├── README.md
├── pom.xml
├── src
└── main
│ └── java
│ ├── burp
│ └── BurpExtender.java
│ └── com
│ └── staticflow
│ ├── AutoCompleter.java
│ ├── AutoCompleterTab.java
│ ├── BurpAutoCompleteExtension.java
│ └── ExtensionState.java
└── target
└── BurpSuiteAutoComplete.jar
/README.md:
--------------------------------------------------------------------------------
1 | # BurpSuiteAutoCompletion
2 | This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.
3 |
4 |
5 | Created at the request of this tweet: https://twitter.com/Hogarth45_/status/1366432589733625860
6 |
7 | This extension supports autocompletion within BurpSuite Repeater and Intruder tabs, aimed primarily at Headers.
8 |
9 | It comes prepackaged with the great list of headers from [SecLists](https://raw.githubusercontent.com/danielmiessler/SecLists/master/Miscellaneous/web/http-request-headers/http-request-headers-fields-large.txt)
10 |
11 | # How To Use
12 | 1. (Optional) Clone and build this repo with `mvn clean install`
13 | 2. Load the built jar (or the one that comes with the repo) into Burp
14 | 3. Within new* Repeater/Intruder tabs begin typing a header name
15 | 4. The extension will create a list of possible candidates within a box below your cursor
16 | 5. Double click on your desired header and it will be inserted for you
17 |
18 | \* I say new because if the Reapter/Intruder tab already exists it cannot be hooked. Simply recreate the tab to enable AutoCompletion.
19 |
20 |
21 | # DEMO
22 | https://twitter.com/_StaticFlow_/status/1367304795342721024
23 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | staticflow
8 | burpautocomplete
9 | 1.0-SNAPSHOT
10 |
11 |
12 |
13 | net.portswigger.burp.extender
14 | burp-extender-api
15 | 2.1
16 |
17 |
18 |
19 |
20 | ${project.basedir}/src/main/java
21 | BurpSuiteAutoComplete
22 |
23 |
24 |
25 | org.apache.maven.plugins
26 | maven-eclipse-plugin
27 | 2.9
28 |
29 | true
30 | false
31 |
32 |
33 |
34 |
35 |
36 | org.apache.maven.plugins
37 | maven-compiler-plugin
38 | 2.3.2
39 |
40 | 1.8
41 | 1.8
42 |
43 |
44 |
45 |
46 |
47 | org.apache.maven.plugins
48 | maven-assembly-plugin
49 | 2.4.1
50 |
51 |
52 | false
53 |
54 | jar-with-dependencies
55 |
56 |
57 |
58 |
59 |
60 | make-assembly
61 |
62 | package
63 |
64 | single
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
--------------------------------------------------------------------------------
/src/main/java/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 |
4 | import com.staticflow.BurpAutoCompleteExtension;
5 |
6 | public class BurpExtender extends BurpAutoCompleteExtension {
7 |
8 | }
--------------------------------------------------------------------------------
/src/main/java/com/staticflow/AutoCompleter.java:
--------------------------------------------------------------------------------
1 | package com.staticflow;
2 |
3 | import javax.swing.*;
4 | import javax.swing.event.CaretEvent;
5 | import javax.swing.event.CaretListener;
6 | import javax.swing.event.DocumentEvent;
7 | import javax.swing.event.DocumentListener;
8 | import javax.swing.text.BadLocationException;
9 | import java.awt.*;
10 | import java.awt.event.MouseAdapter;
11 | import java.awt.event.MouseEvent;
12 | import java.util.ArrayList;
13 | import java.util.Arrays;
14 |
15 | /**
16 | * This class handles the autocomplete. it keeps a reference to the JTextArea is autocompletes for and generates a list
17 | * of possible candidates, updated after every letter typed.
18 | */
19 | public class AutoCompleter implements DocumentListener, CaretListener{
20 |
21 | //The document we are autocompleting for
22 | private JTextArea source;
23 | //Our current offset position in the document
24 | private int pos;
25 | //Stateflag to determine if the last action was a backspace
26 | private boolean backspaceMode;
27 | //The suggestion frame which holds the current autocomplete candidates
28 | private JFrame suggestionPane;
29 | //List model to hold the candidate autocompletions
30 | private DefaultListModel suggestionsModel = new DefaultListModel<>();
31 | //The content of the source document we will be replacing
32 | private String content;
33 | private enum MODE {
34 | INSERT,
35 | COMPLETION
36 | }
37 | private MODE mode = MODE.INSERT;
38 |
39 | /**
40 | * This listener follows the caret and updates where we should draw the suggestions box
41 | * @param e the carent event
42 | */
43 | @Override
44 | public void caretUpdate(CaretEvent e) {
45 | pos = e.getDot();
46 | System.out.println("Caret: "+pos);
47 | Point p = source.getCaret().getMagicCaretPosition();
48 | if(p != null) {
49 | Point np = new Point();
50 | np.x = p.x + source.getLocationOnScreen().x;
51 | np.y = p.y + source.getLocationOnScreen().y+25;
52 | suggestionPane.setLocation(np);
53 | }
54 | }
55 |
56 |
57 | /**
58 | * Initializes the suggestion pane and attaches our listeners
59 | * @param s the source to provide autocompletions for
60 | */
61 | AutoCompleter(JTextArea s) {
62 | this.source = s;
63 | this.pos = this.source.getCaret().getDot();
64 | this.source.addCaretListener(this);
