├── manifest.mf ├── nbproject ├── private │ ├── private.properties │ └── private.xml ├── genfiles.properties ├── project.xml └── project.properties ├── src ├── simple │ ├── JSONAware.java │ ├── JSONStreamAware.java │ ├── parser │ │ ├── ContainerFactory.java │ │ ├── Yytoken.java │ │ ├── ParseException.java │ │ ├── ContentHandler.java │ │ ├── JSONParser.java │ │ └── Yylex.java │ ├── ItemList.java │ ├── JSONObject.java │ ├── JSONValue.java │ └── JSONArray.java ├── burp │ ├── BurpExtender.java │ ├── IScopeChangeListener.java │ ├── IHttpRequestResponsePersisted.java │ ├── IIntruderAttack.java │ ├── ITempFile.java │ ├── IExtensionStateListener.java │ ├── IBurpExtender.java │ ├── IScannerListener.java │ ├── IHttpService.java │ ├── ITab.java │ ├── IMenuItemHandler.java │ ├── IProxyListener.java │ ├── IBurpCollaboratorInteraction.java │ ├── IContextMenuFactory.java │ ├── IScannerInsertionPointProvider.java │ ├── IHttpListener.java │ ├── IIntruderPayloadGeneratorFactory.java │ ├── IMessageEditorTabFactory.java │ ├── IIntruderPayloadProcessor.java │ ├── IHttpRequestResponseWithMarkers.java │ ├── IIntruderPayloadGenerator.java │ ├── ICookie.java │ ├── IMessageEditorController.java │ ├── IResponseKeywords.java │ ├── ISessionHandlingAction.java │ ├── IResponseInfo.java │ ├── IResponseVariations.java │ ├── IMessageEditor.java │ ├── IScanQueueItem.java │ ├── IRequestInfo.java │ ├── ITextEditor.java │ ├── IHttpRequestResponse.java │ ├── IParameter.java │ ├── IBurpCollaboratorClientContext.java │ ├── IScannerCheck.java │ ├── IMessageEditorTab.java │ ├── IScanIssue.java │ ├── IInterceptedProxyMessage.java │ ├── IContextMenuInvocation.java │ ├── IScannerInsertionPoint.java │ └── IExtensionHelpers.java └── filewriter │ └── BurpFileWriter.java ├── README.md └── dist └── README.TXT /manifest.mf: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | X-COMMENT: Main-Class will be added automatically by build 3 | 4 | -------------------------------------------------------------------------------- /nbproject/private/private.properties: -------------------------------------------------------------------------------- 1 | user.properties.file=/home/arturs/.netbeans/12.2/build.properties 2 | -------------------------------------------------------------------------------- /src/simple/JSONAware.java: -------------------------------------------------------------------------------- 1 | package org.json.simple; 2 | 3 | /** 4 | * Beans that support customized output of JSON text shall implement this interface. 5 | * @author FangYidong 6 | */ 7 | public interface JSONAware { 8 | /** 9 | * @return JSON text 10 | */ 11 | String toJSONString(); 12 | } 13 | -------------------------------------------------------------------------------- /src/simple/JSONStreamAware.java: -------------------------------------------------------------------------------- 1 | package org.json.simple; 2 | 3 | import java.io.IOException; 4 | import java.io.Writer; 5 | 6 | /** 7 | * Beans that support customized output of JSON text to a writer shall implement this interface. 8 | * @author FangYidong 9 | */ 10 | public interface JSONStreamAware { 11 | /** 12 | * write JSON string to out. 13 | */ 14 | void writeJSONString(Writer out) throws IOException; 15 | } 16 | -------------------------------------------------------------------------------- /nbproject/genfiles.properties: -------------------------------------------------------------------------------- 1 | build.xml.data.CRC32=e4e8c833 2 | build.xml.script.CRC32=a4a3e332 3 | build.xml.stylesheet.CRC32=f85dc8f2@1.97.0.48 4 | # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. 5 | # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. 6 | nbproject/build-impl.xml.data.CRC32=e4e8c833 7 | nbproject/build-impl.xml.script.CRC32=d05e5717 8 | nbproject/build-impl.xml.stylesheet.CRC32=d549e5cc@1.97.0.48 9 | -------------------------------------------------------------------------------- /nbproject/project.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | org.netbeans.modules.java.j2seproject 4 | 5 | 6 | FileWriter 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/burp/BurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.awt.Component; 4 | import filewriter.BurpFileWriter; 5 | 6 | public class BurpExtender implements IBurpExtender { 7 | 8 | private IExtensionHelpers helpers; 9 | 10 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { 11 | BurpFileWriter.callbacks = callbacks; 12 | // set our extension name 13 | callbacks.setExtensionName(BurpFileWriter.extensionName); 14 | this.helpers = callbacks.getHelpers(); 15 | callbacks.registerHttpListener(new BurpFileWriter(callbacks)); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /nbproject/private/private.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | file:/var/www/hackoverviewer-burp-extension/src/burp/BurpExtender.java 7 | file:/var/www/hackoverviewer-burp-extension/src/filewriter/BurpFileWriter.java 8 | file:/var/www/hackoverviewer-burp-extension/src/simple/ItemList.java 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/simple/parser/ContainerFactory.java: -------------------------------------------------------------------------------- 1 | package org.json.simple.parser; 2 | 3 | import java.util.List; 4 | import java.util.Map; 5 | 6 | /** 7 | * Container factory for creating containers for JSON object and JSON array. 8 | * 9 | * @see org.json.simple.parser.JSONParser#parse(java.io.Reader, ContainerFactory) 10 | * 11 | * @author FangYidong 12 | */ 13 | public interface ContainerFactory { 14 | /** 15 | * @return A Map instance to store JSON object, or null if you want to use org.json.simple.JSONObject. 16 | */ 17 | Map createObjectContainer(); 18 | 19 | /** 20 | * @return A List instance to store JSON array, or null if you want to use org.json.simple.JSONArray. 21 | */ 22 | List creatArrayContainer(); 23 | } 24 | -------------------------------------------------------------------------------- /src/burp/IScopeChangeListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScopeChangeListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register 15 | * a scope change listener. The listener will be notified whenever a change 16 | * occurs to Burp's suite-wide target scope. 17 | */ 18 | public interface IScopeChangeListener 19 | { 20 | /** 21 | * This method is invoked whenever a change occurs to Burp's suite-wide 22 | * target scope. 23 | */ 24 | void scopeChanged(); 25 | } 26 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponsePersisted.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponsePersisted.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for an 14 | * IHttpRequestResponse object whose request and response messages 15 | * have been saved to temporary files using 16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles(). 17 | */ 18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse 19 | { 20 | /** 21 | * This method is deprecated and no longer performs any action. 22 | */ 23 | @Deprecated 24 | void deleteTempFiles(); 25 | } 26 | -------------------------------------------------------------------------------- /src/burp/IIntruderAttack.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderAttack.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an Intruder attack. 14 | */ 15 | public interface IIntruderAttack 16 | { 17 | /** 18 | * This method is used to retrieve the HTTP service for the attack. 19 | * 20 | * @return The HTTP service for the attack. 21 | */ 22 | IHttpService getHttpService(); 23 | 24 | /** 25 | * This method is used to retrieve the request template for the attack. 26 | * 27 | * @return The request template for the attack. 28 | */ 29 | byte[] getRequestTemplate(); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Burp File Writer Extension

2 | 3 |

This burp extension writes all your requests in your burp software directory /filewriter folder that you can use later to do automated file scanning, etc.

4 | 5 | ## Key Features 6 | 7 | * Writes requests in to folder 8 | * Writes requests / response data in to folder into .data file 9 | 10 | ## Known issues 11 | 12 | * Long URL's trigger error: filename to long 13 | 14 | ## Download 15 | 16 | You can [download](https://github.com/arturssmirnovs/burp-file-writer-extension/releases/tag/1.0) the latest version here. 17 | 18 | ## Demo 19 | 20 | [Watch demo video](https://youtu.be/fCTL4Na1rYY) 21 | 22 | ## Credits 23 | 24 | This software uses the following open source packages: 25 | 26 | - [Burp Extender](https://portswigger.net/burp/documentation/desktop/tools/extender) 27 | - [Simple Json java](https://code.google.com/archive/p/json-simple/) 28 | 29 | ## License 30 | 31 | MIT 32 | -------------------------------------------------------------------------------- /src/burp/ITempFile.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITempFile.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details of a temporary file that has been 14 | * created via a call to 15 | * IBurpExtenderCallbacks.saveToTempFile(). 16 | * 17 | */ 18 | public interface ITempFile 19 | { 20 | /** 21 | * This method is used to retrieve the contents of the buffer that was saved 22 | * in the temporary file. 23 | * 24 | * @return The contents of the buffer that was saved in the temporary file. 25 | */ 26 | byte[] getBuffer(); 27 | 28 | /** 29 | * This method is deprecated and no longer performs any action. 30 | */ 31 | @Deprecated 32 | void delete(); 33 | } 34 | -------------------------------------------------------------------------------- /src/burp/IExtensionStateListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionStateListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to 15 | * register an extension state listener. The listener will be notified of 16 | * changes to the extension's state. Note: Any extensions that start 17 | * background threads or open system resources (such as files or database 18 | * connections) should register a listener and terminate threads / close 19 | * resources when the extension is unloaded. 20 | */ 21 | public interface IExtensionStateListener 22 | { 23 | /** 24 | * This method is called when the extension is unloaded. 25 | */ 26 | void extensionUnloaded(); 27 | } 28 | -------------------------------------------------------------------------------- /src/burp/IBurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtender.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * All extensions must implement this interface. 14 | * 15 | * Implementations must be called BurpExtender, in the package burp, must be 16 | * declared public, and must provide a default (public, no-argument) 17 | * constructor. 18 | */ 19 | public interface IBurpExtender 20 | { 21 | /** 22 | * This method is invoked when the extension is loaded. It registers an 23 | * instance of the 24 | * IBurpExtenderCallbacks interface, providing methods that may 25 | * be invoked by the extension to perform various actions. 26 | * 27 | * @param callbacks An 28 | * IBurpExtenderCallbacks object. 29 | */ 30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); 31 | } 32 | -------------------------------------------------------------------------------- /src/burp/IScannerListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScannerListener() to register a 15 | * Scanner listener. The listener will be notified of new issues that are 16 | * reported by the Scanner tool. Extensions can perform custom analysis or 17 | * logging of Scanner issues by registering a Scanner listener. 18 | */ 19 | public interface IScannerListener 20 | { 21 | /** 22 | * This method is invoked when a new issue is added to Burp Scanner's 23 | * results. 24 | * 25 | * @param issue An 26 | * IScanIssue object that the extension can query to obtain 27 | * details about the new issue. 28 | */ 29 | void newScanIssue(IScanIssue issue); 30 | } 31 | -------------------------------------------------------------------------------- /src/burp/IHttpService.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpService.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to provide details about an HTTP service, to which 14 | * HTTP requests can be sent. 15 | */ 16 | public interface IHttpService 17 | { 18 | /** 19 | * This method returns the hostname or IP address for the service. 20 | * 21 | * @return The hostname or IP address for the service. 22 | */ 23 | String getHost(); 24 | 25 | /** 26 | * This method returns the port number for the service. 27 | * 28 | * @return The port number for the service. 29 | */ 30 | int getPort(); 31 | 32 | /** 33 | * This method returns the protocol for the service. 34 | * 35 | * @return The protocol for the service. Expected values are "http" or 36 | * "https". 37 | */ 38 | String getProtocol(); 39 | } 40 | -------------------------------------------------------------------------------- /src/burp/ITab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide Burp with details of a custom tab that will 16 | * be added to Burp's UI, using a method such as 17 | * IBurpExtenderCallbacks.addSuiteTab(). 18 | */ 19 | public interface ITab 20 | { 21 | /** 22 | * Burp uses this method to obtain the caption that should appear on the 23 | * custom tab when it is displayed. 24 | * 25 | * @return The caption that should appear on the custom tab when it is 26 | * displayed. 27 | */ 28 | String getTabCaption(); 29 | 30 | /** 31 | * Burp uses this method to obtain the component that should be used as the 32 | * contents of the custom tab when it is displayed. 33 | * 34 | * @return The component that should be used as the contents of the custom 35 | * tab when it is displayed. 36 | */ 37 | Component getUiComponent(); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/IMenuItemHandler.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMenuItemHandler.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom 15 | * context menu item. 16 | * 17 | * @deprecated Use 18 | * IContextMenuFactory instead. 19 | */ 20 | @Deprecated 21 | public interface IMenuItemHandler 22 | { 23 | /** 24 | * This method is invoked by Burp Suite when the user clicks on a custom 25 | * menu item which the extension has registered with Burp. 26 | * 27 | * @param menuItemCaption The caption of the menu item which was clicked. 28 | * This parameter enables extensions to provide a single implementation 29 | * which handles multiple different menu items. 30 | * @param messageInfo Details of the HTTP message(s) for which the context 31 | * menu was displayed. 32 | */ 33 | void menuItemClicked( 34 | String menuItemCaption, 35 | IHttpRequestResponse[] messageInfo); 36 | } 37 | -------------------------------------------------------------------------------- /dist/README.TXT: -------------------------------------------------------------------------------- 1 | ======================== 2 | BUILD OUTPUT DESCRIPTION 3 | ======================== 4 | 5 | When you build an Java application project that has a main class, the IDE 6 | automatically copies all of the JAR 7 | files on the projects classpath to your projects dist/lib folder. The IDE 8 | also adds each of the JAR files to the Class-Path element in the application 9 | JAR files manifest file (MANIFEST.MF). 10 | 11 | To run the project from the command line, go to the dist folder and 12 | type the following: 13 | 14 | java -jar "FileWriter.jar" 15 | 16 | To distribute this project, zip up the dist folder (including the lib folder) 17 | and distribute the ZIP file. 18 | 19 | Notes: 20 | 21 | * If two JAR files on the project classpath have the same name, only the first 22 | JAR file is copied to the lib folder. 23 | * Only JAR files are copied to the lib folder. 24 | If the classpath contains other types of files or folders, these files (folders) 25 | are not copied. 26 | * If a library on the projects classpath also has a Class-Path element 27 | specified in the manifest,the content of the Class-Path element has to be on 28 | the projects runtime path. 29 | * To set a main class in a standard Java project, right-click the project node 30 | in the Projects window and choose Properties. Then click Run and enter the 31 | class name in the Main Class field. Alternatively, you can manually type the 32 | class name in the manifest Main-Class element. 33 | -------------------------------------------------------------------------------- /src/burp/IProxyListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IProxyListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerProxyListener() to register a 15 | * Proxy listener. The listener will be notified of requests and responses being 16 | * processed by the Proxy tool. Extensions can perform custom analysis or 17 | * modification of these messages, and control in-UI message interception, by 18 | * registering a proxy listener. 19 | */ 20 | public interface IProxyListener 21 | { 22 | /** 23 | * This method is invoked when an HTTP message is being processed by the 24 | * Proxy. 25 | * 26 | * @param messageIsRequest Indicates whether the HTTP message is a request 27 | * or a response. 28 | * @param message An 29 | * IInterceptedProxyMessage object that extensions can use to 30 | * query and update details of the message, and control whether the message 31 | * should be intercepted and displayed to the user for manual review or 32 | * modification. 33 | */ 34 | void processProxyMessage( 35 | boolean messageIsRequest, 36 | IInterceptedProxyMessage message); 37 | } 38 | -------------------------------------------------------------------------------- /src/burp/IBurpCollaboratorInteraction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpCollaboratorInteraction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Map; 13 | 14 | /** 15 | * This interface represents a network interaction that occurred with the Burp 16 | * Collaborator server. 17 | */ 18 | public interface IBurpCollaboratorInteraction 19 | { 20 | 21 | /** 22 | * This method is used to retrieve a property of the interaction. Properties 23 | * of all interactions are: interaction_id, type, client_ip, and time_stamp. 24 | * Properties of DNS interactions are: query_type and raw_query. The 25 | * raw_query value is Base64-encoded. Properties of HTTP interactions are: 26 | * protocol, request, and response. The request and response values are 27 | * Base64-encoded. 28 | * 29 | * @param name The name of the property to retrieve. 30 | * @return A string representing the property value, or null if not present. 31 | */ 32 | String getProperty(String name); 33 | 34 | /** 35 | * This method is used to retrieve a map containing all properties of the 36 | * interaction. 37 | * 38 | * @return A map containing all properties of the interaction. 39 | */ 40 | Map getProperties(); 41 | } 42 | -------------------------------------------------------------------------------- /src/burp/IContextMenuFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | 13 | import javax.swing.JMenuItem; 14 | import java.util.List; 15 | 16 | /** 17 | * Extensions can implement this interface and then call 18 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register 19 | * a factory for custom context menu items. 20 | */ 21 | public interface IContextMenuFactory 22 | { 23 | /** 24 | * This method will be called by Burp when the user invokes a context menu 25 | * anywhere within Burp. The factory can then provide any custom context 26 | * menu items that should be displayed in the context menu, based on the 27 | * details of the menu invocation. 28 | * 29 | * @param invocation An object that implements the 30 | * IContextMenuFactory interface, which the extension can 31 | * query to obtain details of the context menu invocation. 32 | * @return A list of custom menu items (which may include sub-menus, 33 | * checkbox menu items, etc.) that should be displayed. Extensions may 34 | * return 35 | * null from this method, to indicate that no menu items are 36 | * required. 37 | */ 38 | List createMenuItems(IContextMenuInvocation invocation); 39 | } 40 | -------------------------------------------------------------------------------- /src/burp/IScannerInsertionPointProvider.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPointProvider.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() 17 | * to register a factory for custom Scanner insertion points. 18 | */ 19 | public interface IScannerInsertionPointProvider 20 | { 21 | /** 22 | * When a request is actively scanned, the Scanner will invoke this method, 23 | * and the provider should provide a list of custom insertion points that 24 | * will be used in the scan. Note: these insertion points are used in 25 | * addition to those that are derived from Burp Scanner's configuration, and 26 | * those provided by any other Burp extensions. 27 | * 28 | * @param baseRequestResponse The base request that will be actively 29 | * scanned. 30 | * @return A list of 31 | * IScannerInsertionPoint objects that should be used in the 32 | * scanning, or 33 | * null if no custom insertion points are applicable for this 34 | * request. 35 | */ 36 | List getInsertionPoints( 37 | IHttpRequestResponse baseRequestResponse); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/IHttpListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerHttpListener() to register an 15 | * HTTP listener. The listener will be notified of requests and responses made 16 | * by any Burp tool. Extensions can perform custom analysis or modification of 17 | * these messages by registering an HTTP listener. 18 | */ 19 | public interface IHttpListener 20 | { 21 | /** 22 | * This method is invoked when an HTTP request is about to be issued, and 23 | * when an HTTP response has been received. 