diff --git a/pom.xml b/pom.xml
index a85eba5..7f2baf2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -171,6 +171,13 @@
3.4.0
+
+
+
+ org.apache.tika
+ tika-core
+ 3.0.0-BETA
+
diff --git a/src/base/FindUrlAction.java b/src/base/FindUrlAction.java
index 050eb99..0635ab8 100644
--- a/src/base/FindUrlAction.java
+++ b/src/base/FindUrlAction.java
@@ -28,6 +28,8 @@
import burp.IHttpRequestResponse;
import burp.IHttpService;
import burp.threadRequester;
+import org.apache.tika.mime.MediaType;
+import org.apache.tika.mime.MimeTypes;
public class FindUrlAction implements ActionListener {
private IContextMenuInvocation invocation;
@@ -48,26 +50,7 @@ public class FindUrlAction implements ActionListener {
+ "sheetjs.openxmlformats.org\r\n"
+ "www.w3.org");
- public static final List blackPath = TextUtils.textToLines("application/json\r\n"
- + "application/octet-stream\r\n"
- + "application/pdf\r\n"
- + "application/vnd.\r\n"
- + "application/x-mso\r\n"
- + "application/x-www-form-urlencoded\r\n"
- + "application/xml\r\n"
- + "application/zip\r\n"
- + "image/bmp\r\n"
- + "image/gif\r\n"
- + "image/jpeg\r\n"
- + "image/pdf\r\n"
- + "image/png\r\n"
- + "image/tiff\r\n"
- + "image/x-\r\n"
- + "text/css\r\n"
- + "text/html\r\n"
- + "text/javascript\r\n"
- + "text/plain");
-
+ public static final List blackPath = MimeTypesList.genMIMETypeListAsPathBlackList();
public static Proxy CurrentProxy;
public static HashMap httpServiceBaseUrlMap = new HashMap<>();
diff --git a/src/base/MimeTypesList.java b/src/base/MimeTypesList.java
new file mode 100644
index 0000000..f49f2bb
--- /dev/null
+++ b/src/base/MimeTypesList.java
@@ -0,0 +1,63 @@
+package base;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.commons.io.FileUtils;
+import org.apache.tika.mime.MediaType;
+import org.apache.tika.mime.MimeTypes;
+
+public class MimeTypesList {
+ public static void main(String[] args) {
+ genMIMETypeListAsPathBlackList();
+ }
+
+ /**
+ * 生成用于作为路径黑名单的MIME列表
+ * @param args
+ */
+ public static List genMIMETypeListAsPathBlackList() {
+ List result = new ArrayList<>();
+
+ // 获取默认的 MimeTypes 实例
+ MimeTypes allTypes = MimeTypes.getDefaultMimeTypes();
+
+ // 获取所有已注册的 MIME 类型
+ for (MediaType type : allTypes.getMediaTypeRegistry().getTypes()) {
+ String typeStr = type.getType().toString();
+ //"text" for "text/plain"
+ String subTypeStr = type.getSubtype().toString();
+ //"plain" for "text/plain"
+ if (subTypeStr.contains(";")) {
+ subTypeStr = subTypeStr.substring(0,subTypeStr.indexOf(";")+1);
+ }
+ if (subTypeStr.contains("-")) {
+ subTypeStr = subTypeStr.substring(0,subTypeStr.indexOf("-")+1);
+ }
+ if (subTypeStr.contains(".")) {
+ subTypeStr = subTypeStr.substring(0,subTypeStr.indexOf(".")+1);
+ }
+ if (subTypeStr.contains("+")) {
+ subTypeStr = subTypeStr.substring(0,subTypeStr.indexOf("+")+1);
+ }
+
+ String item =typeStr+"/"+subTypeStr;
+ System.out.println(item);
+
+ if (!result.contains(item)) {
+ result.add(item);
+ }
+ }
+
+// try {
+// FileUtils.writeLines(new File("blackPath.txt"), result);
+// } catch (IOException e) {
+// // TODO Auto-generated catch block
+// e.printStackTrace();
+// }
+
+ return result;
+ }
+}
diff --git a/src/base/blackPath.txt b/src/base/blackPath.txt
index 7e77df3..758a35d 100644
--- a/src/base/blackPath.txt
+++ b/src/base/blackPath.txt
@@ -1,19 +1,413 @@
+application/activemessage
+application/andrew-
+application/applefile
+application/applixware
+application/atom+
+application/atomcat+
+application/atomicmail
+application/atomsvc+
+application/auth-
+application/batch-
+application/beep+
+application/bizagi-
+application/cals-
+application/cbor
+application/ccxml+
+application/cea-
+application/cellml+
+application/cnrp+
+application/commonground
+application/conference-
+application/coreldraw
+application/cpl+
+application/csta+
+application/cstadata+
+application/cu-
+application/cybercash
+application/dash+
+application/davmount+
+application/dca-
+application/dec-
+application/dialog-
+application/dicom
+application/dif+
+application/dita+
+application/dns
+application/dvcs
+application/ecmascript
+application/edi-
+application/edifact
+application/emma+
+application/envi.
