├── .gradle ├── 7.5 │ ├── gc.properties │ ├── fileChanges │ │ └── last-build.bin │ ├── dependencies-accessors │ │ ├── gc.properties │ │ └── dependencies-accessors.lock │ ├── checksums │ │ └── checksums.lock │ ├── fileHashes │ │ ├── fileHashes.bin │ │ ├── fileHashes.lock │ │ └── resourceHashesCache.bin │ └── executionHistory │ │ ├── executionHistory.bin │ │ └── executionHistory.lock ├── vcs-1 │ └── gc.properties ├── buildOutputCleanup │ ├── cache.properties │ ├── outputFiles.bin │ └── buildOutputCleanup.lock ├── file-system.probe └── nb-cache │ ├── subprojects.ser │ ├── trust │ └── 9D0B97A2008FF27BFB7FE52D9DB8274D3DBF6BE3675EA72D282AA1C0725838AB │ └── addToTLSPassThrough-1409744478 │ └── project-info.ser ├── .gitignore ├── .DS_Store ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── BappManifest.bmf ├── BappDescription.html ├── README.md ├── src └── main │ └── java │ └── addToTLSPassThrough │ └── contextmenu │ ├── AddToTLSPassThrough.java │ └── MyContextMenuItemsProvider.java ├── gradlew.bat └── gradlew /.gradle/7.5/gc.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gradle/vcs-1/gc.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .gradle/ 2 | build/ 3 | -------------------------------------------------------------------------------- /.gradle/7.5/fileChanges/last-build.bin: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gradle/7.5/dependencies-accessors/gc.properties: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.DS_Store -------------------------------------------------------------------------------- /.gradle/buildOutputCleanup/cache.properties: -------------------------------------------------------------------------------- 1 | #Tue Aug 15 13:03:35 MDT 2023 2 | gradle.version=7.5 3 | -------------------------------------------------------------------------------- /.gradle/file-system.probe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/file-system.probe -------------------------------------------------------------------------------- /.gradle/nb-cache/subprojects.ser: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/nb-cache/subprojects.ser -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /.gradle/7.5/checksums/checksums.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/7.5/checksums/checksums.lock -------------------------------------------------------------------------------- /.gradle/7.5/fileHashes/fileHashes.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/7.5/fileHashes/fileHashes.bin -------------------------------------------------------------------------------- /.gradle/7.5/fileHashes/fileHashes.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/7.5/fileHashes/fileHashes.lock -------------------------------------------------------------------------------- /.gradle/buildOutputCleanup/outputFiles.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/buildOutputCleanup/outputFiles.bin -------------------------------------------------------------------------------- /.gradle/nb-cache/trust/9D0B97A2008FF27BFB7FE52D9DB8274D3DBF6BE3675EA72D282AA1C0725838AB: -------------------------------------------------------------------------------- 1 | 0A935FCE071EEF459E30799148D4124F685E7505EBEC3F9E0A2026EF05291C1B 2 | -------------------------------------------------------------------------------- /.gradle/7.5/fileHashes/resourceHashesCache.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/7.5/fileHashes/resourceHashesCache.bin -------------------------------------------------------------------------------- /.gradle/7.5/executionHistory/executionHistory.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/7.5/executionHistory/executionHistory.bin -------------------------------------------------------------------------------- /.gradle/7.5/executionHistory/executionHistory.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/7.5/executionHistory/executionHistory.lock -------------------------------------------------------------------------------- /.gradle/buildOutputCleanup/buildOutputCleanup.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/buildOutputCleanup/buildOutputCleanup.lock -------------------------------------------------------------------------------- /.gradle/7.5/dependencies-accessors/dependencies-accessors.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/7.5/dependencies-accessors/dependencies-accessors.lock -------------------------------------------------------------------------------- /.gradle/nb-cache/addToTLSPassThrough-1409744478/project-info.ser: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/add-to-tls-pass-through/master/.gradle/nb-cache/addToTLSPassThrough-1409744478/project-info.ser -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-bin.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /BappManifest.bmf: -------------------------------------------------------------------------------- 1 | Uuid: db62b6a29eb24765a9225890b3ad769b 2 | ExtensionType: 1 3 | Name: Add to TLS Pass Through 4 | RepoName: add-to-tls-pass-through 5 | ScreenVersion: 1.0.1 6 | SerialVersion: 2 7 | MinPlatformVersion: 4 8 | ProOnly: False 9 | Author: Karl Schuttler 10 | ShortDescription: Adds a context menu item to quickly add hosts to TLS pass through. 11 | EntryPoint: build/libs/add-to-tls-pass-through-1.0.1.jar 12 | BuildCommand: ./gradlew jar 13 | SupportedProducts: Pro, Community 14 | -------------------------------------------------------------------------------- /BappDescription.html: -------------------------------------------------------------------------------- 1 |

This extension adds a new context menu item in the Target, Proxy or Logger tab to add hosts directly to the TLS Pass Through setting.