24 | * 25 | * @param toolFlag A flag indicating the Burp tool that issued the request. 26 | * Burp tool flags are defined in the 27 | * IBurpExtenderCallbacks interface. 28 | * @param messageIsRequest Flags whether the method is being invoked for a 29 | * request or response. 30 | * @param messageInfo Details of the request / response to be processed. 31 | * Extensions can call the setter methods on this object to update the 32 | * current message and so modify Burp's behavior. 33 | */ 34 | void processHttpMessage(int toolFlag, 35 | boolean messageIsRequest, 36 | IHttpRequestResponse messageInfo); 37 | } 38 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadGeneratorFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGeneratorFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() 15 | * to register a factory for custom Intruder payloads. 16 | */ 17 | public interface IIntruderPayloadGeneratorFactory 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload generator. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use extension-generated payloads. 23 | * 24 | * @return The name of the payload generator. 25 | */ 26 | String getGeneratorName(); 27 | 28 | /** 29 | * This method is used by Burp when the user starts an Intruder attack that 30 | * uses this payload generator. 31 | * 32 | * @param attack An 33 | * IIntruderAttack object that can be queried to obtain details 34 | * about the attack in which the payload generator will be used. 35 | * @return A new instance of 36 | * IIntruderPayloadGenerator that will be used to generate 37 | * payloads for the attack. 38 | */ 39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); 40 | } 41 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorTabFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTabFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to 15 | * register a factory for custom message editor tabs. This allows extensions to 16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP 17 | * editor. 18 | */ 19 | public interface IMessageEditorTabFactory 20 | { 21 | /** 22 | * Burp will call this method once for each HTTP message editor, and the 23 | * factory should provide a new instance of an 24 | * IMessageEditorTab object. 25 | * 26 | * @param controller An 27 | * IMessageEditorController object, which the new tab can query 28 | * to retrieve details about the currently displayed message. This may be 29 | * null for extension-invoked message editors where the 30 | * extension has not provided an editor controller. 31 | * @param editable Indicates whether the hosting editor is editable or 32 | * read-only. 33 | * @return A new 34 | * IMessageEditorTab object for use within the message editor. 35 | */ 36 | IMessageEditorTab createNewInstance(IMessageEditorController controller, 37 | boolean editable); 38 | } 39 | -------------------------------------------------------------------------------- /src/simple/parser/Yytoken.java: -------------------------------------------------------------------------------- 1 | /* 2 | * $Id: Yytoken.java,v 1.1 2006/04/15 14:10:48 platform Exp $ 3 | * Created on 2006-4-15 4 | */ 5 | package org.json.simple.parser; 6 | 7 | /** 8 | * @author FangYidong 9 | */ 10 | public class Yytoken { 11 | public static final int TYPE_VALUE=0;//JSON primitive value: string,number,boolean,null 12 | public static final int TYPE_LEFT_BRACE=1; 13 | public static final int TYPE_RIGHT_BRACE=2; 14 | public static final int TYPE_LEFT_SQUARE=3; 15 | public static final int TYPE_RIGHT_SQUARE=4; 16 | public static final int TYPE_COMMA=5; 17 | public static final int TYPE_COLON=6; 18 | public static final int TYPE_EOF=-1;//end of file 19 | 20 | public int type=0; 21 | public Object value=null; 22 | 23 | public Yytoken(int type,Object value){ 24 | this.type=type; 25 | this.value=value; 26 | } 27 | 28 | public String toString(){ 29 | StringBuffer sb = new StringBuffer(); 30 | switch(type){ 31 | case TYPE_VALUE: 32 | sb.append("VALUE(").append(value).append(")"); 33 | break; 34 | case TYPE_LEFT_BRACE: 35 | sb.append("LEFT BRACE({)"); 36 | break; 37 | case TYPE_RIGHT_BRACE: 38 | sb.append("RIGHT BRACE(})"); 39 | break; 40 | case TYPE_LEFT_SQUARE: 41 | sb.append("LEFT SQUARE([)"); 42 | break; 43 | case TYPE_RIGHT_SQUARE: 44 | sb.append("RIGHT SQUARE(])"); 45 | break; 46 | case TYPE_COMMA: 47 | sb.append("COMMA(,)"); 48 | break; 49 | case TYPE_COLON: 50 | sb.append("COLON(:)"); 51 | break; 52 | case TYPE_EOF: 53 | sb.append("END OF FILE"); 54 | break; 55 | } 56 | return sb.toString(); 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadProcessor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadProcessor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to 15 | * register a custom Intruder payload processor. 16 | */ 17 | public interface IIntruderPayloadProcessor 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload processor. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use an extension-provided payload processor. 23 | * 24 | * @return The name of the payload processor. 25 | */ 26 | String getProcessorName(); 27 | 28 | /** 29 | * This method is invoked by Burp each time the processor should be applied 30 | * to an Intruder payload. 31 | * 32 | * @param currentPayload The value of the payload to be processed. 33 | * @param originalPayload The value of the original payload prior to 34 | * processing by any already-applied processing rules. 35 | * @param baseValue The base value of the payload position, which will be 36 | * replaced with the current payload. 37 | * @return The value of the processed payload. This may be 38 | * null to indicate that the current payload should be skipped, 39 | * and the attack will move directly to the next payload. 40 | */ 41 | byte[] processPayload( 42 | byte[] currentPayload, 43 | byte[] originalPayload, 44 | byte[] baseValue); 45 | } 46 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponseWithMarkers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponseWithMarkers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used for an 16 | * IHttpRequestResponse object that has had markers applied. 17 | * Extensions can create instances of this interface using 18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own 19 | * implementation. Markers are used in various situations, such as specifying 20 | * Intruder payload positions, Scanner insertion points, and highlights in 21 | * Scanner issues. 22 | */ 23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse 24 | { 25 | /** 26 | * This method returns the details of the request markers. 27 | * 28 | * @return A list of index pairs representing the offsets of markers for the 29 | * request message. Each item in the list is an int[2] array containing the 30 | * start and end offsets for the marker. The method may return 31 | * null if no request markers are defined. 32 | */ 33 | List getRequestMarkers(); 34 | 35 | /** 36 | * This method returns the details of the response markers. 37 | * 38 | * @return A list of index pairs representing the offsets of markers for the 39 | * response message. Each item in the list is an int[2] array containing the 40 | * start and end offsets for the marker. The method may return 41 | * null if no response markers are defined. 42 | */ 43 | List getResponseMarkers(); 44 | } 45 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadGenerator.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGenerator.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for custom Intruder payload generators. Extensions 14 | * that have registered an 15 | * IIntruderPayloadGeneratorFactory must return a new instance of 16 | * this interface when required as part of a new Intruder attack. 17 | */ 18 | public interface IIntruderPayloadGenerator 19 | { 20 | /** 21 | * This method is used by Burp to determine whether the payload generator is 22 | * able to provide any further payloads. 23 | * 24 | * @return Extensions should return 25 | * false when all the available payloads have been used up, 26 | * otherwise 27 | * true. 28 | */ 29 | boolean hasMorePayloads(); 30 | 31 | /** 32 | * This method is used by Burp to obtain the value of the next payload. 33 | * 34 | * @param baseValue The base value of the current payload position. This 35 | * value may be 36 | * null if the concept of a base value is not applicable (e.g. 37 | * in a battering ram attack). 38 | * @return The next payload to use in the attack. 39 | */ 40 | byte[] getNextPayload(byte[] baseValue); 41 | 42 | /** 43 | * This method is used by Burp to reset the state of the payload generator 44 | * so that the next call to 45 | * getNextPayload() returns the first payload again. This 46 | * method will be invoked when an attack uses the same payload generator for 47 | * more than one payload position, for example in a sniper attack. 48 | */ 49 | void reset(); 50 | } 51 | -------------------------------------------------------------------------------- /src/burp/ICookie.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ICookie.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Date; 13 | 14 | /** 15 | * This interface is used to hold details about an HTTP cookie. 16 | */ 17 | public interface ICookie 18 | { 19 | /** 20 | * This method is used to retrieve the domain for which the cookie is in 21 | * scope. 22 | * 23 | * @return The domain for which the cookie is in scope. Note: For 24 | * cookies that have been analyzed from responses (by calling 25 | * IExtensionHelpers.analyzeResponse() and then 26 | * IResponseInfo.getCookies(), the domain will be 27 | * null if the response did not explicitly set a domain 28 | * attribute for the cookie. 29 | */ 30 | String getDomain(); 31 | 32 | /** 33 | * This method is used to retrieve the path for which the cookie is in 34 | * scope. 35 | * 36 | * @return The path for which the cookie is in scope or null if none is set. 37 | */ 38 | String getPath(); 39 | 40 | /** 41 | * This method is used to retrieve the expiration time for the cookie. 42 | * 43 | * @return The expiration time for the cookie, or 44 | * null if none is set (i.e., for non-persistent session 45 | * cookies). 46 | */ 47 | Date getExpiration(); 48 | 49 | /** 50 | * This method is used to retrieve the name of the cookie. 51 | * 52 | * @return The name of the cookie. 53 | */ 54 | String getName(); 55 | 56 | /** 57 | * This method is used to retrieve the value of the cookie. 58 | * @return The value of the cookie. 59 | */ 60 | String getValue(); 61 | } 62 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorController.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorController.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used by an 14 | * IMessageEditor to obtain details about the currently displayed 15 | * message. Extensions that create instances of Burp's HTTP message editor can 16 | * optionally provide an implementation of 17 | * IMessageEditorController, which the editor will invoke when it 18 | * requires further information about the current message (for example, to send 19 | * it to another Burp tool). Extensions that provide custom editor tabs via an 20 | * IMessageEditorTabFactory will receive a reference to an 21 | * IMessageEditorController object for each tab instance they 22 | * generate, which the tab can invoke if it requires further information about 23 | * the current message. 24 | */ 25 | public interface IMessageEditorController 26 | { 27 | /** 28 | * This method is used to retrieve the HTTP service for the current message. 29 | * 30 | * @return The HTTP service for the current message. 31 | */ 32 | IHttpService getHttpService(); 33 | 34 | /** 35 | * This method is used to retrieve the HTTP request associated with the 36 | * current message (which may itself be a response). 37 | * 38 | * @return The HTTP request associated with the current message. 39 | */ 40 | byte[] getRequest(); 41 | 42 | /** 43 | * This method is used to retrieve the HTTP response associated with the 44 | * current message (which may itself be a request). 45 | * 46 | * @return The HTTP response associated with the current message. 47 | */ 48 | byte[] getResponse(); 49 | } 50 | -------------------------------------------------------------------------------- /src/burp/IResponseKeywords.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseKeywords.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to represent the counts of keywords appearing in a 16 | * number of HTTP responses. 17 | */ 18 | public interface IResponseKeywords 19 | { 20 | 21 | /** 22 | * This method is used to obtain the list of keywords whose counts vary 23 | * between the analyzed responses. 24 | * 25 | * @return The keywords whose counts vary between the analyzed responses. 26 | */ 27 | List getVariantKeywords(); 28 | 29 | /** 30 | * This method is used to obtain the list of keywords whose counts do not 31 | * vary between the analyzed responses. 32 | * 33 | * @return The keywords whose counts do not vary between the analyzed 34 | * responses. 35 | */ 36 | List getInvariantKeywords(); 37 | 38 | /** 39 | * This method is used to obtain the number of occurrences of an individual 40 | * keyword in a response. 41 | * 42 | * @param keyword The keyword whose count will be retrieved. 43 | * @param responseIndex The index of the response. Note responses are 44 | * indexed from zero in the order they were originally supplied to the 45 | * IExtensionHelpers.analyzeResponseKeywords() and 46 | * IResponseKeywords.updateWith() methods. 47 | * @return The number of occurrences of the specified keyword for the 48 | * specified response. 49 | */ 50 | int getKeywordCount(String keyword, int responseIndex); 51 | 52 | /** 53 | * This method is used to update the analysis based on additional responses. 54 | * 55 | * @param responses The new responses to include in the analysis. 56 | */ 57 | void updateWith(byte[]... responses); 58 | } 59 | -------------------------------------------------------------------------------- /src/burp/ISessionHandlingAction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ISessionHandlingAction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to 15 | * register a custom session handling action. Each registered action will be 16 | * available within the session handling rule UI for the user to select as a 17 | * rule action. Users can choose to invoke an action directly in its own right, 18 | * or following execution of a macro. 19 | */ 20 | public interface ISessionHandlingAction 21 | { 22 | /** 23 | * This method is used by Burp to obtain the name of the session handling 24 | * action. This will be displayed as an option within the session handling 25 | * rule editor when the user selects to execute an extension-provided 26 | * action. 27 | * 28 | * @return The name of the action. 29 | */ 30 | String getActionName(); 31 | 32 | /** 33 | * This method is invoked when the session handling action should be 34 | * executed. This may happen as an action in its own right, or as a 35 | * sub-action following execution of a macro. 36 | * 37 | * @param currentRequest The base request that is currently being processed. 38 | * The action can query this object to obtain details about the base 39 | * request. It can issue additional requests of its own if necessary, and 40 | * can use the setter methods on this object to update the base request. 41 | * @param macroItems If the action is invoked following execution of a 42 | * macro, this parameter contains the result of executing the macro. 43 | * Otherwise, it is 44 | * null. Actions can use the details of the macro items to 45 | * perform custom analysis of the macro to derive values of non-standard 46 | * session handling tokens, etc. 47 | */ 48 | void performAction( 49 | IHttpRequestResponse currentRequest, 50 | IHttpRequestResponse[] macroItems); 51 | } 52 | -------------------------------------------------------------------------------- /src/burp/IResponseInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to retrieve key details about an HTTP response. 16 | * Extensions can obtain an 17 | * IResponseInfo object for a given response by calling 18 | * IExtensionHelpers.analyzeResponse(). 19 | */ 20 | public interface IResponseInfo 21 | { 22 | /** 23 | * This method is used to obtain the HTTP headers contained in the response. 24 | * 25 | * @return The HTTP headers contained in the response. 26 | */ 27 | List getHeaders(); 28 | 29 | /** 30 | * This method is used to obtain the offset within the response where the 31 | * message body begins. 32 | * 33 | * @return The offset within the response where the message body begins. 34 | */ 35 | int getBodyOffset(); 36 | 37 | /** 38 | * This method is used to obtain the HTTP status code contained in the 39 | * response. 40 | * 41 | * @return The HTTP status code contained in the response. 42 | */ 43 | short getStatusCode(); 44 | 45 | /** 46 | * This method is used to obtain details of the HTTP cookies set in the 47 | * response. 48 | * 49 | * @return A list of ICookie objects representing the cookies 50 | * set in the response, if any. 51 | */ 52 | List getCookies(); 53 | 54 | /** 55 | * This method is used to obtain the MIME type of the response, as stated in 56 | * the HTTP headers. 57 | * 58 | * @return A textual label for the stated MIME type, or an empty String if 59 | * this is not known or recognized. The possible labels are the same as 60 | * those used in the main Burp UI. 61 | */ 62 | String getStatedMimeType(); 63 | 64 | /** 65 | * This method is used to obtain the MIME type of the response, as inferred 66 | * from the contents of the HTTP message body. 67 | * 68 | * @return A textual label for the inferred MIME type, or an empty String if 69 | * this is not known or recognized. The possible labels are the same as 70 | * those used in the main Burp UI. 71 | */ 72 | String getInferredMimeType(); 73 | } 74 | -------------------------------------------------------------------------------- /src/burp/IResponseVariations.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseVariations.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to represent variations between a number HTTP 16 | * responses, according to various attributes. 17 | */ 18 | public interface IResponseVariations 19 | { 20 | 21 | /** 22 | * This method is used to obtain the list of attributes that vary between 23 | * the analyzed responses. 24 | * 25 | * @return The attributes that vary between the analyzed responses. 26 | */ 27 | List getVariantAttributes(); 28 | 29 | /** 30 | * This method is used to obtain the list of attributes that do not vary 31 | * between the analyzed responses. 32 | * 33 | * @return The attributes that do not vary between the analyzed responses. 34 | */ 35 | List getInvariantAttributes(); 36 | 37 | /** 38 | * This method is used to obtain the value of an individual attribute in a 39 | * response. Note that the values of some attributes are intrinsically 40 | * meaningful (e.g. a word count) while the values of others are less so 41 | * (e.g. a checksum of the HTML tag names). 42 | * 43 | * @param attributeName The name of the attribute whose value will be 44 | * retrieved. Extension authors can obtain the list of supported attributes 45 | * by generating an IResponseVariations object for a single 46 | * response and calling 47 | * IResponseVariations.getInvariantAttributes(). 48 | * @param responseIndex The index of the response. Note that responses are 49 | * indexed from zero in the order they were originally supplied to the 50 | * IExtensionHelpers.analyzeResponseVariations() and 51 | * IResponseVariations.updateWith() methods. 52 | * @return The value of the specified attribute for the specified response. 53 | */ 54 | int getAttributeValue(String attributeName, int responseIndex); 55 | 56 | /** 57 | * This method is used to update the analysis based on additional responses. 58 | * 59 | * @param responses The new responses to include in the analysis. 60 | */ 61 | void updateWith(byte[]... responses); 62 | } 63 | -------------------------------------------------------------------------------- /src/burp/IMessageEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's HTTP 16 | * message editor, for the extension to use in its own UI. Extensions should 17 | * call IBurpExtenderCallbacks.createMessageEditor() to obtain an 18 | * instance of this interface. 19 | */ 20 | public interface IMessageEditor 21 | { 22 | 23 | /** 24 | * This method returns the UI component of the editor, for extensions to add 25 | * to their own UI. 26 | * 27 | * @return The UI component of the editor. 28 | */ 29 | Component getComponent(); 30 | 31 | /** 32 | * This method is used to display an HTTP message in the editor. 33 | * 34 | * @param message The HTTP message to be displayed. 35 | * @param isRequest Flags whether the message is an HTTP request or 36 | * response. 37 | */ 38 | void setMessage(byte[] message, boolean isRequest); 39 | 40 | /** 41 | * This method is used to retrieve the currently displayed message, which 42 | * may have been modified by the user. 43 | * 44 | * @return The currently displayed HTTP message. 45 | */ 46 | byte[] getMessage(); 47 | 48 | /** 49 | * This method is used to determine whether the current message has been 50 | * modified by the user. 51 | * 52 | * @return An indication of whether the current message has been modified by 53 | * the user since it was first displayed. 