├── .gitignore
├── README.md
├── out
└── artifacts
│ └── argsfind_jar
│ └── argsfind.jar
├── .idea
├── vcs.xml
├── kotlinc.xml
├── modules.xml
├── artifacts
│ └── argsfind_jar.xml
├── misc.xml
└── uiDesigner.xml
├── src
├── burp
│ ├── BurpExtender.java
│ ├── IScopeChangeListener.java
│ ├── IHttpRequestResponsePersisted.java
│ ├── IIntruderAttack.java
│ ├── ITempFile.java
│ ├── BurpArgsfindMenu.java
│ ├── IExtensionStateListener.java
│ ├── IBurpExtender.java
│ ├── IScannerListener.java
│ ├── IHttpService.java
│ ├── ITab.java
│ ├── IMenuItemHandler.java
│ ├── BurpArgsfindAction.java
│ ├── IProxyListener.java
│ ├── IBurpCollaboratorInteraction.java
│ ├── IContextMenuFactory.java
│ ├── IScannerInsertionPointProvider.java
│ ├── IHttpListener.java
│ ├── IIntruderPayloadGeneratorFactory.java
│ ├── IMessageEditorTabFactory.java
│ ├── IHttpRequestResponseWithMarkers.java
│ ├── IIntruderPayloadProcessor.java
│ ├── IIntruderPayloadGenerator.java
│ ├── ICookie.java
│ ├── IMessageEditorController.java
│ ├── IResponseKeywords.java
│ ├── IMessageEditor.java
│ ├── ISessionHandlingAction.java
│ ├── IResponseVariations.java
│ ├── IResponseInfo.java
│ ├── IBurpCollaboratorClientContext.java
│ ├── IScanQueueItem.java
│ ├── IRequestInfo.java
│ ├── ITextEditor.java
│ ├── IHttpRequestResponse.java
│ ├── IParameter.java
│ ├── IScannerCheck.java
│ ├── IMessageEditorTab.java
│ ├── IScanIssue.java
│ ├── IInterceptedProxyMessage.java
│ ├── IContextMenuInvocation.java
│ ├── IScannerInsertionPoint.java
│ ├── IExtensionHelpers.java
│ └── IBurpExtenderCallbacks.java
└── attacks
│ └── BurpArgsfind.java
├── argsfind.iml
└── resources
└── argsbase.txt
/.gitignore:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | This is argsfind module from https://github.com/beched/libpywebhack rewritten as Burp Suite extension.
--------------------------------------------------------------------------------
/out/artifacts/argsfind_jar/argsfind.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/beched/BurpArgsFind/HEAD/out/artifacts/argsfind_jar/argsfind.jar
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/kotlinc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/.idea/artifacts/argsfind_jar.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | $PROJECT_DIR$/out/artifacts/argsfind_jar
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/src/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | /**
2 | * Created by beched on 06.05.17.
3 | */
4 | package burp;
5 |
6 | import attacks.BurpArgsfind;
7 |
8 | import java.io.PrintStream;
9 |
10 | public class BurpExtender implements IBurpExtender
11 | {
12 | public void registerExtenderCallbacks (IBurpExtenderCallbacks callbacks)
13 | {
14 | BurpArgsfind argsfind = new BurpArgsfind(callbacks);
15 | callbacks.registerContextMenuFactory(new BurpArgsfindMenu(callbacks, argsfind));
16 | }
17 | }
--------------------------------------------------------------------------------
/argsfind.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/src/burp/IScopeChangeListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScopeChangeListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register
15 | * a scope change listener. The listener will be notified whenever a change
16 | * occurs to Burp's suite-wide target scope.
17 | */
18 | public interface IScopeChangeListener
19 | {
20 | /**
21 | * This method is invoked whenever a change occurs to Burp's suite-wide
22 | * target scope.
23 | */
24 | void scopeChanged();
25 | }
26 |
--------------------------------------------------------------------------------
/src/burp/IHttpRequestResponsePersisted.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponsePersisted.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for an
14 | * IHttpRequestResponse object whose request and response messages
15 | * have been saved to temporary files using
16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles().
17 | */
18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
19 | {
20 | /**
21 | * This method is deprecated and no longer performs any action.
22 | */
23 | @Deprecated
24 | void deleteTempFiles();
25 | }
26 |
--------------------------------------------------------------------------------
/src/burp/IIntruderAttack.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderAttack.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an Intruder attack.
