feat(ui): 新增复制SQLMap命令与执行扫描功能

- 在右键菜单中新增“复制SQLMap命令”和“执行SQLMap扫描”菜单项
- 支持检测二进制报文，自动禁用相关菜单并显示提示
- 复制功能支持自动复制到剪贴板或显示预览窗口供用户编辑
- 执行功能启动系统终端执行SQLMap命令，并弹窗提示执行状态
- 新增命令预览对话框支持命令编辑、复制及执行操作
- 配置管理器添加剪贴板相关配置项及直接执行配置项
- 在UI主面板新增“剪贴板配置”和“直接执行配置”两个选项卡
- 优化ScanConfig生成参数格式，统一去除等号保持兼容性
- 优化右键菜单显示逻辑，实现依赖后端连接菜单自动禁用
- 新增配置面板支持设置自动复制开关与HTTP请求临时文件目录
- 提供缺失配置提示，引导用户前往直接执行配置界面完善信息

Author: lanshuizhiyue

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java

@@ -3,6 +3,8 @@
 import burp.*;
 
 import com.sqlmapwebui.burp.dialogs.*;
+import com.sqlmapwebui.burp.util.CommandExecutor;
+import com.sqlmapwebui.burp.util.SqlCommandBuilder;
 
 import javax.swing.*;
 import java.awt.*;
@@ -145,11 +147,6 @@ public Component getUiComponent() {
     public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
         List<JMenuItem> menuItems = new ArrayList<>();
 
-        // 只有已连接状态才显示菜单
-        if (!configManager.isConnected()) {
-            return menuItems;
-        }
-        
         byte invocationContext = invocation.getInvocationContext();
         if (invocationContext == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST ||
             invocationContext == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_REQUEST ||
@@ -166,9 +163,15 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
             FilterResult filterResult = filterBinaryRequests(selectedMessages);
             String menuSuffix = filterResult.getMenuSuffix();
 
+            // ==================== 需要后端连接的菜单项（未连接时置灰） ====================
+            boolean connected = configManager.isConnected();
+            
             // 使用用户选择的配置发送
             JMenuItem sendWithDefault = new JMenuItem("Send to SQLMap WebUI" + menuSuffix);
-            if (filterResult.allBinary()) {
+            if (!connected) {
+                sendWithDefault.setEnabled(false);
+                sendWithDefault.setToolTipText("未连接到SQLMap WebUI后端，请检查连接配置");
+            } else if (filterResult.allBinary()) {
                 sendWithDefault.setEnabled(false);
                 sendWithDefault.setToolTipText("所有选中的报文都是二进制格式，无法发起扫描任务");
             } else {
@@ -182,7 +185,10 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
             // 标记注入点并扫描 - 支持多选报文
             int maxMarkCount = configManager.getMaxInjectionMarkCount();
             JMenuItem markInjectionPoints = new JMenuItem("标记注入点并扫描 (*)" + menuSuffix);
-            if (filterResult.allBinary()) {
+            if (!connected) {
+                markInjectionPoints.setEnabled(false);
+                markInjectionPoints.setToolTipText("未连接到SQLMap WebUI后端，请检查连接配置");
+            } else if (filterResult.allBinary()) {
                 markInjectionPoints.setEnabled(false);
                 markInjectionPoints.setToolTipText("所有选中的报文都是二进制格式，无法发起扫描任务");
             } else {
@@ -204,7 +210,10 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
 
             // 配置扫描发送（高级配置对话框）
             JMenuItem sendWithOptions = new JMenuItem("Send to SQLMap WebUI (配置扫描)..." + menuSuffix);
-            if (filterResult.allBinary()) {
+            if (!connected) {
+                sendWithOptions.setEnabled(false);
+                sendWithOptions.setToolTipText("未连接到SQLMap WebUI后端，请检查连接配置");
+            } else if (filterResult.allBinary()) {
                 sendWithOptions.setEnabled(false);
                 sendWithOptions.setToolTipText("所有选中的报文都是二进制格式，无法发起扫描任务");
             } else {
@@ -219,22 +228,62 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
             }
             menuItems.add(sendWithOptions);
 
-            // 提交会话Header 和 Header规则 - 仅在选中单条请求时显示
+            // 提交会话Header 和 Header规则 - 仅在选中单条请求时显示，且需要后端连接
             if (selectedMessages.length == 1 && filterResult.hasTextMessages()) {
                 JMenuItem submitSessionHeaders = new JMenuItem("提交会话Header");
-                submitSessionHeaders.addActionListener(e -> {
-                    SessionHeaderDialog dialog = new SessionHeaderDialog(callbacks, apiClient, uiTab);
-                    dialog.show(filterResult.textMessages.get(0));
-                });
+                if (!connected) {
+                    submitSessionHeaders.setEnabled(false);
+                    submitSessionHeaders.setToolTipText("未连接到SQLMap WebUI后端，请检查连接配置");
+                } else {
+                    submitSessionHeaders.addActionListener(e -> {
+                        SessionHeaderDialog dialog = new SessionHeaderDialog(callbacks, apiClient, uiTab);
+                        dialog.show(filterResult.textMessages.get(0));
+                    });
+                }
                 menuItems.add(submitSessionHeaders);
 
