This extension allows encryption and decryption of AES payloads in Burp Intruder and Scanner. 2 | The extension registers the following items:
3 |IBurpExtenderCallbacks.registerScopeChangeListener() to register
15 | * a scope change listener. The listener will be notified whenever a change
16 | * occurs to Burp's suite-wide target scope.
17 | */
18 | public interface IScopeChangeListener
19 | {
20 | /**
21 | * This method is invoked whenever a change occurs to Burp's suite-wide
22 | * target scope.
23 | */
24 | void scopeChanged();
25 | }
26 |
--------------------------------------------------------------------------------
/burp/burp/IIntruderAttack.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderAttack.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an Intruder attack.
14 | */
15 | public interface IIntruderAttack
16 | {
17 | /**
18 | * This method is used to retrieve the HTTP service for the attack.
19 | *
20 | * @return The HTTP service for the attack.
21 | */
22 | IHttpService getHttpService();
23 |
24 | /**
25 | * This method is used to retrieve the request template for the attack.
26 | *
27 | * @return The request template for the attack.
28 | */
29 | byte[] getRequestTemplate();
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/burp/burp/IHttpRequestResponsePersisted.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponsePersisted.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for an
14 | * IHttpRequestResponse object whose request and response messages
15 | * have been saved to temporary files using
16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles().
17 | */
18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
19 | {
20 | /**
21 | * This method is used to permanently delete the saved temporary files. It
22 | * will no longer be possible to retrieve the request or response for this
23 | * item.
24 | */
25 | void deleteTempFiles();
26 | }
27 |
--------------------------------------------------------------------------------
/burp/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is used to permanently delete the temporary file when it is
30 | * no longer required.
31 | */
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/burp/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionStateListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to
15 | * register an extension state listener. The listener will be notified of
16 | * changes to the extension's state. Note: Any extensions that start
17 | * background threads or open system resources (such as files or database
18 | * connections) should register a listener and terminate threads / close
19 | * resources when the extension is unloaded.
20 | */
21 | public interface IExtensionStateListener
22 | {
23 | /**
24 | * This method is called when the extension is unloaded.
25 | */
26 | void extensionUnloaded();
27 | }
28 |
--------------------------------------------------------------------------------
/burp/burp/IBurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtender.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * All extensions must implement this interface.
14 | *
15 | * Implementations must be called BurpExtender, in the package burp, must be
16 | * declared public, and must provide a default (public, no-argument)
17 | * constructor.
18 | */
19 | public interface IBurpExtender
20 | {
21 | /**
22 | * This method is invoked when the extension is loaded. It registers an
23 | * instance of the
24 | * IBurpExtenderCallbacks interface, providing methods that may
25 | * be invoked by the extension to perform various actions.
26 | *
27 | * @param callbacks An
28 | * IBurpExtenderCallbacks object.
29 | */
30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
31 | }
32 |
--------------------------------------------------------------------------------
/burp/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/burp/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpService.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to provide details about an HTTP service, to which
14 | * HTTP requests can be sent.
15 | */
16 | public interface IHttpService
17 | {
18 | /**
19 | * This method returns the hostname or IP address for the service.
20 | *
21 | * @return The hostname or IP address for the service.
22 | */
23 | String getHost();
24 |
25 | /**
26 | * This method returns the port number for the service.
27 | *
28 | * @return The port number for the service.
29 | */
30 | int getPort();
31 |
32 | /**
33 | * This method returns the protocol for the service.
34 | *
35 | * @return The protocol for the service. Expected values are "http" or
36 | * "https".
37 | */
38 | String getProtocol();
39 | }
40 |
--------------------------------------------------------------------------------
/jardesc.jardesc:
--------------------------------------------------------------------------------
1 |
2 | IBurpExtenderCallbacks.addSuiteTab().
18 | */
19 | public interface ITab
20 | {
21 | /**
22 | * Burp uses this method to obtain the caption that should appear on the
23 | * custom tab when it is displayed.
24 | *
25 | * @return The caption that should appear on the custom tab when it is
26 | * displayed.
27 | */
28 | String getTabCaption();
29 |
30 | /**
31 | * Burp uses this method to obtain the component that should be used as the
32 | * contents of the custom tab when it is displayed.
33 | *
34 | * @return The component that should be used as the contents of the custom
35 | * tab when it is displayed.
36 | */
37 | Component getUiComponent();
38 | }
39 |
--------------------------------------------------------------------------------
/burp/burp/IMenuItemHandler.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMenuItemHandler.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom
15 | * context menu item.
16 | *
17 | * @deprecated Use
18 | * IContextMenuFactory instead.
19 | */
20 | @Deprecated
21 | public interface IMenuItemHandler
22 | {
23 | /**
24 | * This method is invoked by Burp Suite when the user clicks on a custom
25 | * menu item which the extension has registered with Burp.
26 | *
27 | * @param menuItemCaption The caption of the menu item which was clicked.
28 | * This parameter enables extensions to provide a single implementation
29 | * which handles multiple different menu items.
30 | * @param messageInfo Details of the HTTP message(s) for which the context
31 | * menu was displayed.
32 | */
33 | void menuItemClicked(
34 | String menuItemCaption,
35 | IHttpRequestResponse[] messageInfo);
36 | }
37 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # BURP AES Extension
2 |
3 | ## Intro
4 |
5 | This is a plugin to handle AES encryption / decryption in Burp.
6 |
7 | It registers two Intruder **payload processors** so you can encrypt/decrypt payloads on the **Intruder Tab**.
8 |
9 | It also registers a **Scanner insertion point provider**. What this does is when you request an active Burp scan, it looks in existing parameters for AES payloads that can be decrypted using the current configuration / keys. If it finds any, it registers scanner insertion points to perform injection inside the AES payloads.
10 |
11 | Contact me via twitter at @lgrangeia for suggestions and use cases and I will try to implement them. I welcome ideas or pull requests.
12 |
13 | ## Compilation
14 |
15 | This can be compiled normally using 'javac'. I still haven't built a build.xml or pom.xml file, but there's a jardesc file to compile and package it using Eclipse. There's a precompiled jar at the dist/ folder.
16 |
17 | ## Usage
18 |
19 | Install the burp extension as usual in burp. If you need AES 256 bits and are using Oracle JRE, you may need to install Java Cryptography Extension:
20 |
21 | http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
22 |
23 | ## Screenshots
24 | 
25 |
--------------------------------------------------------------------------------
/burp/burp/IProxyListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IProxyListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerProxyListener() to register a
15 | * Proxy listener. The listener will be notified of requests and responses being
16 | * processed by the Proxy tool. Extensions can perform custom analysis or
17 | * modification of these messages, and control in-UI message interception, by
18 | * registering a proxy listener.
19 | */
20 | public interface IProxyListener
21 | {
22 | /**
23 | * This method is invoked when an HTTP message is being processed by the
24 | * Proxy.
25 | *
26 | * @param messageIsRequest Indicates whether the HTTP message is a request
27 | * or a response.
28 | * @param message An
29 | * IInterceptedProxyMessage object that extensions can use to
30 | * query and update details of the message, and control whether the message
31 | * should be intercepted and displayed to the user for manual review or
32 | * modification.
33 | */
34 | void processProxyMessage(
35 | boolean messageIsRequest,
36 | IInterceptedProxyMessage message);
37 | }
38 |
--------------------------------------------------------------------------------
/burp/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 | import javax.swing.JMenuItem;
14 |
15 | /**
16 | * Extensions can implement this interface and then call
17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register
18 | * a factory for custom context menu items.
19 | */
20 | public interface IContextMenuFactory
21 | {
22 | /**
23 | * This method will be called by Burp when the user invokes a context menu
24 | * anywhere within Burp. The factory can then provide any custom context
25 | * menu items that should be displayed in the context menu, based on the
26 | * details of the menu invocation.
27 | *
28 | * @param invocation An object that implements the
29 | * IMessageEditorTabFactory interface, which the extension can
30 | * query to obtain details of the context menu invocation.
31 | * @return A list of custom menu items (which may include sub-menus,
32 | * checkbox menu items, etc.) that should be displayed. Extensions may
33 | * return
34 | * null from this method, to indicate that no menu items are
35 | * required.
36 | */
37 | ListIBurpExtenderCallbacks.registerScannerInsertionPointProvider()
17 | * to register a factory for custom Scanner insertion points.
18 | */
19 | public interface IScannerInsertionPointProvider
20 | {
21 | /**
22 | * When a request is actively scanned, the Scanner will invoke this method,
23 | * and the provider should provide a list of custom insertion points that
24 | * will be used in the scan. Note: these insertion points are used in
25 | * addition to those that are derived from Burp Scanner's configuration, and
26 | * those provided by any other Burp extensions.
27 | *
28 | * @param baseRequestResponse The base request that will be actively
29 | * scanned.
30 | * @return A list of
31 | * IScannerInsertionPoint objects that should be used in the
32 | * scanning, or
33 | * null if no custom insertion points are applicable for this
34 | * request.
35 | */
36 | ListIBurpExtenderCallbacks.registerHttpListener() to register an
15 | * HTTP listener. The listener will be notified of requests and responses made
16 | * by any Burp tool. Extensions can perform custom analysis or modification of
17 | * these messages by registering an HTTP listener.
18 | */
19 | public interface IHttpListener
20 | {
21 | /**
22 | * This method is invoked when an HTTP request is about to be issued, and
23 | * when an HTTP response has been received.
24 | *
25 | * @param toolFlag A flag indicating the Burp tool that issued the request.
26 | * Burp tool flags are defined in the
27 | * IBurpExtenderCallbacks interface.
28 | * @param messageIsRequest Flags whether the method is being invoked for a
29 | * request or response.
30 | * @param messageInfo Details of the request / response to be processed.
31 | * Extensions can call the setter methods on this object to update the
32 | * current message and so modify Burp's behavior.
33 | */
34 | void processHttpMessage(int toolFlag,
35 | boolean messageIsRequest,
36 | IHttpRequestResponse messageInfo);
37 | }
38 |
--------------------------------------------------------------------------------
/burp/burp/IIntruderPayloadGeneratorFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGeneratorFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
15 | * to register a factory for custom Intruder payloads.
16 | */
17 | public interface IIntruderPayloadGeneratorFactory
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload generator.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use extension-generated payloads.
23 | *
24 | * @return The name of the payload generator.
25 | */
26 | String getGeneratorName();
27 |
28 | /**
29 | * This method is used by Burp when the user starts an Intruder attack that
30 | * uses this payload generator.
31 | *
32 | * @param attack An
33 | * IIntruderAttack object that can be queried to obtain details
34 | * about the attack in which the payload generator will be used.
35 | * @return A new instance of
36 | * IIntruderPayloadGenerator that will be used to generate
37 | * payloads for the attack.
38 | */
39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
40 | }
41 |
--------------------------------------------------------------------------------
/burp/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTabFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
15 | * register a factory for custom message editor tabs. This allows extensions to
16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
17 | * editor.
18 | */
19 | public interface IMessageEditorTabFactory
20 | {
21 | /**
22 | * Burp will call this method once for each HTTP message editor, and the
23 | * factory should provide a new instance of an
24 | * IMessageEditorTab object.
25 | *
26 | * @param controller An
27 | * IMessageEditorController object, which the new tab can query
28 | * to retrieve details about the currently displayed message. This may be
29 | * null for extension-invoked message editors where the
30 | * extension has not provided an editor controller.
31 | * @param editable Indicates whether the hosting editor is editable or
32 | * read-only.
33 | * @return A new
34 | * IMessageEditorTab object for use within the message editor.