65 | suggestionPane = new JFrame();
66 | suggestionPane.setSize(250,250);
67 | suggestionPane.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
68 | suggestionPane.setUndecorated(true);
69 | suggestionPane.setAutoRequestFocus(false);
70 | JPanel pane = new JPanel(new BorderLayout());
71 | JList suggestions = new JList<>(suggestionsModel);
72 | JScrollPane scroller = new JScrollPane(suggestions);
73 | pane.add(scroller, BorderLayout.CENTER);
74 | suggestionPane.add(pane);
75 | //Double clicks will pick the autocompletion to commit to
76 | suggestions.addMouseListener(new MouseAdapter() {
77 | @Override
78 | public void mouseClicked(MouseEvent e) {
79 | JList list = (JList)e.getSource();
80 | if (e.getClickCount() == 2) {
81 |
82 | // Double-click detected
83 | int start = getTextReplacementStart();
84 | int index = list.locationToIndex(e.getPoint());
85 | String selectedCompletion = suggestionsModel.elementAt(index);
86 | System.out.println(start+1 + " : " + pos+1);
87 | SwingUtilities.invokeLater(new Runnable() {
88 | @Override
89 | public void run() {
90 | source.select(start+1,pos);
91 | source.replaceSelection(selectedCompletion+": ");
92 | source.setCaretPosition(source.getSelectionEnd());
93 | suggestionPane.setVisible(false);
94 | }
95 | });
96 |
97 | }
98 | }
99 | });
100 |
101 | }
102 |
103 | /**
104 | * Get's the start of the users text we are replacing
105 | * @return starting index of the users input
106 | */
107 | private int getTextReplacementStart() {
108 | int start;
109 | if(backspaceMode) {
110 | for (start = pos-2; start >= 0; start--) {
111 | System.out.println(content.charAt(start));
112 | if (Character.isWhitespace(content.charAt(start))) {
113 | break;
114 | }
115 | }
116 | } else {
117 | for (start = pos-1; start >= 0; start--) {
118 | if (Character.isWhitespace(content.charAt(start))) {
119 | break;
120 | }
121 | }
122 | }
123 | return start;
124 | }
125 |
126 | JTextArea getSource() {
127 | return this.source;
128 | }
129 |
130 | void detachFromSource(){
131 | this.suggestionPane.dispose();
132 | this.source.removeCaretListener(this);
133 | this.source.getDocument().removeDocumentListener(this);
134 |
135 |
136 | }
137 |
138 | /**
139 | * Searches the autocompletions for candidates. Exact matches are ignored.
140 | * @param search What to search for
141 | * @return the results that match, if any
142 | */
143 | private static ArrayList prefixSearcher(String search) {
144 | ArrayList results = new ArrayList<>();
145 | for(String in : ExtensionState.getInstance().getKeywords()) {
146 | if( !in.toLowerCase().equals(search.trim()) && in.toLowerCase().startsWith(search.trim()) ) {
147 | results.add(in);
148 | }
149 | }
150 | return results;
151 | }
152 |
153 |
154 |
155 | @Override
156 | public void insertUpdate(DocumentEvent e) {
157 | if (mode == MODE.COMPLETION) {
158 | mode = MODE.INSERT;
159 | } else {
160 | backspaceMode = false;
161 | if (Character.isWhitespace(this.source.getText().charAt(pos))) {
162 | suggestionPane.setVisible(false);
163 | } else {
164 | checkForCompletions();
165 | }
166 | }
167 | }
168 |
169 | @Override
170 | public void removeUpdate(DocumentEvent e) {
171 | if (mode == MODE.COMPLETION) {
172 | mode = MODE.INSERT;
173 | } else {
174 | backspaceMode = true;
175 | // if (Character.isWhitespace(source.getText().charAt(pos))) {
176 | // suggestionPane.setVisible(false);
177 | // } else {
178 | // checkForCompletions();
179 | // }
180 | }
181 | }
182 |
183 | @Override
184 | public void changedUpdate(DocumentEvent e) {
185 |
186 | }
187 |
188 |
189 | /**
190 | * Handles changes to the document by getting the recent word entered by the user and searching for completion candidates.
191 | */
192 | private void checkForCompletions() {
193 | //pos = e.getOffset();
194 | content = null;
195 |
196 | try {
197 | content = this.source.getText(0, pos + 1);
198 | } catch (BadLocationException ex) {
199 | ex.printStackTrace();
200 | }
201 | System.out.println(content.charAt(pos));
202 | System.out.println(content);
203 | // if (e.getLength() != 1) {
204 | // return;
205 | // }
206 | //
207 | //
208 | int start = getTextReplacementStart();
209 | //
210 |
211 |
212 | //
213 | if (pos - start < 1 && !backspaceMode) {
214 | return;
215 | }
216 | //
217 | //
218 | String prefix = content.substring(start + 1);
219 | ExtensionState.getInstance().getCallbacks().printOutput("Searching for " + prefix);
220 | if (prefix.trim().length() == 0 || prefix.contains(":") || prefix.trim().length() == 1) {
221 | suggestionPane.setVisible(false);
222 | } else {
223 | ArrayList matches = prefixSearcher(prefix.toLowerCase());
224 | ExtensionState.getInstance().getCallbacks().printOutput(Arrays.toString(matches.toArray()));
225 | if (matches.size() != 0) {
226 | SwingUtilities.invokeLater(
227 | new CompletionTask(matches));
228 | } else {
229 | suggestionPane.setVisible(false);
230 | }
231 | }
232 | }
233 |
234 |
235 | /**
236 | * Updates the suggestion pane with the new options
237 | */
238 | private class CompletionTask
239 | implements Runnable {
