This extension takes deserialized AMF objects and encodes them in XML.
2 | 3 |It will deserialize, modify, reserialize, send on and (only in the case of the scanner) deserialize 4 | any responses that look like AMF objects (to allow burp to flag any exception strings, etc.)
5 | -------------------------------------------------------------------------------- /BappManifest.bmf: -------------------------------------------------------------------------------- 1 | Uuid: cfe12afbb9f642ffb1ad894c97bd7a22 2 | ExtensionType: 1 3 | Name: AMFDSer-ngng 4 | RepoName: amf-deserializer 5 | ScreenVersion: 1.0 6 | SerialVersion: 1 7 | MinPlatformVersion: 0 8 | ProOnly: False 9 | Author: Jon Murray, NCC Group 10 | ShortDescription: Takes deserialized AMF objects and encodes them in XML. 11 | EntryPoint: build/libs/amf-deserializer-all.jar 12 | BuildCommand: gradle fatJar 13 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponsePersisted.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponsePersisted.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for an 14 | *IHttpRequestResponse object whose request and response messages
15 | * have been saved to temporary files using
16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles().
17 | */
18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
19 | {
20 | /**
21 | * This method is used to permanently delete the saved temporary files. It
22 | * will no longer be possible to retrieve the request or response for this
23 | * item.
24 | */
25 | void deleteTempFiles();
26 | }
27 |
--------------------------------------------------------------------------------
/src/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is used to permanently delete the temporary file when it is
30 | * no longer required.
31 | */
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/src/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionStateListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to
15 | * register an extension state listener. The listener will be notified of
16 | * changes to the extension's state. Note: Any extensions that start
17 | * background threads or open system resources (such as files or database
18 | * connections) should register a listener and terminate threads / close
19 | * resources when the extension is unloaded.
20 | */
21 | public interface IExtensionStateListener
22 | {
23 | /**
24 | * This method is called when the extension is unloaded.
25 | */
26 | void extensionUnloaded();
27 | }
28 |
--------------------------------------------------------------------------------
/src/burp/IBurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtender.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * All extensions must implement this interface.
14 | *
15 | * Implementations must be called BurpExtender, in the package burp, must be
16 | * declared public, and must provide a default (public, no-argument)
17 | * constructor.
18 | */
19 | public interface IBurpExtender
20 | {
21 | /**
22 | * This method is invoked when the extension is loaded. It registers an
23 | * instance of the
24 | * IBurpExtenderCallbacks interface, providing methods that may
25 | * be invoked by the extension to perform various actions.
26 | *
27 | * @param callbacks An
28 | * IBurpExtenderCallbacks object.
29 | */
30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
31 | }
32 |
--------------------------------------------------------------------------------
/src/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/src/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpService.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to provide details about an HTTP service, to which
14 | * HTTP requests can be sent.
15 | */
16 | public interface IHttpService
17 | {
18 | /**
19 | * This method returns the hostname or IP address for the service.
20 | *
21 | * @return The hostname or IP address for the service.
22 | */
23 | String getHost();
24 |
25 | /**
26 | * This method returns the port number for the service.
27 | *
28 | * @return The port number for the service.
29 | */
30 | int getPort();
31 |
32 | /**
33 | * This method returns the protocol for the service.
34 | *
35 | * @return The protocol for the service. Expected values are "http" or
36 | * "https".
37 | */
38 | String getProtocol();
39 | }
40 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/AmfResources.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2011 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.apache.jmeter.protocol.amf.util;
18 |
19 | import java.util.MissingResourceException;
20 | import java.util.ResourceBundle;
21 |
22 |
23 | public class AmfResources {
24 |
25 | private static ResourceBundle resources = null;
26 |
27 | public static String getResString(String key) {
28 | if (resources == null) {
29 |
30 | }
31 |
32 | try {
33 | return resources.getString(key);
34 | } catch (MissingResourceException e) {
35 | return "[res_key=" + key + "]";
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide Burp with details of a custom tab that will
16 | * be added to Burp's UI, using a method such as
17 | * IBurpExtenderCallbacks.addSuiteTab().
18 | */
19 | public interface ITab
20 | {
21 | /**
22 | * Burp uses this method to obtain the caption that should appear on the
23 | * custom tab when it is displayed.
24 | *
25 | * @return The caption that should appear on the custom tab when it is
26 | * displayed.
27 | */
28 | String getTabCaption();
29 |
30 | /**
31 | * Burp uses this method to obtain the component that should be used as the
32 | * contents of the custom tab when it is displayed.
33 | *
34 | * @return The component that should be used as the contents of the custom
35 | * tab when it is displayed.
36 | */
37 | Component getUiComponent();
38 | }
39 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | #AMFDSer-ngng
2 |
3 |
4 |
5 | A Burp Extender plugin, that will take deserialized AMF objects and encode them in XML using the [Xtream](http://xstream.codehaus.org/) library. Based on the original work of Khai Tran, all hail https://blog.netspi.com/
6 | AMFDSer-ngng also utilizes part of Kenneth Hill's Jmeter source code for custom AMF deserialization (https://github.com/steeltomato/jmeter-amf). And the Xtream library (http://xstream.codehaus.org/)
7 |
8 | Why? This release fixes a bug where serialization wasn't being performed properly. It also adds in the (proper) ability to use the scanner in conjunction with AMF. I've also added the ability to use it with SQLMap. Copy and paste the output of the "send deserialized to intruder" into a file, and sqlmap.py -r IBurpExtenderCallbacks.registerMenuItem() to register a custom
15 | * context menu item.
16 | *
17 | * @deprecated Use
18 | * IContextMenuFactory instead.
19 | */
20 | @Deprecated
21 | public interface IMenuItemHandler
22 | {
23 | /**
24 | * This method is invoked by Burp Suite when the user clicks on a custom
25 | * menu item which the extension has registered with Burp.
26 | *
27 | * @param menuItemCaption The caption of the menu item which was clicked.
28 | * This parameter enables extensions to provide a single implementation
29 | * which handles multiple different menu items.
30 | * @param messageInfo Details of the HTTP message(s) for which the context
31 | * menu was displayed.
32 | */
33 | void menuItemClicked(
34 | String menuItemCaption,
35 | IHttpRequestResponse[] messageInfo);
36 | }
37 |
--------------------------------------------------------------------------------
/src/burp/IIntruderPayloadGeneratorFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGeneratorFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
15 | * to register a factory for custom Intruder payloads.
16 | */
17 | public interface IIntruderPayloadGeneratorFactory
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload generator.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use extension-generated payloads.
23 | *
24 | * @return The name of the payload generator.
25 | */
26 | String getGeneratorName();
27 |
28 | /**
29 | * This method is used by Burp when the user starts an Intruder attack that
30 | * uses this payload generator.
31 | *
32 | * @return A new instance of
33 | * IIntruderPayloadGenerator that will be used to generate
34 | * payloads for the attack.
35 | */
36 | IIntruderPayloadGenerator createNewInstance();
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IResponseInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to retrieve key details about an HTTP response.
16 | * Extensions can obtain an
17 | * IResponseInfo object for a given response by calling
18 | * IExtensionHelpers.analyzeResponse().
19 | */
20 | public interface IResponseInfo
21 | {
22 | /**
23 | * This method is used to obtain the HTTP headers contained in the response.
24 | *
25 | * @return The HTTP headers contained in the response.
26 | */
27 | ListIBurpExtenderCallbacks.registerHttpListener() to register a
15 | * Proxy listener. The listener will be notified of requests and responses being
16 | * processed by the Proxy tool. Extensions can perform custom analysis or
17 | * modification of these messages, and control in-UI message interception, by
18 | * registering a proxy listener.
19 | */
20 | public interface IProxyListener
21 | {
22 | /**
23 | * This method is invoked when an HTTP message is being processed by the
24 | * Proxy.
25 | *
26 | * @param messageIsRequest Indicates whether the HTTP message is a request
27 | * or a response.
28 | * @param message An
29 | * IInterceptedProxyMessage object that extensions can use to
30 | * query and update details of the message, and control whether the message
31 | * should be intercepted and displayed to the user for manual review or
32 | * modification.
33 | */
34 | void processProxyMessage(
35 | boolean messageIsRequest,
36 | IInterceptedProxyMessage message);
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 | import javax.swing.JMenuItem;
14 |
15 | /**
16 | * Extensions can implement this interface and then call
17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register
18 | * a factory for custom context menu items.
19 | */
20 | public interface IContextMenuFactory
21 | {
22 | /**
23 | * This method will be called by Burp when the user invokes a context menu
24 | * anywhere within Burp. The factory can then provide any custom context
25 | * menu items that should be displayed in the context menu, based on the
26 | * details of the menu invocation.
27 | *
28 | * @param invocation An object that implements the
29 | * IMessageEditorTabFactory interface, which the extension can
30 | * query to obtain details of the context menu invocation.
31 | * @return A list of custom menu items (which may include sub-menus,
32 | * checkbox menu items, etc.) that should be displayed. Extensions may
33 | * return
34 | * null from this method, to indicate that no menu items are
35 | * required.
36 | */
37 | ListIBurpExtenderCallbacks.registerScannerInsertionPointProvider()
17 | * to register a factory for custom Scanner insertion points.
18 | */
19 | public interface IScannerInsertionPointProvider
20 | {
21 | /**
22 | * When a request is actively scanned, the Scanner will invoke this method,
23 | * and the provider should provide a list of custom insertion points that
24 | * will be used in the scan. Note: these insertion points are used in
25 | * addition to those that are derived from Burp Scanner's configuration, and
26 | * those provided by any other Burp extensions.
27 | *
28 | * @param baseRequestResponse The base request that will be actively
29 | * scanned.
30 | * @return A list of
31 | * IScannerInsertionPoint objects that should be used in the
32 | * scanning, or
33 | * null if no custom insertion points are applicable for this
34 | * request.
35 | */
36 | ListIBurpExtenderCallbacks.registerHttpListener() to register an
15 | * HTTP listener. The listener will be notified of requests and responses made
16 | * by any Burp tool. Extensions can perform custom analysis or modification of
17 | * these messages by registering an HTTP listener.
18 | */
19 | public interface IHttpListener
20 | {
21 | /**
22 | * This method is invoked when an HTTP request is about to be issued, and
23 | * when an HTTP response has been received.
24 | *
25 | * @param toolFlag A flag indicating the Burp tool that issued the request.
26 | * Burp tool flags are defined in the
27 | * IBurpExtenderCallbacks interface.
28 | * @param messageIsRequest Flags whether the method is being invoked for a
29 | * request or response.
30 | * @param messageInfo Details of the request / response to be processed.
31 | * Extensions can call the setter methods on this object to update the
32 | * current message and so modify Burp's behavior.
33 | */
34 | void processHttpMessage(int toolFlag,
35 | boolean messageIsRequest,
36 | IHttpRequestResponse messageInfo);
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTabFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
15 | * register a factory for custom message editor tabs. This allows extensions to
16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
17 | * editor.
18 | */
19 | public interface IMessageEditorTabFactory
20 | {
21 | /**
22 | * Burp will call this method once for each HTTP message editor, and the
23 | * factory should provide a new instance of an
24 | * IMessageEditorTab object.
25 | *
26 | * @param controller An
27 | * IMessageEditorController object, which the new tab can query
28 | * to retrieve details about the currently displayed message. This may be
29 | * null for extension-invoked message editors where the
30 | * extension has not provided an editor controller.
31 | * @param editable Indicates whether the hosting editor is editable or
32 | * read-only.
33 | * @return A new
34 | * IMessageEditorTab object for use within the message editor.
35 | */
36 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
37 | boolean editable);
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IRequestInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface is used to retrieve key details about an HTTP request.
17 | * Extensions can obtain an
18 | * IRequestInfo object for a given request by calling
19 | * IExtensionHelpers.analyzeRequest().
20 | */
21 | public interface IRequestInfo
22 | {
23 | /**
24 | * This method is used to obtain the HTTP method used in the request.
