IBurpExtenderCallbacks.registerScopeChangeListener() to register
15 | * a scope change listener. The listener will be notified whenever a change
16 | * occurs to Burp's suite-wide target scope.
17 | */
18 | public interface IScopeChangeListener
19 | {
20 | /**
21 | * This method is invoked whenever a change occurs to Burp's suite-wide
22 | * target scope.
23 | */
24 | void scopeChanged();
25 | }
26 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/java/com/h3xstream/scriptgen/model/MultiPartParameter.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.model;
2 |
3 | public class MultiPartParameter {
4 | private final String name;
5 | private final String value;
6 | private final String contentType;
7 | private final String fileName;
8 |
9 | public MultiPartParameter(String name, String value, String contentType, String fileName) {
10 | this.name = name;
11 | this.value = value;
12 | this.contentType = contentType;
13 | this.fileName = fileName;
14 | }
15 |
16 | public String getName() {
17 | return name;
18 | }
19 |
20 | public String getValue() {
21 | return value;
22 | }
23 |
24 | public String getContentType() {
25 | return contentType;
26 | }
27 |
28 | public String getFileName() {
29 | return fileName;
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/template/CodeTemplateBuilderPerlTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
4 | import com.h3xstream.scriptgen.HttpRequestInfoFixtures;
5 | import org.testng.annotations.Test;
6 |
7 | public class CodeTemplateBuilderPerlTest extends CodeTemplateBuilderBaseTest {
8 | HttpRequestInfo reqGet = HttpRequestInfoFixtures.getGetRequest();
9 | HttpRequestInfo reqPost = HttpRequestInfoFixtures.getPostRequest();
10 |
11 | @Test
12 | public void testGetTemplate() throws Exception {
13 | testTemplateContains("com/h3xstream/scriptgen/templates/perl_lwp.tpl","my $req = GET",reqGet);
14 | }
15 |
16 | @Test
17 | public void testPostTemplate() throws Exception {
18 | testTemplateContains("com/h3xstream/scriptgen/templates/perl_lwp.tpl","my $req = POST",reqPost);
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/template/CodeTemplateBuilderPhpTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
4 | import com.h3xstream.scriptgen.HttpRequestInfoFixtures;
5 | import org.testng.annotations.Test;
6 |
7 | public class CodeTemplateBuilderPhpTest extends CodeTemplateBuilderBaseTest {
8 |
9 |
10 | HttpRequestInfo reqGet = HttpRequestInfoFixtures.getGetRequest();
11 | HttpRequestInfo reqPost = HttpRequestInfoFixtures.getPostRequest();
12 |
13 | @Test
14 | public void testGetTemplate() throws Exception {
15 | testTemplateContains("com/h3xstream/scriptgen/templates/php_curl.tpl","IHttpRequestResponse object whose request and response messages
15 | * have been saved to temporary files using
16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles().
17 | */
18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
19 | {
20 | /**
21 | * This method is used to permanently delete the saved temporary files. It
22 | * will no longer be possible to retrieve the request or response for this
23 | * item.
24 | */
25 | void deleteTempFiles();
26 | }
27 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/template/CodeTemplateBuilderRubyTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
4 | import com.h3xstream.scriptgen.HttpRequestInfoFixtures;
5 | import org.testng.annotations.Test;
6 |
7 | import static org.testng.Assert.assertTrue;
8 |
9 | public class CodeTemplateBuilderRubyTest extends CodeTemplateBuilderBaseTest {
10 |
11 |
12 | HttpRequestInfo reqGet = HttpRequestInfoFixtures.getGetRequest();
13 | HttpRequestInfo reqPost = HttpRequestInfoFixtures.getPostRequest();
14 |
15 | @Test
16 | public void testGetTemplate() throws Exception {
17 | testTemplateContains("com/h3xstream/scriptgen/templates/ruby_nethttp.tpl","Net::HTTP::Get",reqGet);
18 | }
19 |
20 | @Test
21 | public void testPostTemplate() throws Exception {
22 | testTemplateContains("com/h3xstream/scriptgen/templates/ruby_nethttp.tpl","Net::HTTP::Post",reqPost);
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/resources/com/h3xstream/scriptgen/templates/html_form.tpl:
--------------------------------------------------------------------------------
1 | <#list requests as req>
2 |
20 |
23 |
24 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/template/CodeTemplateBuilderPowershellTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
4 | import com.h3xstream.scriptgen.HttpRequestInfoFixtures;
5 | import org.testng.annotations.Test;
6 |
7 | import static org.testng.Assert.assertTrue;
8 |
9 | public class CodeTemplateBuilderPowershellTest extends CodeTemplateBuilderBaseTest {
10 |
11 | HttpRequestInfo reqGet = HttpRequestInfoFixtures.getGetRequest();
12 | HttpRequestInfo reqPost = HttpRequestInfoFixtures.getPostRequest();
13 |
14 | @Test
15 | public void testGetTemplate() throws Exception {
16 | testTemplateContains("com/h3xstream/scriptgen/templates/psh_webrequest.tpl","-Body $paramsGet",reqGet);
17 | }
18 |
19 | @Test
20 | public void testPostTemplate() throws Exception {
21 | testTemplateContains("com/h3xstream/scriptgen/templates/psh_webrequest.tpl","-Body $paramsPost",reqPost);
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/resources/com/h3xstream/scriptgen/templates/javascript_xhr.tpl:
--------------------------------------------------------------------------------
1 | <#list requests as req>
2 | var http = new XMLHttpRequest();
3 | <#if req.parametersPost??>
4 | var params = "${util.jsUrlParam(req.parametersPost)}";
5 |
6 | <#if req.postData??>
7 | var params = "${util.jsStr(req.postData)}";
8 |
9 | http.open("${util.jsStr(req.method?upper_case)}", "${util.jsStr(req.queryString)}<#if req.parametersGet??>?${util.jsUrlParam(req.parametersGet)}", true);
10 |
11 | <#if req.postData??>
12 | http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
13 |
14 | <#if req.headers??>
15 | <#list req.headers?keys as h>
16 | http.setRequestHeader("${util.jsStr(h)}","${util.jsStr(req.headers[h])}");
17 |
18 |
19 |
20 | http.onreadystatechange = function() {
21 | if(http.readyState == 4 && http.status == 200) {
22 | console.info(http.status);
23 | console.info(http.responseText);
24 | }
25 | }
26 | http.send(params);
27 |
28 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/template/CodeTemplateBuilderPythonRequestsTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
4 | import com.h3xstream.scriptgen.HttpRequestInfoFixtures;
5 | import org.testng.annotations.Test;
6 |
7 | import static org.testng.Assert.assertTrue;
8 |
9 | public class CodeTemplateBuilderPythonRequestsTest extends CodeTemplateBuilderBaseTest {
10 |
11 |
12 | HttpRequestInfo reqGet = HttpRequestInfoFixtures.getGetRequest();
13 | HttpRequestInfo reqPost = HttpRequestInfoFixtures.getPostRequest();
14 |
15 | @Test
16 | public void testGetTemplate() throws Exception {
17 | testTemplateContains("com/h3xstream/scriptgen/templates/python_requests.tpl","session.get(",reqGet);
18 | }
19 |
20 | @Test
21 | public void testPostTemplate() throws Exception {
22 | testTemplateContains("com/h3xstream/scriptgen/templates/python_requests.tpl","session.post(",reqPost);
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is used to permanently delete the temporary file when it is
30 | * no longer required.
31 | */
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/java/com/h3xstream/scriptgen/model/DisplaySettings.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.model;
2 |
3 | public class DisplaySettings {
4 | private boolean proxy = false;
5 | private boolean minimalHeaders = false;
6 | private boolean disableSsl = false;
7 |
8 |
9 | public boolean isProxy() {
10 | return proxy;
11 | }
12 |
13 | public void setProxy(boolean proxy) {
14 | this.proxy = proxy;
15 | }
16 |
17 | public boolean isMinimalHeaders() {
18 | return minimalHeaders;
19 | }
20 |
21 | public void setMinimalHeaders(boolean minimalHeaders) {
22 | this.minimalHeaders = minimalHeaders;
23 | }
24 |
25 | public boolean isDisableSsl() {
26 | return disableSsl;
27 | }
28 |
29 | public void setDisableSsl(boolean disableSsl) {
30 | this.disableSsl = disableSsl;
31 | }
32 |
33 | @Override
34 | public String toString() {
35 | return "[proxy=" + proxy + ",minimalHeaders=" + minimalHeaders + ",disableSsl=" + disableSsl + "]";
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionStateListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to
15 | * register an extension state listener. The listener will be notified of
16 | * changes to the extension's state. Note: Any extensions that start
17 | * background threads or open system resources (such as files or database
18 | * connections) should register a listener and terminate threads / close
19 | * resources when the extension is unloaded.
20 | */
21 | public interface IExtensionStateListener
22 | {
23 | /**
24 | * This method is called when the extension is unloaded.
25 | */
26 | void extensionUnloaded();
27 | }
28 |
--------------------------------------------------------------------------------
/BappDescription.html:
--------------------------------------------------------------------------------
1 | This extension generates scripts to reissue a selected request. The scripts can be run outside of Burp.
2 |It can be useful to script attacks such as second order SQL injection, padding oracle, fuzzing encoded value, etc.
3 | 4 |Features
5 |Limitations
12 |Usage
18 |Requires Java version 7.
26 | -------------------------------------------------------------------------------- /burp-api/src/main/java/burp/IBurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtender.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * All extensions must implement this interface. 14 | * 15 | * Implementations must be called BurpExtender, in the package burp, must be 16 | * declared public, and must provide a default (public, no-argument) 17 | * constructor. 18 | */ 19 | public interface IBurpExtender 20 | { 21 | /** 22 | * This method is invoked when the extension is loaded. It registers an 23 | * instance of the 24 | *IBurpExtenderCallbacks interface, providing methods that may
25 | * be invoked by the extension to perform various actions.
26 | *
27 | * @param callbacks An
28 | * IBurpExtenderCallbacks object.
