feat(burp): add request deduplication for batch scanning

- Add RequestDeduplicator class for both Montoya and Legacy APIs
- Deduplicate requests based on: protocol, method, host, port, path, query params, body params
- Add autoDedupe config option in ConfigManager (default: enabled)
- Add dedupe checkbox in DefaultConfigPanel UI
- Log filtered duplicates in scan output
- Works in conjunction with binary content filtering

Author: githubnull

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java

@@ -251,24 +251,52 @@ private FilterResult filterBinaryRequests(IHttpRequestResponse[] messages) {
 
     /**
      * 发送过滤后的纯文本请求，并记录被过滤的二进制请求日志
+     * 第一步：过滤二进制请求
+     * 第二步：去重处理（如果开启）
      */
     private void sendFilteredRequests(FilterResult filterResult, ScanConfig config) {
-        // 记录过滤统计
+        // 第一步：记录二进制过滤统计
         if (filterResult.binaryCount() > 0) {
-            uiTab.appendLog(String.format("[*] 过滤统计: 共选中 %d 个请求，%d 个纯文本可扫描，%d 个二进制已过滤",
-                filterResult.totalCount(), filterResult.textCount(), filterResult.binaryCount()));
+            uiTab.appendLog(String.format("[*] 二进制过滤: %d 个请求已跳过", filterResult.binaryCount()));
 
             // 记录被过滤的二进制请求URL
             for (IHttpRequestResponse binaryMsg : filterResult.binaryMessages) {
                 IRequestInfo reqInfo = helpers.analyzeRequest(binaryMsg);
                 String url = reqInfo.getUrl().toString();
                 BinaryContentDetector.DetectionResult detection = BinaryContentDetector.detect(binaryMsg, helpers);
-                uiTab.appendLog(String.format("    [跳过] %s (原因: %s)", url, detection.getReason()));
+                uiTab.appendLog(String.format("    [跳过-二进制] %s (原因: %s)", url, detection.getReason()));
             }
         }
 
+        // 第二步：去重处理
+        List<IHttpRequestResponse> messagesToSend = filterResult.textMessages;
+        int duplicateCount = 0;
+        
+        if (configManager.isAutoDedupe() && messagesToSend.size() > 1) {
+            RequestDeduplicator.DedupeResult dedupeResult = RequestDeduplicator.deduplicate(messagesToSend, helpers);
+            
+            if (dedupeResult.hasDuplicates()) {
+                duplicateCount = dedupeResult.duplicateCount();
+                uiTab.appendLog(String.format("[*] 重复过滤: %d 个重复请求已跳过", duplicateCount));
+                
+                // 记录被过滤的重复请求
+                for (IHttpRequestResponse dupMsg : dedupeResult.getDuplicateMessages()) {
+                    String desc = RequestDeduplicator.getRequestDescription(dupMsg, helpers);
+                    uiTab.appendLog(String.format("    [跳过-重复] %s", desc));
+                }
+                
+                messagesToSend = dedupeResult.getUniqueMessages();
+            }
+        }
+        
+        // 输出统计汇总
+        if (filterResult.binaryCount() > 0 || duplicateCount > 0) {
+            uiTab.appendLog(String.format("[*] 最终统计: 共选中 %d 个请求，实际发送 %d 个",
+                filterResult.totalCount(), messagesToSend.size()));
+        }
+        
         // 发送纯文本请求
-        for (IHttpRequestResponse message : filterResult.textMessages) {
+        for (IHttpRequestResponse message : messagesToSend) {
             sendRequestToBackend(message, config);
         }
     }

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/ConfigManager.java

@@ -20,6 +20,7 @@ public class ConfigManager {
     private static final String KEY_PRESET_CONFIGS = "presetConfigs";
     private static final String KEY_HISTORY_CONFIGS = "historyConfigs";
     private static final String KEY_MAX_HISTORY_SIZE = "maxHistorySize";
+    private static final String KEY_AUTO_DEDUPE = "autoDedupe";
 
     // 历史记录数量限制
     public static final int MIN_HISTORY_SIZE = 3;
@@ -32,6 +33,7 @@ public class ConfigManager {
     // 配置数据
     private String backendUrl = "http://localhost:5000";
     private int maxHistorySize = DEFAULT_HISTORY_SIZE;
+    private boolean autoDedupe = true; // 默认开启自动去重
     private ScanConfig defaultConfig;
     private List<ScanConfig> presetConfigs;  // 常用配置
     private List<ScanConfig> historyConfigs; // 历史配置
@@ -69,6 +71,12 @@ private void loadConfigurations() {
             }
         }
 