54 | */ 55 | boolean isMessageModified(); 56 | 57 | /** 58 | * This method returns the data that is currently selected by the user. 59 | * 60 | * @return The data that is currently selected by the user, or 61 | * null if no selection is made. 62 | */ 63 | byte[] getSelectedData(); 64 | 65 | /** 66 | * This method can be used to retrieve the bounds of the user's selection 67 | * into the displayed message, if applicable. 68 | * 69 | * @return An int[2] array containing the start and end offsets of the 70 | * user's selection within the displayed message. If the user has not made 71 | * any selection in the current message, both offsets indicate the position 72 | * of the caret within the editor. For some editor views, the concept of 73 | * selection within the message does not apply, in which case this method 74 | * returns null. 75 | */ 76 | int[] getSelectionBounds(); 77 | } 78 | -------------------------------------------------------------------------------- /src/burp/IScanQueueItem.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanQueueItem.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of items in the Burp Scanner 14 | * active scan queue. Extensions can obtain references to scan queue items by 15 | * calling 16 | * IBurpExtenderCallbacks.doActiveScan(). 17 | */ 18 | public interface IScanQueueItem 19 | { 20 | /** 21 | * This method returns a description of the status of the scan queue item. 22 | * 23 | * @return A description of the status of the scan queue item. 24 | */ 25 | String getStatus(); 26 | 27 | /** 28 | * This method returns an indication of the percentage completed for the 29 | * scan queue item. 30 | * 31 | * @return An indication of the percentage completed for the scan queue 32 | * item. 33 | */ 34 | byte getPercentageComplete(); 35 | 36 | /** 37 | * This method returns the number of requests that have been made for the 38 | * scan queue item. 39 | * 40 | * @return The number of requests that have been made for the scan queue 41 | * item. 42 | */ 43 | int getNumRequests(); 44 | 45 | /** 46 | * This method returns the number of network errors that have occurred for 47 | * the scan queue item. 48 | * 49 | * @return The number of network errors that have occurred for the scan 50 | * queue item. 51 | */ 52 | int getNumErrors(); 53 | 54 | /** 55 | * This method returns the number of attack insertion points being used for 56 | * the scan queue item. 57 | * 58 | * @return The number of attack insertion points being used for the scan 59 | * queue item. 60 | */ 61 | int getNumInsertionPoints(); 62 | 63 | /** 64 | * This method allows the scan queue item to be canceled. 65 | */ 66 | void cancel(); 67 | 68 | /** 69 | * This method returns details of the issues generated for the scan queue 70 | * item. Note: different items within the scan queue may contain 71 | * duplicated versions of the same issues - for example, if the same request 72 | * has been scanned multiple times. Duplicated issues are consolidated in 73 | * the main view of scan results. Extensions can register an 74 | * IScannerListener to get details only of unique, newly 75 | * discovered Scanner issues post-consolidation. 76 | * 77 | * @return Details of the issues generated for the scan queue item. 78 | */ 79 | IScanIssue[] getIssues(); 80 | } 81 | -------------------------------------------------------------------------------- /src/burp/IRequestInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IRequestInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface is used to retrieve key details about an HTTP request. 17 | * Extensions can obtain an 18 | * IRequestInfo object for a given request by calling 19 | * IExtensionHelpers.analyzeRequest(). 20 | */ 21 | public interface IRequestInfo 22 | { 23 | /** 24 | * Used to indicate that there is no content. 25 | */ 26 | static final byte CONTENT_TYPE_NONE = 0; 27 | /** 28 | * Used to indicate URL-encoded content. 29 | */ 30 | static final byte CONTENT_TYPE_URL_ENCODED = 1; 31 | /** 32 | * Used to indicate multi-part content. 33 | */ 34 | static final byte CONTENT_TYPE_MULTIPART = 2; 35 | /** 36 | * Used to indicate XML content. 37 | */ 38 | static final byte CONTENT_TYPE_XML = 3; 39 | /** 40 | * Used to indicate JSON content. 41 | */ 42 | static final byte CONTENT_TYPE_JSON = 4; 43 | /** 44 | * Used to indicate AMF content. 45 | */ 46 | static final byte CONTENT_TYPE_AMF = 5; 47 | /** 48 | * Used to indicate unknown content. 49 | */ 50 | static final byte CONTENT_TYPE_UNKNOWN = -1; 51 | 52 | /** 53 | * This method is used to obtain the HTTP method used in the request. 54 | * 55 | * @return The HTTP method used in the request. 56 | */ 57 | String getMethod(); 58 | 59 | /** 60 | * This method is used to obtain the URL in the request. 61 | * 62 | * @return The URL in the request. 63 | */ 64 | URL getUrl(); 65 | 66 | /** 67 | * This method is used to obtain the HTTP headers contained in the request. 68 | * 69 | * @return The HTTP headers contained in the request. 70 | */ 71 | List getHeaders(); 72 | 73 | /** 74 | * This method is used to obtain the parameters contained in the request. 75 | * 76 | * @return The parameters contained in the request. 77 | */ 78 | List getParameters(); 79 | 80 | /** 81 | * This method is used to obtain the offset within the request where the 82 | * message body begins. 83 | * 84 | * @return The offset within the request where the message body begins. 85 | */ 86 | int getBodyOffset(); 87 | 88 | /** 89 | * This method is used to obtain the content type of the message body. 90 | * 91 | * @return An indication of the content type of the message body. Available 92 | * types are defined within this interface. 93 | */ 94 | byte getContentType(); 95 | } 96 | -------------------------------------------------------------------------------- /src/simple/parser/ParseException.java: -------------------------------------------------------------------------------- 1 | package org.json.simple.parser; 2 | 3 | /** 4 | * ParseException explains why and where the error occurs in source JSON text. 5 | * 6 | * @author FangYidong 7 | * 8 | */ 9 | public class ParseException extends Exception { 10 | private static final long serialVersionUID = -7880698968187728547L; 11 | 12 | public static final int ERROR_UNEXPECTED_CHAR = 0; 13 | public static final int ERROR_UNEXPECTED_TOKEN = 1; 14 | public static final int ERROR_UNEXPECTED_EXCEPTION = 2; 15 | 16 | private int errorType; 17 | private Object unexpectedObject; 18 | private int position; 19 | 20 | public ParseException(int errorType){ 21 | this(-1, errorType, null); 22 | } 23 | 24 | public ParseException(int errorType, Object unexpectedObject){ 25 | this(-1, errorType, unexpectedObject); 26 | } 27 | 28 | public ParseException(int position, int errorType, Object unexpectedObject){ 29 | this.position = position; 30 | this.errorType = errorType; 31 | this.unexpectedObject = unexpectedObject; 32 | } 33 | 34 | public int getErrorType() { 35 | return errorType; 36 | } 37 | 38 | public void setErrorType(int errorType) { 39 | this.errorType = errorType; 40 | } 41 | 42 | /** 43 | * @see org.json.simple.parser.JSONParser#getPosition() 44 | * 45 | * @return The character position (starting with 0) of the input where the error occurs. 46 | */ 47 | public int getPosition() { 48 | return position; 49 | } 50 | 51 | public void setPosition(int position) { 52 | this.position = position; 53 | } 54 | 55 | /** 56 | * @see org.json.simple.parser.Yytoken 57 | * 58 | * @return One of the following base on the value of errorType: 59 | * ERROR_UNEXPECTED_CHAR java.lang.Character 60 | * ERROR_UNEXPECTED_TOKEN org.json.simple.parser.Yytoken 61 | * ERROR_UNEXPECTED_EXCEPTION java.lang.Exception 62 | */ 63 | public Object getUnexpectedObject() { 64 | return unexpectedObject; 65 | } 66 | 67 | public void setUnexpectedObject(Object unexpectedObject) { 68 | this.unexpectedObject = unexpectedObject; 69 | } 70 | 71 | public String getMessage() { 72 | StringBuffer sb = new StringBuffer(); 73 | 74 | switch(errorType){ 75 | case ERROR_UNEXPECTED_CHAR: 76 | sb.append("Unexpected character (").append(unexpectedObject).append(") at position ").append(position).append("."); 77 | break; 78 | case ERROR_UNEXPECTED_TOKEN: 79 | sb.append("Unexpected token ").append(unexpectedObject).append(" at position ").append(position).append("."); 80 | break; 81 | case ERROR_UNEXPECTED_EXCEPTION: 82 | sb.append("Unexpected exception at position ").append(position).append(": ").append(unexpectedObject); 83 | break; 84 | default: 85 | sb.append("Unkown error at position ").append(position).append("."); 86 | break; 87 | } 88 | return sb.toString(); 89 | } 90 | } 91 | -------------------------------------------------------------------------------- /nbproject/project.properties: -------------------------------------------------------------------------------- 1 | annotation.processing.enabled=true 2 | annotation.processing.enabled.in.editor=false 3 | annotation.processing.processor.options= 4 | annotation.processing.processors.list= 5 | annotation.processing.run.all.processors=true 6 | annotation.processing.source.output=${build.generated.sources.dir}/ap-source-output 7 | build.classes.dir=${build.dir}/classes 8 | build.classes.excludes=**/*.java,**/*.form 9 | # This directory is removed when the project is cleaned: 10 | build.dir=build 11 | build.generated.dir=${build.dir}/generated 12 | build.generated.sources.dir=${build.dir}/generated-sources 13 | # Only compile against the classpath explicitly listed here: 14 | build.sysclasspath=ignore 15 | build.test.classes.dir=${build.dir}/test/classes 16 | build.test.results.dir=${build.dir}/test/results 17 | # Uncomment to specify the preferred debugger connection transport: 18 | #debug.transport=dt_socket 19 | debug.classpath=\ 20 | ${run.classpath} 21 | debug.modulepath=\ 22 | ${run.modulepath} 23 | debug.test.classpath=\ 24 | ${run.test.classpath} 25 | debug.test.modulepath=\ 26 | ${run.test.modulepath} 27 | # Files in build.classes.dir which should be excluded from distribution jar 28 | dist.archive.excludes= 29 | # This directory is removed when the project is cleaned: 30 | dist.dir=dist 31 | dist.jar=${dist.dir}/FileWriter.jar 32 | dist.javadoc.dir=${dist.dir}/javadoc 33 | excludes= 34 | includes=** 35 | jar.compress=false 36 | javac.classpath= 37 | # Space-separated list of extra javac options 38 | javac.compilerargs= 39 | javac.deprecation=false 40 | javac.external.vm=true 41 | javac.modulepath= 42 | javac.processormodulepath= 43 | javac.processorpath=\ 44 | ${javac.classpath} 45 | javac.source=1.8 46 | javac.target=1.8 47 | javac.test.classpath=\ 48 | ${javac.classpath}:\ 49 | ${build.classes.dir} 50 | javac.test.modulepath=\ 51 | ${javac.modulepath} 52 | javac.test.processorpath=\ 53 | ${javac.test.classpath} 54 | javadoc.additionalparam= 55 | javadoc.author=false 56 | javadoc.encoding=${source.encoding} 57 | javadoc.noindex=false 58 | javadoc.nonavbar=false 59 | javadoc.notree=false 60 | javadoc.private=false 61 | javadoc.splitindex=true 62 | javadoc.use=true 63 | javadoc.version=false 64 | javadoc.windowtitle= 65 | main.class=burp.DemoExtender 66 | manifest.file=manifest.mf 67 | meta.inf.dir=${src.dir}/META-INF 68 | mkdist.disabled=false 69 | platform.active=default_platform 70 | run.classpath=\ 71 | ${javac.classpath}:\ 72 | ${build.classes.dir} 73 | # Space-separated list of JVM arguments used when running the project. 74 | # You may also define separate properties like run-sys-prop.name=value instead of -Dname=value. 75 | # To set system properties for unit tests define test-sys-prop.name=value: 76 | run.jvmargs= 77 | run.modulepath=\ 78 | ${javac.modulepath} 79 | run.test.classpath=\ 80 | ${javac.test.classpath}:\ 81 | ${build.test.classes.dir} 82 | run.test.modulepath=\ 83 | ${javac.test.modulepath} 84 | source.encoding=UTF-8 85 | src.dir=src 86 | test.src.dir=test 87 | -------------------------------------------------------------------------------- /src/burp/ITextEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITextEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's raw 16 | * text editor, for the extension to use in its own UI. Extensions should call 17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance 18 | * of this interface. 19 | */ 20 | public interface ITextEditor 21 | { 22 | /** 23 | * This method returns the UI component of the editor, for extensions to add 24 | * to their own UI. 25 | * 26 | * @return The UI component of the editor. 27 | */ 28 | Component getComponent(); 29 | 30 | /** 31 | * This method is used to control whether the editor is currently editable. 32 | * This status can be toggled on and off as required. 33 | * 34 | * @param editable Indicates whether the editor should be currently 35 | * editable. 36 | */ 37 | void setEditable(boolean editable); 38 | 39 | /** 40 | * This method is used to update the currently displayed text in the editor. 41 | * 42 | * @param text The text to be displayed. 43 | */ 44 | void setText(byte[] text); 45 | 46 | /** 47 | * This method is used to retrieve the currently displayed text. 48 | * 49 | * @return The currently displayed text. 50 | */ 51 | byte[] getText(); 52 | 53 | /** 54 | * This method is used to determine whether the user has modified the 55 | * contents of the editor. 56 | * 57 | * @return An indication of whether the user has modified the contents of 58 | * the editor since the last call to 59 | * setText(). 60 | */ 61 | boolean isTextModified(); 62 | 63 | /** 64 | * This method is used to obtain the currently selected text. 65 | * 66 | * @return The currently selected text, or 67 | * null if the user has not made any selection. 68 | */ 69 | byte[] getSelectedText(); 70 | 71 | /** 72 | * This method can be used to retrieve the bounds of the user's selection 73 | * into the displayed text, if applicable. 74 | * 75 | * @return An int[2] array containing the start and end offsets of the 76 | * user's selection within the displayed text. If the user has not made any 77 | * selection in the current message, both offsets indicate the position of 78 | * the caret within the editor. 79 | */ 80 | int[] getSelectionBounds(); 81 | 82 | /** 83 | * This method is used to update the search expression that is shown in the 84 | * search bar below the editor. The editor will automatically highlight any 85 | * regions of the displayed text that match the search expression. 86 | * 87 | * @param expression The search expression. 88 | */ 89 | void setSearchExpression(String expression); 90 | } 91 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponse.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponse.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve and update details about HTTP messages. 14 | * 15 | * Note: The setter methods generally can only be used before the message 16 | * has been processed, and not in read-only contexts. The getter methods 17 | * relating to response details can only be used after the request has been 18 | * issued. 19 | */ 20 | public interface IHttpRequestResponse 21 | { 22 | /** 23 | * This method is used to retrieve the request message. 24 | * 25 | * @return The request message. 26 | */ 27 | byte[] getRequest(); 28 | 29 | /** 30 | * This method is used to update the request message. 31 | * 32 | * @param message The new request message. 33 | */ 34 | void setRequest(byte[] message); 35 | 36 | /** 37 | * This method is used to retrieve the response message. 38 | * 39 | * @return The response message. 40 | */ 41 | byte[] getResponse(); 42 | 43 | /** 44 | * This method is used to update the response message. 45 | * 46 | * @param message The new response message. 47 | */ 48 | void setResponse(byte[] message); 49 | 50 | /** 51 | * This method is used to retrieve the user-annotated comment for this item, 52 | * if applicable. 53 | * 54 | * @return The user-annotated comment for this item, or null if none is set. 55 | */ 56 | String getComment(); 57 | 58 | /** 59 | * This method is used to update the user-annotated comment for this item. 60 | * 61 | * @param comment The comment to be assigned to this item. 62 | */ 63 | void setComment(String comment); 64 | 65 | /** 66 | * This method is used to retrieve the user-annotated highlight for this 67 | * item, if applicable. 68 | * 69 | * @return The user-annotated highlight for this item, or null if none is 70 | * set. 71 | */ 72 | String getHighlight(); 73 | 74 | /** 75 | * This method is used to update the user-annotated highlight for this item. 76 | * 77 | * @param color The highlight color to be assigned to this item. Accepted 78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, 79 | * or a null String to clear any existing highlight. 80 | */ 81 | void setHighlight(String color); 82 | 83 | /** 84 | * This method is used to retrieve the HTTP service for this request / 85 | * response. 86 | * 87 | * @return An 88 | * IHttpService object containing details of the HTTP service. 89 | */ 90 | IHttpService getHttpService(); 91 | 92 | /** 93 | * This method is used to update the HTTP service for this request / 94 | * response. 95 | * 96 | * @param httpService An 97 | * IHttpService object containing details of the new HTTP 98 | * service. 99 | */ 100 | void setHttpService(IHttpService httpService); 101 | 102 | } 103 | -------------------------------------------------------------------------------- /src/simple/ItemList.java: -------------------------------------------------------------------------------- 1 | /* 2 | * $Id: ItemList.java,v 1.1 2006/04/15 14:10:48 platform Exp $ 3 | * Created on 2006-3-24 4 | */ 5 | package org.json.simple; 6 | 7 | import java.util.ArrayList; 8 | import java.util.List; 9 | import java.util.StringTokenizer; 10 | 11 | /** 12 | * |a:b:c| => |a|,|b|,|c| 13 | * |:| => ||,|| 14 | * |a:| => |a|,|| 15 | * @author FangYidong 16 | */ 17 | public class ItemList { 18 | private String sp=","; 19 | List items=new ArrayList(); 20 | 21 | 22 | public ItemList(){} 23 | 24 | 25 | public ItemList(String s){ 26 | this.split(s,sp,items); 27 | } 28 | 29 | public ItemList(String s,String sp){ 30 | this.sp=s; 31 | this.split(s,sp,items); 32 | } 33 | 34 | public ItemList(String s,String sp,boolean isMultiToken){ 35 | split(s,sp,items,isMultiToken); 36 | } 37 | 38 | public List getItems(){ 39 | return this.items; 40 | } 41 | 42 | public String[] getArray(){ 43 | return (String[])this.items.toArray(); 44 | } 45 | 46 | public void split(String s,String sp,List append,boolean isMultiToken){ 47 | if(s==null || sp==null) 48 | return; 49 | if(isMultiToken){ 50 | StringTokenizer tokens=new StringTokenizer(s,sp); 51 | while(tokens.hasMoreTokens()){ 52 | append.add(tokens.nextToken().trim()); 53 | } 54 | } 55 | else{ 56 | this.split(s,sp,append); 57 | } 58 | } 59 | 60 | public void split(String s,String sp,List append){ 61 | if(s==null || sp==null) 62 | return; 63 | int pos=0; 64 | int prevPos=0; 65 | do{ 66 | prevPos=pos; 67 | pos=s.indexOf(sp,pos); 68 | if(pos==-1) 69 | break; 70 | append.add(s.substring(prevPos,pos).trim()); 71 | pos+=sp.length(); 72 | }while(pos!=-1); 73 | append.add(s.substring(prevPos).trim()); 74 | } 75 | 76 | public void setSP(String sp){ 77 | this.sp=sp; 78 | } 79 | 80 | public void add(int i,String item){ 81 | if(item==null) 82 | return; 83 | items.add(i,item.trim()); 84 | } 85 | 86 | public void add(String item){ 87 | if(item==null) 88 | return; 89 | items.add(item.trim()); 90 | } 91 | 92 | public void addAll(ItemList list){ 93 | items.addAll(list.items); 94 | } 95 | 96 | public void addAll(String s){ 97 | this.split(s,sp,items); 98 | } 99 | 100 | public void addAll(String s,String sp){ 101 | this.split(s,sp,items); 102 | } 103 | 104 | public void addAll(String s,String sp,boolean isMultiToken){ 105 | this.split(s,sp,items,isMultiToken); 106 | } 107 | 108 | /** 109 | * @param i 0-based 110 | * @return 111 | */ 112 | public String get(int i){ 113 | return (String)items.get(i); 114 | } 115 | 116 | public int size(){ 117 | return items.size(); 118 | } 119 | 120 | public String toString(){ 121 | return toString(sp); 122 | } 123 | 124 | public String toString(String sp){ 125 | StringBuffer sb=new StringBuffer(); 126 | 127 | for(int i=0;iIBurpExtenderCallbacks.createBurpCollaboratorClientContext(). 20 | * Note that each Burp Collaborator client context is tied to the Collaborator 21 | * server configuration that was in place at the time the context was created. 22 | */ 23 | public interface IBurpCollaboratorClientContext 24 | { 25 | 26 | /** 27 | * This method is used to generate new Burp Collaborator payloads. 28 | * 29 | * @param includeCollaboratorServerLocation Specifies whether to include the 30 | * Collaborator server location in the generated payload. 31 | * @return The payload that was generated. 32 | */ 33 | String generatePayload(boolean includeCollaboratorServerLocation); 34 | 35 | /** 36 | * This method is used to retrieve all interactions received by the 37 | * Collaborator server resulting from payloads that were generated for this 38 | * context. 39 | * 40 | * @return The Collaborator interactions that have occurred resulting from 41 | * payloads that were generated for this context. 42 | */ 43 | List fetchAllCollaboratorInteractions(); 44 | 45 | /** 46 | * This method is used to retrieve interactions received by the Collaborator 47 | * server resulting from a single payload that was generated for this 48 | * context. 49 | * 50 | * @param payload The payload for which interactions will be retrieved. 51 | * @return The Collaborator interactions that have occurred resulting from 52 | * the given payload. 53 | */ 54 | List fetchCollaboratorInteractionsFor(String payload); 55 | 56 | /** 57 | * This method is used to retrieve all interactions made by Burp Infiltrator 58 | * instrumentation resulting from payloads that were generated for this 59 | * context. 