14 | */
15 | public interface IIntruderAttack
16 | {
17 | /**
18 | * This method is used to retrieve the HTTP service for the attack.
19 | *
20 | * @return The HTTP service for the attack.
21 | */
22 | IHttpService getHttpService();
23 |
24 | /**
25 | * This method is used to retrieve the request template for the attack.
26 | *
27 | * @return The request template for the attack.
28 | */
29 | byte[] getRequestTemplate();
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is deprecated and no longer performs any action.
30 | */
31 | @Deprecated
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/src/burp/BurpArgsfindMenu.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import attacks.BurpArgsfind;
4 |
5 | import java.awt.event.MouseEvent;
6 | import java.awt.event.MouseListener;
7 | import java.util.ArrayList;
8 | import java.util.List;
9 | import javax.swing.JMenuItem;
10 |
11 | /**
12 | * Created by beched on 06.05.17.
13 | */
14 | public class BurpArgsfindMenu implements IContextMenuFactory {
15 | private BurpArgsfind argsfind;
16 | private IBurpExtenderCallbacks iCallbacks;
17 |
18 | public BurpArgsfindMenu(IBurpExtenderCallbacks callbacks, BurpArgsfind argsfind) {
19 | this.argsfind = argsfind;
20 | this.iCallbacks = callbacks;
21 | }
22 |
23 | @Override
24 | public List createMenuItems(final IContextMenuInvocation invocation) {
25 | JMenuItem sendToArgsFindMenu = new JMenuItem("Send to ArgsFind");
26 |
27 | sendToArgsFindMenu.addActionListener(new BurpArgsfindAction(iCallbacks, invocation, argsfind));
28 |
29 | List menus = new ArrayList();
30 | menus.add(sendToArgsFindMenu);
31 |
32 | return menus;
33 | }
34 | }
--------------------------------------------------------------------------------
/src/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionStateListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to
15 | * register an extension state listener. The listener will be notified of
16 | * changes to the extension's state. Note: Any extensions that start
17 | * background threads or open system resources (such as files or database
18 | * connections) should register a listener and terminate threads / close
19 | * resources when the extension is unloaded.
20 | */
21 | public interface IExtensionStateListener
22 | {
23 | /**
24 | * This method is called when the extension is unloaded.
25 | */
26 | void extensionUnloaded();
27 | }
28 |
--------------------------------------------------------------------------------
/src/burp/IBurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtender.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * All extensions must implement this interface.
14 | *
15 | * Implementations must be called BurpExtender, in the package burp, must be
16 | * declared public, and must provide a default (public, no-argument)
17 | * constructor.
18 | */
19 | public interface IBurpExtender
20 | {
21 | /**
22 | * This method is invoked when the extension is loaded. It registers an
23 | * instance of the
24 | * IBurpExtenderCallbacks interface, providing methods that may
25 | * be invoked by the extension to perform various actions.
26 | *
27 | * @param callbacks An
28 | * IBurpExtenderCallbacks object.
29 | */
30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
31 | }
32 |
--------------------------------------------------------------------------------
/src/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/src/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpService.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to provide details about an HTTP service, to which
14 | * HTTP requests can be sent.
15 | */
16 | public interface IHttpService
17 | {
18 | /**
19 | * This method returns the hostname or IP address for the service.
20 | *
21 | * @return The hostname or IP address for the service.
22 | */
23 | String getHost();
24 |
25 | /**
26 | * This method returns the port number for the service.
27 | *
28 | * @return The port number for the service.
29 | */
30 | int getPort();
31 |
32 | /**
33 | * This method returns the protocol for the service.
34 | *
35 | * @return The protocol for the service. Expected values are "http" or
36 | * "https".
37 | */
38 | String getProtocol();
39 | }
40 |
--------------------------------------------------------------------------------
/src/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide Burp with details of a custom tab that will
16 | * be added to Burp's UI, using a method such as
17 | * IBurpExtenderCallbacks.addSuiteTab().
18 | */
19 | public interface ITab
20 | {
21 | /**
22 | * Burp uses this method to obtain the caption that should appear on the
23 | * custom tab when it is displayed.
24 | *
25 | * @return The caption that should appear on the custom tab when it is
26 | * displayed.
27 | */
28 | String getTabCaption();
29 |
30 | /**
31 | * Burp uses this method to obtain the component that should be used as the
32 | * contents of the custom tab when it is displayed.
33 | *
34 | * @return The component that should be used as the contents of the custom
35 | * tab when it is displayed.