35 | */
36 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
37 | boolean editable);
38 | }
39 |
--------------------------------------------------------------------------------
/burp/burp/ICookie.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ICookie.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.Date;
13 |
14 | /**
15 | * This interface is used to hold details about an HTTP cookie.
16 | */
17 | public interface ICookie
18 | {
19 | /**
20 | * This method is used to retrieve the domain for which the cookie is in
21 | * scope.
22 | *
23 | * @return The domain for which the cookie is in scope. Note: For
24 | * cookies that have been analyzed from responses (by calling
25 | * IExtensionHelpers.analyzeResponse() and then
26 | * IResponseInfo.getCookies(), the domain will be
27 | * null if the response did not explicitly set a domain
28 | * attribute for the cookie.
29 | */
30 | String getDomain();
31 |
32 | /**
33 | * This method is used to retrieve the expiration time for the cookie.
34 | *
35 | * @return The expiration time for the cookie, or
36 | * null if none is set (i.e., for non-persistent session
37 | * cookies).
38 | */
39 | Date getExpiration();
40 |
41 | /**
42 | * This method is used to retrieve the name of the cookie.
43 | *
44 | * @return The name of the cookie.
45 | */
46 | String getName();
47 |
48 | /**
49 | * This method is used to retrieve the value of the cookie.
50 | * @return The value of the cookie.
51 | */
52 | String getValue();
53 | }
54 |
--------------------------------------------------------------------------------
/burp/burp/IIntruderPayloadProcessor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadProcessor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
15 | * register a custom Intruder payload processor.
16 | */
17 | public interface IIntruderPayloadProcessor
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload processor.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use an extension-provided payload processor.
23 | *
24 | * @return The name of the payload processor.
25 | */
26 | String getProcessorName();
27 |
28 | /**
29 | * This method is invoked by Burp each time the processor should be applied
30 | * to an Intruder payload.
31 | *
32 | * @param currentPayload The value of the payload to be processed.
33 | * @param originalPayload The value of the original payload prior to
34 | * processing by any already-applied processing rules.
35 | * @param baseValue The base value of the payload position, which will be
36 | * replaced with the current payload.
37 | * @return The value of the processed payload. This may be
38 | * null to indicate that the current payload should be skipped,
39 | * and the attack will move directly to the next payload.
40 | */
41 | byte[] processPayload(
42 | byte[] currentPayload,
43 | byte[] originalPayload,
44 | byte[] baseValue);
45 | }
46 |
--------------------------------------------------------------------------------
/burp/burp/IHttpRequestResponseWithMarkers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponseWithMarkers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used for an
16 | * IHttpRequestResponse object that has had markers applied.
17 | * Extensions can create instances of this interface using
18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own
19 | * implementation. Markers are used in various situations, such as specifying
20 | * Intruder payload positions, Scanner insertion points, and highlights in
21 | * Scanner issues.
22 | */
23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
24 | {
25 | /**
26 | * This method returns the details of the request markers.
27 | *
28 | * @return A list of index pairs representing the offsets of markers for the
29 | * request message. Each item in the list is an int[2] array containing the
30 | * start and end offsets for the marker. The method may return
31 | * null if no request markers are defined.
32 | */
33 | Listnull if no response markers are defined.
42 | */
43 | ListIIntruderPayloadGeneratorFactory must return a new instance of
16 | * this interface when required as part of a new Intruder attack.
17 | */
18 | public interface IIntruderPayloadGenerator
19 | {
20 | /**
21 | * This method is used by Burp to determine whether the payload generator is
22 | * able to provide any further payloads.
23 | *
24 | * @return Extensions should return
25 | * false when all the available payloads have been used up,
26 | * otherwise
27 | * true.
28 | */
29 | boolean hasMorePayloads();
30 |
31 | /**
32 | * This method is used by Burp to obtain the value of the next payload.
33 | *
34 | * @param baseValue The base value of the current payload position. This
35 | * value may be
36 | * null if the concept of a base value is not applicable (e.g.
37 | * in a battering ram attack).
38 | * @return The next payload to use in the attack.
39 | */
40 | byte[] getNextPayload(byte[] baseValue);
41 |
42 | /**
43 | * This method is used by Burp to reset the state of the payload generator
44 | * so that the next call to
45 | * getNextPayload() returns the first payload again. This
46 | * method will be invoked when an attack uses the same payload generator for
47 | * more than one payload position, for example in a sniper attack.
48 | */
49 | void reset();
50 | }
51 |
--------------------------------------------------------------------------------
/burp/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorController.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used by an
14 | * IMessageEditor to obtain details about the currently displayed
15 | * message. Extensions that create instances of Burp's HTTP message editor can
16 | * optionally provide an implementation of
17 | * IMessageEditorController, which the editor will invoke when it
18 | * requires further information about the current message (for example, to send
19 | * it to another Burp tool). Extensions that provide custom editor tabs via an
20 | * IMessageEditorTabFactory will receive a reference to an
21 | * IMessageEditorController object for each tab instance they
22 | * generate, which the tab can invoke if it requires further information about
23 | * the current message.
24 | */
25 | public interface IMessageEditorController
26 | {
27 | /**
28 | * This method is used to retrieve the HTTP service for the current message.
29 | *
30 | * @return The HTTP service for the current message.
31 | */
32 | IHttpService getHttpService();
33 |
34 | /**
35 | * This method is used to retrieve the HTTP request associated with the
36 | * current message (which may itself be a response).
37 | *
38 | * @return The HTTP request associated with the current message.
39 | */
40 | byte[] getRequest();
41 |
42 | /**
43 | * This method is used to retrieve the HTTP response associated with the
44 | * current message (which may itself be a request).
45 | *
46 | * @return The HTTP response associated with the current message.
47 | */
48 | byte[] getResponse();
49 | }
50 |
--------------------------------------------------------------------------------
/src/burp/InsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | public class InsertionPoint implements IScannerInsertionPoint {
4 |
5 | private BurpExtender parent;
6 | private byte[] baseRequest;
7 | private String baseName;
8 | private String baseValue;
9 |
10 | InsertionPoint(BurpExtender newParent, byte[] baseRequest, String basename, String basevalue)
11 | {
12 | this.parent = newParent;
13 | this.baseRequest = baseRequest;
14 | this.baseName = basename;
15 | this.baseValue = basevalue;
16 |
17 | }
18 |
19 | //
20 | // implement IScannerInsertionPoint
21 | //
22 |
23 | @Override
24 | public String getInsertionPointName()
25 | {
26 | return "AES Encrypted Input";
27 | }
28 |
29 | @Override
30 | public String getBaseValue()
31 | {
32 | return baseValue;
33 | }
34 |
35 | @Override
36 | public byte[] buildRequest(byte[] payload)
37 | {
38 | String payloadPlain = parent.helpers.bytesToString(payload);
39 | String payloadEncrypted = "";
40 | try {
41 | payloadEncrypted = parent.encrypt(payloadPlain);
42 | } catch(Exception e) {
43 | parent.callbacks.issueAlert(e.toString());
44 | }
45 | parent.callbacks.issueAlert("Inserting " + payloadPlain + " [" + payloadEncrypted + "] in parameter " + baseName);
46 |
47 | // TODO: Only URL parameters, must change to support POST parameters, cookies, etc.
48 | return parent.helpers.updateParameter(baseRequest, parent.helpers.buildParameter(baseName, payloadEncrypted, IParameter.PARAM_URL));
49 | }
50 |
51 | @Override
52 | public int[] getPayloadOffsets(byte[] payload)
53 | {
54 | // since the payload is being inserted into a serialized data structure, there aren't any offsets
55 | // into the request where the payload literally appears
56 | return null;
57 | }
58 |
59 | @Override
60 | public byte getInsertionPointType()
61 | {
62 | return INS_EXTENSION_PROVIDED;
63 | }
64 | }
--------------------------------------------------------------------------------
/burp/burp/IMessageEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's HTTP
16 | * message editor, for the extension to use in its own UI. Extensions should
17 | * call
18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an
19 | * instance of this interface.
20 | */
21 | public interface IMessageEditor
22 | {
23 | /**
24 | * This method returns the UI component of the editor, for extensions to add
25 | * to their own UI.
26 | *
27 | * @return The UI component of the editor.
28 | */
29 | Component getComponent();
30 |
31 | /**
32 | * This method is used to display an HTTP message in the editor.
33 | *
34 | * @param message The HTTP message to be displayed.
35 | * @param isRequest Flags whether the message is an HTTP request or
36 | * response.
37 | */
38 | void setMessage(byte[] message, boolean isRequest);
39 |
40 | /**
41 | * This method is used to retrieve the currently displayed message, which
42 | * may have been modified by the user.
43 | *
44 | * @return The currently displayed HTTP message.
45 | */
46 | byte[] getMessage();
47 |
48 | /**
49 | * This method is used to determine whether the current message has been
50 | * modified by the user.
51 | *
52 | * @return An indication of whether the current message has been modified by
53 | * the user since it was first displayed.
54 | */
55 | boolean isMessageModified();
56 |
57 | /**
58 | * This method returns the data that is currently selected by the user.
59 | *
60 | * @return The data that is currently selected by the user, or
61 | * null if no selection is made.
62 | */
63 | byte[] getSelectedData();
64 | }
65 |
--------------------------------------------------------------------------------
/burp/burp/ISessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ISessionHandlingAction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to
15 | * register a custom session handling action. Each registered action will be
16 | * available within the session handling rule UI for the user to select as a
17 | * rule action. Users can choose to invoke an action directly in its own right,
18 | * or following execution of a macro.
19 | */
20 | public interface ISessionHandlingAction
21 | {
22 | /**
23 | * This method is used by Burp to obtain the name of the session handling
24 | * action. This will be displayed as an option within the session handling
25 | * rule editor when the user selects to execute an extension-provided
26 | * action.
27 | *
28 | * @return The name of the action.
29 | */
30 | String getActionName();
31 |
32 | /**
33 | * This method is invoked when the session handling action should be
34 | * executed. This may happen as an action in its own right, or as a
35 | * sub-action following execution of a macro.
36 | *
37 | * @param currentRequest The base request that is currently being processed.
38 | * The action can query this object to obtain details about the base
39 | * request. It can issue additional requests of its own if necessary, and
40 | * can use the setter methods on this object to update the base request.
41 | * @param macroItems If the action is invoked following execution of a
42 | * macro, this parameter contains the result of executing the macro.
43 | * Otherwise, it is
44 | * null. Actions can use the details of the macro items to
45 | * perform custom analysis of the macro to derive values of non-standard
46 | * session handling tokens, etc.
47 | */
48 | void performAction(
49 | IHttpRequestResponse currentRequest,
50 | IHttpRequestResponse[] macroItems);
51 | }
52 |
--------------------------------------------------------------------------------
/burp/burp/IResponseInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to retrieve key details about an HTTP response.
16 | * Extensions can obtain an
17 | * IResponseInfo object for a given response by calling
18 | * IExtensionHelpers.analyzeResponse().
19 | */
20 | public interface IResponseInfo
21 | {
22 | /**
23 | * This method is used to obtain the HTTP headers contained in the response.
24 | *
25 | * @return The HTTP headers contained in the response.
26 | */
27 | ListICookie objects representing the cookies
50 | * set in the response, if any.
51 | */
52 | ListIBurpExtenderCallbacks.doActiveScan().
17 | */
18 | public interface IScanQueueItem
19 | {
20 | /**
21 | * This method returns a description of the status of the scan queue item.
22 | *
23 | * @return A description of the status of the scan queue item.
24 | */
25 | String getStatus();
26 |
27 | /**
28 | * This method returns an indication of the percentage completed for the
29 | * scan queue item.
30 | *
31 | * @return An indication of the percentage completed for the scan queue
32 | * item.