25 | *
26 | * @return The HTTP method used in the request.
27 | */
28 | String getMethod();
29 |
30 | /**
31 | * This method is used to obtain the URL in the request.
32 | *
33 | * @return The URL in the request.
34 | */
35 | URL getUrl();
36 |
37 | /**
38 | * This method is used to obtain the HTTP headers contained in the request.
39 | *
40 | * @return The HTTP headers contained in the request.
41 | */
42 | ListIBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
15 | * register a custom Intruder payload processor.
16 | */
17 | public interface IIntruderPayloadProcessor
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload processor.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use an extension-provided payload processor.
23 | *
24 | * @return The name of the payload processor.
25 | */
26 | String getProcessorName();
27 |
28 | /**
29 | * This method is invoked by Burp each time the processor should be applied
30 | * to an Intruder payload.
31 | *
32 | * @param currentPayload The value of the payload to be processed.
33 | * @param originalPayload The value of the original payload prior to
34 | * processing by any already-applied processing rules.
35 | * @param baseValue The base value of the payload position, which will be
36 | * replaced with the current payload.
37 | * @return The value of the processed payload. This may be
38 | * null to indicate that the current payload should be skipped,
39 | * and the attack will move directly to the next payload.
40 | */
41 | byte[] processPayload(
42 | byte[] currentPayload,
43 | byte[] originalPayload,
44 | byte[] baseValue);
45 | }
46 |
--------------------------------------------------------------------------------
/src/burp/IHttpRequestResponseWithMarkers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponseWithMarkers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used for an
16 | * IHttpRequestResponse object that has had markers applied.
17 | * Extensions can create instances of this interface using
18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own
19 | * implementation. Markers are used in various situations, such as specifying
20 | * Intruder payload positions, Scanner insertion points, and highlights in
21 | * Scanner issues.
22 | */
23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
24 | {
25 | /**
26 | * This method returns the details of the request markers.
27 | *
28 | * @return A list of index pairs representing the offsets of markers for the
29 | * request message. Each item in the list is an int[2] array containing the
30 | * start and end offsets for the marker. The method may return
31 | * null if no request markers are defined.
32 | */
33 | Listnull if no response markers are defined.
42 | */
43 | ListIIntruderPayloadGeneratorFactory must return a new instance of
16 | * this interface when required as part of a new Intruder attack.
17 | */
18 | public interface IIntruderPayloadGenerator
19 | {
20 | /**
21 | * This method is used by Burp to determine whether the payload generator is
22 | * able to provide any further payloads.
23 | *
24 | * @return Extensions should return
25 | * false when all the available payloads have been used up,
26 | * otherwise
27 | * true.
28 | */
29 | boolean hasMorePayloads();
30 |
31 | /**
32 | * This method is used by Burp to obtain the value of the next payload.
33 | *
34 | * @param baseValue The base value of the current payload position. This
35 | * value may be
36 | * null if the concept of a base value is not applicable (e.g.
37 | * in a battering ram attack).
38 | * @return The next payload to use in the attack.
39 | */
40 | byte[] getNextPayload(byte[] baseValue);
41 |
42 | /**
43 | * This method is used by Burp to reset the state of the payload generator
44 | * so that the next call to
45 | * getNextPayload() returns the first payload again. This
46 | * method will be invoked when an attack uses the same payload generator for
47 | * more than one payload position, for example in a sniper attack.
48 | */
49 | void reset();
50 | }
51 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorController.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used by an
14 | * IMessageEditor to obtain details about the currently displayed
15 | * message. Extensions that create instances of Burp's HTTP message editor can
16 | * optionally provide an implementation of
17 | * IMessageEditorController, which the editor will invoke when it
18 | * requires further information about the current message (for example, to send
19 | * it to another Burp tool). Extensions that provide custom editor tabs via an
20 | * IMessageEditorTabFactory will receive a reference to an
21 | * IMessageEditorController object for each tab instance they
22 | * generate, which the tab can invoke if it requires further information about
23 | * the current message.
24 | */
25 | public interface IMessageEditorController
26 | {
27 | /**
28 | * This method is used to retrieve the HTTP service for the current message.
29 | *
30 | * @return The HTTP service for the current message.
31 | */
32 | IHttpService getHttpService();
33 |
34 | /**
35 | * This method is used to retrieve the HTTP request associated with the
36 | * current message (which may itself be a response).
37 | *
38 | * @return The HTTP request associated with the current message.
39 | */
40 | byte[] getRequest();
41 |
42 | /**
43 | * This method is used to retrieve the HTTP response associated with the
44 | * current message (which may itself be a request).
45 | *
46 | * @return The HTTP response associated with the current message.
47 | */
48 | byte[] getResponse();
49 | }
50 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's HTTP
16 | * message editor, for the extension to use in its own UI. Extensions should
17 | * call
18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an
19 | * instance of this interface.
20 | */
21 | public interface IMessageEditor
22 | {
23 | /**
24 | * This method returns the UI component of the editor, for extensions to add
25 | * to their own UI.
26 | *
27 | * @return The UI component of the editor.
28 | */
29 | Component getComponent();
30 |
31 | /**
32 | * This method is used to display an HTTP message in the editor.
33 | *
34 | * @param message The HTTP message to be displayed.
35 | * @param isRequest Flags whether the message is an HTTP request or
36 | * response.
37 | */
38 | void setMessage(byte[] message, boolean isRequest);
39 |
40 | /**
41 | * This method is used to retrieve the currently displayed message, which
42 | * may have been modified by the user.
43 | *
44 | * @return The currently displayed HTTP message.
45 | */
46 | byte[] getMessage();
47 |
48 | /**
49 | * This method is used to determine whether the current message has been
50 | * modified by the user.
51 | *
52 | * @return An indication of whether the current message has been modified by
53 | * the user since it was first displayed.
54 | */
55 | boolean isMessageModified();
56 |
57 | /**
58 | * This method returns the data that is currently selected by the user.
59 | *
60 | * @return The data that is currently selected by the user, or
61 | * null if no selection is made.
62 | */
63 | byte[] getSelectedData();
64 | }
65 |
--------------------------------------------------------------------------------
/src/burp/ISessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ISessionHandlingAction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to
15 | * register a custom session handling action. Each registered action will be
16 | * available within the session handling rule UI for the user to select as a
17 | * rule action. Users can choose to invoke an action directly in its own right,
18 | * or following execution of a macro.
19 | */
20 | public interface ISessionHandlingAction
21 | {
22 | /**
23 | * This method is used by Burp to obtain the name of the session handling
24 | * action. This will be displayed as an option within the session handling
25 | * rule editor when the user selects to execute an extension-provided
26 | * action.
27 | *
28 | * @return The name of the action.
29 | */
30 | String getActionName();
31 |
32 | /**
33 | * This method is invoked when the session handling action should be
34 | * executed. This may happen as an action in its own right, or as a
35 | * sub-action following execution of a macro.
36 | *
37 | * @param currentRequest The base request that is currently being processed.
38 | * The action can query this object to obtain details about the base
39 | * request. It can issue additional requests of its own if necessary, and
40 | * can use the setter methods on this object to update the base request.
41 | * @param macroItems If the action is invoked following execution of a
42 | * macro, this parameter contains the result of executing the macro.
43 | * Otherwise, it is
44 | * null. Actions can use the details of the macro items to
45 | * perform custom analysis of the macro to derive values of non-standard
46 | * session handling tokens, etc.
47 | */
48 | void performAction(
49 | IHttpRequestResponse currentRequest,
50 | IHttpRequestResponse[] macroItems);
51 | }
52 |
--------------------------------------------------------------------------------
/src/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) John Murray, 2015.
3 | *
4 | * This program is free software: you can redistribute it and/or modify
5 | * it under the terms of the GNU Affero General Public License as
6 | * published by the Free Software Foundation, either version 3 of the
7 | * License, or (at your option) any later version.
8 | *
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU Affero General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU Affero General Public License
15 | * along with this program. If not, see IBurpExtenderCallbacks.doActiveScan().
17 | */
18 | public interface IScanQueueItem
19 | {
20 | /**
21 | * This method returns a description of the status of the scan queue item.
22 | *
23 | * @return A description of the status of the scan queue item.
24 | */
25 | String getStatus();
26 |
27 | /**
28 | * This method returns an indication of the percentage completed for the
29 | * scan queue item.
30 | *
31 | * @return An indication of the percentage completed for the scan queue
32 | * item.
33 | */
34 | byte getPercentageComplete();
35 |
36 | /**
37 | * This method returns the number of requests that have been made for the
38 | * scan queue item.
39 | *
40 | * @return The number of requests that have been made for the scan queue
41 | * item.
42 | */
43 | int getNumRequests();
44 |
45 | /**
46 | * This method returns the number of network errors that have occurred for
47 | * the scan queue item.
48 | *
49 | * @return The number of network errors that have occurred for the scan
50 | * queue item.
51 | */
52 | int getNumErrors();
53 |
54 | /**
55 | * This method returns the number of attack insertion points being used for
56 | * the scan queue item.
57 | *
58 | * @return The number of attack insertion points being used for the scan
59 | * queue item.
60 | */
61 | int getNumInsertionPoints();
62 |
63 | /**
64 | * This method allows the scan queue item to be canceled.
65 | */
66 | void cancel();
67 |
68 | /**
69 | * This method returns details of the issues generated for the scan queue
70 | * item. Note: different items within the scan queue may contain
71 | * duplicated versions of the same issues - for example, if the same request
72 | * has been scanned multiple times. Duplicated issues are consolidated in
73 | * the main view of scan results. Extensions can register an
74 | * IScannerListener to get details only of unique, newly
75 | * discovered Scanner issues post-consolidation.
76 | *
77 | * @return Details of the issues generated for the scan queue item.
78 | */
79 | IScanIssue[] getIssues();
80 | }
81 |
--------------------------------------------------------------------------------
/src/burp/AMFUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) John Murray, 2015.
3 | *
4 | * This program is free software: you can redistribute it and/or modify
5 | * it under the terms of the GNU Affero General Public License as
6 | * published by the Free Software Foundation, either version 3 of the
7 | * License, or (at your option) any later version.
8 | *
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU Affero General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU Affero General Public License
15 | * along with this program. If not, see IBurpExtenderCallbacks.createTextEditor() to obtain an instance
18 | * of this interface.
19 | */
20 | public interface ITextEditor
21 | {
22 | /**
23 | * This method returns the UI component of the editor, for extensions to add
24 | * to their own UI.
25 | *
26 | * @return The UI component of the editor.
27 | */
28 | Component getComponent();
29 |
30 | /**
31 | * This method is used to control whether the editor is currently editable.
32 | * This status can be toggled on and off as required.
33 | *
34 | * @param editable Indicates whether the editor should be currently
35 | * editable.
36 | */
37 | void setEditable(boolean editable);
38 |
39 | /**
40 | * This method is used to update the currently displayed text in the editor.
41 | *
42 | * @param text The text to be displayed.
43 | */
44 | void setText(byte[] text);
45 |
46 | /**
47 | * This method is used to retrieve the currently displayed text.
48 | *
49 | * @return The currently displayed text.
50 | */
51 | byte[] getText();
52 |
53 | /**
54 | * This method is used to determine whether the user has modified the
55 | * contents of the editor.
56 | *
57 | * @return An indication of whether the user has modified the contents of
58 | * the editor since the last call to
59 | * setText().
60 | */
61 | boolean isTextModified();
62 |
63 | /**
64 | * This method is used to obtain the currently selected text.
65 | *
66 | * @return The currently selected text, or
67 | * null if the user has not made any selection.
68 | */
69 | byte[] getSelectedText();
70 |
71 | /**
72 | * This method can be used to retrieve the bounds of the user's selection
73 | * into the displayed text, if applicable.
74 | *
75 | * @return An int[2] array containing the start and end offsets of the
76 | * user's selection within the displayed text. If the user has not made any
77 | * selection in the current message, both offsets indicate the position of
78 | * the caret within the editor.
