├── BappDescription.html ├── BappManifest.bmf ├── README.md ├── bin └── PHPUnserializeCheck.jar ├── build.gradle ├── img └── example report.png ├── settings.gradle └── src └── burp ├── BurpExtender.java ├── IBurpExtender.java ├── IBurpExtenderCallbacks.java ├── IContextMenuFactory.java ├── IContextMenuInvocation.java ├── ICookie.java ├── IExtensionHelpers.java ├── IExtensionStateListener.java ├── IHttpListener.java ├── IHttpRequestResponse.java ├── IHttpRequestResponsePersisted.java ├── IHttpRequestResponseWithMarkers.java ├── IHttpService.java ├── IInterceptedProxyMessage.java ├── IIntruderAttack.java ├── IIntruderPayloadGenerator.java ├── IIntruderPayloadGeneratorFactory.java ├── IIntruderPayloadProcessor.java ├── IMenuItemHandler.java ├── IMessageEditor.java ├── IMessageEditorController.java ├── IMessageEditorTab.java ├── IMessageEditorTabFactory.java ├── IParameter.java ├── IProxyListener.java ├── IRequestInfo.java ├── IResponseInfo.java ├── IScanIssue.java ├── IScanQueueItem.java ├── IScannerCheck.java ├── IScannerInsertionPoint.java ├── IScannerInsertionPointProvider.java ├── IScannerListener.java ├── IScopeChangeListener.java ├── ISessionHandlingAction.java ├── ITab.java ├── ITempFile.java └── ITextEditor.java /BappDescription.html: -------------------------------------------------------------------------------- 1 |

This extension adds an active scan check to find PHP object injection vulnerabilities.

2 | 3 |

It passes a serialized PDO object in each insertion point. If PHP 4 | tries to unserialize this object a fatal exception is thrown triggered in the 5 | object's __wakeup() method (ext/pdo/pdo_dbh.c).

6 | -------------------------------------------------------------------------------- /BappManifest.bmf: -------------------------------------------------------------------------------- 1 | Uuid: 24dab228311049d89a27a4d721e17ef7 2 | ExtensionType: 1 3 | Name: PHP Object Injection Check 4 | RepoName: php-object-injection-check 5 | ScreenVersion: 1.1 6 | SerialVersion: 4 7 | MinPlatformVersion: 0 8 | ProOnly: True 9 | Author: Securify 10 | ShortDescription: Finds PHP object injection vulnerabilities. 11 | EntryPoint: build/libs/php-object-injection-check-all.jar 12 | BuildCommand: gradle fatJar 13 | SupportedProducts: Pro, Enterprise 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PHP Unserialize Check 2 | 3 | This Burp Scanner Extension tries to find PHP Object Injection Vulnerabilities. 4 | 5 | It passes a serialized `PDO` object to the found injection points. If PHP tries to unserialize this object a fatal exception is thrown triggered in the object's `__wakeup()` method (ext/pdo/pdo_dbh.c): 6 | ``` 7 | static PHP_METHOD(PDO, __wakeup) 8 | { 9 | zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDO instances"); 10 | } 11 | ``` 12 | If `display_errors` is disabled, this will result in a 500 Internal Server Error. If this is the case the check will try to unserialize a stdClass object and an empty array. If either one returns a 200 OK, it is assumed that the code is vulnerable to PHP Object Injection. 13 | 14 | If `display_errors` is enabled, the fatal exception is returned to the user, making it easier to detected the vulnerability. 15 | 16 | Based on http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom_20.html 17 | 18 | ![alt tag](https://raw.githubusercontent.com/securifybv/PHPUnserializeCheck/master/img/example%20report.png) 19 | -------------------------------------------------------------------------------- /bin/PHPUnserializeCheck.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/php-object-injection-check/d3844500b94ed5e2435e34dd4ae50b5dd656a3c9/bin/PHPUnserializeCheck.jar -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'java' 2 | 3 | targetCompatibility = '1.8' 4 | sourceCompatibility = '1.8' 5 | 6 | repositories { 7 | mavenCentral() 8 | } 9 | 10 | dependencies { 11 | } 12 | 13 | sourceSets { 14 | main { 15 | java { 16 | srcDir 'src' 17 | } 18 | } 19 | } 20 | 21 | task fatJar(type: Jar) { 22 | baseName = project.name + '-all' 23 | from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } } 24 | with jar 25 | } 26 | -------------------------------------------------------------------------------- /img/example report.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/PortSwigger/php-object-injection-check/d3844500b94ed5e2435e34dd4ae50b5dd656a3c9/img/example report.png -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'php-object-injection-check' 2 | -------------------------------------------------------------------------------- /src/burp/BurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.net.URL; 4 | import java.util.ArrayList; 5 | import java.util.List; 6 | 7 | /** 8 | * This Burp Scanner Extension tries to find PHP Object Injection Vulnerabilities. 9 | * 10 | * It passes a serialized PDO object to the found injection points. If PHP tries to 11 | * unserialize this object a fatal exception is thrown triggered in the object's 12 | * __wakeup() method (ext/pdo/pdo_dbh.c): 13 | * 14 | * static PHP_METHOD(PDO, __wakeup) 15 | * { 16 | * zend_throw_exception_ex(php_pdo_get_exception(), 0, "You cannot serialize or unserialize PDO instances"); 17 | * } 18 | * 19 | * If display_errors is disabled, this will result in a 500 Internal Server Error. 20 | * If this is the case the check will try to unserialize a stdClass object and an 21 | * empty array. If either one returns a 200 OK, it is assumed that the code is 22 | * vulnerable to PHP Object Injection. 23 | * 24 | * If display_errors is enabled, the fatal exception is returned to the user, 25 | * making it easier to detected the vulnerability. 26 | * 27 | * Based on http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom_20.html 28 | */ 29 | public class BurpExtender implements IBurpExtender, IScannerCheck 30 | { 31 | private IBurpExtenderCallbacks callbacks; 32 | private IExtensionHelpers helpers; 33 | 34 | // serialized empty array 35 | private static final byte[] INJ_ARRAYSERIALIZED = "a:0:{}".getBytes(); 36 | // serialized stdClass object 37 | private static final byte[] INJ_STDCLASSSERIALIZED = "O:8:\"stdClass\":0:{}".getBytes(); 38 | // serialized PDO object 39 | private static final byte[] INJ_PDOSERIALIZED = "O:3:\"PDO\":0:{}".getBytes(); 40 | // error message returned when display_errors is enabled 41 | private static final byte[] INJ_ERROR = "You cannot serialize or unserialize PDO instances".getBytes(); 42 | 43 | // 44 | // implement IBurpExtender 45 | // 46 | 47 | @Override 48 | public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) { 49 | // keep a reference to our callbacks object 50 | this.callbacks = callbacks; 51 | 52 | // obtain an extension helpers object 53 | helpers = callbacks.getHelpers(); 54 | 55 | // set our extension name 56 | callbacks.setExtensionName("PHP Unserialize Checks"); 57 | 58 | // register ourselves as a custom scanner check 59 | callbacks.registerScannerCheck(this); 60 | } 61 | 62 | // helper method to search a response for occurrences of a literal match string 63 | // and return a list of start/end offsets 64 | private List getMatches(byte[] response, byte[] match) { 65 | List matches = new ArrayList(); 66 | 67 | int start = 0; 68 | while (start < response.length) { 69 | start = helpers.indexOf(response, match, true, start, response.length); 70 | if (start == -1) 71 | break; 72 | matches.add(new int[]{start, start + match.length}); 73 | start += match.length; 74 | } 75 | 76 | return matches; 77 | } 78 | 79 | // 80 | // implement IScannerCheck 81 | // 82 | 83 | @Override 84 | public List doPassiveScan(IHttpRequestResponse baseRequestResponse) { 85 | return null; 86 | } 87 | 88 | @Override 89 | public List doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { 90 | // two rounds, second round base64 encodes the payload 91 | for(int i = 0; i < 2; i++) { 92 | // make a request containing our injection test in the insertion point 93 | byte[] checkRequest = insertionPoint.buildRequest(i == 1 ? helpers.base64Encode(INJ_PDOSERIALIZED).getBytes() : INJ_PDOSERIALIZED); 94 | IHttpRequestResponse checkRequestResponse = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), checkRequest); 95 | // look for matches of our active check grep string 96 | List matches = getMatches(checkRequestResponse.getResponse(), INJ_ERROR); 97 | if (matches.size() > 0) { 98 | // get the offsets of the payload within the request, for in-UI highlighting 99 | List requestHighlights = new ArrayList<>(1); 100 | requestHighlights.add(insertionPoint.getPayloadOffsets(i == 1 ? helpers.base64Encode(INJ_PDOSERIALIZED).getBytes() : INJ_PDOSERIALIZED)); 101 | 102 | // report the issue 103 | List issues = new ArrayList<>(1); 104 | issues.add(new PHPObjectInjectionScanIssue( 105 | baseRequestResponse.getHttpService(), 106 | helpers.analyzeRequest(baseRequestResponse).getUrl(), 107 | new IHttpRequestResponse[]{callbacks.applyMarkers(checkRequestResponse, requestHighlights, matches)}, 108 | "Submitting a serialized PDO object returned the following error: " + helpers.bytesToString(INJ_ERROR) + "", 109 | "High", 110 | "Certain")); 111 | return issues; 112 | } 113 | 114 | IResponseInfo responseInfo = helpers.analyzeResponse(checkRequestResponse.getResponse()); 115 | if (responseInfo.getStatusCode() == 500) { 116 | boolean found = false; 117 | byte[] checkRequest2 = insertionPoint.buildRequest(i == 1 ? helpers.base64Encode(INJ_STDCLASSSERIALIZED).getBytes() : INJ_STDCLASSSERIALIZED); 118 | IHttpRequestResponse checkRequestResponse2 = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), checkRequest2); 119 | IResponseInfo responseInfo2 = helpers.analyzeResponse(checkRequestResponse2.getResponse()); 120 | if (responseInfo2.getStatusCode() == 200) { 121 | found = true; 122 | } else { 123 | checkRequest2 = insertionPoint.buildRequest(i == 1 ? helpers.base64Encode(INJ_ARRAYSERIALIZED).getBytes() : INJ_ARRAYSERIALIZED); 124 | checkRequestResponse2 = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), checkRequest2); 125 | responseInfo2 = helpers.analyzeResponse(checkRequestResponse2.getResponse()); 126 | if (responseInfo2.getStatusCode() == 200) { 127 | found = true; 128 | } 129 | } 130 | 131 | if (found) { 132 | // get the offsets of the payload within the request, for in-UI highlighting 133 | List requestHighlights = new ArrayList<>(1); 134 | requestHighlights.add(insertionPoint.getPayloadOffsets(i == 1 ? helpers.base64Encode(INJ_PDOSERIALIZED).getBytes() : INJ_PDOSERIALIZED)); 135 | 136 | // report the issue 137 | List issues = new ArrayList<>(1); 138 | issues.add(new PHPObjectInjectionScanIssue( 139 | baseRequestResponse.getHttpService(), 140 | helpers.analyzeRequest(baseRequestResponse).getUrl(), 141 | new IHttpRequestResponse[]{callbacks.applyMarkers(checkRequestResponse, requestHighlights, null)}, 142 | "Submitting a serialized PDO object returned in an Internal Server Error (500)", 143 | "High", 144 | "Firm")); 145 | return issues; 146 | 147 | } 148 | } 149 | } 150 | 151 | return null; 152 | } 153 | 154 | @Override 155 | public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) { 156 | if (existingIssue.getUrl().equals(newIssue.getUrl()) && 157 | existingIssue.getIssueName().equals(newIssue.getIssueName()) && 158 | existingIssue.getIssueDetail().equals(newIssue.getIssueDetail())) 159 | return -1; 160 | else return 0; 161 | } 162 | } 163 | 164 | // 165 | // class implementing IScanIssue to hold our custom scan issue details 166 | // 167 | class PHPObjectInjectionScanIssue implements IScanIssue { 168 | private IHttpService httpService; 169 | private URL url; 170 | private IHttpRequestResponse[] httpMessages; 171 | private String name; 172 | private String detail; 173 | private String severity; 174 | private String confidence; 175 | 176 | public PHPObjectInjectionScanIssue( 177 | IHttpService httpService, 178 | URL url, 179 | IHttpRequestResponse[] httpMessages, 180 | String detail, 181 | String severity, 182 | String confidence) { 183 | this.httpService = httpService; 184 | this.url = url; 185 | this.httpMessages = httpMessages; 186 | this.detail = detail; 187 | this.severity = severity; 188 | this.confidence = confidence; 189 | } 190 | 191 | @Override 192 | public URL getUrl() { 193 | return url; 194 | } 195 | 196 | @Override 197 | public String getIssueName() { 198 | return "PHP Object Injection"; 199 | } 200 | 201 | @Override 202 | public int getIssueType() { 203 | return 0; 204 | } 205 | 206 | @Override 207 | public String getSeverity() { 208 | return severity; 209 | } 210 | 211 | @Override 212 | public String getConfidence() { 213 | return confidence; 214 | } 215 | 216 | @Override 217 | public String getIssueBackground() { 218 | return "

PHP Object Injection is a vulnerability where a vulnerable application unserializes " + 219 | "user-controllable data. Doing so can be used to instantiate arbitrary objects that depending " + 220 | "on their implementations can be used for various attacks. These attacks include arbitrary code " + 221 | "execution, SQL injection, arbitrary file access, and others.