240 |
241 | CompletionTask(ArrayList completions) {
242 | mode = MODE.COMPLETION;
243 | suggestionsModel.removeAllElements();
244 | for(String completion : completions) {
245 | suggestionsModel.addElement(completion);
246 | }
247 | }
248 |
249 | @Override
250 | public void run() {
251 | suggestionPane.setVisible(true);
252 | }
253 | }
254 |
255 |
256 | }
257 |
--------------------------------------------------------------------------------
/src/main/java/com/staticflow/AutoCompleterTab.java:
--------------------------------------------------------------------------------
1 | package com.staticflow;
2 |
3 | import javax.swing.*;
4 | import java.awt.*;
5 | import java.awt.event.MouseAdapter;
6 | import java.awt.event.MouseEvent;
7 |
8 | class AutoCompleterTab extends JPanel {
9 |
10 | private enum MODE {
11 | DELETE,
12 | ADD
13 | }
14 |
15 | private DefaultListModel listerModel;
16 | private JButton addNewKeyword;
17 | private JTextField newKeywordField;
18 | private MODE currentMode = MODE.ADD;
19 | private String currentlyEdittingCompletion;
20 | AutoCompleterTab() {
21 | this.initTab();
22 | }
23 |
24 | void addKeywordToList(String keyword) {
25 | listerModel.addElement(keyword);
26 | }
27 |
28 | private void initTab(){
29 | JPanel mainPane = new JPanel(new GridBagLayout());
30 | GridBagConstraints c = new GridBagConstraints();
31 | listerModel = new DefaultListModel<>();
32 | JList lister = new JList<>(listerModel);
33 | lister.addMouseListener(new MouseAdapter() {
34 | @Override
35 | public void mouseClicked(MouseEvent e) {
36 | JList list = (JList)e.getSource();
37 | if (e.getClickCount() == 1) {
38 | currentMode = MODE.DELETE;
39 | addNewKeyword.setText("Delete");
40 | int index = list.locationToIndex(e.getPoint());
41 | currentlyEdittingCompletion = listerModel.elementAt(index);
42 | newKeywordField.setText(currentlyEdittingCompletion);
43 |
44 | }
45 | }
46 | });
47 | JScrollPane scroller = new JScrollPane(lister);
48 | setLayout(new BorderLayout());
49 | c.weighty = 0.9;
50 | c.anchor = GridBagConstraints.NORTH;
51 | c.fill = GridBagConstraints.BOTH;
52 | c.gridx = 0;
53 | c.gridwidth = 2;
54 | c.gridy = 0;
55 | mainPane.add(scroller,c);
56 | c.weighty = 0.1;
57 | c.anchor = GridBagConstraints.SOUTH;
58 | c.gridwidth = 1;
59 | c.gridx = 0;
60 | c.gridy = 1;
61 | c.weightx = 0.9;
62 | newKeywordField = new JTextField(50);
63 | mainPane.add(newKeywordField,c);
64 | c.gridx = 1;
65 | c.gridwidth = 1;
66 | c.weightx = 0.1;
67 | c.gridy = 1;
68 | addNewKeyword = new JButton("Add");
69 | addNewKeyword.addActionListener(e -> {
70 | if (currentMode == MODE.ADD) {
71 | ExtensionState.getInstance().getKeywords().add(newKeywordField.getText().trim());
72 | listerModel.addElement(newKeywordField.getText().trim());
73 | } else if (currentMode == MODE.DELETE) {
74 | ExtensionState.getInstance().getKeywords().remove(newKeywordField.getText().trim());
75 | listerModel.removeElement(newKeywordField.getText().trim());
76 | }
77 | currentMode = MODE.ADD;
78 | addNewKeyword.setText("Add");
79 | newKeywordField.setText("");
80 | currentlyEdittingCompletion = "";
81 |
82 | });
83 | mainPane.add(addNewKeyword,c);
84 | add(mainPane,BorderLayout.CENTER);
85 |
86 | }
87 | }
88 |
--------------------------------------------------------------------------------
/src/main/java/com/staticflow/BurpAutoCompleteExtension.java:
--------------------------------------------------------------------------------
1 | package com.staticflow;
2 |
3 | import burp.IBurpExtender;
4 | import burp.IBurpExtenderCallbacks;
5 | import burp.IExtensionStateListener;
6 | import burp.ITab;
7 |
8 | import javax.swing.*;
9 | import java.awt.*;
10 | import java.awt.event.AWTEventListener;
11 | import java.util.Arrays;
12 |
13 |
14 | public class BurpAutoCompleteExtension implements IBurpExtender , AWTEventListener, IExtensionStateListener, ITab {
15 |
16 |
17 | @Override
18 | public void registerExtenderCallbacks(IBurpExtenderCallbacks iBurpExtenderCallbacks) {
19 | ExtensionState.setCallbacks(iBurpExtenderCallbacks);
20 | Toolkit.getDefaultToolkit().addAWTEventListener(this,AWTEvent.KEY_EVENT_MASK);
21 | iBurpExtenderCallbacks.registerExtensionStateListener(this);
22 | iBurpExtenderCallbacks.addSuiteTab(this);
23 | }
24 |
25 |
26 | @Override
27 | public void extensionUnloaded() {
28 | ExtensionState.getInstance().getCallbacks().printOutput("removing listeners");
29 | System.out.println(Arrays.toString(Toolkit.getDefaultToolkit().getAWTEventListeners()));
30 |
31 | Toolkit.getDefaultToolkit().removeAWTEventListener(this);
32 | System.out.println(Arrays.toString(Toolkit.getDefaultToolkit().getAWTEventListeners()));
33 | for(AutoCompleter listener : ExtensionState.getInstance().getListeners()) {
34 | listener.detachFromSource();
35 | listener.getSource().getDocument().removeDocumentListener(listener);
36 | }
37 | }
38 |
39 |
40 | /**
41 | * This hooks keyboard events for the entire application. Only textareas are considered. Practically, this includes
42 | * Repeater, Intruder, and any extension which uses JTextArea.