33 | */
34 | byte getPercentageComplete();
35 |
36 | /**
37 | * This method returns the number of requests that have been made for the
38 | * scan queue item.
39 | *
40 | * @return The number of requests that have been made for the scan queue
41 | * item.
42 | */
43 | int getNumRequests();
44 |
45 | /**
46 | * This method returns the number of network errors that have occurred for
47 | * the scan queue item.
48 | *
49 | * @return The number of network errors that have occurred for the scan
50 | * queue item.
51 | */
52 | int getNumErrors();
53 |
54 | /**
55 | * This method returns the number of attack insertion points being used for
56 | * the scan queue item.
57 | *
58 | * @return The number of attack insertion points being used for the scan
59 | * queue item.
60 | */
61 | int getNumInsertionPoints();
62 |
63 | /**
64 | * This method allows the scan queue item to be canceled.
65 | */
66 | void cancel();
67 |
68 | /**
69 | * This method returns details of the issues generated for the scan queue
70 | * item. Note: different items within the scan queue may contain
71 | * duplicated versions of the same issues - for example, if the same request
72 | * has been scanned multiple times. Duplicated issues are consolidated in
73 | * the main view of scan results. Extensions can register an
74 | * IScannerListener to get details only of unique, newly
75 | * discovered Scanner issues post-consolidation.
76 | *
77 | * @return Details of the issues generated for the scan queue item.
78 | */
79 | IScanIssue[] getIssues();
80 | }
81 |
--------------------------------------------------------------------------------
/burp/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IRequestInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface is used to retrieve key details about an HTTP request.
17 | * Extensions can obtain an
18 | * IRequestInfo object for a given request by calling
19 | * IExtensionHelpers.analyzeRequest().
20 | */
21 | public interface IRequestInfo
22 | {
23 | /**
24 | * Used to indicate that there is no content.
25 | */
26 | static final byte CONTENT_TYPE_NONE = 0;
27 | /**
28 | * Used to indicate URL-encoded content.
29 | */
30 | static final byte CONTENT_TYPE_URL_ENCODED = 1;
31 | /**
32 | * Used to indicate multi-part content.
33 | */
34 | static final byte CONTENT_TYPE_MULTIPART = 2;
35 | /**
36 | * Used to indicate XML content.
37 | */
38 | static final byte CONTENT_TYPE_XML = 3;
39 | /**
40 | * Used to indicate JSON content.
41 | */
42 | static final byte CONTENT_TYPE_JSON = 4;
43 | /**
44 | * Used to indicate AMF content.
45 | */
46 | static final byte CONTENT_TYPE_AMF = 5;
47 | /**
48 | * Used to indicate unknown content.
49 | */
50 | static final byte CONTENT_TYPE_UNKNOWN = -1;
51 |
52 | /**
53 | * This method is used to obtain the HTTP method used in the request.
54 | *
55 | * @return The HTTP method used in the request.
56 | */
57 | String getMethod();
58 |
59 | /**
60 | * This method is used to obtain the URL in the request.
61 | *
62 | * @return The URL in the request.
63 | */
64 | URL getUrl();
65 |
66 | /**
67 | * This method is used to obtain the HTTP headers contained in the request.
68 | *
69 | * @return The HTTP headers contained in the request.
70 | */
71 | ListIBurpExtenderCallbacks.createTextEditor() to obtain an instance
18 | * of this interface.
19 | */
20 | public interface ITextEditor
21 | {
22 | /**
23 | * This method returns the UI component of the editor, for extensions to add
24 | * to their own UI.
25 | *
26 | * @return The UI component of the editor.
27 | */
28 | Component getComponent();
29 |
30 | /**
31 | * This method is used to control whether the editor is currently editable.
32 | * This status can be toggled on and off as required.
33 | *
34 | * @param editable Indicates whether the editor should be currently
35 | * editable.
36 | */
37 | void setEditable(boolean editable);
38 |
39 | /**
40 | * This method is used to update the currently displayed text in the editor.
41 | *
42 | * @param text The text to be displayed.
43 | */
44 | void setText(byte[] text);
45 |
46 | /**
47 | * This method is used to retrieve the currently displayed text.
48 | *
49 | * @return The currently displayed text.
50 | */
51 | byte[] getText();
52 |
53 | /**
54 | * This method is used to determine whether the user has modified the
55 | * contents of the editor.
56 | *
57 | * @return An indication of whether the user has modified the contents of
58 | * the editor since the last call to
59 | * setText().
60 | */
61 | boolean isTextModified();
62 |
63 | /**
64 | * This method is used to obtain the currently selected text.
65 | *
66 | * @return The currently selected text, or
67 | * null if the user has not made any selection.
68 | */
69 | byte[] getSelectedText();
70 |
71 | /**
72 | * This method can be used to retrieve the bounds of the user's selection
73 | * into the displayed text, if applicable.
74 | *
75 | * @return An int[2] array containing the start and end offsets of the
76 | * user's selection within the displayed text. If the user has not made any
77 | * selection in the current message, both offsets indicate the position of
78 | * the caret within the editor.
79 | */
80 | int[] getSelectionBounds();
81 |
82 | /**
83 | * This method is used to update the search expression that is shown in the
84 | * search bar below the editor. The editor will automatically highlight any
85 | * regions of the displayed text that match the search expression.
86 | *
87 | * @param expression The search expression.
88 | */
89 | void setSearchExpression(String expression);
90 | }
91 |
--------------------------------------------------------------------------------
/burp/burp/IHttpRequestResponse.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponse.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve and update details about HTTP messages.
14 | *
15 | * Note: The setter methods generally can only be used before the message
16 | * has been processed, and not in read-only contexts. The getter methods
17 | * relating to response details can only be used after the request has been
18 | * issued.
19 | */
20 | public interface IHttpRequestResponse
21 | {
22 | /**
23 | * This method is used to retrieve the request message.
24 | *
25 | * @return The request message.
26 | */
27 | byte[] getRequest();
28 |
29 | /**
30 | * This method is used to update the request message.
31 | *
32 | * @param message The new request message.
33 | */
34 | void setRequest(byte[] message);
35 |
36 | /**
37 | * This method is used to retrieve the response message.
38 | *
39 | * @return The response message.
40 | */
41 | byte[] getResponse();
42 |
43 | /**
44 | * This method is used to update the response message.
45 | *
46 | * @param message The new response message.
47 | */
48 | void setResponse(byte[] message);
49 |
50 | /**
51 | * This method is used to retrieve the user-annotated comment for this item,
52 | * if applicable.
53 | *
54 | * @return The user-annotated comment for this item, or null if none is set.
55 | */
56 | String getComment();
57 |
58 | /**
59 | * This method is used to update the user-annotated comment for this item.
60 | *
61 | * @param comment The comment to be assigned to this item.
62 | */
63 | void setComment(String comment);
64 |
65 | /**
66 | * This method is used to retrieve the user-annotated highlight for this
67 | * item, if applicable.
68 | *
69 | * @return The user-annotated highlight for this item, or null if none is
70 | * set.
71 | */
72 | String getHighlight();
73 |
74 | /**
75 | * This method is used to update the user-annotated highlight for this item.
76 | *
77 | * @param color The highlight color to be assigned to this item. Accepted
78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
79 | * or a null String to clear any existing highlight.
80 | */
81 | void setHighlight(String color);
82 |
83 | /**
84 | * This method is used to retrieve the HTTP service for this request /
85 | * response.
86 | *
87 | * @return An
88 | * IHttpService object containing details of the HTTP service.
89 | */
90 | IHttpService getHttpService();
91 |
92 | /**
93 | * This method is used to update the HTTP service for this request /
94 | * response.
95 | *
96 | * @param httpService An
97 | * IHttpService object containing details of the new HTTP
98 | * service.
99 | */
100 | void setHttpService(IHttpService httpService);
101 |
102 | }
103 |
--------------------------------------------------------------------------------
/burp/burp/IParameter.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IParameter.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an HTTP request parameter.
14 | */
15 | public interface IParameter
16 | {
17 | /**
18 | * Used to indicate a parameter within the URL query string.
19 | */
20 | static final byte PARAM_URL = 0;
21 | /**
22 | * Used to indicate a parameter within the message body.
23 | */
24 | static final byte PARAM_BODY = 1;
25 | /**
26 | * Used to indicate an HTTP cookie.
27 | */
28 | static final byte PARAM_COOKIE = 2;
29 | /**
30 | * Used to indicate an item of data within an XML structure.
31 | */
32 | static final byte PARAM_XML = 3;
33 | /**
34 | * Used to indicate the value of a tag attribute within an XML structure.
35 | */
36 | static final byte PARAM_XML_ATTR = 4;
37 | /**
38 | * Used to indicate the value of a parameter attribute within a multi-part
39 | * message body (such as the name of an uploaded file).
40 | */
41 | static final byte PARAM_MULTIPART_ATTR = 5;
42 | /**
43 | * Used to indicate an item of data within a JSON structure.
44 | */
45 | static final byte PARAM_JSON = 6;
46 |
47 | /**
48 | * This method is used to retrieve the parameter type.
49 | *
50 | * @return The parameter type. The available types are defined within this
51 | * interface.
52 | */
53 | byte getType();
54 |
55 | /**
56 | * This method is used to retrieve the parameter name.
57 | *
58 | * @return The parameter name.
59 | */
60 | String getName();
61 |
62 | /**
63 | * This method is used to retrieve the parameter value.
64 | *
65 | * @return The parameter value.
66 | */
67 | String getValue();
68 |
69 | /**
70 | * This method is used to retrieve the start offset of the parameter name
71 | * within the HTTP request.
72 | *
73 | * @return The start offset of the parameter name within the HTTP request,
74 | * or -1 if the parameter is not associated with a specific request.
75 | */
76 | int getNameStart();
77 |
78 | /**
79 | * This method is used to retrieve the end offset of the parameter name
80 | * within the HTTP request.
81 | *
82 | * @return The end offset of the parameter name within the HTTP request, or
83 | * -1 if the parameter is not associated with a specific request.
84 | */
85 | int getNameEnd();
86 |
87 | /**
88 | * This method is used to retrieve the start offset of the parameter value
89 | * within the HTTP request.
90 | *
91 | * @return The start offset of the parameter value within the HTTP request,
92 | * or -1 if the parameter is not associated with a specific request.
93 | */
94 | int getValueStart();
95 |
96 | /**
97 | * This method is used to retrieve the end offset of the parameter value
98 | * within the HTTP request.
99 | *
100 | * @return The end offset of the parameter value within the HTTP request, or
101 | * -1 if the parameter is not associated with a specific request.
102 | */
103 | int getValueEnd();
104 | }
105 |
--------------------------------------------------------------------------------
/burp/burp/IMessageEditorTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * Extensions that register an
16 | * IMessageEditorTabFactory must return instances of this
17 | * interface, which Burp will use to create custom tabs within its HTTP message
18 | * editors.
19 | */
20 | public interface IMessageEditorTab
21 | {
22 | /**
23 | * This method returns the caption that should appear on the custom tab when
24 | * it is displayed. Note: Burp invokes this method once when the tab
25 | * is first generated, and the same caption will be used every time the tab
26 | * is displayed.
27 | *
28 | * @return The caption that should appear on the custom tab when it is
29 | * displayed.
30 | */
31 | String getTabCaption();
32 |
33 | /**
34 | * This method returns the component that should be used as the contents of
35 | * the custom tab when it is displayed. Note: Burp invokes this
36 | * method once when the tab is first generated, and the same component will
37 | * be used every time the tab is displayed.
38 | *
39 | * @return The component that should be used as the contents of the custom
40 | * tab when it is displayed.