\n" + 222 | "

See also: https://www.owasp.org/index.php/PHP_Object_Injection

"; 223 | } 224 | 225 | @Override 226 | public String getRemediationBackground() { 227 | return "Avoid unserializing untrusted (user) data. Instead use a safer alternative, like json_decode()."; 228 | } 229 | 230 | @Override 231 | public String getIssueDetail() { 232 | return detail; 233 | } 234 | 235 | @Override 236 | public String getRemediationDetail() { 237 | return null; 238 | } 239 | 240 | @Override 241 | public IHttpRequestResponse[] getHttpMessages() { 242 | return httpMessages; 243 | } 244 | 245 | @Override 246 | public IHttpService getHttpService() { 247 | return httpService; 248 | } 249 | 250 | } -------------------------------------------------------------------------------- /src/burp/IBurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtender.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * All extensions must implement this interface. 14 | * 15 | * Implementations must be called BurpExtender, in the package burp, must be 16 | * declared public, and must provide a default (public, no-argument) 17 | * constructor. 18 | */ 19 | public interface IBurpExtender 20 | { 21 | /** 22 | * This method is invoked when the extension is loaded. It registers an 23 | * instance of the 24 | * IBurpExtenderCallbacks interface, providing methods that may 25 | * be invoked by the extension to perform various actions. 26 | * 27 | * @param callbacks An 28 | * IBurpExtenderCallbacks object. 29 | */ 30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); 31 | } 32 | -------------------------------------------------------------------------------- /src/burp/IBurpExtenderCallbacks.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtenderCallbacks.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | import java.io.OutputStream; 14 | import java.util.List; 15 | import java.util.Map; 16 | 17 | /** 18 | * This interface is used by Burp Suite to pass to extensions a set of callback 19 | * methods that can be used by extensions to perform various actions within 20 | * Burp. 21 | * 22 | * When an extension is loaded, Burp invokes its 23 | * registerExtenderCallbacks() method and passes an instance of the 24 | * IBurpExtenderCallbacks interface. The extension may then invoke 25 | * the methods of this interface as required in order to extend Burp's 26 | * functionality. 27 | */ 28 | public interface IBurpExtenderCallbacks 29 | { 30 | /** 31 | * Flag used to identify Burp Suite as a whole. 32 | */ 33 | static final int TOOL_SUITE = 0x00000001; 34 | /** 35 | * Flag used to identify the Burp Target tool. 36 | */ 37 | static final int TOOL_TARGET = 0x00000002; 38 | /** 39 | * Flag used to identify the Burp Proxy tool. 40 | */ 41 | static final int TOOL_PROXY = 0x00000004; 42 | /** 43 | * Flag used to identify the Burp Spider tool. 44 | */ 45 | static final int TOOL_SPIDER = 0x00000008; 46 | /** 47 | * Flag used to identify the Burp Scanner tool. 48 | */ 49 | static final int TOOL_SCANNER = 0x00000010; 50 | /** 51 | * Flag used to identify the Burp Intruder tool. 52 | */ 53 | static final int TOOL_INTRUDER = 0x00000020; 54 | /** 55 | * Flag used to identify the Burp Repeater tool. 56 | */ 57 | static final int TOOL_REPEATER = 0x00000040; 58 | /** 59 | * Flag used to identify the Burp Sequencer tool. 60 | */ 61 | static final int TOOL_SEQUENCER = 0x00000080; 62 | /** 63 | * Flag used to identify the Burp Decoder tool. 64 | */ 65 | static final int TOOL_DECODER = 0x00000100; 66 | /** 67 | * Flag used to identify the Burp Comparer tool. 68 | */ 69 | static final int TOOL_COMPARER = 0x00000200; 70 | /** 71 | * Flag used to identify the Burp Extender tool. 72 | */ 73 | static final int TOOL_EXTENDER = 0x00000400; 74 | 75 | /** 76 | * This method is used to set the display name for the current extension, 77 | * which will be displayed within the user interface for the Extender tool. 78 | * 79 | * @param name The extension name. 80 | */ 81 | void setExtensionName(String name); 82 | 83 | /** 84 | * This method is used to obtain an 85 | * IExtensionHelpers object, which can be used by the extension 86 | * to perform numerous useful tasks. 87 | * 88 | * @return An object containing numerous helper methods, for tasks such as 89 | * building and analyzing HTTP requests. 90 | */ 91 | IExtensionHelpers getHelpers(); 92 | 93 | /** 94 | * This method is used to obtain the current extension's standard output 95 | * stream. Extensions should write all output to this stream, allowing the 96 | * Burp user to configure how that output is handled from within the UI. 97 | * 98 | * @return The extension's standard output stream. 99 | */ 100 | OutputStream getStdout(); 101 | 102 | /** 103 | * This method is used to obtain the current extension's standard error 104 | * stream. Extensions should write all error messages to this stream, 105 | * allowing the Burp user to configure how that output is handled from 106 | * within the UI. 107 | * 108 | * @return The extension's standard error stream. 109 | */ 110 | OutputStream getStderr(); 111 | 112 | /** 113 | * This method is used to register a listener which will be notified of 114 | * changes to the extension's state. Note: Any extensions that start 115 | * background threads or open system resources (such as files or database 116 | * connections) should register a listener and terminate threads / close 117 | * resources when the extension is unloaded. 118 | * 119 | * @param listener An object created by the extension that implements the 120 | * IExtensionStateListener interface. 121 | */ 122 | void registerExtensionStateListener(IExtensionStateListener listener); 123 | 124 | /** 125 | * This method is used to register a listener which will be notified of 126 | * requests and responses made by any Burp tool. Extensions can perform 127 | * custom analysis or modification of these messages by registering an HTTP 128 | * listener. 129 | * 130 | * @param listener An object created by the extension that implements the 131 | * IHttpListener interface. 132 | */ 133 | void registerHttpListener(IHttpListener listener); 134 | 135 | /** 136 | * This method is used to register a listener which will be notified of 137 | * requests and responses being processed by the Proxy tool. Extensions can 138 | * perform custom analysis or modification of these messages, and control 139 | * in-UI message interception, by registering a proxy listener. 140 | * 141 | * @param listener An object created by the extension that implements the 142 | * IProxyListener interface. 143 | */ 144 | void registerProxyListener(IProxyListener listener); 145 | 146 | /** 147 | * This method is used to register a listener which will be notified of new 148 | * issues that are reported by the Scanner tool. Extensions can perform 149 | * custom analysis or logging of Scanner issues by registering a Scanner 150 | * listener. 151 | * 152 | * @param listener An object created by the extension that implements the 153 | * IScannerListener interface. 154 | */ 155 | void registerScannerListener(IScannerListener listener); 156 | 157 | /** 158 | * This method is used to register a listener which will be notified of 159 | * changes to Burp's suite-wide target scope. 160 | * 161 | * @param listener An object created by the extension that implements the 162 | * IScopeChangeListener interface. 163 | */ 164 | void registerScopeChangeListener(IScopeChangeListener listener); 165 | 166 | /** 167 | * This method is used to register a factory for custom context menu items. 168 | * When the user invokes a context menu anywhere within Burp, the factory 169 | * will be passed details of the invocation event, and asked to provide any 170 | * custom context menu items that should be shown. 171 | * 172 | * @param factory An object created by the extension that implements the 173 | * IContextMenuFactory interface. 174 | */ 175 | void registerContextMenuFactory(IContextMenuFactory factory); 176 | 177 | /** 178 | * This method is used to register a factory for custom message editor tabs. 179 | * For each message editor that already exists, or is subsequently created, 180 | * within Burp, the factory will be asked to provide a new instance of an 181 | * IMessageEditorTab object, which can provide custom rendering 182 | * or editing of HTTP messages. 183 | * 184 | * @param factory An object created by the extension that implements the 185 | * IMessageEditorTabFactory interface. 186 | */ 187 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory); 188 | 189 | /** 190 | * This method is used to register a provider of Scanner insertion points. 191 | * For each base request that is actively scanned, Burp will ask the 192 | * provider to provide any custom scanner insertion points that are 193 | * appropriate for the request. 194 | * 195 | * @param provider An object created by the extension that implements the 196 | * IScannerInsertionPointProvider interface. 197 | */ 198 | void registerScannerInsertionPointProvider( 199 | IScannerInsertionPointProvider provider); 200 | 201 | /** 202 | * This method is used to register a custom Scanner check. When performing 203 | * scanning, Burp will ask the check to perform active or passive scanning 204 | * on the base request, and report any Scanner issues that are identified. 205 | * 206 | * @param check An object created by the extension that implements the 207 | * IScannerCheck interface. 208 | */ 209 | void registerScannerCheck(IScannerCheck check); 210 | 211 | /** 212 | * This method is used to register a factory for Intruder payloads. Each 213 | * registered factory will be available within the Intruder UI for the user 214 | * to select as the payload source for an attack. When this is selected, the 215 | * factory will be asked to provide a new instance of an 216 | * IIntruderPayloadGenerator object, which will be used to 217 | * generate payloads for the attack. 218 | * 219 | * @param factory An object created by the extension that implements the 220 | * IIntruderPayloadGeneratorFactory interface. 221 | */ 222 | void registerIntruderPayloadGeneratorFactory( 223 | IIntruderPayloadGeneratorFactory factory); 224 | 225 | /** 226 | * This method is used to register a custom Intruder payload processor. Each 227 | * registered processor will be available within the Intruder UI for the 228 | * user to select as the action for a payload processing rule. 229 | * 230 | * @param processor An object created by the extension that implements the 231 | * IIntruderPayloadProcessor interface. 232 | */ 233 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor); 234 | 235 | /** 236 | * This method is used to register a custom session handling action. Each 237 | * registered action will be available within the session handling rule UI 238 | * for the user to select as a rule action. Users can choose to invoke an 239 | * action directly in its own right, or following execution of a macro. 240 | * 241 | * @param action An object created by the extension that implements the 242 | * ISessionHandlingAction interface. 243 | */ 244 | void registerSessionHandlingAction(ISessionHandlingAction action); 245 | 246 | /** 247 | * This method is used to add a custom tab to the main Burp Suite window. 248 | * 249 | * @param tab An object created by the extension that implements the 250 | * ITab interface. 251 | */ 252 | void addSuiteTab(ITab tab); 253 | 254 | /** 255 | * This method is used to remove a previously-added tab from the main Burp 256 | * Suite window. 257 | * 258 | * @param tab An object created by the extension that implements the 259 | * ITab interface. 260 | */ 261 | void removeSuiteTab(ITab tab); 262 | 263 | /** 264 | * This method is used to customize UI components in line with Burp's UI 265 | * style, including font size, colors, table line spacing, etc. 266 | * 267 | * @param component The UI component to be customized. 268 | */ 269 | void customizeUiComponent(Component component); 270 | 271 | /** 272 | * This method is used to create a new instance of Burp's HTTP message 273 | * editor, for the extension to use in its own UI. 274 | * 275 | * @param controller An object created by the extension that implements the 276 | * IMessageEditorController interface. This parameter is 277 | * optional and may be 278 | * null. If it is provided, then the message editor will query 279 | * the controller when required to obtain details about the currently 280 | * displayed message, including the 281 | * IHttpService for the message, and the associated request or 282 | * response message. If a controller is not provided, then the message 283 | * editor will not support context menu actions, such as sending requests to 284 | * other Burp tools. 285 | * @param editable Indicates whether the editor created should be editable, 286 | * or used only for message viewing. 287 | * @return An object that implements the 288 | * IMessageEditor interface, and which the extension can use in 289 | * its own UI. 290 | */ 291 | IMessageEditor createMessageEditor(IMessageEditorController controller, 292 | boolean editable); 293 | 294 | /** 295 | * This method is used to save configuration settings for the extension in a 296 | * persistent way that survives reloads of the extension and of Burp Suite. 297 | * Saved settings can be retrieved using the method 298 | * loadExtensionSetting(). 299 | * 300 | * @param name The name of the setting. 301 | * @param value The value of the setting. If this value is 302 | * null then any existing setting with the specified name will 303 | * be removed. 304 | */ 305 | void saveExtensionSetting(String name, String value); 306 | 307 | /** 308 | * This method is used to load configuration settings for the extension that 309 | * were saved using the method 310 | * saveExtensionSetting(). 311 | * 312 | * @param name The name of the setting. 313 | * @return The value of the setting, or 314 | * null if no value is set. 315 | */ 316 | String loadExtensionSetting(String name); 317 | 318 | /** 319 | * This method is used to create a new instance of Burp's plain text editor, 320 | * for the extension to use in its own UI. 321 | * 322 | * @return An object that implements the 323 | * ITextEditor interface, and which the extension can use in 324 | * its own UI. 325 | */ 326 | ITextEditor createTextEditor(); 327 | 328 | /** 329 | * This method can be used to send an HTTP request to the Burp Repeater 330 | * tool. The request will be displayed in the user interface, but will not 331 | * be issued until the user initiates this action. 332 | * 333 | * @param host The hostname of the remote HTTP server. 334 | * @param port The port of the remote HTTP server. 335 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 336 | * @param request The full HTTP request. 337 | * @param tabCaption An optional caption which will appear on the Repeater 338 | * tab containing the request. If this value is 339 | * null then a default tab index will be displayed. 340 | */ 341 | void sendToRepeater( 342 | String host, 343 | int port, 344 | boolean useHttps, 345 | byte[] request, 346 | String tabCaption); 347 | 348 | /** 349 | * This method can be used to send an HTTP request to the Burp Intruder 350 | * tool. The request will be displayed in the user interface, and markers 351 | * for attack payloads will be placed into default locations within the 352 | * request. 353 | * 354 | * @param host The hostname of the remote HTTP server. 355 | * @param port The port of the remote HTTP server. 356 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 357 | * @param request The full HTTP request. 