43 | * @param event keyboard event
44 | */
45 | @Override
46 | public void eventDispatched(AWTEvent event) {
47 | if(event.getSource() instanceof JTextArea) {
48 | JTextArea source = ((JTextArea)event.getSource());
49 | if(source.getClientProperty("hasListener") == null || !((Boolean) source.getClientProperty("hasListener"))) {
50 | ExtensionState.getInstance().getCallbacks().printOutput("Adding Listener");
51 | AutoCompleter t = new AutoCompleter(source);
52 | source.getDocument().addDocumentListener(t);
53 | source.putClientProperty("hasListener",true);
54 | ExtensionState.getInstance().addListener(t);
55 | }
56 | }
57 | }
58 |
59 | @Override
60 | public String getTabCaption() {
61 | return "Autocompleter";
62 | }
63 |
64 | @Override
65 | public Component getUiComponent() {
66 | return ExtensionState.getInstance().getAutoCompleterTab();
67 | }
68 | }
69 |
70 |
71 |
--------------------------------------------------------------------------------
/src/main/java/com/staticflow/ExtensionState.java:
--------------------------------------------------------------------------------
1 | package com.staticflow;
2 |
3 | import burp.IBurpExtenderCallbacks;
4 |
5 | import java.util.ArrayList;
6 | import java.util.Arrays;
7 |
8 | /*
9 | This stores our state for the extension as a Singleton
10 | */
11 | class ExtensionState {
12 |
13 | //State object
14 | private static ExtensionState instance = null;
15 | //Burp callbacks
16 | private IBurpExtenderCallbacks callbacks;
17 | //UI panel
18 | private final AutoCompleterTab autoCompleterTab;
19 | //Starting List of Header keywords
20 | //Seclist headers list https://raw.githubusercontent.com/danielmiessler/SecLists/master/Miscellaneous/web/http-request-headers/http-request-headers-fields-large.txt
21 | private ArrayList keywords = new ArrayList<>(Arrays.asList("A-IM","Accept","Accept-Application","Accept-Charset","Accept-Datetime","Accept-Encoding","Accept-Encodxng","Accept-Language","Accept-Ranges","Accept-Version","Accepted","Access-Control-Allow-Credentials","Access-Control-Allow-Headers","Access-Control-Allow-Methods","Access-Control-Allow-Origin","Access-Control-Expose-Headers","Access-Control-Max-Age","Access-Control-Request-Headers","Access-Control-Request-Method","Access-Token","Accesskey","Action","Admin","Age","Ajax","Akamai-Origin-Hop","Allow","App","App-Env","App-Key","Appcookie","Apply-To-Redirect-Ref","Appname","Appversion","Atcept-Language","Auth","Auth-Any","Auth-Basic","Auth-Digest","Auth-Digest-Ie","Auth-Gssneg","Auth-Key","Auth-Ntlm","Auth-Password","Auth-Realm","Auth-Type","Auth-User","Authentication","Authorization","Bad-Gateway","Bad-Request","Bae-Env-Addr-Bcms","Bae-Env-Addr-Bcs","Bae-Env-Addr-Bus","Bae-Env-Addr-Channel","Bae-Env-Addr-Sql-Ip","Bae-Env-Addr-Sql-Port","Bae-Env-Ak","Bae-Env-Appid","Bae-Env-Sk","Bae-Logid","Bar","Base","Base-Url","Basic","Bearer-Indication","Body-Maxlength","Body-Truncated","Brief","Browser-User-Agent","Cache-Control","Cache-Info","Case-Files","Catalog","Catalog-Server","Category","Cert-Cookie","Cert-Flags","Cert-Issuer","Cert-Keysize","Cert-Secretkeysize","Cert-Serialnumber","Cert-Server-Issuer","Cert-Server-Subject","Cert-Subject","Cf-Connecting-Ip","Cf-Ipcountry","Cf-Template-Path","Cf-Visitor","Ch","Challenge-Response","Charset","Chunk-Size","Client","Client-Address","Client-Bad-Request","Client-Conflict","Client-Error-Cannot-Access-Local-File","Client-Error-Cannot-Connect","Client-Error-Communication-Failure","Client-Error-Connect","Client-Error-Invalid-Parameters","Client-Error-Invalid-Server-Address","Client-Error-No-Error","Client-Error-Protocol-Failure","Client-Error-Unspecified-Error","Client-Expectation-Failed","Client-Forbidden","Client-Gone","Client-Ip","Client-IP","Client-Length-Required","Client-Method-Not-Allowed","Client-Not-Acceptable","Client-Not-Found","Client-Payment-Required","Client-Precondition-Failed","Client-Proxy-Auth-Required","Client-Quirk-Mode","Client-Request-Timeout","Client-Request-Too-Large","Client-Request-Uri-Too-Large","Client-Requested-Range-Not-Possible","Client-Unauthorized","Client-Unsupported-Media-Type","Clientaddress","Clientip","Cloudfront-Viewer-Country","Cloudinary-Name","Cloudinary-Public-Id","Cloudinary-Version","Cloudinaryurl","Cluster-Client-IP","Code","Coming-From","Compress","Conflict","Connection","Connection-Type","Contact","Content","Content-Disposition","Content-Encoding","Content-Language","Content-Length","Content-Location","Content-MD5","Content-Md5","Content-Range","Content-Security-Policy","Content-Security-Policy-Report-Only","Content-Type","Content-Type-Xhtml","Context-Path","Continue","Cookie","Cookie-Domain","Cookie-Httponly","