2 | 3 |

Features

4 | 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Add To TLS Pass Through Extension 2 | ============================ 3 | 4 | ###### Registers new context menu items to add hosts to the TLS Pass Through setting. 5 | 6 | --- 7 | This extension adds a new context menu item in the Target, Proxy or Logger tab to add hosts directly to the TLS Pass 8 | Through setting. See our blog post about this extension here: https://www.whiteoaksecurity.com/blog/burp-suite-proxy-history-subtractive-scoping/ 9 | 10 | The extension has the following features: 11 | - If you right-click in a message editor context, it will use the item from the message editor. 12 | - If you right-click on multiple Proxy History table items, multiple hosts may be added simultaneously. 13 | - Regular expressions for each level of subdomain are provided. 14 | 15 | image 16 | 17 | By Karl Schuttler 18 | -------------------------------------------------------------------------------- /src/main/java/addToTLSPassThrough/contextmenu/AddToTLSPassThrough.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved. 3 | * 4 | * This code may be used to extend the functionality of Burp Suite Community Edition 5 | * and Burp Suite Professional, provided that this usage does not violate the 6 | * license terms for those products. 7 | */ 8 | 9 | package addToTLSPassThrough.contextmenu; 10 | 11 | import burp.api.montoya.BurpExtension; 12 | import burp.api.montoya.MontoyaApi; 13 | import burp.api.montoya.logging.Logging; 14 | import burp.api.montoya.extension.Extension; 15 | import burp.api.montoya.extension.ExtensionUnloadingHandler; 16 | 17 | public class AddToTLSPassThrough implements BurpExtension 18 | { 19 | private Logging logging; 20 | @Override 21 | public void initialize(MontoyaApi api) 22 | { 23 | api.extension().setName("Add to TLS Pass Through"); 24 | logging = api.logging(); 25 | api.userInterface().registerContextMenuItemsProvider(new MyContextMenuItemsProvider(api)); 26 | 27 | api.extension().registerUnloadingHandler(new MyExtensionUnloadHandler()); 28 | } 29 | private class MyExtensionUnloadHandler implements ExtensionUnloadingHandler { 30 | @Override 31 | public void extensionUnloaded() { 32 | logging.logToOutput("Extension was unloaded."); 33 | } 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @rem 2 | @rem Copyright 2015 the original author or authors. 3 | @rem 4 | @rem Licensed under the Apache License, Version 2.0 (the "License"); 5 | @rem you may not use this file except in compliance with the License. 6 | @rem You may obtain a copy of the License at 7 | @rem 8 | @rem https://www.apache.org/licenses/LICENSE-2.0 9 | @rem 10 | @rem Unless required by applicable law or agreed to in writing, software 11 | @rem distributed under the License is distributed on an "AS IS" BASIS, 12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | @rem See the License for the specific language governing permissions and 14 | @rem limitations under the License. 15 | @rem 16 | 17 | @if "%DEBUG%" == "" @echo off 18 | @rem ########################################################################## 19 | @rem 20 | @rem Gradle startup script for Windows 21 | @rem 22 | @rem ########################################################################## 23 | 24 | @rem Set local scope for the variables with windows NT shell 25 | if "%OS%"=="Windows_NT" setlocal 26 | 27 | set DIRNAME=%~dp0 28 | if "%DIRNAME%" == "" set DIRNAME=. 29 | set APP_BASE_NAME=%~n0 30 | set APP_HOME=%DIRNAME% 31 | 32 | @rem Resolve any "." and ".." in APP_HOME to make it shorter. 