358 | */ 359 | void sendToIntruder( 360 | String host, 361 | int port, 362 | boolean useHttps, 363 | byte[] request); 364 | 365 | /** 366 | * This method can be used to send an HTTP request to the Burp Intruder 367 | * tool. The request will be displayed in the user interface, and markers 368 | * for attack payloads will be placed into the specified locations within 369 | * the request. 370 | * 371 | * @param host The hostname of the remote HTTP server. 372 | * @param port The port of the remote HTTP server. 373 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 374 | * @param request The full HTTP request. 375 | * @param payloadPositionOffsets A list of index pairs representing the 376 | * payload positions to be used. Each item in the list must be an int[2] 377 | * array containing the start and end offsets for the payload position. 378 | */ 379 | void sendToIntruder( 380 | String host, 381 | int port, 382 | boolean useHttps, 383 | byte[] request, 384 | List payloadPositionOffsets); 385 | 386 | /** 387 | * This method can be used to send a seed URL to the Burp Spider tool. If 388 | * the URL is not within the current Spider scope, the user will be asked if 389 | * they wish to add the URL to the scope. If the Spider is not currently 390 | * running, it will be started. The seed URL will be requested, and the 391 | * Spider will process the application's response in the normal way. 392 | * 393 | * @param url The new seed URL to begin spidering from. 394 | */ 395 | void sendToSpider( 396 | java.net.URL url); 397 | 398 | /** 399 | * This method can be used to send an HTTP request to the Burp Scanner tool 400 | * to perform an active vulnerability scan. If the request is not within the 401 | * current active scanning scope, the user will be asked if they wish to 402 | * proceed with the scan. 403 | * 404 | * @param host The hostname of the remote HTTP server. 405 | * @param port The port of the remote HTTP server. 406 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 407 | * @param request The full HTTP request. 408 | * @return The resulting scan queue item. 409 | */ 410 | IScanQueueItem doActiveScan( 411 | String host, 412 | int port, 413 | boolean useHttps, 414 | byte[] request); 415 | 416 | /** 417 | * This method can be used to send an HTTP request to the Burp Scanner tool 418 | * to perform an active vulnerability scan, based on a custom list of 419 | * insertion points that are to be scanned. If the request is not within the 420 | * current active scanning scope, the user will be asked if they wish to 421 | * proceed with the scan. 422 | * 423 | * @param host The hostname of the remote HTTP server. 424 | * @param port The port of the remote HTTP server. 425 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 426 | * @param request The full HTTP request. 427 | * @param insertionPointOffsets A list of index pairs representing the 428 | * positions of the insertion points that should be scanned. Each item in 429 | * the list must be an int[2] array containing the start and end offsets for 430 | * the insertion point. 431 | * @return The resulting scan queue item. 432 | */ 433 | IScanQueueItem doActiveScan( 434 | String host, 435 | int port, 436 | boolean useHttps, 437 | byte[] request, 438 | List insertionPointOffsets); 439 | 440 | /** 441 | * This method can be used to send an HTTP request to the Burp Scanner tool 442 | * to perform a passive vulnerability scan. 443 | * 444 | * @param host The hostname of the remote HTTP server. 445 | * @param port The port of the remote HTTP server. 446 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 447 | * @param request The full HTTP request. 448 | * @param response The full HTTP response. 449 | */ 450 | void doPassiveScan( 451 | String host, 452 | int port, 453 | boolean useHttps, 454 | byte[] request, 455 | byte[] response); 456 | 457 | /** 458 | * This method can be used to issue HTTP requests and retrieve their 459 | * responses. 460 | * 461 | * @param httpService The HTTP service to which the request should be sent. 462 | * @param request The full HTTP request. 463 | * @return An object that implements the 464 | * IHttpRequestResponse interface, and which the extension can 465 | * query to obtain the details of the response. 466 | */ 467 | IHttpRequestResponse makeHttpRequest(IHttpService httpService, 468 | byte[] request); 469 | 470 | /** 471 | * This method can be used to issue HTTP requests and retrieve their 472 | * responses. 473 | * 474 | * @param host The hostname of the remote HTTP server. 475 | * @param port The port of the remote HTTP server. 476 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 477 | * @param request The full HTTP request. 478 | * @return The full response retrieved from the remote server. 479 | */ 480 | byte[] makeHttpRequest( 481 | String host, 482 | int port, 483 | boolean useHttps, 484 | byte[] request); 485 | 486 | /** 487 | * This method can be used to query whether a specified URL is within the 488 | * current Suite-wide scope. 489 | * 490 | * @param url The URL to query. 491 | * @return Returns 492 | * true if the URL is within the current Suite-wide scope. 493 | */ 494 | boolean isInScope(java.net.URL url); 495 | 496 | /** 497 | * This method can be used to include the specified URL in the Suite-wide 498 | * scope. 499 | * 500 | * @param url The URL to include in the Suite-wide scope. 501 | */ 502 | void includeInScope(java.net.URL url); 503 | 504 | /** 505 | * This method can be used to exclude the specified URL from the Suite-wide 506 | * scope. 507 | * 508 | * @param url The URL to exclude from the Suite-wide scope. 509 | */ 510 | void excludeFromScope(java.net.URL url); 511 | 512 | /** 513 | * This method can be used to display a specified message in the Burp Suite 514 | * alerts tab. 515 | * 516 | * @param message The alert message to display. 517 | */ 518 | void issueAlert(String message); 519 | 520 | /** 521 | * This method returns details of all items in the Proxy history. 522 | * 523 | * @return The contents of the Proxy history. 524 | */ 525 | IHttpRequestResponse[] getProxyHistory(); 526 | 527 | /** 528 | * This method returns details of items in the site map. 529 | * 530 | * @param urlPrefix This parameter can be used to specify a URL prefix, in 531 | * order to extract a specific subset of the site map. The method performs a 532 | * simple case-sensitive text match, returning all site map items whose URL 533 | * begins with the specified prefix. If this parameter is null, the entire 534 | * site map is returned. 535 | * 536 | * @return Details of items in the site map. 537 | */ 538 | IHttpRequestResponse[] getSiteMap(String urlPrefix); 539 | 540 | /** 541 | * This method returns all of the current scan issues for URLs matching the 542 | * specified literal prefix. 543 | * 544 | * @param urlPrefix This parameter can be used to specify a URL prefix, in 545 | * order to extract a specific subset of scan issues. The method performs a 546 | * simple case-sensitive text match, returning all scan issues whose URL 547 | * begins with the specified prefix. If this parameter is null, all issues 548 | * are returned. 549 | * @return Details of the scan issues. 550 | */ 551 | IScanIssue[] getScanIssues(String urlPrefix); 552 | 553 | /** 554 | * This method is used to retrieve the contents of Burp's session handling 555 | * cookie jar. Extensions that provide an 556 | * ISessionHandlingAction can query and update the cookie jar 557 | * in order to handle unusual session handling mechanisms. 558 | * 559 | * @return A list of 560 | * ICookie objects representing the contents of Burp's session 561 | * handling cookie jar. 562 | */ 563 | List getCookieJarContents(); 564 | 565 | /** 566 | * This method is used to update the contents of Burp's session handling 567 | * cookie jar. Extensions that provide an 568 | * ISessionHandlingAction can query and update the cookie jar 569 | * in order to handle unusual session handling mechanisms. 570 | * 571 | * @param cookie An 572 | * ICookie object containing details of the cookie to be 573 | * updated. If the cookie jar already contains a cookie that matches the 574 | * specified domain and name, then that cookie will be updated with the new 575 | * value and expiration, unless the new value is 576 | * null, in which case the cookie will be removed. If the 577 | * cookie jar does not already contain a cookie that matches the specified 578 | * domain and name, then the cookie will be added. 579 | */ 580 | void updateCookieJar(ICookie cookie); 581 | 582 | /** 583 | * This method can be used to add an item to Burp's site map with the 584 | * specified request/response details. This will overwrite the details of 585 | * any existing matching item in the site map. 586 | * 587 | * @param item Details of the item to be added to the site map 588 | */ 589 | void addToSiteMap(IHttpRequestResponse item); 590 | 591 | /** 592 | * This method can be used to restore Burp's state from a specified saved 593 | * state file. This method blocks until the restore operation is completed, 594 | * and must not be called from the event dispatch thread. 595 | * 596 | * @param file The file containing Burp's saved state. 597 | */ 598 | void restoreState(java.io.File file); 599 | 600 | /** 601 | * This method can be used to save Burp's state to a specified file. This 602 | * method blocks until the save operation is completed, and must not be 603 | * called from the event dispatch thread. 604 | * 605 | * @param file The file to save Burp's state in. 606 | */ 607 | void saveState(java.io.File file); 608 | 609 | /** 610 | * This method causes Burp to save all of its current configuration as a Map 611 | * of name/value Strings. 612 | * 613 | * @return A Map of name/value Strings reflecting Burp's current 614 | * configuration. 615 | */ 616 | Map saveConfig(); 617 | 618 | /** 619 | * This method causes Burp to load a new configuration from the Map of 620 | * name/value Strings provided. Any settings not specified in the Map will 621 | * be restored to their default values. To selectively update only some 622 | * settings and leave the rest unchanged, you should first call 623 | * saveConfig() to obtain Burp's current configuration, modify 624 | * the relevant items in the Map, and then call 625 | * loadConfig() with the same Map. 626 | * 627 | * @param config A map of name/value Strings to use as Burp's new 628 | * configuration. 629 | */ 630 | void loadConfig(Map config); 631 | 632 | /** 633 | * This method sets the master interception mode for Burp Proxy. 634 | * 635 | * @param enabled Indicates whether interception of Proxy messages should be 636 | * enabled. 637 | */ 638 | void setProxyInterceptionEnabled(boolean enabled); 639 | 640 | /** 641 | * This method retrieves information about the version of Burp in which the 642 | * extension is running. It can be used by extensions to dynamically adjust 643 | * their behavior depending on the functionality and APIs supported by the 644 | * current version. 645 | * 646 | * @return An array of Strings comprised of: the product name (e.g. Burp 647 | * Suite Professional), the major version (e.g. 1.5), the minor version 648 | * (e.g. 03) 649 | */ 650 | String[] getBurpVersion(); 651 | 652 | /** 653 | * This method can be used to shut down Burp programmatically, with an 654 | * optional prompt to the user. If the method returns, the user canceled the 655 | * shutdown prompt. 656 | * 657 | * @param promptUser Indicates whether to prompt the user to confirm the 658 | * shutdown. 659 | */ 660 | void exitSuite(boolean promptUser); 661 | 662 | /** 663 | * This method is used to create a temporary file on disk containing the 664 | * provided data. Extensions can use temporary files for long-term storage 665 | * of runtime data, avoiding the need to retain that data in memory. 666 | * 667 | * @param buffer The data to be saved to a temporary file. 668 | * @return An object that implements the 669 | * ITempFile interface. 670 | */ 671 | ITempFile saveToTempFile(byte[] buffer); 672 | 673 | /** 674 | * This method is used to save the request and response of an 675 | * IHttpRequestResponse object to temporary files, so that they 676 | * are no longer held in memory. Extensions can used this method to convert 677 | * IHttpRequestResponse objects into a form suitable for 678 | * long-term storage. 679 | * 680 | * @param httpRequestResponse The 681 | * IHttpRequestResponse object whose request and response 682 | * messages are to be saved to temporary files. 683 | * @return An object that implements the 684 | * IHttpRequestResponsePersisted interface. 685 | */ 686 | IHttpRequestResponsePersisted saveBuffersToTempFiles( 687 | IHttpRequestResponse httpRequestResponse); 688 | 689 | /** 690 | * This method is used to apply markers to an HTTP request or response, at 691 | * offsets into the message that are relevant for some particular purpose. 692 | * Markers are used in various situations, such as specifying Intruder 693 | * payload positions, Scanner insertion points, and highlights in Scanner 694 | * issues. 695 | * 696 | * @param httpRequestResponse The 697 | * IHttpRequestResponse object to which the markers should be 698 | * applied. 699 | * @param requestMarkers A list of index pairs representing the offsets of 700 | * markers to be applied to the request message. Each item in the list must 701 | * be an int[2] array containing the start and end offsets for the marker. 702 | * This parameter is optional and may be 703 | * null if no request markers are required. 704 | * @param responseMarkers A list of index pairs representing the offsets of 705 | * markers to be applied to the response message. Each item in the list must 706 | * be an int[2] array containing the start and end offsets for the marker. 707 | * This parameter is optional and may be 708 | * null if no response markers are required. 709 | * @return An object that implements the 710 | * IHttpRequestResponseWithMarkers interface. 711 | */ 712 | IHttpRequestResponseWithMarkers applyMarkers( 713 | IHttpRequestResponse httpRequestResponse, 714 | List requestMarkers, 715 | List responseMarkers); 716 | 717 | /** 718 | * This method is used to obtain the descriptive name for the Burp tool 719 | * identified by the tool flag provided. 720 | * 721 | * @param toolFlag A flag identifying a Burp tool ( 722 | * TOOL_PROXY, 723 | * TOOL_SCANNER, etc.). Tool flags are defined within this 724 | * interface. 725 | * @return The descriptive name for the specified tool. 726 | */ 727 | String getToolName(int toolFlag); 728 | 729 | /** 730 | * This method is used to register a new Scanner issue. Note: 731 | * Wherever possible, extensions should implement custom Scanner checks 732 | * using 733 | * IScannerCheck and report issues via those checks, so as to 734 | * integrate with Burp's user-driven workflow, and ensure proper 735 | * consolidation of duplicate reported issues. This method is only designed 736 | * for tasks outside of the normal testing workflow, such as importing 737 | * results from other scanning tools. 738 | * 739 | * @param issue An object created by the extension that implements the 740 | * IScanIssue interface. 741 | */ 742 | void addScanIssue(IScanIssue issue); 743 | 744 | /** 745 | * This method parses the specified request and returns details of each 746 | * request parameter. 747 | * 748 | * @param request The request to be parsed. 749 | * @return An array of: 750 | * String[] { name, value, type } containing details of the 751 | * parameters contained within the request. 752 | * @deprecated Use 753 | * IExtensionHelpers.analyzeRequest() instead. 