Update Config.java

README.md

@@ -2,6 +2,11 @@
 
 下载使用：[Releases](https://github.com/TheKingOfDuck/burpFakeIP/releases/tag/1.0)
 
+**2021/09/24**
+
+1. 修复[M00nBack](https://github.com/M00nBack)反馈的一个bug。
+2. 添加了AutoXFF的开关,并将AutoXFF默认设置不开启,如需让插件给每个请求头添加一个随机的XFF请求头可在右键菜单中选择ON开启
+
 
 **2021/05/21**
 

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>net.thekingofduck</groupId>
     <artifactId>fakeIP</artifactId>
-    <version>1.1-SNAPSHOT</version>
+    <version>1.1</version>
 
 
     <build>

src/main/java/burp/BurpExtender.java

@@ -10,12 +10,13 @@ import java.util.List;
 /**
  * Project: fakeIP
  * Date:2021/5/21 上午11:07
+ *
  * @author CoolCat
  * @version 1.0.0
  * Github:https://github.com/TheKingOfDuck
  * When I wirting my code, only God and I know what it does. After a while, only God knows.
  */
-public class BurpExtender implements IBurpExtender, IContextMenuFactory,IIntruderPayloadGeneratorFactory, IIntruderPayloadGenerator, IHttpListener{
+public class BurpExtender implements IBurpExtender, IContextMenuFactory, IIntruderPayloadGeneratorFactory, IIntruderPayloadGenerator, IHttpListener {
     public static IExtensionHelpers helpers;
     private String PLUGIN_NAME = "burpFakeIP";
     private String VERSION = "1.1";
@@ -33,7 +34,7 @@ public class BurpExtender implements IBurpExtender, IContextMenuFactory,IIntrude
                 "[+]    Github: https://github.com/TheKingOfDuck\n" +
                 "[+] ####################################\n" +
                 "[+] Enjoy it~";
-        stdout.println(String.format(banner,PLUGIN_NAME,VERSION));
+        stdout.println(String.format(banner, PLUGIN_NAME, VERSION));
 
         //注册菜单
         callbacks.registerContextMenuFactory(this);
@@ -58,38 +59,51 @@ public class BurpExtender implements IBurpExtender, IContextMenuFactory,IIntrude
         menu.add(random);
         menu.add(autoXFF);
 
-        if(iContextMenuInvocation.getInvocationContext() != IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST){
+        if (iContextMenuInvocation.getInvocationContext() != IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST) {
             return menus;
         }
         custom.addActionListener(new ActionListener() {
             @Override
             public void actionPerformed(ActionEvent arg0) {
                 String ip = JOptionPane.showInputDialog("Pls input ur ip:");
-                Utils.addfakeip(iContextMenuInvocation,ip);
+                Utils.addfakeip(iContextMenuInvocation, ip);
             }
         });
 
         localhost.addActionListener(new ActionListener() {
             @Override
             public void actionPerformed(ActionEvent arg0) {
-                Utils.addfakeip(iContextMenuInvocation,"127.0.0.1");
+                Utils.addfakeip(iContextMenuInvocation, "127.0.0.1");
             }
         });
 
         random.addActionListener(new ActionListener() {
             @Override
             public void actionPerformed(ActionEvent arg0) {
-                Utils.addfakeip(iContextMenuInvocation,Utils.getRandomIp());
+                Utils.addfakeip(iContextMenuInvocation, Utils.getRandomIp());
             }
         });
 
         autoXFF.addActionListener(new ActionListener() {
             @Override
             public void actionPerformed(ActionEvent arg0) {
-                String xff = JOptionPane.showInputDialog("Pls input ur XFF header name:",Config.AUTOXFF);
+
-                String xffvalue = JOptionPane.showInputDialog("Pls input ur XFF header value:",Config.AUTOXFFVALUE);
+                Object[] options = {"OFF", "ON"};
-                Config.AUTOXFF = xff;
+                int flag = JOptionPane.showOptionDialog(null, "AutoXFF Status: " + Config.AUTOXFF_STAT, "FakeIP", JOptionPane.YES_OPTION, JOptionPane.PLAIN_MESSAGE,
-                Config.AUTOXFFVALUE = xffvalue;
+
+                        null, options, options[options.length - 1]);
+
+                switch (flag) {
+                    case 0:
+                        Config.AUTOXFF_STAT = false;
+                        break;
+                    case 1:
+                        Config.AUTOXFF_KEY = JOptionPane.showInputDialog("Pls input ur XFF header name:", Config.AUTOXFF_KEY);
+                        Config.AUTOXFF_VALUE = JOptionPane.showInputDialog("Pls input ur XFF header value:", Config.AUTOXFF_VALUE);
+                        Config.AUTOXFF_STAT = true;
+                        break;
+                    default:
+                }
             }
         });
 
@@ -126,11 +140,11 @@ public class BurpExtender implements IBurpExtender, IContextMenuFactory,IIntrude
 