79 | */
80 | int[] getSelectionBounds();
81 |
82 | /**
83 | * This method is used to update the search expression that is shown in the
84 | * search bar below the editor. The editor will automatically highlight any
85 | * regions of the displayed text that match the search expression.
86 | *
87 | * @param expression The search expression.
88 | */
89 | void setSearchExpression(String expression);
90 | }
91 |
--------------------------------------------------------------------------------
/src/burp/AMFMenu.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) John Murray, 2015.
3 | *
4 | * This program is free software: you can redistribute it and/or modify
5 | * it under the terms of the GNU Affero General Public License as
6 | * published by the Free Software Foundation, either version 3 of the
7 | * License, or (at your option) any later version.
8 | *
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU Affero General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU Affero General Public License
15 | * along with this program. If not, see IHttpService object containing details of the HTTP service.
89 | */
90 | IHttpService getHttpService();
91 |
92 | /**
93 | * This method is used to update the HTTP service for this request /
94 | * response.
95 | *
96 | * @param httpService An
97 | * IHttpService object containing details of the new HTTP
98 | * service.
99 | */
100 | void setHttpService(IHttpService httpService);
101 | }
102 |
--------------------------------------------------------------------------------
/src/burp/IParameter.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IParameter.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an HTTP request parameter.
14 | */
15 | public interface IParameter
16 | {
17 | /**
18 | * Used to indicate a parameter within the URL query string.
19 | */
20 | static final byte PARAM_URL = 0;
21 | /**
22 | * Used to indicate a parameter within the message body.
23 | */
24 | static final byte PARAM_BODY = 1;
25 | /**
26 | * Used to indicate an HTTP cookie.
27 | */
28 | static final byte PARAM_COOKIE = 2;
29 | /**
30 | * Used to indicate an item of data within an XML structure.
31 | */
32 | static final byte PARAM_XML = 3;
33 | /**
34 | * Used to indicate the value of a tag attribute within an XML structure.
35 | */
36 | static final byte PARAM_XML_ATTR = 4;
37 | /**
38 | * Used to indicate the value of a parameter attribute within a multi-part
39 | * message body (such as the name of an uploaded file).
40 | */
41 | static final byte PARAM_MULTIPART_ATTR = 5;
42 | /**
43 | * Used to indicate an item of data within a JSON structure.
44 | */
45 | static final byte PARAM_JSON = 6;
46 |
47 | /**
48 | * This method is used to retrieve the parameter type.
49 | *
50 | * @return The parameter type. The available types are defined within this
51 | * interface.
52 | */
53 | byte getType();
54 |
55 | /**
56 | * This method is used to retrieve the parameter name.
57 | *
58 | * @return The parameter name.
59 | */
60 | String getName();
61 |
62 | /**
63 | * This method is used to retrieve the parameter value.
64 | *
65 | * @return The parameter value.
66 | */
67 | String getValue();
68 |
69 | /**
70 | * This method is used to retrieve the start offset of the parameter name
71 | * within the HTTP request.
72 | *
73 | * @return The start offset of the parameter name within the HTTP request,
74 | * or -1 if the parameter is not associated with a specific request.
75 | */
76 | int getNameStart();
77 |
78 | /**
79 | * This method is used to retrieve the end offset of the parameter name
80 | * within the HTTP request.
81 | *
82 | * @return The end offset of the parameter name within the HTTP request, or
83 | * -1 if the parameter is not associated with a specific request.
84 | */
85 | int getNameEnd();
86 |
87 | /**
88 | * This method is used to retrieve the start offset of the parameter value
89 | * within the HTTP request.
90 | *
91 | * @return The start offset of the parameter value within the HTTP request,
92 | * or -1 if the parameter is not associated with a specific request.
93 | */
94 | int getValueStart();
95 |
96 | /**
97 | * This method is used to retrieve the end offset of the parameter value
98 | * within the HTTP request.
99 | *
100 | * @return The end offset of the parameter value within the HTTP request, or
101 | * -1 if the parameter is not associated with a specific request.
102 | */
103 | int getValueEnd();
104 | }
105 |
--------------------------------------------------------------------------------
/src/burp/AMFHttpListener.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) John Murray, 2015.
3 | *
4 | * This program is free software: you can redistribute it and/or modify
5 | * it under the terms of the GNU Affero General Public License as
6 | * published by the Free Software Foundation, either version 3 of the
7 | * License, or (at your option) any later version.
8 | *
9 | * This program is distributed in the hope that it will be useful,
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 | * GNU Affero General Public License for more details.
13 | *
14 | * You should have received a copy of the GNU Affero General Public License
15 | * along with this program. If not, see IProxyListener to receive details of proxy messages using this
16 | * interface. *
17 | */
18 | public interface IInterceptedProxyMessage
19 | {
20 | /**
21 | * This action causes Burp Proxy to follow the current interception rules to
22 | * determine the appropriate action to take for the message.
23 | */
24 | static final int ACTION_FOLLOW_RULES = 0;
25 | /**
26 | * This action causes Burp Proxy to present the message to the user for
27 | * manual review or modification.
28 | */
29 | static final int ACTION_DO_INTERCEPT = 1;
30 | /**
31 | * This action causes Burp Proxy to forward the message to the remote server
32 | * or client, without presenting it to the user.
33 | */
34 | static final int ACTION_DONT_INTERCEPT = 2;
35 | /**
36 | * This action causes Burp Proxy to drop the message.
37 | */
38 | static final int ACTION_DROP = 3;
39 | /**
40 | * This action causes Burp Proxy to follow the current interception rules to
41 | * determine the appropriate action to take for the message, and then make a
42 | * second call to processProxyMessage.
43 | */
44 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
45 | /**
46 | * This action causes Burp Proxy to present the message to the user for
47 | * manual review or modification, and then make a second call to
48 | * processProxyMessage.
49 | */
50 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
51 | /**
52 | * This action causes Burp Proxy to skip user interception, and then make a
53 | * second call to processProxyMessage.
54 | */
55 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
56 |
57 | /**
58 | * This method retrieves a unique reference number for this
59 | * request/response.
60 | *
61 | * @return An identifier that is unique to a single request/response pair.
62 | * Extensions can use this to correlate details of requests and responses
63 | * and perform processing on the response message accordingly.
64 | */
65 | int getMessageReference();
66 |
67 | /**
68 | * This method retrieves details of the intercepted message.
69 | *
70 | * @return An
71 | * IHttpRequestResponse object containing details of the
72 | * intercepted message.
73 | */
74 | IHttpRequestResponse getMessageInfo();
75 |
76 | /**
77 | * This method retrieves the currently defined interception action. The
78 | * default action is
79 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
80 | * registered, then other listeners may already have modified the
81 | * interception action before it reaches the current listener. This method
82 | * can be used to determine whether this has occurred.
83 | *
84 | * @return The currently defined interception action. Possible values are
85 | * defined within this interface.
86 | */
87 | int getInterceptAction();
88 |
89 | /**
90 | * This method is used to update the interception action.
91 | *
92 | * @param interceptAction The new interception action. Possible values are
93 | * defined within this interface.
94 | */
95 | void setInterceptAction(int interceptAction);
96 | }
97 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/ASObjectConverter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2011 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.apache.jmeter.protocol.amf.util;
18 |
19 | import java.util.Iterator;
20 | import java.util.Map;
21 |
22 | import com.thoughtworks.xstream.converters.MarshallingContext;
23 | import com.thoughtworks.xstream.converters.UnmarshallingContext;
24 | import com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter;
25 | import com.thoughtworks.xstream.io.ExtendedHierarchicalStreamWriterHelper;
26 | import com.thoughtworks.xstream.io.HierarchicalStreamReader;
27 | import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
28 | import com.thoughtworks.xstream.mapper.Mapper;
29 |
30 | import flex.messaging.io.amf.ASObject;
31 |
32 | public class ASObjectConverter extends AbstractCollectionConverter {
33 |
34 | private static final String SERIAL_VER_1 = "1";
35 |
36 | private final String currSerialVer = SERIAL_VER_1;
37 |
38 | public ASObjectConverter(Mapper mapper) {
39 | super(mapper);
40 | }
41 |
42 | @SuppressWarnings("rawtypes")
43 | @Override
44 | public boolean canConvert(Class clazz) {
45 | return clazz.equals(ASObject.class);
46 | }
47 |
48 | @SuppressWarnings({ "rawtypes" })
49 | @Override
50 | public void marshal(Object obj, HierarchicalStreamWriter writer,
51 | MarshallingContext context) {
52 | ASObject asObj = (ASObject) obj;
53 |
54 | writer.addAttribute("serialVer", currSerialVer);
55 |
56 | if (asObj.getType() != null)
57 | writer.addAttribute("objClass", asObj.getType());
58 |
59 | for (Iterator iterator = asObj.entrySet().iterator(); iterator.hasNext();) {
60 | Map.Entry entry = (Map.Entry) iterator.next();
61 | ExtendedHierarchicalStreamWriterHelper.startNode(writer, mapper().serializedClass(Map.Entry.class), Map.Entry.class);
62 |
63 | writeItem(entry.getKey(), context, writer);
64 | writeItem(entry.getValue(), context, writer);
65 |
66 | writer.endNode();
67 | }
68 | }
69 |
70 | // TODO: If serialization changes
71 | //public void marshal_v1(Object obj, HierarchicalStreamWriter writer,
72 | // MarshallingContext context) {
73 | //
74 | //}
75 |
76 | public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {
77 | ASObject asObj = new ASObject();
78 |
79 | String type = reader.getAttribute("objClass");
80 | if (type != null) {
81 | asObj.setType(type);
82 | }
83 |
84 | populateMap(reader, context, asObj);
85 |
86 | return asObj;
87 | }
88 |
89 | // TODO: If serialization changes
90 | //public Object unmarshal_v1(HierarchicalStreamReader reader, UnmarshallingContext context) {
91 | // return null;
92 | //}
93 |
94 | @SuppressWarnings("unchecked")
95 | protected void populateMap(HierarchicalStreamReader reader, UnmarshallingContext context, ASObject map) {
96 | while (reader.hasMoreChildren()) {
97 | reader.moveDown();
98 |
99 | reader.moveDown();
100 | Object key = readItem(reader, context, map);
101 | reader.moveUp();
102 |
103 | reader.moveDown();
104 | Object value = readItem(reader, context, map);
105 | reader.moveUp();
106 |
107 | map.put(key, value);
108 |
109 | reader.moveUp();
110 | }
111 | }
112 |
113 | }
114 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * Extensions that register an
16 | * IMessageEditorTabFactory must return instances of this
17 | * interface, which Burp will use to create custom tabs within its HTTP message
18 | * editors.
19 | */
20 | public interface IMessageEditorTab
21 | {
22 | /**
23 | * This method returns the caption that should appear on the custom tab when
24 | * it is displayed. Note: Burp invokes this method once when the tab
25 | * is first generated, and the same caption will be used every time the tab
26 | * is displayed.
27 | *
28 | * @return The caption that should appear on the custom tab when it is
29 | * displayed.
30 | */
31 | String getTabCaption();
32 |
33 | /**
34 | * This method returns the component that should be used as the contents of
35 | * the custom tab when it is displayed. Note: Burp invokes this
36 | * method once when the tab is first generated, and the same component will
37 | * be used every time the tab is displayed.
38 | *
39 | * @return The component that should be used as the contents of the custom
40 | * tab when it is displayed.
41 | */
42 | Component getUiComponent();
43 |
44 | /**
45 | * The hosting editor will invoke this method before it displays a new HTTP
46 | * message, so that the custom tab can indicate whether it should be enabled
47 | * for that message.
48 | *
49 | * @param content The message that is about to be displayed.
50 | * @param isRequest Indicates whether the message is a request or a
51 | * response.
52 | * @return The method should return
53 | * true if the custom tab is able to handle the specified
54 | * message, and so will be displayed within the editor. Otherwise, the tab
55 | * will be hidden while this message is displayed.