33 | for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi 34 | 35 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 36 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" 37 | 38 | @rem Find java.exe 39 | if defined JAVA_HOME goto findJavaFromJavaHome 40 | 41 | set JAVA_EXE=java.exe 42 | %JAVA_EXE% -version >NUL 2>&1 43 | if "%ERRORLEVEL%" == "0" goto execute 44 | 45 | echo. 46 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 47 | echo. 48 | echo Please set the JAVA_HOME variable in your environment to match the 49 | echo location of your Java installation. 50 | 51 | goto fail 52 | 53 | :findJavaFromJavaHome 54 | set JAVA_HOME=%JAVA_HOME:"=% 55 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 56 | 57 | if exist "%JAVA_EXE%" goto execute 58 | 59 | echo. 60 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 61 | echo. 62 | echo Please set the JAVA_HOME variable in your environment to match the 63 | echo location of your Java installation. 64 | 65 | goto fail 66 | 67 | :execute 68 | @rem Setup the command line 69 | 70 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 71 | 72 | 73 | @rem Execute Gradle 74 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* 75 | 76 | :end 77 | @rem End local scope for the variables with windows NT shell 78 | if "%ERRORLEVEL%"=="0" goto mainEnd 79 | 80 | :fail 81 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 82 | rem the _cmd.exe /c_ return code! 83 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 84 | exit /b 1 85 | 86 | :mainEnd 87 | if "%OS%"=="Windows_NT" endlocal 88 | 89 | :omega 90 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | # 4 | # Copyright 2015 the original author or authors. 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at 9 | # 10 | # https://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | 19 | ############################################################################## 20 | ## 21 | ## Gradle start up script for UN*X 22 | ## 23 | ############################################################################## 24 | 25 | # Attempt to set APP_HOME 26 | # Resolve links: $0 may be a link 27 | PRG="$0" 28 | # Need this for relative symlinks. 29 | while [ -h "$PRG" ] ; do 30 | ls=`ls -ld "$PRG"` 31 | link=`expr "$ls" : '.*-> \(.*\)$'` 32 | if expr "$link" : '/.*' > /dev/null; then 33 | PRG="$link" 34 | else 35 | PRG=`dirname "$PRG"`"/$link" 36 | fi 37 | done 38 | SAVED="`pwd`" 39 | cd "`dirname \"$PRG\"`/" >/dev/null 40 | APP_HOME="`pwd -P`" 41 | cd "$SAVED" >/dev/null 42 | 43 | APP_NAME="Gradle" 44 | APP_BASE_NAME=`basename "$0"` 45 | 46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' 48 | 49 | # Use the maximum available, or set MAX_FD != -1 to use that value. 50 | MAX_FD="maximum" 51 | 52 | warn () { 53 | echo "$*" 54 | } 55 | 56 | die () { 57 | echo 58 | echo "$*" 59 | echo 60 | exit 1 61 | } 62 | 63 | # OS specific support (must be 'true' or 'false'). 64 | cygwin=false 65 | msys=false 66 | darwin=false 67 | nonstop=false 68 | case "`uname`" in 69 | CYGWIN* ) 70 | cygwin=true 71 | ;; 72 | Darwin* ) 73 | darwin=true 74 | ;; 75 | MINGW* ) 76 | msys=true 77 | ;; 78 | NONSTOP* ) 79 | nonstop=true 80 | ;; 81 | esac 82 | 83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 84 | 85 | 86 | # Determine the Java command to use to start the JVM. 87 | if [ -n "$JAVA_HOME" ] ; then 88 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 89 | # IBM's JDK on AIX uses strange locations for the executables 90 | JAVACMD="$JAVA_HOME/jre/sh/java" 91 | else 92 | JAVACMD="$JAVA_HOME/bin/java" 93 | fi 94 | if [ ! -x "$JAVACMD" ] ; then 95 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 96 | 97 | Please set the JAVA_HOME variable in your environment to match the 98 | location of your Java installation." 99 | fi 100 | else 101 | JAVACMD="java" 102 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 103 | 104 | Please set the JAVA_HOME variable in your environment to match the 105 | location of your Java installation." 