41 | */
42 | Component getUiComponent();
43 |
44 | /**
45 | * The hosting editor will invoke this method before it displays a new HTTP
46 | * message, so that the custom tab can indicate whether it should be enabled
47 | * for that message.
48 | *
49 | * @param content The message that is about to be displayed.
50 | * @param isRequest Indicates whether the message is a request or a
51 | * response.
52 | * @return The method should return
53 | * true if the custom tab is able to handle the specified
54 | * message, and so will be displayed within the editor. Otherwise, the tab
55 | * will be hidden while this message is displayed.
56 | */
57 | boolean isEnabled(byte[] content, boolean isRequest);
58 |
59 | /**
60 | * The hosting editor will invoke this method to display a new message or to
61 | * clear the existing message. This method will only be called with a new
62 | * message if the tab has already returned
63 | * true to a call to
64 | * isEnabled() with the same message details.
65 | *
66 | * @param content The message that is to be displayed, or
67 | * null if the tab should clear its contents and disable any
68 | * editable controls.
69 | * @param isRequest Indicates whether the message is a request or a
70 | * response.
71 | */
72 | void setMessage(byte[] content, boolean isRequest);
73 |
74 | /**
75 | * This method returns the currently displayed message.
76 | *
77 | * @return The currently displayed message.
78 | */
79 | byte[] getMessage();
80 |
81 | /**
82 | * This method is used to determine whether the currently displayed message
83 | * has been modified by the user. The hosting editor will always call
84 | * getMessage() before calling this method, so any pending
85 | * edits should be completed within
86 | * getMessage().
87 | *
88 | * @return The method should return
89 | * true if the user has modified the current message since it
90 | * was first displayed.
91 | */
92 | boolean isModified();
93 |
94 | /**
95 | * This method is used to retrieve the data that is currently selected by
96 | * the user.
97 | *
98 | * @return The data that is currently selected by the user. This may be
99 | * null if no selection is currently made.
100 | */
101 | byte[] getSelectedData();
102 | }
103 |
--------------------------------------------------------------------------------
/burp/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanIssue.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of Scanner issues. Extensions can
14 | * obtain details of issues by registering an
15 | * IScannerListener or by calling
16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add
17 | * custom Scanner issues by registering an
18 | * IScannerCheck or calling
19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own
20 | * implementations of this interface
21 | */
22 | public interface IScanIssue
23 | {
24 | /**
25 | * This method returns the URL for which the issue was generated.
26 | *
27 | * @return The URL for which the issue was generated.
28 | */
29 | java.net.URL getUrl();
30 |
31 | /**
32 | * This method returns the name of the issue type.
33 | *
34 | * @return The name of the issue type (e.g. "SQL injection").
35 | */
36 | String getIssueName();
37 |
38 | /**
39 | * This method returns a numeric identifier of the issue type. See the Burp
40 | * Scanner help documentation for a listing of all the issue types.
41 | *
42 | * @return A numeric identifier of the issue type.
43 | */
44 | int getIssueType();
45 |
46 | /**
47 | * This method returns the issue severity level.
48 | *
49 | * @return The issue severity level. Expected values are "High", "Medium",
50 | * "Low", "Information" or "False positive".
51 | *
52 | */
53 | String getSeverity();
54 |
55 | /**
56 | * This method returns the issue confidence level.
57 | *
58 | * @return The issue confidence level. Expected values are "Certain", "Firm"
59 | * or "Tentative".
60 | */
61 | String getConfidence();
62 |
63 | /**
64 | * This method returns a background description for this type of issue.
65 | *
66 | * @return A background description for this type of issue, or
67 | * null if none applies.
68 | */
69 | String getIssueBackground();
70 |
71 | /**
72 | * This method returns a background description of the remediation for this
73 | * type of issue.
74 | *
75 | * @return A background description of the remediation for this type of
76 | * issue, or
77 | * null if none applies.
78 | */
79 | String getRemediationBackground();
80 |
81 | /**
82 | * This method returns detailed information about this specific instance of
83 | * the issue.
84 | *
85 | * @return Detailed information about this specific instance of the issue,
86 | * or
87 | * null if none applies.
88 | */
89 | String getIssueDetail();
90 |
91 | /**
92 | * This method returns detailed information about the remediation for this
93 | * specific instance of the issue.
94 | *
95 | * @return Detailed information about the remediation for this specific
96 | * instance of the issue, or
97 | * null if none applies.
98 | */
99 | String getRemediationDetail();
100 |
101 | /**
102 | * This method returns the HTTP messages on the basis of which the issue was
103 | * generated.
104 | *
105 | * @return The HTTP messages on the basis of which the issue was generated.
106 | * Note: The items in this array should be instances of
107 | * IHttpRequestResponseWithMarkers if applicable, so that
108 | * details of the relevant portions of the request and response messages are
109 | * available.
110 | */
111 | IHttpRequestResponse[] getHttpMessages();
112 |
113 | /**
114 | * This method returns the HTTP service for which the issue was generated.
115 | *
116 | * @return The HTTP service for which the issue was generated.
117 | */
118 | IHttpService getHttpService();
119 |
120 | }
121 |
--------------------------------------------------------------------------------
/burp/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerCheck.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a
17 | * custom Scanner check. When performing scanning, Burp will ask the check to
18 | * perform active or passive scanning on the base request, and report any
19 | * Scanner issues that are identified.
20 | */
21 | public interface IScannerCheck
22 | {
23 | /**
24 | * The Scanner invokes this method for each base request / response that is
25 | * passively scanned. Note: Extensions should not only analyze the
26 | * HTTP messages provided during passive scanning, and should not make any
27 | * new HTTP requests of their own.
28 | *
29 | * @param baseRequestResponse The base HTTP request / response that should
30 | * be passively scanned.
31 | * @return A list of
32 | * IScanIssue objects, or
33 | * null if no issues are identified.
34 | */
35 | ListIScannerInsertionPoint object provided to build scan
42 | * requests for particular payloads. Note: Extensions are responsible
43 | * for ensuring that attack payloads are suitably encoded within requests
44 | * (for example, by URL-encoding relevant metacharacters in the URL query
45 | * string). Encoding is not automatically carried out by the
46 | * IScannerInsertionPoint, because this would prevent Scanner
47 | * checks from testing for certain input filter bypasses. Extensions should
48 | * query the
49 | * IScannerInsertionPoint to determine its type, and apply any
50 | * encoding that may be appropriate.
51 | *
52 | * @param baseRequestResponse The base HTTP request / response that should
53 | * be actively scanned.
54 | * @param insertionPoint An
55 | * IScannerInsertionPoint object that can be queried to obtain
56 | * details of the insertion point being tested, and can be used to build
57 | * scan requests for particular payloads.
58 | * @return A list of
59 | * IScanIssue objects, or
60 | * null if no issues are identified.
61 | */
62 | List-1 to report the existing issue only,
83 | * 0 to report both issues, and
84 | * 1 to report the new issue only.
85 | */
86 | int consolidateDuplicateIssues(
87 | IScanIssue existingIssue,
88 | IScanIssue newIssue);
89 | }
90 |
--------------------------------------------------------------------------------
/burp/burp/IInterceptedProxyMessage.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IInterceptedProxyMessage.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.InetAddress;
13 |
14 | /**
15 | * This interface is used to represent an HTTP message that has been intercepted
16 | * by Burp Proxy. Extensions can register an
17 | * IProxyListener to receive details of proxy messages using this
18 | * interface. *
19 | */
20 | public interface IInterceptedProxyMessage
21 | {
22 | /**
23 | * This action causes Burp Proxy to follow the current interception rules to
24 | * determine the appropriate action to take for the message.
25 | */
26 | static final int ACTION_FOLLOW_RULES = 0;
27 | /**
28 | * This action causes Burp Proxy to present the message to the user for
29 | * manual review or modification.
30 | */
31 | static final int ACTION_DO_INTERCEPT = 1;
32 | /**
33 | * This action causes Burp Proxy to forward the message to the remote server
34 | * or client, without presenting it to the user.
35 | */
36 | static final int ACTION_DONT_INTERCEPT = 2;
37 | /**
38 | * This action causes Burp Proxy to drop the message.
39 | */
40 | static final int ACTION_DROP = 3;
41 | /**
42 | * This action causes Burp Proxy to follow the current interception rules to
43 | * determine the appropriate action to take for the message, and then make a
44 | * second call to processProxyMessage.
45 | */
46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
47 | /**
48 | * This action causes Burp Proxy to present the message to the user for
49 | * manual review or modification, and then make a second call to
50 | * processProxyMessage.
51 | */
52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
53 | /**
54 | * This action causes Burp Proxy to skip user interception, and then make a
55 | * second call to processProxyMessage.
56 | */
57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
58 |
59 | /**
60 | * This method retrieves a unique reference number for this
61 | * request/response.
62 | *
63 | * @return An identifier that is unique to a single request/response pair.
64 | * Extensions can use this to correlate details of requests and responses
65 | * and perform processing on the response message accordingly.
66 | */
67 | int getMessageReference();
68 |
69 | /**
70 | * This method retrieves details of the intercepted message.
71 | *
72 | * @return An IHttpRequestResponse object containing details of
73 | * the intercepted message.
74 | */
75 | IHttpRequestResponse getMessageInfo();
76 |
77 | /**
78 | * This method retrieves the currently defined interception action. The
79 | * default action is
80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
81 | * registered, then other listeners may already have modified the
82 | * interception action before it reaches the current listener. This method
83 | * can be used to determine whether this has occurred.
84 | *
85 | * @return The currently defined interception action. Possible values are
86 | * defined within this interface.
87 | */
88 | int getInterceptAction();
89 |
90 | /**
91 | * This method is used to update the interception action.
92 | *
93 | * @param interceptAction The new interception action. Possible values are
94 | * defined within this interface.
95 | */
96 | void setInterceptAction(int interceptAction);
97 |
98 | /**
99 | * This method retrieves the name of the Burp Proxy listener that is
100 | * processing the intercepted message.
101 | *
102 | * @return The name of the Burp Proxy listener that is processing the
103 | * intercepted message. The format is the same as that shown in the Proxy
104 | * Listeners UI - for example, "127.0.0.1:8080".
105 | */
106 | String getListenerInterface();
107 |
108 | /**
109 | * This method retrieves the client IP address from which the request for
110 | * the intercepted message was received.
111 | *
112 | * @return The client IP address from which the request for the intercepted
113 | * message was received.
114 | */
115 | InetAddress getClientIpAddress();
116 | }
117 |
--------------------------------------------------------------------------------
/burp/burp/IScannerInsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPoint.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to define an insertion point for use by active Scanner
14 | * checks. Extensions can obtain instances of this interface by registering an
15 | * IScannerCheck, or can create instances for use by Burp's own
16 | * scan checks by registering an
17 | * IScannerInsertionPointProvider.
18 | */
19 | public interface IScannerInsertionPoint
20 | {
21 | /**
22 | * Used to indicate where the payload is inserted into the value of a URL
23 | * parameter.
24 | */
25 | static final byte INS_PARAM_URL = 0x00;
26 | /**
27 | * Used to indicate where the payload is inserted into the value of a body
28 | * parameter.
29 | */
30 | static final byte INS_PARAM_BODY = 0x01;
31 | /**
32 | * Used to indicate where the payload is inserted into the value of an HTTP
33 | * cookie.
34 | */
35 | static final byte INS_PARAM_COOKIE = 0x02;
36 | /**
37 | * Used to indicate where the payload is inserted into the value of an item
38 | * of data within an XML data structure.
39 | */
40 | static final byte INS_PARAM_XML = 0x03;
41 | /**
42 | * Used to indicate where the payload is inserted into the value of a tag
43 | * attribute within an XML structure.