+application/epp+
+application/epub+
+application/eshop
+application/example
+application/fastinfoset
+application/fastsoap
+application/fits
+application/font-
+application/gzip
+application/h224
+application/http
+application/hwp+
+application/hyperstudio
+application/ibe-
+application/iges
+application/illustrator
+application/illustrator+
+application/im-
+application/index
+application/index.
+application/inf
+application/iotp
+application/ipp
+application/isup
+application/java-
+application/javascript
application/json
-application/octet-stream
+application/kate
+application/kpml-
+application/lost+
+application/mac-
+application/macwriteii
+application/manifest+
+application/marc
+application/mathematica
+application/mathml+
+application/mbms-
+application/mbox
+application/media_control+
+application/mediaservercontrol+
+application/mikey
+application/moss-
+application/mosskey-
+application/mp4
+application/mpeg4-
+application/msword
+application/msword2
+application/msword5
+application/mxf
+application/nasdata
+application/news-
+application/nss
+application/ocsp-
+application/octet-
+application/oda
+application/oebps-
+application/ogg
+application/onenote
+application/onix-
+application/parityfec
+application/patch-
application/pdf
+application/pgp-
+application/pics-
+application/pidf+
+application/pidf-
+application/pkcs10
+application/pkcs7-
+application/pkix-
+application/pkixcmp
+application/pls+
+application/poc-
+application/postscript
+application/prs.
+application/qsig
+application/quicktime
+application/rdf+
+application/reginfo+
+application/relax-
+application/remote-
+application/resource-
+application/riscos
+application/rlmi+
+application/rls-
+application/rsd+
+application/rss+
+application/rtf
+application/rtx
+application/samlassertion+
+application/samlmetadata+
+application/sbml+
+application/scvp-
+application/sdp
+application/sereal
+application/set-
+application/sgml
+application/sgml-
+application/shf+
+application/sieve
+application/simple-
+application/simplesymbolcontainer
+application/slate
+application/sldworks
+application/smil+
+application/soap+
+application/sparql-
+application/spirits-
+application/srgs
+application/srgs+
+application/ssml+
+application/timestamp-
+application/timestamped-
+application/ttml+
+application/tve-
+application/ulpfec
+application/vemmi
+application/vividence.
application/vnd.
-application/x-mso
-application/x-www-form-urlencoded
+application/voicexml+
+application/warc
+application/warc+
+application/wasm
+application/watcherinfo+
+application/whoispp-
+application/winhlp
+application/wita
+application/wordperfect5.
