chore(release): bump version to 1.8.49

Author: lanshuizhiyue

README.md

@@ -9,7 +9,7 @@
   <img src="https://img.shields.io/badge/Vue-3.x-green.svg" alt="Vue">
   <img src="https://img.shields.io/badge/FastAPI-0.100+-red.svg" alt="FastAPI">
   <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License">
-  <img src="https://img.shields.io/badge/Version-1.8.47-orange.svg" alt="Version">
+  <img src="https://img.shields.io/badge/Version-1.8.49-orange.svg" alt="Version">
 </p>
 
 <p align="center">
@@ -288,12 +288,27 @@ sqlmapWebUI/
 
 ## 📝 更新日志
 
+### v1.8.49 (2026-03-27)
+
+**文档**
+- 全面更新项目文档，同步最新功能特性
+- 更新 README 中英文版本版本号和变更日志
+- 更新使用指南文档，补充 Burp 插件命令执行配置说明
+- 更新前端 About 页面版本号
+- 更新 Burp 插件帮助文档内容
+
 ### v1.8.48 (2026-03-27)
 
 **修复 (CI/CD)**
 - 修复 GitHub Actions 构建 Burp Legacy 插件时 `maven-clean-plugin:3.2.0` 下载 403 Forbidden 错误
 - 在两个 Burp 插件 pom.xml 中显式声明 `maven-clean-plugin:3.4.0`
 
+**新功能 (Burp 插件)**
+- 新增命令执行配置功能，支持直接在终端执行 SQLMap 扫描
+- 新增终端窗口标题规则配置，支持自定义标题提取规则
+- 新增命令预览对话框，实时预览生成的 SQLMap 命令
+- 新增配置导入导出功能，方便备份和分享配置
+
 ### v1.8.47 (2026-03-26)
 
 **修复 (扫描任务)**

README_EN.md

@@ -9,7 +9,7 @@
   <img src="https://img.shields.io/badge/Vue-3.x-green.svg" alt="Vue">
   <img src="https://img.shields.io/badge/FastAPI-0.100+-red.svg" alt="FastAPI">
   <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License">
-  <img src="https://img.shields.io/badge/Version-1.8.41-orange.svg" alt="Version">
+  <img src="https://img.shields.io/badge/Version-1.8.49-orange.svg" alt="Version">
 </p>
 
 <p align="center">
@@ -288,6 +288,81 @@ Please read the [Disclaimer](DISCLAIMER.md) before use.
 
 ## 📝 Changelog
 
+### v1.8.49 (2026-03-27)
+
+**Documentation**
+- Comprehensive update of project documentation to reflect latest features
+- Updated README version numbers and changelogs in both Chinese and English
+- Updated user guide with Burp plugin command execution configuration details
+- Updated frontend About page version number
+- Updated Burp plugin help documentation
+
+### v1.8.48 (2026-03-27)
+
+**Fixes (CI/CD)**
+- Fixed GitHub Actions build Burp Legacy plugin `maven-clean-plugin:3.2.0` download 403 Forbidden error
+- Explicitly declared `maven-clean-plugin:3.4.0` in both Burp plugin pom.xml files
+
+**New Features (Burp Plugin)**
+- Added command execution configuration, support direct SQLMap scan execution in terminal
+- Added terminal window title rule configuration, support custom title extraction rules
+- Added command preview dialog, real-time preview of generated SQLMap commands
+- Added configuration import/export functionality for easy backup and sharing
+
+### v1.8.47 (2026-03-26)
+
+**Fixes (Scan Tasks)**
+- Fixed proxy connection timeout issue when submitting scans via Burp plugin
+- Root cause: `apply_header_rules()` wrote all request headers to sqlmap config file's `headers` option, conflicting with request file (`-r`) headers
+- Now headers are only passed through request file, consistent with command line execution behavior
+
+### v1.8.46 (2026-03-26)
+
+**Fixes (Scan Tasks)**
+- Fixed XML body truncation issue (Windows line endings causing Content-Length mismatch)
+- Removed Content-Length header, allowing sqlmap to auto-calculate based on actual body
+- Use binary mode to write request files, avoiding Windows automatic line ending conversion
+- Normalized body line endings to standard HTTP line endings
+
+**Improvements (Burp Plugin)**
+- Replaced manual JSON string concatenation with Gson/PayloadBuilder
+- Eliminated risks of incomplete escaping for special characters (e.g., XML content)
+
+### v1.8.45 (2026-03-26)
+
+**New Features (VulnShop Lab)**
+- Added logistics management module, support order shipping and tracking
+- Added shipping_handlers for logistics-related requests
+- Updated database structure, added logistics information table
+- Updated frontend interface, added logistics management page and styles
+
+**Fixes**
+- Fixed task_monitor.py related issues
+- Removed deprecated req.txt file
+
+### v1.8.44 (2026-03-26)
+
+**New Features (Burp Plugin)**
+- Added command execution configuration, support custom SQLMap command execution methods
+- Added command execution configuration panel with visual configuration interface
+- Added command execution help dialog with detailed configuration instructions
+- Added request title extraction, support extracting custom titles from requests
+- Added title rule management, support creating, editing, deleting title extraction rules
+- Added title rule test dialog, support real-time testing of rule effects
+- Added command preview dialog, support previewing generated SQLMap commands
+- Added direct execution configuration panel, support one-click scan execution
+
+**Refactoring (Burp Plugin)**
+- Removed deprecated clipboard configuration panel, replaced with more flexible command execution configuration
+- Refactored command executor to support configurable command execution
+- Refactored SQL command builder to enhance command building capabilities
+- Refactored title extractor to support multiple title source types and regex matching
+
+**Improvements (Burp Plugin)**
+- Optimized context menu integration, providing richer scan options
+- Improved configuration manager to support more configuration types
+- Optimized preset configuration database to support title rule storage
+
 ### v1.8.41 (2026-02-28)
 