60 | * 61 | * @return The interactions triggered by the Burp Infiltrator 62 | * instrumentation that have occurred resulting from payloads that were 63 | * generated for this context. 64 | */ 65 | List fetchAllInfiltratorInteractions(); 66 | 67 | /** 68 | * This method is used to retrieve interactions made by Burp Infiltrator 69 | * instrumentation resulting from a single payload that was generated for 70 | * this context. 71 | * 72 | * @param payload The payload for which interactions will be retrieved. 73 | * @return The interactions triggered by the Burp Infiltrator 74 | * instrumentation that have occurred resulting from the given payload. 75 | */ 76 | List fetchInfiltratorInteractionsFor(String payload); 77 | 78 | /** 79 | * This method is used to retrieve the network location of the Collaborator 80 | * server. 81 | * 82 | * @return The hostname or IP address of the Collaborator server. 83 | */ 84 | String getCollaboratorServerLocation(); 85 | } 86 | -------------------------------------------------------------------------------- /src/simple/parser/ContentHandler.java: -------------------------------------------------------------------------------- 1 | package org.json.simple.parser; 2 | 3 | import java.io.IOException; 4 | 5 | /** 6 | * A simplified and stoppable SAX-like content handler for stream processing of JSON text. 7 | * 8 | * @see org.xml.sax.ContentHandler 9 | * @see org.json.simple.parser.JSONParser#parse(java.io.Reader, ContentHandler, boolean) 10 | * 11 | * @author FangYidong 12 | */ 13 | public interface ContentHandler { 14 | /** 15 | * Receive notification of the beginning of JSON processing. 16 | * The parser will invoke this method only once. 17 | * 18 | * @throws ParseException 19 | * - JSONParser will stop and throw the same exception to the caller when receiving this exception. 20 | */ 21 | void startJSON() throws ParseException, IOException; 22 | 23 | /** 24 | * Receive notification of the end of JSON processing. 25 | * 26 | * @throws ParseException 27 | */ 28 | void endJSON() throws ParseException, IOException; 29 | 30 | /** 31 | * Receive notification of the beginning of a JSON object. 32 | * 33 | * @return false if the handler wants to stop parsing after return. 34 | * @throws ParseException 35 | * - JSONParser will stop and throw the same exception to the caller when receiving this exception. 36 | * @see #endJSON 37 | */ 38 | boolean startObject() throws ParseException, IOException; 39 | 40 | /** 41 | * Receive notification of the end of a JSON object. 42 | * 43 | * @return false if the handler wants to stop parsing after return. 44 | * @throws ParseException 45 | * 46 | * @see #startObject 47 | */ 48 | boolean endObject() throws ParseException, IOException; 49 | 50 | /** 51 | * Receive notification of the beginning of a JSON object entry. 52 | * 53 | * @param key - Key of a JSON object entry. 54 | * 55 | * @return false if the handler wants to stop parsing after return. 56 | * @throws ParseException 57 | * 58 | * @see #endObjectEntry 59 | */ 60 | boolean startObjectEntry(String key) throws ParseException, IOException; 61 | 62 | /** 63 | * Receive notification of the end of the value of previous object entry. 64 | * 65 | * @return false if the handler wants to stop parsing after return. 66 | * @throws ParseException 67 | * 68 | * @see #startObjectEntry 69 | */ 70 | boolean endObjectEntry() throws ParseException, IOException; 71 | 72 | /** 73 | * Receive notification of the beginning of a JSON array. 74 | * 75 | * @return false if the handler wants to stop parsing after return. 76 | * @throws ParseException 77 | * 78 | * @see #endArray 79 | */ 80 | boolean startArray() throws ParseException, IOException; 81 | 82 | /** 83 | * Receive notification of the end of a JSON array. 84 | * 85 | * @return false if the handler wants to stop parsing after return. 86 | * @throws ParseException 87 | * 88 | * @see #startArray 89 | */ 90 | boolean endArray() throws ParseException, IOException; 91 | 92 | /** 93 | * Receive notification of the JSON primitive values: 94 | * java.lang.String, 95 | * java.lang.Number, 96 | * java.lang.Boolean 97 | * null 98 | * 99 | * @param value - Instance of the following: 100 | * java.lang.String, 101 | * java.lang.Number, 102 | * java.lang.Boolean 103 | * null 104 | * 105 | * @return false if the handler wants to stop parsing after return. 106 | * @throws ParseException 107 | */ 108 | boolean primitive(Object value) throws ParseException, IOException; 109 | 110 | } 111 | -------------------------------------------------------------------------------- /src/burp/IScannerCheck.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerCheck.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a 17 | * custom Scanner check. When performing scanning, Burp will ask the check to 18 | * perform active or passive scanning on the base request, and report any 19 | * Scanner issues that are identified. 20 | */ 21 | public interface IScannerCheck 22 | { 23 | 24 | /** 25 | * The Scanner invokes this method for each base request / response that is 26 | * passively scanned. Note: Extensions should only analyze the 27 | * HTTP messages provided during passive scanning, and should not make any 28 | * new HTTP requests of their own. 29 | * 30 | * @param baseRequestResponse The base HTTP request / response that should 31 | * be passively scanned. 32 | * @return A list of IScanIssue objects, or null 33 | * if no issues are identified. 34 | */ 35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse); 36 | 37 | /** 38 | * The Scanner invokes this method for each insertion point that is actively 39 | * scanned. Extensions may issue HTTP requests as required to carry out 40 | * active scanning, and should use the 41 | * IScannerInsertionPoint object provided to build scan 42 | * requests for particular payloads. 43 | * Note: 44 | * Scan checks should submit raw non-encoded payloads to insertion points, 45 | * and the insertion point has responsibility for performing any data 46 | * encoding that is necessary given the nature and location of the insertion 47 | * point. 48 | * 49 | * @param baseRequestResponse The base HTTP request / response that should 50 | * be actively scanned. 51 | * @param insertionPoint An IScannerInsertionPoint object that 52 | * can be queried to obtain details of the insertion point being tested, and 53 | * can be used to build scan requests for particular payloads. 54 | * @return A list of IScanIssue objects, or null 55 | * if no issues are identified. 56 | */ 57 | List doActiveScan( 58 | IHttpRequestResponse baseRequestResponse, 59 | IScannerInsertionPoint insertionPoint); 60 | 61 | /** 62 | * The Scanner invokes this method when the custom Scanner check has 63 | * reported multiple issues for the same URL path. This can arise either 64 | * because there are multiple distinct vulnerabilities, or because the same 65 | * (or a similar) request has been scanned more than once. The custom check 66 | * should determine whether the issues are duplicates. In most cases, where 67 | * a check uses distinct issue names or descriptions for distinct issues, 68 | * the consolidation process will simply be a matter of comparing these 69 | * features for the two issues. 70 | * 71 | * @param existingIssue An issue that was previously reported by this 72 | * Scanner check. 73 | * @param newIssue An issue at the same URL path that has been newly 74 | * reported by this Scanner check. 75 | * @return An indication of which issue(s) should be reported in the main 76 | * Scanner results. The method should return -1 to report the 77 | * existing issue only, 0 to report both issues, and 78 | * 1 to report the new issue only. 79 | */ 80 | int consolidateDuplicateIssues( 81 | IScanIssue existingIssue, 82 | IScanIssue newIssue); 83 | } 84 | -------------------------------------------------------------------------------- /src/simple/JSONObject.java: -------------------------------------------------------------------------------- 1 | /* 2 | * $Id: JSONObject.java,v 1.1 2006/04/15 14:10:48 platform Exp $ 3 | * Created on 2006-4-10 4 | */ 5 | package org.json.simple; 6 | 7 | import java.io.IOException; 8 | import java.io.StringWriter; 9 | import java.io.Writer; 10 | import java.util.HashMap; 11 | import java.util.Iterator; 12 | import java.util.Map; 13 | 14 | /** 15 | * A JSON object. Key value pairs are unordered. JSONObject supports java.util.Map interface. 16 | * 17 | * @author FangYidong 18 | */ 19 | public class JSONObject extends HashMap implements Map, JSONAware, JSONStreamAware{ 20 | 21 | private static final long serialVersionUID = -503443796854799292L; 22 | 23 | 24 | public JSONObject() { 25 | super(); 26 | } 27 | 28 | /** 29 | * Allows creation of a JSONObject from a Map. After that, both the 30 | * generated JSONObject and the Map can be modified independently. 31 | * 32 | * @param map 33 | */ 34 | public JSONObject(Map map) { 35 | super(map); 36 | } 37 | 38 | 39 | /** 40 | * Encode a map into JSON text and write it to out. 41 | * If this map is also a JSONAware or JSONStreamAware, JSONAware or JSONStreamAware specific behaviours will be ignored at this top level. 42 | * 43 | * @see org.json.simple.JSONValue#writeJSONString(Object, Writer) 44 | * 45 | * @param map 46 | * @param out 47 | */ 48 | public static void writeJSONString(Map map, Writer out) throws IOException { 49 | if(map == null){ 50 | out.write("null"); 51 | return; 52 | } 53 | 54 | boolean first = true; 55 | Iterator iter=map.entrySet().iterator(); 56 | 57 | out.write('{'); 58 | while(iter.hasNext()){ 59 | if(first) 60 | first = false; 61 | else 62 | out.write(','); 63 | Map.Entry entry=(Map.Entry)iter.next(); 64 | out.write('\"'); 65 | out.write(escape(String.valueOf(entry.getKey()))); 66 | out.write('\"'); 67 | out.write(':'); 68 | JSONValue.writeJSONString(entry.getValue(), out); 69 | } 70 | out.write('}'); 71 | } 72 | 73 | public void writeJSONString(Writer out) throws IOException{ 74 | writeJSONString(this, out); 75 | } 76 | 77 | /** 78 | * Convert a map to JSON text. The result is a JSON object. 79 | * If this map is also a JSONAware, JSONAware specific behaviours will be omitted at this top level. 80 | * 81 | * @see org.json.simple.JSONValue#toJSONString(Object) 82 | * 83 | * @param map 84 | * @return JSON text, or "null" if map is null. 85 | */ 86 | public static String toJSONString(Map map){ 87 | final StringWriter writer = new StringWriter(); 88 | 89 | try { 90 | writeJSONString(map, writer); 91 | return writer.toString(); 92 | } catch (IOException e) { 93 | // This should never happen with a StringWriter 94 | throw new RuntimeException(e); 95 | } 96 | } 97 | 98 | public String toJSONString(){ 99 | return toJSONString(this); 100 | } 101 | 102 | public String toString(){ 103 | return toJSONString(); 104 | } 105 | 106 | public static String toString(String key,Object value){ 107 | StringBuffer sb = new StringBuffer(); 108 | sb.append('\"'); 109 | if(key == null) 110 | sb.append("null"); 111 | else 112 | JSONValue.escape(key, sb); 113 | sb.append('\"').append(':'); 114 | 115 | sb.append(JSONValue.toJSONString(value)); 116 | 117 | return sb.toString(); 118 | } 119 | 120 | /** 121 | * Escape quotes, \, /, \r, \n, \b, \f, \t and other control characters (U+0000 through U+001F). 122 | * It's the same as JSONValue.escape() only for compatibility here. 123 | * 124 | * @see org.json.simple.JSONValue#escape(String) 125 | * 126 | * @param s 127 | * @return 128 | */ 129 | public static String escape(String s){ 130 | return JSONValue.escape(s); 131 | } 132 | } 133 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorTab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * Extensions that register an 16 | * IMessageEditorTabFactory must return instances of this 17 | * interface, which Burp will use to create custom tabs within its HTTP message 18 | * editors. 19 | */ 20 | public interface IMessageEditorTab 21 | { 22 | /** 23 | * This method returns the caption that should appear on the custom tab when 24 | * it is displayed. Note: Burp invokes this method once when the tab 25 | * is first generated, and the same caption will be used every time the tab 26 | * is displayed. 27 | * 28 | * @return The caption that should appear on the custom tab when it is 29 | * displayed. 30 | */ 31 | String getTabCaption(); 32 | 33 | /** 34 | * This method returns the component that should be used as the contents of 35 | * the custom tab when it is displayed. Note: Burp invokes this 36 | * method once when the tab is first generated, and the same component will 37 | * be used every time the tab is displayed. 38 | * 39 | * @return The component that should be used as the contents of the custom 40 | * tab when it is displayed. 41 | */ 42 | Component getUiComponent(); 43 | 44 | /** 45 | * The hosting editor will invoke this method before it displays a new HTTP 46 | * message, so that the custom tab can indicate whether it should be enabled 47 | * for that message. 48 | * 49 | * @param content The message that is about to be displayed, or a zero-length 50 | * array if the existing message is to be cleared. 51 | * @param isRequest Indicates whether the message is a request or a 52 | * response. 53 | * @return The method should return 54 | * true if the custom tab is able to handle the specified 55 | * message, and so will be displayed within the editor. Otherwise, the tab 56 | * will be hidden while this message is displayed. 57 | */ 58 | boolean isEnabled(byte[] content, boolean isRequest); 59 | 60 | /** 61 | * The hosting editor will invoke this method to display a new message or to 62 | * clear the existing message. This method will only be called with a new 63 | * message if the tab has already returned 64 | * true to a call to 65 | * isEnabled() with the same message details. 66 | * 67 | * @param content The message that is to be displayed, or 68 | * null if the tab should clear its contents and disable any 69 | * editable controls. 70 | * @param isRequest Indicates whether the message is a request or a 71 | * response. 72 | */ 73 | void setMessage(byte[] content, boolean isRequest); 74 | 75 | /** 76 | * This method returns the currently displayed message. 77 | * 78 | * @return The currently displayed message. 79 | */ 80 | byte[] getMessage(); 81 | 82 | /** 83 | * This method is used to determine whether the currently displayed message 84 | * has been modified by the user. The hosting editor will always call 85 | * getMessage() before calling this method, so any pending 86 | * edits should be completed within 87 | * getMessage(). 88 | * 89 | * @return The method should return 90 | * true if the user has modified the current message since it 91 | * was first displayed. 92 | */ 93 | boolean isModified(); 94 | 95 | /** 96 | * This method is used to retrieve the data that is currently selected by 97 | * the user. 98 | * 99 | * @return The data that is currently selected by the user. This may be 100 | * null if no selection is currently made. 101 | */ 102 | byte[] getSelectedData(); 103 | } 104 | -------------------------------------------------------------------------------- /src/burp/IScanIssue.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanIssue.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of Scanner issues. Extensions can 14 | * obtain details of issues by registering an IScannerListener or 15 | * by calling IBurpExtenderCallbacks.getScanIssues(). Extensions 16 | * can also add custom Scanner issues by registering an 17 | * IScannerCheck or calling 18 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own 19 | * implementations of this interface. Note that issue descriptions and other 20 | * text generated by extensions are subject to an HTML whitelist that allows 21 | * only formatting tags and simple hyperlinks. 22 | */ 23 | public interface IScanIssue 24 | { 25 | 26 | /** 27 | * This method returns the URL for which the issue was generated. 28 | * 29 | * @return The URL for which the issue was generated. 30 | */ 31 | java.net.URL getUrl(); 32 | 33 | /** 34 | * This method returns the name of the issue type. 35 | * 36 | * @return The name of the issue type (e.g. "SQL injection"). 37 | */ 38 | String getIssueName(); 39 | 40 | /** 41 | * This method returns a numeric identifier of the issue type. See the Burp 42 | * Scanner help documentation for a listing of all the issue types. 43 | * 44 | * @return A numeric identifier of the issue type. 45 | */ 46 | int getIssueType(); 47 | 48 | /** 49 | * This method returns the issue severity level. 50 | * 51 | * @return The issue severity level. Expected values are "High", "Medium", 52 | * "Low", "Information" or "False positive". 53 | * 54 | */ 55 | String getSeverity(); 56 | 57 | /** 58 | * This method returns the issue confidence level. 59 | * 60 | * @return The issue confidence level. Expected values are "Certain", "Firm" 61 | * or "Tentative". 62 | */ 63 | String getConfidence(); 64 | 65 | /** 66 | * This method returns a background description for this type of issue. 67 | * 68 | * @return A background description for this type of issue, or 69 | * null if none applies. A limited set of HTML tags may be 70 | * used. 71 | */ 72 | String getIssueBackground(); 73 | 74 | /** 75 | * This method returns a background description of the remediation for this 76 | * type of issue. 77 | * 78 | * @return A background description of the remediation for this type of 79 | * issue, or null if none applies. A limited set of HTML tags 80 | * may be used. 81 | */ 82 | String getRemediationBackground(); 83 | 84 | /** 85 | * This method returns detailed information about this specific instance of 86 | * the issue. 87 | * 88 | * @return Detailed information about this specific instance of the issue, 89 | * or null if none applies. A limited set of HTML tags may be 90 | * used. 91 | */ 92 | String getIssueDetail(); 93 | 94 | /** 95 | * This method returns detailed information about the remediation for this 96 | * specific instance of the issue. 97 | * 98 | * @return Detailed information about the remediation for this specific 99 | * instance of the issue, or null if none applies. A limited 100 | * set of HTML tags may be used. 101 | */ 102 | String getRemediationDetail(); 103 | 104 | /** 105 | * This method returns the HTTP messages on the basis of which the issue was 106 | * generated. 107 | * 108 | * @return The HTTP messages on the basis of which the issue was generated. 109 | * Note: The items in this array should be instances of 110 | * IHttpRequestResponseWithMarkers if applicable, so that 111 | * details of the relevant portions of the request and response messages are 112 | * available. 113 | */ 114 | IHttpRequestResponse[] getHttpMessages(); 115 | 116 | /** 117 | * This method returns the HTTP service for which the issue was generated. 118 | * 119 | * @return The HTTP service for which the issue was generated. 120 | */ 121 | IHttpService getHttpService(); 122 | 123 | } 124 | -------------------------------------------------------------------------------- /src/burp/IInterceptedProxyMessage.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IInterceptedProxyMessage.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.InetAddress; 13 | 14 | /** 15 | * This interface is used to represent an HTTP message that has been intercepted 16 | * by Burp Proxy. Extensions can register an 17 | * IProxyListener to receive details of proxy messages using this 18 | * interface. * 19 | */ 20 | public interface IInterceptedProxyMessage 21 | { 22 | /** 23 | * This action causes Burp Proxy to follow the current interception rules to 24 | * determine the appropriate action to take for the message. 25 | */ 26 | static final int ACTION_FOLLOW_RULES = 0; 27 | /** 28 | * This action causes Burp Proxy to present the message to the user for 29 | * manual review or modification. 30 | */ 31 | static final int ACTION_DO_INTERCEPT = 1; 32 | /** 33 | * This action causes Burp Proxy to forward the message to the remote server 34 | * or client, without presenting it to the user. 35 | */ 36 | static final int ACTION_DONT_INTERCEPT = 2; 37 | /** 38 | * This action causes Burp Proxy to drop the message. 39 | */ 40 | static final int ACTION_DROP = 3; 41 | /** 42 | * This action causes Burp Proxy to follow the current interception rules to 43 | * determine the appropriate action to take for the message, and then make a 44 | * second call to processProxyMessage. 45 | */ 46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; 47 | /** 48 | * This action causes Burp Proxy to present the message to the user for 49 | * manual review or modification, and then make a second call to 50 | * processProxyMessage. 51 | */ 52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; 53 | /** 54 | * This action causes Burp Proxy to skip user interception, and then make a 55 | * second call to processProxyMessage. 56 | */ 57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; 58 | 59 | /** 60 | * This method retrieves a unique reference number for this 61 | * request/response. 62 | * 63 | * @return An identifier that is unique to a single request/response pair. 64 | * Extensions can use this to correlate details of requests and responses 65 | * and perform processing on the response message accordingly. 66 | */ 67 | int getMessageReference(); 68 | 69 | /** 70 | * This method retrieves details of the intercepted message. 71 | * 72 | * @return An IHttpRequestResponse object containing details of 73 | * the intercepted message. 