44 | */
45 | static final byte INS_PARAM_XML_ATTR = 0x04;
46 | /**
47 | * Used to indicate where the payload is inserted into the value of a
48 | * parameter attribute within a multi-part message body (such as the name of
49 | * an uploaded file).
50 | */
51 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
52 | /**
53 | * Used to indicate where the payload is inserted into the value of an item
54 | * of data within a JSON structure.
55 | */
56 | static final byte INS_PARAM_JSON = 0x06;
57 | /**
58 | * Used to indicate where the payload is inserted into the value of an AMF
59 | * parameter.
60 | */
61 | static final byte INS_PARAM_AMF = 0x07;
62 | /**
63 | * Used to indicate where the payload is inserted into the value of an HTTP
64 | * request header.
65 | */
66 | static final byte INS_HEADER = 0x20;
67 | /**
68 | * Used to indicate where the payload is inserted into a REST parameter
69 | * within the URL file path.
70 | */
71 | static final byte INS_URL_REST = 0x21;
72 | /**
73 | * Used to indicate where the payload is inserted into the name of an added
74 | * URL parameter.
75 | */
76 | static final byte INS_PARAM_NAME_URL = 0x22;
77 | /**
78 | * Used to indicate where the payload is inserted into the name of an added
79 | * body parameter.
80 | */
81 | static final byte INS_PARAM_NAME_BODY = 0x23;
82 | /**
83 | * Used to indicate where the payload is inserted at a location manually
84 | * configured by the user.
85 | */
86 | static final byte INS_USER_PROVIDED = 0x40;
87 | /**
88 | * Used to indicate where the insertion point is provided by an
89 | * extension-registered
90 | * IScannerInsertionPointProvider.
91 | */
92 | static final byte INS_EXTENSION_PROVIDED = 0x41;
93 | /**
94 | * Used to indicate where the payload is inserted at an unknown location
95 | * within the request.
96 | */
97 | static final byte INS_UNKNOWN = 0x7f;
98 |
99 | /**
100 | * This method returns the name of the insertion point.
101 | *
102 | * @return The name of the insertion point (for example, a description of a
103 | * particular request parameter).
104 | */
105 | String getInsertionPointName();
106 |
107 | /**
108 | * This method returns the base value for this insertion point.
109 | *
110 | * @return the base value that appears in this insertion point in the base
111 | * request being scanned, or
112 | * null if there is no value in the base request that
113 | * corresponds to this insertion point.
114 | */
115 | String getBaseValue();
116 |
117 | /**
118 | * This method is used to build a request with the specified payload placed
119 | * into the insertion point. Any necessary adjustments to the Content-Length
120 | * header will be made by the Scanner itself when the request is issued, and
121 | * there is no requirement for the insertion point to do this. Note:
122 | * Burp's built-in scan checks do not apply any payload encoding (such as
123 | * URL-encoding) when dealing with an extension-provided insertion point.
124 | * Custom insertion points are responsible for performing any data encoding
125 | * that is necessary given the nature and location of the insertion point.
126 | *
127 | * @param payload The payload that should be placed into the insertion
128 | * point.
129 | * @return The resulting request.
130 | */
131 | byte[] buildRequest(byte[] payload);
132 |
133 | /**
134 | * This method is used to determine the offsets of the payload value within
135 | * the request, when it is placed into the insertion point. Scan checks may
136 | * invoke this method when reporting issues, so as to highlight the relevant
137 | * part of the request within the UI.
138 | *
139 | * @param payload The payload that should be placed into the insertion
140 | * point.
141 | * @return An int[2] array containing the start and end offsets of the
142 | * payload within the request, or null if this is not applicable (for
143 | * example, where the insertion point places a payload into a serialized
144 | * data structure, the raw payload may not literally appear anywhere within
145 | * the resulting request).
146 | */
147 | int[] getPayloadOffsets(byte[] payload);
148 |
149 | /**
150 | * This method returns the type of the insertion point.
151 | *
152 | * @return The type of the insertion point. Available types are defined in
153 | * this interface.
154 | */
155 | byte getInsertionPointType();
156 | }
157 |
--------------------------------------------------------------------------------
/burp/burp/IContextMenuInvocation.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuInvocation.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.event.InputEvent;
13 |
14 | /**
15 | * This interface is used when Burp calls into an extension-provided
16 | * IContextMenuFactory with details of a context menu invocation.
17 | * The custom context menu factory can query this interface to obtain details of
18 | * the invocation event, in order to determine what menu items should be
19 | * displayed.
20 | */
21 | public interface IContextMenuInvocation
22 | {
23 | /**
24 | * Used to indicate that the context menu is being invoked in a request
25 | * editor.
26 | */
27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
28 | /**
29 | * Used to indicate that the context menu is being invoked in a response
30 | * editor.
31 | */
32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
33 | /**
34 | * Used to indicate that the context menu is being invoked in a non-editable
35 | * request viewer.
36 | */
37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
38 | /**
39 | * Used to indicate that the context menu is being invoked in a non-editable
40 | * response viewer.
41 | */
42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
43 | /**
44 | * Used to indicate that the context menu is being invoked in the Target
45 | * site map tree.
46 | */
47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
48 | /**
49 | * Used to indicate that the context menu is being invoked in the Target
50 | * site map table.
51 | */
52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
53 | /**
54 | * Used to indicate that the context menu is being invoked in the Proxy
55 | * history.
56 | */
57 | static final byte CONTEXT_PROXY_HISTORY = 6;
58 | /**
59 | * Used to indicate that the context menu is being invoked in the Scanner
60 | * results.
61 | */
62 | static final byte CONTEXT_SCANNER_RESULTS = 7;
63 | /**
64 | * Used to indicate that the context menu is being invoked in the Intruder
65 | * payload positions editor.
66 | */
67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
68 | /**
69 | * Used to indicate that the context menu is being invoked in an Intruder
70 | * attack results.
71 | */
72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
73 | /**
74 | * Used to indicate that the context menu is being invoked in a search
75 | * results window.
76 | */
77 | static final byte CONTEXT_SEARCH_RESULTS = 10;
78 |
79 | /**
80 | * This method can be used to retrieve the native Java input event that was
81 | * the trigger for the context menu invocation.
82 | *
83 | * @return The InputEvent that was the trigger for the context
84 | * menu invocation.
85 | */
86 | InputEvent getInputEvent();
87 |
88 | /**
89 | * This method can be used to retrieve the Burp tool within which the
90 | * context menu was invoked.
91 | *
92 | * @return A flag indicating the Burp tool within which the context menu was
93 | * invoked. Burp tool flags are defined in the
94 | * IBurpExtenderCallbacks interface.
95 | */
96 | int getToolFlag();
97 |
98 | /**
99 | * This method can be used to retrieve the context within which the menu was
100 | * invoked.
101 | *
102 | * @return An index indicating the context within which the menu was
103 | * invoked. The indices used are defined within this interface.
104 | */
105 | byte getInvocationContext();
106 |
107 | /**
108 | * This method can be used to retrieve the bounds of the user's selection
109 | * into the current message, if applicable.
110 | *
111 | * @return An int[2] array containing the start and end offsets of the
112 | * user's selection in the current message. If the user has not made any
113 | * selection in the current message, both offsets indicate the position of
114 | * the caret within the editor. If the menu is not being invoked from a
115 | * message editor, the method returns null.
116 | */
117 | int[] getSelectionBounds();
118 |
119 | /**
120 | * This method can be used to retrieve details of the HTTP requests /
121 | * responses that were shown or selected by the user when the context menu
122 | * was invoked.
123 | *
124 | * Note: For performance reasons, the objects returned from this
125 | * method are tied to the originating context of the messages within the
126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept
127 | * panel, then the
128 | * IHttpRequestResponse returned by this method will reflect
129 | * the current contents of the interception panel, and this will change when
130 | * the current message has been forwarded or dropped. If your extension
131 | * needs to store details of the message for which the context menu has been
132 | * invoked, then you should query those details from the
133 | * IHttpRequestResponse at the time of invocation, or you
134 | * should use
135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a
136 | * persistent read-only copy of the
137 | * IHttpRequestResponse.
138 | *
139 | * @return An array of IHttpRequestResponse objects
140 | * representing the items that were shown or selected by the user when the
141 | * context menu was invoked. This method returns null if no
142 | * messages are applicable to the invocation.
143 | */
144 | IHttpRequestResponse[] getSelectedMessages();
145 |
146 | /**
147 | * This method can be used to retrieve details of the Scanner issues that
148 | * were selected by the user when the context menu was invoked.
149 | *
150 | * @return An array of IScanIssue objects representing the
151 | * issues that were selected by the user when the context menu was invoked.
152 | * This method returns null if no Scanner issues are applicable
153 | * to the invocation.
154 | */
155 | IScanIssue[] getSelectedIssues();
156 | }
157 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "{}"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright {yyyy} {name of copyright owner}
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/burp/burp/IExtensionHelpers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionHelpers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface contains a number of helper methods, which extensions can use
17 | * to assist with various common tasks that arise for Burp extensions.
18 | *
19 | * Extensions can call
20 | * IBurpExtenderCallbacks.getHelpers to obtain an instance of this
21 | * interface.
22 | */
23 | public interface IExtensionHelpers
24 | {
25 | /**
26 | * This method can be used to analyze an HTTP request, and obtain various
27 | * key details about it.
28 | *
29 | * @param request An
30 | * IHttpRequestResponse object containing the request to be
31 | * analyzed.
32 | * @return An
33 | * IRequestInfo object that can be queried to obtain details
34 | * about the request.
35 | */
36 | IRequestInfo analyzeRequest(IHttpRequestResponse request);
37 |
38 | /**
39 | * This method can be used to analyze an HTTP request, and obtain various
40 | * key details about it.
41 | *
42 | * @param httpService The HTTP service associated with the request. This is
43 | * optional and may be
44 | * null, in which case the resulting
45 | * IRequestInfo object will not include the full request URL.
46 | * @param request The request to be analyzed.
47 | * @return An
48 | * IRequestInfo object that can be queried to obtain details
49 | * about the request.
50 | */
51 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
52 |
53 | /**
54 | * This method can be used to analyze an HTTP request, and obtain various
55 | * key details about it. The resulting
56 | * IRequestInfo object will not include the full request URL.
57 | * To obtain the full URL, use one of the other overloaded
58 | * analyzeRequest() methods.
59 | *
60 | * @param request The request to be analyzed.
61 | * @return An
62 | * IRequestInfo object that can be queried to obtain details
63 | * about the request.
64 | */
65 | IRequestInfo analyzeRequest(byte[] request);
66 |
67 | /**
68 | * This method can be used to analyze an HTTP response, and obtain various
69 | * key details about it.
70 | *
71 | * @param response The response to be analyzed.
72 | * @return An
73 | * IResponseInfo object that can be queried to obtain details
74 | * about the response.
75 | */
76 | IResponseInfo analyzeResponse(byte[] response);
77 |
78 | /**
79 | * This method can be used to retrieve details of a specified parameter
80 | * within an HTTP request. Note: Use
81 | * analyzeRequest() to obtain details of all parameters within
82 | * the request.
83 | *
84 | * @param request The request to be inspected for the specified parameter.
85 | * @param parameterName The name of the parameter to retrieve.
86 | * @return An
87 | * IParameter object that can be queried to obtain details
88 | * about the parameter, or
89 | * null if the parameter was not found.
90 | */
91 | IParameter getRequestParameter(byte[] request, String parameterName);
92 |
93 | /**
94 | * This method can be used to URL-decode the specified data.
95 | *
96 | * @param data The data to be decoded.
97 | * @return The decoded data.