29 | */
30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
31 | }
32 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/gui/SaveScriptGuiTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.gui;
2 |
3 | import static org.mockito.Matchers.eq;
4 |
5 | public class SaveScriptGuiTest {
6 |
7 | // FrameFixture window;
8 | //
9 | // GeneratorController controller;
10 | // GeneratorFrame frame;
11 | //
12 | // public void prepareWindow() {
13 | // //Spy version to do verification on calls
14 | // controller = spy(new GeneratorController());
15 | // frame = new GeneratorFrame(LanguageOption.values);
16 | //
17 | // HttpRequestInfo req = HttpRequestInfoFixtures.getPostRequest();
18 | // ReissueRequestScripter scriptGen = new ReissueRequestScripter(req,controller,frame);
19 | // window = new FrameFixture(scriptGen.openDialogWindow());
20 | // window.show();
21 | // }
22 | //
23 | // @BeforeClass
24 | // public void beforeAllTests() {
25 | // //The same window is reused for all tests
26 | // prepareWindow();
27 | // }
28 | //
29 | //
30 | // @AfterClass
31 | // public void afterClass() {
32 | // window.close();
33 | // }
34 |
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/template/CodeTemplateBuilderTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
4 | import com.h3xstream.scriptgen.HttpRequestInfoFixtures;
5 | import org.testng.annotations.Test;
6 |
7 | import java.util.Arrays;
8 |
9 | import static org.mockito.Mockito.mock;
10 | import static org.mockito.Mockito.spy;
11 | import static org.mockito.Mockito.when;
12 | import static org.testng.Assert.assertEquals;
13 | import static org.testng.Assert.assertTrue;
14 |
15 | public class CodeTemplateBuilderTest {
16 |
17 | @Test
18 | public void basicTemplate() throws Exception {
19 | HttpRequestInfo req1 = spy(HttpRequestInfoFixtures.getPostRequest());
20 |
21 | String testUrl = "http://blog.h3xstream.com/secret.txt";
22 | when(req1.getUrl()).thenReturn(testUrl);
23 | String output = new CodeTemplateBuilder().request(Arrays.asList(req1)).templatePath("templates/basic_template.tpl").build();
24 |
25 | assertTrue(output.contains(testUrl),"The url bind to the model was not include in the template.");
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpService.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to provide details about an HTTP service, to which
14 | * HTTP requests can be sent.
15 | */
16 | public interface IHttpService
17 | {
18 | /**
19 | * This method returns the hostname or IP address for the service.
20 | *
21 | * @return The hostname or IP address for the service.
22 | */
23 | String getHost();
24 |
25 | /**
26 | * This method returns the port number for the service.
27 | *
28 | * @return The port number for the service.
29 | */
30 | int getPort();
31 |
32 | /**
33 | * This method returns the protocol for the service.
34 | *
35 | * @return The protocol for the service. Expected values are "http" or
36 | * "https".
37 | */
38 | String getProtocol();
39 | }
40 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/resources/com/h3xstream/scriptgen/templates/javascript_jquery.tpl:
--------------------------------------------------------------------------------
1 | //JQuery preload (optional)
2 | (function(){
3 | var s = document.createElement('script');s.type = 'text/javascript';s.async = true;s.src = 'https://code.jquery.com/jquery-2.1.4.min.js';
4 | (document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(s);
5 | })();
6 |
7 | <#list requests as req>
8 | $.ajax({
9 | url: "${util.jsStr(req.queryString)}<#if req.parametersGet?? && req.parametersPost??>?${util.jsUrlParam(req.parametersGet)}",
10 | type: "${util.jsStr(req.method?lower_case)}",
11 | data:
12 | <#if req.parametersPost??>
13 | ${util.jsMap(req.parametersPost)}
14 | <#elseif req.parametersGet?? && !req.parametersPost??>
15 | ${util.jsMap(req.parametersGet)}
16 | <#else>
17 | {}
18 |
19 | ,
20 | <#if req.headers??>headers: {
21 | <#list req.headers?keys as h>
22 | "${util.jsStr(h)}":"${util.jsStr(req.headers[h])}"<#if h_has_next>,
23 |
24 | },
25 | success: function (data) {
26 | console.info(data);
27 | }
28 | });
29 |
30 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide Burp with details of a custom tab that will
16 | * be added to Burp's UI, using a method such as
17 | * IBurpExtenderCallbacks.addSuiteTab().
18 | */
19 | public interface ITab
20 | {
21 | /**
22 | * Burp uses this method to obtain the caption that should appear on the
23 | * custom tab when it is displayed.
24 | *
25 | * @return The caption that should appear on the custom tab when it is
26 | * displayed.
27 | */
28 | String getTabCaption();
29 |
30 | /**
31 | * Burp uses this method to obtain the component that should be used as the
32 | * contents of the custom tab when it is displayed.
33 | *
34 | * @return The component that should be used as the contents of the custom
35 | * tab when it is displayed.
36 | */
37 | Component getUiComponent();
38 | }
39 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IMenuItemHandler.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMenuItemHandler.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom
15 | * context menu item.
16 | *
17 | * @deprecated Use
18 | * IContextMenuFactory instead.
19 | */
20 | @Deprecated
21 | public interface IMenuItemHandler
22 | {
23 | /**
24 | * This method is invoked by Burp Suite when the user clicks on a custom
25 | * menu item which the extension has registered with Burp.
26 | *
27 | * @param menuItemCaption The caption of the menu item which was clicked.
28 | * This parameter enables extensions to provide a single implementation
29 | * which handles multiple different menu items.
30 | * @param messageInfo Details of the HTTP message(s) for which the context
31 | * menu was displayed.
32 | */
33 | void menuItemClicked(
34 | String menuItemCaption,
35 | IHttpRequestResponse[] messageInfo);
36 | }
37 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IProxyListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IProxyListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerProxyListener() to register a
15 | * Proxy listener. The listener will be notified of requests and responses being
16 | * processed by the Proxy tool. Extensions can perform custom analysis or
17 | * modification of these messages, and control in-UI message interception, by
18 | * registering a proxy listener.
19 | */
20 | public interface IProxyListener
21 | {
22 | /**
23 | * This method is invoked when an HTTP message is being processed by the
24 | * Proxy.
25 | *
26 | * @param messageIsRequest Indicates whether the HTTP message is a request
27 | * or a response.
28 | * @param message An
29 | * IInterceptedProxyMessage object that extensions can use to
30 | * query and update details of the message, and control whether the message
31 | * should be intercepted and displayed to the user for manual review or
32 | * modification.
33 | */
34 | void processProxyMessage(
35 | boolean messageIsRequest,
36 | IInterceptedProxyMessage message);
37 | }
38 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/java/com/h3xstream/scriptgen/template/XmlUtil.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | public class XmlUtil {
4 |
5 | public static String escapeValue(String originalUnprotectedString) {
6 | if (originalUnprotectedString == null) {
7 | return null;
8 | }
9 | boolean anyCharactersProtected = false;
10 |
11 | StringBuffer stringBuffer = new StringBuffer();
12 | for (int i = 0; i < originalUnprotectedString.length(); i++) {
13 | char ch = originalUnprotectedString.charAt(i);
14 |
15 | boolean controlCharacter = ch < 32;
16 | boolean unicodeButNotAscii = ch > 126;
17 | boolean characterWithSpecialMeaningInXML = ch == '<' || ch == '&' || ch == '>' || ch == '"' || ch == '\'' || ch == '\\';
18 |
19 | if (characterWithSpecialMeaningInXML || unicodeButNotAscii || controlCharacter) {
20 | stringBuffer.append("&#" + (int) ch + ";");
21 | anyCharactersProtected = true;
22 | } else {
23 | stringBuffer.append(ch);
24 | }
25 | }
26 | if (anyCharactersProtected == false) {
27 | return originalUnprotectedString;
28 | }
29 |
30 | return stringBuffer.toString();
31 | }
32 |
33 | public static void main(String[] args) {
34 | System.out.println(escapeValue("test"));
35 | System.out.println(escapeValue("\"abc"));
36 | System.out.println(escapeValue("\\"));
37 | }
38 |
39 | }
40 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/resources/com/h3xstream/scriptgen/templates/php_curl.tpl:
--------------------------------------------------------------------------------
1 |
3 | <#if req.parametersPost?? || req.parametersMultipart??>
4 | $paramsPost = ${util.phpMergePostMultipart(req.parametersPost,req.parametersMultipart)};
5 |
6 |
7 | <#if req.postData??>
8 | $postData = "${util.phpStr(req.postData)}";
9 |
10 |
11 | $req = curl_init("${util.phpStr(req.urlWithQuery)}");
12 | curl_setopt($req, CURLOPT_RETURNTRANSFER, true);
13 | <#if req.parametersPost?? || req.parametersMultipart??>
14 | curl_setopt($req, CURLOPT_POSTFIELDS, $paramsPost);
15 |
16 | <#if req.postData??>
17 | curl_setopt($req, CURLOPT_POSTFIELDS, $postData);
18 |
19 | <#if req.headers??>
20 | curl_setopt($req, CURLOPT_HTTPHEADER, ${util.phpHeadersList(req.headers)});
21 |
22 | <#if req.cookies??>
23 | curl_setopt($req, CURLOPT_COOKIE,"${util.phpCookies(req.cookies)}");
24 |
25 | <#if req.basicAuth??>
26 | curl_setopt($req, CURLOPT_USERPWD, '${util.phpStr(req.basicAuth.username)}:${util.phpStr(req.basicAuth.password)}');
27 | curl_setopt($req, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
28 |
29 | <#if req.ssl && settings.disableSsl>
30 | curl_setopt($req, CURLOPT_SSL_VERIFYHOST, false);
31 | curl_setopt($req, CURLOPT_SSL_VERIFYPEER, false);
32 |
33 | <#if settings.proxy>
34 | curl_setopt($req, CURLOPT_PROXY, '127.0.0.1:8080');
35 |
36 | $result = curl_exec($req);
37 |
38 | echo "Status code: ".curl_getinfo($req, CURLINFO_HTTP_CODE)."\n";
39 | echo "Response body: ".$result."\n";
40 |
41 | curl_close($req);
42 |
43 |
44 | ?>
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 | import javax.swing.JMenuItem;
14 |
15 | /**
16 | * Extensions can implement this interface and then call
17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register
18 | * a factory for custom context menu items.
19 | */
20 | public interface IContextMenuFactory
21 | {
22 | /**
23 | * This method will be called by Burp when the user invokes a context menu
24 | * anywhere within Burp. The factory can then provide any custom context
25 | * menu items that should be displayed in the context menu, based on the
26 | * details of the menu invocation.
27 | *
28 | * @param invocation An object that implements the
29 | * IMessageEditorTabFactory interface, which the extension can
30 | * query to obtain details of the context menu invocation.
31 | * @return A list of custom menu items (which may include sub-menus,
32 | * checkbox menu items, etc.) that should be displayed. Extensions may
33 | * return
34 | * null from this method, to indicate that no menu items are
35 | * required.
36 | */
37 | ListIBurpExtenderCallbacks.registerScannerInsertionPointProvider()
17 | * to register a factory for custom Scanner insertion points.
18 | */
19 | public interface IScannerInsertionPointProvider
20 | {
21 | /**
22 | * When a request is actively scanned, the Scanner will invoke this method,
23 | * and the provider should provide a list of custom insertion points that
24 | * will be used in the scan. Note: these insertion points are used in
25 | * addition to those that are derived from Burp Scanner's configuration, and
26 | * those provided by any other Burp extensions.