106 | fi 107 | 108 | # Increase the maximum file descriptors if we can. 109 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 110 | MAX_FD_LIMIT=`ulimit -H -n` 111 | if [ $? -eq 0 ] ; then 112 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 113 | MAX_FD="$MAX_FD_LIMIT" 114 | fi 115 | ulimit -n $MAX_FD 116 | if [ $? -ne 0 ] ; then 117 | warn "Could not set maximum file descriptor limit: $MAX_FD" 118 | fi 119 | else 120 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 121 | fi 122 | fi 123 | 124 | # For Darwin, add options to specify how the application appears in the dock 125 | if $darwin; then 126 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 127 | fi 128 | 129 | # For Cygwin or MSYS, switch paths to Windows format before running java 130 | if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then 131 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 132 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 133 | 134 | JAVACMD=`cygpath --unix "$JAVACMD"` 135 | 136 | # We build the pattern for arguments to be converted via cygpath 137 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 138 | SEP="" 139 | for dir in $ROOTDIRSRAW ; do 140 | ROOTDIRS="$ROOTDIRS$SEP$dir" 141 | SEP="|" 142 | done 143 | OURCYGPATTERN="(^($ROOTDIRS))" 144 | # Add a user-defined pattern to the cygpath arguments 145 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 146 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 147 | fi 148 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 149 | i=0 150 | for arg in "$@" ; do 151 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 152 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 153 | 154 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 155 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 156 | else 157 | eval `echo args$i`="\"$arg\"" 158 | fi 159 | i=`expr $i + 1` 160 | done 161 | case $i in 162 | 0) set -- ;; 163 | 1) set -- "$args0" ;; 164 | 2) set -- "$args0" "$args1" ;; 165 | 3) set -- "$args0" "$args1" "$args2" ;; 166 | 4) set -- "$args0" "$args1" "$args2" "$args3" ;; 167 | 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 168 | 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 169 | 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 170 | 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 171 | 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 172 | esac 173 | fi 174 | 175 | # Escape application args 176 | save () { 177 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 178 | echo " " 179 | } 180 | APP_ARGS=`save "$@"` 181 | 182 | # Collect all arguments for the java command, following the shell quoting and substitution rules 183 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 184 | 185 | exec "$JAVACMD" "$@" 186 | -------------------------------------------------------------------------------- /src/main/java/addToTLSPassThrough/contextmenu/MyContextMenuItemsProvider.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved. 3 | * 4 | * This code may be used to extend the functionality of Burp Suite Community Edition 5 | * and Burp Suite Professional, provided that this usage does not violate the 6 | * license terms for those products. 7 | */ 8 | 9 | package addToTLSPassThrough.contextmenu; 10 | 11 | import burp.api.montoya.MontoyaApi; 12 | import burp.api.montoya.core.ToolType; 13 | import burp.api.montoya.extension.ExtensionUnloadingHandler; 14 | import burp.api.montoya.http.message.HttpRequestResponse; 15 | import burp.api.montoya.ui.contextmenu.ContextMenuEvent; 16 | import burp.api.montoya.ui.contextmenu.ContextMenuItemsProvider; 17 | 18 | import javax.swing.*; 19 | import java.awt.