montoya-api
简介
学习montoya-api 接口 ,用通俗易懂的方式理解montoya-api
接口文档解读
https://portswigger.github.io/burp-extensions-montoya-api/javadoc/index.html
包含两个接口
BurpExtension:所有的burp 插件必须实现它。
MontoyaApi:burp 通过该接口,让扩展可以在buro中执行一系列操作。
BurpExtension 包含方法 initialize(MontoyaApi api) 用来初始化burp 插件
MontoyaApi:burp 通过该接口,让扩展可以在burp中执行一系列操作。burp.api.montoya,包含以下方法
访问各个模块的功能
burpSuite 接口中方法繁多,后续只列出常用方法的含义
commandLineArguments() 命令行参数操控burp
exportProjectOptionsAsJson(String... paths) 导出项目配置为Json文件
exportUserOptionsAsJson(String... paths)导出项目配置为为jjson文件
shutdown(ShutdownOptions... options) 通过程序关闭burp
taskExecutionEngine() 访问任务执行引擎
version() 检索有关扩展运行的Burp版本的信息。
Collaborator
collaborator()
burp 协作模块,类似dnslog 的域名日志记录服务。
createClient():创建一个新的Burp Collaborator客户端,用于生成Burp Collaborator 域名poc, 并查询Collaborator服务器,查询有无日志记录。
defaultPayloadGenerator() 获取默认域名生成器
restoreClient(SecretKey secretKey) 从之前的会话中恢复
Collaborator sendToComparer(ByteArray... data) 发送数据包到比对模块
Extension
extension()
Extension:提供接口访问扩展相关的功能。
filename() 加载插件名称
isBapp() 确定当前扩展是否作为BApp加载。
registerUnloadingHandler(ExtensionUnloadingHandler handler) 注册一个处理程序,当扩展的状态发生变化时,被通知。注意:任何启动后台线程或打开系统资源(如文件或数据库连接)的扩展都应注册监听器,并在卸载扩展时终止线程/关闭资源。
ResponseKeywordsAnalyzer
createResponseKeywordsAnalyzer(List<String> keywords)
Create a new response keyword analyzer. 创建一个响应包关键字内容分析器,用来获取响应包的信息
ResponseVariationsAnalyzer
createResponseVariationsAnalyzer() 创建一个新的响应包变体 分析器,翻译不准确等会测试一下。
Registration
registerHttpHandler(HttpHandler handler)
Register a handler which will perform an action when a request is about to be sent or a response was received by any Burp tool. 注册一个处理程序。当任何请求或响应经过burp工具时,执行操作。
Registration
registerSessionHandlingAction(SessionHandlingAction sessionHandlingAction)
Register a custom session handler. 注册一个自定义的 会话处理器HttpRequestResponse
sendRequest(HttpRequest request)
Send HTTP requests and retrieve their responses. 发送一个Http 请求,并检索他们的响应。HttpRequestResponse
sendRequest(HttpRequest request, HttpMode httpMode)
Send HTTP requests and retrieve their responses. 发送一个Http 请求,并检索他们的响应。HttpRequestResponse
sendRequest(HttpRequest request, HttpMode httpMode, String connectionId)
Send HTTP requests and retrieve their responses. 发送一个Http 请求,并检索他们的响应。HttpRequestResponse
sendRequest(HttpRequest request, RequestOptions requestOptions)
Send HTTP request with specific request options and retrieve its response. 发送一个定制选项的Http 请求,并检索他们的响应。List<HttpRequestResponse>
sendRequests(List<HttpRequest> requests)
Send HTTP requests in parallel and retrieve their responses. 并发多个 http 请求并检索他们的响应List<HttpRequestResponse>
sendRequests(List<HttpRequest> requests, HttpMode httpMode)
Send HTTP requests in parallel and retrieve their responses. 并发多个 http 请求并检索他们的响应 Intruder
intruder()
访问Intruder模块的相关功能:
Access the functionality of the Intruder.