+        // 加载自动去重配置
+        String savedAutoDedupe = callbacks.loadExtensionSetting(KEY_AUTO_DEDUPE);
+        if (savedAutoDedupe != null && !savedAutoDedupe.isEmpty()) {
+            autoDedupe = Boolean.parseBoolean(savedAutoDedupe);
+        }
+        
         // 加载默认配置
         String defaultConfigJson = callbacks.loadExtensionSetting(KEY_DEFAULT_CONFIG);
         if (defaultConfigJson != null && !defaultConfigJson.isEmpty()) {
@@ -144,6 +152,17 @@ public void setMaxHistorySize(int size) {
         trimHistory();
     }
 
+    // ============ 自动去重配置 ============
+    
+    public boolean isAutoDedupe() {
+        return autoDedupe;
+    }
+    
+    public void setAutoDedupe(boolean enabled) {
+        this.autoDedupe = enabled;
+        callbacks.saveExtensionSetting(KEY_AUTO_DEDUPE, String.valueOf(enabled));
+    }
+    
     // ============ 连接状态管理 ============
 
     public boolean isConnected() {

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/RequestDeduplicator.java

@@ -0,0 +1,272 @@
+package com.sqlmapwebui.burp;
+
+import burp.IExtensionHelpers;
+import burp.IHttpRequestResponse;
+import burp.IRequestInfo;
+
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.*;
+
+/**
+ * HTTP请求去重器 (Legacy API版本)
+ * 
+ * 用于在批量发送扫描任务时自动过滤重复请求
+ * 
+ * 重复判断标准：
+ * - 协议 (http/https)
+ * - 请求方法 (GET/POST等)
+ * - 主机
+ * - 端口
+ * - Path
+ * - URL参数 (Query Parameters)
+ * - Body参数
+ * 
+ * 以上所有条件都相同才认为是重复请求
+ * 
+ * @author SQLMap WebUI Team
+ * @version 1.0.0
+ */
+public class RequestDeduplicator {
+    
+    /**
+     * 去重结果类
+     */
+    public static class DedupeResult {
+        private final List<IHttpRequestResponse> uniqueMessages;
+        private final List<IHttpRequestResponse> duplicateMessages;
+        
+        public DedupeResult(List<IHttpRequestResponse> uniqueMessages, 
+                           List<IHttpRequestResponse> duplicateMessages) {
+            this.uniqueMessages = uniqueMessages;
+            this.duplicateMessages = duplicateMessages;
+        }
+        
+        public List<IHttpRequestResponse> getUniqueMessages() {
+            return uniqueMessages;
+        }
+        
+        public List<IHttpRequestResponse> getDuplicateMessages() {
+            return duplicateMessages;
+        }
+        
+        public int uniqueCount() {
+            return uniqueMessages.size();
+        }
+        
+        public int duplicateCount() {
+            return duplicateMessages.size();
+        }
+        
+        public int totalCount() {
+            return uniqueMessages.size() + duplicateMessages.size();
+        }
+        
+        public boolean hasDuplicates() {
+            return !duplicateMessages.isEmpty();
+        }
+    }
+    
+    /**
+     * 对请求列表进行去重
+     * 
+     * @param messages 原始请求数组
+     * @param helpers Burp扩展帮助器
+     * @return 去重结果
+     */
+    public static DedupeResult deduplicate(IHttpRequestResponse[] messages, IExtensionHelpers helpers) {
+        return deduplicate(Arrays.asList(messages), helpers);
+    }
+    
+    /**
+     * 对请求列表进行去重
+     * 
+     * @param messages 原始请求列表
+     * @param helpers Burp扩展帮助器
+     * @return 去重结果
+     */
+    public static DedupeResult deduplicate(List<IHttpRequestResponse> messages, IExtensionHelpers helpers) {
+        List<IHttpRequestResponse> uniqueMessages = new ArrayList<>();
+        List<IHttpRequestResponse> duplicateMessages = new ArrayList<>();
+        Set<String> seenFingerprints = new HashSet<>();
+        
+        for (IHttpRequestResponse message : messages) {
+            String fingerprint = generateFingerprint(message, helpers);
+            
+            if (seenFingerprints.contains(fingerprint)) {
+                duplicateMessages.add(message);
+            } else {
+                seenFingerprints.add(fingerprint);
+                uniqueMessages.add(message);
+            }
+        }
+        
+        return new DedupeResult(uniqueMessages, duplicateMessages);
+    }
+    
+    /**
+     * 生成请求的唯一指纹
+     * 
+     * 指纹包含：协议、方法、主机、端口、路径、查询参数、请求体
+     */
+    public static String generateFingerprint(IHttpRequestResponse requestResponse, IExtensionHelpers helpers) {
+        StringBuilder sb = new StringBuilder();
+        
+        try {
+            byte[] request = requestResponse.getRequest();
+            IRequestInfo requestInfo = helpers.analyzeRequest(requestResponse);
+            URL url = requestInfo.getUrl();
+            
+            // 1. 协议
+            String protocol = url.getProtocol().toLowerCase();
+            sb.append("protocol:").append(protocol).append("|");
+            
+            // 2. 请求方法
+            String method = requestInfo.getMethod().toUpperCase();
+            sb.append("method:").append(method).append("|");
+            
+            // 3. 主机
+            String host = url.getHost().toLowerCase();