*; 20 | import java.awt.event.ActionEvent; 21 | import java.awt.event.ActionListener; 22 | import java.util.ArrayList; 23 | import java.util.Arrays; 24 | import java.util.List; 25 | import java.util.stream.Collectors; 26 | 27 | import org.json.JSONArray; 28 | import org.json.JSONException; 29 | import org.json.JSONObject; 30 | 31 | public class MyContextMenuItemsProvider implements ContextMenuItemsProvider 32 | { 33 | 34 | private final MontoyaApi api; 35 | 36 | public MyContextMenuItemsProvider(MontoyaApi api) 37 | { 38 | 39 | this.api = api; 40 | } 41 | 42 | @Override 43 | public List provideMenuItems(ContextMenuEvent event) 44 | { 45 | if (event.isFromTool(ToolType.PROXY, ToolType.TARGET, ToolType.LOGGER)) 46 | { 47 | List menuItemList = new ArrayList<>(); 48 | JSONArray rulesArray = new JSONArray(); //an array of JSON objects representing single rules 49 | 50 | List requestResponses = new ArrayList<>(); 51 | //If the context menu was opened within the Request/Response viewer 52 | if(event.messageEditorRequestResponse().isPresent()){ 53 | requestResponses.add(event.messageEditorRequestResponse().get().requestResponse()); 54 | //else if it was opened from the list in Proxy/Logger 55 | } else { 56 | requestResponses = event.selectedRequestResponses(); 57 | } 58 | 59 | 60 | for(HttpRequestResponse requestResponse : requestResponses) { 61 | //Extract host values 62 | burp.api.montoya.http.HttpService requestService = requestResponse.httpService(); 63 | 64 | 65 | String host = requestService.host(); 66 | 67 | 68 | //find number of subdomains 69 | long domainCount = host.chars().filter(ch -> ch == '.').count(); 70 | //1 = domain.com 71 | //2 = one.subdomain.com 72 | //3 = two.s.ubdomains.com 73 | //4 = thr.e.e.subdomains.com 74 | 75 | //String domainCountS = "" + domainCount; 76 | //api.logging().logToOutput(domainCountS); 77 | 78 | //For each level of subdomain, add a new rule to the rulesArray, which is then used to populate the context menu with options 79 | for(int i=(int) domainCount; i >= 1 ; i--) { 80 | 81 | org.json.JSONObject newHostJson = new JSONObject(); 82 | newHostJson.put("port","^" + Integer.toString(requestService.port()) + "$"); 83 | newHostJson.put("protocol","https"); 84 | newHostJson.put("file","^.*$"); 85 | newHostJson.put("enabled", Boolean.parseBoolean("true")); 86 | 87 | 88 | if (i == (int) domainCount){ 89 | //this matches Burp's default paste-into-settings behavior in regard to host regex format 90 | //I.E., No wildcard for base hostname 91 | newHostJson.put("host",("^" + host.replace(".", "\\.") + "$")); 92 | } else { 93 | //Add wildcard to all other subdomain levels 94 | newHostJson.put("host",("^.*\\." + host.replace(".", "\\.") + "$")); 95 | } 96 | 97 | rulesArray.put(newHostJson); 98 | 99 | 100 | //We are iterating over the "host" string, stripping off one subdomain level each loop 101 | host = host.substring(host.indexOf(".")).substring(1); 102 | } 103 | 104 | //api.logging().logToOutput("rules array after domainCount loop: "+ rulesArray.toString()); 105 | 106 | } 107 | //create JMenuItems 108 | 109 | 110 | JMenuItem all = new JMenuItem("ALL"); 111 | all.addActionListener(new ActionListener(){ 112 | public void actionPerformed(ActionEvent e){ 113 | //api.logging().logToOutput("In ALL execution. Rules array:" + rulesArray.toString()); 114 | for(int i=0; i < rulesArray.length(); i++){ 115 | //iterate through and add all regexes (subdomain level rules) 116 | addSingleToTlsPassthrough(rulesArray.getJSONObject(i)); 117 | 118 | } 119 | 120 | } 121 | }); 122 | 123 | menuItemList.add(all); 124 | 125 | 126 | for(int i=0;i< rulesArray.length();i++){ 127 | 128 | org.json.JSONObject currentItem = rulesArray.getJSONObject(i); 129 | 130 | //api.logging().logToOutput("in single menuItemList add (not ALL)"); 131 | 132 | JMenuItem newItem = new JMenuItem(currentItem.get("host").toString()); //adjust