27 | *
28 | * @param baseRequestResponse The base request that will be actively
29 | * scanned.
30 | * @return A list of
31 | * IScannerInsertionPoint objects that should be used in the
32 | * scanning, or
33 | * null if no custom insertion points are applicable for this
34 | * request.
35 | */
36 | ListIBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
15 | * to register a factory for custom Intruder payloads.
16 | */
17 | public interface IIntruderPayloadGeneratorFactory
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload generator.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use extension-generated payloads.
23 | *
24 | * @return The name of the payload generator.
25 | */
26 | String getGeneratorName();
27 |
28 | /**
29 | * This method is used by Burp when the user starts an Intruder attack that
30 | * uses this payload generator.
31 | *
32 | * @param attack An
33 | * IIntruderAttack object that can be queried to obtain details
34 | * about the attack in which the payload generator will be used.
35 | * @return A new instance of
36 | * IIntruderPayloadGenerator that will be used to generate
37 | * payloads for the attack.
38 | */
39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
40 | }
41 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IHttpListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerHttpListener() to register an
15 | * HTTP listener. The listener will be notified of requests and responses made
16 | * by any Burp tool. Extensions can perform custom analysis or modification of
17 | * these messages by registering an HTTP listener.
18 | */
19 | public interface IHttpListener
20 | {
21 | /**
22 | * This method is invoked when an HTTP request is about to be issued, and
23 | * when an HTTP response has been received.
24 | *
25 | * @param toolFlag A flag indicating the Burp tool that issued the request.
26 | * Burp tool flags are defined in the
27 | * IBurpExtenderCallbacks interface.
28 | * @param messageIsRequest Flags whether the method is being invoked for a
29 | * request or response.
30 | * @param messageInfo Details of the request / response to be processed.
31 | * Extensions can call the setter methods on this object to update the
32 | * current message and so modify Burp's behavior.
33 | */
34 | void processHttpMessage(int toolFlag,
35 | boolean messageIsRequest,
36 | IHttpRequestResponse messageInfo);
37 | }
38 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTabFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
15 | * register a factory for custom message editor tabs. This allows extensions to
16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
17 | * editor.
18 | */
19 | public interface IMessageEditorTabFactory
20 | {
21 | /**
22 | * Burp will call this method once for each HTTP message editor, and the
23 | * factory should provide a new instance of an
24 | * IMessageEditorTab object.
25 | *
26 | * @param controller An
27 | * IMessageEditorController object, which the new tab can query
28 | * to retrieve details about the currently displayed message. This may be
29 | * null for extension-invoked message editors where the
30 | * extension has not provided an editor controller.
31 | * @param editable Indicates whether the hosting editor is editable or
32 | * read-only.
33 | * @return A new
34 | * IMessageEditorTab object for use within the message editor.
35 | */
36 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
37 | boolean editable);
38 | }
39 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/ICookie.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ICookie.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.Date;
13 |
14 | /**
15 | * This interface is used to hold details about an HTTP cookie.
16 | */
17 | public interface ICookie
18 | {
19 | /**
20 | * This method is used to retrieve the domain for which the cookie is in
21 | * scope.
22 | *
23 | * @return The domain for which the cookie is in scope. Note: For
24 | * cookies that have been analyzed from responses (by calling
25 | * IExtensionHelpers.analyzeResponse() and then
26 | * IResponseInfo.getCookies(), the domain will be
27 | * null if the response did not explicitly set a domain
28 | * attribute for the cookie.
29 | */
30 | String getDomain();
31 |
32 | /**
33 | * This method is used to retrieve the expiration time for the cookie.
34 | *
35 | * @return The expiration time for the cookie, or
36 | * null if none is set (i.e., for non-persistent session
37 | * cookies).
38 | */
39 | Date getExpiration();
40 |
41 | /**
42 | * This method is used to retrieve the name of the cookie.
43 | *
44 | * @return The name of the cookie.
45 | */
46 | String getName();
47 |
48 | /**
49 | * This method is used to retrieve the value of the cookie.
50 | * @return The value of the cookie.
51 | */
52 | String getValue();
53 | }
54 |
--------------------------------------------------------------------------------
/scriptgen-zap-plugin/src/main/java/org/zaproxy/zap/extension/scriptgen/ReissueRequestScripterMenuAction.java:
--------------------------------------------------------------------------------
1 | package org.zaproxy.zap.extension.scriptgen;
2 |
3 | import com.h3xstream.scriptgen.ReissueRequestScripter;
4 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
5 | import org.parosproxy.paros.network.HttpMessage;
6 | import org.zaproxy.zap.view.PopupMenuHttpMessage;
7 | import org.zaproxy.zap.view.popup.PopupMenuItemHttpMessageContainer;
8 |
9 | import java.io.IOException;
10 | import java.util.Arrays;
11 | import java.util.List;
12 |
13 | public class ReissueRequestScripterMenuAction extends PopupMenuItemHttpMessageContainer {
14 |
15 | private ReissueRequestScripterMenuExtension extension;
16 |
17 | public ReissueRequestScripterMenuAction(String label) {
18 | super(label, true); //true == the action can be done on multiple items
19 | }
20 |
21 | protected void performActions(ListIHttpRequestResponse object that has had markers applied.
17 | * Extensions can create instances of this interface using
18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own
19 | * implementation. Markers are used in various situations, such as specifying
20 | * Intruder payload positions, Scanner insertion points, and highlights in
21 | * Scanner issues.
22 | */
23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
24 | {
25 | /**
26 | * This method returns the details of the request markers.
27 | *
28 | * @return A list of index pairs representing the offsets of markers for the
29 | * request message. Each item in the list is an int[2] array containing the
30 | * start and end offsets for the marker. The method may return
31 | * null if no request markers are defined.
32 | */
33 | Listnull if no response markers are defined.
42 | */
43 | ListIBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
15 | * register a custom Intruder payload processor.
16 | */
17 | public interface IIntruderPayloadProcessor
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload processor.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use an extension-provided payload processor.
23 | *
24 | * @return The name of the payload processor.
25 | */
26 | String getProcessorName();
27 |
28 | /**
29 | * This method is invoked by Burp each time the processor should be applied
30 | * to an Intruder payload.
31 | *
32 | * @param currentPayload The value of the payload to be processed.
33 | * @param originalPayload The value of the original payload prior to
34 | * processing by any already-applied processing rules.
35 | * @param baseValue The base value of the payload position, which will be
36 | * replaced with the current payload.
37 | * @return The value of the processed payload. This may be
38 | * null to indicate that the current payload should be skipped,
39 | * and the attack will move directly to the next payload.
40 | */
41 | byte[] processPayload(
42 | byte[] currentPayload,
43 | byte[] originalPayload,
44 | byte[] baseValue);
45 | }
46 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/java/com/h3xstream/scriptgen/ReissueRequestScripter.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen;
2 |
3 | import com.h3xstream.scriptgen.gui.GeneratorController;
4 | import com.h3xstream.scriptgen.gui.GeneratorFrame;
5 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
6 |
7 | import javax.swing.*;
8 | import java.util.ArrayList;
9 | import java.util.List;
10 |
11 | public class ReissueRequestScripter {
12 | private ListIIntruderPayloadGeneratorFactory must return a new instance of
16 | * this interface when required as part of a new Intruder attack.
17 | */
18 | public interface IIntruderPayloadGenerator
19 | {
20 | /**
21 | * This method is used by Burp to determine whether the payload generator is
22 | * able to provide any further payloads.
23 | *
24 | * @return Extensions should return
25 | * false when all the available payloads have been used up,
26 | * otherwise
27 | * true.
28 | */
29 | boolean hasMorePayloads();
30 |
31 | /**
32 | * This method is used by Burp to obtain the value of the next payload.
33 | *
34 | * @param baseValue The base value of the current payload position. This
35 | * value may be
36 | * null if the concept of a base value is not applicable (e.g.
37 | * in a battering ram attack).
38 | * @return The next payload to use in the attack.
39 | */
40 | byte[] getNextPayload(byte[] baseValue);
41 |
42 | /**
43 | * This method is used by Burp to reset the state of the payload generator
44 | * so that the next call to
45 | * getNextPayload() returns the first payload again. This
46 | * method will be invoked when an attack uses the same payload generator for
47 | * more than one payload position, for example in a sniper attack.
48 | */
49 | void reset();
50 | }
51 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/resources/com/h3xstream/scriptgen/templates/python_requests.tpl:
--------------------------------------------------------------------------------
1 | import requests
2 | <#if util.atLeastOneBasicAuth(requests)>
3 | from requests.auth import HTTPBasicAuth
4 |
5 | <#if settings.proxy>
6 |
7 | proxies = {
8 | "http": "http://127.0.0.1:8080",
9 | "https": "http://127.0.0.1:8080",
10 | }
11 |
12 |
13 | session = requests.Session()
14 |
15 | <#list requests as req>
16 | <#if req.parametersGet??>
17 | paramsGet = ${util.pythonDict(req.parametersGet)}
18 |
19 | <#if req.parametersPost?? && !util.hasSpecialCharsPyRequest(req.parametersPost)>
20 | paramsPost = ${util.pythonDict(req.parametersPost)}
21 |
22 | <#if util.hasSpecialCharsPyRequest(req.parametersPost)>
23 | paramsPostDict = ${util.pythonDict(req.parametersPost)}
24 | paramsPost = "&".join("%s=%s" % (k,v) for k,v in paramsPostDict.items()) #Manually concatenated to avoid some encoded characters
25 |
26 | <#if req.parametersMultipart??>
27 | paramsMultipart = ${util.pythonDictMultipart(req.parametersMultipart)}
28 |
29 | <#if req.postData??>
30 | rawBody = "${util.pythonStr(req.postData)}"
31 |
32 | <#if req.headers??>
33 | headers = ${util.pythonDict(req.headers)}
34 |
35 | <#if req.cookies??>
36 | cookies = ${util.pythonDict(req.cookies)}
37 |
38 | response = session.${util.alphaOnly(req.method?lower_case)}("${util.pythonStr(req.url)}"<#if req.parametersPost??>, data=paramsPost<#if req.parametersMultipart??>, files=paramsMultipart<#if req.postData??>, data=rawBody<#if req.parametersGet??>, params=paramsGet<#if req.headers??>, headers=headers<#if req.cookies??>, cookies=cookies<#if req.basicAuth??>, auth=HTTPBasicAuth("${util.pythonStr(req.basicAuth.username)}","${util.pythonStr(req.basicAuth.password)}")<#if settings.proxy>, proxies=proxies<#if req.ssl && settings.disableSsl>, verify=False)
39 |
40 | print("Status code: %i" % response.status_code)
41 | print("Response body: %s" % response.content)
42 |
43 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorController.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used by an
14 | * IMessageEditor to obtain details about the currently displayed
15 | * message. Extensions that create instances of Burp's HTTP message editor can
16 | * optionally provide an implementation of
17 | * IMessageEditorController, which the editor will invoke when it
18 | * requires further information about the current message (for example, to send
19 | * it to another Burp tool). Extensions that provide custom editor tabs via an
20 | * IMessageEditorTabFactory will receive a reference to an
21 | * IMessageEditorController object for each tab instance they
22 | * generate, which the tab can invoke if it requires further information about
23 | * the current message.
