

src/backEnd/api/burpSuiteExApi/admin.py

@@ -26,7 +26,7 @@ async def add_task(taskAddRequest: TaskAddRequest, request: Request, current_use
             logger.info(f"request.client: {request.client}")
             remote_ip = request.client.host
             # pdb.set_trace()
-            res = await taskService.star_task(remote_addr=remote_ip, scanUrl=taskAddRequest.scanUrl, host=taskAddRequest.host, headers=taskAddRequest.headers, body=taskAddRequest.body, options=taskAddRequest.options)
+            res = await taskService.star_task(remote_addr=remote_ip, scanUrl=taskAddRequest.scanUrl, host=taskAddRequest.host, method=taskAddRequest.method, headers=taskAddRequest.headers, body=taskAddRequest.body, options=taskAddRequest.options)
             return res
         else:
             remote_ip = None

src/backEnd/api/commonApi/webTaskController.py

@@ -68,6 +68,7 @@ async def add_task_from_web(
                 remote_addr=remote_ip, 
                 scanUrl=taskAddRequest.scanUrl, 
                 host=taskAddRequest.host, 
+                method=taskAddRequest.method,
                 headers=taskAddRequest.headers, 
                 body=taskAddRequest.body, 
                 options=taskAddRequest.options

src/backEnd/api/webApi/admin.py

@@ -31,6 +31,7 @@ async def add_task(taskAddRequest: TaskAddRequest, request: Request, current_use
             remote_addr=remote_ip,
             scanUrl=taskAddRequest.scanUrl,
             host=taskAddRequest.host,
+            method=taskAddRequest.method,
             headers=taskAddRequest.headers,
             body=taskAddRequest.body,
             options=taskAddRequest.options

src/backEnd/model/Task.py

@@ -47,13 +47,14 @@ def get_default_http_request_temp_dir():
 
 
 class Task(object):
-    def __init__(self, taskid, remote_addr, scanUrl, host, headers, body):
+    def __init__(self, taskid, remote_addr, scanUrl, host, method, headers, body):
         self.status = TaskStatus.New
         self.create_datetime = datetime.now()  # 任务创建时间 (New状态)
         self.start_datetime = None  # 任务开始执行时间 (Running状态)
         self.taskid = taskid
         self.scanUrl = scanUrl
         self.host = host
+        self.method = method
         self.headers = headers
         self.body = body
         self.remote_addr = remote_addr
@@ -266,8 +267,8 @@ def _build_raw_http_request(self):
         if parsed_url.query:
             path += "?" + parsed_url.query
 
-        # 确定请求方法 (如果有body则为POST，否则为GET)
-        method = "POST" if self.body else "GET"
+        # 使用存储的method，如果不存在则根据body推断
+        method = self.method if self.method else ("POST" if self.body else "GET")
 
         # 构建请求行
         request_line = f"{method} {path} HTTP/1.1"

src/backEnd/model/requestModel/TaskRequest.py

@@ -31,6 +31,7 @@ class TaskQueryRequest(BaseModel):
 class TaskAddRequest(BaseModel):
     scanUrl: Annotated[str, Field(description="扫描地址...")]
     host: Annotated[str, Field(description="扫描域名...")]
+    method: Annotated[str, Field(description="请求方法...")]
     headers: Annotated[list, Field(description="请求头...")]
     body: Annotated[str, Field(description="请求体...")]
     options: Annotated[dict, Field(description="扫描参数...")]

src/backEnd/service/taskService.py

@@ -59,17 +59,17 @@ class TaskService(object):
     def __init__(self):
         pass
 