56 | */
57 | boolean isEnabled(byte[] content, boolean isRequest);
58 |
59 | /**
60 | * The hosting editor will invoke this method to display a new message or to
61 | * clear the existing message. This method will only be called with a new
62 | * message if the tab has already returned
63 | * true to a call to
64 | * isEnabled() with the same message details.
65 | *
66 | * @param content The message that is to be displayed, or
67 | * null if the tab should clear its contents and disable any
68 | * editable controls.
69 | * @param isRequest Indicates whether the message is a request or a
70 | * response.
71 | */
72 | void setMessage(byte[] content, boolean isRequest);
73 |
74 | /**
75 | * This method returns the currently displayed message.
76 | *
77 | * @return The currently displayed message.
78 | */
79 | byte[] getMessage();
80 |
81 | /**
82 | * This method is used to determine whether the currently displayed message
83 | * has been modified by the user. The hosting editor will always call
84 | * getMessage() before calling this method, so any pending
85 | * edits should be completed within
86 | * getMessage().
87 | *
88 | * @return The method should return
89 | * true if the user has modified the current message since it
90 | * was first displayed.
91 | */
92 | boolean isModified();
93 |
94 | /**
95 | * This method is used to retrieve the data that is currently selected by
96 | * the user.
97 | *
98 | * @return The data that is currently selected by the user. This may be
99 | * null if no selection is currently made.
100 | */
101 | byte[] getSelectedData();
102 | }
103 |
--------------------------------------------------------------------------------
/src/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanIssue.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of Scanner issues. Extensions can
14 | * obtain details of issues by registering an
15 | * IScannerListener or by calling
16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add
17 | * custom Scanner issues by registering an
18 | * IScannerCheck or calling
19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own
20 | * implementations of this interface
21 | */
22 | public interface IScanIssue
23 | {
24 | /**
25 | * This method returns the URL for which the issue was generated.
26 | *
27 | * @return The URL for which the issue was generated.
28 | */
29 | java.net.URL getUrl();
30 |
31 | /**
32 | * This method returns the name of the issue type.
33 | *
34 | * @return The name of the issue type (e.g. "SQL injection").
35 | */
36 | String getIssueName();
37 |
38 | /**
39 | * This method returns a numeric identifier of the issue type. See the Burp
40 | * Scanner help documentation for a listing of all the issue types.
41 | *
42 | * @return A numeric identifier of the issue type.
43 | */
44 | int getIssueType();
45 |
46 | /**
47 | * This method returns the issue severity level.
48 | *
49 | * @return The issue severity level. Expected values are "High", "Medium",
50 | * "Low", "Information" or "False positive".
51 | *
52 | */
53 | String getSeverity();
54 |
55 | /**
56 | * This method returns the issue confidence level.
57 | *
58 | * @return The issue confidence level. Expected values are "Certain", "Firm"
59 | * or "Tentative".
60 | */
61 | String getConfidence();
62 |
63 | /**
64 | * This method returns a background description for this type of issue.
65 | *
66 | * @return A background description for this type of issue, or
67 | * null if none applies.
68 | */
69 | String getIssueBackground();
70 |
71 | /**
72 | * This method returns a background description of the remediation for this
73 | * type of issue.
74 | *
75 | * @return A background description of the remediation for this type of
76 | * issue, or
77 | * null if none applies.
78 | */
79 | String getRemediationBackground();
80 |
81 | /**
82 | * This method returns detailed information about this specific instance of
83 | * the issue.
84 | *
85 | * @return Detailed information about this specific instance of the issue,
86 | * or
87 | * null if none applies.
88 | */
89 | String getIssueDetail();
90 |
91 | /**
92 | * This method returns detailed information about the remediation for this
93 | * specific instance of the issue.
94 | *
95 | * @return Detailed information about the remediation for this specific
96 | * instance of the issue, or
97 | * null if none applies.
98 | */
99 | String getRemediationDetail();
100 |
101 | /**
102 | * This method returns the HTTP messages on the basis of which the issue was
103 | * generated.
104 | *
105 | * @return The HTTP messages on the basis of which the issue was generated.
106 | * Note: The items in this array should be instances of
107 | * IHttpRequestResponseWithMarkers if applicable, so that
108 | * details of the relevant portions of the request and response messages are
109 | * available.
110 | */
111 | IHttpRequestResponse[] getHttpMessages();
112 |
113 | /**
114 | * This method returns the HTTP service for which the issue was generated.
115 | *
116 | * @return The HTTP service for which the issue was generated.
117 | */
118 | IHttpService getHttpService();
119 | }
120 |
--------------------------------------------------------------------------------
/src/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerCheck.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a
17 | * custom Scanner check. When performing scanning, Burp will ask the check to
18 | * perform active or passive scanning on the base request, and report any
19 | * Scanner issues that are identified.
20 | */
21 | public interface IScannerCheck
22 | {
23 | /**
24 | * The Scanner invokes this method for each base request / response that is
25 | * passively scanned. Note: Extensions should not only analyze the
26 | * HTTP messages provided during passive scanning, and should not make any
27 | * new HTTP requests of their own.
28 | *
29 | * @param baseRequestResponse The base HTTP request / response that should
30 | * be passively scanned.
31 | * @return A list of
32 | * IScanIssue objects, or
33 | * null if no issues are identified.
34 | */
35 | ListIScannerInsertionPoint object provided to build scan
42 | * requests for particular payloads. Note: Extensions are responsible
43 | * for ensuring that attack payloads are suitably encoded within requests
44 | * (for example, by URL-encoding relevant metacharacters in the URL query
45 | * string). Encoding is not automatically carried out by the
46 | * IScannerInsertionPoint, because this would prevent Scanner
47 | * checks from testing for certain input filter bypasses. Extensions should
48 | * query the
49 | * IScannerInsertionPoint to determine its type, and apply any
50 | * encoding that may be appropriate.
51 | *
52 | * @param baseRequestResponse The base HTTP request / response that should
53 | * be actively scanned.
54 | * @param insertionPoint An
55 | * IScannerInsertionPoint object that can be queried to obtain
56 | * details of the insertion point being tested, and can be used to build
57 | * scan requests for particular payloads.
58 | * @return A list of
59 | * IScanIssue objects, or
60 | * null if no issues are identified.
61 | */
62 | List-1 to report the existing issue only,
83 | * 0 to report both issues, and
84 | * 1 to report the new issue only.
85 | */
86 | int consolidateDuplicateIssues(
87 | IScanIssue existingIssue,
88 | IScanIssue newIssue);
89 | }
90 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/AmfXmlConverterTest.java:
--------------------------------------------------------------------------------
1 | package org.apache.jmeter.protocol.amf.util;
2 | /*
3 | * Copyright 2011 the original author or authors.
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | */
17 |
18 | import java.io.BufferedReader;
19 | import java.io.FileNotFoundException;
20 | import java.io.FileReader;
21 | import java.io.IOException;
22 | import java.io.RandomAccessFile;
23 | import java.util.HashMap;
24 | import java.util.Map;
25 |
26 | import sun.misc.IOUtils;
27 |
28 |
29 | import com.thoughtworks.xstream.XStream;
30 |
31 | import flex.messaging.io.MessageIOConstants;
32 | import flex.messaging.io.amf.ASObject;
33 | import flex.messaging.io.amf.ActionMessage;
34 | import flex.messaging.io.amf.MessageBody;
35 | import flex.messaging.messages.AsyncMessage;
36 | import flex.messaging.messages.RemotingMessage;
37 |
38 | public class AmfXmlConverterTest {
39 |
40 | public static void main(String[] args) throws IOException {
41 | // runXmlAmfXmlTest();
42 |
43 | // runXmlAmfXmlMessageTest();
44 |
45 | // testASObjectConverter();
46 | test();
47 | }
48 | public static void test() throws IOException{
49 | RandomAccessFile f = new RandomAccessFile("request.ser", "r");
50 | byte[] amf = new byte[(int)f.length()];
51 | f.read(amf);
52 | System.out.println("*** Request: \n " + AmfXmlConverter.convertAmfMessageToXml(amf, true));
53 | f = new RandomAccessFile("response.ser", "r");
54 | byte[] resp = new byte[(int)f.length()];
55 | f.read(resp);
56 | System.out.println("*** Response: \n " + AmfXmlConverter.convertAmfMessageToXml(resp, true));
57 | }
58 |
59 | @SuppressWarnings({ "rawtypes", "unchecked" })
60 | public static RemotingMessage createTestObject() {
61 | RemotingMessage msg = new RemotingMessage();
62 | msg.setOperation("perform");
63 |
64 | Map headers = new HashMap();
65 | msg.setHeaders(headers);
66 |
67 | headers.put("DSid", "");
68 | headers.put("DSEndpoint", "");
69 |
70 | SampleRequestVO vo = new SampleRequestVO();
71 |
72 | msg.setBody(vo);
73 |
74 | return msg;
75 | }
76 |
77 | public static void runXmlAmfXmlMessageTest() {
78 | XStream xs = AmfXmlConverter.getXStream();
79 |
80 | ActionMessage msg = createTestMessage();
81 |
82 | String xmlIn = xs.toXML(msg);
83 |
84 | System.out.println("Original XML: \n"+xmlIn);
85 |
86 | byte[] amfIn = AmfXmlConverter.convertXmlToAmfMessage(xmlIn);
87 |
88 | String amfInStr = "";
89 | for (byte i : amfIn) {
90 | amfInStr += i + ", ";
91 | }
92 | System.out.println("Original AMF: \n"+amfInStr);
93 |
94 | String xmlOut = AmfXmlConverter.convertAmfMessageToXml(amfIn, false);
95 |
96 | System.out.println("Result XML: \n" + xmlOut);
97 |
98 | byte[] amfOut = AmfXmlConverter.convertXmlToAmfMessage(xmlIn);
99 |
100 | String amfOutStr = "";
101 | for (byte i : amfOut) {
102 | amfOutStr += i + ", ";
103 | }
104 | System.out.println("Result AMF: \n"+amfOutStr);
105 |
106 | System.out.println("Result AMF is " + (amfOut.length - amfIn.length) + " bytes longer");
107 |
108 | int bytesMismatch = 0;
109 | for (int i=0; i < Math.min(amfOut.length, amfIn.length); i++) {
110 | if (amfOut[i] != amfIn[i])
111 | bytesMismatch++;
112 | }
113 | System.out.println("Result and original AMF have " + bytesMismatch + " bytes different");
114 | }
115 |
116 | public static ActionMessage createTestMessage() {
117 | // Body
118 | AsyncMessage asMsg= new AsyncMessage();
119 | RemotingMessage msg = new RemotingMessage();
120 | msg.setOperation("perform");
121 | HashMapIContextMenuFactory with details of a context menu invocation.
17 | * The custom context menu factory can query this interface to obtain details of
18 | * the invocation event, in order to determine what menu items should be
19 | * displayed.
20 | */
21 | public interface IContextMenuInvocation
22 | {
23 | /**
24 | * Used to indicate that the context menu is being invoked in a request
25 | * editor.
26 | */
27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
28 | /**
29 | * Used to indicate that the context menu is being invoked in a response
30 | * editor.
31 | */
32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
33 | /**
34 | * Used to indicate that the context menu is being invoked in a non-editable
35 | * request viewer.
36 | */
37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
38 | /**
39 | * Used to indicate that the context menu is being invoked in a non-editable
40 | * response viewer.
41 | */
42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
43 | /**
44 | * Used to indicate that the context menu is being invoked in the Target
45 | * site map tree.
46 | */
47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
48 | /**
49 | * Used to indicate that the context menu is being invoked in the Target
50 | * site map table.
51 | */
52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
53 | /**
54 | * Used to indicate that the context menu is being invoked in the Proxy
55 | * history.
56 | */
57 | static final byte CONTEXT_PROXY_HISTORY = 6;
58 | /**
59 | * Used to indicate that the context menu is being invoked in the Scanner
60 | * results.