74 | */ 75 | IHttpRequestResponse getMessageInfo(); 76 | 77 | /** 78 | * This method retrieves the currently defined interception action. The 79 | * default action is 80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are 81 | * registered, then other listeners may already have modified the 82 | * interception action before it reaches the current listener. This method 83 | * can be used to determine whether this has occurred. 84 | * 85 | * @return The currently defined interception action. Possible values are 86 | * defined within this interface. 87 | */ 88 | int getInterceptAction(); 89 | 90 | /** 91 | * This method is used to update the interception action. 92 | * 93 | * @param interceptAction The new interception action. Possible values are 94 | * defined within this interface. 95 | */ 96 | void setInterceptAction(int interceptAction); 97 | 98 | /** 99 | * This method retrieves the name of the Burp Proxy listener that is 100 | * processing the intercepted message. 101 | * 102 | * @return The name of the Burp Proxy listener that is processing the 103 | * intercepted message. The format is the same as that shown in the Proxy 104 | * Listeners UI - for example, "127.0.0.1:8080". 105 | */ 106 | String getListenerInterface(); 107 | 108 | /** 109 | * This method retrieves the client IP address from which the request for 110 | * the intercepted message was received. 111 | * 112 | * @return The client IP address from which the request for the intercepted 113 | * message was received. 114 | */ 115 | InetAddress getClientIpAddress(); 116 | } 117 | -------------------------------------------------------------------------------- /src/filewriter/BurpFileWriter.java: -------------------------------------------------------------------------------- 1 | package filewriter; 2 | 3 | import burp.IBurpExtenderCallbacks; 4 | import burp.IExtensionHelpers; 5 | import burp.IHttpListener; 6 | import burp.IHttpRequestResponse; 7 | import burp.IRequestInfo; 8 | import burp.IResponseInfo; 9 | import java.io.File; 10 | import java.io.IOException; 11 | import java.io.FileWriter; 12 | import java.util.Arrays; 13 | import org.json.simple.JSONObject; 14 | 15 | public final class BurpFileWriter implements IHttpListener { 16 | 17 | IBurpExtenderCallbacks extenderCallbacks; 18 | IExtensionHelpers extenderHelpers; 19 | IRequestInfo requestInfo; 20 | IResponseInfo responseInfo; 21 | 22 | String folder; 23 | String domainName; 24 | String url; 25 | 26 | public static IBurpExtenderCallbacks callbacks; 27 | public static String extensionName = "File Writer"; 28 | 29 | /** 30 | * Process request / response 31 | * 32 | * @param toolFlag 33 | * @param messageIsRequest 34 | * @param messageInfo 35 | */ 36 | public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { 37 | 38 | if(toolFlag == IBurpExtenderCallbacks.TOOL_PROXY && messageIsRequest == true) 39 | requestInfo = extenderHelpers.analyzeRequest(messageInfo); 40 | 41 | // checking if response is null 42 | try { 43 | int x = messageInfo.getResponse().length; 44 | } catch(Exception e) { 45 | return; 46 | } 47 | 48 | responseInfo = extenderHelpers.analyzeResponse(messageInfo.getResponse()); 49 | 50 | domainName = requestInfo.getUrl().getHost(); 51 | url = requestInfo.getUrl().toString(); 52 | 53 | JSONObject requestJsonObject = new JSONObject(); 54 | requestJsonObject.put("domain", domainName); 55 | requestJsonObject.put("url", url); 56 | requestJsonObject.put("method", requestInfo.getMethod()); 57 | requestJsonObject.put("contentType", requestInfo.getContentType()); 58 | requestJsonObject.put("headers", requestInfo.getHeaders().toString()); 59 | 60 | JSONObject responseJsonObject = new JSONObject(); 61 | 62 | responseJsonObject.put("status", String.valueOf(responseInfo.getStatusCode())); 63 | responseJsonObject.put("headers", String.valueOf(responseInfo.getHeaders())); 64 | 65 | JSONObject json = new JSONObject(); 66 | json.put("request", requestJsonObject); 67 | json.put("response", responseJsonObject); 68 | 69 | byte[] byte_Request = messageInfo.getResponse(); 70 | byte[] byte_body = Arrays.copyOfRange(byte_Request, responseInfo.getBodyOffset(), byte_Request.length);//not length-1 71 | String body = new String(byte_body); 72 | 73 | String path = folder; 74 | 75 | // create folder if don't exists 76 | createFolder(path+"/"+domainName); 77 | 78 | String filePath = url.replace(requestInfo.getUrl().getProtocol()+"://", "").replace(":"+requestInfo.getUrl().getPort(), ""); 79 | 80 | if (filePath.endsWith("/")) { 81 | filePath = filePath+"index"; 82 | } 83 | 84 | json.put("path", filePath); 85 | 86 | // write request 87 | writeToFile(path+"/"+filePath, body); 88 | 89 | // write data of request 90 | writeToFile(path+"/"+filePath+".data", json.toJSONString()); 91 | } 92 | 93 | /** 94 | * Initial script 95 | * 96 | * @param callbacks 97 | */ 98 | public BurpFileWriter(IBurpExtenderCallbacks callbacks) { 99 | extenderCallbacks = callbacks; 100 | extenderHelpers = callbacks.getHelpers(); 101 | 102 | folder = System.getProperty("user.dir")+"/filewriter"; 103 | 104 | createFolder(folder); 105 | 106 | callbacks.printOutput("Writing files to: "+folder); 107 | } 108 | 109 | /** 110 | * Create initial folder 111 | * 112 | * @param path 113 | */ 114 | public void createFolder(String path) { 115 | File theDir = new File(path); 116 | if (!theDir.exists()){ 117 | theDir.mkdirs(); 118 | } 119 | } 120 | 121 | /** 122 | * Write file to path 123 | * 124 | * @param path 125 | * @param text 126 | */ 127 | public void writeToFile(String path, String text) { 128 | try { 129 | File theDir = new File(path); 130 | if (!theDir.exists()){ 131 | theDir.getParentFile().mkdirs(); 132 | theDir.createNewFile(); 133 | } 134 | FileWriter myWriter = new FileWriter(path); 135 | myWriter.write(text); 136 | myWriter.close(); 137 | } catch (IOException e) { 138 | callbacks.printOutput(path+" : "+e.getMessage()); 139 | } 140 | } 141 | } -------------------------------------------------------------------------------- /src/burp/IContextMenuInvocation.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuInvocation.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.event.InputEvent; 13 | 14 | /** 15 | * This interface is used when Burp calls into an extension-provided 16 | * IContextMenuFactory with details of a context menu invocation. 17 | * The custom context menu factory can query this interface to obtain details of 18 | * the invocation event, in order to determine what menu items should be 19 | * displayed. 20 | */ 21 | public interface IContextMenuInvocation 22 | { 23 | /** 24 | * Used to indicate that the context menu is being invoked in a request 25 | * editor. 26 | */ 27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; 28 | /** 29 | * Used to indicate that the context menu is being invoked in a response 30 | * editor. 31 | */ 32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; 33 | /** 34 | * Used to indicate that the context menu is being invoked in a non-editable 35 | * request viewer. 36 | */ 37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; 38 | /** 39 | * Used to indicate that the context menu is being invoked in a non-editable 40 | * response viewer. 41 | */ 42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; 43 | /** 44 | * Used to indicate that the context menu is being invoked in the Target 45 | * site map tree. 46 | */ 47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4; 48 | /** 49 | * Used to indicate that the context menu is being invoked in the Target 50 | * site map table. 51 | */ 52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; 53 | /** 54 | * Used to indicate that the context menu is being invoked in the Proxy 55 | * history. 56 | */ 57 | static final byte CONTEXT_PROXY_HISTORY = 6; 58 | /** 59 | * Used to indicate that the context menu is being invoked in the Scanner 60 | * results. 61 | */ 62 | static final byte CONTEXT_SCANNER_RESULTS = 7; 63 | /** 64 | * Used to indicate that the context menu is being invoked in the Intruder 65 | * payload positions editor. 66 | */ 67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; 68 | /** 69 | * Used to indicate that the context menu is being invoked in an Intruder 70 | * attack results. 71 | */ 72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; 73 | /** 74 | * Used to indicate that the context menu is being invoked in a search 75 | * results window. 76 | */ 77 | static final byte CONTEXT_SEARCH_RESULTS = 10; 78 | 79 | /** 80 | * This method can be used to retrieve the native Java input event that was 81 | * the trigger for the context menu invocation. 82 | * 83 | * @return The InputEvent that was the trigger for the context 84 | * menu invocation. 85 | */ 86 | InputEvent getInputEvent(); 87 | 88 | /** 89 | * This method can be used to retrieve the Burp tool within which the 90 | * context menu was invoked. 91 | * 92 | * @return A flag indicating the Burp tool within which the context menu was 93 | * invoked. Burp tool flags are defined in the 94 | * IBurpExtenderCallbacks interface. 95 | */ 96 | int getToolFlag(); 97 | 98 | /** 99 | * This method can be used to retrieve the context within which the menu was 100 | * invoked. 101 | * 102 | * @return An index indicating the context within which the menu was 103 | * invoked. The indices used are defined within this interface. 104 | */ 105 | byte getInvocationContext(); 106 | 107 | /** 108 | * This method can be used to retrieve the bounds of the user's selection 109 | * into the current message, if applicable. 110 | * 111 | * @return An int[2] array containing the start and end offsets of the 112 | * user's selection in the current message. If the user has not made any 113 | * selection in the current message, both offsets indicate the position of 114 | * the caret within the editor. If the menu is not being invoked from a 115 | * message editor, the method returns null. 116 | */ 117 | int[] getSelectionBounds(); 118 | 119 | /** 120 | * This method can be used to retrieve details of the HTTP requests / 121 | * responses that were shown or selected by the user when the context menu 122 | * was invoked. 123 | * 124 | * Note: For performance reasons, the objects returned from this 125 | * method are tied to the originating context of the messages within the 126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept 127 | * panel, then the 128 | * IHttpRequestResponse returned by this method will reflect 129 | * the current contents of the interception panel, and this will change when 130 | * the current message has been forwarded or dropped. If your extension 131 | * needs to store details of the message for which the context menu has been 132 | * invoked, then you should query those details from the 133 | * IHttpRequestResponse at the time of invocation, or you 134 | * should use 135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a 136 | * persistent read-only copy of the 137 | * IHttpRequestResponse. 138 | * 139 | * @return An array of IHttpRequestResponse objects 140 | * representing the items that were shown or selected by the user when the 141 | * context menu was invoked. This method returns null if no 142 | * messages are applicable to the invocation. 143 | */ 144 | IHttpRequestResponse[] getSelectedMessages(); 145 | 146 | /** 147 | * This method can be used to retrieve details of the Scanner issues that 148 | * were selected by the user when the context menu was invoked. 149 | * 150 | * @return An array of IScanIssue objects representing the 151 | * issues that were selected by the user when the context menu was invoked. 152 | * This method returns null if no Scanner issues are applicable 153 | * to the invocation. 154 | */ 155 | IScanIssue[] getSelectedIssues(); 156 | } 157 | -------------------------------------------------------------------------------- /src/burp/IScannerInsertionPoint.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPoint.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to define an insertion point for use by active Scanner 14 | * checks. Extensions can obtain instances of this interface by registering an 15 | * IScannerCheck, or can create instances for use by Burp's own 16 | * scan checks by registering an 17 | * IScannerInsertionPointProvider. 18 | */ 19 | public interface IScannerInsertionPoint 20 | { 21 | 22 | /** 23 | * Used to indicate where the payload is inserted into the value of a URL 24 | * parameter. 25 | */ 26 | static final byte INS_PARAM_URL = 0x00; 27 | /** 28 | * Used to indicate where the payload is inserted into the value of a body 29 | * parameter. 30 | */ 31 | static final byte INS_PARAM_BODY = 0x01; 32 | /** 33 | * Used to indicate where the payload is inserted into the value of an HTTP 34 | * cookie. 35 | */ 36 | static final byte INS_PARAM_COOKIE = 0x02; 37 | /** 38 | * Used to indicate where the payload is inserted into the value of an item 39 | * of data within an XML data structure. 40 | */ 41 | static final byte INS_PARAM_XML = 0x03; 42 | /** 43 | * Used to indicate where the payload is inserted into the value of a tag 44 | * attribute within an XML structure. 45 | */ 46 | static final byte INS_PARAM_XML_ATTR = 0x04; 47 | /** 48 | * Used to indicate where the payload is inserted into the value of a 49 | * parameter attribute within a multi-part message body (such as the name of 50 | * an uploaded file). 51 | */ 52 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05; 53 | /** 54 | * Used to indicate where the payload is inserted into the value of an item 55 | * of data within a JSON structure. 56 | */ 57 | static final byte INS_PARAM_JSON = 0x06; 58 | /** 59 | * Used to indicate where the payload is inserted into the value of an AMF 60 | * parameter. 61 | */ 62 | static final byte INS_PARAM_AMF = 0x07; 63 | /** 64 | * Used to indicate where the payload is inserted into the value of an HTTP 65 | * request header. 66 | */ 67 | static final byte INS_HEADER = 0x20; 68 | /** 69 | * Used to indicate where the payload is inserted into a URL path folder. 70 | */ 71 | static final byte INS_URL_PATH_FOLDER = 0x21; 72 | /** 73 | * Used to indicate where the payload is inserted into a URL path folder. 74 | * This is now deprecated; use INS_URL_PATH_FOLDER instead. 75 | */ 76 | @Deprecated 77 | static final byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER; 78 | /** 79 | * Used to indicate where the payload is inserted into the name of an added 80 | * URL parameter. 81 | */ 82 | static final byte INS_PARAM_NAME_URL = 0x22; 83 | /** 84 | * Used to indicate where the payload is inserted into the name of an added 85 | * body parameter. 86 | */ 87 | static final byte INS_PARAM_NAME_BODY = 0x23; 88 | /** 89 | * Used to indicate where the payload is inserted into the body of the HTTP 90 | * request. 91 | */ 92 | static final byte INS_ENTIRE_BODY = 0x24; 93 | /** 94 | * Used to indicate where the payload is inserted into the URL path 95 | * filename. 96 | */ 97 | static final byte INS_URL_PATH_FILENAME = 0x25; 98 | /** 99 | * Used to indicate where the payload is inserted at a location manually 100 | * configured by the user. 101 | */ 102 | static final byte INS_USER_PROVIDED = 0x40; 103 | /** 104 | * Used to indicate where the insertion point is provided by an 105 | * extension-registered 106 | * IScannerInsertionPointProvider. 107 | */ 108 | static final byte INS_EXTENSION_PROVIDED = 0x41; 109 | /** 110 | * Used to indicate where the payload is inserted at an unknown location 111 | * within the request. 112 | */ 113 | static final byte INS_UNKNOWN = 0x7f; 114 | 115 | /** 116 | * This method returns the name of the insertion point. 117 | * 118 | * @return The name of the insertion point (for example, a description of a 119 | * particular request parameter). 120 | */ 121 | String getInsertionPointName(); 122 | 123 | /** 124 | * This method returns the base value for this insertion point. 125 | * 126 | * @return the base value that appears in this insertion point in the base 127 | * request being scanned, or null if there is no value in the 128 | * base request that corresponds to this insertion point. 129 | */ 130 | String getBaseValue(); 131 | 132 | /** 133 | * This method is used to build a request with the specified payload placed 134 | * into the insertion point. There is no requirement for extension-provided 135 | * insertion points to adjust the Content-Length header in requests if the 136 | * body length has changed, although Burp-provided insertion points will 137 | * always do this and will return a request with a valid Content-Length 138 | * header. 139 | * Note: 140 | * Scan checks should submit raw non-encoded payloads to insertion points, 141 | * and the insertion point has responsibility for performing any data 142 | * encoding that is necessary given the nature and location of the insertion 143 | * point. 144 | * 145 | * @param payload The payload that should be placed into the insertion 146 | * point. 147 | * @return The resulting request. 148 | */ 149 | byte[] buildRequest(byte[] payload); 150 | 151 | /** 152 | * This method is used to determine the offsets of the payload value within 153 | * the request, when it is placed into the insertion point. Scan checks may 154 | * invoke this method when reporting issues, so as to highlight the relevant 155 | * part of the request within the UI. 156 | * 157 | * @param payload The payload that should be placed into the insertion 158 | * point. 159 | * @return An int[2] array containing the start and end offsets of the 160 | * payload within the request, or null if this is not applicable (for 161 | * example, where the insertion point places a payload into a serialized 162 | * data structure, the raw payload may not literally appear anywhere within 163 | * the resulting request). 164 | */ 165 | int[] getPayloadOffsets(byte[] payload); 166 | 167 | /** 168 | * This method returns the type of the insertion point. 169 | * 170 | * @return The type of the insertion point. Available types are defined in 171 | * this interface. 172 | */ 173 | byte getInsertionPointType(); 174 | } 175 | -------------------------------------------------------------------------------- /src/simple/JSONValue.java: -------------------------------------------------------------------------------- 1 | /* 2 | * $Id: JSONValue.java,v 1.1 2006/04/15 14:37:04 platform Exp $ 3 | * Created on 2006-4-15 4 | */ 5 | package org.json.simple; 6 | 7 | import java.io.IOException; 8 | import java.io.Reader; 9 | import java.io.StringReader; 10 | import java.io.StringWriter; 11 | import java.io.Writer; 12 | import java.util.Collection; 13 | // import java.util.List; 14 | import java.util.Map; 15 | 16 | import org.json.simple.parser.JSONParser; 17 | import org.json.simple.parser.ParseException; 18 | 19 | 20 | /** 21 | * @author FangYidong 22 | */ 23 | public class JSONValue { 24 | /** 25 | * Parse JSON text into java object from the input source. 26 | * Please use parseWithException() if you don't want to ignore the exception. 27 | * 28 | * @see org.json.simple.parser.JSONParser#parse(Reader) 29 | * @see #parseWithException(Reader) 30 | * 31 | * @param in 32 | * @return Instance of the following: 33 | * org.json.simple.JSONObject, 34 | * org.json.simple.JSONArray, 35 | * java.lang.String, 36 | * java.lang.Number, 37 | * java.lang.Boolean, 38 | * null 39 | * 40 | * @deprecated this method may throw an {@code Error} instead of returning 41 | * {@code null}; please use {@link JSONValue#parseWithException(Reader)} 42 | * instead 43 | */ 44 | public static Object parse(Reader in){ 45 | try{ 46 | JSONParser parser=new JSONParser(); 47 | return parser.parse(in); 48 | } 49 | catch(Exception e){ 50 | return null; 51 | } 52 | } 53 | 54 | /** 55 | * Parse JSON text into java object from the given string. 56 | * Please use parseWithException() if you don't want to ignore the exception. 57 | * 58 | * @see org.json.simple.parser.JSONParser#parse(Reader) 59 | * @see #parseWithException(Reader) 60 | * 61 | * @param s 62 | * @return Instance of the following: 63 | * org.json.simple.JSONObject, 64 | * org.json.simple.JSONArray, 65 | * java.lang.String, 66 | * java.lang.Number, 67 | * java.lang.Boolean, 68 | * null 69 | * 70 | * @deprecated this method may throw an {@code Error} instead of returning 71 | * {@code null}; please use {@link JSONValue#parseWithException(String)} 72 | * instead 73 | */ 74 | public static Object parse(String s){ 75 | StringReader in=new StringReader(s); 76 | return parse(in); 77 | } 78 | 79 | /** 80 | * Parse JSON text into java object from the input source. 81 | * 82 | * @see org.json.simple.parser.JSONParser 83 | * 84 | * @param in 85 | * @return Instance of the following: 86 | * org.json.simple.JSONObject, 87 | * org.json.simple.JSONArray, 88 | * java.lang.String, 89 | * java.lang.Number, 90 | * java.lang.Boolean, 91 | * null 92 | * 93 | * @throws IOException 94 | * @throws ParseException 95 | */ 96 | public static Object parseWithException(Reader in) throws IOException, ParseException{ 97 | JSONParser parser=new JSONParser(); 98 | return parser.parse(in); 99 | } 100 | 101 | public static Object parseWithException(String s) throws ParseException{ 102 | JSONParser parser=new JSONParser(); 103 | return parser.parse(s); 104 | } 105 | 106 | /** 107 | * Encode an object into JSON text and write it to out. 108 | *

109 | * If this object is a Map or a List, and it's also a JSONStreamAware or a JSONAware, JSONStreamAware or JSONAware will be considered firstly. 110 | *