                 JMenuItem submitHeaderRule = new JMenuItem("提交Header规则");
-                submitHeaderRule.addActionListener(e -> {
-                    HeaderRuleDialog dialog = new HeaderRuleDialog(callbacks, apiClient, uiTab);
-                    dialog.show(filterResult.textMessages.get(0));
-                });
+                if (!connected) {
+                    submitHeaderRule.setEnabled(false);
+                    submitHeaderRule.setToolTipText("未连接到SQLMap WebUI后端，请检查连接配置");
+                } else {
+                    submitHeaderRule.addActionListener(e -> {
+                        HeaderRuleDialog dialog = new HeaderRuleDialog(callbacks, apiClient, uiTab);
+                        dialog.show(filterResult.textMessages.get(0));
+                    });
+                }
                 menuItems.add(submitHeaderRule);
             }
+            
+            // ==================== 不依赖后端的菜单项（始终可用） ====================
+            
+            // 复制SQLMap命令
+            JMenuItem copySqlCommand = new JMenuItem("复制SQLMap命令" + menuSuffix);
+            if (filterResult.allBinary()) {
+                copySqlCommand.setEnabled(false);
+                copySqlCommand.setToolTipText("所有选中的报文都是二进制格式，无法生成SQLMap命令");
+            } else {
+                copySqlCommand.addActionListener(e -> {
+                    if (filterResult.hasTextMessages()) {
+                        handleCopySqlCommand(filterResult.textMessages.get(0));
+                    }
+                });
+            }
+            menuItems.add(copySqlCommand);
+            
+            // 执行SQLMap扫描
+            JMenuItem executeSqlMap = new JMenuItem("执行SQLMap扫描" + menuSuffix);
+            if (filterResult.allBinary()) {
+                executeSqlMap.setEnabled(false);
+                executeSqlMap.setToolTipText("所有选中的报文都是二进制格式，无法执行SQLMap扫描");
+            } else {
+                executeSqlMap.addActionListener(e -> {
+                    if (filterResult.hasTextMessages()) {
+                        handleExecuteSqlMap(filterResult.textMessages.get(0));
+                    }
+                });
+            }
+            menuItems.add(executeSqlMap);
         }
 