regex backslashes for display 133 | newItem.addActionListener(new ActionListener(){ 134 | public void actionPerformed(ActionEvent e){ 135 | 136 | addSingleToTlsPassthrough(currentItem); 137 | } 138 | }); 139 | 140 | menuItemList.add(newItem); 141 | 142 | } 143 | 144 | return menuItemList; 145 | } 146 | 147 | return null; //not Proxy, Logger, or Target so return null 148 | } 149 | 150 | 151 | public void addSingleToTlsPassthrough(org.json.JSONObject newTlsPassthrough){ 152 | //get current TLS passthrough settings 153 | String fullPrefix = "{\"proxy\":{\"ssl_pass_through\":{\"rules\":"; 154 | //String rulePrefix = "{\"enabled\":true,\"host\":\""; 155 | //String ruleSuffix = "\",\"protocol\":\"any\"}"; 156 | String fullSuffix = "}}}"; 157 | 158 | 159 | //Import current TLSPassthrough rules into new JSONArray. Burp always gives us the prefix/suffix JSON as envelope, so we need to parse down to the rules themselves each time. 160 | org.json.JSONObject burpRules = new org.json.JSONObject(api.burpSuite().exportProjectOptionsAsJson("proxy.ssl_pass_through.rules")); 161 | org.json.JSONArray rulesArray = burpRules.getJSONObject("proxy").getJSONObject("ssl_pass_through").getJSONArray("rules"); 162 | 163 | //Check for duplicate rules. 164 | //If duplicate, set "file" parameter to wildcard and enable it, overwriting the previous value 165 | //Presumably, if there is an existing rule, the user shouldn't be able to select it in Burp because it won't reach the Proxy, being TLS Passthrough'd 166 | //Therefore, that means that the first rule is broken if they are setting a duplicate. It is either not enabled, or the file parameter not being wildcarded is borking it. 167 | Boolean foundMatchingRule = false; 168 | for (int i = 0; i < rulesArray.length(); ++i) { 169 | 170 | if(foundMatchingRule) { break; } 171 | 172 | JSONObject rule = rulesArray.getJSONObject(i); 173 | //if host and port are already in rules table 174 | //then something about the rule isn't working. Either it's not enabled 175 | //or the file parameter is screwing it up. 176 | 177 | if (rule.getString("host").equals(newTlsPassthrough.getString("host")) && rule.getString("port").equals(newTlsPassthrough.getString("port"))) { 178 | foundMatchingRule = true; 179 | //Clear out file param 180 | String originalRule = rule.toString(); 181 | rule.put("file", newTlsPassthrough.getString("file")); //always wildcard regex 182 | //enable it 183 | rule.put("enabled", true); 184 | //If it's duplicate, just update the existing rule 185 | rulesArray.put(i,rule); 186 | String importString = fullPrefix + rulesArray.toString() + fullSuffix; 187 | //Write back. 188 | 189 | //api.logging().logToOutput("Duplicate rule. Original rule: " + originalRule); 190 | api.logging().logToOutput("executing importProject with the following: " + importString); 191 | 192 | api.burpSuite().importProjectOptionsFromJson(importString); 193 | break; 194 | } 195 | } 196 | if(foundMatchingRule) { 197 | 198 | return; 199 | } 200 | //push the new json object into the array 201 | rulesArray.put(newTlsPassthrough); 202 | String importString = fullPrefix + rulesArray.toString() + fullSuffix; 203 | api.logging().logToOutput("No duplicate found. executing importProject with the following: " + importString); 204 | api.burpSuite().importProjectOptionsFromJson(importString); 205 | } 206 | } 207 | 208 | /* Burp's export format, having used Paste-add: 209 | 210 | { 211 | "proxy":{ 212 | "ssl_pass_through":{ 213 | "rules":[ 214 | { 215 | "enabled":true, 216 | "file":"^/log.*", 217 | "host":"^play\\.google\\.com$", 218 | "port":"^443$", 219 | "protocol":"https" 220 | } 221 | ] 222 | } 223 | } 224 | } 225 | */ --------------------------------------------------------------------------------