61 | */
62 | static final byte CONTEXT_SCANNER_RESULTS = 7;
63 | /**
64 | * Used to indicate that the context menu is being invoked in the Intruder
65 | * payload positions editor.
66 | */
67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
68 | /**
69 | * Used to indicate that the context menu is being invoked in an Intruder
70 | * attack results.
71 | */
72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
73 | /**
74 | * Used to indicate that the context menu is being invoked in a search
75 | * results window.
76 | */
77 | static final byte CONTEXT_SEARCH_RESULTS = 10;
78 |
79 | /**
80 | * This method can be used to retrieve the native Java input event that was
81 | * the trigger for the context menu invocation.
82 | *
83 | * @return The
84 | * InputEvent that was the trigger for the context menu
85 | * invocation.
86 | */
87 | InputEvent getInputEvent();
88 |
89 | /**
90 | * This method can be used to retrieve the Burp tool within which the
91 | * context menu was invoked.
92 | *
93 | * @return A flag indicating the Burp tool within which the context menu was
94 | * invoked. Burp tool flags are defined in the
95 | * IBurpExtenderCallbacks interface.
96 | */
97 | int getToolFlag();
98 |
99 | /**
100 | * This method can be used to retrieve the context within which the menu was
101 | * invoked.
102 | *
103 | * @return An index indicating the context within which the menu was
104 | * invoked. The indices used are defined within this interface.
105 | */
106 | byte getInvocationContext();
107 |
108 | /**
109 | * This method can be used to retrieve the bounds of the user's selection
110 | * into the current message, if applicable.
111 | *
112 | * @return An int[2] array containing the start and end offsets of the
113 | * user's selection in the current message. If the user has not made any
114 | * selection in the current message, both offsets indicate the position of
115 | * the caret within the editor. If the menu is not being invoked from a
116 | * message editor, the method returns
117 | * null.
118 | */
119 | int[] getSelectionBounds();
120 |
121 | /**
122 | * This method can be used to retrieve details of the HTTP requests /
123 | * responses that were shown or selected by the user when the context menu
124 | * was invoked.
125 | *
126 | * @return An array of
127 | * IHttpRequestResponse objects representing the items that
128 | * were shown or selected by the user when the context menu was invoked.
129 | * This method returns
130 | * null if no messages are applicable to the invocation.
131 | */
132 | IHttpRequestResponse[] getSelectedMessages();
133 |
134 | /**
135 | * This method can be used to retrieve details of the Scanner issues that
136 | * were selected by the user when the context menu was invoked.
137 | *
138 | * @return An array of
139 | * IScanIssue objects representing the issues that were
140 | * selected by the user when the context menu was invoked. This method
141 | * returns
142 | * null if no Scanner issues are applicable to the invocation.
143 | */
144 | IScanIssue[] getSelectedIssues();
145 | }
146 |
--------------------------------------------------------------------------------
/src/burp/IScannerInsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPoint.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to define an insertion point for use by active Scanner
14 | * checks. Extensions can obtain instances of this interface by registering an
15 | * IScannerCheck, or can create instances for use by Burp's own
16 | * scan checks by registering an
17 | * IScannerInsertionPointProvider.
18 | */
19 | public interface IScannerInsertionPoint
20 | {
21 | /**
22 | * Used to indicate where the payload is inserted into the value of a URL
23 | * parameter.
24 | */
25 | static final byte INS_PARAM_URL = 0x00;
26 | /**
27 | * Used to indicate where the payload is inserted into the value of a body
28 | * parameter.
29 | */
30 | static final byte INS_PARAM_BODY = 0x01;
31 | /**
32 | * Used to indicate where the payload is inserted into the value of an HTTP
33 | * cookie.
34 | */
35 | static final byte INS_PARAM_COOKIE = 0x02;
36 | /**
37 | * Used to indicate where the payload is inserted into the value of an item
38 | * of data within an XML data structure.
39 | */
40 | static final byte INS_PARAM_XML = 0x03;
41 | /**
42 | * Used to indicate where the payload is inserted into the value of a tag
43 | * attribute within an XML structure.
44 | */
45 | static final byte INS_PARAM_XML_ATTR = 0x04;
46 | /**
47 | * Used to indicate where the payload is inserted into the value of a
48 | * parameter attribute within a multi-part message body (such as the name of
49 | * an uploaded file).
50 | */
51 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
52 | /**
53 | * Used to indicate where the payload is inserted into the value of an item
54 | * of data within a JSON structure.
55 | */
56 | static final byte INS_PARAM_JSON = 0x06;
57 | /**
58 | * Used to indicate where the payload is inserted into the value of an AMF
59 | * parameter.
60 | */
61 | static final byte INS_PARAM_AMF = 0x07;
62 | /**
63 | * Used to indicate where the payload is inserted into the value of an HTTP
64 | * request header.
65 | */
66 | static final byte INS_HEADER = 0x20;
67 | /**
68 | * Used to indicate where the payload is inserted into a REST parameter
69 | * within the URL file path.
70 | */
71 | static final byte INS_URL_REST = 0x21;
72 | /**
73 | * Used to indicate where the payload is inserted into the name of an added
74 | * URL parameter.
75 | */
76 | static final byte INS_PARAM_NAME_URL = 0x22;
77 | /**
78 | * Used to indicate where the payload is inserted into the name of an added
79 | * body parameter.
80 | */
81 | static final byte INS_PARAM_NAME_BODY = 0x23;
82 | /**
83 | * Used to indicate where the payload is inserted at a location manually
84 | * configured by the user.
85 | */
86 | static final byte INS_USER_PROVIDED = 0x40;
87 | /**
88 | * Used to indicate where the insertion point is provided by an
89 | * extension-registered
90 | * IScannerInsertionPointProvider.
91 | */
92 | static final byte INS_EXTENSION_PROVIDED = 0x41;
93 | /**
94 | * Used to indicate where the payload is inserted at an unknown location
95 | * within the request.
96 | */
97 | static final byte INS_UNKNOWN = 0x7f;
98 |
99 | /**
100 | * This method returns the name of the insertion point.
101 | *
102 | * @return The name of the insertion point (for example, a description of a
103 | * particular request parameter).
104 | */
105 | String getInsertionPointName();
106 |
107 | /**
108 | * This method returns the base value for this insertion point.
109 | *
110 | * @return the base value that appears in this insertion point in the base
111 | * request being scanned, or
112 | * null if there is no value in the base request that
113 | * corresponds to this insertion point.
114 | */
115 | String getBaseValue();
116 |
117 | /**
118 | * This method is used to build a request with the specified payload placed
119 | * into the insertion point. Any necessary adjustments to the Content-Length
120 | * header will be made by the Scanner itself when the request is issued, and
121 | * there is no requirement for the insertion point to do this. Note:
122 | * Burp's built-in scan checks do not apply any payload encoding (such as
123 | * URL-encoding) when dealing with an extension-provided insertion point.
124 | * Custom insertion points are responsible for performing any data encoding
125 | * that is necessary given the nature and location of the insertion point.
126 | *
127 | * @param payload The payload that should be placed into the insertion
128 | * point.
129 | * @return The resulting request.
130 | */
131 | byte[] buildRequest(byte[] payload);
132 |
133 | /**
134 | * This method is used to determine the offsets of the payload value within
135 | * the request, when it is placed into the insertion point. Scan checks may
136 | * invoke this method when reporting issues, so as to highlight the relevant
137 | * part of the request within the UI.
138 | *
139 | * @param payload The payload that should be placed into the insertion
140 | * point.
141 | * @return An int[2] array containing the start and end offsets of the
142 | * payload within the request, or null if this is not applicable (for
143 | * example, where the insertion point places a payload into a serialized
144 | * data structure, the raw payload may not literally appear anywhere within
145 | * the resulting request).
146 | */
147 | int[] getPayloadOffsets(byte[] payload);
148 |
149 | /**
150 | * This method returns the type of the insertion point.
151 | *
152 | * @return The type of the insertion point. Available types are defined in
153 | * this interface.
154 | */
155 | byte getInsertionPointType();
156 | }
157 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/AmfXmlConverter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2011 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.apache.jmeter.protocol.amf.util;
18 |
19 | import java.io.ByteArrayInputStream;
20 | import java.io.ByteArrayOutputStream;
21 | import java.io.IOException;
22 | import java.lang.reflect.Array;
23 | import java.lang.reflect.Field;
24 |
25 | import com.thoughtworks.xstream.XStream;
26 | import com.thoughtworks.xstream.io.xml.DomDriver;
27 | import com.thoughtworks.xstream.mapper.Mapper;
28 |
29 | import flex.messaging.io.ClassAliasRegistry;
30 | import flex.messaging.io.MessageDeserializer;
31 | import flex.messaging.io.SerializationContext;
32 | import flex.messaging.io.amf.ASObject;
33 | import flex.messaging.io.amf.ActionContext;
34 | import flex.messaging.io.amf.ActionMessage;
35 | import flex.messaging.io.amf.Amf3Output;
36 | import flex.messaging.io.amf.AmfMessageDeserializer;
37 | import flex.messaging.io.amf.AmfMessageSerializer;
38 | import flex.messaging.io.amf.MessageBody;
39 | import flex.messaging.io.amf.MessageHeader;
40 | import flex.messaging.messages.AcknowledgeMessage;
41 | import flex.messaging.messages.AcknowledgeMessageExt;
42 | import flex.messaging.messages.AsyncMessage;
43 | import flex.messaging.messages.CommandMessage;
44 | import flex.messaging.messages.CommandMessageExt;
45 | import flex.messaging.messages.ErrorMessage;
46 | import flex.messaging.messages.RemotingMessage;
47 |
48 | public class AmfXmlConverter {
49 |
50 | private static XStream xstream;
51 |
52 | /**
53 | * Converts XML to an object then serializes it
54 | */
55 | public static byte[] convertXmlToAmf(String xml) {
56 | XStream xs = getXStream();
57 | Amf3Output amf3out = new Amf3Output(SerializationContext.getSerializationContext());
58 |
59 | try {
60 | Object msg = xs.fromXML(xml);
61 |
62 | ByteArrayOutputStream baos = new ByteArrayOutputStream();
63 | amf3out.setOutputStream(baos);
64 | amf3out.writeObject(msg);
65 |
66 | return baos.toByteArray();
67 | } catch (Exception ex) {
68 | }
69 |
70 | return new byte[0];
71 | }
72 |
73 |
74 | /**
75 | * Converts XML to a complete AMF message
76 | */
77 | public static byte[] convertXmlToAmfMessage(String xml) {
78 |
79 | XStream xs = getXStream();
80 | ActionMessage message = (ActionMessage) xs.fromXML(xml);
81 | // if (checkAckMessage(message))
82 | // return null;
83 |
84 | ByteArrayOutputStream baos = new ByteArrayOutputStream();
85 |
86 | ActionContext actionContext = new ActionContext();
87 | actionContext.setRequestMessage(message);
88 |
89 | AmfMessageSerializer amfMessageSerializer = new AmfMessageSerializer();
90 | SerializationContext serializationContext = SerializationContext.getSerializationContext();
91 | amfMessageSerializer.initialize(serializationContext, baos, null);
92 |
93 | try {
94 | amfMessageSerializer.writeMessage(message);
95 | return baos.toByteArray();
96 | } catch (IOException ex) {
97 | ex.printStackTrace();
98 | return null;
99 | } finally {
100 | baos = null;
101 | }
102 | }
103 |
104 | public static boolean checkAMFHeader(byte[] amf){
105 | return false;
106 | }
107 |
108 | public static String convertAmfMessageToXml(byte[] amf, boolean useAliasRegistry) {
109 | XStream xs = getXStream();
110 | ActionContext actionContext = new ActionContext();
111 | SerializationContext serializationContext = new SerializationContext();
112 | // Class aliases for deserialization, mimics registerClassAlias in Flex