754 | */ 755 | @Deprecated 756 | String[][] getParameters(byte[] request); 757 | 758 | /** 759 | * This method parses the specified request and returns details of each HTTP 760 | * header. 761 | * 762 | * @param message The request to be parsed. 763 | * @return An array of HTTP headers. 764 | * @deprecated Use 765 | * IExtensionHelpers.analyzeRequest() or 766 | * IExtensionHelpers.analyzeResponse() instead. 767 | */ 768 | @Deprecated 769 | String[] getHeaders(byte[] message); 770 | 771 | /** 772 | * This method can be used to register a new menu item which will appear on 773 | * the various context menus that are used throughout Burp Suite to handle 774 | * user-driven actions. 775 | * 776 | * @param menuItemCaption The caption to be displayed on the menu item. 777 | * @param menuItemHandler The handler to be invoked when the user clicks on 778 | * the menu item. 779 | * @deprecated Use 780 | * registerContextMenuFactory() instead. 781 | */ 782 | @Deprecated 783 | void registerMenuItem( 784 | String menuItemCaption, 785 | IMenuItemHandler menuItemHandler); 786 | } 787 | -------------------------------------------------------------------------------- /src/burp/IContextMenuFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | import javax.swing.JMenuItem; 14 | 15 | /** 16 | * Extensions can implement this interface and then call 17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register 18 | * a factory for custom context menu items. 19 | */ 20 | public interface IContextMenuFactory 21 | { 22 | /** 23 | * This method will be called by Burp when the user invokes a context menu 24 | * anywhere within Burp. The factory can then provide any custom context 25 | * menu items that should be displayed in the context menu, based on the 26 | * details of the menu invocation. 27 | * 28 | * @param invocation An object that implements the 29 | * IMessageEditorTabFactory interface, which the extension can 30 | * query to obtain details of the context menu invocation. 31 | * @return A list of custom menu items (which may include sub-menus, 32 | * checkbox menu items, etc.) that should be displayed. Extensions may 33 | * return 34 | * null from this method, to indicate that no menu items are 35 | * required. 36 | */ 37 | List createMenuItems(IContextMenuInvocation invocation); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/IContextMenuInvocation.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuInvocation.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.event.InputEvent; 13 | 14 | /** 15 | * This interface is used when Burp calls into an extension-provided 16 | * IContextMenuFactory with details of a context menu invocation. 17 | * The custom context menu factory can query this interface to obtain details of 18 | * the invocation event, in order to determine what menu items should be 19 | * displayed. 20 | */ 21 | public interface IContextMenuInvocation 22 | { 23 | /** 24 | * Used to indicate that the context menu is being invoked in a request 25 | * editor. 26 | */ 27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; 28 | /** 29 | * Used to indicate that the context menu is being invoked in a response 30 | * editor. 31 | */ 32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; 33 | /** 34 | * Used to indicate that the context menu is being invoked in a non-editable 35 | * request viewer. 36 | */ 37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; 38 | /** 39 | * Used to indicate that the context menu is being invoked in a non-editable 40 | * response viewer. 41 | */ 42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; 43 | /** 44 | * Used to indicate that the context menu is being invoked in the Target 45 | * site map tree. 46 | */ 47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4; 48 | /** 49 | * Used to indicate that the context menu is being invoked in the Target 50 | * site map table. 51 | */ 52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; 53 | /** 54 | * Used to indicate that the context menu is being invoked in the Proxy 55 | * history. 56 | */ 57 | static final byte CONTEXT_PROXY_HISTORY = 6; 58 | /** 59 | * Used to indicate that the context menu is being invoked in the Scanner 60 | * results. 61 | */ 62 | static final byte CONTEXT_SCANNER_RESULTS = 7; 63 | /** 64 | * Used to indicate that the context menu is being invoked in the Intruder 65 | * payload positions editor. 66 | */ 67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; 68 | /** 69 | * Used to indicate that the context menu is being invoked in an Intruder 70 | * attack results. 71 | */ 72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; 73 | /** 74 | * Used to indicate that the context menu is being invoked in a search 75 | * results window. 76 | */ 77 | static final byte CONTEXT_SEARCH_RESULTS = 10; 78 | 79 | /** 80 | * This method can be used to retrieve the native Java input event that was 81 | * the trigger for the context menu invocation. 82 | * 83 | * @return The 84 | * InputEvent that was the trigger for the context menu 85 | * invocation. 86 | */ 87 | InputEvent getInputEvent(); 88 | 89 | /** 90 | * This method can be used to retrieve the Burp tool within which the 91 | * context menu was invoked. 92 | * 93 | * @return A flag indicating the Burp tool within which the context menu was 94 | * invoked. Burp tool flags are defined in the 95 | * IBurpExtenderCallbacks interface. 96 | */ 97 | int getToolFlag(); 98 | 99 | /** 100 | * This method can be used to retrieve the context within which the menu was 101 | * invoked. 102 | * 103 | * @return An index indicating the context within which the menu was 104 | * invoked. The indices used are defined within this interface. 105 | */ 106 | byte getInvocationContext(); 107 | 108 | /** 109 | * This method can be used to retrieve the bounds of the user's selection 110 | * into the current message, if applicable. 111 | * 112 | * @return An int[2] array containing the start and end offsets of the 113 | * user's selection in the current message. If the user has not made any 114 | * selection in the current message, both offsets indicate the position of 115 | * the caret within the editor. If the menu is not being invoked from a 116 | * message editor, the method returns 117 | * null. 118 | */ 119 | int[] getSelectionBounds(); 120 | 121 | /** 122 | * This method can be used to retrieve details of the HTTP requests / 123 | * responses that were shown or selected by the user when the context menu 124 | * was invoked. 125 | * 126 | * @return An array of 127 | * IHttpRequestResponse objects representing the items that 128 | * were shown or selected by the user when the context menu was invoked. 129 | * This method returns 130 | * null if no messages are applicable to the invocation. 131 | */ 132 | IHttpRequestResponse[] getSelectedMessages(); 133 | 134 | /** 135 | * This method can be used to retrieve details of the Scanner issues that 136 | * were selected by the user when the context menu was invoked. 137 | * 138 | * @return An array of 139 | * IScanIssue objects representing the issues that were 140 | * selected by the user when the context menu was invoked. This method 141 | * returns 142 | * null if no Scanner issues are applicable to the invocation. 143 | */ 144 | IScanIssue[] getSelectedIssues(); 145 | } 146 | -------------------------------------------------------------------------------- /src/burp/ICookie.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ICookie.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Date; 13 | 14 | /** 15 | * This interface is used to hold details about an HTTP cookie. 16 | */ 17 | public interface ICookie 18 | { 19 | /** 20 | * This method is used to retrieve the domain for which the cookie is in 21 | * scope. 22 | * 23 | * @return The domain for which the cookie is in scope. Note: For 24 | * cookies that have been analyzed from responses (by calling 25 | * IExtensionHelpers.analyzeResponse() and then 26 | * IResponseInfo.getCookies(), the domain will be 27 | * null if the response did not explicitly set a domain 28 | * attribute for the cookie. 29 | */ 30 | String getDomain(); 31 | 32 | /** 33 | * This method is used to retrieve the expiration time for the cookie. 34 | * 35 | * @return The expiration time for the cookie, or 36 | * null if none is set (i.e., for non-persistent session 37 | * cookies). 38 | */ 39 | Date getExpiration(); 40 | 41 | /** 42 | * This method is used to retrieve the name of the cookie. 43 | * 44 | * @return The name of the cookie. 45 | */ 46 | String getName(); 47 | 48 | /** 49 | * This method is used to retrieve the value of the cookie. 50 | * @return The value of the cookie. 51 | */ 52 | String getValue(); 53 | } 54 | -------------------------------------------------------------------------------- /src/burp/IExtensionHelpers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionHelpers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface contains a number of helper methods, which extensions can use 17 | * to assist with various common tasks that arise for Burp extensions. 18 | * 19 | * Extensions can call 20 | * IBurpExtenderCallbacks.getHelpers to obtain an instance of this 21 | * interface. 22 | */ 23 | public interface IExtensionHelpers 24 | { 25 | /** 26 | * This method can be used to analyze an HTTP request, and obtain various 27 | * key details about it. 28 | * 29 | * @param request An 30 | * IHttpRequestResponse object containing the request to be 31 | * analyzed. 32 | * @return An 33 | * IRequestInfo object that can be queried to obtain details 34 | * about the request. 35 | */ 36 | IRequestInfo analyzeRequest(IHttpRequestResponse request); 37 | 38 | /** 39 | * This method can be used to analyze an HTTP request, and obtain various 40 | * key details about it. 41 | * 42 | * @param httpService The HTTP service associated with the request. This is 43 | * optional and may be 44 | * null, in which case the resulting 45 | * IRequestInfo object will not include the full request URL. 46 | * @param request The request to be analyzed. 47 | * @return An 48 | * IRequestInfo object that can be queried to obtain details 49 | * about the request. 50 | */ 51 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); 52 | 53 | /** 54 | * This method can be used to analyze an HTTP request, and obtain various 55 | * key details about it. The resulting 56 | * IRequestInfo object will not include the full request URL. 57 | * To obtain the full URL, use one of the other overloaded 58 | * analyzeRequest() methods. 59 | * 60 | * @param request The request to be analyzed. 61 | * @return An 62 | * IRequestInfo object that can be queried to obtain details 63 | * about the request. 64 | */ 65 | IRequestInfo analyzeRequest(byte[] request); 66 | 67 | /** 68 | * This method can be used to analyze an HTTP response, and obtain various 69 | * key details about it. 70 | * 71 | * @param response The response to be analyzed. 72 | * @return An 73 | * IResponseInfo object that can be queried to obtain details 74 | * about the response. 75 | */ 76 | IResponseInfo analyzeResponse(byte[] response); 77 | 78 | /** 79 | * This method can be used to retrieve details of a specified parameter 80 | * within an HTTP request. Note: Use 81 | * analyzeRequest() to obtain details of all parameters within 82 | * the request. 83 | * 84 | * @param request The request to be inspected for the specified parameter. 85 | * @param parameterName The name of the parameter to retrieve. 86 | * @return An 87 | * IParameter object that can be queried to obtain details 88 | * about the parameter, or 89 | * null if the parameter was not found. 90 | */ 91 | IParameter getRequestParameter(byte[] request, String parameterName); 92 | 93 | /** 94 | * This method can be used to URL-decode the specified data. 95 | * 96 | * @param data The data to be decoded. 97 | * @return The decoded data. 98 | */ 99 | String urlDecode(String data); 100 | 101 | /** 102 | * This method can be used to URL-encode the specified data. Any characters 103 | * that do not need to be encoded within HTTP requests are not encoded. 104 | * 105 | * @param data The data to be encoded. 106 | * @return The encoded data. 107 | */ 108 | String urlEncode(String data); 109 | 110 | /** 111 | * This method can be used to URL-decode the specified data. 112 | * 113 | * @param data The data to be decoded. 114 | * @return The decoded data. 115 | */ 116 | byte[] urlDecode(byte[] data); 117 | 118 | /** 119 | * This method can be used to URL-encode the specified data. Any characters 120 | * that do not need to be encoded within HTTP requests are not encoded. 121 | * 122 | * @param data The data to be encoded. 123 | * @return The encoded data. 124 | */ 125 | byte[] urlEncode(byte[] data); 126 | 127 | /** 128 | * This method can be used to Base64-decode the specified data. 129 | * 130 | * @param data The data to be decoded. 131 | * @return The decoded data. 132 | */ 133 | byte[] base64Decode(String data); 134 | 135 | /** 136 | * This method can be used to Base64-decode the specified data. 137 | * 138 | * @param data The data to be decoded. 139 | * @return The decoded data. 140 | */ 141 | byte[] base64Decode(byte[] data); 142 | 143 | /** 144 | * This method can be used to Base64-encode the specified data. 145 | * 146 | * @param data The data to be encoded. 147 | * @return The encoded data. 148 | */ 149 | String base64Encode(String data); 150 | 151 | /** 152 | * This method can be used to Base64-encode the specified data. 153 | * 154 | * @param data The data to be encoded. 155 | * @return The encoded data. 156 | */ 157 | String base64Encode(byte[] data); 158 | 159 | /** 160 | * This method can be used to convert data from String form into an array of 161 | * bytes. The conversion does not reflect any particular character set, and 162 | * a character with the hex representation 0xWXYZ will always be converted 163 | * into a byte with the representation 0xYZ. It performs the opposite 164 | * conversion to the method 165 | * bytesToString(), and byte-based data that is converted to a 166 | * String and back again using these two methods is guaranteed to retain its 167 | * integrity (which may not be the case with conversions that reflect a 168 | * given character set). 169 | * 170 | * @param data The data to be converted. 171 | * @return The converted data. 172 | */ 173 | byte[] stringToBytes(String data); 174 | 175 | /** 176 | * This method can be used to convert data from an array of bytes into 177 | * String form. The conversion does not reflect any particular character 178 | * set, and a byte with the representation 0xYZ will always be converted 179 | * into a character with the hex representation 0x00YZ. It performs the 180 | * opposite conversion to the method 181 | * stringToBytes(), and byte-based data that is converted to a 182 | * String and back again using these two methods is guaranteed to retain its 183 | * integrity (which may not be the case with conversions that reflect a 184 | * given character set). 185 | * 186 | * @param data The data to be converted. 187 | * @return The converted data. 188 | */ 189 | String bytesToString(byte[] data); 190 | 191 | /** 192 | * This method searches a piece of data for the first occurrence of a 193 | * specified pattern. It works on byte-based data in a way that is similar 194 | * to the way the native Java method 195 | * String.indexOf() works on String-based data. 196 | * 197 | * @param data The data to be searched. 198 | * @param pattern The pattern to be searched for. 199 | * @param caseSensitive Flags whether or not the search is case-sensitive. 