-    def _create_task_sync(self, remote_addr: str, scanUrl: str, host, headers: list, body: str, options: dict, taskid: str):
+    def _create_task_sync(self, remote_addr: str, scanUrl: str, host, method: str, headers: list, body: str, options: dict, taskid: str):
         """同步创建任务（在线程池中执行）"""
         with DataStore.tasks_lock:
-            DataStore.tasks[taskid] = Task(taskid, remote_addr, scanUrl, host, headers, body)
+            DataStore.tasks[taskid] = Task(taskid, remote_addr, scanUrl, host, method, headers, body)
             for option in options:
                 logger.debug(f"option: {option}, value: {options[option]}")
                 DataStore.tasks[taskid].set_option(option, options[option])
             DataStore.tasks[taskid].status = TaskStatus.Runnable
             return DataStore.tasks[taskid].engine_get_id()
 
-    async def star_task(self, remote_addr: str, scanUrl: str, host, headers: list, body: str, options: dict):
+    async def star_task(self, remote_addr: str, scanUrl: str, host, method: str, headers: list, body: str, options: dict):
         option_check_res = validate_options(options)
         if option_check_res is not None:
             return option_check_res
@@ -81,7 +81,7 @@ async def star_task(self, remote_addr: str, scanUrl: str, host, headers: list, b
             engine_id = await loop.run_in_executor(
                 self._executor,
                 self._create_task_sync,
-                remote_addr, scanUrl, host, headers, body, options, taskid
+                remote_addr, scanUrl, host, method, headers, body, options, taskid
             )
             return BaseResponseMsg(
                 data={"engineid": engine_id, "taskid": taskid},
@@ -528,6 +528,7 @@ def _get_task_http_request_info_sync(self, taskId):
             task = DataStore.tasks[taskId]
             http_info = {
                 "url": task.scanUrl,
+                "method": task.method,
                 "headers": task.headers,
                 "body": task.body,
             }

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java

@@ -351,10 +351,20 @@ private void sendRequestToBackend(IHttpRequestResponse requestResponse, ScanConf
             }
             optionsJson.append("}");
 
+            // 提取HTTP方法（从headers的第一行）
+            String method = "GET";
+            if (headers != null && !headers.isEmpty()) {
+                String firstHeader = headers.get(0);
+                if (firstHeader != null && firstHeader.contains(" ")) {
+                    method = firstHeader.substring(0, firstHeader.indexOf(" "));
+                }
+            }
+            
             String jsonPayload = String.format(
-                "{\"scanUrl\":\"%s\",\"host\":\"%s\",\"headers\":%s,\"body\":\"%s\",\"options\":%s}",
+                "{\"scanUrl\":\"%s\",\"host\":\"%s\",\"method\":\"%s\",\"headers\":%s,\"body\":\"%s\",\"options\":%s}",
                 JsonUtils.escapeJson(url),
                 JsonUtils.escapeJson(requestInfo.getUrl().getHost()),
+                JsonUtils.escapeJson(method),
                 headersJson.toString(),
                 JsonUtils.escapeJson(body),
                 optionsJson.toString()

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/SqlmapContextMenuProvider.java

@@ -7,6 +7,7 @@
 import burp.api.montoya.ui.contextmenu.ContextMenuItemsProvider;
 
 import com.sqlmapwebui.burp.dialogs.*;
+import com.sqlmapwebui.burp.util.PayloadBuilder;
 
 import javax.swing.*;
 import java.awt.*;
@@ -273,32 +274,6 @@ private void sendRequestToBackend(HttpRequest request, ScanConfig config) {
                 headersList.add(header.name() + ": " + header.value())
             );
 