98 | */
99 | String urlDecode(String data);
100 |
101 | /**
102 | * This method can be used to URL-encode the specified data. Any characters
103 | * that do not need to be encoded within HTTP requests are not encoded.
104 | *
105 | * @param data The data to be encoded.
106 | * @return The encoded data.
107 | */
108 | String urlEncode(String data);
109 |
110 | /**
111 | * This method can be used to URL-decode the specified data.
112 | *
113 | * @param data The data to be decoded.
114 | * @return The decoded data.
115 | */
116 | byte[] urlDecode(byte[] data);
117 |
118 | /**
119 | * This method can be used to URL-encode the specified data. Any characters
120 | * that do not need to be encoded within HTTP requests are not encoded.
121 | *
122 | * @param data The data to be encoded.
123 | * @return The encoded data.
124 | */
125 | byte[] urlEncode(byte[] data);
126 |
127 | /**
128 | * This method can be used to Base64-decode the specified data.
129 | *
130 | * @param data The data to be decoded.
131 | * @return The decoded data.
132 | */
133 | byte[] base64Decode(String data);
134 |
135 | /**
136 | * This method can be used to Base64-decode the specified data.
137 | *
138 | * @param data The data to be decoded.
139 | * @return The decoded data.
140 | */
141 | byte[] base64Decode(byte[] data);
142 |
143 | /**
144 | * This method can be used to Base64-encode the specified data.
145 | *
146 | * @param data The data to be encoded.
147 | * @return The encoded data.
148 | */
149 | String base64Encode(String data);
150 |
151 | /**
152 | * This method can be used to Base64-encode the specified data.
153 | *
154 | * @param data The data to be encoded.
155 | * @return The encoded data.
156 | */
157 | String base64Encode(byte[] data);
158 |
159 | /**
160 | * This method can be used to convert data from String form into an array of
161 | * bytes. The conversion does not reflect any particular character set, and
162 | * a character with the hex representation 0xWXYZ will always be converted
163 | * into a byte with the representation 0xYZ. It performs the opposite
164 | * conversion to the method
165 | * bytesToString(), and byte-based data that is converted to a
166 | * String and back again using these two methods is guaranteed to retain its
167 | * integrity (which may not be the case with conversions that reflect a
168 | * given character set).
169 | *
170 | * @param data The data to be converted.
171 | * @return The converted data.
172 | */
173 | byte[] stringToBytes(String data);
174 |
175 | /**
176 | * This method can be used to convert data from an array of bytes into
177 | * String form. The conversion does not reflect any particular character
178 | * set, and a byte with the representation 0xYZ will always be converted
179 | * into a character with the hex representation 0x00YZ. It performs the
180 | * opposite conversion to the method
181 | * stringToBytes(), and byte-based data that is converted to a
182 | * String and back again using these two methods is guaranteed to retain its
183 | * integrity (which may not be the case with conversions that reflect a
184 | * given character set).
185 | *
186 | * @param data The data to be converted.
187 | * @return The converted data.
188 | */
189 | String bytesToString(byte[] data);
190 |
191 | /**
192 | * This method searches a piece of data for the first occurrence of a
193 | * specified pattern. It works on byte-based data in a way that is similar
194 | * to the way the native Java method
195 | * String.indexOf() works on String-based data.
196 | *
197 | * @param data The data to be searched.
198 | * @param pattern The pattern to be searched for.
199 | * @param caseSensitive Flags whether or not the search is case-sensitive.
200 | * @param from The offset within
201 | * data where the search should begin.
202 | * @param to The offset within
203 | * data where the search should end.
204 | * @return The offset of the first occurrence of the pattern within the
205 | * specified bounds, or -1 if no match is found.
206 | */
207 | int indexOf(byte[] data,
208 | byte[] pattern,
209 | boolean caseSensitive,
210 | int from,
211 | int to);
212 |
213 | /**
214 | * This method builds an HTTP message containing the specified headers and
215 | * message body. If applicable, the Content-Length header will be added or
216 | * updated, based on the length of the body.
217 | *
218 | * @param headers A list of headers to include in the message.
219 | * @param body The body of the message, of
220 | * null if the message has an empty body.
221 | * @return The resulting full HTTP message.
222 | */
223 | byte[] buildHttpMessage(ListIParameter object containing details of the parameter to be
242 | * added. Supported parameter types are:
243 | * PARAM_URL,
244 | * PARAM_BODY and
245 | * PARAM_COOKIE.
246 | * @return A new HTTP request with the new parameter added.
247 | */
248 | byte[] addParameter(byte[] request, IParameter parameter);
249 |
250 | /**
251 | * This method removes a parameter from an HTTP request, and if appropriate
252 | * updates the Content-Length header.
253 | *
254 | * @param request The request from which the parameter should be removed.
255 | * @param parameter An
256 | * IParameter object containing details of the parameter to be
257 | * removed. Supported parameter types are:
258 | * PARAM_URL,
259 | * PARAM_BODY and
260 | * PARAM_COOKIE.
261 | * @return A new HTTP request with the parameter removed.
262 | */
263 | byte[] removeParameter(byte[] request, IParameter parameter);
264 |
265 | /**
266 | * This method updates the value of a parameter within an HTTP request, and
267 | * if appropriate updates the Content-Length header. Note: This
268 | * method can only be used to update the value of an existing parameter of a
269 | * specified type. If you need to change the type of an existing parameter,
270 | * you should first call
271 | * removeParameter() to remove the parameter with the old type,
272 | * and then call
273 | * addParameter() to add a parameter with the new type.
274 | *
275 | * @param request The request containing the parameter to be updated.
276 | * @param parameter An
277 | * IParameter object containing details of the parameter to be
278 | * updated. Supported parameter types are:
279 | * PARAM_URL,
280 | * PARAM_BODY and
281 | * PARAM_COOKIE.
282 | * @return A new HTTP request with the parameter updated.
283 | */
284 | byte[] updateParameter(byte[] request, IParameter parameter);
285 |
286 | /**
287 | * This method can be used to toggle a request's method between GET and
288 | * POST. Parameters are relocated between the URL query string and message
289 | * body as required, and the Content-Length header is created or removed as
290 | * applicable.
291 | *
292 | * @param request The HTTP request whose method should be toggled.
293 | * @return A new HTTP request using the toggled method.
294 | */
295 | byte[] toggleRequestMethod(byte[] request);
296 |
297 | /**
298 | * This method constructs an
299 | * IHttpService object based on the details provided.
300 | *
301 | * @param host The HTTP service host.
302 | * @param port The HTTP service port.
303 | * @param protocol The HTTP service protocol.
304 | * @return An
305 | * IHttpService object based on the details provided.
306 | */
307 | IHttpService buildHttpService(String host, int port, String protocol);
308 |
309 | /**
310 | * This method constructs an
311 | * IHttpService object based on the details provided.
312 | *
313 | * @param host The HTTP service host.
314 | * @param port The HTTP service port.
315 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
316 | * @return An
317 | * IHttpService object based on the details provided.
318 | */
319 | IHttpService buildHttpService(String host, int port, boolean useHttps);
320 |
321 | /**
322 | * This method constructs an
323 | * IParameter object based on the details provided.
324 | *
325 | * @param name The parameter name.
326 | * @param value The parameter value.
327 | * @param type The parameter type, as defined in the
328 | * IParameter interface.
329 | * @return An
330 | * IParameter object based on the details provided.
331 | */
332 | IParameter buildParameter(String name, String value, byte type);
333 |
334 | /**
335 | * This method constructs an
336 | * IScannerInsertionPoint object based on the details provided.
337 | * It can be used to quickly create a simple insertion point based on a
338 | * fixed payload location within a base request.
339 | *
340 | * @param insertionPointName The name of the insertion point.
341 | * @param baseRequest The request from which to build scan requests.
342 | * @param from The offset of the start of the payload location.
343 | * @param to The offset of the end of the payload location.
344 | * @return An
345 | * IScannerInsertionPoint object based on the details provided.
346 | */
347 | IScannerInsertionPoint makeScannerInsertionPoint(
348 | String insertionPointName,
349 | byte[] baseRequest,
350 | int from,
351 | int to);
352 | }
353 |
--------------------------------------------------------------------------------
/src/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import java.util.ArrayList;
4 | import java.util.List;
5 | import java.awt.*;
6 | import java.security.Key;
7 |
8 | import javax.crypto.Cipher;
9 | import javax.crypto.spec.SecretKeySpec;
10 | import javax.crypto.spec.IvParameterSpec;
11 | import javax.swing.JPanel;
12 | import javax.swing.JTextField;
13 | import javax.swing.SwingUtilities;
14 | import javax.swing.JLabel;
15 | import javax.swing.SwingConstants;
16 | import javax.swing.JTextArea;
17 | import javax.swing.JComboBox;
18 | import javax.swing.DefaultComboBoxModel;
19 | import javax.swing.JCheckBox;
20 | import javax.swing.JButton;
21 |
22 | import java.awt.event.ActionListener;
23 | import java.awt.event.ActionEvent;
24 | import java.beans.PropertyChangeListener;
25 | import java.beans.PropertyChangeEvent;
26 |
27 | public class BurpExtender implements IBurpExtender, IScannerInsertionPointProvider, ITab {
28 |
29 | // IExtensionHelpers helpers;
30 | public IExtensionHelpers helpers;
31 | public IBurpExtenderCallbacks callbacks;
32 |
33 | // GUI Components
34 | private JPanel panel;
35 |
36 | public final String TAB_NAME = "AES Config";
37 | private JTextField parameterAESkey;
38 | private JTextField parameterAESIV;
39 | private JLabel lblDescription;
40 | private JComboBox comboAESMode;
41 | private JLabel lbl3;
42 | private JCheckBox chckbxNewCheckBox;
43 | private JPanel panel_1;
44 | private JButton btnNewButton;
45 | private JTextArea textAreaPlaintext;
46 | private JTextArea textAreaCiphertext;
47 | private JButton btnNewButton_1;
48 | private JLabel lblPlaintext;
49 | private JLabel lblCiphertext;
50 |
51 | public IntruderPayloadProcessor payloadEncryptor;
52 | public IntruderPayloadProcessor payloadDecryptor;
53 |
54 | public Boolean isURLEncoded;
55 |
56 | private JLabel lbl4;
57 | private JComboBox comboEncoding;
58 |
59 | @Override
60 | public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) {
61 | this.callbacks = callbacks;
62 |
63 | // obtain an extension helpers object
64 | helpers = callbacks.getHelpers();
65 |
66 | // set our extension name
67 | callbacks.setExtensionName("AES Crypto v1.0");
68 |
69 | // Register payload encoders
70 | payloadEncryptor = new IntruderPayloadProcessor(this, 1);
71 | callbacks.registerIntruderPayloadProcessor(payloadEncryptor);
72 |
73 | payloadDecryptor = new IntruderPayloadProcessor(this, 0);
74 | callbacks.registerIntruderPayloadProcessor(payloadDecryptor);
75 |
76 | // register ourselves as a scanner insertion point provider
77 | callbacks.registerScannerInsertionPointProvider(this);
78 |
79 | isURLEncoded = false;
80 |
81 | // Create UI
82 | this.addMenuTab();
83 | }
84 |
85 |
86 | /**
87 | * @wbp.parser.entryPoint
88 | *
89 | * This code was built using Eclipse's WindowBuilder
90 | */
91 | public void buildUI() {
92 | panel = new JPanel();
93 | GridBagLayout gbl_panel = new GridBagLayout();
94 | gbl_panel.columnWidths = new int[]{197, 400, 0};
95 | gbl_panel.rowHeights = new int[]{0, 0, 0, 0, 0, 0, 0, 0};
96 | gbl_panel.columnWeights = new double[]{1.0, 1.0, Double.MIN_VALUE};
97 | gbl_panel.rowWeights = new double[]{0.0, 0.0, 0.0, 0.0, 0.0, 0.0, 1.0, Double.MIN_VALUE};
98 | panel.setLayout(gbl_panel);
99 |
100 | lblDescription = new JLabel("BURP AES Manipulation functions v1.0\r\nregisterExtenderCallbacks() method and passes an instance of the
24 | * IBurpExtenderCallbacks interface. The extension may then invoke
25 | * the methods of this interface as required in order to extend Burp's
26 | * functionality.