24 | */
25 | public interface IMessageEditorController
26 | {
27 | /**
28 | * This method is used to retrieve the HTTP service for the current message.
29 | *
30 | * @return The HTTP service for the current message.
31 | */
32 | IHttpService getHttpService();
33 |
34 | /**
35 | * This method is used to retrieve the HTTP request associated with the
36 | * current message (which may itself be a response).
37 | *
38 | * @return The HTTP request associated with the current message.
39 | */
40 | byte[] getRequest();
41 |
42 | /**
43 | * This method is used to retrieve the HTTP response associated with the
44 | * current message (which may itself be a request).
45 | *
46 | * @return The HTTP response associated with the current message.
47 | */
48 | byte[] getResponse();
49 | }
50 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | #Reissue Request Scripter (Burp plugin) [](https://travis-ci.org/h3xstream/http-script-generator)
2 |
3 | This extension generates scripts to reissue a selected request. The scripts can be run outside of Burp. It can be useful to script attacks such as second order SQL injection, padding oracle, fuzzing encoded value, etc.
4 |
5 | ## License
6 |
7 | This software is release under [LGPL](http://www.gnu.org/licenses/lgpl.html).
8 |
9 | ## Downloads
10 |
11 | (Last updated : December 12, 2016)
12 |
13 | ZAP plugin : [Download](https://github.com/h3xstream/http-script-generator/blob/gh-pages/releases/zap/scriptgen-alpha-6.zap?raw=true)
14 |
15 | Burp Suite Pro plugin : [Download](https://github.com/h3xstream/http-script-generator/blob/gh-pages/releases/burp/scriptgen-burp-plugin-6.jar?raw=true)
16 |
17 | ## Contributors
18 |
19 | - [mattpresson](https://github.com/mattpresson) : Addition of [PowerShell support](https://github.com/h3xstream/http-script-generator/commit/37cdbbb8e4bcd9ab47ec8b0f5974e29b24737e64)
20 |
21 | ## Screenshots
22 |
23 | ### Context Menu
24 |
25 | 
26 |
27 | ### Main Window
28 |
29 | 
30 |
31 | ### Language Options
32 |
33 | Scripts can be generated for various languages : Python, Ruby, Perl, PHP, PowerShell and JavaScript.
34 |
35 | 
36 |
37 | ### More Options
38 |
39 | Since version 4.0, common script variations can be applied. These variation include: proxy redirection, reduction of "noisy" headers and disabling SSL/TLS verification.
40 |
41 | 
42 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/java/com/h3xstream/scriptgen/template/CodeTemplateBuilder.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.template;
2 |
3 | import com.h3xstream.scriptgen.model.DisplaySettings;
4 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
5 | import freemarker.template.Configuration;
6 | import freemarker.template.Template;
7 |
8 | import java.io.*;
9 | import java.util.HashMap;
10 | import java.util.List;
11 | import java.util.Map;
12 |
13 | /**
14 | * This utility class is a wrapper of the template engine chosen (FreeMarker).
15 | */
16 | public class CodeTemplateBuilder {
17 |
18 | private ListIBurpExtenderCallbacks.createMessageEditor() to obtain an
19 | * instance of this interface.
20 | */
21 | public interface IMessageEditor
22 | {
23 | /**
24 | * This method returns the UI component of the editor, for extensions to add
25 | * to their own UI.
26 | *
27 | * @return The UI component of the editor.
28 | */
29 | Component getComponent();
30 |
31 | /**
32 | * This method is used to display an HTTP message in the editor.
33 | *
34 | * @param message The HTTP message to be displayed.
35 | * @param isRequest Flags whether the message is an HTTP request or
36 | * response.
37 | */
38 | void setMessage(byte[] message, boolean isRequest);
39 |
40 | /**
41 | * This method is used to retrieve the currently displayed message, which
42 | * may have been modified by the user.
43 | *
44 | * @return The currently displayed HTTP message.
45 | */
46 | byte[] getMessage();
47 |
48 | /**
49 | * This method is used to determine whether the current message has been
50 | * modified by the user.
51 | *
52 | * @return An indication of whether the current message has been modified by
53 | * the user since it was first displayed.
54 | */
55 | boolean isMessageModified();
56 |
57 | /**
58 | * This method returns the data that is currently selected by the user.
59 | *
60 | * @return The data that is currently selected by the user, or
61 | * null if no selection is made.
62 | */
63 | byte[] getSelectedData();
64 | }
65 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/resources/com/h3xstream/scriptgen/templates/ruby_nethttp.tpl:
--------------------------------------------------------------------------------
1 | require "net/http"
2 | require "uri"
3 | <#if util.atLeastOneSsl(requests)>
4 | require "openssl"
5 |
6 | <#if util.atLeastOneMultipart(requests)>
7 | require "net/http/post/multipart"
8 | # Psst! It require an additional gem : gem install multipart-post
9 |
10 |
11 | <#list requests as req>
12 | uri = URI.parse("${util.rubyStr(req.url)}")
13 | <#if req.parametersGet??>
14 | uri.query = URI.encode_www_form(${util.rubyMap(req.parametersGet)})
15 |
16 | http = Net::HTTP.new(uri.host, uri.port)
17 | <#if req.ssl && !settings.proxy>
18 | http.use_ssl = true
19 | <#if settings.disableSsl>
20 | http.verify_mode = OpenSSL::SSL::VERIFY_NONE
21 |
22 |
23 |
24 | <#if req.parametersMultipart??>
25 | multipartParams = {${util.rubyDictMultipart(req.parametersMultipart)}}
26 | <#if req.parametersPost??>
27 | multipartParams = multipartParams.merge(${util.rubyMap(req.parametersPost)})
28 |
29 |
30 | request = Net::HTTP::${util.alphaOnly(req.method)?capitalize}<#if req.parametersMultipart??>::Multipart.new(uri.request_uri<#if req.parametersMultipart??>, multipartParams)
31 | <#if req.headers??>
32 | <#list req.headers?keys as h>
33 | request["${util.rubyStr(h)}"] = "${util.rubyStr(req.headers[h])}"
34 |
35 |
36 | <#if req.cookies??>
37 | request["Cookie"] = "${util.phpCookies(req.cookies)}"
38 |
39 | <#if req.parametersPost?? && !req.parametersMultipart??>
40 | request.set_form_data(${util.rubyMap(req.parametersPost)})
41 |
42 | <#if req.postData??>
43 | request.body = "${util.rubyStr(req.postData)}"
44 |
45 | <#if req.basicAuth??>
46 | request.basic_auth("${util.rubyStr(req.basicAuth.username)}","${util.rubyStr(req.basicAuth.password)}")
47 |
48 | <#if settings.proxy>
49 |
50 | Net::HTTP::Proxy('127.0.0.1', 8080).start("${util.rubyStr(req.hostname)}"<#if req.ssl>, :use_ssl => true<#if settings.disableSsl>, :verify_mode => OpenSSL::SSL::VERIFY_NONE) {|http|
51 |
52 | response = http.request(request)
53 |
54 | puts "Status code: "+response.code
55 | puts "Response body: "+response.body
56 | <#if settings.proxy>
57 | }
58 |
59 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/resources/com/h3xstream/scriptgen/templates/python_sulley.tpl:
--------------------------------------------------------------------------------
1 | from sulley import *
2 | from urllib import quote
3 |
4 | <#list requests as req>
5 | s_initialize("HTTP request to ${util.pythonStr(req.url)}")
6 |
7 | #Query string
8 | s_static("${util.pythonStr(req.method?upper_case)} ")
9 | s_string("${util.pythonStr(req.queryString)}")
10 | <#if req.parametersGet??>
11 | s_delim("?")
12 | <#list (req.parametersGet)?keys as param_name>
13 | if s_block_start("get_param_${param_name_index + 1}",encoder=quote):
14 | s_static(quote("${util.pythonStr(param_name)}"))
15 | s_delim("=")
16 | s_string("${util.pythonStr(req.parametersGet[param_name])}")
17 | s_block_end()
18 | <#if param_name_has_next>
19 | s_delim("&")
20 |
21 |
22 |
23 | s_static(" HTTP/1.1\r\n")
24 |
25 | #Headers
26 | <#if req.headers??>
27 | <#list (req.headers)?keys as header_name>
28 | s_static("${header_name}: ")
29 | s_string("${util.pythonStr(req.headers[header_name])}")
30 | s_static("\r\n")
31 |
32 |
33 | <#if req.cookies??>
34 | s_static("Cookie: ")
35 | <#list (req.cookies)?keys as cookie_name>
36 | s_static("${util.pythonStr(cookie_name)}")
37 | s_delim("=")
38 | s_string("${util.pythonStr(req.cookies[cookie_name])}")
39 | <#if cookie_name_has_next>
40 | s_delim("; ")
41 |
42 |
43 |
44 | <#if req.postData?? || req.parametersPost??>
45 | s_static("Content-Length: ")
46 | s_size("post_data", format="ascii", signed=True, fuzzable=True)
47 | s_static("\r\n")
48 | <#else>
49 | s_static("Content-Length: 0\r\n")
50 |
51 |
52 | s_static("\r\n")
53 | <#if req.postData?? || req.parametersPost??>
54 |
55 | #Post data
56 | if s_block_start("post_data"):
57 | <#if req.postData??>
58 | s_string("${util.pythonStr(req.postData)}")
59 |
60 | <#if req.parametersPost??>
61 | <#list (req.parametersPost)?keys as param_name>
62 | if s_block_start("post_param_${param_name_index + 1}",encoder=quote):
63 | s_static(quote("${util.pythonStr(param_name)}"))
64 | s_delim("=")
65 | s_string("${util.pythonStr(req.parametersPost[param_name])}")
66 | s_block_end()
67 | <#if param_name_has_next>
68 | s_delim("&")
69 |
70 |
71 |
72 | s_block_end()
73 |
74 |
75 |
--------------------------------------------------------------------------------
/scriptgen-core/pom.xml:
--------------------------------------------------------------------------------
1 | IBurpExtenderCallbacks.registerSessionHandlingAction() to
15 | * register a custom session handling action. Each registered action will be
16 | * available within the session handling rule UI for the user to select as a
17 | * rule action. Users can choose to invoke an action directly in its own right,
18 | * or following execution of a macro.