200 | * @param from The offset within 201 | * data where the search should begin. 202 | * @param to The offset within 203 | * data where the search should end. 204 | * @return The offset of the first occurrence of the pattern within the 205 | * specified bounds, or -1 if no match is found. 206 | */ 207 | int indexOf(byte[] data, 208 | byte[] pattern, 209 | boolean caseSensitive, 210 | int from, 211 | int to); 212 | 213 | /** 214 | * This method builds an HTTP message containing the specified headers and 215 | * message body. If applicable, the Content-Length header will be added or 216 | * updated, based on the length of the body. 217 | * 218 | * @param headers A list of headers to include in the message. 219 | * @param body The body of the message, of 220 | * null if the message has an empty body. 221 | * @return The resulting full HTTP message. 222 | */ 223 | byte[] buildHttpMessage(List headers, byte[] body); 224 | 225 | /** 226 | * This method creates a GET request to the specified URL. The headers used 227 | * in the request are determined by the Request headers settings as 228 | * configured in Burp Spider's options. 229 | * 230 | * @param url The URL to which the request should be made. 231 | * @return A request to the specified URL. 232 | */ 233 | byte[] buildHttpRequest(URL url); 234 | 235 | /** 236 | * This method adds a new parameter to an HTTP request, and if appropriate 237 | * updates the Content-Length header. 238 | * 239 | * @param request The request to which the parameter should be added. 240 | * @param parameter An 241 | * IParameter object containing details of the parameter to be 242 | * added. Supported parameter types are: 243 | * PARAM_URL, 244 | * PARAM_BODY and 245 | * PARAM_COOKIE. 246 | * @return A new HTTP request with the new parameter added. 247 | */ 248 | byte[] addParameter(byte[] request, IParameter parameter); 249 | 250 | /** 251 | * This method removes a parameter from an HTTP request, and if appropriate 252 | * updates the Content-Length header. 253 | * 254 | * @param request The request from which the parameter should be removed. 255 | * @param parameter An 256 | * IParameter object containing details of the parameter to be 257 | * removed. Supported parameter types are: 258 | * PARAM_URL, 259 | * PARAM_BODY and 260 | * PARAM_COOKIE. 261 | * @return A new HTTP request with the parameter removed. 262 | */ 263 | byte[] removeParameter(byte[] request, IParameter parameter); 264 | 265 | /** 266 | * This method updates the value of a parameter within an HTTP request, and 267 | * if appropriate updates the Content-Length header. Note: This 268 | * method can only be used to update the value of an existing parameter of a 269 | * specified type. If you need to change the type of an existing parameter, 270 | * you should first call 271 | * removeParameter() to remove the parameter with the old type, 272 | * and then call 273 | * addParameter() to add a parameter with the new type. 274 | * 275 | * @param request The request containing the parameter to be updated. 276 | * @param parameter An 277 | * IParameter object containing details of the parameter to be 278 | * updated. Supported parameter types are: 279 | * PARAM_URL, 280 | * PARAM_BODY and 281 | * PARAM_COOKIE. 282 | * @return A new HTTP request with the parameter updated. 283 | */ 284 | byte[] updateParameter(byte[] request, IParameter parameter); 285 | 286 | /** 287 | * This method can be used to toggle a request's method between GET and 288 | * POST. Parameters are relocated between the URL query string and message 289 | * body as required, and the Content-Length header is created or removed as 290 | * applicable. 291 | * 292 | * @param request The HTTP request whose method should be toggled. 293 | * @return A new HTTP request using the toggled method. 294 | */ 295 | byte[] toggleRequestMethod(byte[] request); 296 | 297 | /** 298 | * This method constructs an 299 | * IHttpService object based on the details provided. 300 | * 301 | * @param host The HTTP service host. 302 | * @param port The HTTP service port. 303 | * @param protocol The HTTP service protocol. 304 | * @return An 305 | * IHttpService object based on the details provided. 306 | */ 307 | IHttpService buildHttpService(String host, int port, String protocol); 308 | 309 | /** 310 | * This method constructs an 311 | * IHttpService object based on the details provided. 312 | * 313 | * @param host The HTTP service host. 314 | * @param port The HTTP service port. 315 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. 316 | * @return An 317 | * IHttpService object based on the details provided. 318 | */ 319 | IHttpService buildHttpService(String host, int port, boolean useHttps); 320 | 321 | /** 322 | * This method constructs an 323 | * IParameter object based on the details provided. 324 | * 325 | * @param name The parameter name. 326 | * @param value The parameter value. 327 | * @param type The parameter type, as defined in the 328 | * IParameter interface. 329 | * @return An 330 | * IParameter object based on the details provided. 331 | */ 332 | IParameter buildParameter(String name, String value, byte type); 333 | 334 | /** 335 | * This method constructs an 336 | * IScannerInsertionPoint object based on the details provided. 337 | * It can be used to quickly create a simple insertion point based on a 338 | * fixed payload location within a base request. 339 | * 340 | * @param insertionPointName The name of the insertion point. 341 | * @param baseRequest The request from which to build scan requests. 342 | * @param from The offset of the start of the payload location. 343 | * @param to The offset of the end of the payload location. 344 | * @return An 345 | * IScannerInsertionPoint object based on the details provided. 346 | */ 347 | IScannerInsertionPoint makeScannerInsertionPoint( 348 | String insertionPointName, 349 | byte[] baseRequest, 350 | int from, 351 | int to); 352 | } 353 | -------------------------------------------------------------------------------- /src/burp/IExtensionStateListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionStateListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to 15 | * register an extension state listener. The listener will be notified of 16 | * changes to the extension's state. Note: Any extensions that start 17 | * background threads or open system resources (such as files or database 18 | * connections) should register a listener and terminate threads / close 19 | * resources when the extension is unloaded. 20 | */ 21 | public interface IExtensionStateListener 22 | { 23 | /** 24 | * This method is called when the extension is unloaded. 25 | */ 26 | void extensionUnloaded(); 27 | } 28 | -------------------------------------------------------------------------------- /src/burp/IHttpListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerHttpListener() to register an 15 | * HTTP listener. The listener will be notified of requests and responses made 16 | * by any Burp tool. Extensions can perform custom analysis or modification of 17 | * these messages by registering an HTTP listener. 18 | */ 19 | public interface IHttpListener 20 | { 21 | /** 22 | * This method is invoked when an HTTP request is about to be issued, and 23 | * when an HTTP response has been received. 24 | * 25 | * @param toolFlag A flag indicating the Burp tool that issued the request. 26 | * Burp tool flags are defined in the 27 | * IBurpExtenderCallbacks interface. 28 | * @param messageIsRequest Flags whether the method is being invoked for a 29 | * request or response. 30 | * @param messageInfo Details of the request / response to be processed. 31 | * Extensions can call the setter methods on this object to update the 32 | * current message and so modify Burp's behavior. 33 | */ 34 | void processHttpMessage(int toolFlag, 35 | boolean messageIsRequest, 36 | IHttpRequestResponse messageInfo); 37 | } 38 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponse.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponse.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve and update details about HTTP messages. 14 | * 15 | * Note: The setter methods generally can only be used before the message 16 | * has been processed, and not in read-only contexts. The getter methods 17 | * relating to response details can only be used after the request has been 18 | * issued. 19 | */ 20 | public interface IHttpRequestResponse 21 | { 22 | /** 23 | * This method is used to retrieve the request message. 24 | * 25 | * @return The request message. 26 | */ 27 | byte[] getRequest(); 28 | 29 | /** 30 | * This method is used to update the request message. 31 | * 32 | * @param message The new request message. 33 | */ 34 | void setRequest(byte[] message); 35 | 36 | /** 37 | * This method is used to retrieve the response message. 38 | * 39 | * @return The response message. 40 | */ 41 | byte[] getResponse(); 42 | 43 | /** 44 | * This method is used to update the response message. 45 | * 46 | * @param message The new response message. 47 | */ 48 | void setResponse(byte[] message); 49 | 50 | /** 51 | * This method is used to retrieve the user-annotated comment for this item, 52 | * if applicable. 53 | * 54 | * @return The user-annotated comment for this item, or null if none is set. 55 | */ 56 | String getComment(); 57 | 58 | /** 59 | * This method is used to update the user-annotated comment for this item. 60 | * 61 | * @param comment The comment to be assigned to this item. 62 | */ 63 | void setComment(String comment); 64 | 65 | /** 66 | * This method is used to retrieve the user-annotated highlight for this 67 | * item, if applicable. 68 | * 69 | * @return The user-annotated highlight for this item, or null if none is 70 | * set. 71 | */ 72 | String getHighlight(); 73 | 74 | /** 75 | * This method is used to update the user-annotated highlight for this item. 76 | * 77 | * @param color The highlight color to be assigned to this item. Accepted 78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, 79 | * or a null String to clear any existing highlight. 80 | */ 81 | void setHighlight(String color); 82 | 83 | /** 84 | * This method is used to retrieve the HTTP service for this request / 85 | * response. 86 | * 87 | * @return An 88 | * IHttpService object containing details of the HTTP service. 89 | */ 90 | IHttpService getHttpService(); 91 | 92 | /** 93 | * This method is used to update the HTTP service for this request / 94 | * response. 95 | * 96 | * @param httpService An 97 | * IHttpService object containing details of the new HTTP 98 | * service. 99 | */ 100 | void setHttpService(IHttpService httpService); 101 | 102 | } 103 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponsePersisted.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponsePersisted.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for an 14 | * IHttpRequestResponse object whose request and response messages 15 | * have been saved to temporary files using 16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles(). 17 | */ 18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse 19 | { 20 | /** 21 | * This method is used to permanently delete the saved temporary files. It 22 | * will no longer be possible to retrieve the request or response for this 23 | * item. 24 | */ 25 | void deleteTempFiles(); 26 | } 27 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponseWithMarkers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponseWithMarkers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used for an 16 | * IHttpRequestResponse object that has had markers applied. 17 | * Extensions can create instances of this interface using 18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own 19 | * implementation. Markers are used in various situations, such as specifying 20 | * Intruder payload positions, Scanner insertion points, and highlights in 21 | * Scanner issues. 22 | */ 23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse 24 | { 25 | /** 26 | * This method returns the details of the request markers. 27 | * 28 | * @return A list of index pairs representing the offsets of markers for the 29 | * request message. Each item in the list is an int[2] array containing the 30 | * start and end offsets for the marker. The method may return 31 | * null if no request markers are defined. 32 | */ 33 | List getRequestMarkers(); 34 | 35 | /** 36 | * This method returns the details of the response markers. 37 | * 38 | * @return A list of index pairs representing the offsets of markers for the 39 | * response message. Each item in the list is an int[2] array containing the 40 | * start and end offsets for the marker. The method may return 41 | * null if no response markers are defined. 42 | */ 43 | List getResponseMarkers(); 44 | } 45 | -------------------------------------------------------------------------------- /src/burp/IHttpService.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpService.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to provide details about an HTTP service, to which 14 | * HTTP requests can be sent. 15 | */ 16 | public interface IHttpService 17 | { 18 | /** 19 | * This method returns the hostname or IP address for the service. 20 | * 21 | * @return The hostname or IP address for the service. 22 | */ 23 | String getHost(); 24 | 25 | /** 26 | * This method returns the port number for the service. 27 | * 28 | * @return The port number for the service. 29 | */ 30 | int getPort(); 31 | 32 | /** 33 | * This method returns the protocol for the service. 34 | * 35 | * @return The protocol for the service. Expected values are "http" or 36 | * "https". 37 | */ 38 | String getProtocol(); 39 | } 40 | -------------------------------------------------------------------------------- /src/burp/IInterceptedProxyMessage.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IInterceptedProxyMessage.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to represent an HTTP message that has been intercepted 14 | * by Burp Proxy. Extensions can register an 15 | * IProxyListener to receive details of proxy messages using this 16 | * interface. * 17 | */ 18 | public interface IInterceptedProxyMessage 19 | { 20 | /** 21 | * This action causes Burp Proxy to follow the current interception rules to 22 | * determine the appropriate action to take for the message. 23 | */ 24 | static final int ACTION_FOLLOW_RULES = 0; 25 | /** 26 | * This action causes Burp Proxy to present the message to the user for 27 | * manual review or modification. 28 | */ 29 | static final int ACTION_DO_INTERCEPT = 1; 30 | /** 31 | * This action causes Burp Proxy to forward the message to the remote server 32 | * or client, without presenting it to the user. 33 | */ 34 | static final int ACTION_DONT_INTERCEPT = 2; 35 | /** 36 | * This action causes Burp Proxy to drop the message. 37 | */ 38 | static final int ACTION_DROP = 3; 39 | /** 40 | * This action causes Burp Proxy to follow the current interception rules to 41 | * determine the appropriate action to take for the message, and then make a 42 | * second call to processProxyMessage. 43 | */ 44 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; 45 | /** 46 | * This action causes Burp Proxy to present the message to the user for 47 | * manual review or modification, and then make a second call to 48 | * processProxyMessage. 49 | */ 50 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; 51 | /** 52 | * This action causes Burp Proxy to skip user interception, and then make a 53 | * second call to processProxyMessage. 