     @Override
     public void processHttpMessage(int i, boolean b, IHttpRequestResponse iHttpRequestResponse) {
-        if (b){
+        if (b && Config.AUTOXFF_STAT) {
-            if (Config.AUTOXFFVALUE.equals("$RandomIp$")){
+            if (Config.AUTOXFF_VALUE.equals("$RandomIp$")) {
-                Utils.addfakeip(iHttpRequestResponse,Utils.getRandomIp());
+                Utils.addfakeip(iHttpRequestResponse, Utils.getRandomIp());
-            }else {
+            } else {
-                Utils.addfakeip(iHttpRequestResponse,Config.AUTOXFFVALUE);
+                Utils.addfakeip(iHttpRequestResponse, Config.AUTOXFF_VALUE);
             }
         }
     }

src/main/java/burp/Config.java

@@ -18,9 +18,10 @@ public class Config {
             "X-remote-IP","X-remote-addr","True-Client-IP","X-Client-IP","Client-IP","X-Real-IP",
             "Ali-CDN-Real-IP","Cdn-Src-Ip","Cdn-Real-Ip","CF-Connecting-IP","X-Cluster-Client-IP",
             "WL-Proxy-Client-IP", "Proxy-Client-IP","Fastly-Client-Ip","True-Client-Ip","X-Originating-IP",
-            "X-Host","X-Custom-IP-Authorization"
+            "X-Host","X-Custom-IP-Authorization","X-Api-Version"
     );
 
-    public static String AUTOXFF = "X-Forwarded-For";
+    public static boolean AUTOXFF_STAT = false;
-    public static String AUTOXFFVALUE = "$RandomIp$";
+    public static String AUTOXFF_KEY = "X-Forwarded-For";
+    public static String AUTOXFF_VALUE = "$RandomIp$";
 }

src/main/java/burp/Utils.java

@@ -1,6 +1,7 @@
 package burp;
 
 import java.io.UnsupportedEncodingException;
+import java.security.SecureRandom;
 import java.util.List;
 import java.util.Random;
 import java.util.stream.Collectors;
@@ -36,7 +37,7 @@ public class Utils {
         }
 
         //更新header
-        byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(currentRequest).getBytes());
+        byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(currentRequest));
         currentRequest.setRequest(newMessage);
 
     }
@@ -44,38 +45,29 @@ public class Utils {
 
     public static void addfakeip(IHttpRequestResponse iHttpRequestResponse, String ip) {
 
+        //获取原请求信息
+        IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(iHttpRequestResponse);
+        List<String> headers = requestInfo.getHeaders();
 
-        byte contentType = BurpExtender.helpers.analyzeRequest(iHttpRequestResponse).getContentType();
+        //为每个请求添加一个Header
+        headers = headers.stream().filter(key -> !key.equals(Config.AUTOXFF_KEY)).collect(Collectors.toList());
+        headers.add(String.format("%s: %s", Config.AUTOXFF_KEY, ip));
 
-        if (contentType != CONTENT_TYPE_MULTIPART) {
+        //更新header
-            //获取原请求信息
+        byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(iHttpRequestResponse));
-            IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(iHttpRequestResponse);
+        iHttpRequestResponse.setRequest(newMessage);
-            List<String> headers = requestInfo.getHeaders();
-
-            //为每个请求添加一个Header
-            headers = headers.stream().filter(key -> !key.equals(Config.AUTOXFF)).collect(Collectors.toList());
-            headers.add(String.format("%s: %s", Config.AUTOXFF, ip));
-
-            //更新header
-            byte[] newMessage = BurpExtender.helpers.buildHttpMessage(headers, getHttpRequestBody(iHttpRequestResponse).getBytes());
-            iHttpRequestResponse.setRequest(newMessage);
-        }
 
 
     }
 
-    private static String getHttpRequestBody(IHttpRequestResponse httpRequestResponse) {
+    private static byte[] getHttpRequestBody(IHttpRequestResponse httpRequestResponse) {
         byte[] request = httpRequestResponse.getRequest();
         IRequestInfo requestInfo = BurpExtender.helpers.analyzeRequest(request);
 
         int httpBodyOffset = requestInfo.getBodyOffset();
         int httpBodyLength = request.length - httpBodyOffset;
-        String httpBody = null;
+        byte[] httpBody = new byte[httpBodyLength];
-        try {
+        System.arraycopy(request,httpBodyOffset,httpBody,0,httpBodyLength);
-            httpBody = new String(request, httpBodyOffset, httpBodyLength, "UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            throw new RuntimeException(e);
-        }
         return httpBody;
     }
 
@@ -95,9 +87,9 @@ public class Utils {
                 {-569376768, -564133889},
         };
 
-        Random random = new Random();
+        SecureRandom random = new SecureRandom();
         int index = random.nextInt(10);
-        String ip = num2ip(range[index][0] + new Random().nextInt(range[index][1] - range[index][0]));
+        String ip = num2ip(range[index][0] + new SecureRandom().nextInt(range[index][1] - range[index][0]));
         return ip;
     }