19 | */
20 | public interface ISessionHandlingAction
21 | {
22 | /**
23 | * This method is used by Burp to obtain the name of the session handling
24 | * action. This will be displayed as an option within the session handling
25 | * rule editor when the user selects to execute an extension-provided
26 | * action.
27 | *
28 | * @return The name of the action.
29 | */
30 | String getActionName();
31 |
32 | /**
33 | * This method is invoked when the session handling action should be
34 | * executed. This may happen as an action in its own right, or as a
35 | * sub-action following execution of a macro.
36 | *
37 | * @param currentRequest The base request that is currently being processed.
38 | * The action can query this object to obtain details about the base
39 | * request. It can issue additional requests of its own if necessary, and
40 | * can use the setter methods on this object to update the base request.
41 | * @param macroItems If the action is invoked following execution of a
42 | * macro, this parameter contains the result of executing the macro.
43 | * Otherwise, it is
44 | * null. Actions can use the details of the macro items to
45 | * perform custom analysis of the macro to derive values of non-standard
46 | * session handling tokens, etc.
47 | */
48 | void performAction(
49 | IHttpRequestResponse currentRequest,
50 | IHttpRequestResponse[] macroItems);
51 | }
52 |
--------------------------------------------------------------------------------
/scriptgen-burp-plugin/pom.xml:
--------------------------------------------------------------------------------
1 | IResponseInfo object for a given response by calling
18 | * IExtensionHelpers.analyzeResponse().
19 | */
20 | public interface IResponseInfo
21 | {
22 | /**
23 | * This method is used to obtain the HTTP headers contained in the response.
24 | *
25 | * @return The HTTP headers contained in the response.
26 | */
27 | ListICookie objects representing the cookies
50 | * set in the response, if any.
51 | */
52 | ListIBurpExtenderCallbacks.doActiveScan().
17 | */
18 | public interface IScanQueueItem
19 | {
20 | /**
21 | * This method returns a description of the status of the scan queue item.
22 | *
23 | * @return A description of the status of the scan queue item.
24 | */
25 | String getStatus();
26 |
27 | /**
28 | * This method returns an indication of the percentage completed for the
29 | * scan queue item.
30 | *
31 | * @return An indication of the percentage completed for the scan queue
32 | * item.
33 | */
34 | byte getPercentageComplete();
35 |
36 | /**
37 | * This method returns the number of requests that have been made for the
38 | * scan queue item.
39 | *
40 | * @return The number of requests that have been made for the scan queue
41 | * item.
42 | */
43 | int getNumRequests();
44 |
45 | /**
46 | * This method returns the number of network errors that have occurred for
47 | * the scan queue item.
48 | *
49 | * @return The number of network errors that have occurred for the scan
50 | * queue item.
51 | */
52 | int getNumErrors();
53 |
54 | /**
55 | * This method returns the number of attack insertion points being used for
56 | * the scan queue item.
57 | *
58 | * @return The number of attack insertion points being used for the scan
59 | * queue item.
60 | */
61 | int getNumInsertionPoints();
62 |
63 | /**
64 | * This method allows the scan queue item to be canceled.
65 | */
66 | void cancel();
67 |
68 | /**
69 | * This method returns details of the issues generated for the scan queue
70 | * item. Note: different items within the scan queue may contain
71 | * duplicated versions of the same issues - for example, if the same request
72 | * has been scanned multiple times. Duplicated issues are consolidated in
73 | * the main view of scan results. Extensions can register an
74 | * IScannerListener to get details only of unique, newly
75 | * discovered Scanner issues post-consolidation.
76 | *
77 | * @return Details of the issues generated for the scan queue item.
78 | */
79 | IScanIssue[] getIssues();
80 | }
81 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IRequestInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface is used to retrieve key details about an HTTP request.
17 | * Extensions can obtain an
18 | * IRequestInfo object for a given request by calling
19 | * IExtensionHelpers.analyzeRequest().
20 | */
21 | public interface IRequestInfo
22 | {
23 | /**
24 | * Used to indicate that there is no content.
25 | */
26 | static final byte CONTENT_TYPE_NONE = 0;
27 | /**
28 | * Used to indicate URL-encoded content.
29 | */
30 | static final byte CONTENT_TYPE_URL_ENCODED = 1;
31 | /**
32 | * Used to indicate multi-part content.
33 | */
34 | static final byte CONTENT_TYPE_MULTIPART = 2;
35 | /**
36 | * Used to indicate XML content.
37 | */
38 | static final byte CONTENT_TYPE_XML = 3;
39 | /**
40 | * Used to indicate JSON content.
41 | */
42 | static final byte CONTENT_TYPE_JSON = 4;
43 | /**
44 | * Used to indicate AMF content.
45 | */
46 | static final byte CONTENT_TYPE_AMF = 5;
47 | /**
48 | * Used to indicate unknown content.
49 | */
50 | static final byte CONTENT_TYPE_UNKNOWN = -1;
51 |
52 | /**
53 | * This method is used to obtain the HTTP method used in the request.
54 | *
55 | * @return The HTTP method used in the request.
56 | */
57 | String getMethod();
58 |
59 | /**
60 | * This method is used to obtain the URL in the request.
61 | *
62 | * @return The URL in the request.
63 | */
64 | URL getUrl();
65 |
66 | /**
67 | * This method is used to obtain the HTTP headers contained in the request.
68 | *
69 | * @return The HTTP headers contained in the request.
70 | */
71 | ListIBurpExtenderCallbacks.createTextEditor() to obtain an instance
18 | * of this interface.
19 | */
20 | public interface ITextEditor
21 | {
22 | /**
23 | * This method returns the UI component of the editor, for extensions to add
24 | * to their own UI.
25 | *
26 | * @return The UI component of the editor.
27 | */
28 | Component getComponent();
29 |
30 | /**
31 | * This method is used to control whether the editor is currently editable.
32 | * This status can be toggled on and off as required.
33 | *
34 | * @param editable Indicates whether the editor should be currently
35 | * editable.
36 | */
37 | void setEditable(boolean editable);
38 |
39 | /**
40 | * This method is used to update the currently displayed text in the editor.
41 | *
42 | * @param text The text to be displayed.
43 | */
44 | void setText(byte[] text);
45 |
46 | /**
47 | * This method is used to retrieve the currently displayed text.
48 | *
49 | * @return The currently displayed text.
50 | */
51 | byte[] getText();
52 |
53 | /**
54 | * This method is used to determine whether the user has modified the
55 | * contents of the editor.
56 | *
57 | * @return An indication of whether the user has modified the contents of
58 | * the editor since the last call to
59 | * setText().
60 | */
61 | boolean isTextModified();
62 |
63 | /**
64 | * This method is used to obtain the currently selected text.
65 | *
66 | * @return The currently selected text, or
67 | * null if the user has not made any selection.
68 | */
69 | byte[] getSelectedText();
70 |
71 | /**
72 | * This method can be used to retrieve the bounds of the user's selection
73 | * into the displayed text, if applicable.
74 | *
75 | * @return An int[2] array containing the start and end offsets of the
76 | * user's selection within the displayed text. If the user has not made any
77 | * selection in the current message, both offsets indicate the position of
78 | * the caret within the editor.
79 | */
80 | int[] getSelectionBounds();
81 |
82 | /**
83 | * This method is used to update the search expression that is shown in the
84 | * search bar below the editor. The editor will automatically highlight any
85 | * regions of the displayed text that match the search expression.
86 | *
87 | * @param expression The search expression.
88 | */
89 | void setSearchExpression(String expression);
90 | }
91 |
--------------------------------------------------------------------------------
/scriptgen-core/src/main/java/com/h3xstream/scriptgen/LanguageOption.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen;
2 |
3 | import org.fife.ui.rsyntaxtextarea.SyntaxConstants;
4 |
5 | /**
6 | * This class can be seen as an Enum. It contains all the languages supported.
7 | */
8 | public class LanguageOption {
9 |
10 | private static final String BASE_TPL_CLASSPATH = "com/h3xstream/scriptgen/templates/";
11 |
12 | //List of script templates available
13 | public static final LanguageOption PYTHON_REQUEST = new LanguageOption("Python (Requests)", "python", BASE_TPL_CLASSPATH + "python_requests.tpl", SyntaxConstants.SYNTAX_STYLE_PYTHON, "py");
14 | public static final LanguageOption RUBY_NET_HTTP = new LanguageOption("Ruby (Net::HTTP)", "ruby", BASE_TPL_CLASSPATH + "ruby_nethttp.tpl", SyntaxConstants.SYNTAX_STYLE_RUBY , "rb");
15 | public static final LanguageOption PERL_LWP = new LanguageOption("Perl (LWP)", "perl", BASE_TPL_CLASSPATH + "perl_lwp.tpl", SyntaxConstants.SYNTAX_STYLE_PERL, "pl");
16 | public static final LanguageOption PHP_CURL = new LanguageOption("PHP (cURL)", "php", BASE_TPL_CLASSPATH + "php_curl.tpl", SyntaxConstants.SYNTAX_STYLE_PHP, "php");
17 | public static final LanguageOption POWERSHELL = new LanguageOption("PowerShell (WebRequest)", "powershell", BASE_TPL_CLASSPATH + "psh_webrequest.tpl", SyntaxConstants.SYNTAX_STYLE_UNIX_SHELL, "ps1");
18 | public static final LanguageOption PYTHON_SULLEY = new LanguageOption("Python (Sulley) - Experimental", "sulley", BASE_TPL_CLASSPATH + "python_sulley.tpl", SyntaxConstants.SYNTAX_STYLE_PYTHON, "py");
19 | public static final LanguageOption JAVASCRIPT_XHR = new LanguageOption("Javascript (XMLHttpRequest)", "javascript", BASE_TPL_CLASSPATH + "javascript_xhr.tpl", SyntaxConstants.SYNTAX_STYLE_JAVASCRIPT, "js");
20 | public static final LanguageOption JAVASCRIPT_JQUERY = new LanguageOption("Javascript (JQuery)", "javascript", BASE_TPL_CLASSPATH + "javascript_jquery.tpl", SyntaxConstants.SYNTAX_STYLE_JAVASCRIPT, "js");
21 | public static final LanguageOption HTML_FORM = new LanguageOption("HTML form", "html", BASE_TPL_CLASSPATH + "html_form.tpl", SyntaxConstants.SYNTAX_STYLE_HTML, "html");
22 |
23 | public static final LanguageOption[] values = {PYTHON_REQUEST, RUBY_NET_HTTP, PERL_LWP, PHP_CURL, POWERSHELL,
24 | PYTHON_SULLEY, JAVASCRIPT_XHR, JAVASCRIPT_JQUERY, HTML_FORM};
25 |
26 | //Properties of each language
27 | private final String title;
28 | private final String language;
29 | private final String template;
30 | private final String syntax;
31 | private final String extension;
32 |
33 | private LanguageOption(String title, String language, String template, String syntax,String extension) {
34 | this.title = title;
35 | this.language = language;
36 | this.template = template;
37 | this.syntax = syntax;
38 | this.extension = extension;
39 | }
40 |
41 | @Override
42 | public String toString() {
43 | return title;
44 | }
45 |
46 | public String getTitle() {
47 | return title;
48 | }
49 |
50 | public String getLanguage() {
51 | return language;
52 | }
53 |
54 | public String getTemplate() {
55 | return template;
56 | }
57 |
58 | public String getSyntax() {
59 | return syntax;
60 | }
61 |
62 |
63 | public String getExtension() {
64 | return extension;
65 | }
66 | }
67 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IHttpRequestResponse.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponse.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve and update details about HTTP messages.