         return menuItems;
@@ -398,4 +447,182 @@ private void sendRequestToBackend(IHttpRequestResponse requestResponse, ScanConf
             stderr.println("[-] Error: " + e.getMessage());
         }
     }
+    
+    // ==================== 新增：复制SQLMap命令和执行SQLMap扫描 ====================
+    
+    /**
+     * 处理"复制SQLMap命令"菜单点击
+     */
+    private void handleCopySqlCommand(IHttpRequestResponse message) {
+        try {
+            // 检查SQLMap路径是否配置
+            String sqlmapPath = configManager.getDirectSqlmapPath();
+            if (sqlmapPath == null || sqlmapPath.trim().isEmpty()) {
+                if (CommandPreviewDialog.showConfigWarning(uiTab, "SQLMap路径（请在\"直接执行配置\"选项卡中配置）")) {
+                    uiTab.switchToDirectExecuteTab();
+                }
+                return;
+            }
+
+            // 生成HTTP请求字符串
+            String httpRequest = buildHttpRequest(message);
+            
+            // 生成临时文件
+            String requestFilePath = SqlCommandBuilder.generateRequestFile(
+                httpRequest, 
+                configManager.getClipboardTempDir()
+            );
+            
+            // 构建SQLMap命令
+            String command = SqlCommandBuilder.buildCopyableCommand(
+                configManager.getDirectPythonPath(),
+                sqlmapPath,
+                requestFilePath,
+                buildAdditionalParams(configManager.getSelectedScanConfig())
+            );
+            
+            // 根据配置决定是直接复制还是显示预览
+            if (configManager.isClipboardAutoCopy()) {
+                // 直接复制到剪贴板
+                CommandExecutor.copyToClipboard(command);
+                uiTab.appendLog("[+] SQLMap命令已复制到剪贴板");
+                uiTab.appendLog("    请求文件: " + requestFilePath);
+                JOptionPane.showMessageDialog(uiTab, 
+                    "SQLMap命令已复制到剪贴板!\n\n" +
+                    "请求文件: " + requestFilePath,
+                    "复制成功", JOptionPane.INFORMATION_MESSAGE);
+            } else {
+                // 显示预览对话框
+                CommandPreviewDialog dialog = new CommandPreviewDialog(configManager);
+                dialog.showCopyDialog(uiTab, command, requestFilePath);
+            }
+            
+        } catch (Exception e) {
+            uiTab.appendLog("[-] 生成SQLMap命令失败: " + e.getMessage());
+            JOptionPane.showMessageDialog(uiTab, 
+                "生成SQLMap命令失败:\n" + e.getMessage(),
+                "错误", JOptionPane.ERROR_MESSAGE);
+        }
+    }
+    
+    /**
+     * 处理"执行SQLMap扫描"菜单点击
+     */
+    private void handleExecuteSqlMap(IHttpRequestResponse message) {
+        try {
+            // 检查SQLMap路径是否配置
+            String sqlmapPath = configManager.getDirectSqlmapPath();
+            if (sqlmapPath == null || sqlmapPath.isEmpty()) {
+                if (CommandPreviewDialog.showConfigWarning(uiTab, "SQLMap路径")) {
+                    uiTab.switchToDirectExecuteTab();
+                }
+                return;
+            }
+            
+            // 生成HTTP请求字符串
+            String httpRequest = buildHttpRequest(message);
+            
+            // 生成临时文件
+            String requestFilePath = SqlCommandBuilder.generateRequestFile(
+                httpRequest, 
+                configManager.getClipboardTempDir()
+            );
+            
+            // 构建SQLMap命令
+            String sqlmapCommand = SqlCommandBuilder.buildSqlMapCommand(
+                configManager.getDirectPythonPath(),
+                configManager.getDirectSqlmapPath(),
+                requestFilePath,
+                buildAdditionalParams(configManager.getSelectedScanConfig())
+            );
+            
+            // 构建终端命令
+            String terminalCommand = SqlCommandBuilder.buildTerminalCommand(
+                sqlmapCommand,
+                configManager.getDirectTerminalType(),
+                configManager.isDirectKeepTerminal()
+            );
+            
+            uiTab.appendLog("[+] 正在启动SQLMap扫描...");
+            uiTab.appendLog("    请求文件: " + requestFilePath);
+            
+            // 执行命令
+            CommandExecutor.ExecutionResult result = CommandExecutor.executeInTerminal(
+                sqlmapCommand,
+                configManager.getDirectTerminalType(),
+                configManager.isDirectKeepTerminal()
+            );
+            
+            if (result.isSuccess()) {
+                uiTab.appendLog("[+] SQLMap扫描已在终端中启动");
+                JOptionPane.showMessageDialog(uiTab, 
+                    "SQLMap扫描已在终端中启动!\n\n" +
+                    "终端窗口会独立运行，您可以继续使用Burp。",
+                    "执行成功", JOptionPane.INFORMATION_MESSAGE);
+            } else {
+                uiTab.appendLog("[-] 启动终端失败: " + result.getMessage());
+                JOptionPane.showMessageDialog(uiTab, 
+                    "启动终端失败:\n" + result.getMessage(),
+                    "执行失败", JOptionPane.ERROR_MESSAGE);
+            }
+            
+        } catch (Exception e) {
+            uiTab.appendLog("[-] 执行SQLMap扫描失败: " + e.getMessage());
+            JOptionPane.showMessageDialog(uiTab, 
+                "执行SQLMap扫描失败:\n" + e.getMessage(),
+                "错误", JOptionPane.ERROR_MESSAGE);
+        }
+    }
+    
+    /**
+     * 从IHttpRequestResponse构建HTTP请求字符串
+     */
+    private String buildHttpRequest(IHttpRequestResponse message) {
+        StringBuilder request = new StringBuilder();
+        
+        // 获取请求信息
+        IRequestInfo requestInfo = helpers.analyzeRequest(message);
+        
+        // 请求行
+        String method = requestInfo.getMethod();
+        String path = requestInfo.getUrl().getPath();
+        String query = requestInfo.getUrl().getQuery();
+        
+        request.append(method).append(" ").append(path);
+        if (query != null && !query.isEmpty()) {
+            request.append("?").append(query);
+        }
+        request.append(" HTTP/1.1\r\n");
+        
+        // 请求头
+        List<String> headers = requestInfo.getHeaders();
+        for (String header : headers) {
+            request.append(header).append("\r\n");
+        }
+        
+        // 空行
+        request.append("\r\n");
+        
+        // 请求体
+        byte[] body = message.getRequest();
+        if (body != null && body.length > 0) {
+            int bodyOffset = requestInfo.getBodyOffset();
+            String bodyStr = new String(body, bodyOffset, body.length - bodyOffset, StandardCharsets.UTF_8);
+            request.append(bodyStr);
+        }
+        
+        return request.toString();
+    }
+    
+    /**
+     * 构建额外的SQLMap参数（CLI格式）
+     */
+    private String buildAdditionalParams(ScanConfig config) {
+        if (config == null) {
+            return "";
+        }
+        // 使用 toCommandLineString() 生成正确的 CLI 参数（如 --random-agent, --batch 等）
+        return config.toCommandLineString().trim();
+    }
 }
+