Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/xiaoliangli1128/SpringBootFinder
Springboot detection
https://github.com/xiaoliangli1128/SpringBootFinder
burp-extensions burp-plugin
Last synced: 22 days ago
JSON representation
Springboot detection
- Host: GitHub
- URL: https://github.com/xiaoliangli1128/SpringBootFinder
- Owner: xiaoliangli1128
- Created: 2021-10-28T15:57:11.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2021-11-08T08:35:16.000Z (about 3 years ago)
- Last Synced: 2024-08-05T17:36:19.625Z (4 months ago)
- Topics: burp-extensions, burp-plugin
- Language: Java
- Homepage:
- Size: 201 KB
- Stars: 15
- Watchers: 1
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
Awesome Lists containing this project
- awesome-hacking-lists - xiaoliangli1128/SpringBootFinder - Springboot detection (Java)
README
# SpringBootFinder
***
![1](https://github-readme-stats.vercel.app/api?username=xiaoliangli1128&show_icons=true&theme=dracula)## burp插件实现被动探测SpringBoot 框架 基于以下两点实现
>- 递归遍历 urlpath 替换成favicon 再次请求,判断响应body是不是绿色叶子图标
>- 如果404 页面有 "Whitelabel Error Page" 也会提示效果如下图所示
![img](images/img.png)缺点就是 同一个host 下如果请求了不同的路径,都报错的话,会重复
***
原理就是 递归遍历urlpath 分别替换成favicon.ico 进行请求,然后获取响应体body 在求 散列值和shodan和fofa的算法一样```java
String OldReq = helpers.bytesToString(baseRequestResponse.getRequest());
String Rurl = helpers.analyzeRequest(baseRequestResponse).getUrl().getPath();
String[] strlist = Rurl.split("/");
if (strlist.length < 1) {
return null;
}
for (int i = strlist.length - 1; i > 0; i--) { // 反转 path 从后
if (!"".equals(strlist[i])) {
NewReq = OldReq.replace(strlist[i], "favicon.ico?");
IHttpRequestResponse checkRequestResponse = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), helpers.stringToBytes(NewReq));
//IResponseInfo oresponse可以获取body的getBodyOffset()
byte[] res = checkRequestResponse.getResponse();
oresponse = helpers.analyzeResponse(res); //
//IHttpRequestResponse 返回的byte[] response
ores = new String(res);
oResBodyInfo = ores.substring(oresponse.getBodyOffset());
byte[] destResponse;
destResponse = Arrays.copyOfRange(res, oresponse.getBodyOffset(), res.length);
if (destResponse != null) {
if (isSpringBoot(destResponse)) {
issues.add();
}
}
}
```
求图标 散列值
```java
// 判断响应包的图标是不是spring
public boolean isSpringBoot(byte[] destResponse) {
String base64Str = Base64.getMimeEncoder().encodeToString(destResponse);
int favicon = Hashing.murmur3_32().hashString(base64Str.replace("\r", "") + "\n", StandardCharsets.UTF_8).asInt();
if (116323821 == favicon) {
return true;
} else return false;
}```
![img](images/logger.png)
***
# V2 版本去除冗余代码,优化逻辑,提升性能
优化图标重复漏洞问题,但目录报错还是会重复(因为Burpsuite 认为不同目录的相同漏洞,不算重复漏洞)