-            // 构建JSON payload
-            StringBuilder headersJson = new StringBuilder("[");
-            for (int i = 0; i < headersList.size(); i++) {
-                headersJson.append("\"").append(JsonUtils.escapeJson(headersList.get(i))).append("\"");
-                if (i < headersList.size() - 1) headersJson.append(",");
-            }
-            headersJson.append("]");
-            
-            // 构建options
-            Map<String, Object> options = config.toOptionsMap();
-            StringBuilder optionsJson = new StringBuilder("{");
-            boolean first = true;
-            for (Map.Entry<String, Object> entry : options.entrySet()) {
-                if (!first) optionsJson.append(",");
-                first = false;
-                optionsJson.append("\"").append(entry.getKey()).append("\":");
-                if (entry.getValue() instanceof String) {
-                    optionsJson.append("\"").append(JsonUtils.escapeJson((String)entry.getValue())).append("\"");
-                } else if (entry.getValue() instanceof Boolean) {
-                    optionsJson.append(entry.getValue());
-                } else {
-                    optionsJson.append(entry.getValue());
-                }
-            }
-            optionsJson.append("}");
-            
             // 提取host
             String host = "";
             try {
@@ -308,13 +283,17 @@ private void sendRequestToBackend(HttpRequest request, ScanConfig config) {
                 host = "unknown";
             }
 
-            String jsonPayload = String.format(
-                "{\"scanUrl\":\"%s\",\"host\":\"%s\",\"headers\":%s,\"body\":\"%s\",\"options\":%s}",
-                JsonUtils.escapeJson(url),
-                JsonUtils.escapeJson(host),
-                headersJson.toString(),
-                JsonUtils.escapeJson(body),
-                optionsJson.toString()
+            // 构建options
+            Map<String, Object> options = config.toOptionsMap();
+            
+             // 使用 PayloadBuilder 构建JSON
+            String jsonPayload = PayloadBuilder.buildTaskPayload(
+                url,
+                host,
+                request.method(),
+                headersList,
+                body,
+                options
             );
 
             // 异步发送到后端

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/util/LoggerUtil.java

@@ -0,0 +1,29 @@
+package com.sqlmapwebui.burp.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * 日志工具类（Java 17）
+ * 统一使用 SLF4J 替代 System.out.println 和 PrintWriter
+ */
+public final class LoggerUtil {
+    
+    private LoggerUtil() {
+        throw new AssertionError("LoggerUtil cannot be instantiated");
+    }
+    
+    /**
+     * 获取 Logger
+     */
+    public static Logger getLogger(Class<?> clazz) {
+        return LoggerFactory.getLogger(clazz);
+    }
+    
+    /**
+     * 获取 Logger（使用类名）
+     */
+    public static Logger getLogger(String name) {
+        return LoggerFactory.getLogger(name);
+    }
+}

src/burpEx/montoya-api/src/main/java/com/sqlmapwebui/burp/util/PayloadBuilder.java

@@ -0,0 +1,52 @@
+package com.sqlmapwebui.burp.util;
+
+import com.google.gson.Gson;
+import com.google.gson.JsonObject;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * HTTP 请求 Payload 构建器
+ * 使用 Gson 统一处理 JSON 序列化，替代手动拼接
+ * 
+ * 注意：此类使用 Java 17 语法
+ */
+public final class PayloadBuilder {
+    
+    private static final Gson GSON = new Gson();
+    
+    private PayloadBuilder() {
+        throw new AssertionError("PayloadBuilder cannot be instantiated");
+    }
+    
+    /**
+     * 构建任务 Payload
+     * 
+     * @param scanUrl 扫描 URL
+     * @param host 主机
+     * @param method HTTP 方法
+     * @param headers Headers 列表
+     * @param body 请求体
+     * @param options 扫描选项
+     * @return JSON 字符串
+     */
+    public static String buildTaskPayload(
+            String scanUrl,
+            String host,
+            String method,
+            List<String> headers,
+            String body,
+            Map<String, Object> options) {
+        
+        JsonObject payload = new JsonObject();
+        payload.addProperty("scanUrl", scanUrl);
+        payload.addProperty("host", host);
+        payload.addProperty("method", method);
+        payload.add("headers", GSON.toJsonTree(headers));
+        payload.addProperty("body", body);
+        payload.add("options", GSON.toJsonTree(options));
+        
+        return GSON.toJson(payload);
+    }
+}