111 | * DO NOT call this method from writeJSONString(Writer) of a class that implements both JSONStreamAware and (Map or List) with 112 | * "this" as the first parameter, use JSONObject.writeJSONString(Map, Writer) or JSONArray.writeJSONString(List, Writer) instead. 113 | * 114 | * @see org.json.simple.JSONObject#writeJSONString(Map, Writer) 115 | * @see org.json.simple.JSONArray#writeJSONString(List, Writer) 116 | * 117 | * @param value 118 | * @param writer 119 | */ 120 | public static void writeJSONString(Object value, Writer out) throws IOException { 121 | if(value == null){ 122 | out.write("null"); 123 | return; 124 | } 125 | 126 | if(value instanceof String){ 127 | out.write('\"'); 128 | out.write(escape((String)value)); 129 | out.write('\"'); 130 | return; 131 | } 132 | 133 | if(value instanceof Double){ 134 | if(((Double)value).isInfinite() || ((Double)value).isNaN()) 135 | out.write("null"); 136 | else 137 | out.write(value.toString()); 138 | return; 139 | } 140 | 141 | if(value instanceof Float){ 142 | if(((Float)value).isInfinite() || ((Float)value).isNaN()) 143 | out.write("null"); 144 | else 145 | out.write(value.toString()); 146 | return; 147 | } 148 | 149 | if(value instanceof Number){ 150 | out.write(value.toString()); 151 | return; 152 | } 153 | 154 | if(value instanceof Boolean){ 155 | out.write(value.toString()); 156 | return; 157 | } 158 | 159 | if((value instanceof JSONStreamAware)){ 160 | ((JSONStreamAware)value).writeJSONString(out); 161 | return; 162 | } 163 | 164 | if((value instanceof JSONAware)){ 165 | out.write(((JSONAware)value).toJSONString()); 166 | return; 167 | } 168 | 169 | if(value instanceof Map){ 170 | JSONObject.writeJSONString((Map)value, out); 171 | return; 172 | } 173 | 174 | if(value instanceof Collection){ 175 | JSONArray.writeJSONString((Collection)value, out); 176 | return; 177 | } 178 | 179 | if(value instanceof byte[]){ 180 | JSONArray.writeJSONString((byte[])value, out); 181 | return; 182 | } 183 | 184 | if(value instanceof short[]){ 185 | JSONArray.writeJSONString((short[])value, out); 186 | return; 187 | } 188 | 189 | if(value instanceof int[]){ 190 | JSONArray.writeJSONString((int[])value, out); 191 | return; 192 | } 193 | 194 | if(value instanceof long[]){ 195 | JSONArray.writeJSONString((long[])value, out); 196 | return; 197 | } 198 | 199 | if(value instanceof float[]){ 200 | JSONArray.writeJSONString((float[])value, out); 201 | return; 202 | } 203 | 204 | if(value instanceof double[]){ 205 | JSONArray.writeJSONString((double[])value, out); 206 | return; 207 | } 208 | 209 | if(value instanceof boolean[]){ 210 | JSONArray.writeJSONString((boolean[])value, out); 211 | return; 212 | } 213 | 214 | if(value instanceof char[]){ 215 | JSONArray.writeJSONString((char[])value, out); 216 | return; 217 | } 218 | 219 | if(value instanceof Object[]){ 220 | JSONArray.writeJSONString((Object[])value, out); 221 | return; 222 | } 223 | 224 | out.write(value.toString()); 225 | } 226 | 227 | /** 228 | * Convert an object to JSON text. 229 | *

230 | * If this object is a Map or a List, and it's also a JSONAware, JSONAware will be considered firstly. 231 | *

232 | * DO NOT call this method from toJSONString() of a class that implements both JSONAware and Map or List with 233 | * "this" as the parameter, use JSONObject.toJSONString(Map) or JSONArray.toJSONString(List) instead. 234 | * 235 | * @see org.json.simple.JSONObject#toJSONString(Map) 236 | * @see org.json.simple.JSONArray#toJSONString(List) 237 | * 238 | * @param value 239 | * @return JSON text, or "null" if value is null or it's an NaN or an INF number. 240 | */ 241 | public static String toJSONString(Object value){ 242 | final StringWriter writer = new StringWriter(); 243 | 244 | try{ 245 | writeJSONString(value, writer); 246 | return writer.toString(); 247 | } catch(IOException e){ 248 | // This should never happen for a StringWriter 249 | throw new RuntimeException(e); 250 | } 251 | } 252 | 253 | /** 254 | * Escape quotes, \, /, \r, \n, \b, \f, \t and other control characters (U+0000 through U+001F). 255 | * @param s 256 | * @return 257 | */ 258 | public static String escape(String s){ 259 | if(s==null) 260 | return null; 261 | StringBuffer sb = new StringBuffer(); 262 | escape(s, sb); 263 | return sb.toString(); 264 | } 265 | 266 | /** 267 | * @param s - Must not be null. 268 | * @param sb 269 | */ 270 | static void escape(String s, StringBuffer sb) { 271 | final int len = s.length(); 272 | for(int i=0;i='\u0000' && ch<='\u001F') || (ch>='\u007F' && ch<='\u009F') || (ch>='\u2000' && ch<='\u20FF')){ 302 | String ss=Integer.toHexString(ch); 303 | sb.append("\\u"); 304 | for(int k=0;k<4-ss.length();k++){ 305 | sb.append('0'); 306 | } 307 | sb.append(ss.toUpperCase()); 308 | } 309 | else{ 310 | sb.append(ch); 311 | } 312 | } 313 | }//for 314 | } 315 | 316 | } 317 | -------------------------------------------------------------------------------- /src/simple/JSONArray.java: -------------------------------------------------------------------------------- 1 | /* 2 | * $Id: JSONArray.java,v 1.1 2006/04/15 14:10:48 platform Exp $ 3 | * Created on 2006-4-10 4 | */ 5 | package org.json.simple; 6 | 7 | import java.io.IOException; 8 | import java.io.StringWriter; 9 | import java.io.Writer; 10 | import java.util.ArrayList; 11 | import java.util.Collection; 12 | import java.util.Iterator; 13 | 14 | /** 15 | * A JSON array. JSONObject supports java.util.List interface. 16 | * 17 | * @author FangYidong 18 | */ 19 | public class JSONArray extends ArrayList implements JSONAware, JSONStreamAware { 20 | private static final long serialVersionUID = 3957988303675231981L; 21 | 22 | /** 23 | * Constructs an empty JSONArray. 24 | */ 25 | public JSONArray(){ 26 | super(); 27 | } 28 | 29 | /** 30 | * Constructs a JSONArray containing the elements of the specified 31 | * collection, in the order they are returned by the collection's iterator. 32 | * 33 | * @param c the collection whose elements are to be placed into this JSONArray 34 | */ 35 | public JSONArray(Collection c){ 36 | super(c); 37 | } 38 | 39 | /** 40 | * Encode a list into JSON text and write it to out. 41 | * If this list is also a JSONStreamAware or a JSONAware, JSONStreamAware and JSONAware specific behaviours will be ignored at this top level. 42 | * 43 | * @see org.json.simple.JSONValue#writeJSONString(Object, Writer) 44 | * 45 | * @param collection 46 | * @param out 47 | */ 48 | public static void writeJSONString(Collection collection, Writer out) throws IOException{ 49 | if(collection == null){ 50 | out.write("null"); 51 | return; 52 | } 53 | 54 | boolean first = true; 55 | Iterator iter=collection.iterator(); 56 | 57 | out.write('['); 58 | while(iter.hasNext()){ 59 | if(first) 60 | first = false; 61 | else 62 | out.write(','); 63 | 64 | Object value=iter.next(); 65 | if(value == null){ 66 | out.write("null"); 67 | continue; 68 | } 69 | 70 | JSONValue.writeJSONString(value, out); 71 | } 72 | out.write(']'); 73 | } 74 | 75 | public void writeJSONString(Writer out) throws IOException{ 76 | writeJSONString(this, out); 77 | } 78 | 79 | /** 80 | * Convert a list to JSON text. The result is a JSON array. 81 | * If this list is also a JSONAware, JSONAware specific behaviours will be omitted at this top level. 82 | * 83 | * @see org.json.simple.JSONValue#toJSONString(Object) 84 | * 85 | * @param collection 86 | * @return JSON text, or "null" if list is null. 87 | */ 88 | public static String toJSONString(Collection collection){ 89 | final StringWriter writer = new StringWriter(); 90 | 91 | try { 92 | writeJSONString(collection, writer); 93 | return writer.toString(); 94 | } catch(IOException e){ 95 | // This should never happen for a StringWriter 96 | throw new RuntimeException(e); 97 | } 98 | } 99 | 100 | public static void writeJSONString(byte[] array, Writer out) throws IOException{ 101 | if(array == null){ 102 | out.write("null"); 103 | } else if(array.length == 0) { 104 | out.write("[]"); 105 | } else { 106 | out.write("["); 107 | out.write(String.valueOf(array[0])); 108 | 109 | for(int i = 1; i < array.length; i++){ 110 | out.write(","); 111 | out.write(String.valueOf(array[i])); 112 | } 113 | 114 | out.write("]"); 115 | } 116 | } 117 | 118 | public static String toJSONString(byte[] array){ 119 | final StringWriter writer = new StringWriter(); 120 | 121 | try { 122 | writeJSONString(array, writer); 123 | return writer.toString(); 124 | } catch(IOException e){ 125 | // This should never happen for a StringWriter 126 | throw new RuntimeException(e); 127 | } 128 | } 129 | 130 | public static void writeJSONString(short[] array, Writer out) throws IOException{ 131 | if(array == null){ 132 | out.write("null"); 133 | } else if(array.length == 0) { 134 | out.write("[]"); 135 | } else { 136 | out.write("["); 137 | out.write(String.valueOf(array[0])); 138 | 139 | for(int i = 1; i < array.length; i++){ 140 | out.write(","); 141 | out.write(String.valueOf(array[i])); 142 | } 143 | 144 | out.write("]"); 145 | } 146 | } 147 | 148 | public static String toJSONString(short[] array){ 149 | final StringWriter writer = new StringWriter(); 150 | 151 | try { 152 | writeJSONString(array, writer); 153 | return writer.toString(); 154 | } catch(IOException e){ 155 | // This should never happen for a StringWriter 156 | throw new RuntimeException(e); 157 | } 158 | } 159 | 160 | public static void writeJSONString(int[] array, Writer out) throws IOException{ 161 | if(array == null){ 162 | out.write("null"); 163 | } else if(array.length == 0) { 164 | out.write("[]"); 165 | } else { 166 | out.write("["); 167 | out.write(String.valueOf(array[0])); 168 | 169 | for(int i = 1; i < array.length; i++){ 170 | out.write(","); 171 | out.write(String.valueOf(array[i])); 172 | } 173 | 174 | out.write("]"); 175 | } 176 | } 177 | 178 | public static String toJSONString(int[] array){ 179 | final StringWriter writer = new StringWriter(); 180 | 181 | try { 182 | writeJSONString(array, writer); 183 | return writer.toString(); 184 | } catch(IOException e){ 185 | // This should never happen for a StringWriter 186 | throw new RuntimeException(e); 187 | } 188 | } 189 | 190 | public static void writeJSONString(long[] array, Writer out) throws IOException{ 191 | if(array == null){ 192 | out.write("null"); 193 | } else if(array.length == 0) { 194 | out.write("[]"); 195 | } else { 196 | out.write("["); 197 | out.write(String.valueOf(array[0])); 198 | 199 | for(int i = 1; i < array.length; i++){ 200 | out.write(","); 201 | out.write(String.valueOf(array[i])); 202 | } 203 | 204 | out.write("]"); 205 | } 206 | } 207 | 208 | public static String toJSONString(long[] array){ 209 | final StringWriter writer = new StringWriter(); 210 | 211 | try { 212 | writeJSONString(array, writer); 213 | return writer.toString(); 214 | } catch(IOException e){ 215 | // This should never happen for a StringWriter 216 | throw new RuntimeException(e); 217 | } 218 | } 219 | 220 | public static void writeJSONString(float[] array, Writer out) throws IOException{ 221 | if(array == null){ 222 | out.write("null"); 223 | } else if(array.length == 0) { 224 | out.write("[]"); 225 | } else { 226 | out.write("["); 227 | out.write(String.valueOf(array[0])); 228 | 229 | for(int i = 1; i < array.length; i++){ 230 | out.write(","); 231 | out.write(String.valueOf(array[i])); 232 | } 233 | 234 | out.write("]"); 235 | } 236 | } 237 | 238 | public static String toJSONString(float[] array){ 239 | final StringWriter writer = new StringWriter(); 240 | 241 | try { 242 | writeJSONString(array, writer); 243 | return writer.toString(); 244 | } catch(IOException e){ 245 | // This should never happen for a StringWriter 246 | throw new RuntimeException(e); 247 | } 248 | } 249 | 250 | public static void writeJSONString(double[] array, Writer out) throws IOException{ 251 | if(array == null){ 252 | out.write("null"); 253 | } else if(array.length == 0) { 254 | out.write("[]"); 255 | } else { 256 | out.write("["); 257 | out.write(String.valueOf(array[0])); 258 | 259 | for(int i = 1; i < array.length; i++){ 260 | out.write(","); 261 | out.write(String.valueOf(array[i])); 262 | } 263 | 264 | out.write("]"); 265 | } 266 | } 267 | 268 | public static String toJSONString(double[] array){ 269 | final StringWriter writer = new StringWriter(); 270 | 271 | try { 272 | writeJSONString(array, writer); 273 | return writer.toString(); 274 | } catch(IOException e){ 275 | // This should never happen for a StringWriter 276 | throw new RuntimeException(e); 277 | } 278 | } 279 | 280 | public static void writeJSONString(boolean[] array, Writer out) throws IOException{ 281 | if(array == null){ 282 | out.write("null"); 283 | } else if(array.length == 0) { 284 | out.write("[]"); 285 | } else { 286 | out.write("["); 287 | out.write(String.valueOf(array[0])); 288 | 289 | for(int i = 1; i < array.length; i++){ 290 | out.write(","); 291 | out.write(String.valueOf(array[i])); 292 | } 293 | 294 | out.write("]"); 295 | } 296 | } 297 | 298 | public static String toJSONString(boolean[] array){ 299 | final StringWriter writer = new StringWriter(); 300 | 301 | try { 302 | writeJSONString(array, writer); 303 | return writer.toString(); 304 | } catch(IOException e){ 305 | // This should never happen for a StringWriter 306 | throw new RuntimeException(e); 307 | } 308 | } 309 | 310 | public static void writeJSONString(char[] array, Writer out) throws IOException{ 311 | if(array == null){ 312 | out.write("null"); 313 | } else if(array.length == 0) { 314 | out.write("[]"); 315 | } else { 316 | out.write("[\""); 317 | out.write(String.valueOf(array[0])); 318 | 319 | for(int i = 1; i < array.length; i++){ 320 | out.write("\",\""); 321 | out.write(String.valueOf(array[i])); 322 | } 323 | 324 | out.write("\"]"); 325 | } 326 | } 327 | 328 | public static String toJSONString(char[] array){ 329 | final StringWriter writer = new StringWriter(); 330 | 331 | try { 332 | writeJSONString(array, writer); 333 | return writer.toString(); 334 | } catch(IOException e){ 335 | // This should never happen for a StringWriter 336 | throw new RuntimeException(e); 337 | } 338 | } 339 | 340 | public static void writeJSONString(Object[] array, Writer out) throws IOException{ 341 | if(array == null){ 342 | out.write("null"); 343 | } else if(array.length == 0) { 344 | out.write("[]"); 345 | } else { 346 | out.write("["); 347 | JSONValue.writeJSONString(array[0], out); 348 | 349 | for(int i = 1; i < array.length; i++){ 350 | out.write(","); 351 | JSONValue.writeJSONString(array[i], out); 352 | } 353 | 354 | out.write("]"); 355 | } 356 | } 357 | 358 | public static String toJSONString(Object[] array){ 359 | final StringWriter writer = new StringWriter(); 360 | 361 | try { 362 | writeJSONString(array, writer); 363 | return writer.toString(); 364 | } catch(IOException e){ 365 | // This should never happen for a StringWriter 366 | throw new RuntimeException(e); 367 | } 368 | } 369 | 370 | public String toJSONString(){ 371 | return toJSONString(this); 372 | } 373 | 374 | /** 375 | * Returns a string representation of this array. This is equivalent to 376 | * calling {@link JSONArray#toJSONString()}. 377 | */ 378 | public String toString() { 379 | return toJSONString(); 380 | } 381 | } 382 | -------------------------------------------------------------------------------- /src/burp/IExtensionHelpers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionHelpers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface contains a number of helper methods, which extensions can use 17 | * to assist with various common tasks that arise for Burp extensions. 18 | * 19 | * Extensions can call IBurpExtenderCallbacks.getHelpers to obtain 20 | * an instance of this interface. 21 | */ 22 | public interface IExtensionHelpers 23 | { 24 | 25 | /** 26 | * This method can be used to analyze an HTTP request, and obtain various 27 | * key details about it. 28 | * 29 | * @param request An IHttpRequestResponse object containing the 30 | * request to be analyzed. 31 | * @return An IRequestInfo object that can be queried to obtain 32 | * details about the request. 33 | */ 34 | IRequestInfo analyzeRequest(IHttpRequestResponse request); 35 | 36 | /** 37 | * This method can be used to analyze an HTTP request, and obtain various 38 | * key details about it. 39 | * 40 | * @param httpService The HTTP service associated with the request. This is 41 | * optional and may be null, in which case the resulting 42 | * IRequestInfo object will not include the full request URL. 43 | * @param request The request to be analyzed. 44 | * @return An IRequestInfo object that can be queried to obtain 45 | * details about the request. 46 | */ 47 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); 48 | 49 | /** 50 | * This method can be used to analyze an HTTP request, and obtain various 51 | * key details about it. The resulting IRequestInfo object will 52 | * not include the full request URL. To obtain the full URL, use one of the 53 | * other overloaded analyzeRequest() methods. 54 | * 55 | * @param request The request to be analyzed. 56 | * @return An IRequestInfo object that can be queried to obtain 57 | * details about the request. 58 | */ 59 | IRequestInfo analyzeRequest(byte[] request); 60 | 61 | /** 62 | * This method can be used to analyze an HTTP response, and obtain various 63 | * key details about it. 64 | * 65 | * @param response The response to be analyzed. 66 | * @return An IResponseInfo object that can be queried to 67 | * obtain details about the response. 68 | */ 69 | IResponseInfo analyzeResponse(byte[] response); 70 | 71 | /** 72 | * This method can be used to retrieve details of a specified parameter 73 | * within an HTTP request. Note: Use analyzeRequest() to 74 | * obtain details of all parameters within the request. 75 | * 76 | * @param request The request to be inspected for the specified parameter. 77 | * @param parameterName The name of the parameter to retrieve. 78 | * @return An IParameter object that can be queried to obtain 79 | * details about the parameter, or null if the parameter was 80 | * not found. 81 | */ 82 | IParameter getRequestParameter(byte[] request, String parameterName); 83 | 84 | /** 85 | * This method can be used to URL-decode the specified data. 86 | * 87 | * @param data The data to be decoded. 88 | * @return The decoded data. 89 | */ 90 | String urlDecode(String data); 91 | 92 | /** 93 | * This method can be used to URL-encode the specified data. Any characters 94 | * that do not need to be encoded within HTTP requests are not encoded. 95 | * 96 | * @param data The data to be encoded. 97 | * @return The encoded data. 98 | */ 99 | String urlEncode(String data); 100 | 101 | /** 102 | * This method can be used to URL-decode the specified data. 103 | * 104 | * @param data The data to be decoded. 105 | * @return The decoded data. 106 | */ 107 | byte[] urlDecode(byte[] data); 108 | 109 | /** 110 | * This method can be used to URL-encode the specified data. Any characters 111 | * that do not need to be encoded within HTTP requests are not encoded. 112 | * 113 | * @param data The data to be encoded. 114 | * @return The encoded data. 115 | */ 116 | byte[] urlEncode(byte[] data); 117 | 118 | /** 119 | * This method can be used to Base64-decode the specified data. 120 | * 121 | * @param data The data to be decoded. 122 | * @return The decoded data. 123 | */ 124 | byte[] base64Decode(String data); 125 | 126 | /** 127 | * This method can be used to Base64-decode the specified data. 128 | * 129 | * @param data The data to be decoded. 130 | * @return The decoded data. 131 | */ 132 | byte[] base64Decode(byte[] data); 133 | 134 | /** 135 | * This method can be used to Base64-encode the specified data. 136 | * 137 | * @param data The data to be encoded. 138 | * @return The encoded data. 139 | */ 140 | String base64Encode(String data); 141 | 142 | /** 143 | * This method can be used to Base64-encode the specified data. 144 | * 145 | * @param data The data to be encoded. 146 | * @return The encoded data. 147 | */ 148 | String base64Encode(byte[] data); 149 | 150 | /** 151 | * This method can be used to convert data from String form into an array of 152 | * bytes. The conversion does not reflect any particular character set, and 153 | * a character with the hex representation 0xWXYZ will always be converted 154 | * into a byte with the representation 0xYZ. It performs the opposite 155 | * conversion to the method bytesToString(), and byte-based 156 | * data that is converted to a String and back again using these two methods 157 | * is guaranteed to retain its integrity (which may not be the case with 158 | * conversions that reflect a given character set). 159 | * 160 | * @param data The data to be converted. 161 | * @return The converted data. 162 | */ 163 | byte[] stringToBytes(String data); 164 | 165 | /** 166 | * This method can be used to convert data from an array of bytes into 167 | * String form. The conversion does not reflect any particular character 168 | * set, and a byte with the representation 0xYZ will always be converted 169 | * into a character with the hex representation 0x00YZ. It performs the 170 | * opposite conversion to the method stringToBytes(), and 171 | * byte-based data that is converted to a String and back again using these 172 | * two methods is guaranteed to retain its integrity (which may not be the 173 | * case with conversions that reflect a given character set). 174 | * 175 | * @param data The data to be converted. 176 | * @return The converted data. 177 | */ 178 | String bytesToString(byte[] data); 179 | 180 | /** 181 | * This method searches a piece of data for the first occurrence of a 182 | * specified pattern. It works on byte-based data in a way that is similar 183 | * to the way the native Java method String.indexOf() works on 184 | * String-based data. 185 | * 186 | * @param data The data to be searched. 