113 | // Generally only used in rendering as it can cause serious problems for
114 | // proxy sampling
115 | serializationContext.createASObjectForMissingType = true;
116 | // serializationContext.supportRemoteClass=true;
117 | ByteArrayInputStream bin = new ByteArrayInputStream(amf);
118 | ActionMessage message = new ActionMessage();
119 |
120 | MessageDeserializer deserializer = new AmfMessageDeserializer();
121 | deserializer.initialize(serializationContext, bin, null);
122 |
123 | try {
124 | deserializer.readMessage(message, actionContext);
125 | if (checkAckMessage(message))
126 | return null;
127 | String xml = xs.toXML(message);
128 | return xml;
129 |
130 | } catch (Exception ex) {
131 | ex.printStackTrace();
132 | return null;
133 | }
134 | }
135 |
136 |
137 |
138 | private static boolean checkAckMessage(ActionMessage message) {
139 | /* Object data = message.getBody(0).getData();
140 | Object cloneData = data;
141 | int bodyCount = message.getBodyCount();
142 | if (bodyCount == 0)
143 | return true;
144 | else if (bodyCount == 1) {
145 | if (data instanceof List)
146 | cloneData = ((List) data).get(0);
147 | else if (data.getClass().isArray())
148 | cloneData = Array.get(data, 0);
149 | if (cloneData instanceof ASObject) {
150 | String type = ((ASObject) cloneData).getType();
151 | if (type.matches("DSC|DSK"))
152 | return true;
153 | }
154 | }*/
155 | return false;
156 | }
157 |
158 | public static XStream getXStream() {
159 | if (xstream == null) {
160 | xstream = new XStream(new DomDriver());
161 |
162 | xstream.alias("ActionMessage", ActionMessage.class);
163 | xstream.alias("MessageHeader", MessageHeader.class);
164 | xstream.alias("MessageBody", MessageBody.class);
165 | xstream.alias("RemotingMessage", RemotingMessage.class);
166 | xstream.alias("CommandMessage", CommandMessage.class);
167 | xstream.alias("AcknowledgeMessage", AcknowledgeMessage.class);
168 | xstream.alias("ErrorMessage", ErrorMessage.class);
169 | xstream.alias("ASObject", ASObject.class);
170 | xstream.alias("AsyncMessage", AsyncMessage.class);
171 | xstream.alias("DSC", CommandMessageExt.class);
172 | // xstream.alias("DSK", AcknowledgeMessageExt.class);
173 |
174 | // Better ASObject Converter
175 | Mapper mapper = xstream.getMapper();
176 | xstream.registerConverter(new ASObjectConverter(mapper));
177 | }
178 |
179 | return xstream;
180 | }
181 | public static String objDump(Object o) {
182 | StringBuffer buffer = new StringBuffer();
183 | Class oClass = o.getClass();
184 | if (oClass.isArray()) {
185 | buffer.append("Array: ");
186 | buffer.append("[");
187 | for (int i = 0; i < Array.getLength(o); i++) {
188 | Object value = Array.get(o, i);
189 | if (value != null) {
190 | if (value.getClass().isPrimitive()
191 | || value.getClass() == java.lang.Long.class
192 | || value.getClass() == java.lang.String.class
193 | || value.getClass() == java.lang.Integer.class
194 | || value.getClass() == java.lang.Boolean.class
195 | || value.getClass() == java.lang.Short.class
196 | || value.getClass() == java.lang.Float.class
197 | || value.getClass() == java.lang.Character.class
198 | || value.getClass() == java.lang.Double.class
199 | || value.getClass() == java.lang.Byte.class) {
200 | buffer.append(value);
201 | if (i != (Array.getLength(o) - 1)) {
202 | buffer.append(",");
203 | }
204 | } else {
205 | buffer.append(objDump(value));
206 | }
207 | }
208 | }
209 | buffer.append("]\n");
210 | } else {
211 | buffer.append("Class: " + oClass.getName());
212 | buffer.append("{");
213 | while (oClass != null) {
214 | Field[] fields = oClass.getDeclaredFields();
215 | for (int i = 0; i < fields.length; i++) {
216 | fields[i].setAccessible(true);
217 | buffer.append(fields[i].getName());
218 | buffer.append("=");
219 | try {
220 | Object value = fields[i].get(o);
221 | if (value != null) {
222 | if (value.getClass().isPrimitive()
223 | || value.getClass() == java.lang.Long.class
224 | || value.getClass() == java.lang.String.class
225 | || value.getClass() == java.lang.Integer.class
226 | || value.getClass() == java.lang.Boolean.class
227 | || value.getClass() == java.lang.Short.class
228 | || value.getClass() == java.lang.Float.class
229 | || value.getClass() == java.lang.Character.class
230 | || value.getClass() == java.lang.Double.class
231 | || value.getClass() == java.lang.Byte.class) {
232 | buffer.append(value);
233 | } else {
234 | buffer.append(objDump(value));
235 | }
236 | }
237 | } catch (IllegalAccessException e) {
238 | buffer.append(e.getMessage());
239 | }
240 | if(iIHttpRequestResponse object containing the request to be
31 | * analyzed.
32 | * @return An
33 | * IRequestInfo object that can be queried to obtain details
34 | * about the request.
35 | */
36 | IRequestInfo analyzeRequest(IHttpRequestResponse request);
37 |
38 | /**
39 | * This method can be used to analyze an HTTP request, and obtain various
40 | * key details about it.
41 | *
42 | * @param httpService The HTTP service associated with the request. This is
43 | * optional and may be
44 | * null, in which case the resulting
45 | * IRequestInfo object will not include the full request URL.
46 | * @param request The request to be analyzed.
47 | * @return An
48 | * IRequestInfo object that can be queried to obtain details
49 | * about the request.
50 | */
51 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
52 |
53 | /**
54 | * This method can be used to analyze an HTTP request, and obtain various
55 | * key details about it. The resulting
56 | * IRequestInfo object will not include the full request URL.
57 | * To obtain the full URL, use one of the other overloaded
58 | * analyzeRequest() methods.
59 | *
60 | * @param request The request to be analyzed.
61 | * @return An
62 | * IRequestInfo object that can be queried to obtain details
63 | * about the request.
64 | */
65 | IRequestInfo analyzeRequest(byte[] request);
66 |
67 | /**
68 | * This method can be used to analyze an HTTP response, and obtain various
69 | * key details about it.
70 | *
71 | * @param response The response to be analyzed.
72 | * @return An
73 | * IResponseInfo object that can be queried to obtain details
74 | * about the response.
75 | */
76 | IResponseInfo analyzeResponse(byte[] response);
77 |
78 | /**
79 | * This method can be used to retrieve details of a specified parameter
80 | * within an HTTP request. Note: Use
81 | * analyzeRequest() to obtain details of all parameters within
82 | * the request.
83 | *
84 | * @param request The request to be inspected for the specified parameter.
85 | * @param parameterName The name of the parameter to retrieve.
86 | * @return An
87 | * IParameter object that can be queried to obtain details
88 | * about the parameter, or
89 | * null if the parameter was not found.
90 | */
91 | IParameter getRequestParameter(byte[] request, String parameterName);
92 |
93 | /**
94 | * This method can be used to URL-decode the specified data.
95 | *
96 | * @param data The data to be decoded.
97 | * @return The decoded data.
98 | */
99 | String urlDecode(String data);
100 |
101 | /**
102 | * This method can be used to URL-encode the specified data. Any characters
103 | * that do not need to be encoded within HTTP requests are not encoded.
104 | *
105 | * @param data The data to be encoded.
106 | * @return The encoded data.
107 | */
108 | String urlEncode(String data);
109 |
110 | /**
111 | * This method can be used to URL-decode the specified data.
112 | *
113 | * @param data The data to be decoded.
114 | * @return The decoded data.
115 | */
116 | byte[] urlDecode(byte[] data);
117 |
118 | /**
119 | * This method can be used to URL-encode the specified data. Any characters
120 | * that do not need to be encoded within HTTP requests are not encoded.
121 | *
122 | * @param data The data to be encoded.
123 | * @return The encoded data.
124 | */
125 | byte[] urlEncode(byte[] data);
126 |
127 | /**
128 | * This method can be used to Base64-decode the specified data.
129 | *
130 | * @param data The data to be decoded.
131 | * @return The decoded data.
132 | */
133 | byte[] base64Decode(String data);
134 |
135 | /**
136 | * This method can be used to Base64-decode the specified data.
137 | *
138 | * @param data The data to be decoded.
139 | * @return The decoded data.
140 | */
141 | byte[] base64Decode(byte[] data);
142 |
143 | /**
144 | * This method can be used to Base64-encode the specified data.
145 | *
146 | * @param data The data to be encoded.
147 | * @return The encoded data.
148 | */
149 | String base64Encode(String data);
150 |
151 | /**
152 | * This method can be used to Base64-encode the specified data.
153 | *
154 | * @param data The data to be encoded.
155 | * @return The encoded data.
156 | */
157 | String base64Encode(byte[] data);
158 |
159 | /**
160 | * This method can be used to convert data from String form into an array of
161 | * bytes. The conversion does not reflect any particular character set, and
162 | * a character with the hex representation 0xWXYZ will always be converted
163 | * into a byte with the representation 0xYZ. It performs the opposite
164 | * conversion to the method
165 | * bytesToString(), and byte-based data that is converted to a
166 | * String and back again using these two methods is guaranteed to retain its
167 | * integrity (which may not be the case with conversions that reflect a
168 | * given character set).
169 | *
170 | * @param data The data to be converted.
171 | * @return The converted data.
172 | */
173 | byte[] stringToBytes(String data);
174 |
175 | /**
176 | * This method can be used to convert data from an array of bytes into
177 | * String form. The conversion does not reflect any particular character
178 | * set, and a byte with the representation 0xYZ will always be converted
179 | * into a character with the hex representation 0x00YZ. It performs the
180 | * opposite conversion to the method
181 | * stringToBytes(), and byte-based data that is converted to a
182 | * String and back again using these two methods is guaranteed to retain its
183 | * integrity (which may not be the case with conversions that reflect a
184 | * given character set).
185 | *
186 | * @param data The data to be converted.
187 | * @return The converted data.
188 | */
189 | String bytesToString(byte[] data);
190 |
191 | /**
192 | * This method searches a piece of data for the first occurrence of a
193 | * specified pattern. It works on byte-based data in a way that is similar
194 | * to the way the native Java method
195 | * String.indexOf() works on String-based data.
196 | *
197 | * @param data The data to be searched.
198 | * @param pattern The pattern to be searched for.
199 | * @param caseSensitive Flags whether or not the search is case-sensitive.
200 | * @param from The offset within
201 | * data where the search should begin.
202 | * @param to The offset within
203 | * data where the search should end.
204 | * @return The offset of the first occurrence of the pattern within the
205 | * specified bounds, or -1 if no match is found.
206 | */
207 | int indexOf(byte[] data,
208 | byte[] pattern,
209 | boolean caseSensitive,
210 | int from,
211 | int to);
212 |
213 | /**
214 | * This method builds an HTTP message containing the specified headers and
215 | * message body. If applicable, the Content-Length header will be added or
216 | * updated, based on the length of the body.
217 | *
218 | * @param headers A list of headers to include in the message.
219 | * @param body The body of the message, of
220 | * null if the message has an empty body.
221 | * @return The resulting full HTTP message.
222 | */
223 | byte[] buildHttpMessage(ListIParameter object containing details of the parameter to be
242 | * added. Supported parameter types are:
243 | * PARAM_URL,
244 | * PARAM_BODY and
245 | * PARAM_COOKIE.
246 | * @return A new HTTP request with the new parameter added.
247 | */
248 | byte[] addParameter(byte[] request, IParameter parameter);
249 |
250 | /**
251 | * This method removes a parameter from an HTTP request, and if appropriate
252 | * updates the Content-Length header.
253 | *
254 | * @param request The request from which the parameter should be removed.
255 | * @param parameter An
256 | * IParameter object containing details of the parameter to be
257 | * removed. Supported parameter types are:
258 | * PARAM_URL,
259 | * PARAM_BODY and
260 | * PARAM_COOKIE.
