├── showhttphost.jar ├── .gitignore ├── LICENSE ├── src └── BurpExtender.java └── README.md /showhttphost.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/5alt/ShowHttpHost/master/showhttphost.jar -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.nar 17 | *.ear 18 | *.zip 19 | *.tar.gz 20 | *.rar 21 | 22 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 23 | hs_err_pid* 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 5alt 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /src/BurpExtender.java: -------------------------------------------------------------------------------- 1 | // by md5_salt 2 | package burp; 3 | 4 | public class BurpExtender implements IBurpExtender 5 | { 6 | public void registerExtenderCallbacks( 7 | IBurpExtenderCallbacks callbacks) 8 | { 9 | callbacks.setExtensionName("Show Http Host"); 10 | callbacks.registerProxyListener(new ProxyListener()); 11 | } 12 | } 13 | 14 | class ProxyListener implements IProxyListener{ 15 | public void processProxyMessage(boolean messageIsRequest, 16 | IInterceptedProxyMessage message) { 17 | 18 | byte[] request = message.getMessageInfo().getRequest(); 19 | String reqstr = this.byteArrayToStr(request); 20 | String[] headers = reqstr.split("\n"); 21 | for(int i = 1; i < headers.length; i++){ 22 | String header = headers[i].trim().toLowerCase(); 23 | if(header.startsWith("host:")){ 24 | message.getMessageInfo().setComment(header.substring(5).trim()); 25 | } 26 | } 27 | } 28 | public String byteArrayToStr(byte[] byteArray) { 29 | if (byteArray == null) { 30 | return null; 31 | } 32 | String str = new String(byteArray); 33 | return str; 34 | } 35 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ShowHttpHost 2 | ShowHttpHost is a burpsuite extension that shows http request host in the comment field. 3 | 4 | ## why & how 5 | When I use frida to do some [ssl unpinning](https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/) stuff on Android and use burpsuite as a proxy server, I find the `Host` field in burpsuite's `proxy->HTTP history` tab is an ip address but not a domain name. I find out that it is because the `CONNECT` request for the https handshake uses ip address as the hostname, so burpsuite mistakenly use the ip addrrss as `Host`. It is very inconvenient for a pentester to review http logs. 6 | 7 | The solution here is an extension for burpsuite. It parses the http request body and extracts the host field and fill it into the `Comment` field. 8 | 9 | ## install 10 | There is a pre-compiled jar. Install the jar file the same way as other burpsuite extensions. 11 | 12 | `Extender -> Extensions -> Add` 13 | 14 | ## compile (copied from portswigger's tutorial) 15 | 16 | Create a new empty project, with whatever name you like. 17 | 18 | Within the project, create a package called "burp". 19 | 20 | Use Burp Suite to export the latest Burp Extender interface files. You can do this at Extender / APIs / Save interface files. Save the interface files into the folder that was created for the burp package. 21 | 22 | Within the burp package, copy the `BurpExtender.java` in to this folder. 23 | 24 | Build the project, and find the location of the JAR file that was created by the IDE (usually in a folder called "dist"). 25 | 26 | In Burp (v1.5.01 or later), go to the Extender tool, and the Extensions tab, and add a new extension. Select the extension type "Java", and specify the location of your JAR file. 27 | 28 | ## contact 29 | md5_salt [AT] qq.com 30 | 31 | ## reference 32 | https://portswigger.net/blog/writing-your-first-burp-suite-extension --------------------------------------------------------------------------------