187 | * @param pattern The pattern to be searched for. 188 | * @param caseSensitive Flags whether or not the search is case-sensitive. 189 | * @param from The offset within data where the search should 190 | * begin. 191 | * @param to The offset within data where the search should 192 | * end. 193 | * @return The offset of the first occurrence of the pattern within the 194 | * specified bounds, or -1 if no match is found. 195 | */ 196 | int indexOf(byte[] data, 197 | byte[] pattern, 198 | boolean caseSensitive, 199 | int from, 200 | int to); 201 | 202 | /** 203 | * This method builds an HTTP message containing the specified headers and 204 | * message body. If applicable, the Content-Length header will be added or 205 | * updated, based on the length of the body. 206 | * 207 | * @param headers A list of headers to include in the message. 208 | * @param body The body of the message, of null if the message 209 | * has an empty body. 210 | * @return The resulting full HTTP message. 211 | */ 212 | byte[] buildHttpMessage(List headers, byte[] body); 213 | 214 | /** 215 | * This method creates a GET request to the specified URL. The headers used 216 | * in the request are determined by the Request headers settings as 217 | * configured in Burp Spider's options. 218 | * 219 | * @param url The URL to which the request should be made. 220 | * @return A request to the specified URL. 221 | */ 222 | byte[] buildHttpRequest(URL url); 223 | 224 | /** 225 | * This method adds a new parameter to an HTTP request, and if appropriate 226 | * updates the Content-Length header. 227 | * 228 | * @param request The request to which the parameter should be added. 229 | * @param parameter An IParameter object containing details of 230 | * the parameter to be added. Supported parameter types are: 231 | * PARAM_URL, PARAM_BODY and 232 | * PARAM_COOKIE. 233 | * @return A new HTTP request with the new parameter added. 234 | */ 235 | byte[] addParameter(byte[] request, IParameter parameter); 236 | 237 | /** 238 | * This method removes a parameter from an HTTP request, and if appropriate 239 | * updates the Content-Length header. 240 | * 241 | * @param request The request from which the parameter should be removed. 242 | * @param parameter An IParameter object containing details of 243 | * the parameter to be removed. Supported parameter types are: 244 | * PARAM_URL, PARAM_BODY and 245 | * PARAM_COOKIE. 246 | * @return A new HTTP request with the parameter removed. 247 | */ 248 | byte[] removeParameter(byte[] request, IParameter parameter); 249 | 250 | /** 251 | * This method updates the value of a parameter within an HTTP request, and 252 | * if appropriate updates the Content-Length header. Note: This 253 | * method can only be used to update the value of an existing parameter of a 254 | * specified type. If you need to change the type of an existing parameter, 255 | * you should first call removeParameter() to remove the 256 | * parameter with the old type, and then call addParameter() to 257 | * add a parameter with the new type. 258 | * 259 | * @param request The request containing the parameter to be updated. 260 | * @param parameter An IParameter object containing details of 261 | * the parameter to be updated. Supported parameter types are: 262 | * PARAM_URL, PARAM_BODY and 263 | * PARAM_COOKIE. 264 | * @return A new HTTP request with the parameter updated. 265 | */ 266 | byte[] updateParameter(byte[] request, IParameter parameter); 267 | 268 | /** 269 | * This method can be used to toggle a request's method between GET and 270 | * POST. Parameters are relocated between the URL query string and message 271 | * body as required, and the Content-Length header is created or removed as 272 | * applicable. 273 | * 274 | * @param request The HTTP request whose method should be toggled. 275 | * @return A new HTTP request using the toggled method. 276 | */ 277 | byte[] toggleRequestMethod(byte[] request); 278 | 279 | /** 280 | * This method constructs an IHttpService object based on the 281 | * details provided. 282 | * 283 | * @param host The HTTP service host. 284 | * @param port The HTTP service port. 285 | * @param protocol The HTTP service protocol. 286 | * @return An IHttpService object based on the details 287 | * provided. 288 | */ 289 | IHttpService buildHttpService(String host, int port, String protocol); 290 | 291 | /** 292 | * This method constructs an IHttpService object based on the 293 | * details provided. 294 | * 295 | * @param host The HTTP service host. 296 | * @param port The HTTP service port. 297 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. 298 | * @return An IHttpService object based on the details 299 | * provided. 300 | */ 301 | IHttpService buildHttpService(String host, int port, boolean useHttps); 302 | 303 | /** 304 | * This method constructs an IParameter object based on the 305 | * details provided. 306 | * 307 | * @param name The parameter name. 308 | * @param value The parameter value. 309 | * @param type The parameter type, as defined in the IParameter 310 | * interface. 311 | * @return An IParameter object based on the details provided. 312 | */ 313 | IParameter buildParameter(String name, String value, byte type); 314 | 315 | /** 316 | * This method constructs an IScannerInsertionPoint object 317 | * based on the details provided. It can be used to quickly create a simple 318 | * insertion point based on a fixed payload location within a base request. 319 | * 320 | * @param insertionPointName The name of the insertion point. 321 | * @param baseRequest The request from which to build scan requests. 322 | * @param from The offset of the start of the payload location. 323 | * @param to The offset of the end of the payload location. 324 | * @return An IScannerInsertionPoint object based on the 325 | * details provided. 326 | */ 327 | IScannerInsertionPoint makeScannerInsertionPoint( 328 | String insertionPointName, 329 | byte[] baseRequest, 330 | int from, 331 | int to); 332 | 333 | /** 334 | * This method analyzes one or more responses to identify variations in a 335 | * number of attributes and returns an IResponseVariations 336 | * object that can be queried to obtain details of the variations. 337 | * 338 | * @param responses The responses to analyze. 339 | * @return An IResponseVariations object representing the 340 | * variations in the responses. 341 | */ 342 | IResponseVariations analyzeResponseVariations(byte[]... responses); 343 | 344 | /** 345 | * This method analyzes one or more responses to identify the number of 346 | * occurrences of the specified keywords and returns an 347 | * IResponseKeywords object that can be queried to obtain 348 | * details of the number of occurrences of each keyword. 349 | * 350 | * @param keywords The keywords to look for. 351 | * @param responses The responses to analyze. 352 | * @return An IResponseKeywords object representing the counts 353 | * of the keywords appearing in the responses. 354 | */ 355 | IResponseKeywords analyzeResponseKeywords(List keywords, byte[]... responses); 356 | } 357 | -------------------------------------------------------------------------------- /src/simple/parser/JSONParser.java: -------------------------------------------------------------------------------- 1 | /* 2 | * $Id: JSONParser.java,v 1.1 2006/04/15 14:10:48 platform Exp $ 3 | * Created on 2006-4-15 4 | */ 5 | package org.json.simple.parser; 6 | 7 | import java.io.IOException; 8 | import java.io.Reader; 9 | import java.io.StringReader; 10 | import java.util.LinkedList; 11 | import java.util.List; 12 | import java.util.Map; 13 | 14 | import org.json.simple.JSONArray; 15 | import org.json.simple.JSONObject; 16 | 17 | 18 | /** 19 | * Parser for JSON text. Please note that JSONParser is NOT thread-safe. 20 | * 21 | * @author FangYidong 22 | */ 23 | public class JSONParser { 24 | public static final int S_INIT=0; 25 | public static final int S_IN_FINISHED_VALUE=1;//string,number,boolean,null,object,array 26 | public static final int S_IN_OBJECT=2; 27 | public static final int S_IN_ARRAY=3; 28 | public static final int S_PASSED_PAIR_KEY=4; 29 | public static final int S_IN_PAIR_VALUE=5; 30 | public static final int S_END=6; 31 | public static final int S_IN_ERROR=-1; 32 | 33 | private LinkedList handlerStatusStack; 34 | private Yylex lexer = new Yylex((Reader)null); 35 | private Yytoken token = null; 36 | private int status = S_INIT; 37 | 38 | private int peekStatus(LinkedList statusStack){ 39 | if(statusStack.size()==0) 40 | return -1; 41 | Integer status=(Integer)statusStack.getFirst(); 42 | return status.intValue(); 43 | } 44 | 45 | /** 46 | * Reset the parser to the initial state without resetting the underlying reader. 47 | * 48 | */ 49 | public void reset(){ 50 | token = null; 51 | status = S_INIT; 52 | handlerStatusStack = null; 53 | } 54 | 55 | /** 56 | * Reset the parser to the initial state with a new character reader. 57 | * 58 | * @param in - The new character reader. 59 | * @throws IOException 60 | * @throws ParseException 61 | */ 62 | public void reset(Reader in){ 63 | lexer.yyreset(in); 64 | reset(); 65 | } 66 | 67 | /** 68 | * @return The position of the beginning of the current token. 69 | */ 70 | public int getPosition(){ 71 | return lexer.getPosition(); 72 | } 73 | 74 | public Object parse(String s) throws ParseException{ 75 | return parse(s, (ContainerFactory)null); 76 | } 77 | 78 | public Object parse(String s, ContainerFactory containerFactory) throws ParseException{ 79 | StringReader in=new StringReader(s); 80 | try{ 81 | return parse(in, containerFactory); 82 | } 83 | catch(IOException ie){ 84 | /* 85 | * Actually it will never happen. 86 | */ 87 | throw new ParseException(-1, ParseException.ERROR_UNEXPECTED_EXCEPTION, ie); 88 | } 89 | } 90 | 91 | public Object parse(Reader in) throws IOException, ParseException{ 92 | return parse(in, (ContainerFactory)null); 93 | } 94 | 95 | /** 96 | * Parse JSON text into java object from the input source. 97 | * 98 | * @param in 99 | * @param containerFactory - Use this factory to createyour own JSON object and JSON array containers. 100 | * @return Instance of the following: 101 | * org.json.simple.JSONObject, 102 | * org.json.simple.JSONArray, 103 | * java.lang.String, 104 | * java.lang.Number, 105 | * java.lang.Boolean, 106 | * null 107 | * 108 | * @throws IOException 109 | * @throws ParseException 110 | */ 111 | public Object parse(Reader in, ContainerFactory containerFactory) throws IOException, ParseException{ 112 | reset(in); 113 | LinkedList statusStack = new LinkedList(); 114 | LinkedList valueStack = new LinkedList(); 115 | 116 | try{ 117 | do{ 118 | nextToken(); 119 | switch(status){ 120 | case S_INIT: 121 | switch(token.type){ 122 | case Yytoken.TYPE_VALUE: 123 | status=S_IN_FINISHED_VALUE; 124 | statusStack.addFirst(new Integer(status)); 125 | valueStack.addFirst(token.value); 126 | break; 127 | case Yytoken.TYPE_LEFT_BRACE: 128 | status=S_IN_OBJECT; 129 | statusStack.addFirst(new Integer(status)); 130 | valueStack.addFirst(createObjectContainer(containerFactory)); 131 | break; 132 | case Yytoken.TYPE_LEFT_SQUARE: 133 | status=S_IN_ARRAY; 134 | statusStack.addFirst(new Integer(status)); 135 | valueStack.addFirst(createArrayContainer(containerFactory)); 136 | break; 137 | default: 138 | status=S_IN_ERROR; 139 | }//inner switch 140 | break; 141 | 142 | case S_IN_FINISHED_VALUE: 143 | if(token.type==Yytoken.TYPE_EOF) 144 | return valueStack.removeFirst(); 145 | else 146 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 147 | 148 | case S_IN_OBJECT: 149 | switch(token.type){ 150 | case Yytoken.TYPE_COMMA: 151 | break; 152 | case Yytoken.TYPE_VALUE: 153 | if(token.value instanceof String){ 154 | String key=(String)token.value; 155 | valueStack.addFirst(key); 156 | status=S_PASSED_PAIR_KEY; 157 | statusStack.addFirst(new Integer(status)); 158 | } 159 | else{ 160 | status=S_IN_ERROR; 161 | } 162 | break; 163 | case Yytoken.TYPE_RIGHT_BRACE: 164 | if(valueStack.size()>1){ 165 | statusStack.removeFirst(); 166 | valueStack.removeFirst(); 167 | status=peekStatus(statusStack); 168 | } 169 | else{ 170 | status=S_IN_FINISHED_VALUE; 171 | } 172 | break; 173 | default: 174 | status=S_IN_ERROR; 175 | break; 176 | }//inner switch 177 | break; 178 | 179 | case S_PASSED_PAIR_KEY: 180 | switch(token.type){ 181 | case Yytoken.TYPE_COLON: 182 | break; 183 | case Yytoken.TYPE_VALUE: 184 | statusStack.removeFirst(); 185 | String key=(String)valueStack.removeFirst(); 186 | Map parent=(Map)valueStack.getFirst(); 187 | parent.put(key,token.value); 188 | status=peekStatus(statusStack); 189 | break; 190 | case Yytoken.TYPE_LEFT_SQUARE: 191 | statusStack.removeFirst(); 192 | key=(String)valueStack.removeFirst(); 193 | parent=(Map)valueStack.getFirst(); 194 | List newArray=createArrayContainer(containerFactory); 195 | parent.put(key,newArray); 196 | status=S_IN_ARRAY; 197 | statusStack.addFirst(new Integer(status)); 198 | valueStack.addFirst(newArray); 199 | break; 200 | case Yytoken.TYPE_LEFT_BRACE: 201 | statusStack.removeFirst(); 202 | key=(String)valueStack.removeFirst(); 203 | parent=(Map)valueStack.getFirst(); 204 | Map newObject=createObjectContainer(containerFactory); 205 | parent.put(key,newObject); 206 | status=S_IN_OBJECT; 207 | statusStack.addFirst(new Integer(status)); 208 | valueStack.addFirst(newObject); 209 | break; 210 | default: 211 | status=S_IN_ERROR; 212 | } 213 | break; 214 | 215 | case S_IN_ARRAY: 216 | switch(token.type){ 217 | case Yytoken.TYPE_COMMA: 218 | break; 219 | case Yytoken.TYPE_VALUE: 220 | List val=(List)valueStack.getFirst(); 221 | val.add(token.value); 222 | break; 223 | case Yytoken.TYPE_RIGHT_SQUARE: 224 | if(valueStack.size()>1){ 225 | statusStack.removeFirst(); 226 | valueStack.removeFirst(); 227 | status=peekStatus(statusStack); 228 | } 229 | else{ 230 | status=S_IN_FINISHED_VALUE; 231 | } 232 | break; 233 | case Yytoken.TYPE_LEFT_BRACE: 234 | val=(List)valueStack.getFirst(); 235 | Map newObject=createObjectContainer(containerFactory); 236 | val.add(newObject); 237 | status=S_IN_OBJECT; 238 | statusStack.addFirst(new Integer(status)); 239 | valueStack.addFirst(newObject); 240 | break; 241 | case Yytoken.TYPE_LEFT_SQUARE: 242 | val=(List)valueStack.getFirst(); 243 | List newArray=createArrayContainer(containerFactory); 244 | val.add(newArray); 245 | status=S_IN_ARRAY; 246 | statusStack.addFirst(new Integer(status)); 247 | valueStack.addFirst(newArray); 248 | break; 249 | default: 250 | status=S_IN_ERROR; 251 | }//inner switch 252 | break; 253 | case S_IN_ERROR: 254 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 255 | }//switch 256 | if(status==S_IN_ERROR){ 257 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 258 | } 259 | }while(token.type!=Yytoken.TYPE_EOF); 260 | } 261 | catch(IOException ie){ 262 | throw ie; 263 | } 264 | 265 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 266 | } 267 | 268 | private void nextToken() throws ParseException, IOException{ 269 | token = lexer.yylex(); 270 | if(token == null) 271 | token = new Yytoken(Yytoken.TYPE_EOF, null); 272 | } 273 | 274 | private Map createObjectContainer(ContainerFactory containerFactory){ 275 | if(containerFactory == null) 276 | return new JSONObject(); 277 | Map m = containerFactory.createObjectContainer(); 278 | 279 | if(m == null) 280 | return new JSONObject(); 281 | return m; 282 | } 283 | 284 | private List createArrayContainer(ContainerFactory containerFactory){ 285 | if(containerFactory == null) 286 | return new JSONArray(); 287 | List l = containerFactory.creatArrayContainer(); 288 | 289 | if(l == null) 290 | return new JSONArray(); 291 | return l; 292 | } 293 | 294 | public void parse(String s, ContentHandler contentHandler) throws ParseException{ 295 | parse(s, contentHandler, false); 296 | } 297 | 298 | public void parse(String s, ContentHandler contentHandler, boolean isResume) throws ParseException{ 299 | StringReader in=new StringReader(s); 300 | try{ 301 | parse(in, contentHandler, isResume); 302 | } 303 | catch(IOException ie){ 304 | /* 305 | * Actually it will never happen. 306 | */ 307 | throw new ParseException(-1, ParseException.ERROR_UNEXPECTED_EXCEPTION, ie); 308 | } 309 | } 310 | 311 | public void parse(Reader in, ContentHandler contentHandler) throws IOException, ParseException{ 312 | parse(in, contentHandler, false); 313 | } 314 | 315 | /** 316 | * Stream processing of JSON text. 317 | * 318 | * @see ContentHandler 319 | * 320 | * @param in 321 | * @param contentHandler 322 | * @param isResume - Indicates if it continues previous parsing operation. 323 | * If set to true, resume parsing the old stream, and parameter 'in' will be ignored. 324 | * If this method is called for the first time in this instance, isResume will be ignored. 325 | * 326 | * @throws IOException 327 | * @throws ParseException 328 | */ 329 | public void parse(Reader in, ContentHandler contentHandler, boolean isResume) throws IOException, ParseException{ 330 | if(!isResume){ 331 | reset(in); 332 | handlerStatusStack = new LinkedList(); 333 | } 334 | else{ 335 | if(handlerStatusStack == null){ 336 | isResume = false; 337 | reset(in); 338 | handlerStatusStack = new LinkedList(); 339 | } 340 | } 341 | 342 | LinkedList statusStack = handlerStatusStack; 343 | 344 | try{ 345 | do{ 346 | switch(status){ 347 | case S_INIT: 348 | contentHandler.startJSON(); 349 | nextToken(); 350 | switch(token.type){ 351 | case Yytoken.TYPE_VALUE: 352 | status=S_IN_FINISHED_VALUE; 353 | statusStack.addFirst(new Integer(status)); 354 | if(!contentHandler.primitive(token.value)) 355 | return; 356 | break; 357 | case Yytoken.TYPE_LEFT_BRACE: 358 | status=S_IN_OBJECT; 359 | statusStack.addFirst(new Integer(status)); 360 | if(!contentHandler.startObject()) 361 | return; 362 | break; 363 | case Yytoken.TYPE_LEFT_SQUARE: 364 | status=S_IN_ARRAY; 365 | statusStack.addFirst(new Integer(status)); 366 | if(!contentHandler.startArray()) 367 | return; 368 | break; 369 | default: 370 | status=S_IN_ERROR; 371 | }//inner switch 372 | break; 373 | 374 | case S_IN_FINISHED_VALUE: 375 | nextToken(); 376 | if(token.type==Yytoken.TYPE_EOF){ 377 | contentHandler.endJSON(); 378 | status = S_END; 379 | return; 380 | } 381 | else{ 382 | status = S_IN_ERROR; 383 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 384 | } 385 | 386 | case S_IN_OBJECT: 387 | nextToken(); 388 | switch(token.type){ 389 | case Yytoken.TYPE_COMMA: 390 | break; 391 | case Yytoken.TYPE_VALUE: 392 | if(token.value instanceof String){ 393 | String key=(String)token.value; 394 | status=S_PASSED_PAIR_KEY; 395 | statusStack.addFirst(new Integer(status)); 396 | if(!contentHandler.startObjectEntry(key)) 397 | return; 398 | } 399 | else{ 400 | status=S_IN_ERROR; 401 | } 402 | break; 403 | case Yytoken.TYPE_RIGHT_BRACE: 404 | if(statusStack.size()>1){ 405 | statusStack.removeFirst(); 406 | status=peekStatus(statusStack); 407 | } 408 | else{ 409 | status=S_IN_FINISHED_VALUE; 410 | } 411 | if(!contentHandler.endObject()) 412 | return; 413 | break; 414 | default: 415 | status=S_IN_ERROR; 416 | break; 417 | }//inner switch 418 | break; 419 | 420 | case S_PASSED_PAIR_KEY: 421 | nextToken(); 422 | switch(token.type){ 423 | case Yytoken.TYPE_COLON: 424 | break; 425 | case Yytoken.TYPE_VALUE: 426 | statusStack.removeFirst(); 427 | status=peekStatus(statusStack); 428 | if(!contentHandler.primitive(token.value)) 429 | return; 430 | if(!contentHandler.endObjectEntry()) 431 | return; 432 | break; 433 | case Yytoken.TYPE_LEFT_SQUARE: 434 | statusStack.removeFirst(); 435 | statusStack.addFirst(new Integer(S_IN_PAIR_VALUE)); 436 | status=S_IN_ARRAY; 437 | statusStack.addFirst(new Integer(status)); 438 | if(!contentHandler.startArray()) 439 | return; 440 | break; 441 | case Yytoken.TYPE_LEFT_BRACE: 442 | statusStack.removeFirst(); 443 | statusStack.addFirst(new Integer(S_IN_PAIR_VALUE)); 444 | status=S_IN_OBJECT; 445 | statusStack.addFirst(new Integer(status)); 446 | if(!contentHandler.startObject()) 447 | return; 448 | break; 449 | default: 450 | status=S_IN_ERROR; 451 | } 452 | break; 453 | 454 | case S_IN_PAIR_VALUE: 455 | /* 456 | * S_IN_PAIR_VALUE is just a marker to indicate the end of an object entry, it doesn't proccess any token, 457 | * therefore delay consuming token until next round. 458 | */ 459 | statusStack.removeFirst(); 460 | status = peekStatus(statusStack); 461 | if(!contentHandler.endObjectEntry()) 462 | return; 463 | break; 464 | 465 | case S_IN_ARRAY: 466 | nextToken(); 467 | switch(token.type){ 468 | case Yytoken.TYPE_COMMA: 469 | break; 470 | case Yytoken.TYPE_VALUE: 471 | if(!contentHandler.primitive(token.value)) 472 | return; 473 | break; 474 | case Yytoken.TYPE_RIGHT_SQUARE: 475 | if(statusStack.size()>1){ 476 | statusStack.removeFirst(); 477 | status=peekStatus(statusStack); 478 | } 479 | else{ 480 | status=S_IN_FINISHED_VALUE; 481 | } 482 | if(!contentHandler.endArray()) 483 | return; 484 | break; 485 | case Yytoken.TYPE_LEFT_BRACE: 486 | status=S_IN_OBJECT; 487 | statusStack.addFirst(new Integer(status)); 488 | if(!contentHandler.startObject()) 489 | return; 490 | break; 491 | case Yytoken.TYPE_LEFT_SQUARE: 492 | status=S_IN_ARRAY; 493 | statusStack.addFirst(new Integer(status)); 494 | if(!contentHandler.startArray()) 495 | return; 496 | break; 497 | default: 498 | status=S_IN_ERROR; 499 | }//inner switch 500 | break; 501 | 502 | case S_END: 503 | return; 504 | 505 | case S_IN_ERROR: 506 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 507 | }//switch 508 | if(status==S_IN_ERROR){ 509 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 510 | } 511 | }while(token.type!