261 | * @return A new HTTP request with the parameter removed.
262 | */
263 | byte[] removeParameter(byte[] request, IParameter parameter);
264 |
265 | /**
266 | * This method updates the value of a parameter within an HTTP request, and
267 | * if appropriate updates the Content-Length header. Note: This
268 | * method can only be used to update the value of an existing parameter of a
269 | * specified type. If you need to change the type of an existing parameter,
270 | * you should first call
271 | * removeParameter() to remove the parameter with the old type,
272 | * and then call
273 | * addParameter() to add a parameter with the new type.
274 | *
275 | * @param request The request containing the parameter to be updated.
276 | * @param parameter An
277 | * IParameter object containing details of the parameter to be
278 | * updated. Supported parameter types are:
279 | * PARAM_URL,
280 | * PARAM_BODY and
281 | * PARAM_COOKIE.
282 | * @return A new HTTP request with the parameter updated.
283 | */
284 | byte[] updateParameter(byte[] request, IParameter parameter);
285 |
286 | /**
287 | * This method can be used to toggle a request's method between GET and
288 | * POST. Parameters are relocated between the URL query string and message
289 | * body as required, and the Content-Length header is created or removed as
290 | * applicable.
291 | *
292 | * @param request The HTTP request whose method should be toggled.
293 | * @return A new HTTP request using the toggled method.
294 | */
295 | byte[] toggleRequestMethod(byte[] request);
296 |
297 | /**
298 | * This method constructs an
299 | * IHttpService object based on the details provided.
300 | *
301 | * @param host The HTTP service host.
302 | * @param port The HTTP service port.
303 | * @param protocol The HTTP service protocol.
304 | * @return An
305 | * IHttpService object based on the details provided.
306 | */
307 | IHttpService buildHttpService(String host, int port, String protocol);
308 |
309 | /**
310 | * This method constructs an
311 | * IHttpService object based on the details provided.
312 | *
313 | * @param host The HTTP service host.
314 | * @param port The HTTP service port.
315 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
316 | * @return An
317 | * IHttpService object based on the details provided.
318 | */
319 | IHttpService buildHttpService(String host, int port, boolean useHttps);
320 |
321 | /**
322 | * This method constructs an
323 | * IParameter object based on the details provided.
324 | *
325 | * @param name The parameter name.
326 | * @param value The parameter value.
327 | * @param type The parameter type, as defined in the
328 | * IParameter interface.
329 | * @return An
330 | * IParameter object based on the details provided.
331 | */
332 | IParameter buildParameter(String name, String value, byte type);
333 |
334 | /**
335 | * This method constructs an
336 | * IScannerInsertionPoint object based on the details provided.
337 | * It can be used to quickly create a simple insertion point based on a
338 | * fixed payload location within a base request.
339 | *
340 | * @param insertionPointName The name of the insertion point.
341 | * @param baseRequest The request from which to build scan requests.
342 | * @param from The offset of the start of the payload location.
343 | * @param to The offset of the end of the payload location.
344 | * @return An
345 | * IScannerInsertionPoint object based on the details provided.
346 | */
347 | IScannerInsertionPoint makeScannerInsertionPoint(
348 | String insertionPointName,
349 | byte[] baseRequest,
350 | int from,
351 | int to);
352 | }
353 |
--------------------------------------------------------------------------------
/src/burp/IBurpExtenderCallbacks.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtenderCallbacks.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 | import java.io.OutputStream;
14 | import java.util.List;
15 | import java.util.Map;
16 |
17 | /**
18 | * This interface is used by Burp Suite to pass to extensions a set of callback
19 | * methods that can be used by extensions to perform various actions within
20 | * Burp.
21 | *
22 | * When an extension is loaded, Burp invokes its
23 | * registerExtenderCallbacks() method and passes an instance of the
24 | * IBurpExtenderCallbacks interface. The extension may then invoke
25 | * the methods of this interface as required in order to extend Burp's
26 | * functionality.
27 | */
28 | public interface IBurpExtenderCallbacks
29 | {
30 | /**
31 | * Flag used to identify Burp Suite as a whole.
32 | */
33 | static final int TOOL_SUITE = 0x00000001;
34 | /**
35 | * Flag used to identify the Burp Target tool.
36 | */
37 | static final int TOOL_TARGET = 0x00000002;
38 | /**
39 | * Flag used to identify the Burp Proxy tool.
40 | */
41 | static final int TOOL_PROXY = 0x00000004;
42 | /**
43 | * Flag used to identify the Burp Spider tool.
44 | */
45 | static final int TOOL_SPIDER = 0x00000008;
46 | /**
47 | * Flag used to identify the Burp Scanner tool.
48 | */
49 | static final int TOOL_SCANNER = 0x00000010;
50 | /**
51 | * Flag used to identify the Burp Intruder tool.
52 | */
53 | static final int TOOL_INTRUDER = 0x00000020;
54 | /**
55 | * Flag used to identify the Burp Repeater tool.
56 | */
57 | static final int TOOL_REPEATER = 0x00000040;
58 | /**
59 | * Flag used to identify the Burp Sequencer tool.
60 | */
61 | static final int TOOL_SEQUENCER = 0x00000080;
62 | /**
63 | * Flag used to identify the Burp Decoder tool.
64 | */
65 | static final int TOOL_DECODER = 0x00000100;
66 | /**
67 | * Flag used to identify the Burp Comparer tool.
68 | */
69 | static final int TOOL_COMPARER = 0x00000200;
70 | /**
71 | * Flag used to identify the Burp Extender tool.
72 | */
73 | static final int TOOL_EXTENDER = 0x00000400;
74 |
75 | /**
76 | * This method is used to set the display name for the current extension,
77 | * which will be displayed within the user interface for the Extender tool.
78 | *
79 | * @param name The extension name.
80 | */
81 | void setExtensionName(String name);
82 |
83 | /**
84 | * This method is used to obtain an
85 | * IExtensionHelpers object, which can be used by the extension
86 | * to perform numerous useful tasks.
87 | *
88 | * @return An object containing numerous helper methods, for tasks such as
89 | * building and analyzing HTTP requests.
90 | */
91 | IExtensionHelpers getHelpers();
92 |
93 | /**
94 | * This method is used to obtain the current extension's standard output
95 | * stream. Extensions should write all output to this stream, allowing the
96 | * Burp user to configure how that output is handled from within the UI.
97 | *
98 | * @return The extension's standard output stream.
99 | */
100 | OutputStream getStdout();
101 |
102 | /**
103 | * This method is used to obtain the current extension's standard error
104 | * stream. Extensions should write all error messages to this stream,
105 | * allowing the Burp user to configure how that output is handled from
106 | * within the UI.
107 | *
108 | * @return The extension's standard error stream.
109 | */
110 | OutputStream getStderr();
111 |
112 | /**
113 | * This method is used to register a listener which will be notified of
114 | * changes to the extension's state. Note: Any extensions that start
115 | * background threads or open system resources (such as files or database
116 | * connections) should register a listener and terminate threads / close
117 | * resources when the extension is unloaded.
118 | *
119 | * @param listener An object created by the extension that implements the
120 | * IExtensionStateListener interface.
121 | */
122 | void registerExtensionStateListener(IExtensionStateListener listener);
123 |
124 | /**
125 | * This method is used to register a listener which will be notified of
126 | * requests and responses made by any Burp tool. Extensions can perform
127 | * custom analysis or modification of these messages by registering an HTTP
128 | * listener.
129 | *
130 | * @param listener An object created by the extension that implements the
131 | * IHttpListener interface.
132 | */
133 | void registerHttpListener(IHttpListener listener);
134 |
135 | /**
136 | * This method is used to register a listener which will be notified of
137 | * requests and responses being processed by the Proxy tool. Extensions can
138 | * perform custom analysis or modification of these messages, and control
139 | * in-UI message interception, by registering a proxy listener.
140 | *
141 | * @param listener An object created by the extension that implements the
142 | * IProxyListener interface.
143 | */
144 | void registerProxyListener(IProxyListener listener);
145 |
146 | /**
147 | * This method is used to register a listener which will be notified of new
148 | * issues that are reported by the Scanner tool. Extensions can perform
149 | * custom analysis or logging of Scanner issues by registering a Scanner
150 | * listener.
151 | *
152 | * @param listener An object created by the extension that implements the
153 | * IScannerListener interface.
154 | */
155 | void registerScannerListener(IScannerListener listener);
156 |
157 | /**
158 | * This method is used to register a factory for custom context menu items.
159 | * When the user invokes a context menu anywhere within Burp, the factory
160 | * will be passed details of the invocation event, and asked to provide any
161 | * custom context menu items that should be shown.
162 | *
163 | * @param factory An object created by the extension that implements the
164 | * IContextMenuFactory interface.
165 | */
166 | void registerContextMenuFactory(IContextMenuFactory factory);
167 |
168 | /**
169 | * This method is used to register a factory for custom message editor tabs.
170 | * For each message editor that already exists, or is subsequently created,
171 | * within Burp, the factory will be asked to provide a new instance of an
172 | * IMessageEditorTab object, which can provide custom rendering
173 | * or editing of HTTP messages.
174 | *
175 | * @param factory An object created by the extension that implements the
176 | * IMessageEditorTabFactory interface.
177 | */
178 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
179 |
180 | /**
181 | * This method is used to register a provider of Scanner insertion points.
182 | * For each base request that is actively scanned, Burp will ask the
183 | * provider to provide any custom scanner insertion points that are
184 | * appropriate for the request.
185 | *
186 | * @param provider An object created by the extension that implements the
187 | * IScannerInsertionPointProvider interface.
188 | */
189 | void registerScannerInsertionPointProvider(
190 | IScannerInsertionPointProvider provider);
191 |
192 | /**
193 | * This method is used to register a custom Scanner check. When performing
194 | * scanning, Burp will ask the check to perform active or passive scanning
195 | * on the base request, and report any Scanner issues that are identified.
196 | *
197 | * @param check An object created by the extension that implements the
198 | * IScannerCheck interface.
199 | */
200 | void registerScannerCheck(IScannerCheck check);
201 |
202 | /**
203 | * This method is used to register a factory for Intruder payloads. Each
204 | * registered factory will be available within the Intruder UI for the user
205 | * to select as the payload source for an attack. When this is selected, the
206 | * factory will be asked to provide a new instance of an
207 | * IIntruderPayloadGenerator object, which will be used to
208 | * generate payloads for the attack.
209 | *
210 | * @param factory An object created by the extension that implements the
211 | * IIntruderPayloadGeneratorFactory interface.
212 | */
213 | void registerIntruderPayloadGeneratorFactory(
214 | IIntruderPayloadGeneratorFactory factory);
215 |
216 | /**
217 | * This method is used to register a custom Intruder payload processor. Each
218 | * registered processor will be available within the Intruder UI for the
219 | * user to select as the action for a payload processing rule.
220 | *
221 | * @param processor An object created by the extension that implements the
222 | * IIntruderPayloadProcessor interface.
223 | */
224 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
225 |
226 | /**
227 | * This method is used to register a custom session handling action. Each
228 | * registered action will be available within the session handling rule UI
229 | * for the user to select as a rule action. Users can choose to invoke an
230 | * action directly in its own right, or following execution of a macro.
231 | *
232 | * @param action An object created by the extension that implements the
233 | * ISessionHandlingAction interface.
234 | */
235 | void registerSessionHandlingAction(ISessionHandlingAction action);
236 |
237 | /**
238 | * This method is used to add a custom tab to the main Burp Suite window.
239 | *
240 | * @param tab An object created by the extension that implements the
241 | * ITab interface.
242 | */
243 | void addSuiteTab(ITab tab);
244 |
245 | /**
246 | * This method is used to remove a previously-added tab from the main Burp
247 | * Suite window.
248 | *
249 | * @param tab An object created by the extension that implements the
250 | * ITab interface.