54 | */ 55 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; 56 | 57 | /** 58 | * This method retrieves a unique reference number for this 59 | * request/response. 60 | * 61 | * @return An identifier that is unique to a single request/response pair. 62 | * Extensions can use this to correlate details of requests and responses 63 | * and perform processing on the response message accordingly. 64 | */ 65 | int getMessageReference(); 66 | 67 | /** 68 | * This method retrieves details of the intercepted message. 69 | * 70 | * @return An 71 | * IHttpRequestResponse object containing details of the 72 | * intercepted message. 73 | */ 74 | IHttpRequestResponse getMessageInfo(); 75 | 76 | /** 77 | * This method retrieves the currently defined interception action. The 78 | * default action is 79 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are 80 | * registered, then other listeners may already have modified the 81 | * interception action before it reaches the current listener. This method 82 | * can be used to determine whether this has occurred. 83 | * 84 | * @return The currently defined interception action. Possible values are 85 | * defined within this interface. 86 | */ 87 | int getInterceptAction(); 88 | 89 | /** 90 | * This method is used to update the interception action. 91 | * 92 | * @param interceptAction The new interception action. Possible values are 93 | * defined within this interface. 94 | */ 95 | void setInterceptAction(int interceptAction); 96 | } 97 | -------------------------------------------------------------------------------- /src/burp/IIntruderAttack.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderAttack.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an Intruder attack. 14 | */ 15 | public interface IIntruderAttack 16 | { 17 | /** 18 | * This method is used to retrieve the HTTP service for the attack. 19 | * 20 | * @return The HTTP service for the attack. 21 | */ 22 | IHttpService getHttpService(); 23 | 24 | /** 25 | * This method is used to retrieve the request template for the attack. 26 | * 27 | * @return The request template for the attack. 28 | */ 29 | byte[] getRequestTemplate(); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadGenerator.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGenerator.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for custom Intruder payload generators. Extensions 14 | * that have registered an 15 | * IIntruderPayloadGeneratorFactory must return a new instance of 16 | * this interface when required as part of a new Intruder attack. 17 | */ 18 | public interface IIntruderPayloadGenerator 19 | { 20 | /** 21 | * This method is used by Burp to determine whether the payload generator is 22 | * able to provide any further payloads. 23 | * 24 | * @return Extensions should return 25 | * false when all the available payloads have been used up, 26 | * otherwise 27 | * true. 28 | */ 29 | boolean hasMorePayloads(); 30 | 31 | /** 32 | * This method is used by Burp to obtain the value of the next payload. 33 | * 34 | * @param baseValue The base value of the current payload position. This 35 | * value may be 36 | * null if the concept of a base value is not applicable (e.g. 37 | * in a battering ram attack). 38 | * @return The next payload to use in the attack. 39 | */ 40 | byte[] getNextPayload(byte[] baseValue); 41 | 42 | /** 43 | * This method is used by Burp to reset the state of the payload generator 44 | * so that the next call to 45 | * getNextPayload() returns the first payload again. This 46 | * method will be invoked when an attack uses the same payload generator for 47 | * more than one payload position, for example in a sniper attack. 48 | */ 49 | void reset(); 50 | } 51 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadGeneratorFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGeneratorFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() 15 | * to register a factory for custom Intruder payloads. 16 | */ 17 | public interface IIntruderPayloadGeneratorFactory 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload generator. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use extension-generated payloads. 23 | * 24 | * @return The name of the payload generator. 25 | */ 26 | String getGeneratorName(); 27 | 28 | /** 29 | * This method is used by Burp when the user starts an Intruder attack that 30 | * uses this payload generator. 31 | * 32 | * @param attack An 33 | * IIntruderAttack object that can be queried to obtain details 34 | * about the attack in which the payload generator will be used. 35 | * @return A new instance of 36 | * IIntruderPayloadGenerator that will be used to generate 37 | * payloads for the attack. 38 | */ 39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); 40 | } 41 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadProcessor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadProcessor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to 15 | * register a custom Intruder payload processor. 16 | */ 17 | public interface IIntruderPayloadProcessor 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload processor. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use an extension-provided payload processor. 23 | * 24 | * @return The name of the payload processor. 25 | */ 26 | String getProcessorName(); 27 | 28 | /** 29 | * This method is invoked by Burp each time the processor should be applied 30 | * to an Intruder payload. 31 | * 32 | * @param currentPayload The value of the payload to be processed. 33 | * @param originalPayload The value of the original payload prior to 34 | * processing by any already-applied processing rules. 35 | * @param baseValue The base value of the payload position, which will be 36 | * replaced with the current payload. 37 | * @return The value of the processed payload. This may be 38 | * null to indicate that the current payload should be skipped, 39 | * and the attack will move directly to the next payload. 40 | */ 41 | byte[] processPayload( 42 | byte[] currentPayload, 43 | byte[] originalPayload, 44 | byte[] baseValue); 45 | } 46 | -------------------------------------------------------------------------------- /src/burp/IMenuItemHandler.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMenuItemHandler.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom 15 | * context menu item. 16 | * 17 | * @deprecated Use 18 | * IContextMenuFactory instead. 19 | */ 20 | @Deprecated 21 | public interface IMenuItemHandler 22 | { 23 | /** 24 | * This method is invoked by Burp Suite when the user clicks on a custom 25 | * menu item which the extension has registered with Burp. 26 | * 27 | * @param menuItemCaption The caption of the menu item which was clicked. 28 | * This parameter enables extensions to provide a single implementation 29 | * which handles multiple different menu items. 30 | * @param messageInfo Details of the HTTP message(s) for which the context 31 | * menu was displayed. 32 | */ 33 | void menuItemClicked( 34 | String menuItemCaption, 35 | IHttpRequestResponse[] messageInfo); 36 | } 37 | -------------------------------------------------------------------------------- /src/burp/IMessageEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's HTTP 16 | * message editor, for the extension to use in its own UI. Extensions should 17 | * call 18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an 19 | * instance of this interface. 20 | */ 21 | public interface IMessageEditor 22 | { 23 | /** 24 | * This method returns the UI component of the editor, for extensions to add 25 | * to their own UI. 26 | * 27 | * @return The UI component of the editor. 28 | */ 29 | Component getComponent(); 30 | 31 | /** 32 | * This method is used to display an HTTP message in the editor. 33 | * 34 | * @param message The HTTP message to be displayed. 35 | * @param isRequest Flags whether the message is an HTTP request or 36 | * response. 37 | */ 38 | void setMessage(byte[] message, boolean isRequest); 39 | 40 | /** 41 | * This method is used to retrieve the currently displayed message, which 42 | * may have been modified by the user. 43 | * 44 | * @return The currently displayed HTTP message. 45 | */ 46 | byte[] getMessage(); 47 | 48 | /** 49 | * This method is used to determine whether the current message has been 50 | * modified by the user. 51 | * 52 | * @return An indication of whether the current message has been modified by 53 | * the user since it was first displayed. 54 | */ 55 | boolean isMessageModified(); 56 | 57 | /** 58 | * This method returns the data that is currently selected by the user. 59 | * 60 | * @return The data that is currently selected by the user, or 61 | * null if no selection is made. 62 | */ 63 | byte[] getSelectedData(); 64 | } 65 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorController.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorController.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used by an 14 | * IMessageEditor to obtain details about the currently displayed 15 | * message. Extensions that create instances of Burp's HTTP message editor can 16 | * optionally provide an implementation of 17 | * IMessageEditorController, which the editor will invoke when it 18 | * requires further information about the current message (for example, to send 19 | * it to another Burp tool). Extensions that provide custom editor tabs via an 20 | * IMessageEditorTabFactory will receive a reference to an 21 | * IMessageEditorController object for each tab instance they 22 | * generate, which the tab can invoke if it requires further information about 23 | * the current message. 24 | */ 25 | public interface IMessageEditorController 26 | { 27 | /** 28 | * This method is used to retrieve the HTTP service for the current message. 29 | * 30 | * @return The HTTP service for the current message. 31 | */ 32 | IHttpService getHttpService(); 33 | 34 | /** 35 | * This method is used to retrieve the HTTP request associated with the 36 | * current message (which may itself be a response). 37 | * 38 | * @return The HTTP request associated with the current message. 39 | */ 40 | byte[] getRequest(); 41 | 42 | /** 43 | * This method is used to retrieve the HTTP response associated with the 44 | * current message (which may itself be a request). 45 | * 46 | * @return The HTTP response associated with the current message. 47 | */ 48 | byte[] getResponse(); 49 | } 50 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorTab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * Extensions that register an 16 | * IMessageEditorTabFactory must return instances of this 17 | * interface, which Burp will use to create custom tabs within its HTTP message 18 | * editors. 19 | */ 20 | public interface IMessageEditorTab 21 | { 22 | /** 23 | * This method returns the caption that should appear on the custom tab when 24 | * it is displayed. Note: Burp invokes this method once when the tab 25 | * is first generated, and the same caption will be used every time the tab 26 | * is displayed. 27 | * 28 | * @return The caption that should appear on the custom tab when it is 29 | * displayed. 30 | */ 31 | String getTabCaption(); 32 | 33 | /** 34 | * This method returns the component that should be used as the contents of 35 | * the custom tab when it is displayed. Note: Burp invokes this 36 | * method once when the tab is first generated, and the same component will 37 | * be used every time the tab is displayed. 38 | * 39 | * @return The component that should be used as the contents of the custom 40 | * tab when it is displayed. 41 | */ 42 | Component getUiComponent(); 43 | 44 | /** 45 | * The hosting editor will invoke this method before it displays a new HTTP 46 | * message, so that the custom tab can indicate whether it should be enabled 47 | * for that message. 48 | * 49 | * @param content The message that is about to be displayed. 50 | * @param isRequest Indicates whether the message is a request or a 51 | * response. 52 | * @return The method should return 53 | * true if the custom tab is able to handle the specified 54 | * message, and so will be displayed within the editor. Otherwise, the tab 55 | * will be hidden while this message is displayed. 56 | */ 57 | boolean isEnabled(byte[] content, boolean isRequest); 58 | 59 | /** 60 | * The hosting editor will invoke this method to display a new message or to 61 | * clear the existing message. This method will only be called with a new 62 | * message if the tab has already returned 63 | * true to a call to 64 | * isEnabled() with the same message details. 65 | * 66 | * @param content The message that is to be displayed, or 67 | * null if the tab should clear its contents and disable any 68 | * editable controls. 69 | * @param isRequest Indicates whether the message is a request or a 70 | * response. 71 | */ 72 | void setMessage(byte[] content, boolean isRequest); 73 | 74 | /** 75 | * This method returns the currently displayed message. 76 | * 77 | * @return The currently displayed message. 78 | */ 79 | byte[] getMessage(); 80 | 81 | /** 82 | * This method is used to determine whether the currently displayed message 83 | * has been modified by the user. The hosting editor will always call 84 | * getMessage() before calling this method, so any pending 85 | * edits should be completed within 86 | * getMessage(). 87 | * 88 | * @return The method should return 89 | * true if the user has modified the current message since it 90 | * was first displayed. 91 | */ 92 | boolean isModified(); 93 | 94 | /** 95 | * This method is used to retrieve the data that is currently selected by 96 | * the user. 97 | * 98 | * @return The data that is currently selected by the user. This may be 99 | * null if no selection is currently made. 100 | */ 101 | byte[] getSelectedData(); 102 | } 103 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorTabFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTabFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to 15 | * register a factory for custom message editor tabs. This allows extensions to 16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP 17 | * editor. 18 | */ 19 | public interface IMessageEditorTabFactory 20 | { 21 | /** 22 | * Burp will call this method once for each HTTP message editor, and the 23 | * factory should provide a new instance of an 24 | * IMessageEditorTab object. 25 | * 26 | * @param controller An 27 | * IMessageEditorController object, which the new tab can query 28 | * to retrieve details about the currently displayed message. This may be 29 | * null for extension-invoked message editors where the 30 | * extension has not provided an editor controller. 31 | * @param editable Indicates whether the hosting editor is editable or 32 | * read-only. 33 | * @return A new 34 | * IMessageEditorTab object for use within the message editor. 35 | */ 36 | IMessageEditorTab createNewInstance(IMessageEditorController controller, 37 | boolean editable); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/IParameter.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IParameter.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an HTTP request parameter. 14 | */ 15 | public interface IParameter 16 | { 17 | /** 18 | * Used to indicate a parameter within the URL query string. 19 | */ 20 | static final byte PARAM_URL = 0; 21 | /** 22 | * Used to indicate a parameter within the message body. 23 | */ 24 | static final byte PARAM_BODY = 1; 25 | /** 26 | * Used to indicate an HTTP cookie. 27 | */ 28 | static final byte PARAM_COOKIE = 2; 29 | /** 30 | * Used to indicate an item of data within an XML structure. 