36 | */
37 | Component getUiComponent();
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/IMenuItemHandler.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMenuItemHandler.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom
15 | * context menu item.
16 | *
17 | * @deprecated Use
18 | * IContextMenuFactory instead.
19 | */
20 | @Deprecated
21 | public interface IMenuItemHandler
22 | {
23 | /**
24 | * This method is invoked by Burp Suite when the user clicks on a custom
25 | * menu item which the extension has registered with Burp.
26 | *
27 | * @param menuItemCaption The caption of the menu item which was clicked.
28 | * This parameter enables extensions to provide a single implementation
29 | * which handles multiple different menu items.
30 | * @param messageInfo Details of the HTTP message(s) for which the context
31 | * menu was displayed.
32 | */
33 | void menuItemClicked(
34 | String menuItemCaption,
35 | IHttpRequestResponse[] messageInfo);
36 | }
37 |
--------------------------------------------------------------------------------
/src/burp/BurpArgsfindAction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import attacks.BurpArgsfind;
4 |
5 | import java.awt.event.ActionEvent;
6 | import java.awt.event.ActionListener;
7 | import java.awt.event.ItemEvent;
8 | import java.awt.event.ItemListener;
9 |
10 | /**
11 | * Created by beched on 06.05.17.
12 | */
13 | class BurpArgsfindAction implements ActionListener, ItemListener {
14 | private IContextMenuInvocation invocation;
15 | private IBurpExtenderCallbacks iCallbacks;
16 | private BurpArgsfind argsfind;
17 |
18 | public BurpArgsfindAction(final IBurpExtenderCallbacks callbacks, IContextMenuInvocation invocation, BurpArgsfind argsfind) {
19 | this.iCallbacks = callbacks;
20 | this.invocation = invocation;
21 | this.argsfind = argsfind;
22 | }
23 |
24 | public void actionPerformed(ActionEvent e) {
25 | IHttpRequestResponse[] selectedMessages = invocation.getSelectedMessages();
26 | for (IHttpRequestResponse iReqResp : selectedMessages) {
27 | Thread queryThread = new Thread() {
28 | public void run() {
29 | try {
30 | argsfind.process(iReqResp);
31 | } catch (Exception ex) {
32 |
33 | }
34 | }
35 | };
36 | queryThread.start();
37 | }
38 | }
39 |
40 | public void itemStateChanged(ItemEvent e) {
41 | }
42 | }
--------------------------------------------------------------------------------
/src/burp/IProxyListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IProxyListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerProxyListener() to register a
15 | * Proxy listener. The listener will be notified of requests and responses being
16 | * processed by the Proxy tool. Extensions can perform custom analysis or
17 | * modification of these messages, and control in-UI message interception, by
18 | * registering a proxy listener.
19 | */
20 | public interface IProxyListener
21 | {
22 | /**
23 | * This method is invoked when an HTTP message is being processed by the
24 | * Proxy.
25 | *
26 | * @param messageIsRequest Indicates whether the HTTP message is a request
27 | * or a response.
28 | * @param message An
29 | * IInterceptedProxyMessage object that extensions can use to
30 | * query and update details of the message, and control whether the message
31 | * should be intercepted and displayed to the user for manual review or
32 | * modification.
33 | */
34 | void processProxyMessage(
35 | boolean messageIsRequest,
36 | IInterceptedProxyMessage message);
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IBurpCollaboratorInteraction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpCollaboratorInteraction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.Map;
13 |
14 | /**
15 | * This interface represents a network interaction that occurred with the Burp
16 | * Collaborator server.
17 | */
18 | public interface IBurpCollaboratorInteraction
19 | {
20 |
21 | /**
22 | * This method is used to retrieve a property of the interaction. Properties
23 | * of all interactions are: interaction_id, type, client_ip, and time_stamp.
24 | * Properties of DNS interactions are: query_type and raw_query. The
25 | * raw_query value is Base64-encoded. Properties of HTTP interactions are:
26 | * protocol, request, and response. The request and response values are
27 | * Base64-encoded.
28 | *
29 | * @param name The name of the property to retrieve.
30 | * @return A string representing the property value, or null if not present.
31 | */
32 | String getProperty(String name);
33 |
34 | /**
35 | * This method is used to retrieve a map containing all properties of the
36 | * interaction.
37 | *
38 | * @return A map containing all properties of the interaction.