 **Documentation**

doc/USAGE_GUIDE.md

@@ -616,13 +616,44 @@ mvn clean package -DskipTests
 4. **活动日志**:
    - 查看发送历史和结果
 
+#### v1.8.44+ 新增功能
+
+- **命令执行配置**: 支持直接在终端执行 SQLMap 扫描，无需通过后端服务器
+- **终端标题规则**: 支持自定义终端窗口标题提取规则，便于识别多个扫描窗口
+- **命令预览**: 实时预览生成的 SQLMap 命令
+- **配置导入导出**: 支持配置的备份和分享
+
 #### v1.8.38+ 新增功能
 
 - **历史配置自动保存**: 创建任务后自动保存到历史配置
 - **请求去重**: 自动检测并跳过重复请求
 - **二进制内容检测**: 检测二进制内容并警告
 - **中文编码处理**: 正确处理中文字符
 
+#### 命令执行配置
+
+**v1.8.44+ 功能**
+
+命令执行配置允许直接在本地终端执行 SQLMap 扫描：
+
+1. 进入「命令行执行配置」标签页
+2. 配置以下参数：
+   - **Python 路径**: Python 解释器路径（可选，留空使用系统默认）
+   - **SQLMap 路径**: sqlmap.py 脚本的完整路径（必填）
+   - **终端类型**: 自动检测或手动选择（CMD/PowerShell/Terminal 等）
+   - **保持终端打开**: 扫描完成后是否保持终端窗口
+3. 配置标题规则（可选）：
+   - 添加自定义规则从请求中提取终端窗口标题
+   - 支持从 Host、URL 路径、自定义正则等提取
+   - 按优先级顺序匹配，首个匹配的规则生效
+4. 点击「保存设置」
+
+**使用方法**:
+1. 在 Burp 中拦截或查看请求
+2. 右键选择「执行 SQLMap 扫描」
+3. 系统自动打开终端并执行 SQLMap 命令
+4. HTTP 请求会保存为临时文件，使用 `-r` 参数传递
+
 #### 扫描参数
 
 | 参数 | 说明 | 默认值 |

doc/USAGE_GUIDE_EN.md

@@ -610,13 +610,44 @@ mvn clean package -DskipTests
 4. **Activity Log**:
    - View send history and results
 
+#### New Features in v1.8.44+
+
+- **Command Execution Configuration**: Support direct SQLMap scan execution in terminal without backend server
+- **Terminal Title Rules**: Support custom terminal window title extraction rules for easy identification of multiple scan windows
+- **Command Preview**: Real-time preview of generated SQLMap commands
+- **Configuration Import/Export**: Support backup and sharing of configurations
+
 #### New Features in v1.8.38+
 
 - **Auto-save to History**: Automatically saves to history configs after creating tasks
 - **Request Deduplication**: Automatically detects and skips duplicate requests
 - **Binary Content Detection**: Detects binary content and warns
 - **Chinese Encoding Handling**: Correctly handles Chinese characters
 