31 | */ 32 | static final byte PARAM_XML = 3; 33 | /** 34 | * Used to indicate the value of a tag attribute within an XML structure. 35 | */ 36 | static final byte PARAM_XML_ATTR = 4; 37 | /** 38 | * Used to indicate the value of a parameter attribute within a multi-part 39 | * message body (such as the name of an uploaded file). 40 | */ 41 | static final byte PARAM_MULTIPART_ATTR = 5; 42 | /** 43 | * Used to indicate an item of data within a JSON structure. 44 | */ 45 | static final byte PARAM_JSON = 6; 46 | 47 | /** 48 | * This method is used to retrieve the parameter type. 49 | * 50 | * @return The parameter type. The available types are defined within this 51 | * interface. 52 | */ 53 | byte getType(); 54 | 55 | /** 56 | * This method is used to retrieve the parameter name. 57 | * 58 | * @return The parameter name. 59 | */ 60 | String getName(); 61 | 62 | /** 63 | * This method is used to retrieve the parameter value. 64 | * 65 | * @return The parameter value. 66 | */ 67 | String getValue(); 68 | 69 | /** 70 | * This method is used to retrieve the start offset of the parameter name 71 | * within the HTTP request. 72 | * 73 | * @return The start offset of the parameter name within the HTTP request, 74 | * or -1 if the parameter is not associated with a specific request. 75 | */ 76 | int getNameStart(); 77 | 78 | /** 79 | * This method is used to retrieve the end offset of the parameter name 80 | * within the HTTP request. 81 | * 82 | * @return The end offset of the parameter name within the HTTP request, or 83 | * -1 if the parameter is not associated with a specific request. 84 | */ 85 | int getNameEnd(); 86 | 87 | /** 88 | * This method is used to retrieve the start offset of the parameter value 89 | * within the HTTP request. 90 | * 91 | * @return The start offset of the parameter value within the HTTP request, 92 | * or -1 if the parameter is not associated with a specific request. 93 | */ 94 | int getValueStart(); 95 | 96 | /** 97 | * This method is used to retrieve the end offset of the parameter value 98 | * within the HTTP request. 99 | * 100 | * @return The end offset of the parameter value within the HTTP request, or 101 | * -1 if the parameter is not associated with a specific request. 102 | */ 103 | int getValueEnd(); 104 | } 105 | -------------------------------------------------------------------------------- /src/burp/IProxyListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IProxyListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerHttpListener() to register a 15 | * Proxy listener. The listener will be notified of requests and responses being 16 | * processed by the Proxy tool. Extensions can perform custom analysis or 17 | * modification of these messages, and control in-UI message interception, by 18 | * registering a proxy listener. 19 | */ 20 | public interface IProxyListener 21 | { 22 | /** 23 | * This method is invoked when an HTTP message is being processed by the 24 | * Proxy. 25 | * 26 | * @param messageIsRequest Indicates whether the HTTP message is a request 27 | * or a response. 28 | * @param message An 29 | * IInterceptedProxyMessage object that extensions can use to 30 | * query and update details of the message, and control whether the message 31 | * should be intercepted and displayed to the user for manual review or 32 | * modification. 33 | */ 34 | void processProxyMessage( 35 | boolean messageIsRequest, 36 | IInterceptedProxyMessage message); 37 | } 38 | -------------------------------------------------------------------------------- /src/burp/IRequestInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IRequestInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface is used to retrieve key details about an HTTP request. 17 | * Extensions can obtain an 18 | * IRequestInfo object for a given request by calling 19 | * IExtensionHelpers.analyzeRequest(). 20 | */ 21 | public interface IRequestInfo 22 | { 23 | /** 24 | * Used to indicate that there is no content. 25 | */ 26 | static final byte CONTENT_TYPE_NONE = 0; 27 | /** 28 | * Used to indicate URL-encoded content. 29 | */ 30 | static final byte CONTENT_TYPE_URL_ENCODED = 1; 31 | /** 32 | * Used to indicate multi-part content. 33 | */ 34 | static final byte CONTENT_TYPE_MULTIPART = 2; 35 | /** 36 | * Used to indicate XML content. 37 | */ 38 | static final byte CONTENT_TYPE_XML = 3; 39 | /** 40 | * Used to indicate JSON content. 41 | */ 42 | static final byte CONTENT_TYPE_JSON = 4; 43 | /** 44 | * Used to indicate AMF content. 45 | */ 46 | static final byte CONTENT_TYPE_AMF = 5; 47 | /** 48 | * Used to indicate unknown content. 49 | */ 50 | static final byte CONTENT_TYPE_UNKNOWN = -1; 51 | 52 | /** 53 | * This method is used to obtain the HTTP method used in the request. 54 | * 55 | * @return The HTTP method used in the request. 56 | */ 57 | String getMethod(); 58 | 59 | /** 60 | * This method is used to obtain the URL in the request. 61 | * 62 | * @return The URL in the request. 63 | */ 64 | URL getUrl(); 65 | 66 | /** 67 | * This method is used to obtain the HTTP headers contained in the request. 68 | * 69 | * @return The HTTP headers contained in the request. 70 | */ 71 | List getHeaders(); 72 | 73 | /** 74 | * This method is used to obtain the parameters contained in the request. 75 | * 76 | * @return The parameters contained in the request. 77 | */ 78 | List getParameters(); 79 | 80 | /** 81 | * This method is used to obtain the offset within the request where the 82 | * message body begins. 83 | * 84 | * @return The offset within the request where the message body begins. 85 | */ 86 | int getBodyOffset(); 87 | 88 | /** 89 | * This method is used to obtain the content type of the message body. 90 | * 91 | * @return An indication of the content type of the message body. Available 92 | * types are defined within this interface. 93 | */ 94 | byte getContentType(); 95 | } 96 | -------------------------------------------------------------------------------- /src/burp/IResponseInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to retrieve key details about an HTTP response. 16 | * Extensions can obtain an 17 | * IResponseInfo object for a given response by calling 18 | * IExtensionHelpers.analyzeResponse(). 19 | */ 20 | public interface IResponseInfo 21 | { 22 | /** 23 | * This method is used to obtain the HTTP headers contained in the response. 24 | * 25 | * @return The HTTP headers contained in the response. 26 | */ 27 | List getHeaders(); 28 | 29 | /** 30 | * This method is used to obtain the offset within the response where the 31 | * message body begins. 32 | * 33 | * @return The offset within the response where the message body begins. 34 | */ 35 | int getBodyOffset(); 36 | 37 | /** 38 | * This method is used to obtain the HTTP status code contained in the 39 | * response. 40 | * 41 | * @return The HTTP status code contained in the response. 42 | */ 43 | short getStatusCode(); 44 | 45 | /** 46 | * This method is used to obtain details of the HTTP cookies set in the 47 | * response. 48 | * 49 | * @return A list of 50 | * ICookie objects representing the cookies set in the 51 | * response, if any. 52 | */ 53 | List getCookies(); 54 | } 55 | -------------------------------------------------------------------------------- /src/burp/IScanIssue.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanIssue.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of Scanner issues. Extensions can 14 | * obtain details of issues by registering an 15 | * IScannerListener or by calling 16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add 17 | * custom Scanner issues by registering an 18 | * IScannerCheck or calling 19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own 20 | * implementations of this interface 21 | */ 22 | public interface IScanIssue 23 | { 24 | /** 25 | * This method returns the URL for which the issue was generated. 26 | * 27 | * @return The URL for which the issue was generated. 28 | */ 29 | java.net.URL getUrl(); 30 | 31 | /** 32 | * This method returns the name of the issue type. 33 | * 34 | * @return The name of the issue type (e.g. "SQL injection"). 35 | */ 36 | String getIssueName(); 37 | 38 | /** 39 | * This method returns a numeric identifier of the issue type. See the Burp 40 | * Scanner help documentation for a listing of all the issue types. 41 | * 42 | * @return A numeric identifier of the issue type. 43 | */ 44 | int getIssueType(); 45 | 46 | /** 47 | * This method returns the issue severity level. 48 | * 49 | * @return The issue severity level. Expected values are "High", "Medium", 50 | * "Low", "Information" or "False positive". 51 | * 52 | */ 53 | String getSeverity(); 54 | 55 | /** 56 | * This method returns the issue confidence level. 57 | * 58 | * @return The issue confidence level. Expected values are "Certain", "Firm" 59 | * or "Tentative". 60 | */ 61 | String getConfidence(); 62 | 63 | /** 64 | * This method returns a background description for this type of issue. 65 | * 66 | * @return A background description for this type of issue, or 67 | * null if none applies. 68 | */ 69 | String getIssueBackground(); 70 | 71 | /** 72 | * This method returns a background description of the remediation for this 73 | * type of issue. 74 | * 75 | * @return A background description of the remediation for this type of 76 | * issue, or 77 | * null if none applies. 78 | */ 79 | String getRemediationBackground(); 80 | 81 | /** 82 | * This method returns detailed information about this specific instance of 83 | * the issue. 84 | * 85 | * @return Detailed information about this specific instance of the issue, 86 | * or 87 | * null if none applies. 88 | */ 89 | String getIssueDetail(); 90 | 91 | /** 92 | * This method returns detailed information about the remediation for this 93 | * specific instance of the issue. 94 | * 95 | * @return Detailed information about the remediation for this specific 96 | * instance of the issue, or 97 | * null if none applies. 98 | */ 99 | String getRemediationDetail(); 100 | 101 | /** 102 | * This method returns the HTTP messages on the basis of which the issue was 103 | * generated. 104 | * 105 | * @return The HTTP messages on the basis of which the issue was generated. 106 | * Note: The items in this array should be instances of 107 | * IHttpRequestResponseWithMarkers if applicable, so that 108 | * details of the relevant portions of the request and response messages are 109 | * available. 110 | */ 111 | IHttpRequestResponse[] getHttpMessages(); 112 | 113 | /** 114 | * This method returns the HTTP service for which the issue was generated. 115 | * 116 | * @return The HTTP service for which the issue was generated. 117 | */ 118 | IHttpService getHttpService(); 119 | 120 | } 121 | -------------------------------------------------------------------------------- /src/burp/IScanQueueItem.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanQueueItem.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of items in the Burp Scanner 14 | * active scan queue. Extensions can obtain references to scan queue items by 15 | * calling 16 | * IBurpExtenderCallbacks.doActiveScan(). 17 | */ 18 | public interface IScanQueueItem 19 | { 20 | /** 21 | * This method returns a description of the status of the scan queue item. 22 | * 23 | * @return A description of the status of the scan queue item. 24 | */ 25 | String getStatus(); 26 | 27 | /** 28 | * This method returns an indication of the percentage completed for the 29 | * scan queue item. 30 | * 31 | * @return An indication of the percentage completed for the scan queue 32 | * item. 33 | */ 34 | byte getPercentageComplete(); 35 | 36 | /** 37 | * This method returns the number of requests that have been made for the 38 | * scan queue item. 39 | * 40 | * @return The number of requests that have been made for the scan queue 41 | * item. 42 | */ 43 | int getNumRequests(); 44 | 45 | /** 46 | * This method returns the number of network errors that have occurred for 47 | * the scan queue item. 48 | * 49 | * @return The number of network errors that have occurred for the scan 50 | * queue item. 51 | */ 52 | int getNumErrors(); 53 | 54 | /** 55 | * This method returns the number of attack insertion points being used for 56 | * the scan queue item. 57 | * 58 | * @return The number of attack insertion points being used for the scan 59 | * queue item. 60 | */ 61 | int getNumInsertionPoints(); 62 | 63 | /** 64 | * This method allows the scan queue item to be canceled. 65 | */ 66 | void cancel(); 67 | 68 | /** 69 | * This method returns details of the issues generated for the scan queue 70 | * item. Note: different items within the scan queue may contain 71 | * duplicated versions of the same issues - for example, if the same request 72 | * has been scanned multiple times. Duplicated issues are consolidated in 73 | * the main view of scan results. Extensions can register an 74 | * IScannerListener to get details only of unique, newly 75 | * discovered Scanner issues post-consolidation. 76 | * 77 | * @return Details of the issues generated for the scan queue item. 78 | */ 79 | IScanIssue[] getIssues(); 80 | } 81 | -------------------------------------------------------------------------------- /src/burp/IScannerCheck.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerCheck.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a 17 | * custom Scanner check. When performing scanning, Burp will ask the check to 18 | * perform active or passive scanning on the base request, and report any 19 | * Scanner issues that are identified. 20 | */ 21 | public interface IScannerCheck 22 | { 23 | /** 24 | * The Scanner invokes this method for each base request / response that is 25 | * passively scanned. Note: Extensions should not only analyze the 26 | * HTTP messages provided during passive scanning, and should not make any 27 | * new HTTP requests of their own. 28 | * 29 | * @param baseRequestResponse The base HTTP request / response that should 30 | * be passively scanned. 31 | * @return A list of 32 | * IScanIssue objects, or 33 | * null if no issues are identified. 34 | */ 35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse); 36 | 37 | /** 38 | * The Scanner invokes this method for each insertion point that is actively 39 | * scanned. Extensions may issue HTTP requests as required to carry out 40 | * active scanning, and should use the 41 | * IScannerInsertionPoint object provided to build scan 42 | * requests for particular payloads. Note: Extensions are responsible 43 | * for ensuring that attack payloads are suitably encoded within requests 44 | * (for example, by URL-encoding relevant metacharacters in the URL query 45 | * string). Encoding is not automatically carried out by the 46 | * IScannerInsertionPoint, because this would prevent Scanner 47 | * checks from testing for certain input filter bypasses. Extensions should 48 | * query the 49 | * IScannerInsertionPoint to determine its type, and apply any 50 | * encoding that may be appropriate. 51 | * 52 | * @param baseRequestResponse The base HTTP request / response that should 53 | * be actively scanned. 54 | * @param insertionPoint An 55 | * IScannerInsertionPoint object that can be queried to obtain 56 | * details of the insertion point being tested, and can be used to build 57 | * scan requests for particular payloads. 58 | * @return A list of 59 | * IScanIssue objects, or 60 | * null if no issues are identified. 