+            sb.append("host:").append(host).append("|");
+            
+            // 4. 端口 (处理默认端口)
+            int port = url.getPort();
+            if (port == -1) {
+                port = "https".equals(protocol) ? 443 : 80;
+            }
+            sb.append("port:").append(port).append("|");
+            
+            // 5. Path
+            String path = url.getPath();
+            if (path == null || path.isEmpty()) {
+                path = "/";
+            }
+            sb.append("path:").append(path).append("|");
+            
+            // 6. 查询参数 (排序后比较，忽略顺序)
+            String query = url.getQuery();
+            String normalizedQuery = normalizeQueryParams(query);
+            sb.append("query:").append(normalizedQuery).append("|");
+            
+            // 7. Body参数 (对于POST/PUT等)
+            int bodyOffset = requestInfo.getBodyOffset();
+            String body = "";
+            if (bodyOffset < request.length) {
+                body = new String(request, bodyOffset, request.length - bodyOffset);
+            }
+            String normalizedBody = normalizeBody(body, getContentType(requestInfo));
+            sb.append("body:").append(normalizedBody);
+            
+        } catch (Exception e) {
+            // 如果解析失败，使用原始请求的hash
+            byte[] request = requestResponse.getRequest();
+            sb.append("raw:").append(new String(request));
+        }
+        
+        // 生成MD5哈希作为指纹
+        return md5Hash(sb.toString());
+    }
+    
+    /**
+     * 规范化查询参数 (排序，忽略顺序差异)
+     */
+    private static String normalizeQueryParams(String query) {
+        if (query == null || query.isEmpty()) {
+            return "";
+        }
+        
+        try {
+            Map<String, List<String>> params = new TreeMap<>();
+            String[] pairs = query.split("&");
+            
+            for (String pair : pairs) {
+                int idx = pair.indexOf("=");
+                String key = idx > 0 ? pair.substring(0, idx) : pair;
+                String value = idx > 0 && pair.length() > idx + 1 ? pair.substring(idx + 1) : "";
+                
+                params.computeIfAbsent(key, k -> new ArrayList<>()).add(value);
+            }
+            
+            // 对每个key的values也排序
+            StringBuilder result = new StringBuilder();
+            for (Map.Entry<String, List<String>> entry : params.entrySet()) {
+                Collections.sort(entry.getValue());
+                for (String value : entry.getValue()) {
+                    if (result.length() > 0) {
+                        result.append("&");
+                    }
+                    result.append(entry.getKey()).append("=").append(value);
+                }
+            }
+            
+            return result.toString();
+            
+        } catch (Exception e) {
+            return query;
+        }
+    }
+    
+    /**
+     * 规范化请求体
+     */
+    private static String normalizeBody(String body, String contentType) {
+        if (body == null || body.isEmpty()) {
+            return "";
+        }
+        
+        // 对于form-urlencoded，进行参数排序
+        if (contentType != null && contentType.contains("application/x-www-form-urlencoded")) {
+            return normalizeQueryParams(body);
+        }
+        
+        // 对于JSON，直接使用原始内容（或可以解析后规范化）
+        // 这里简化处理，直接返回trim后的body
+        return body.trim();
+    }
+    
+    /**
+     * 获取Content-Type
+     */
+    private static String getContentType(IRequestInfo requestInfo) {
+        List<String> headers = requestInfo.getHeaders();
+        for (String header : headers) {
+            if (header.toLowerCase().startsWith("content-type:")) {
+                return header.substring("content-type:".length()).trim().toLowerCase();
+            }
+        }
+        return "";
+    }
+    
+    /**
+     * 生成MD5哈希
+     */
+    private static String md5Hash(String input) {
+        try {
+            MessageDigest md = MessageDigest.getInstance("MD5");
+            byte[] digest = md.digest(input.getBytes(StandardCharsets.UTF_8));
+            StringBuilder sb = new StringBuilder();
+            for (byte b : digest) {
+                sb.append(String.format("%02x", b));
+            }
+            return sb.toString();
+        } catch (NoSuchAlgorithmException e) {
+            // 降级方案：使用Java hashCode
+            return String.valueOf(input.hashCode());
+        }
+    }
+    
+    /**
+     * 获取请求的简短描述（用于日志）
+     */
+    public static String getRequestDescription(IHttpRequestResponse requestResponse, IExtensionHelpers helpers) {
+        try {
+            IRequestInfo requestInfo = helpers.analyzeRequest(requestResponse);
+            URL url = requestInfo.getUrl();
+            return requestInfo.getMethod() + " " + url.getHost() + url.getPath();
+        } catch (Exception e) {
+            return "Unknown Request";
+        }
+    }
+}