27 | */
28 | public interface IBurpExtenderCallbacks
29 | {
30 | /**
31 | * Flag used to identify Burp Suite as a whole.
32 | */
33 | static final int TOOL_SUITE = 0x00000001;
34 | /**
35 | * Flag used to identify the Burp Target tool.
36 | */
37 | static final int TOOL_TARGET = 0x00000002;
38 | /**
39 | * Flag used to identify the Burp Proxy tool.
40 | */
41 | static final int TOOL_PROXY = 0x00000004;
42 | /**
43 | * Flag used to identify the Burp Spider tool.
44 | */
45 | static final int TOOL_SPIDER = 0x00000008;
46 | /**
47 | * Flag used to identify the Burp Scanner tool.
48 | */
49 | static final int TOOL_SCANNER = 0x00000010;
50 | /**
51 | * Flag used to identify the Burp Intruder tool.
52 | */
53 | static final int TOOL_INTRUDER = 0x00000020;
54 | /**
55 | * Flag used to identify the Burp Repeater tool.
56 | */
57 | static final int TOOL_REPEATER = 0x00000040;
58 | /**
59 | * Flag used to identify the Burp Sequencer tool.
60 | */
61 | static final int TOOL_SEQUENCER = 0x00000080;
62 | /**
63 | * Flag used to identify the Burp Decoder tool.
64 | */
65 | static final int TOOL_DECODER = 0x00000100;
66 | /**
67 | * Flag used to identify the Burp Comparer tool.
68 | */
69 | static final int TOOL_COMPARER = 0x00000200;
70 | /**
71 | * Flag used to identify the Burp Extender tool.
72 | */
73 | static final int TOOL_EXTENDER = 0x00000400;
74 |
75 | /**
76 | * This method is used to set the display name for the current extension,
77 | * which will be displayed within the user interface for the Extender tool.
78 | *
79 | * @param name The extension name.
80 | */
81 | void setExtensionName(String name);
82 |
83 | /**
84 | * This method is used to obtain an
85 | * IExtensionHelpers object, which can be used by the extension
86 | * to perform numerous useful tasks.
87 | *
88 | * @return An object containing numerous helper methods, for tasks such as
89 | * building and analyzing HTTP requests.
90 | */
91 | IExtensionHelpers getHelpers();
92 |
93 | /**
94 | * This method is used to obtain the current extension's standard output
95 | * stream. Extensions should write all output to this stream, allowing the
96 | * Burp user to configure how that output is handled from within the UI.
97 | *
98 | * @return The extension's standard output stream.
99 | */
100 | OutputStream getStdout();
101 |
102 | /**
103 | * This method is used to obtain the current extension's standard error
104 | * stream. Extensions should write all error messages to this stream,
105 | * allowing the Burp user to configure how that output is handled from
106 | * within the UI.
107 | *
108 | * @return The extension's standard error stream.
109 | */
110 | OutputStream getStderr();
111 |
112 | /**
113 | * This method is used to register a listener which will be notified of
114 | * changes to the extension's state. Note: Any extensions that start
115 | * background threads or open system resources (such as files or database
116 | * connections) should register a listener and terminate threads / close
117 | * resources when the extension is unloaded.
118 | *
119 | * @param listener An object created by the extension that implements the
120 | * IExtensionStateListener interface.
121 | */
122 | void registerExtensionStateListener(IExtensionStateListener listener);
123 |
124 | /**
125 | * This method is used to register a listener which will be notified of
126 | * requests and responses made by any Burp tool. Extensions can perform
127 | * custom analysis or modification of these messages by registering an HTTP
128 | * listener.
129 | *
130 | * @param listener An object created by the extension that implements the
131 | * IHttpListener interface.
132 | */
133 | void registerHttpListener(IHttpListener listener);
134 |
135 | /**
136 | * This method is used to register a listener which will be notified of
137 | * requests and responses being processed by the Proxy tool. Extensions can
138 | * perform custom analysis or modification of these messages, and control
139 | * in-UI message interception, by registering a proxy listener.
140 | *
141 | * @param listener An object created by the extension that implements the
142 | * IProxyListener interface.
143 | */
144 | void registerProxyListener(IProxyListener listener);
145 |
146 | /**
147 | * This method is used to register a listener which will be notified of new
148 | * issues that are reported by the Scanner tool. Extensions can perform
149 | * custom analysis or logging of Scanner issues by registering a Scanner
150 | * listener.
151 | *
152 | * @param listener An object created by the extension that implements the
153 | * IScannerListener interface.
154 | */
155 | void registerScannerListener(IScannerListener listener);
156 |
157 | /**
158 | * This method is used to register a listener which will be notified of
159 | * changes to Burp's suite-wide target scope.
160 | *
161 | * @param listener An object created by the extension that implements the
162 | * IScopeChangeListener interface.
163 | */
164 | void registerScopeChangeListener(IScopeChangeListener listener);
165 |
166 | /**
167 | * This method is used to register a factory for custom context menu items.
168 | * When the user invokes a context menu anywhere within Burp, the factory
169 | * will be passed details of the invocation event, and asked to provide any
170 | * custom context menu items that should be shown.
171 | *
172 | * @param factory An object created by the extension that implements the
173 | * IContextMenuFactory interface.
174 | */
175 | void registerContextMenuFactory(IContextMenuFactory factory);
176 |
177 | /**
178 | * This method is used to register a factory for custom message editor tabs.
179 | * For each message editor that already exists, or is subsequently created,
180 | * within Burp, the factory will be asked to provide a new instance of an
181 | * IMessageEditorTab object, which can provide custom rendering
182 | * or editing of HTTP messages.
183 | *
184 | * @param factory An object created by the extension that implements the
185 | * IMessageEditorTabFactory interface.
186 | */
187 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
188 |
189 | /**
190 | * This method is used to register a provider of Scanner insertion points.
191 | * For each base request that is actively scanned, Burp will ask the
192 | * provider to provide any custom scanner insertion points that are
193 | * appropriate for the request.
194 | *
195 | * @param provider An object created by the extension that implements the
196 | * IScannerInsertionPointProvider interface.
197 | */
198 | void registerScannerInsertionPointProvider(
199 | IScannerInsertionPointProvider provider);
200 |
201 | /**
202 | * This method is used to register a custom Scanner check. When performing
203 | * scanning, Burp will ask the check to perform active or passive scanning
204 | * on the base request, and report any Scanner issues that are identified.
205 | *
206 | * @param check An object created by the extension that implements the
207 | * IScannerCheck interface.
208 | */
209 | void registerScannerCheck(IScannerCheck check);
210 |
211 | /**
212 | * This method is used to register a factory for Intruder payloads. Each
213 | * registered factory will be available within the Intruder UI for the user
214 | * to select as the payload source for an attack. When this is selected, the
215 | * factory will be asked to provide a new instance of an
216 | * IIntruderPayloadGenerator object, which will be used to
217 | * generate payloads for the attack.
218 | *
219 | * @param factory An object created by the extension that implements the
220 | * IIntruderPayloadGeneratorFactory interface.
221 | */
222 | void registerIntruderPayloadGeneratorFactory(
223 | IIntruderPayloadGeneratorFactory factory);
224 |
225 | /**
226 | * This method is used to register a custom Intruder payload processor. Each
227 | * registered processor will be available within the Intruder UI for the
228 | * user to select as the action for a payload processing rule.
229 | *
230 | * @param processor An object created by the extension that implements the
231 | * IIntruderPayloadProcessor interface.
232 | */
233 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
234 |
235 | /**
236 | * This method is used to register a custom session handling action. Each
237 | * registered action will be available within the session handling rule UI
238 | * for the user to select as a rule action. Users can choose to invoke an
239 | * action directly in its own right, or following execution of a macro.
240 | *
241 | * @param action An object created by the extension that implements the
242 | * ISessionHandlingAction interface.
243 | */
244 | void registerSessionHandlingAction(ISessionHandlingAction action);
245 |
246 | /**
247 | * This method is used to unload the extension from Burp Suite.
248 | */
249 | void unloadExtension();
250 |
251 | /**
252 | * This method is used to add a custom tab to the main Burp Suite window.
253 | *
254 | * @param tab An object created by the extension that implements the
255 | * ITab interface.
256 | */
257 | void addSuiteTab(ITab tab);
258 |
259 | /**
260 | * This method is used to remove a previously-added tab from the main Burp
261 | * Suite window.
262 | *
263 | * @param tab An object created by the extension that implements the
264 | * ITab interface.
265 | */
266 | void removeSuiteTab(ITab tab);
267 |
268 | /**
269 | * This method is used to customize UI components in line with Burp's UI
270 | * style, including font size, colors, table line spacing, etc.
271 | *
272 | * @param component The UI component to be customized.
273 | */
274 | void customizeUiComponent(Component component);
275 |
276 | /**
277 | * This method is used to create a new instance of Burp's HTTP message
278 | * editor, for the extension to use in its own UI.
279 | *
280 | * @param controller An object created by the extension that implements the
281 | * IMessageEditorController interface. This parameter is
282 | * optional and may be null. If it is provided, then the
283 | * message editor will query the controller when required to obtain details
284 | * about the currently displayed message, including the
285 | * IHttpService for the message, and the associated request or
286 | * response message. If a controller is not provided, then the message
287 | * editor will not support context menu actions, such as sending requests to
288 | * other Burp tools.
289 | * @param editable Indicates whether the editor created should be editable,
290 | * or used only for message viewing.
291 | * @return An object that implements the IMessageEditor
292 | * interface, and which the extension can use in its own UI.
293 | */
294 | IMessageEditor createMessageEditor(IMessageEditorController controller,
295 | boolean editable);
296 |
297 | /**
298 | * This method returns the command line arguments that were passed to Burp
299 | * on startup.
300 | *
301 | * @return The command line arguments that were passed to Burp on startup.
302 | */
303 | String[] getCommandLineArguments();
304 |
305 | /**
306 | * This method is used to save configuration settings for the extension in a
307 | * persistent way that survives reloads of the extension and of Burp Suite.
308 | * Saved settings can be retrieved using the method
309 | * loadExtensionSetting().
310 | *
311 | * @param name The name of the setting.
312 | * @param value The value of the setting. If this value is null
313 | * then any existing setting with the specified name will be removed.
314 | */
315 | void saveExtensionSetting(String name, String value);
316 |
317 | /**
318 | * This method is used to load configuration settings for the extension that
319 | * were saved using the method
320 | * saveExtensionSetting().
321 | *
322 | * @param name The name of the setting.
323 | * @return The value of the setting, or null if no value is
324 | * set.
325 | */
326 | String loadExtensionSetting(String name);
327 |
328 | /**
329 | * This method is used to create a new instance of Burp's plain text editor,
330 | * for the extension to use in its own UI.
331 | *
332 | * @return An object that implements the ITextEditor interface,
333 | * and which the extension can use in its own UI.
334 | */
335 | ITextEditor createTextEditor();
336 |
337 | /**
338 | * This method can be used to send an HTTP request to the Burp Repeater
339 | * tool. The request will be displayed in the user interface, but will not
340 | * be issued until the user initiates this action.