61 | */ 62 | List doActiveScan( 63 | IHttpRequestResponse baseRequestResponse, 64 | IScannerInsertionPoint insertionPoint); 65 | 66 | /** 67 | * The Scanner invokes this method when the custom Scanner check has 68 | * reported multiple issues for the same URL path. This can arise either 69 | * because there are multiple distinct vulnerabilities, or because the same 70 | * (or a similar) request has been scanned more than once. The custom check 71 | * should determine whether the issues are duplicates. In most cases, where 72 | * a check uses distinct issue names or descriptions for distinct issues, 73 | * the consolidation process will simply be a matter of comparing these 74 | * features for the two issues. 75 | * 76 | * @param existingIssue An issue that was previously reported by this 77 | * Scanner check. 78 | * @param newIssue An issue at the same URL path that has been newly 79 | * reported by this Scanner check. 80 | * @return An indication of which issue(s) should be reported in the main 81 | * Scanner results. The method should return 82 | * -1 to report the existing issue only, 83 | * 0 to report both issues, and 84 | * 1 to report the new issue only. 85 | */ 86 | int consolidateDuplicateIssues( 87 | IScanIssue existingIssue, 88 | IScanIssue newIssue); 89 | } 90 | -------------------------------------------------------------------------------- /src/burp/IScannerInsertionPoint.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPoint.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to define an insertion point for use by active Scanner 14 | * checks. Extensions can obtain instances of this interface by registering an 15 | * IScannerCheck, or can create instances for use by Burp's own 16 | * scan checks by registering an 17 | * IScannerInsertionPointProvider. 18 | */ 19 | public interface IScannerInsertionPoint 20 | { 21 | /** 22 | * Used to indicate where the payload is inserted into the value of a URL 23 | * parameter. 24 | */ 25 | static final byte INS_PARAM_URL = 0x00; 26 | /** 27 | * Used to indicate where the payload is inserted into the value of a body 28 | * parameter. 29 | */ 30 | static final byte INS_PARAM_BODY = 0x01; 31 | /** 32 | * Used to indicate where the payload is inserted into the value of an HTTP 33 | * cookie. 34 | */ 35 | static final byte INS_PARAM_COOKIE = 0x02; 36 | /** 37 | * Used to indicate where the payload is inserted into the value of an item 38 | * of data within an XML data structure. 39 | */ 40 | static final byte INS_PARAM_XML = 0x03; 41 | /** 42 | * Used to indicate where the payload is inserted into the value of a tag 43 | * attribute within an XML structure. 44 | */ 45 | static final byte INS_PARAM_XML_ATTR = 0x04; 46 | /** 47 | * Used to indicate where the payload is inserted into the value of a 48 | * parameter attribute within a multi-part message body (such as the name of 49 | * an uploaded file). 50 | */ 51 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05; 52 | /** 53 | * Used to indicate where the payload is inserted into the value of an item 54 | * of data within a JSON structure. 55 | */ 56 | static final byte INS_PARAM_JSON = 0x06; 57 | /** 58 | * Used to indicate where the payload is inserted into the value of an AMF 59 | * parameter. 60 | */ 61 | static final byte INS_PARAM_AMF = 0x07; 62 | /** 63 | * Used to indicate where the payload is inserted into the value of an HTTP 64 | * request header. 65 | */ 66 | static final byte INS_HEADER = 0x20; 67 | /** 68 | * Used to indicate where the payload is inserted into a REST parameter 69 | * within the URL file path. 70 | */ 71 | static final byte INS_URL_REST = 0x21; 72 | /** 73 | * Used to indicate where the payload is inserted into the name of an added 74 | * URL parameter. 75 | */ 76 | static final byte INS_PARAM_NAME_URL = 0x22; 77 | /** 78 | * Used to indicate where the payload is inserted into the name of an added 79 | * body parameter. 80 | */ 81 | static final byte INS_PARAM_NAME_BODY = 0x23; 82 | /** 83 | * Used to indicate where the payload is inserted at a location manually 84 | * configured by the user. 85 | */ 86 | static final byte INS_USER_PROVIDED = 0x40; 87 | /** 88 | * Used to indicate where the insertion point is provided by an 89 | * extension-registered 90 | * IScannerInsertionPointProvider. 91 | */ 92 | static final byte INS_EXTENSION_PROVIDED = 0x41; 93 | /** 94 | * Used to indicate where the payload is inserted at an unknown location 95 | * within the request. 96 | */ 97 | static final byte INS_UNKNOWN = 0x7f; 98 | 99 | /** 100 | * This method returns the name of the insertion point. 101 | * 102 | * @return The name of the insertion point (for example, a description of a 103 | * particular request parameter). 104 | */ 105 | String getInsertionPointName(); 106 | 107 | /** 108 | * This method returns the base value for this insertion point. 109 | * 110 | * @return the base value that appears in this insertion point in the base 111 | * request being scanned, or 112 | * null if there is no value in the base request that 113 | * corresponds to this insertion point. 114 | */ 115 | String getBaseValue(); 116 | 117 | /** 118 | * This method is used to build a request with the specified payload placed 119 | * into the insertion point. Any necessary adjustments to the Content-Length 120 | * header will be made by the Scanner itself when the request is issued, and 121 | * there is no requirement for the insertion point to do this. Note: 122 | * Burp's built-in scan checks do not apply any payload encoding (such as 123 | * URL-encoding) when dealing with an extension-provided insertion point. 124 | * Custom insertion points are responsible for performing any data encoding 125 | * that is necessary given the nature and location of the insertion point. 126 | * 127 | * @param payload The payload that should be placed into the insertion 128 | * point. 129 | * @return The resulting request. 130 | */ 131 | byte[] buildRequest(byte[] payload); 132 | 133 | /** 134 | * This method is used to determine the offsets of the payload value within 135 | * the request, when it is placed into the insertion point. Scan checks may 136 | * invoke this method when reporting issues, so as to highlight the relevant 137 | * part of the request within the UI. 138 | * 139 | * @param payload The payload that should be placed into the insertion 140 | * point. 141 | * @return An int[2] array containing the start and end offsets of the 142 | * payload within the request, or null if this is not applicable (for 143 | * example, where the insertion point places a payload into a serialized 144 | * data structure, the raw payload may not literally appear anywhere within 145 | * the resulting request). 146 | */ 147 | int[] getPayloadOffsets(byte[] payload); 148 | 149 | /** 150 | * This method returns the type of the insertion point. 151 | * 152 | * @return The type of the insertion point. Available types are defined in 153 | * this interface. 154 | */ 155 | byte getInsertionPointType(); 156 | } 157 | -------------------------------------------------------------------------------- /src/burp/IScannerInsertionPointProvider.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPointProvider.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() 17 | * to register a factory for custom Scanner insertion points. 18 | */ 19 | public interface IScannerInsertionPointProvider 20 | { 21 | /** 22 | * When a request is actively scanned, the Scanner will invoke this method, 23 | * and the provider should provide a list of custom insertion points that 24 | * will be used in the scan. Note: these insertion points are used in 25 | * addition to those that are derived from Burp Scanner's configuration, and 26 | * those provided by any other Burp extensions. 27 | * 28 | * @param baseRequestResponse The base request that will be actively 29 | * scanned. 30 | * @return A list of 31 | * IScannerInsertionPoint objects that should be used in the 32 | * scanning, or 33 | * null if no custom insertion points are applicable for this 34 | * request. 35 | */ 36 | List getInsertionPoints( 37 | IHttpRequestResponse baseRequestResponse); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/IScannerListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScannerListener() to register a 15 | * Scanner listener. The listener will be notified of new issues that are 16 | * reported by the Scanner tool. Extensions can perform custom analysis or 17 | * logging of Scanner issues by registering a Scanner listener. 18 | */ 19 | public interface IScannerListener 20 | { 21 | /** 22 | * This method is invoked when a new issue is added to Burp Scanner's 23 | * results. 24 | * 25 | * @param issue An 26 | * IScanIssue object that the extension can query to obtain 27 | * details about the new issue. 28 | */ 29 | void newScanIssue(IScanIssue issue); 30 | } 31 | -------------------------------------------------------------------------------- /src/burp/IScopeChangeListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScopeChangeListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register 15 | * a scope change listener. The listener will be notified whenever a change 16 | * occurs to Burp's suite-wide target scope. 17 | */ 18 | public interface IScopeChangeListener 19 | { 20 | /** 21 | * This method is invoked whenever a change occurs to Burp's suite-wide 22 | * target scope. 23 | */ 24 | void scopeChanged(); 25 | } 26 | -------------------------------------------------------------------------------- /src/burp/ISessionHandlingAction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ISessionHandlingAction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to 15 | * register a custom session handling action. Each registered action will be 16 | * available within the session handling rule UI for the user to select as a 17 | * rule action. Users can choose to invoke an action directly in its own right, 18 | * or following execution of a macro. 19 | */ 20 | public interface ISessionHandlingAction 21 | { 22 | /** 23 | * This method is used by Burp to obtain the name of the session handling 24 | * action. This will be displayed as an option within the session handling 25 | * rule editor when the user selects to execute an extension-provided 26 | * action. 27 | * 28 | * @return The name of the action. 29 | */ 30 | String getActionName(); 31 | 32 | /** 33 | * This method is invoked when the session handling action should be 34 | * executed. This may happen as an action in its own right, or as a 35 | * sub-action following execution of a macro. 36 | * 37 | * @param currentRequest The base request that is currently being processed. 38 | * The action can query this object to obtain details about the base 39 | * request. It can issue additional requests of its own if necessary, and 40 | * can use the setter methods on this object to update the base request. 41 | * @param macroItems If the action is invoked following execution of a 42 | * macro, this parameter contains the result of executing the macro. 43 | * Otherwise, it is 44 | * null. Actions can use the details of the macro items to 45 | * perform custom analysis of the macro to derive values of non-standard 46 | * session handling tokens, etc. 47 | */ 48 | void performAction( 49 | IHttpRequestResponse currentRequest, 50 | IHttpRequestResponse[] macroItems); 51 | } 52 | -------------------------------------------------------------------------------- /src/burp/ITab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide Burp with details of a custom tab that will 16 | * be added to Burp's UI, using a method such as 17 | * IBurpExtenderCallbacks.addSuiteTab(). 18 | */ 19 | public interface ITab 20 | { 21 | /** 22 | * Burp uses this method to obtain the caption that should appear on the 23 | * custom tab when it is displayed. 24 | * 25 | * @return The caption that should appear on the custom tab when it is 26 | * displayed. 27 | */ 28 | String getTabCaption(); 29 | 30 | /** 31 | * Burp uses this method to obtain the component that should be used as the 32 | * contents of the custom tab when it is displayed. 33 | * 34 | * @return The component that should be used as the contents of the custom 35 | * tab when it is displayed. 36 | */ 37 | Component getUiComponent(); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/ITempFile.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITempFile.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details of a temporary file that has been 14 | * created via a call to 15 | * IBurpExtenderCallbacks.saveToTempFile(). 16 | * 17 | */ 18 | public interface ITempFile 19 | { 20 | /** 21 | * This method is used to retrieve the contents of the buffer that was saved 22 | * in the temporary file. 23 | * 24 | * @return The contents of the buffer that was saved in the temporary file. 25 | */ 26 | byte[] getBuffer(); 27 | 28 | /** 29 | * This method is used to permanently delete the temporary file when it is 30 | * no longer required. 31 | */ 32 | void delete(); 33 | } 34 | -------------------------------------------------------------------------------- /src/burp/ITextEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITextEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's raw 16 | * text editor, for the extension to use in its own UI. Extensions should call 17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance 18 | * of this interface. 19 | */ 20 | public interface ITextEditor 21 | { 22 | /** 23 | * This method returns the UI component of the editor, for extensions to add 24 | * to their own UI. 25 | * 26 | * @return The UI component of the editor. 27 | */ 28 | Component getComponent(); 29 | 30 | /** 31 | * This method is used to control whether the editor is currently editable. 32 | * This status can be toggled on and off as required. 33 | * 34 | * @param editable Indicates whether the editor should be currently 35 | * editable. 36 | */ 37 | void setEditable(boolean editable); 38 | 39 | /** 40 | * This method is used to update the currently displayed text in the editor. 41 | * 42 | * @param text The text to be displayed. 43 | */ 44 | void setText(byte[] text); 45 | 46 | /** 47 | * This method is used to retrieve the currently displayed text. 48 | * 49 | * @return The currently displayed text. 50 | */ 51 | byte[] getText(); 52 | 53 | /** 54 | * This method is used to determine whether the user has modified the 55 | * contents of the editor. 56 | * 57 | * @return An indication of whether the user has modified the contents of 58 | * the editor since the last call to 59 | * setText(). 60 | */ 61 | boolean isTextModified(); 62 | 63 | /** 64 | * This method is used to obtain the currently selected text. 65 | * 66 | * @return The currently selected text, or 67 | * null if the user has not made any selection. 68 | */ 69 | byte[] getSelectedText(); 70 | 71 | /** 72 | * This method can be used to retrieve the bounds of the user's selection 73 | * into the displayed text, if applicable. 74 | * 75 | * @return An int[2] array containing the start and end offsets of the 76 | * user's selection within the displayed text. If the user has not made any 77 | * selection in the current message, both offsets indicate the position of 78 | * the caret within the editor. 79 | */ 80 | int[] getSelectionBounds(); 81 | 82 | /** 83 | * This method is used to update the search expression that is shown in the 84 | * search bar below the editor. The editor will automatically highlight any 85 | * regions of the displayed text that match the search expression. 86 | * 87 | * @param expression The search expression. 88 | */ 89 | void setSearchExpression(String expression); 90 | } 91 | --------------------------------------------------------------------------------