39 | */
40 | Map getProperties();
41 | }
42 |
--------------------------------------------------------------------------------
/src/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 |
13 | import javax.swing.JMenuItem;
14 | import java.util.List;
15 |
16 | /**
17 | * Extensions can implement this interface and then call
18 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register
19 | * a factory for custom context menu items.
20 | */
21 | public interface IContextMenuFactory
22 | {
23 | /**
24 | * This method will be called by Burp when the user invokes a context menu
25 | * anywhere within Burp. The factory can then provide any custom context
26 | * menu items that should be displayed in the context menu, based on the
27 | * details of the menu invocation.
28 | *
29 | * @param invocation An object that implements the
30 | * IMessageEditorTabFactory interface, which the extension can
31 | * query to obtain details of the context menu invocation.
32 | * @return A list of custom menu items (which may include sub-menus,
33 | * checkbox menu items, etc.) that should be displayed. Extensions may
34 | * return
35 | * null from this method, to indicate that no menu items are
36 | * required.
37 | */
38 | List createMenuItems(IContextMenuInvocation invocation);
39 | }
40 |
--------------------------------------------------------------------------------
/src/burp/IScannerInsertionPointProvider.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPointProvider.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider()
17 | * to register a factory for custom Scanner insertion points.
18 | */
19 | public interface IScannerInsertionPointProvider
20 | {
21 | /**
22 | * When a request is actively scanned, the Scanner will invoke this method,
23 | * and the provider should provide a list of custom insertion points that
24 | * will be used in the scan. Note: these insertion points are used in
25 | * addition to those that are derived from Burp Scanner's configuration, and
26 | * those provided by any other Burp extensions.
27 | *
28 | * @param baseRequestResponse The base request that will be actively
29 | * scanned.
30 | * @return A list of
31 | * IScannerInsertionPoint objects that should be used in the
32 | * scanning, or
33 | * null if no custom insertion points are applicable for this
34 | * request.
35 | */
36 | List getInsertionPoints(
37 | IHttpRequestResponse baseRequestResponse);
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/IHttpListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerHttpListener() to register an
15 | * HTTP listener. The listener will be notified of requests and responses made
16 | * by any Burp tool. Extensions can perform custom analysis or modification of
17 | * these messages by registering an HTTP listener.
18 | */
19 | public interface IHttpListener
20 | {
21 | /**
22 | * This method is invoked when an HTTP request is about to be issued, and
23 | * when an HTTP response has been received.
24 | *
25 | * @param toolFlag A flag indicating the Burp tool that issued the request.
26 | * Burp tool flags are defined in the
27 | * IBurpExtenderCallbacks interface.
28 | * @param messageIsRequest Flags whether the method is being invoked for a
29 | * request or response.
30 | * @param messageInfo Details of the request / response to be processed.
31 | * Extensions can call the setter methods on this object to update the
32 | * current message and so modify Burp's behavior.
33 | */
34 | void processHttpMessage(int toolFlag,
35 | boolean messageIsRequest,
36 | IHttpRequestResponse messageInfo);
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IIntruderPayloadGeneratorFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGeneratorFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
15 | * to register a factory for custom Intruder payloads.
16 | */
17 | public interface IIntruderPayloadGeneratorFactory
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload generator.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use extension-generated payloads.
23 | *
24 | * @return The name of the payload generator.
25 | */
26 | String getGeneratorName();
27 |
28 | /**
29 | * This method is used by Burp when the user starts an Intruder attack that
30 | * uses this payload generator.
31 | *
32 | * @param attack An
33 | * IIntruderAttack object that can be queried to obtain details
34 | * about the attack in which the payload generator will be used.
35 | * @return A new instance of
36 | * IIntruderPayloadGenerator that will be used to generate
37 | * payloads for the attack.
38 | */
39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
40 | }
41 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTabFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
15 | * register a factory for custom message editor tabs. This allows extensions to
16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
17 | * editor.
18 | */
19 | public interface IMessageEditorTabFactory
20 | {
21 | /**
22 | * Burp will call this method once for each HTTP message editor, and the
23 | * factory should provide a new instance of an
24 | * IMessageEditorTab object.
25 | *
26 | * @param controller An
27 | * IMessageEditorController object, which the new tab can query
28 | * to retrieve details about the currently displayed message. This may be
29 | * null for extension-invoked message editors where the
30 | * extension has not provided an editor controller.
31 | * @param editable Indicates whether the hosting editor is editable or
32 | * read-only.
33 | * @return A new
34 | * IMessageEditorTab object for use within the message editor.