14 | *
15 | * Note: The setter methods generally can only be used before the message
16 | * has been processed, and not in read-only contexts. The getter methods
17 | * relating to response details can only be used after the request has been
18 | * issued.
19 | */
20 | public interface IHttpRequestResponse
21 | {
22 | /**
23 | * This method is used to retrieve the request message.
24 | *
25 | * @return The request message.
26 | */
27 | byte[] getRequest();
28 |
29 | /**
30 | * This method is used to update the request message.
31 | *
32 | * @param message The new request message.
33 | */
34 | void setRequest(byte[] message);
35 |
36 | /**
37 | * This method is used to retrieve the response message.
38 | *
39 | * @return The response message.
40 | */
41 | byte[] getResponse();
42 |
43 | /**
44 | * This method is used to update the response message.
45 | *
46 | * @param message The new response message.
47 | */
48 | void setResponse(byte[] message);
49 |
50 | /**
51 | * This method is used to retrieve the user-annotated comment for this item,
52 | * if applicable.
53 | *
54 | * @return The user-annotated comment for this item, or null if none is set.
55 | */
56 | String getComment();
57 |
58 | /**
59 | * This method is used to update the user-annotated comment for this item.
60 | *
61 | * @param comment The comment to be assigned to this item.
62 | */
63 | void setComment(String comment);
64 |
65 | /**
66 | * This method is used to retrieve the user-annotated highlight for this
67 | * item, if applicable.
68 | *
69 | * @return The user-annotated highlight for this item, or null if none is
70 | * set.
71 | */
72 | String getHighlight();
73 |
74 | /**
75 | * This method is used to update the user-annotated highlight for this item.
76 | *
77 | * @param color The highlight color to be assigned to this item. Accepted
78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
79 | * or a null String to clear any existing highlight.
80 | */
81 | void setHighlight(String color);
82 |
83 | /**
84 | * This method is used to retrieve the HTTP service for this request /
85 | * response.
86 | *
87 | * @return An
88 | * IHttpService object containing details of the HTTP service.
89 | */
90 | IHttpService getHttpService();
91 |
92 | /**
93 | * This method is used to update the HTTP service for this request /
94 | * response.
95 | *
96 | * @param httpService An
97 | * IHttpService object containing details of the new HTTP
98 | * service.
99 | */
100 | void setHttpService(IHttpService httpService);
101 |
102 | }
103 |
--------------------------------------------------------------------------------
/scriptgen-burp-plugin/src/main/java/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 |
4 | import com.esotericsoftware.minlog.Log;
5 | import com.h3xstream.scriptgen.ReissueRequestScripterConstants;
6 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
7 | import com.h3xstream.scriptgen.ReissueRequestScripter;
8 |
9 | import javax.swing.*;
10 | import java.awt.event.ActionEvent;
11 | import java.io.IOException;
12 | import java.io.PrintWriter;
13 | import java.util.ArrayList;
14 | import java.util.Arrays;
15 | import java.util.List;
16 |
17 | public class BurpExtender implements IBurpExtender, IContextMenuFactory {
18 |
19 | private IExtensionHelpers helpers;
20 |
21 |
22 | @Override
23 | public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) {
24 | this.helpers = callbacks.getHelpers();
25 |
26 | PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true);
27 | stdout.println("== Reissue Request Scripter plugin ==");
28 | stdout.println("Plugin that generate script to reproduce a specific HTTP request.");
29 | stdout.println(" - Github : https://github.com/h3xstream/http-script-generator");
30 | stdout.println("");
31 | stdout.println("== License ==");
32 | stdout.println("Reissue Request Scripter Burp plugin is release under LGPL.");
33 | stdout.println("");
34 |
35 | Log.setLogger(new Log.Logger() {
36 | @Override
37 | protected void print(String message) {
38 | try {
39 | if (message.contains("ERROR:")) { //Not the most elegant way, but should be effective.
40 | callbacks.issueAlert(message);
41 | }
42 | callbacks.getStdout().write(message.getBytes());
43 | callbacks.getStdout().write('\n');
44 | } catch (IOException e) {
45 | System.err.println("Error while printing the log : " + e.getMessage()); //Very unlikely
46 | }
47 | }
48 | });
49 | Log.DEBUG();
50 |
51 | //Register context menu
52 | callbacks.registerContextMenuFactory(this);
53 |
54 | callbacks.setExtensionName(ReissueRequestScripterConstants.PLUGIN_NAME);
55 | }
56 |
57 |
58 | @Override
59 | public ListIMessageEditorTabFactory must return instances of this
17 | * interface, which Burp will use to create custom tabs within its HTTP message
18 | * editors.
19 | */
20 | public interface IMessageEditorTab
21 | {
22 | /**
23 | * This method returns the caption that should appear on the custom tab when
24 | * it is displayed. Note: Burp invokes this method once when the tab
25 | * is first generated, and the same caption will be used every time the tab
26 | * is displayed.
27 | *
28 | * @return The caption that should appear on the custom tab when it is
29 | * displayed.
30 | */
31 | String getTabCaption();
32 |
33 | /**
34 | * This method returns the component that should be used as the contents of
35 | * the custom tab when it is displayed. Note: Burp invokes this
36 | * method once when the tab is first generated, and the same component will
37 | * be used every time the tab is displayed.
38 | *
39 | * @return The component that should be used as the contents of the custom
40 | * tab when it is displayed.
41 | */
42 | Component getUiComponent();
43 |
44 | /**
45 | * The hosting editor will invoke this method before it displays a new HTTP
46 | * message, so that the custom tab can indicate whether it should be enabled
47 | * for that message.
48 | *
49 | * @param content The message that is about to be displayed.
50 | * @param isRequest Indicates whether the message is a request or a
51 | * response.
52 | * @return The method should return
53 | * true if the custom tab is able to handle the specified
54 | * message, and so will be displayed within the editor. Otherwise, the tab
55 | * will be hidden while this message is displayed.
56 | */
57 | boolean isEnabled(byte[] content, boolean isRequest);
58 |
59 | /**
60 | * The hosting editor will invoke this method to display a new message or to
61 | * clear the existing message. This method will only be called with a new
62 | * message if the tab has already returned
63 | * true to a call to
64 | * isEnabled() with the same message details.
65 | *
66 | * @param content The message that is to be displayed, or
67 | * null if the tab should clear its contents and disable any
68 | * editable controls.
69 | * @param isRequest Indicates whether the message is a request or a
70 | * response.
71 | */
72 | void setMessage(byte[] content, boolean isRequest);
73 |
74 | /**
75 | * This method returns the currently displayed message.
76 | *
77 | * @return The currently displayed message.
78 | */
79 | byte[] getMessage();
80 |
81 | /**
82 | * This method is used to determine whether the currently displayed message
83 | * has been modified by the user. The hosting editor will always call
84 | * getMessage() before calling this method, so any pending
85 | * edits should be completed within
86 | * getMessage().
87 | *
88 | * @return The method should return
89 | * true if the user has modified the current message since it
90 | * was first displayed.
91 | */
92 | boolean isModified();
93 |
94 | /**
95 | * This method is used to retrieve the data that is currently selected by
96 | * the user.
97 | *
98 | * @return The data that is currently selected by the user. This may be
99 | * null if no selection is currently made.
100 | */
101 | byte[] getSelectedData();
102 | }
103 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanIssue.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of Scanner issues. Extensions can
14 | * obtain details of issues by registering an
15 | * IScannerListener or by calling
16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add
17 | * custom Scanner issues by registering an
18 | * IScannerCheck or calling
19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own
20 | * implementations of this interface
21 | */
22 | public interface IScanIssue
23 | {
24 | /**
25 | * This method returns the URL for which the issue was generated.
26 | *
27 | * @return The URL for which the issue was generated.
28 | */
29 | java.net.URL getUrl();
30 |
31 | /**
32 | * This method returns the name of the issue type.
33 | *
34 | * @return The name of the issue type (e.g. "SQL injection").
35 | */
36 | String getIssueName();
37 |
38 | /**
39 | * This method returns a numeric identifier of the issue type. See the Burp
40 | * Scanner help documentation for a listing of all the issue types.
41 | *
42 | * @return A numeric identifier of the issue type.
43 | */
44 | int getIssueType();
45 |
46 | /**
47 | * This method returns the issue severity level.
48 | *
49 | * @return The issue severity level. Expected values are "High", "Medium",
50 | * "Low", "Information" or "False positive".
51 | *
52 | */
53 | String getSeverity();
54 |
55 | /**
56 | * This method returns the issue confidence level.
57 | *
58 | * @return The issue confidence level. Expected values are "Certain", "Firm"
59 | * or "Tentative".
60 | */
61 | String getConfidence();
62 |
63 | /**
64 | * This method returns a background description for this type of issue.
65 | *
66 | * @return A background description for this type of issue, or
67 | * null if none applies.
68 | */
69 | String getIssueBackground();
70 |
71 | /**
72 | * This method returns a background description of the remediation for this
73 | * type of issue.
74 | *
75 | * @return A background description of the remediation for this type of
76 | * issue, or
77 | * null if none applies.
78 | */
79 | String getRemediationBackground();
80 |
81 | /**
82 | * This method returns detailed information about this specific instance of
83 | * the issue.
84 | *
85 | * @return Detailed information about this specific instance of the issue,
86 | * or
87 | * null if none applies.
88 | */
89 | String getIssueDetail();
90 |
91 | /**
92 | * This method returns detailed information about the remediation for this
93 | * specific instance of the issue.
94 | *
95 | * @return Detailed information about the remediation for this specific
96 | * instance of the issue, or
97 | * null if none applies.