Cookie-Parse-Raw","Cookie-Path","Cookie-Secure","Cookie-Vars","Cookie2","Cookies","Core-Base","Correlates","Created","Credentials-Filepath","Curl","Curl-Multithreaded","Custom-Header","Custom-Secret-Header","Dataserviceversion","Date","Debug","Deflate-Level-Def","Deflate-Level-Max","Deflate-Level-Min","Deflate-Strategy-Def","Deflate-Strategy-Filt","Deflate-Strategy-Fixed","Deflate-Strategy-Huff","Deflate-Strategy-Rle","Deflate-Type-Gzip","Deflate-Type-Raw","Deflate-Type-Zlib","Delete","Depth","Destination","Destroy","Devblocksproxybase","Devblocksproxyhost","Devblocksproxyssl","Device-Stock-Ua","Digest","Dir","Dir-Name","Dir-Resource","Disable-Gzip","Dkim-Signature","DNT","Dnt","Download-Attachment","Download-Bad-Url","Download-Bz2","Download-Cut-Short","Download-E-Headers-Sent","Download-E-Invalid-Archive-Type","Download-E-Invalid-Content-Type","Download-E-Invalid-File","Download-E-Invalid-Param","Download-E-Invalid-Request","Download-E-Invalid-Resource","Download-E-No-Ext-Mmagic","Download-E-No-Ext-Zlib","Download-Inline","Download-Mime-Type","Download-No-Server","Download-Size","Download-Status-Not-Found","Download-Status-Server-Error","Download-Status-Unauthorized","Download-Status-Unknown","Download-Tar","Download-Tgz","Download-Url","Download-Zip","E-Encoding","E-Header","E-Invalid-Param","E-Malformed-Headers","E-Message-Type","E-Querystring","E-Request","E-Request-Method","E-Request-Pool","E-Response","E-Runtime","E-Socket","E-Url","Enable-Gzip","Enable-No-Cache-Headers","Encoding-Stream-Flush-Full","Encoding-Stream-Flush-None","Encoding-Stream-Flush-Sync","Env-Silla-Environment","Env-Vars","Error","Error-1","Error-2","Error-3","Error-4","Error-Formatting-Html","Espo-Authorization","Espo-Cgi-Auth","Etag","Eve-Charid","Eve-Charname","Eve-Solarsystemid","Eve-Solarsystemname","Eve-Trusted","Ex-Copy-Movie","Expect","Expectation-Failed","Expires","Ext","Failed-Dependency","Fake-Header","Fastly-Client-Ip","Fb-Appid","Fb-Secret","File-Not-Found","Filename","Files","Files-Vars","Fire-Breathing-Dragon","Foo","Foo-Bar","Forbidden","Force-Language","Force-Local-Xhprof","Format","Forwarded","Forwarded-For","Forwarded-For-Ip","Forwarded-Proto","From","Fromlink","Front-End-Https","Gateway-Interface","Gateway-Time-Out","Get","Get-Vars","Givenname","Global-All","Global-Cookie","Global-Get","Global-Post","Gone","Google-Code-Project-Hosting-Hook-Hmac","Gzip-Level","H0st","Head","Header","Header-Lf","Header-Status-Client-Error","Header-Status-Informational","Header-Status-Redirect","Header-Status-Server-Error","Header-Status-Successful","Home","Host","Host-Liveserver","Host-Name","Host-Unavailable","Hosti","Htaccess","Http-Accept","Http-Accept-Encoding","Http-Accept-Language","Http-Authorization","Http-Connection","Http-Cookie","Http-Host","Http-Phone-Number","Http-Referer","Http-Url","Http-User-Agent","HTTP2-Settings","Https","Https-From-Lb","Https-Keysize","Https-Secretkeysize","Https-Server-Issuer","Https-Server-Subject","If","If-Match","If-Modified-Since","If-Modified-Since-Version","If-None-Match","If-Posted-Before","If-Range","If-Unmodified-Since","If-Unmodified-Since-Version","Image","Images","Incap-Client-Ip","Info","Info-Download-Size","Info-Download-Time","Info-Return-Code","Info-Total-Request-Stat","Info-Total-Response-Stat","Insufficient-Storage","Internal-Server-Error","Ipresolve-Any","Ipresolve-V4","Ipresolve-V6","Ischedule-Version","Iv-Groups","Iv-User","Javascript","Jenkins","Keep-Alive","Kiss-Rpc","Label","Large-Allocation","Last-Event-Id","Last-Modified","Length-Required","Link","Local-Addr","Local-Content-Sha1","Local-Dir","Location","Lock-Token","Locked","Mail","Mandatory","Max-Conn","Max-Forwards","Max-Request-Size","Max-Uri-Length","Maxdataserviceversion","Message","Message-B","Meth-Acl","Meth-Baseline-Control","Meth-Checkin","Meth-Checkout","Meth-Connect","Meth-Copy","Meth-Delete","Meth-Get","Meth-Head","Meth-Label","Meth-Lock","Meth-Merge","Meth-Mkactivity","Meth-Mkcol","Meth-Mkworkspace","Meth-Move","Meth-Options","Meth-Post","Meth-Propfind","Meth-Proppatch","Meth-Put","Meth-Report","Meth-Trace","Meth-Uncheckout","Meth-Unlock","Meth-Update","Meth-Version-Control","Method","Method-Not-Allowed","Mimetype","Mod-Env","Mod-Rewrite","Mod-Security-Message","Modauth","Mode","Module-Class","Module-Class-Path","Module-Name","Moved-Permanently","Moved-Temporarily","Ms-Asprotocolversion","Msg-None","Msg-Request","Msg-Response","Msisdn","Multi-Status","Multipart-Boundary","Multiple-Choices","Must","My-Header","Mysqlport","Native-Sockets","Negotiate","Nl","No-Content","Non-Authoritative","Nonce","Not-Acceptable","Not-Exists","Not-Extended","Not-Found","Not-Implemented","Not-Modified