341 | *
342 | * @param host The hostname of the remote HTTP server.
343 | * @param port The port of the remote HTTP server.
344 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
345 | * @param request The full HTTP request.
346 | * @param tabCaption An optional caption which will appear on the Repeater
347 | * tab containing the request. If this value is null then a
348 | * default tab index will be displayed.
349 | */
350 | void sendToRepeater(
351 | String host,
352 | int port,
353 | boolean useHttps,
354 | byte[] request,
355 | String tabCaption);
356 |
357 | /**
358 | * This method can be used to send an HTTP request to the Burp Intruder
359 | * tool. The request will be displayed in the user interface, and markers
360 | * for attack payloads will be placed into default locations within the
361 | * request.
362 | *
363 | * @param host The hostname of the remote HTTP server.
364 | * @param port The port of the remote HTTP server.
365 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
366 | * @param request The full HTTP request.
367 | */
368 | void sendToIntruder(
369 | String host,
370 | int port,
371 | boolean useHttps,
372 | byte[] request);
373 |
374 | /**
375 | * This method can be used to send an HTTP request to the Burp Intruder
376 | * tool. The request will be displayed in the user interface, and markers
377 | * for attack payloads will be placed into the specified locations within
378 | * the request.
379 | *
380 | * @param host The hostname of the remote HTTP server.
381 | * @param port The port of the remote HTTP server.
382 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
383 | * @param request The full HTTP request.
384 | * @param payloadPositionOffsets A list of index pairs representing the
385 | * payload positions to be used. Each item in the list must be an int[2]
386 | * array containing the start and end offsets for the payload position.
387 | */
388 | void sendToIntruder(
389 | String host,
390 | int port,
391 | boolean useHttps,
392 | byte[] request,
393 | ListIHttpRequestResponse
473 | * interface, and which the extension can query to obtain the details of the
474 | * response.
475 | */
476 | IHttpRequestResponse makeHttpRequest(IHttpService httpService,
477 | byte[] request);
478 |
479 | /**
480 | * This method can be used to issue HTTP requests and retrieve their
481 | * responses.
482 | *
483 | * @param host The hostname of the remote HTTP server.
484 | * @param port The port of the remote HTTP server.
485 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
486 | * @param request The full HTTP request.
487 | * @return The full response retrieved from the remote server.
488 | */
489 | byte[] makeHttpRequest(
490 | String host,
491 | int port,
492 | boolean useHttps,
493 | byte[] request);
494 |
495 | /**
496 | * This method can be used to query whether a specified URL is within the
497 | * current Suite-wide scope.
498 | *
499 | * @param url The URL to query.
500 | * @return Returns true if the URL is within the current
501 | * Suite-wide scope.
502 | */
503 | boolean isInScope(java.net.URL url);
504 |
505 | /**
506 | * This method can be used to include the specified URL in the Suite-wide
507 | * scope.
508 | *
509 | * @param url The URL to include in the Suite-wide scope.
510 | */
511 | void includeInScope(java.net.URL url);
512 |
513 | /**
514 | * This method can be used to exclude the specified URL from the Suite-wide
515 | * scope.
516 | *
517 | * @param url The URL to exclude from the Suite-wide scope.
518 | */
519 | void excludeFromScope(java.net.URL url);
520 |
521 | /**
522 | * This method can be used to display a specified message in the Burp Suite
523 | * alerts tab.
524 | *
525 | * @param message The alert message to display.
526 | */
527 | void issueAlert(String message);
528 |
529 | /**
530 | * This method returns details of all items in the Proxy history.
531 | *
532 | * @return The contents of the Proxy history.
533 | */
534 | IHttpRequestResponse[] getProxyHistory();
535 |
536 | /**
537 | * This method returns details of items in the site map.
538 | *
539 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
540 | * order to extract a specific subset of the site map. The method performs a
541 | * simple case-sensitive text match, returning all site map items whose URL
542 | * begins with the specified prefix. If this parameter is null, the entire
543 | * site map is returned.
544 | *
545 | * @return Details of items in the site map.
546 | */
547 | IHttpRequestResponse[] getSiteMap(String urlPrefix);
548 |
549 | /**
550 | * This method returns all of the current scan issues for URLs matching the
551 | * specified literal prefix.
552 | *
553 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
554 | * order to extract a specific subset of scan issues. The method performs a
555 | * simple case-sensitive text match, returning all scan issues whose URL
556 | * begins with the specified prefix. If this parameter is null, all issues
557 | * are returned.
558 | * @return Details of the scan issues.
559 | */
560 | IScanIssue[] getScanIssues(String urlPrefix);
561 |
562 | /**
563 | * This method is used to generate a report for the specified Scanner
564 | * issues. The report format can be specified. For all other reporting
565 | * options, the default settings that appear in the reporting UI wizard are
566 | * used.
567 | *
568 | * @param format The format to be used in the report. Accepted values are
569 | * HTML and XML.
570 | * @param issues The Scanner issues to be reported.
571 | * @param file The file to which the report will be saved.
572 | */
573 | void generateScanReport(String format, IScanIssue[] issues, java.io.File file);
574 |
575 | /**
576 | * This method is used to retrieve the contents of Burp's session handling
577 | * cookie jar. Extensions that provide an
578 | * ISessionHandlingAction can query and update the cookie jar
579 | * in order to handle unusual session handling mechanisms.
580 | *
581 | * @return A list of ICookie objects representing the contents
582 | * of Burp's session handling cookie jar.
583 | */
584 | ListISessionHandlingAction can query and update the cookie jar
590 | * in order to handle unusual session handling mechanisms.
591 | *
592 | * @param cookie An ICookie object containing details of the
593 | * cookie to be updated. If the cookie jar already contains a cookie that
594 | * matches the specified domain and name, then that cookie will be updated
595 | * with the new value and expiration, unless the new value is
596 | * null, in which case the cookie will be removed. If the
597 | * cookie jar does not already contain a cookie that matches the specified
598 | * domain and name, then the cookie will be added.
599 | */
600 | void updateCookieJar(ICookie cookie);
601 |
602 | /**
603 | * This method can be used to add an item to Burp's site map with the
604 | * specified request/response details. This will overwrite the details of
605 | * any existing matching item in the site map.
606 | *
607 | * @param item Details of the item to be added to the site map
608 | */
609 | void addToSiteMap(IHttpRequestResponse item);
610 |
611 | /**
612 | * This method can be used to restore Burp's state from a specified saved
613 | * state file. This method blocks until the restore operation is completed,
614 | * and must not be called from the event dispatch thread.
615 | *
616 | * @param file The file containing Burp's saved state.
617 | */
618 | void restoreState(java.io.File file);
619 |
620 | /**
621 | * This method can be used to save Burp's state to a specified file. This
622 | * method blocks until the save operation is completed, and must not be
623 | * called from the event dispatch thread.
624 | *
625 | * @param file The file to save Burp's state in.
626 | */
627 | void saveState(java.io.File file);
628 |
629 | /**
630 | * This method causes Burp to save all of its current configuration as a Map
631 | * of name/value Strings.
632 | *
633 | * @return A Map of name/value Strings reflecting Burp's current
634 | * configuration.
635 | */
636 | MapsaveConfig() to obtain Burp's current configuration, modify
644 | * the relevant items in the Map, and then call
645 | * loadConfig() with the same Map.
646 | *
647 | * @param config A map of name/value Strings to use as Burp's new
648 | * configuration.
649 | */
650 | void loadConfig(MapITempFile interface.
689 | */
690 | ITempFile saveToTempFile(byte[] buffer);
691 |
692 | /**
693 | * This method is used to save the request and response of an
694 | * IHttpRequestResponse object to temporary files, so that they
695 | * are no longer held in memory. Extensions can used this method to convert
696 | * IHttpRequestResponse objects into a form suitable for
697 | * long-term storage.
698 | *
699 | * @param httpRequestResponse The IHttpRequestResponse object
700 | * whose request and response messages are to be saved to temporary files.
701 | * @return An object that implements the
702 | * IHttpRequestResponsePersisted interface.
703 | */
704 | IHttpRequestResponsePersisted saveBuffersToTempFiles(
705 | IHttpRequestResponse httpRequestResponse);
706 |
707 | /**
708 | * This method is used to apply markers to an HTTP request or response, at
709 | * offsets into the message that are relevant for some particular purpose.
710 | * Markers are used in various situations, such as specifying Intruder
711 | * payload positions, Scanner insertion points, and highlights in Scanner
712 | * issues.
713 | *
714 | * @param httpRequestResponse The IHttpRequestResponse object
715 | * to which the markers should be applied.
716 | * @param requestMarkers A list of index pairs representing the offsets of
717 | * markers to be applied to the request message. Each item in the list must
718 | * be an int[2] array containing the start and end offsets for the marker.
719 | * The markers in the list should be in sequence and not overlapping. This
720 | * parameter is optional and may be null if no request markers
721 | * are required.
722 | * @param responseMarkers A list of index pairs representing the offsets of
723 | * markers to be applied to the response message. Each item in the list must
724 | * be an int[2] array containing the start and end offsets for the marker.
725 | * The markers in the list should be in sequence and not overlapping. This
726 | * parameter is optional and may be null if no response markers
727 | * are required.
728 | * @return An object that implements the
729 | * IHttpRequestResponseWithMarkers interface.
730 | */
731 | IHttpRequestResponseWithMarkers applyMarkers(
732 | IHttpRequestResponse httpRequestResponse,
733 | ListTOOL_PROXY,
741 | * TOOL_SCANNER, etc.). Tool flags are defined within this
742 | * interface.
743 | * @return The descriptive name for the specified tool.
744 | */
745 | String getToolName(int toolFlag);
746 |
747 | /**
748 | * This method is used to register a new Scanner issue. Note:
749 | * Wherever possible, extensions should implement custom Scanner checks
750 | * using
751 | * IScannerCheck and report issues via those checks, so as to
752 | * integrate with Burp's user-driven workflow, and ensure proper
753 | * consolidation of duplicate reported issues. This method is only designed
754 | * for tasks outside of the normal testing workflow, such as importing
755 | * results from other scanning tools.
756 | *
757 | * @param issue An object created by the extension that implements the
758 | * IScanIssue interface.
759 | */
760 | void addScanIssue(IScanIssue issue);
761 |
762 | /**
763 | * This method parses the specified request and returns details of each
764 | * request parameter.
765 | *
766 | * @param request The request to be parsed.
767 | * @return An array of: String[] { name, value, type }
768 | * containing details of the parameters contained within the request.
769 | * @deprecated Use IExtensionHelpers.analyzeRequest() instead.
770 | */
771 | @Deprecated
772 | String[][] getParameters(byte[] request);
773 |
774 | /**
775 | * This method parses the specified request and returns details of each HTTP
776 | * header.
777 | *
778 | * @param message The request to be parsed.
779 | * @return An array of HTTP headers.
780 | * @deprecated Use IExtensionHelpers.analyzeRequest() or
781 | * IExtensionHelpers.analyzeResponse() instead.
782 | */
783 | @Deprecated
784 | String[] getHeaders(byte[] message);
785 |
786 | /**
787 | * This method can be used to register a new menu item which will appear on
788 | * the various context menus that are used throughout Burp Suite to handle
789 | * user-driven actions.
790 | *
791 | * @param menuItemCaption The caption to be displayed on the menu item.
792 | * @param menuItemHandler The handler to be invoked when the user clicks on
793 | * the menu item.
794 | * @deprecated Use registerContextMenuFactory() instead.
795 | */
796 | @Deprecated
797 | void registerMenuItem(
798 | String menuItemCaption,
799 | IMenuItemHandler menuItemHandler);
800 | }
801 |
--------------------------------------------------------------------------------