Registration
registerPayloadGeneratorProvider(PayloadGeneratorProvider payloadGeneratorProvider)
Register a provider for Intruder payloads. 注册payload生成器提供者,Registration
registerPayloadProcessor(PayloadProcessor payloadProcessor)
Register a custom Intruder payload processor. 注册一个自定义 payload 进程void
sendToIntruder(HttpService service, HttpRequestTemplate requestTemplate)
Send an HTTP request to the Burp Intruder tool. 把请求发送到intuder 方法的第二个参数是 请求的模板void
sendToIntruder(HttpRequest request)
Send an HTTP request to the Burp Intruder tool. 把请求发送到intuder Logging
logging()
PrintStream
error() 已经禁用,使用 logToError(java.lang.String)
替代
Deprecated. Use logToError(java.lang.String)
instead.void
logToError(String message) 此方法将报错消息打印到当前插件的标准错误流
This method prints a line of output to the current extension's standard error stream.void
logToError(String message, Throwable cause)
此方法将消息和堆栈跟踪打印到当前插件的标准错误流。 This method prints a message and a stack trace to the current extension's standard error stream.void
logToError(Throwable cause) 此方法将堆栈跟踪打印到当前插件的标准错误流。
This method prints a stack trace to the current extension's standard error stream.PrintStream
output() 禁用,使用logToOutput(java.lang.String
) 代替
Deprecated. Use logToOutput(java.lang.String)
instead.void
logToOutput(String message) 此方法将输出信息打印到当前插件的标准输出流。
This method prints a line of output to the current extension's standard output stream.void
raiseCriticalEvent(String message) 用来在burp事件日志中展示关键事件
This method can be used to display a critical event in the Burp Suite event log.void
raiseDebugEvent(String message) 用来在burp事件日志中展示测试事件
This method can be used to display a debug event in the Burp Suite event log.void
raiseErrorEvent(String message) 用来在burp事件日志中展示错误事件
This method can be used to display an error event in the Burp Suite event log.void
raiseInfoEvent(String message) 用来在burp事件日志中展示信息事件
This method can be used to display an informational event in the Burp Suite event log.void
sendToOrganizer(HttpRequestResponse requestResponse) 用来将http 请求和响应发送到Burp Organizer tool.
This method can be used to send an HTTP request and response to the Burp Organizer tool.void
sendToOrganizer(HttpRequest request) 用来将http请求发送到Burp Organizer tool.
This method can be used to send an HTTP request to the Burp Organizer tool.Interface Persistence
用来 存储项目文件,配置察加你偏好配置文件
PersistedObject
extensionData() 访问burp项目的数据存储功能
Access data storage functionality in the Burp project.Preferences
preferences() 插件和burp 重新加载时,配置相同的偏好配置文件
Access Java preference store functionality in a way that survives reloads of the extension and of Burp Suite.
void
disableIntercept() 关闭burp 代理拦截器开关
This method disables the master interception for Burp Proxy.void
enableIntercept() 启用burp 代理拦截器开关
This method enables the master interception for Burp Proxy.List<ProxyHttpRequestResponse>
history() 返回Http代理历史所有项目的详细信息
This method returns details of all items in the Proxy HTTP history.List<ProxyHttpRequestResponse>
history(ProxyHistoryFilter filter) 返回Http代理历史筛选后的项目详细信息
This method returns details of items in the Proxy HTTP history based on the filter.Registration
registerRequestHandler(ProxyRequestHandler handler) 注册一个处理程序,当代理工具处理请求时被通知
Register a handler which will be notified of requests being processed by the Proxy tool.
Registration
registerResponseHandler(ProxyResponseHandler handler) 注册一个处理程序,当代理工具处理响应时被通知
Register a handler which will be notified of responses being processed by the Proxy tool.Registration
registerWebSocketCreationHandler(ProxyWebSocketCreationHandler handler) 注册一个处理程序,当代理工创建一个WebSocket时,调用该程序
Register a handler which will be invoked whenever a WebSocket is being created by the Proxy tool.List<ProxyWebSocketMessage>
webSocketHistory() 返回代理websockets 历史中项目的详细信息
This method returns details of all items in the Proxy WebSockets history.List<ProxyWebSocketMessage>
webSocketHistory(ProxyWebSocketHistoryFilter filter) 根据过滤器返回代理 websockets 历史中项目的详细信息
This method returns details of items in the Proxy WebSockets history based on the filter.void
sendToRepeater(HttpRequest request) 用来向Burp Repeater工具发送HTTP请求。
This method can be used to send an HTTP request to the Burp Repeater tool.void
sendToRepeater(HttpRequest request, String name) 用来向Burp Repeater工具发送HTTP响应。
This method can be used to send an HTTP request to the Burp Repeater tool.Scanner
scanner()
void
