1.1变动：增加过滤设置
优化显示结果
增加运行提示信息
增加域名正则匹配 
整个插件分为三个面板：任务面板、sqlmapapi参数配置面板、过滤条件面板。
任务面板
server ： sqlmapapi服务的ip和端口
thread：同时检测的任务数量
domain：需要检测的域名，支持正则匹配
clean：清除任务缓存列表
test：测试sqlmapapi的连接是否成功
start：开启检测
左下为任务列表和任务状态，右侧按钮下方是信息提示区域，下方为请求详情和扫描结果。
sqlmapapi参数配置面板
这里的设置参考sqlmap的参数设置。
tamper：列表中的是sqlmap自带的tamper，输入框中可填入自定义的tamper使用 ”,“逗号分割 。
logfile：设置扫描日志记录文件，该文文件存储路径为sqlmapapi服务器上的路径。
过滤条件面板
excludesuffix：用来排除一些指定后缀的请求，使用正则进行匹配。例如：图片、css、js等。
ingorecase：对excludesuffix进行限制是否区分大小写，默认为不区分。
ingoreparams：在对请求进行重复性检测时需要忽略的参数，使用”,“逗号分割，例如：请求中的随机数timestamp等。
excludeparams：在对请求进行过滤时如果存在该参数则不将该请求加入待测列表，例如：验证码checkcode等。
以上是根据这段时间在实际使用的过程中所做的一些修改，后续还会根据大家的建议进一步对该插件进行优化，谢谢大家的支持。
以下是程序中的一些代码以及实现思路：
请求监听段实现代码public void processhttpmessage(int toolflag, boolean messageisrequest, ihttprequestresponse messageinfo) {        boolean addflag = false;// 是否添加到扫描列表        // 判断是否为request请求、开关是否打开        if (messageisrequest && sqlmapapipanel.isstart()) {            string host = helpers.analyzerequest(messageinfo).geturl().gethost();            if (host.matches(targetdomian)) {                irequestinfo irequestinfo = helpers.analyzerequest(messageinfo);                // 从？号处截断url 可区分http 和 https                string url = string.valueof(irequestinfo.geturl());                url = url.indexof(?) > 0 ? url.substring(0, url.indexof(?)) : url;                // 排除指定后缀url(eg : .jpg|.png|.ico)                if (!excludesuffix.matcher(url).matches()) {                    // 构造任务实体                    taskentity entity = new taskentity(irequestinfo.geturl(), //                            irequestinfo.getmethod(), //                            callbacks.savebufferstotempfiles(messageinfo), //                            irequestinfo);                    // 进行数据去重检测                    string hash = bcrypt.hashpw(entity.getsignstring(-1, ingoreparams), salt);                    integer repeatcheckvalue = 1;                    if (string.valueof(irequestinfo.getheaders()).indexof(chris-to-sqlmap) != -1) {                        if (repeatcheck.containskey(hash)) {                            repeatcheckvalue = repeatcheck.get(hash) + 1;                            hash = hash + repeatcheckvalue;                        }                        addflag = true;                    }                    // 检测当前数据包是否重复，检测当前数据包是否要根据参数可选过滤                    else if (!repeatcheck.containskey(hash) && !entity.hasparams(excludeparams)) {                        // repeatcheck                        if (!entity.getparambody().isempty()) {// 检测post参数是否为空                            addflag = true;                        } else if (!entity.getparamurl().isempty()) {// 检测get参数是否为空                            addflag = true;                        } else if (sqlmapapioption.getlevel() >= 3 && !entity.getparamcookie().isempty()) {// level参数大于3是应检测cookie注入                            addflag = true;                        }                    }                    if (addflag) {                        int row = listtasks.size();                        repeatcheck.put(hash, repeatcheckvalue);                        listtasks.add(entity);                        firetablerowsinserted(row, listtasks.size());                    }                }            }        }    }
任务执行段实现代码：public void run() {                while (true) {                    if (!threadflag) {                        try {                            sqlmapapipanel.setmessage(waiting.);                            sleep(3 * 1000);                        } catch (interruptedexception e) {                            stderr.print(e.getmessage());                        }                        continue;                    }                    // 增加任务                    if (runingtasks.size() < thread_number && listtasks_start < listtasks.size()) { while (runingtasks.size() < thread_number && listtasks_start < listtasks.size()) { taskentity entitynew = listtasks.get(listtasks_start); entitynew.settaskid(sqlmapapi.tastnew(sqlmapapiserver)); if (entitynew.gettaskid() != "" && entitynew.gettaskid() != "-") { entitynew.settaskengineid(sqlmapapi.taskstart(sqlmapapiserver, entitynew, sqlmapapioption)); runingtasks.put(entitynew.gettaskid(), entitynew); sqlmapapipanel.setmessage("new task "+entitynew.gettaskid()+" , url :"+string.valueof(entitynew.geturl())+" ."); listtasks_start++; } else { try { sqlmapapipanel.setmessage("new task failed! url :"+string.valueof(entitynew.geturl())+" ."); sleep(3 * 1000); } catch (interruptedexception e) { stderr.print(e.getmessage()); } continue; } } } if (runingtasks.size() != 0) { // 刷新map中任务的状态 list<string> removelist = new arraylist<>();                        for (string key : runingtasks.keyset()) {                            taskentity entityruning = runingtasks.get(key);                            string status = sqlmapapi.flushstatus(sqlmapapiserver, entityruning);                            sqlmapapipanel.setmessage(flash task [ + key + ] + status + .);                            if (terminated.equals(status)) {                                entityruning.settaskstatus(status);                                entityruning.settaskscandata(sqlmapapi.flushscandata(sqlmapapiserver, entityruning));                                sqlmapapipanel.setmessage(task [ + key + ] finished .);                                removelist.add(key);                            } else if (not running.equals(status)) {                                stderr.println(entityruning.gettaskid() + not running);                                // entityruning.settaskengineid(taskstart(entityruning));                            } else {                                entityruning.settaskstatus(status);                            }                            try {                                sleep(3 * 1000);                            } catch (interruptedexception e) {                                stderr.print(e.getmessage());                            }                        }                        if (!removelist.isempty()) {                            for (string key : removelist) {                                runingtasks.remove(key);                            }                        }                        firetablerowsinserted(0, listtasks.size());                    } else {                        try {                            sleep(3 * 1000);                        } catch (interruptedexception e) {                            stderr.print(e.getmessage());                        }                    }                }            }
以上就是burpsuit结合sqlmapapi产生的批量注入插件是怎样的的详细内容。