251 | */
252 | void removeSuiteTab(ITab tab);
253 |
254 | /**
255 | * This method is used to customize UI components in line with Burp's UI
256 | * style, including font size, colors, table line spacing, etc.
257 | *
258 | * @param component The UI component to be customized.
259 | */
260 | void customizeUiComponent(Component component);
261 |
262 | /**
263 | * This method is used to create a new instance of Burp's HTTP message
264 | * editor, for the extension to use in its own UI.
265 | *
266 | * @param controller An object created by the extension that implements the
267 | * IMessageEditorController interface. This parameter is
268 | * optional and may be
269 | * null. If it is provided, then the message editor will query
270 | * the controller when required to obtain details about the currently
271 | * displayed message, including the
272 | * IHttpService for the message, and the associated request or
273 | * response message. If a controller is not provided, then the message
274 | * editor will not support context menu actions, such as sending requests to
275 | * other Burp tools.
276 | * @param editable Indicates whether the editor created should be editable,
277 | * or used only for message viewing.
278 | * @return An object that implements the
279 | * IMessageEditor interface, and which the extension can use in
280 | * its own UI.
281 | */
282 | IMessageEditor createMessageEditor(IMessageEditorController controller,
283 | boolean editable);
284 |
285 | /**
286 | * This method is used to create a new instance of Burp's plain text editor,
287 | * for the extension to use in its own UI.
288 | *
289 | * @return An object that implements the
290 | * ITextEditor interface, and which the extension can use in
291 | * its own UI.
292 | */
293 | ITextEditor createTextEditor();
294 |
295 | /**
296 | * This method can be used to send an HTTP request to the Burp Repeater
297 | * tool. The request will be displayed in the user interface, but will not
298 | * be issued until the user initiates this action.
299 | *
300 | * @param host The hostname of the remote HTTP server.
301 | * @param port The port of the remote HTTP server.
302 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
303 | * @param request The full HTTP request.
304 | * @param tabCaption An optional caption which will appear on the Repeater
305 | * tab containing the request. If this value is
306 | * null then a default tab index will be displayed.
307 | */
308 | void sendToRepeater(
309 | String host,
310 | int port,
311 | boolean useHttps,
312 | byte[] request,
313 | String tabCaption);
314 |
315 | /**
316 | * This method can be used to send an HTTP request to the Burp Intruder
317 | * tool. The request will be displayed in the user interface, and markers
318 | * for attack payloads will be placed into default locations within the
319 | * request.
320 | *
321 | * @param host The hostname of the remote HTTP server.
322 | * @param port The port of the remote HTTP server.
323 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
324 | * @param request The full HTTP request.
325 | */
326 | void sendToIntruder(
327 | String host,
328 | int port,
329 | boolean useHttps,
330 | byte[] request);
331 |
332 | /**
333 | * This method can be used to send an HTTP request to the Burp Intruder
334 | * tool. The request will be displayed in the user interface, and markers
335 | * for attack payloads will be placed into the specified locations within
336 | * the request.
337 | *
338 | * @param host The hostname of the remote HTTP server.
339 | * @param port The port of the remote HTTP server.
340 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
341 | * @param request The full HTTP request.
342 | * @param payloadPositionOffsets A list of index pairs representing the
343 | * payload positions to be used. Each item in the list must be an int[2]
344 | * array containing the start and end offsets for the payload position.
345 | */
346 | void sendToIntruder(
347 | String host,
348 | int port,
349 | boolean useHttps,
350 | byte[] request,
351 | ListIHttpRequestResponse interface, and which the extension can
432 | * query to obtain the details of the response.
433 | */
434 | IHttpRequestResponse makeHttpRequest(IHttpService httpService,
435 | byte[] request);
436 |
437 | /**
438 | * This method can be used to issue HTTP requests and retrieve their
439 | * responses.
440 | *
441 | * @param host The hostname of the remote HTTP server.
442 | * @param port The port of the remote HTTP server.
443 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
444 | * @param request The full HTTP request.
445 | * @return The full response retrieved from the remote server.
446 | */
447 | byte[] makeHttpRequest(
448 | String host,
449 | int port,
450 | boolean useHttps,
451 | byte[] request);
452 |
453 | /**
454 | * This method can be used to query whether a specified URL is within the
455 | * current Suite-wide scope.
456 | *
457 | * @param url The URL to query.
458 | * @return Returns
459 | * true if the URL is within the current Suite-wide scope.
460 | */
461 | boolean isInScope(java.net.URL url);
462 |
463 | /**
464 | * This method can be used to include the specified URL in the Suite-wide
465 | * scope.
466 | *
467 | * @param url The URL to include in the Suite-wide scope.
468 | */
469 | void includeInScope(java.net.URL url);
470 |
471 | /**
472 | * This method can be used to exclude the specified URL from the Suite-wide
473 | * scope.
474 | *
475 | * @param url The URL to exclude from the Suite-wide scope.
476 | */
477 | void excludeFromScope(java.net.URL url);
478 |
479 | /**
480 | * This method can be used to display a specified message in the Burp Suite
481 | * alerts tab.
482 | *
483 | * @param message The alert message to display.
484 | */
485 | void issueAlert(String message);
486 |
487 | /**
488 | * This method returns details of all items in the Proxy history.
489 | *
490 | * @return The contents of the Proxy history.
491 | */
492 | IHttpRequestResponse[] getProxyHistory();
493 |
494 | /**
495 | * This method returns details of items in the site map.
496 | *
497 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
498 | * order to extract a specific subset of the site map. The method performs a
499 | * simple case-sensitive text match, returning all site map items whose URL
500 | * begins with the specified prefix. If this parameter is null, the entire
501 | * site map is returned.
502 | *
503 | * @return Details of items in the site map.
504 | */
505 | IHttpRequestResponse[] getSiteMap(String urlPrefix);
506 |
507 | /**
508 | * This method returns all of the current scan issues for URLs matching the
509 | * specified literal prefix.
510 | *
511 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
512 | * order to extract a specific subset of scan issues. The method performs a
513 | * simple case-sensitive text match, returning all scan issues whose URL
514 | * begins with the specified prefix. If this parameter is null, all issues
515 | * are returned.
516 | * @return Details of the scan issues.
517 | */
518 | IScanIssue[] getScanIssues(String urlPrefix);
519 |
520 | /**
521 | * This method can be used to add an item to Burp's site map with the
522 | * specified request/response details. This will overwrite the details of
523 | * any existing matching item in the site map.
524 | *
525 | * @param item Details of the item to be added to the site map
526 | */
527 | void addToSiteMap(IHttpRequestResponse item);
528 |
529 | /**
530 | * This method can be used to restore Burp's state from a specified saved
531 | * state file. This method blocks until the restore operation is completed,
532 | * and must not be called from the event dispatch thread.
533 | *
534 | * @param file The file containing Burp's saved state.
535 | */
536 | void restoreState(java.io.File file);
537 |
538 | /**
539 | * This method can be used to save Burp's state to a specified file. This
540 | * method blocks until the save operation is completed, and must not be
541 | * called from the event dispatch thread.
542 | *
543 | * @param file The file to save Burp's state in.
544 | */
545 | void saveState(java.io.File file);
546 |
547 | /**
548 | * This method causes Burp to save all of its current configuration as a Map
549 | * of name/value Strings.
550 | *
551 | * @return A Map of name/value Strings reflecting Burp's current
552 | * configuration.
553 | */
554 | MapsaveConfig() to obtain Burp's current configuration, modify
562 | * the relevant items in the Map, and then call
563 | * loadConfig() with the same Map.
564 | *
565 | * @param config A map of name/value Strings to use as Burp's new
566 | * configuration.
567 | */
568 | void loadConfig(MapITempFile interface.
608 | */
609 | ITempFile saveToTempFile(byte[] buffer);
610 |
611 | /**
612 | * This method is used to save the request and response of an
613 | * IHttpRequestResponse object to temporary files, so that they
614 | * are no longer held in memory. Extensions can used this method to convert
615 | * IHttpRequestResponse objects into a form suitable for
616 | * long-term storage.
617 | *
618 | * @param httpRequestResponse The
619 | * IHttpRequestResponse object whose request and response
620 | * messages are to be saved to temporary files.
621 | * @return An object that implements the
622 | * IHttpRequestResponsePersisted interface.
623 | */
624 | IHttpRequestResponsePersisted saveBuffersToTempFiles(
625 | IHttpRequestResponse httpRequestResponse);
626 |
627 | /**
628 | * This method is used to apply markers to an HTTP request or response, at
629 | * offsets into the message that are relevant for some particular purpose.
630 | * Markers are used in various situations, such as specifying Intruder
631 | * payload positions, Scanner insertion points, and highlights in Scanner
632 | * issues.
633 | *
634 | * @param httpRequestResponse The
635 | * IHttpRequestResponse object to which the markers should be
636 | * applied.
637 | * @param requestMarkers A list of index pairs representing the offsets of
638 | * markers to be applied to the request message. Each item in the list must
639 | * be an int[2] array containing the start and end offsets for the marker.
640 | * This parameter is optional and may be
641 | * null if no request markers are required.
642 | * @param responseMarkers A list of index pairs representing the offsets of
643 | * markers to be applied to the response message. Each item in the list must
644 | * be an int[2] array containing the start and end offsets for the marker.
645 | * This parameter is optional and may be
646 | * null if no response markers are required.
647 | * @return An object that implements the
648 | * IHttpRequestResponseWithMarkers interface.
649 | */
650 | IHttpRequestResponseWithMarkers applyMarkers(
651 | IHttpRequestResponse httpRequestResponse,
652 | ListTOOL_PROXY,
661 | * TOOL_SCANNER, etc.). Tool flags are defined within this
662 | * interface.
663 | * @return The descriptive name for the specified tool.
664 | */
665 | String getToolName(int toolFlag);
666 |
667 | /**
668 | * This method is used to register a new Scanner issue. Note:
669 | * Wherever possible, extensions should implement custom Scanner checks
670 | * using
671 | * IScannerCheck and report issues via those checks, so as to
672 | * integrate with Burp's user-driven workflow, and ensure proper
673 | * consolidation of duplicate reported issues. This method is only designed
674 | * for tasks outside of the normal testing workflow, such as importing
675 | * results from other scanning tools.
676 | *
677 | * @param issue An object created by the extension that implements the
678 | * IScanIssue interface.
679 | */
680 | void addScanIssue(IScanIssue issue);
681 |
682 | /**
683 | * This method parses the specified request and returns details of each
684 | * request parameter.
685 | *
686 | * @param request The request to be parsed.
687 | * @return An array of:
688 | * String[] { name, value, type } containing details of the
689 | * parameters contained within the request.
690 | * @deprecated Use
691 | * IExtensionHelpers.analyzeRequest() instead.
692 | */
693 | @Deprecated
694 | String[][] getParameters(byte[] request);
695 |
696 | /**
697 | * This method parses the specified request and returns details of each HTTP
698 | * header.
699 | *
700 | * @param message The request to be parsed.
701 | * @return An array of HTTP headers.
702 | * @deprecated Use
703 | * IExtensionHelpers.analyzeRequest() or
704 | * IExtensionHelpers.analyzeResponse() instead.
705 | */
706 | @Deprecated
707 | String[] getHeaders(byte[] message);
708 |
709 | /**
710 | * This method can be used to register a new menu item which will appear on
711 | * the various context menus that are used throughout Burp Suite to handle
712 | * user-driven actions.
713 | *
714 | * @param menuItemCaption The caption to be displayed on the menu item.
715 | * @param menuItemHandler The handler to be invoked when the user clicks on
716 | * the menu item.
717 | * @deprecated Use
718 | * registerContextMenuFactory() instead.
719 | */
720 | @Deprecated
721 | void registerMenuItem(
722 | String menuItemCaption,
723 | IMenuItemHandler menuItemHandler);
724 | }
725 |
--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
1 | GNU AFFERO GENERAL PUBLIC LICENSE
2 | Version 3, 19 November 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.