","Notification-Template","Oc-Chunked","Ocs-Apirequest","Ok","On-Behalf-Of","Onerror-Continue","Onerror-Die","Onerror-Return","Only","Opencart","Options","Organizer","Orig_path_info","Origin","Originator","Overwrite","Params-Allow-Comma","Params-Allow-Failure","Params-Default","Params-Get-Catid","Params-Get-Currentday","Params-Get-Disposition","Params-Get-Downwards","Params-Get-Givendate","Params-Get-Lang","Params-Get-Type","Params-Raise-Error","Partial-Content","Passkey","Password","Path","Path-Base","Path-Info","Path-Themes","Path-Translated","Payment-Required","Pc-Remote-Addr","Permanent","Phone-Number","Php","Php-Auth-Pw","Php-Auth-User","Phpthreads","Pink-Pony","Port","Portsensor-Auth","Post","Post-Error","Post-Files","Post-Vars","Postredir-301","Postredir-302","Postredir-All","Pragma","Pragma-No-Cache","Precondition-Failed","Prefer","Processing","Profile","Protocol","Protocols","Proxy","Proxy-Agent","Proxy-Authenticate","Proxy-Authentication-Required","Proxy-Authorization","Proxy-Connection","Proxy-Host","Proxy-Http","Proxy-Http-1-0","Proxy-Password","Proxy-Port","Proxy-Pwd","Proxy-Request-Fulluri","Proxy-Socks4","Proxy-Socks4a","Proxy-Socks5","Proxy-Socks5-Hostname","Proxy-Url","Proxy-User","Public-Key-Pins","Public-Key-Pins-Report-Only","Pull","Put","Query-String","Querystring","Querystring-Type-Array","Querystring-Type-Bool","Querystring-Type-Float","Querystring-Type-Int","Querystring-Type-Object","Querystring-Type-String","Range","Range-Not-Satisfiable","Raw-Post-Data","Read-State-Begin","Read-State-Body","Read-State-Headers","Real-Ip","Real-Method","Reason","Reason-Phrase","Recipient","Redirect","Redirect-Found","Redirect-Perm","Redirect-Post","Redirect-Problem-Withoutwww","Redirect-Problem-Withwww","Redirect-Proxy","Redirect-Temp","Redirected-Accept-Language","Redirection-Found","Redirection-Multiple-Choices","Redirection-Not-Modified","Redirection-Permanent","Redirection-See-Other","Redirection-Temporary","Redirection-Unused","Redirection-Use-Proxy","Ref","Referer","Referrer","Referrer-Policy","Refferer","Refresh","Remix-Hash","Remote-Addr","Remote-Host","Remote-Host-Wp","Remote-User","Remote-Userhttps","Report-To","Request","Request-Entity-Too-Large","Request-Error","Request-Error-File","Request-Error-Gzip-Crc","Request-Error-Gzip-Data","Request-Error-Gzip-Method","Request-Error-Gzip-Read","Request-Error-Proxy","Request-Error-Redirects","Request-Error-Response","Request-Error-Url","Request-Http-Ver-1-0","Request-Http-Ver-1-1","Request-Mbstring","Request-Method","Request-Method-Delete","Request-Method-Get","Request-Method-Head","Request-Method-Options","Request-Method-Post","Request-Method-Put","Request-Method-Trace","Request-Time-Out","Request-Timeout","Request-Uri","Request-Uri-Too-Large","Request-Vars","Request2-Tests-Base-Url","Request2-Tests-Proxy-Host","Requesttoken","Reset-Content","Response","Rest-Key","Rest-Sign","Retry-After","Returned-Error","Rlnclientipaddr","Root","Safe-Ports-List","Safe-Ports-Ssl-List","Save-Data","Schedule-Reply","Scheme","Script-Name","Sec-Websocket-Accept","Sec-Websocket-Extensions","Sec-Websocket-Key","Sec-Websocket-Key1","Sec-Websocket-Key2","Sec-Websocket-Origin","Sec-Websocket-Protocol","Sec-Websocket-Version","Secretkey","See-Other","Self","Send-X-Frame-Options","Server","Server-Bad-Gateway","Server-Error","Server-Gateway-Timeout","Server-Internal","Server-Name","Server-Not-Implemented","Server-Port","Server-Port-Secure","Server-Protocol","Server-Service-Unavailable","Server-Software","Server-Unsupported-Version","Server-Vars","Server-Varsabantecart","Service-Unavailable","Session-Id-Tag","Session-Vars","Set-Cookie","Set-Cookie2","Shib-Application-Id","Shib-Identity-Provider","Shib-Logouturl","Shopilex","Slug","Sn","Soapaction","Socket-Connection-Err","Socketlog","Somevar","Sourcemap","Sp-Client","Sp-Host","Ssl","Ssl-Https","Ssl-Offloaded","Ssl-Session-Id","Ssl-Version-Any","Sslsessionid","Start","Status","Status-403","Status-403-Admin-Del","Status-404","Status-Bad-Request","Status-Code","Status-Forbidden","Status-Ok","Status-Platform-403","Str-Match","Strict-Transport-Security","Success-Accepted","Success-Created","Success-No-Content","Success-Non-Authoritative","Success-Ok","Success-Partial-Content","Success-Reset-Content","Support","Support-Encodings","Support-Events","Support-Magicmime","Support-Requests","Support-Sslrequests","Surrogate-Capability","Switching-Protocols","TE","Te","Temporary-Redirect","Test","Test-Config","Test-Server-Path","Test-Something-Anything","Ticket","Time-Out","Timeout","Timing-Allow-Origin","Title","Tk","Tmp","Token","Trailer","Transfer-Encoding","Translate","Transport-Err","True-Client-Ip","True