98 | */
99 | String getRemediationDetail();
100 |
101 | /**
102 | * This method returns the HTTP messages on the basis of which the issue was
103 | * generated.
104 | *
105 | * @return The HTTP messages on the basis of which the issue was generated.
106 | * Note: The items in this array should be instances of
107 | * IHttpRequestResponseWithMarkers if applicable, so that
108 | * details of the relevant portions of the request and response messages are
109 | * available.
110 | */
111 | IHttpRequestResponse[] getHttpMessages();
112 |
113 | /**
114 | * This method returns the HTTP service for which the issue was generated.
115 | *
116 | * @return The HTTP service for which the issue was generated.
117 | */
118 | IHttpService getHttpService();
119 |
120 | }
121 |
--------------------------------------------------------------------------------
/burp-api/src/main/java/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerCheck.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a
17 | * custom Scanner check. When performing scanning, Burp will ask the check to
18 | * perform active or passive scanning on the base request, and report any
19 | * Scanner issues that are identified.
20 | */
21 | public interface IScannerCheck
22 | {
23 | /**
24 | * The Scanner invokes this method for each base request / response that is
25 | * passively scanned. Note: Extensions should not only analyze the
26 | * HTTP messages provided during passive scanning, and should not make any
27 | * new HTTP requests of their own.
28 | *
29 | * @param baseRequestResponse The base HTTP request / response that should
30 | * be passively scanned.
31 | * @return A list of
32 | * IScanIssue objects, or
33 | * null if no issues are identified.
34 | */
35 | ListIScannerInsertionPoint object provided to build scan
42 | * requests for particular payloads. Note: Extensions are responsible
43 | * for ensuring that attack payloads are suitably encoded within requests
44 | * (for example, by URL-encoding relevant metacharacters in the URL query
45 | * string). Encoding is not automatically carried out by the
46 | * IScannerInsertionPoint, because this would prevent Scanner
47 | * checks from testing for certain input filter bypasses. Extensions should
48 | * query the
49 | * IScannerInsertionPoint to determine its type, and apply any
50 | * encoding that may be appropriate.
51 | *
52 | * @param baseRequestResponse The base HTTP request / response that should
53 | * be actively scanned.
54 | * @param insertionPoint An
55 | * IScannerInsertionPoint object that can be queried to obtain
56 | * details of the insertion point being tested, and can be used to build
57 | * scan requests for particular payloads.
58 | * @return A list of
59 | * IScanIssue objects, or
60 | * null if no issues are identified.
61 | */
62 | List-1 to report the existing issue only,
83 | * 0 to report both issues, and
84 | * 1 to report the new issue only.
85 | */
86 | int consolidateDuplicateIssues(
87 | IScanIssue existingIssue,
88 | IScanIssue newIssue);
89 | }
90 |
--------------------------------------------------------------------------------
/scriptgen-core/src/test/java/com/h3xstream/scriptgen/gui/IntegrationGuiTest.java:
--------------------------------------------------------------------------------
1 | package com.h3xstream.scriptgen.gui;
2 |
3 | import com.h3xstream.scriptgen.ReissueRequestScripter;
4 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
5 | import com.h3xstream.scriptgen.HttpRequestInfoFixtures;
6 | import com.h3xstream.scriptgen.LanguageOption;
7 | import org.fest.swing.fixture.FrameFixture;
8 | import org.mockito.Matchers;
9 | import org.testng.annotations.AfterClass;
10 | import org.testng.annotations.BeforeClass;
11 | import org.testng.annotations.Test;
12 |
13 | import java.awt.event.KeyEvent;
14 | import java.io.File;
15 | import java.util.Arrays;
16 |
17 | import static org.mockito.Matchers.any;
18 | import static org.mockito.Matchers.eq;
19 | import static org.mockito.Mockito.*;
20 |
21 | public class IntegrationGuiTest {
22 |
23 | FrameFixture window;
24 |
25 | GeneratorController controller;
26 | GeneratorFrame frame;
27 |
28 |
29 | public void prepareWindow() {
30 | //Spy version to do verification on calls
31 | controller = spy(new GeneratorController());
32 | frame = new GeneratorFrame(LanguageOption.values);
33 |
34 | HttpRequestInfo req = HttpRequestInfoFixtures.getPostRequest();
35 | ReissueRequestScripter scriptGen = new ReissueRequestScripter(Arrays.asList(req),controller,frame);
36 | window = new FrameFixture(scriptGen.openDialogWindow());
37 | window.show();
38 | }
39 |
40 |
41 | @BeforeClass
42 | public void beforeClass() {
43 | prepareWindow();
44 | }
45 |
46 | @AfterClass
47 | public void afterClass() {
48 | window.close();
49 | }
50 |
51 |
52 | @Test
53 | public void validateLanguageOrder() {
54 | LanguageOption[] langOrdered = LanguageOption.values;
55 | langOrdered[0].getSyntax().toLowerCase().contains("python");
56 | langOrdered[1].getSyntax().toLowerCase().contains("ruby");
57 | langOrdered[2].getSyntax().toLowerCase().contains("perl");
58 | langOrdered[3].getSyntax().toLowerCase().contains("php");
59 | }
60 |
61 | @Test
62 | public void languageSelectionChange() throws Exception {
63 |
64 | reset(controller);//Avoid counting the initialisation to the first language (Python)
65 |
66 | window.comboBox(GeneratorFrame.CMB_LANGUAGE).selectItem(1);
67 | verify(controller,times(1)).updateLanguage(Matchers.IProxyListener to receive details of proxy messages using this
18 | * interface. *
19 | */
20 | public interface IInterceptedProxyMessage
21 | {
22 | /**
23 | * This action causes Burp Proxy to follow the current interception rules to
24 | * determine the appropriate action to take for the message.
25 | */
26 | static final int ACTION_FOLLOW_RULES = 0;
27 | /**
28 | * This action causes Burp Proxy to present the message to the user for
29 | * manual review or modification.
30 | */
31 | static final int ACTION_DO_INTERCEPT = 1;
32 | /**
33 | * This action causes Burp Proxy to forward the message to the remote server
34 | * or client, without presenting it to the user.
35 | */
36 | static final int ACTION_DONT_INTERCEPT = 2;
37 | /**
38 | * This action causes Burp Proxy to drop the message.
39 | */
40 | static final int ACTION_DROP = 3;
41 | /**
42 | * This action causes Burp Proxy to follow the current interception rules to
43 | * determine the appropriate action to take for the message, and then make a
44 | * second call to processProxyMessage.
45 | */
46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
47 | /**
48 | * This action causes Burp Proxy to present the message to the user for
49 | * manual review or modification, and then make a second call to
50 | * processProxyMessage.
51 | */
52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
53 | /**
54 | * This action causes Burp Proxy to skip user interception, and then make a
55 | * second call to processProxyMessage.
56 | */
57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
58 |
59 | /**
60 | * This method retrieves a unique reference number for this
61 | * request/response.
62 | *
63 | * @return An identifier that is unique to a single request/response pair.
64 | * Extensions can use this to correlate details of requests and responses
65 | * and perform processing on the response message accordingly.
66 | */
67 | int getMessageReference();
68 |
69 | /**
70 | * This method retrieves details of the intercepted message.
71 | *
72 | * @return An IHttpRequestResponse object containing details of
73 | * the intercepted message.
74 | */
75 | IHttpRequestResponse getMessageInfo();
76 |
77 | /**
78 | * This method retrieves the currently defined interception action. The
79 | * default action is
80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
81 | * registered, then other listeners may already have modified the
82 | * interception action before it reaches the current listener. This method
83 | * can be used to determine whether this has occurred.
84 | *
85 | * @return The currently defined interception action. Possible values are
86 | * defined within this interface.
87 | */
88 | int getInterceptAction();
89 |
90 | /**
91 | * This method is used to update the interception action.
92 | *
93 | * @param interceptAction The new interception action. Possible values are
94 | * defined within this interface.
95 | */
96 | void setInterceptAction(int interceptAction);
97 |
98 | /**
99 | * This method retrieves the name of the Burp Proxy listener that is
100 | * processing the intercepted message.
101 | *
102 | * @return The name of the Burp Proxy listener that is processing the
103 | * intercepted message. The format is the same as that shown in the Proxy
104 | * Listeners UI - for example, "127.0.0.1:8080".
105 | */
106 | String getListenerInterface();
107 |
108 | /**
109 | * This method retrieves the client IP address from which the request for
110 | * the intercepted message was received.
111 | *
112 | * @return The client IP address from which the request for the intercepted
113 | * message was received.
114 | */
115 | InetAddress getClientIpAddress();
116 | }
117 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 | IScannerCheck, or can create instances for use by Burp's own
16 | * scan checks by registering an
17 | * IScannerInsertionPointProvider.
18 | */
19 | public interface IScannerInsertionPoint
20 | {
21 | /**
22 | * Used to indicate where the payload is inserted into the value of a URL
23 | * parameter.
24 | */
25 | static final byte INS_PARAM_URL = 0x00;
26 | /**
27 | * Used to indicate where the payload is inserted into the value of a body
28 | * parameter.
29 | */
30 | static final byte INS_PARAM_BODY = 0x01;
31 | /**
32 | * Used to indicate where the payload is inserted into the value of an HTTP
33 | * cookie.
34 | */
35 | static final byte INS_PARAM_COOKIE = 0x02;
36 | /**
37 | * Used to indicate where the payload is inserted into the value of an item
38 | * of data within an XML data structure.
39 | */
40 | static final byte INS_PARAM_XML = 0x03;
41 | /**
42 | * Used to indicate where the payload is inserted into the value of a tag
43 | * attribute within an XML structure.
44 | */
45 | static final byte INS_PARAM_XML_ATTR = 0x04;
46 | /**
47 | * Used to indicate where the payload is inserted into the value of a
48 | * parameter attribute within a multi-part message body (such as the name of
49 | * an uploaded file).
50 | */
51 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
52 | /**
53 | * Used to indicate where the payload is inserted into the value of an item
54 | * of data within a JSON structure.
55 | */
56 | static final byte INS_PARAM_JSON = 0x06;
57 | /**
58 | * Used to indicate where the payload is inserted into the value of an AMF
59 | * parameter.
60 | */
61 | static final byte INS_PARAM_AMF = 0x07;
62 | /**
63 | * Used to indicate where the payload is inserted into the value of an HTTP
64 | * request header.
65 | */
66 | static final byte INS_HEADER = 0x20;
67 | /**
68 | * Used to indicate where the payload is inserted into a REST parameter
69 | * within the URL file path.
70 | */
71 | static final byte INS_URL_REST = 0x21;
72 | /**
73 | * Used to indicate where the payload is inserted into the name of an added
74 | * URL parameter.