generateReport(List<AuditIssue> issues, ReportFormat format, Path path) 为指定扫描项 生成报告
Generate a report for the specified Scanner issues.Registration
registerAuditIssueHandler(AuditIssueHandler auditIssueHandler) 注册一个处理程序,当扫描工具报告一个新的审计项目时通知该程序
Register a handler which will be notified of new audit issues that are reported by the Scanner tool.Registration
registerInsertionPointProvider(AuditInsertionPointProvider insertionPointProvider) 注册一个扫描器插入点提供者
Register a provider of Scanner insertion points.Registration
registerScanCheck(ScanCheck scanCheck) 注册自定义扫描器检查
Register a custom Scanner check.Audit
startAudit(AuditConfiguration auditConfiguration) 用于在Burp Scanner工具中启动审计。
This method can be used to start an audit in the Burp Scanner tool.Crawl
startCrawl(CrawlConfiguration crawlConfiguration) 用于在Burp Scanner工具中启动爬取。
This method can be used to start a crawl in the Burp Scanner tool.Scope
scope()
void
excludeFromScope(String url) 从目标作用域中排除 指定url
This method can be used to exclude the specified URL from the Suite-wide target scope.void
includeInScope(String url) 向目标作用域中添加 指定url
This method can be used to include the specified URL in the Suite-wide target scope.Registration
registerScopeChangeHandler(ScopeChangeHandler handler) 注册一个处理程序当目标做用域 改变时发起通知该程序
Register a handler which will be notified of changes to Burp's Suite-wide target scope.UserInterface
userInterface()
void
applyThemeToComponent(Component component) 定制化burp风格的用户界面 ,报错 字体大小,颜色,表格间距
Customize UI components in line with Burp's UI style, including font size, colors, table line spacing, etc.HttpRequestEditor
createHttpRequestEditor(EditorOptions... options) 创建Burp的HTTP请求编辑器的新实例,供插件在其自己的用户界面中使用。
Create a new instance of Burp's HTTP request editor, for the extension to use in its own UI.HttpResponseEditor
createHttpResponseEditor(EditorOptions... options) 创建Burp的HTTP响应编辑器的新实例,供插件在其自己的用户界面中使用
Create a new instance of Burp's HTTP response editor, for the extension to use in its own UI.RawEditor
createRawEditor(EditorOptions... options) 创建Burp文本编辑框的新实例,供插件在其自己的用户界面中使用
Create a new instance of Burp's plain text editor, for the extension to use in its own UI.WebSocketMessageEditor
createWebSocketMessageEditor(EditorOptions... options) 创建BurpWebSocket的新实例,供插件在其自己的用户界面中使用
Create a new instance of Burp's WebSocket message editor, for the extension to use in its own UI.Font
currentDisplayFont() 访问burp字体大小
Access Burp's font size.Font
currentEditorFont() 访问消息字体类型和大小
Access the message editor's font type and size.Theme
currentTheme() 识别现在使用的主题
Identify the theme currently being used.Registration
registerContextMenuItemsProvider(ContextMenuItemsProvider provider) 用来注册一个自定义上下文菜单项 的提供者
This method can be used to register a provider of custom context menu items.Registration
registerHttpRequestEditorProvider(HttpRequestEditorProvider provider) 注册一个自定义Http请求编辑框的提供者
This method can be used to register a provider of custom HTTP request editors.Registration
registerHttpResponseEditorProvider(HttpResponseEditorProvider provider) 注册一个自定义Http响应编辑框的提供者
This method can be used to register a provider of custom HTTP response editors.Registration
registerSuiteTab(String title, Component component) 添加一个自定义选项卡 到burp窗口
Add a custom tab to the main Burp Suite window.Registration
registerWebSocketMessageEditorProvider(WebSocketMessageEditorProvider provider) 注册一个自定义web Socket 消息编辑框的 的提供者
This method can be used to register a provider of custom Web Socket message editors.SwingUtils
swingUtils() 一个图形用户界面(GUI)工具包,
Color
colorForHighLight(HighlightColor highlightColor) 转换高亮颜色 为Java颜色
Convert a highlight color to a java color.Window
windowForComponent(Component component) 检索包含所提供组件的顶层窗口
Retrieve the top-level Window
containing the supplied component.
WebSockets
websockets()
提供接口访问 WebSockets 和消息相关的功能
ExtensionWebSocketCreation
createWebSocket(HttpService service, String path) 用指定的Service 和path 创建新的WebSocket
Create a new WebSocket using the specified service and path.ExtensionWebSocketCreation
createWebSocket(HttpRequest upgradeRequest) 用指定的升级请求创建新的 WebSocket
Create a new WebSocket using the specified upgrade request.
Registration
registerWebSocketCreatedHandler(WebSocketCreatedHandler handler) 注册一个处理程序,任何时候burp工具创建WebSocket时,调用该工具。
Register a handler which will be invoked whenever a WebSocket is created by any Burp tool.