+#### Command Execution Configuration
+
+**v1.8.44+ Feature**
+
+Command execution configuration allows direct SQLMap scan execution in local terminal:
+
+1. Go to "Command Execution Configuration" tab
+2. Configure the following parameters:
+   - **Python Path**: Python interpreter path (optional, uses system default if empty)
+   - **SQLMap Path**: Full path to sqlmap.py script (required)
+   - **Terminal Type**: Auto-detect or manual selection (CMD/PowerShell/Terminal, etc.)
+   - **Keep Terminal Open**: Whether to keep terminal window after scan completes
+3. Configure title rules (optional):
+   - Add custom rules to extract terminal window title from requests
+   - Support extraction from Host, URL path, custom regex, etc.
+   - Match in priority order, first matched rule takes effect
+4. Click "Save Settings"
+
+**Usage**:
+1. Intercept or view requests in Burp
+2. Right-click and select "Execute SQLMap Scan"
+3. System automatically opens terminal and executes SQLMap command
+4. HTTP request is saved as temporary file, passed using `-r` parameter
+
 #### Scan Parameters
 
 | Parameter | Description | Default |

src/backEnd/config.py

@@ -4,4 +4,4 @@
 MAX_TASKS_COUNT_LOCK = threading.Lock()
 
 
-VERSION = "1.8.48"
+VERSION = "1.8.49"

src/burpEx/legacy-api/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.sqlmapwebui</groupId>
     <artifactId>sqlmap-webui-burp-legacy</artifactId>
-    <version>1.8.48</version>
+    <version>1.8.49</version>
     <packaging>jar</packaging>
 
     <name>SQLMap WebUI Burp Extension (Legacy API)</name>

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/BurpExtender.java

@@ -50,7 +50,7 @@ public class BurpExtender implements IBurpExtender, IContextMenuFactory, ITab {
     private SqlmapUITab uiTab;
 
     private static final String EXTENSION_NAME = "SQLMap WebUI";
-    private static final String EXTENSION_VERSION = "1.8.48";
+    private static final String EXTENSION_VERSION = "1.8.49";
 
     /**
      * 过滤结果类 - 存储过滤后的纯文本请求和过滤统计

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/dialogs/AboutDialog.java

@@ -11,7 +11,7 @@
  */
 public class AboutDialog extends JDialog {
 
-    private static final String VERSION = "1.8.48";
+    private static final String VERSION = "1.8.49";
 
     // 帮助内容HTML模板 - 使用模块化组织
     private static final String HELP_CONTENT_HTML = "<html><head><style>" +

src/burpEx/legacy-api/src/main/java/com/sqlmapwebui/burp/panels/DirectExecuteConfigPanel.java

@@ -338,6 +338,14 @@ private String createHelpContent() {
             "<li>按优先级顺序匹配规则，数字越小优先级越高</li>" +
             "<li>默认规则 (URL路径) 不可删除，作为最终兜底</li>" +
             "<li>首个成功匹配的规则将被用于终端标题</li>" +
+            "<li>支持从 Host、URL路径、请求方法、Content-Type、自定义正则等提取标题</li>" +
+            "</ul>" +
+
+            "<h4>配置导入导出</h4>" +
+            "<ul>" +
+            "<li>在「常用配置」标签页可使用导入导出功能</li>" +
+            "<li>支持导出所有配置到 JSON 文件进行备份</li>" +
+            "<li>支持从 JSON 文件导入配置，方便团队共享</li>" +
             "</ul>" +
 
             "<div class='warning'>" +
@@ -346,6 +354,7 @@ private String createHelpContent() {
             "<li>确保已安装Python并配置正确</li>" +
             "<li>确保SQLMap已下载到本地</li>" +
             "<li>临时文件在执行后会保留，可手动删除</li>" +
+            "<li>命令执行功能不经过后端服务器，直接在本地终端运行</li>" +
             "</ul>" +
             "</div>" +
 
@@ -356,6 +365,13 @@ private String createHelpContent() {
             "<li>SQLMap测试：检查SQLMap脚本是否有效</li>" +
             "</ul>" +
 
+            "<h3>右键菜单选项</h3>" +
+            "<ul>" +
+            "<li><b>Send to SQLMap WebUI</b>: 使用默认配置发送到后端服务器</li>" +
+            "<li><b>Send to SQLMap WebUI (选择配置)</b>: 选择特定配置后发送到后端</li>" +
+            "<li><b>执行SQLMap扫描</b>: 使用命令执行配置直接在终端运行</li>" +
+            "</ul>" +
+
             "</body></html>";
     }
 

src/burpEx/montoya-api/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.sqlmapwebui</groupId>
     <artifactId>sqlmap-webui-burp-montoya</artifactId>
-    <version>1.8.48</version>
+    <version>1.8.49</version>
     <packaging>jar</packaging>
 
     <name>SQLMap WebUI Burp Extension (Montoya API)</name>