-Client-IP","Ua","Ua-Color","Ua-Cpu","Ua-Os","Ua-Pixels","Ua-Resolution","Ua-Voice","Unauthorized","Unencoded-Url","Unit-Test-Mode","Unless-Modified-Since","Unprocessable-Entity","Unsupported-Media-Type","Upgrade","Upgrade-Insecure-Requests","Upgrade-Required","Upload-Default-Chmod","Uri","Url","Url-From-Env","Url-Join-Path","Url-Join-Query","Url-Replace","Url-Sanitize-Path","Url-Strip-All","Url-Strip-Auth","Url-Strip-Fragment","Url-Strip-Pass","Url-Strip-Path","Url-Strip-Port","Url-Strip-Query","Url-Strip-User","Use-Gzip","Use-Proxy","User","User-Agent","User-Agent-Via","User-Email","User-Id","User-Mail","User-Name","User-Photos","Useragent","Useragent-Via","Util","Variant-Also-Varies","Vary","Verbose","Verbose-Throttle","Verify-Cert","Version","Version-1-0","Version-1-1","Version-Any","Version-None","Version-Not-Supported","Versioncode","Via","Viad","Waf-Stuff-Below","Wap-Connection","Warning","Web-Server-Api","Webodf-Member-Id","Webodf-Session-Id","Webodf-Session-Revision","Work-Directory","Www-Address","Www-Authenticate","X","X-Aastra-Expmod1","X-Aastra-Expmod2","X-Aastra-Expmod3","X-Accel-Mapping","X-Access-Token","X-Advertiser-Id","X-Ajax-Real-Method","X-Alto-Ajax-Keyz","X-Amz-Date","X-Amz-Website-Redirect-Location","X-Amzn-Remapped-Host","X-Api-Key","X-Api-Signature","X-Api-Timestamp","X-Apitoken","X-Apple-Client-Application","X-Apple-Store-Front","X-Arr-Log-Id","X-Arr-Ssl","X-ATT-DeviceId","X-Att-Deviceid","X-Auth-Key","X-Auth-Mode","X-Auth-Password","X-Auth-Service-Provider","X-Auth-Token","X-Auth-User","X-Auth-Userid","X-Auth-Username","X-Authentication","X-Authentication-Key","X-Authorization","X-Avantgo-Screensize","X-Azc-Remote-Addr","X-Bear-Ajax-Request","X-Bluecoat-Via","X-Bolt-Phone-Ua","X-Browser-Height","X-Browser-Width","X-Cascade","X-Cept-Encoding","X-Cf-Url","X-Chrome-Extension","X-Cisco-Bbsm-Clientip","X-Client-Host","X-Client-Id","X-Client-Ip","X-Client-IP","X-Client-Key","X-Client-Os","X-Client-Os-Ver","X-Clientip","X-Cluster-Client-Ip","X-Codeception-Codecoverage","X-Codeception-Codecoverage-Config","X-Codeception-Codecoverage-Debug","X-Codeception-Codecoverage-Suite","X-Collect-Coverage","X-Coming-From","X-Confirm-Delete","X-Content-Type","X-Content-Type-Options","X-Correlation-ID","X-Credentials-Request","X-Csrf-Crumb","X-Csrf-Token","X-Csrftoken","X-Cuid","X-Custom","X-Dagd-Proxy","X-Davical-Testcase","X-Dcmguid","X-Debug-Test","X-Device-User-Agent","X-Dialog","X-Dns-Prefetch-Control","X-Do-Not-Track","X-Dokuwiki-Do","X-Drestcg","X-Dsid","X-Elgg-Apikey","X-Elgg-Hmac","X-Elgg-Hmac-Algo","X-Elgg-Nonce","X-Elgg-Posthash","X-Elgg-Posthash-Algo","X-Elgg-Time","X-Em-Uid","X-Enable-Coverage","X-Environment-Override","X-Expected-Entity-Length","X-Experience-Api-Version","X-Fb-User-Remote-Addr","X-File-Id","X-File-Name","X-File-Resume","X-File-Size","X-File-Type","X-Filename","X-Firelogger","X-Fireloggerauth","X-Firephp-Version","X-Flash-Version","X-Flx-Consumer-Key","X-Flx-Consumer-Secret","X-Flx-Redirect-Url","X-Foo","X-Foo-Bar","X-Forward-For","X-Forward-Proto","X-Forwarded","X-Forwarded-By","X-Forwarded-For","X-Forwarded-For-Original","X-Forwarded-Host","X-Forwarded-Port","X-Forwarded-Proto","X-Forwarded-Protocol","X-Forwarded-Scheme","X-Forwarded-Server","X-Forwarded-Ssl","X-Forwarder-For","X-From","X-Gb-Shared-Secret","X-Geoip-Country","X-Get-Checksum","X-Helpscout-Event","X-Helpscout-Signature","X-Host","X-Http-Destinationurl","X-Http-Host-Override","X-Http-Method","X-Http-Method-Override","X-Http-Path-Override","X-Https","X-Htx-Agent","X-Huawei-Userid","X-Hub-Signature","X-If-Unmodified-Since","X-Imbo-Test-Config","X-Insight","X-Ip","X-Ip-Trail","X-Iwproxy-Nesting","X-Jphone-Color","X-Jphone-Display","X-Jphone-Geocode","X-Jphone-Msname","X-Jphone-Uid","X-Json","X-Kaltura-Remote-Addr","X-Known-Signature","X-Known-Username","X-Litmus","X-Litmus-Second","X-Locking","X-Machine","X-Mandrill-Signature","X-Method-Override","X-Mobile-Gateway","X-Mobile-Ua","X-Mosso-Dt","X-Moz","X-Ms-Policykey","X-Msisdn","X-Myqee-System-Debug","X-Myqee-System-Hash","X-Myqee-System-Isadmin","X-Myqee-System-Isrest","X-Myqee-System-Pathinfo","X-Myqee-System-Project","X-Myqee-System-Rstr","X-Myqee-System-Time","X-Network-Info","X-Nfsn-Https","X-Ning-Request-Uri","X-Nokia-Bearer","X-Nokia-Connection-Mode","X-Nokia-Gateway-Id","X-Nokia-Ipaddress","X-Nokia-Msisdn","X-Nokia-Wia-Accept-Original","X-Nokia-Wtls","X-Nuget-Apikey","X-Oc-Mtime","X-Opera-Info","X-Operamini-Features","X-Operamini-Phone","X-Operamini-Phone-Ua","X-Options","X-Orange-Id","X-Orchestra-Scheme","X-Orig-Client","X-Original-Host","X-Original-Http-Command","X-Original-Remote-Addr","X-Original-Url","X-Original-User