{"id":13843179,"url":"https://github.com/xiaoliangli1128/SpringBootFinder","last_synced_at":"2025-07-11T18:30:38.204Z","repository":{"id":40335214,"uuid":"422266966","full_name":"xiaoliangli1128/SpringBootFinder","owner":"xiaoliangli1128","description":"Springboot detection","archived":false,"fork":false,"pushed_at":"2021-11-08T08:35:16.000Z","size":206,"stargazers_count":15,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-11-21T14:38:38.052Z","etag":null,"topics":["burp-extensions","burp-plugin"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xiaoliangli1128.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-10-28T15:57:11.000Z","updated_at":"2023-11-20T07:19:51.000Z","dependencies_parsed_at":"2022-07-15T21:01:25.771Z","dependency_job_id":null,"html_url":"https://github.com/xiaoliangli1128/SpringBootFinder","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/xiaoliangli1128/SpringBootFinder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaoliangli1128%2FSpringBootFinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaoliangli1128%2FSpringBootFinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaoliangli1128%2FSpringBootFinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaoliangli1128%2FSpringBootFinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xiaoliangli1128","download_url":"https://codeload.github.com/xiaoliangli1128/SpringBootFinder/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xiaoliangli1128%2FSpringBootFinder/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264869962,"owners_count":23676138,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-extensions","burp-plugin"],"created_at":"2024-08-04T17:01:56.832Z","updated_at":"2025-07-11T18:30:37.913Z","avatar_url":"https://github.com/xiaoliangli1128.png","language":"Java","funding_links":[],"categories":["Java"],"sub_categories":[],"readme":"# SpringBootFinder \n***\n![1](https://github-readme-stats.vercel.app/api?username=xiaoliangli1128\u0026show_icons=true\u0026theme=dracula)\n\n## burp插件实现被动探测SpringBoot 框架 基于以下两点实现\n\u003e- 递归遍历 urlpath 替换成favicon 再次请求,判断响应body是不是绿色叶子图标\n\u003e- 如果404 页面有 \"Whitelabel Error Page\" 也会提示\n\n效果如下图所示\n![img](images/img.png)\n\n缺点就是 同一个host 下如果请求了不同的路径，都报错的话,会重复\n***\n原理就是 递归遍历urlpath 分别替换成favicon.ico 进行请求，然后获取响应体body 在求 散列值和shodan和fofa的算法一样\n\n```java\n        String OldReq = helpers.bytesToString(baseRequestResponse.getRequest());\n        String Rurl = helpers.analyzeRequest(baseRequestResponse).getUrl().getPath();\n        String[] strlist = Rurl.split(\"/\");\n        if (strlist.length \u003c 1) {\n            return null;\n        }\n        for (int i = strlist.length - 1; i \u003e 0; i--) { // 反转 path 从后\n            if (!\"\".equals(strlist[i])) {\n                NewReq = OldReq.replace(strlist[i], \"favicon.ico?\");\n                IHttpRequestResponse checkRequestResponse = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), helpers.stringToBytes(NewReq));\n                //IResponseInfo oresponse可以获取body的getBodyOffset()\n                byte[] res = checkRequestResponse.getResponse();\n                oresponse = helpers.analyzeResponse(res); //\n                //IHttpRequestResponse 返回的byte[] response\n                ores = new String(res);\n                oResBodyInfo = ores.substring(oresponse.getBodyOffset());\n                byte[] destResponse;\n                destResponse = Arrays.copyOfRange(res, oresponse.getBodyOffset(), res.length);\n                if (destResponse != null) {\n                    if (isSpringBoot(destResponse)) {\n                        issues.add();                        \n                    }\n                }\n            }\n```\n求图标 散列值\n```java\n  // 判断响应包的图标是不是spring\n    public boolean isSpringBoot(byte[] destResponse) {\n        String base64Str = Base64.getMimeEncoder().encodeToString(destResponse);\n        int favicon = Hashing.murmur3_32().hashString(base64Str.replace(\"\\r\", \"\") + \"\\n\", StandardCharsets.UTF_8).asInt();\n        if (116323821 == favicon) {\n            return true;\n        } else return false;\n    }\n\n```\n![img](images/logger.png)\n***\n# V2 版本去除冗余代码，优化逻辑，提升性能\n优化图标重复漏洞问题，但目录报错还是会重复(因为Burpsuite 认为不同目录的相同漏洞，不算重复漏洞)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxiaoliangli1128%2FSpringBootFinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxiaoliangli1128%2FSpringBootFinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxiaoliangli1128%2FSpringBootFinder/lists"}