=Yytoken.TYPE_EOF); 512 | } 513 | catch(IOException ie){ 514 | status = S_IN_ERROR; 515 | throw ie; 516 | } 517 | catch(ParseException pe){ 518 | status = S_IN_ERROR; 519 | throw pe; 520 | } 521 | catch(RuntimeException re){ 522 | status = S_IN_ERROR; 523 | throw re; 524 | } 525 | catch(Error e){ 526 | status = S_IN_ERROR; 527 | throw e; 528 | } 529 | 530 | status = S_IN_ERROR; 531 | throw new ParseException(getPosition(), ParseException.ERROR_UNEXPECTED_TOKEN, token); 532 | } 533 | } 534 | -------------------------------------------------------------------------------- /src/simple/parser/Yylex.java: -------------------------------------------------------------------------------- 1 | /* The following code was generated by JFlex 1.4.2 */ 2 | 3 | package org.json.simple.parser; 4 | 5 | class Yylex { 6 | 7 | /** This character denotes the end of file */ 8 | public static final int YYEOF = -1; 9 | 10 | /** initial size of the lookahead buffer */ 11 | private static final int ZZ_BUFFERSIZE = 16384; 12 | 13 | /** lexical states */ 14 | public static final int YYINITIAL = 0; 15 | public static final int STRING_BEGIN = 2; 16 | 17 | /** 18 | * ZZ_LEXSTATE[l] is the state in the DFA for the lexical state l 19 | * ZZ_LEXSTATE[l+1] is the state in the DFA for the lexical state l 20 | * at the beginning of a line 21 | * l is of the form l = 2*k, k a non negative integer 22 | */ 23 | private static final int ZZ_LEXSTATE[] = { 24 | 0, 0, 1, 1 25 | }; 26 | 27 | /** 28 | * Translates characters to character classes 29 | */ 30 | private static final String ZZ_CMAP_PACKED = 31 | "\11\0\1\7\1\7\2\0\1\7\22\0\1\7\1\0\1\11\10\0"+ 32 | "\1\6\1\31\1\2\1\4\1\12\12\3\1\32\6\0\4\1\1\5"+ 33 | "\1\1\24\0\1\27\1\10\1\30\3\0\1\22\1\13\2\1\1\21"+ 34 | "\1\14\5\0\1\23\1\0\1\15\3\0\1\16\1\24\1\17\1\20"+ 35 | "\5\0\1\25\1\0\1\26\uff82\0"; 36 | 37 | /** 38 | * Translates characters to character classes 39 | */ 40 | private static final char [] ZZ_CMAP = zzUnpackCMap(ZZ_CMAP_PACKED); 41 | 42 | /** 43 | * Translates DFA states to action switch labels. 44 | */ 45 | private static final int [] ZZ_ACTION = zzUnpackAction(); 46 | 47 | private static final String ZZ_ACTION_PACKED_0 = 48 | "\2\0\2\1\1\2\1\3\1\4\3\1\1\5\1\6"+ 49 | "\1\7\1\10\1\11\1\12\1\13\1\14\1\15\5\0"+ 50 | "\1\14\1\16\1\17\1\20\1\21\1\22\1\23\1\24"+ 51 | "\1\0\1\25\1\0\1\25\4\0\1\26\1\27\2\0"+ 52 | "\1\30"; 53 | 54 | private static int [] zzUnpackAction() { 55 | int [] result = new int[45]; 56 | int offset = 0; 57 | offset = zzUnpackAction(ZZ_ACTION_PACKED_0, offset, result); 58 | return result; 59 | } 60 | 61 | private static int zzUnpackAction(String packed, int offset, int [] result) { 62 | int i = 0; /* index in packed string */ 63 | int j = offset; /* index in unpacked array */ 64 | int l = packed.length(); 65 | while (i < l) { 66 | int count = packed.charAt(i++); 67 | int value = packed.charAt(i++); 68 | do result[j++] = value; while (--count > 0); 69 | } 70 | return j; 71 | } 72 | 73 | 74 | /** 75 | * Translates a state to a row index in the transition table 76 | */ 77 | private static final int [] ZZ_ROWMAP = zzUnpackRowMap(); 78 | 79 | private static final String ZZ_ROWMAP_PACKED_0 = 80 | "\0\0\0\33\0\66\0\121\0\154\0\207\0\66\0\242"+ 81 | "\0\275\0\330\0\66\0\66\0\66\0\66\0\66\0\66"+ 82 | "\0\363\0\u010e\0\66\0\u0129\0\u0144\0\u015f\0\u017a\0\u0195"+ 83 | "\0\66\0\66\0\66\0\66\0\66\0\66\0\66\0\66"+ 84 | "\0\u01b0\0\u01cb\0\u01e6\0\u01e6\0\u0201\0\u021c\0\u0237\0\u0252"+ 85 | "\0\66\0\66\0\u026d\0\u0288\0\66"; 86 | 87 | private static int [] zzUnpackRowMap() { 88 | int [] result = new int[45]; 89 | int offset = 0; 90 | offset = zzUnpackRowMap(ZZ_ROWMAP_PACKED_0, offset, result); 91 | return result; 92 | } 93 | 94 | private static int zzUnpackRowMap(String packed, int offset, int [] result) { 95 | int i = 0; /* index in packed string */ 96 | int j = offset; /* index in unpacked array */ 97 | int l = packed.length(); 98 | while (i < l) { 99 | int high = packed.charAt(i++) << 16; 100 | result[j++] = high | packed.charAt(i++); 101 | } 102 | return j; 103 | } 104 | 105 | /** 106 | * The transition table of the DFA 107 | */ 108 | private static final int ZZ_TRANS [] = { 109 | 2, 2, 3, 4, 2, 2, 2, 5, 2, 6, 110 | 2, 2, 7, 8, 2, 9, 2, 2, 2, 2, 111 | 2, 10, 11, 12, 13, 14, 15, 16, 16, 16, 112 | 16, 16, 16, 16, 16, 17, 18, 16, 16, 16, 113 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 114 | 16, 16, 16, 16, -1, -1, -1, -1, -1, -1, 115 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 117 | -1, -1, -1, -1, 4, -1, -1, -1, -1, -1, 118 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 119 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 120 | -1, 4, 19, 20, -1, -1, -1, -1, -1, -1, 121 | -1, -1, -1, -1, -1, 20, -1, -1, -1, -1, 122 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 123 | -1, -1, 5, -1, -1, -1, -1, -1, -1, -1, 124 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 125 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 126 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 127 | 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 128 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 129 | -1, -1, -1, -1, -1, 22, -1, -1, -1, -1, 130 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 131 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 132 | 23, -1, -1, -1, -1, -1, -1, -1, -1, -1, 133 | -1, -1, -1, 16, 16, 16, 16, 16, 16, 16, 134 | 16, -1, -1, 16, 16, 16, 16, 16, 16, 16, 135 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 136 | -1, -1, -1, -1, -1, -1, -1, -1, 24, 25, 137 | 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, 138 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 139 | 33, -1, -1, -1, -1, -1, -1, -1, -1, -1, 140 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 141 | -1, -1, -1, -1, -1, -1, 34, 35, -1, -1, 142 | 34, -1, -1, -1, -1, -1, -1, -1, -1, -1, 143 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 144 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 145 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 146 | 36, -1, -1, -1, -1, -1, -1, -1, -1, -1, 147 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 148 | -1, -1, -1, -1, -1, -1, -1, 37, -1, -1, 149 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 150 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 151 | -1, 38, -1, -1, -1, -1, -1, -1, -1, -1, 152 | -1, -1, -1, 39, -1, 39, -1, 39, -1, -1, 153 | -1, -1, -1, 39, 39, -1, -1, -1, -1, 39, 154 | 39, -1, -1, -1, -1, -1, -1, -1, -1, -1, 155 | -1, -1, 33, -1, 20, -1, -1, -1, -1, -1, 156 | -1, -1, -1, -1, -1, -1, 20, -1, -1, -1, 157 | -1, -1, -1, -1, -1, -1, -1, -1, -1, 35, 158 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 159 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 160 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 161 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 162 | -1, -1, -1, 38, -1, -1, -1, -1, -1, -1, 163 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 164 | -1, -1, -1, -1, -1, -1, -1, -1, -1, 40, 165 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 166 | -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 167 | -1, -1, -1, -1, 41, -1, -1, -1, -1, -1, 168 | -1, -1, -1, -1, -1, 42, -1, 42, -1, 42, 169 | -1, -1, -1, -1, -1, 42, 42, -1, -1, -1, 170 | -1, 42, 42, -1, -1, -1, -1, -1, -1, -1, 171 | -1, -1, 43, -1, 43, -1, 43, -1, -1, -1, 172 | -1, -1, 43, 43, -1, -1, -1, -1, 43, 43, 173 | -1, -1, -1, -1, -1, -1, -1, -1, -1, 44, 174 | -1, 44, -1, 44, -1, -1, -1, -1, -1, 44, 175 | 44, -1, -1, -1, -1, 44, 44, -1, -1, -1, 176 | -1, -1, -1, -1, -1, 177 | }; 178 | 179 | /* error codes */ 180 | private static final int ZZ_UNKNOWN_ERROR = 0; 181 | private static final int ZZ_NO_MATCH = 1; 182 | private static final int ZZ_PUSHBACK_2BIG = 2; 183 | 184 | /* error messages for the codes above */ 185 | private static final String ZZ_ERROR_MSG[] = { 186 | "Unkown internal scanner error", 187 | "Error: could not match input", 188 | "Error: pushback value was too large" 189 | }; 190 | 191 | /** 192 | * ZZ_ATTRIBUTE[aState] contains the attributes of state aState 193 | */ 194 | private static final int [] ZZ_ATTRIBUTE = zzUnpackAttribute(); 195 | 196 | private static final String ZZ_ATTRIBUTE_PACKED_0 = 197 | "\2\0\1\11\3\1\1\11\3\1\6\11\2\1\1\11"+ 198 | "\5\0\10\11\1\0\1\1\1\0\1\1\4\0\2\11"+ 199 | "\2\0\1\11"; 200 | 201 | private static int [] zzUnpackAttribute() { 202 | int [] result = new int[45]; 203 | int offset = 0; 204 | offset = zzUnpackAttribute(ZZ_ATTRIBUTE_PACKED_0, offset, result); 205 | return result; 206 | } 207 | 208 | private static int zzUnpackAttribute(String packed, int offset, int [] result) { 209 | int i = 0; /* index in packed string */ 210 | int j = offset; /* index in unpacked array */ 211 | int l = packed.length(); 212 | while (i < l) { 213 | int count = packed.charAt(i++); 214 | int value = packed.charAt(i++); 215 | do result[j++] = value; while (--count > 0); 216 | } 217 | return j; 218 | } 219 | 220 | /** the input device */ 221 | private java.io.Reader zzReader; 222 | 223 | /** the current state of the DFA */ 224 | private int zzState; 225 | 226 | /** the current lexical state */ 227 | private int zzLexicalState = YYINITIAL; 228 | 229 | /** this buffer contains the current text to be matched and is 230 | the source of the yytext() string */ 231 | private char zzBuffer[] = new char[ZZ_BUFFERSIZE]; 232 | 233 | /** the textposition at the last accepting state */ 234 | private int zzMarkedPos; 235 | 236 | /** the current text position in the buffer */ 237 | private int zzCurrentPos; 238 | 239 | /** startRead marks the beginning of the yytext() string in the buffer */ 240 | private int zzStartRead; 241 | 242 | /** endRead marks the last character in the buffer, that has been read 243 | from input */ 244 | private int zzEndRead; 245 | 246 | /** number of newlines encountered up to the start of the matched text */ 247 | private int yyline; 248 | 249 | /** the number of characters up to the start of the matched text */ 250 | private int yychar; 251 | 252 | /** 253 | * the number of characters from the last newline up to the start of the 254 | * matched text 255 | */ 256 | private int yycolumn; 257 | 258 | /** 259 | * zzAtBOL == true <=> the scanner is currently at the beginning of a line 260 | */ 261 | private boolean zzAtBOL = true; 262 | 263 | /** zzAtEOF == true <=> the scanner is at the EOF */ 264 | private boolean zzAtEOF; 265 | 266 | /* user code: */ 267 | private StringBuffer sb=new StringBuffer(); 268 | 269 | int getPosition(){ 270 | return yychar; 271 | } 272 | 273 | 274 | 275 | /** 276 | * Creates a new scanner 277 | * There is also a java.io.InputStream version of this constructor. 278 | * 279 | * @param in the java.io.Reader to read input from. 280 | */ 281 | Yylex(java.io.Reader in) { 282 | this.zzReader = in; 283 | } 284 | 285 | /** 286 | * Creates a new scanner. 287 | * There is also java.io.Reader version of this constructor. 288 | * 289 | * @param in the java.io.Inputstream to read input from. 290 | */ 291 | Yylex(java.io.InputStream in) { 292 | this(new java.io.InputStreamReader(in)); 293 | } 294 | 295 | /** 296 | * Unpacks the compressed character translation table. 297 | * 298 | * @param packed the packed character translation table 299 | * @return the unpacked character translation table 300 | */ 301 | private static char [] zzUnpackCMap(String packed) { 302 | char [] map = new char[0x10000]; 303 | int i = 0; /* index in packed string */ 304 | int j = 0; /* index in unpacked array */ 305 | while (i < 90) { 306 | int count = packed.charAt(i++); 307 | char value = packed.charAt(i++); 308 | do map[j++] = value; while (--count > 0); 309 | } 310 | return map; 311 | } 312 | 313 | 314 | /** 315 | * Refills the input buffer. 316 | * 317 | * @return false, iff there was new input. 318 | * 319 | * @exception java.io.IOException if any I/O-Error occurs 320 | */ 321 | private boolean zzRefill() throws java.io.IOException { 322 | 323 | /* first: make room (if you can) */ 324 | if (zzStartRead > 0) { 325 | System.arraycopy(zzBuffer, zzStartRead, 326 | zzBuffer, 0, 327 | zzEndRead-zzStartRead); 328 | 329 | /* translate stored positions */ 330 | zzEndRead-= zzStartRead; 331 | zzCurrentPos-= zzStartRead; 332 | zzMarkedPos-= zzStartRead; 333 | zzStartRead = 0; 334 | } 335 | 336 | /* is the buffer big enough? */ 337 | if (zzCurrentPos >= zzBuffer.length) { 338 | /* if not: blow it up */ 339 | char newBuffer[] = new char[zzCurrentPos*2]; 340 | System.arraycopy(zzBuffer, 0, newBuffer, 0, zzBuffer.length); 341 | zzBuffer = newBuffer; 342 | } 343 | 344 | /* finally: fill the buffer with new input */ 345 | int numRead = zzReader.read(zzBuffer, zzEndRead, 346 | zzBuffer.length-zzEndRead); 347 | 348 | if (numRead > 0) { 349 | zzEndRead+= numRead; 350 | return false; 351 | } 352 | // unlikely but not impossible: read 0 characters, but not at end of stream 353 | if (numRead == 0) { 354 | int c = zzReader.read(); 355 | if (c == -1) { 356 | return true; 357 | } else { 358 | zzBuffer[zzEndRead++] = (char) c; 359 | return false; 360 | } 361 | } 362 | 363 | // numRead < 0 364 | return true; 365 | } 366 | 367 | 368 | /** 369 | * Closes the input stream. 370 | */ 371 | public final void yyclose() throws java.io.IOException { 372 | zzAtEOF = true; /* indicate end of file */ 373 | zzEndRead = zzStartRead; /* invalidate buffer */ 374 | 375 | if (zzReader != null) 376 | zzReader.close(); 377 | } 378 | 379 | 380 | /** 381 | * Resets the scanner to read from a new input stream. 382 | * Does not close the old reader. 383 | * 384 | * All internal variables are reset, the old input stream 385 | * cannot be reused (internal buffer is discarded and lost). 386 | * Lexical state is set to ZZ_INITIAL. 387 | * 388 | * @param reader the new input stream 389 | */ 390 | public final void yyreset(java.io.Reader reader) { 391 | zzReader = reader; 392 | zzAtBOL = true; 393 | zzAtEOF = false; 394 | zzEndRead = zzStartRead = 0; 395 | zzCurrentPos = zzMarkedPos = 0; 396 | yyline = yychar = yycolumn = 0; 397 | zzLexicalState = YYINITIAL; 398 | } 399 | 400 | 401 | /** 402 | * Returns the current lexical state. 403 | */ 404 | public final int yystate() { 405 | return zzLexicalState; 406 | } 407 | 408 | 409 | /** 410 | * Enters a new lexical state 411 | * 412 | * @param newState the new lexical state 413 | */ 414 | public final void yybegin(int newState) { 415 | zzLexicalState = newState; 416 | } 417 | 418 | 419 | /** 420 | * Returns the text matched by the current regular expression. 421 | */ 422 | public final String yytext() { 423 | return new String( zzBuffer, zzStartRead, zzMarkedPos-zzStartRead ); 424 | } 425 | 426 | 427 | /** 428 | * Returns the character at position pos from the 429 | * matched text. 430 | * 431 | * It is equivalent to yytext().charAt(pos), but faster 432 | * 433 | * @param pos the position of the character to fetch. 434 | * A value from 0 to yylength()-1. 435 | * 436 | * @return the character at position pos 437 | */ 438 | public final char yycharat(int pos) { 439 | return zzBuffer[zzStartRead+pos]; 440 | } 441 | 442 | 443 | /** 444 | * Returns the length of the matched text region. 445 | */ 446 | public final int yylength() { 447 | return zzMarkedPos-zzStartRead; 448 | } 449 | 450 | 451 | /** 452 | * Reports an error that occured while scanning. 453 | * 454 | * In a wellformed scanner (no or only correct usage of 455 | * yypushback(int) and a match-all fallback rule) this method 456 | * will only be called with things that "Can't Possibly Happen". 457 | * If this method is called, something is seriously wrong 458 | * (e.g. a JFlex bug producing a faulty scanner etc.). 459 | * 460 | * Usual syntax/scanner level error handling should be done 461 | * in error fallback rules. 462 | * 463 | * @param errorCode the code of the errormessage to display 464 | */ 465 | private void zzScanError(int errorCode) { 466 | String message; 467 | try { 468 | message = ZZ_ERROR_MSG[errorCode]; 469 | } 470 | catch (ArrayIndexOutOfBoundsException e) { 471 | message = ZZ_ERROR_MSG[ZZ_UNKNOWN_ERROR]; 472 | } 473 | 474 | throw new Error(message); 475 | } 476 | 477 | 478 | /** 479 | * Pushes the specified amount of characters back into the input stream. 480 | * 481 | * They will be read again by then next call of the scanning method 482 | * 483 | * @param number the number of characters to be read again. 484 | * This number must not be greater than yylength()! 485 | */ 486 | public void yypushback(int number) { 487 | if ( number > yylength() ) 488 | zzScanError(ZZ_PUSHBACK_2BIG); 489 | 490 | zzMarkedPos -= number; 491 | } 492 | 493 | 494 | /** 495 | * Resumes scanning until the next regular expression is matched, 496 | * the end of input is encountered or an I/O-Error occurs. 497 | * 498 | * @return the next token 499 | * @exception java.io.IOException if any I/O-Error occurs 500 | */ 501 | public Yytoken yylex() throws java.io.IOException, ParseException { 502 | int zzInput; 503 | int zzAction; 504 | 505 | // cached fields: 506 | int zzCurrentPosL; 507 | int zzMarkedPosL; 508 | int zzEndReadL = zzEndRead; 509 | char [] zzBufferL = zzBuffer; 510 | char [] zzCMapL = ZZ_CMAP; 511 | 512 | int [] zzTransL = ZZ_TRANS; 513 | int [] zzRowMapL = ZZ_ROWMAP; 514 | int [] zzAttrL = ZZ_ATTRIBUTE; 515 | 516 | while (true) { 517 | zzMarkedPosL = zzMarkedPos; 518 | 519 | yychar+= zzMarkedPosL-zzStartRead; 520 | 521 | zzAction = -1; 522 | 523 | zzCurrentPosL = zzCurrentPos = zzStartRead = zzMarkedPosL; 524 | 525 | zzState = ZZ_LEXSTATE[zzLexicalState]; 526 | 527 | 528 | zzForAction: { 529 | while (true) { 530 | 531 | if (zzCurrentPosL < zzEndReadL) 532 | zzInput = zzBufferL[zzCurrentPosL++]; 533 | else if (zzAtEOF) { 534 | zzInput = YYEOF; 535 | break zzForAction; 536 | } 537 | else { 538 | // store back cached positions 539 | zzCurrentPos = zzCurrentPosL; 540 | zzMarkedPos = zzMarkedPosL; 541 | boolean eof = zzRefill(); 542 | // get translated positions and possibly new buffer 543 | zzCurrentPosL = zzCurrentPos; 544 | zzMarkedPosL = zzMarkedPos; 545 | zzBufferL = zzBuffer; 546 | zzEndReadL = zzEndRead; 547 | if (eof) { 548 | zzInput = YYEOF; 549 | break zzForAction; 550 | } 551 | else { 552 | zzInput = zzBufferL[zzCurrentPosL++]; 553 | } 554 | } 555 | int zzNext = zzTransL[ zzRowMapL[zzState] + zzCMapL[zzInput] ]; 556 | if (zzNext == -1) break zzForAction; 557 | zzState = zzNext; 558 | 559 | int zzAttributes = zzAttrL[zzState]; 560 | if ( (zzAttributes & 1) == 1 ) { 561 | zzAction = zzState; 562 | zzMarkedPosL = zzCurrentPosL; 563 | if ( (zzAttributes & 8) == 8 ) break zzForAction; 564 | } 565 | 566 | } 567 | } 568 | 569 | // store back cached position 570 | zzMarkedPos = zzMarkedPosL; 571 | 572 | switch (zzAction < 0 ? zzAction : ZZ_ACTION[zzAction]) { 573 | case 11: 574 | { sb.append(yytext()); 575 | } 576 | case 25: break; 577 | case 4: 578 | { sb = null; sb = new StringBuffer(); yybegin(STRING_BEGIN); 579 | } 580 | case 26: break; 581 | case 16: 582 | { sb.append('\b'); 583 | } 584 | case 27: break; 585 | case 6: 586 | { return new Yytoken(Yytoken.TYPE_RIGHT_BRACE,null); 587 | } 588 | case 28: break; 589 | case 23: 590 | { Boolean val=Boolean.valueOf(yytext()); return new Yytoken(Yytoken.TYPE_VALUE, val); 591 | } 592 | case 29: break; 593 | case 22: 594 | { return new Yytoken(Yytoken.TYPE_VALUE, null); 595 | } 596 | case 30: break; 597 | case 13: 598 | { yybegin(YYINITIAL);return new Yytoken(Yytoken.TYPE_VALUE, sb.toString()); 599 | } 600 | case 31: break; 601 | case 12: 602 | { sb.append('\\'); 603 | } 604 | case 32: break; 605 | case 21: 606 | { Double val=Double.valueOf(yytext()); return new Yytoken(Yytoken.TYPE_VALUE, val); 607 | } 608 | case 33: break; 609 | case 1: 610 | { throw new ParseException(yychar, ParseException.ERROR_UNEXPECTED_CHAR, new Character(yycharat(0))); 611 | } 612 | case 34: break; 613 | case 8: 614 | { return new Yytoken(Yytoken.TYPE_RIGHT_SQUARE,null); 615 | } 616 | case 35: break; 617 | case 19: 618 | { sb.append('\r'); 619 | } 620 | case 36: break; 621 | case 15: 622 | { sb.append('/'); 623 | } 624 | case 37: break; 625 | case 10: 626 | { return new Yytoken(Yytoken.TYPE_COLON,null); 627 | } 628 | case 38: break; 629 | case 14: 630 | { sb.append('"'); 631 | } 632 | case 39: break; 633 | case 5: 634 | { return new Yytoken(Yytoken.TYPE_LEFT_BRACE,null); 635 | } 636 | case 40: break; 637 | case 17: 638 | { sb.append('\f'); 639 | } 640 | case 41: break; 641 | case 24: 642 | { try{ 643 | int ch=Integer.parseInt(yytext().substring(2),16); 644 | sb.append((char)ch); 645 | } 646 | catch(Exception e){ 647 | throw new ParseException(yychar, ParseException.ERROR_UNEXPECTED_EXCEPTION, e); 648 | } 649 | } 650 | case 42: break; 651 | case 20: 652 | { sb.append('\t'); 653 | } 654 | case 43: break; 655 | case 7: 656 | { return new Yytoken(Yytoken.TYPE_LEFT_SQUARE,null); 657 | } 658 | case 44: break; 659 | case 2: 660 | { Long val=Long.valueOf(yytext()); return new Yytoken(Yytoken.TYPE_VALUE, val); 661 | } 662 | case 45: break; 663 | case 18: 664 | { sb.append('\n'); 665 | } 666 | case 46: break; 667 | case 9: 668 | { return new Yytoken(Yytoken.TYPE_COMMA,null); 669 | } 670 | case 47: break; 671 | case 3: 672 | { 673 | } 674 | case 48: break; 675 | default: 676 | if (zzInput == YYEOF && zzStartRead == zzCurrentPos) { 677 | zzAtEOF = true; 678 | return null; 679 | } 680 | else { 681 | zzScanError(ZZ_NO_MATCH); 682 | } 683 | } 684 | } 685 | } 686 | 687 | 688 | } 689 | --------------------------------------------------------------------------------