75 | */
76 | static final byte INS_PARAM_NAME_URL = 0x22;
77 | /**
78 | * Used to indicate where the payload is inserted into the name of an added
79 | * body parameter.
80 | */
81 | static final byte INS_PARAM_NAME_BODY = 0x23;
82 | /**
83 | * Used to indicate where the payload is inserted at a location manually
84 | * configured by the user.
85 | */
86 | static final byte INS_USER_PROVIDED = 0x40;
87 | /**
88 | * Used to indicate where the insertion point is provided by an
89 | * extension-registered
90 | * IScannerInsertionPointProvider.
91 | */
92 | static final byte INS_EXTENSION_PROVIDED = 0x41;
93 | /**
94 | * Used to indicate where the payload is inserted at an unknown location
95 | * within the request.
96 | */
97 | static final byte INS_UNKNOWN = 0x7f;
98 |
99 | /**
100 | * This method returns the name of the insertion point.
101 | *
102 | * @return The name of the insertion point (for example, a description of a
103 | * particular request parameter).
104 | */
105 | String getInsertionPointName();
106 |
107 | /**
108 | * This method returns the base value for this insertion point.
109 | *
110 | * @return the base value that appears in this insertion point in the base
111 | * request being scanned, or
112 | * null if there is no value in the base request that
113 | * corresponds to this insertion point.
114 | */
115 | String getBaseValue();
116 |
117 | /**
118 | * This method is used to build a request with the specified payload placed
119 | * into the insertion point. Any necessary adjustments to the Content-Length
120 | * header will be made by the Scanner itself when the request is issued, and
121 | * there is no requirement for the insertion point to do this. Note:
122 | * Burp's built-in scan checks do not apply any payload encoding (such as
123 | * URL-encoding) when dealing with an extension-provided insertion point.
124 | * Custom insertion points are responsible for performing any data encoding
125 | * that is necessary given the nature and location of the insertion point.
126 | *
127 | * @param payload The payload that should be placed into the insertion
128 | * point.
129 | * @return The resulting request.
130 | */
131 | byte[] buildRequest(byte[] payload);
132 |
133 | /**
134 | * This method is used to determine the offsets of the payload value within
135 | * the request, when it is placed into the insertion point. Scan checks may
136 | * invoke this method when reporting issues, so as to highlight the relevant
137 | * part of the request within the UI.
138 | *
139 | * @param payload The payload that should be placed into the insertion
140 | * point.
141 | * @return An int[2] array containing the start and end offsets of the
142 | * payload within the request, or null if this is not applicable (for
143 | * example, where the insertion point places a payload into a serialized
144 | * data structure, the raw payload may not literally appear anywhere within
145 | * the resulting request).
146 | */
147 | int[] getPayloadOffsets(byte[] payload);
148 |
149 | /**
150 | * This method returns the type of the insertion point.
151 | *
152 | * @return The type of the insertion point. Available types are defined in
153 | * this interface.
154 | */
155 | byte getInsertionPointType();
156 | }
157 |
--------------------------------------------------------------------------------
/scriptgen-burp-plugin/src/main/java/burp/BurpHttpRequestMapper.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import com.esotericsoftware.minlog.Log;
4 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
5 | import com.h3xstream.scriptgen.model.MultiPartParameter;
6 |
7 | import java.io.ByteArrayInputStream;
8 | import java.io.UnsupportedEncodingException;
9 | import java.net.URL;
10 | import java.net.URLDecoder;
11 | import java.util.ArrayList;
12 | import java.util.HashMap;
13 | import java.util.Iterator;
14 | import java.util.List;
15 | import java.util.Map;
16 |
17 | public class BurpHttpRequestMapper {
18 |
19 | public static ListIContextMenuFactory with details of a context menu invocation.
17 | * The custom context menu factory can query this interface to obtain details of
18 | * the invocation event, in order to determine what menu items should be
19 | * displayed.
20 | */
21 | public interface IContextMenuInvocation
22 | {
23 | /**
24 | * Used to indicate that the context menu is being invoked in a request
25 | * editor.
26 | */
27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
28 | /**
29 | * Used to indicate that the context menu is being invoked in a response
30 | * editor.
31 | */
32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
33 | /**
34 | * Used to indicate that the context menu is being invoked in a non-editable
35 | * request viewer.
36 | */
37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
38 | /**
39 | * Used to indicate that the context menu is being invoked in a non-editable
40 | * response viewer.
41 | */
42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
43 | /**
44 | * Used to indicate that the context menu is being invoked in the Target
45 | * site map tree.
46 | */
47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
48 | /**
49 | * Used to indicate that the context menu is being invoked in the Target
50 | * site map table.
51 | */
52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
53 | /**
54 | * Used to indicate that the context menu is being invoked in the Proxy
55 | * history.
56 | */
57 | static final byte CONTEXT_PROXY_HISTORY = 6;
58 | /**
59 | * Used to indicate that the context menu is being invoked in the Scanner
60 | * results.
61 | */
62 | static final byte CONTEXT_SCANNER_RESULTS = 7;
63 | /**
64 | * Used to indicate that the context menu is being invoked in the Intruder
65 | * payload positions editor.
66 | */
67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
68 | /**
69 | * Used to indicate that the context menu is being invoked in an Intruder
70 | * attack results.
71 | */
72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
73 | /**
74 | * Used to indicate that the context menu is being invoked in a search
75 | * results window.
76 | */
77 | static final byte CONTEXT_SEARCH_RESULTS = 10;
78 |
79 | /**
80 | * This method can be used to retrieve the native Java input event that was
81 | * the trigger for the context menu invocation.
82 | *
83 | * @return The InputEvent that was the trigger for the context
84 | * menu invocation.
85 | */
86 | InputEvent getInputEvent();
87 |
88 | /**
89 | * This method can be used to retrieve the Burp tool within which the
90 | * context menu was invoked.
91 | *
92 | * @return A flag indicating the Burp tool within which the context menu was
93 | * invoked. Burp tool flags are defined in the
94 | * IBurpExtenderCallbacks interface.
95 | */
96 | int getToolFlag();
97 |
98 | /**
99 | * This method can be used to retrieve the context within which the menu was
100 | * invoked.
101 | *
102 | * @return An index indicating the context within which the menu was
103 | * invoked. The indices used are defined within this interface.
104 | */
105 | byte getInvocationContext();
106 |
107 | /**
108 | * This method can be used to retrieve the bounds of the user's selection
109 | * into the current message, if applicable.
110 | *
111 | * @return An int[2] array containing the start and end offsets of the
112 | * user's selection in the current message. If the user has not made any
113 | * selection in the current message, both offsets indicate the position of
114 | * the caret within the editor. If the menu is not being invoked from a
115 | * message editor, the method returns null.
116 | */
117 | int[] getSelectionBounds();
118 |
119 | /**
120 | * This method can be used to retrieve details of the HTTP requests /
121 | * responses that were shown or selected by the user when the context menu
122 | * was invoked.
123 | *
124 | * Note: For performance reasons, the objects returned from this
125 | * method are tied to the originating context of the messages within the
126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept
127 | * panel, then the
128 | * IHttpRequestResponse returned by this method will reflect
129 | * the current contents of the interception panel, and this will change when
130 | * the current message has been forwarded or dropped. If your extension
131 | * needs to store details of the message for which the context menu has been
132 | * invoked, then you should query those details from the
133 | * IHttpRequestResponse at the time of invocation, or you
134 | * should use
135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a
136 | * persistent read-only copy of the
137 | * IHttpRequestResponse.
138 | *
139 | * @return An array of IHttpRequestResponse objects
140 | * representing the items that were shown or selected by the user when the
141 | * context menu was invoked. This method returns null if no
142 | * messages are applicable to the invocation.
143 | */
144 | IHttpRequestResponse[] getSelectedMessages();
145 |
146 | /**
147 | * This method can be used to retrieve details of the Scanner issues that
148 | * were selected by the user when the context menu was invoked.
149 | *
150 | * @return An array of IScanIssue objects representing the
151 | * issues that were selected by the user when the context menu was invoked.
152 | * This method returns null if no Scanner issues are applicable
153 | * to the invocation.
154 | */
155 | IScanIssue[] getSelectedIssues();
156 | }
157 |
--------------------------------------------------------------------------------
/scriptgen-zap-plugin/src/main/java/org/zaproxy/zap/extension/scriptgen/ZapHttpRequestMapper.java:
--------------------------------------------------------------------------------
1 | package org.zaproxy.zap.extension.scriptgen;
2 |
3 | import com.h3xstream.scriptgen.model.HttpRequestInfo;
4 | import com.h3xstream.scriptgen.model.MultiPartParameter;
5 | import org.apache.commons.fileupload.MultipartStream;
6 | import org.apache.commons.httpclient.URI;
7 | import org.parosproxy.paros.network.HtmlParameter;
8 | import org.parosproxy.paros.network.HttpMessage;
9 |
10 | import java.io.BufferedReader;
11 | import java.io.ByteArrayInputStream;
12 | import java.io.ByteArrayOutputStream;
13 | import java.io.IOException;
14 | import java.io.InputStreamReader;
15 | import java.io.OutputStream;
16 | import java.net.URLDecoder;
17 | import java.util.ArrayList;
18 | import java.util.HashMap;
19 | import java.util.List;
20 | import java.util.Map;
21 | import java.util.regex.Matcher;
22 | import java.util.regex.Pattern;
23 |
24 | public class ZapHttpRequestMapper {
25 |
26 |
27 | //Sample : multipart/form-data; boundary=---------------------------297592997116592
28 | private static final Pattern PATTERN_MULTIPART_FORM_BOUNDARY = Pattern.compile("multipart/form-data; boundary=(.*)");
29 | //Content-Disposition: form-data; name="numitems"
30 | private static final Pattern PATTERN_MULTIPART_PARAM_NAME = Pattern.compile("[^e]name=\"([^\"]+)\"");
31 | //Content-Disposition: form-data; name="uploadname2"; filename=""
32 | private static final Pattern PATTERN_MULTIPART_PARAM_FILENAME = Pattern.compile("filename=\"([^\"]+)\"");
33 |
34 | private static final Pattern PATTERN_MULTIPART_PARAM_CONTENT_TYPE = Pattern.compile("[Cc]ontent-[tT]ype: ([^\n^\r]+)");
35 |
36 |
37 | public static List
17 | * NOTE: This POJO permit abstraction from the initiator (Burp proxy or ZAP).
18 | */
19 | public class HttpRequestInfo implements Cloneable {
20 |
21 | private String method;
22 | private String url;
23 | private String urlWithQuery;
24 | private String hostname;
25 | private String queryString;
26 | private Map