+application/wsdl+
+application/wspolicy+
+application/x-
+application/x400-
+application/xcap-
+application/xcon-
+application/xenc+
+application/xhtml+
+application/xhtml-
application/xml
+application/xml-
+application/xmpp+
+application/xop+
+application/xquery
+application/xslfo+
+application/xslt+
+application/xspf+
+application/xv+
application/zip
+application/zlib
+application/zstd
+audio/32kadpcm
+audio/3gpp
+audio/3gpp2
+audio/ac3
+audio/adpcm
+audio/amr
+audio/amr-
+audio/asc
+audio/basic
+audio/bv16
+audio/bv32
+audio/clearmode
+audio/cn
+audio/dat12
+audio/dls
+audio/dsr-
+audio/dvi4
+audio/eac3
+audio/evrc
+audio/evrc-
+audio/evrc0
+audio/evrc1
+audio/evrcb
+audio/evrcb0
+audio/evrcb1
+audio/evrcwb
+audio/evrcwb0
+audio/evrcwb1
+audio/example
+audio/g719
+audio/g722
+audio/g7221
+audio/g723
+audio/g726-
+audio/g728
+audio/g729
+audio/g7291
+audio/g729d
+audio/g729e
+audio/gsm
+audio/gsm-
+audio/ilbc
+audio/l16
+audio/l20
+audio/l24
+audio/l8
+audio/lpc
+audio/midi
+audio/mobile-
+audio/mp4
+audio/mp4a-
+audio/mpa
+audio/mpa-
+audio/mpeg
+audio/mpeg4-
+audio/ogg
+audio/opus
+audio/parityfec
+audio/pcma
+audio/pcma-
+audio/pcmu
+audio/pcmu-
+audio/prs.
+audio/qcelp
+audio/red
+audio/rtp-
+audio/rtx
+audio/smv
+audio/smv-
+audio/smv0
+audio/sp-
+audio/speex
+audio/t140c
+audio/t38
+audio/telephone-
+audio/tone
+audio/ulpfec
+audio/vdvi
+audio/vmr-
+audio/vnd.
+audio/vorbis
+audio/vorbis-
+audio/x-
+chemical/x-
+image/aces
+image/avif
image/bmp
+image/cgm
+image/emf
+image/example
+image/fits
+image/g3fax
image/gif
+image/heic
+image/heic-
+image/heif
+image/heif-
+image/icns
+image/ief
+image/jp2
image/jpeg
-image/pdf
+image/jpm
+image/jpx
+image/jxl
+image/naplps
+image/nitf
image/png
+image/prs.
+image/svg+
+image/t38
image/tiff
+image/tiff-
+image/vnd.
+image/webp
+image/wmf
image/x-
+message/cpim
+message/delivery-
+message/disposition-
+message/example
+message/external-
+message/global
+message/global-
+message/http
+message/imdn+
+message/news
+message/partial
+message/rfc822
+message/s-
+message/sip
+message/sipfrag
+message/tracking-
+message/vnd.
+message/x-
+model/e57
+model/example
+model/iges
+model/mesh
+model/vnd.
+model/vrml
+multipart/alternative
+multipart/appledouble
+multipart/byteranges
+multipart/digest
+multipart/encrypted
+multipart/example
+multipart/form-
+multipart/header-
+multipart/mixed
+multipart/parallel
+multipart/related
+multipart/report
+multipart/signed
+multipart/voice-
+text/asp
+text/aspdotnet
+text/calendar
text/css
+text/csv
+text/directory
+text/dns
+text/ecmascript
+text/enriched
+text/example
text/html
-text/javascript
-text/plain
\ No newline at end of file
+text/iso19139+
+text/parityfec
+text/plain
+text/prs.
+text/red
+text/rfc822-
+text/richtext
+text/rtp-
+text/rtx
+text/sgml
+text/t140
+text/tab-
+text/troff
+text/ulpfec
+text/uri-
+text/vnd.
+text/vtt
+text/x-
+video/3gpp
+video/3gpp-
+video/3gpp2
+video/bmpeg
+video/bt656
+video/celb
+video/daala
+video/dv
+video/example
+video/h261
+video/h263
+video/h263-
+video/h264
+video/iso.
+video/jpeg
+video/jpeg2000
+video/mj2
+video/mp1s
+video/mp2p
+video/mp2t
+video/mp4
+video/mp4v-
+video/mpeg
+video/mpeg4-
+video/mpv
+video/nv
+video/ogg
+video/parityfec
+video/pointer
+video/quicktime
+video/raw
+video/rtp-
+video/rtx
+video/smpte292m
+video/theora
+video/ulpfec
+video/vc1
+video/vnd.
+video/webm
+video/x-
+x-conference/x-