-Agent","X-Originally-Forwarded-For","X-Originally-Forwarded-Proto","X-Originating-Ip","X-Originating-IP","X-Os-Prefs","X-Overlay","X-Pagelet-Fragment","X-Password","X-Phabricator-Csrf","X-Phpbb-Using-Plupload","X-Pjax","X-Pjax-Container","X-Prototype-Version","X-Proxy-Url","X-Pswd","X-Purpose","X-Qafoo-Profiler","X-Real-Ip","X-Remote-Addr","X-Remote-IP","X-Remote-Protocol","X-Render-Partial","X-Request","X-Request-ID","X-Request-Id","X-Request-Signature","X-Request-Start","X-Request-Timestamp","X-Requested-With","X-Response-Format","X-Rest-Cors","X-Rest-Password","X-Rest-Username","X-Rewrite-Url","X-Sakura-Forwarded-For","X-Scalr-Auth-Key","X-Scalr-Auth-Token","X-Scalr-Env-Id","X-Scanner","X-Scheme","X-Screen-Height","X-Screen-Width","X-Sendfile-Type","X-Serial-Number","X-Serialize","X-Server-Id","X-Server-Name","X-Server-Port","X-Signature","X-Sina-Proxyuser","X-Skyfire-Phone","X-Skyfire-Screen","X-Ssl","X-Subdomain","X-Te","X-Teamsite-Preremap","X-Test-Session-Id","X-Timer","X-Tine20-Jsonkey","X-Tine20-Request-Type","X-Tomboy-Client","X-Tor","X-Twilio-Signature","X-Ua-Device","X-Ucbrowser-Device-Ua","X-UIDH","X-Uidh","X-Unique-Id","X-Uniquewcid","X-Up-Calling-Line-Id","X-Up-Devcap-Iscolor","X-Up-Devcap-Screendepth","X-Up-Devcap-Screenpixels","X-Up-Subno","X-Update","X-Update-Range","X-Upload-Maxresolution","X-Upload-Name","X-Upload-Size","X-Upload-Type","X-Url-Scheme","X-User","X-User-Agent","X-Username","X-Varnish","X-Verify-Credentials-Authorization","X-Vodafone-3gpdpcontext","X-Wap-Client-Sdu-Size","X-Wap-Clientid","X-Wap-Gateway","X-Wap-Network-Client-Ip","X-Wap-Network-Client-Msisdn","X-Wap-Profile","X-Wap-Proxy-Cookie","X-Wap-Session-Id","X-Wap-Tod","X-Wap-Tod-Coded","X-Whatever","X-Wikimedia-Debug","X-Wp-Nonce","X-Wp-Pjax-Prefetch","X-Ws-Api-Key","X-Xc-Schema-Version","X-Xhprof-Debug","X-Xhr-Referer","X-Xmlhttprequest","X-Xpid","X-Zikula-Ajax-Token","X-Zotero-Version","X-Ztgo-Bearerinfo","X_alto_ajax_key","Xauthorization","Xonnection","Xpdb-Debugger","Xproxy","Xroxy-Connection","Xxx-Real-Ip","Xxxxxxxxxxxxxxx","Y","Zotero-Api-Version","Zotero-Write-Token","Accept-Patch","Alt-Svc","Delta-Base","ETag","IM","P3P","WWW-Authenticate","X-Frame-Options","X-HTTP-Method-Override","x-wap-profile","Accept-CH","Accept-CH-Lifetime","Clear-Site-Data","Cross-Origin-Resource-Policy","DPR","Device-Memory","Early-Data","Expect-CT","Feature-Policy","Sec-Fetch-Dest","Sec-Fetch-Mode","Sec-Fetch-Site","Sec-Fetch-User","Sec-WebSocket-Accept","Server-Timing","SourceMap","Want-Digest","X-DNS-Prefetch-Control","X-ProxyUser-Ip","X-XSS-Protection"));
22 | //List of current text areas
23 | private ArrayList listeners = new ArrayList<>();
24 |
25 |
26 | /**
27 | * Generate the singleton
28 | */
29 | private ExtensionState() {
30 | autoCompleterTab = new AutoCompleterTab();
31 | for(String keyword : keywords){
32 | autoCompleterTab.addKeywordToList(keyword);
33 | }
34 | }
35 |
36 | /**
37 | * Set burp callbacks
38 | * @param callbacks the callbacks
39 | */
40 | static void setCallbacks(IBurpExtenderCallbacks callbacks) {
41 | getInstance().callbacks = callbacks;
42 | }
43 |
44 | /**
45 | * Get the burp callback object
46 | * @return bur callback object
47 | */
48 | IBurpExtenderCallbacks getCallbacks() {
49 | return getInstance().callbacks;
50 | }
51 |
52 | /**
53 | * Get UI object
54 | * @return our custom UI tab
55 | */
56 | AutoCompleterTab getAutoCompleterTab() {
57 | return getInstance().autoCompleterTab;
58 | }
59 |
60 | /**
61 | * Get a handle to this state object
62 | * @return this state object
63 | */
64 | static ExtensionState getInstance() {
65 | if(instance==null) {
66 | instance = new ExtensionState();
67 | }
68 | return instance;
69 | }
70 |
71 | /**
72 | * Get the current list of autocomplete words
73 | * @return the current list of autocomplete words
74 | */
75 | ArrayList getKeywords() {
76 | return getInstance().keywords;
77 | }
78 |
79 | /**
80 | * Get the current list of document listeners
81 | * @return the current list of document listeners
82 | */
83 | ArrayList getListeners() {
84 | return getInstance().listeners;
85 | }
86 |
87 | /**
88 | * Add a new listener to the current list of document listeners
89 | */
90 | void addListener(AutoCompleter autoCompleter) {
91 | getInstance().listeners.add(autoCompleter);
92 | }
93 |
94 | }
--------------------------------------------------------------------------------
/target/BurpSuiteAutoComplete.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Static-Flow/BurpSuiteAutoCompletion/e8d81d971469c4e22149a84c3574540219d70174/target/BurpSuiteAutoComplete.jar
--------------------------------------------------------------------------------