35 | */
36 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
37 | boolean editable);
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/IHttpRequestResponseWithMarkers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponseWithMarkers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used for an
16 | * IHttpRequestResponse object that has had markers applied.
17 | * Extensions can create instances of this interface using
18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own
19 | * implementation. Markers are used in various situations, such as specifying
20 | * Intruder payload positions, Scanner insertion points, and highlights in
21 | * Scanner issues.
22 | */
23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
24 | {
25 | /**
26 | * This method returns the details of the request markers.
27 | *
28 | * @return A list of index pairs representing the offsets of markers for the
29 | * request message. Each item in the list is an int[2] array containing the
30 | * start and end offsets for the marker. The method may return
31 | * null if no request markers are defined.
32 | */
33 | List getRequestMarkers();
34 |
35 | /**
36 | * This method returns the details of the response markers.
37 | *
38 | * @return A list of index pairs representing the offsets of markers for the
39 | * response message. Each item in the list is an int[2] array containing the
40 | * start and end offsets for the marker. The method may return
41 | * null if no response markers are defined.
42 | */
43 | List getResponseMarkers();
44 | }
45 |
--------------------------------------------------------------------------------
/src/burp/IIntruderPayloadProcessor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadProcessor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
15 | * register a custom Intruder payload processor.
16 | */
17 | public interface IIntruderPayloadProcessor
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload processor.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use an extension-provided payload processor.
23 | *
24 | * @return The name of the payload processor.
25 | */
26 | String getProcessorName();
27 |
28 | /**
29 | * This method is invoked by Burp each time the processor should be applied
30 | * to an Intruder payload.
31 | *
32 | * @param currentPayload The value of the payload to be processed.
33 | * @param originalPayload The value of the original payload prior to
34 | * processing by any already-applied processing rules.
35 | * @param baseValue The base value of the payload position, which will be
36 | * replaced with the current payload.
37 | * @return The value of the processed payload. This may be
38 | * null to indicate that the current payload should be skipped,
39 | * and the attack will move directly to the next payload.
40 | */
41 | byte[] processPayload(
42 | byte[] currentPayload,
43 | byte[] originalPayload,
44 | byte[] baseValue);
45 | }
46 |
--------------------------------------------------------------------------------
/src/burp/IIntruderPayloadGenerator.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGenerator.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for custom Intruder payload generators. Extensions
14 | * that have registered an
15 | * IIntruderPayloadGeneratorFactory must return a new instance of
16 | * this interface when required as part of a new Intruder attack.
17 | */
18 | public interface IIntruderPayloadGenerator
19 | {
20 | /**
21 | * This method is used by Burp to determine whether the payload generator is
22 | * able to provide any further payloads.
23 | *
24 | * @return Extensions should return
25 | * false when all the available payloads have been used up,
26 | * otherwise
27 | * true.
28 | */
29 | boolean hasMorePayloads();
30 |
31 | /**
32 | * This method is used by Burp to obtain the value of the next payload.
33 | *
34 | * @param baseValue The base value of the current payload position. This
35 | * value may be
36 | * null if the concept of a base value is not applicable (e.g.
37 | * in a battering ram attack).
38 | * @return The next payload to use in the attack.
39 | */
40 | byte[] getNextPayload(byte[] baseValue);
41 |
42 | /**
43 | * This method is used by Burp to reset the state of the payload generator
44 | * so that the next call to
45 | * getNextPayload() returns the first payload again. This
46 | * method will be invoked when an attack uses the same payload generator for
47 | * more than one payload position, for example in a sniper attack.
48 | */
49 | void reset();
50 | }
51 |
--------------------------------------------------------------------------------
/src/burp/ICookie.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ICookie.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.Date;
13 |
14 | /**
15 | * This interface is used to hold details about an HTTP cookie.
16 | */
17 | public interface ICookie
18 | {
19 | /**
20 | * This method is used to retrieve the domain for which the cookie is in
21 | * scope.
22 | *
23 | * @return The domain for which the cookie is in scope. Note: For
24 | * cookies that have been analyzed from responses (by calling
25 | * IExtensionHelpers.analyzeResponse() and then
26 | * IResponseInfo.getCookies(), the domain will be
27 | * null if the response did not explicitly set a domain
28 | * attribute for the cookie.
29 | */
30 | String getDomain();
31 |
32 | /**
33 | * This method is used to retrieve the path for which the cookie is in
34 | * scope.
35 | *
36 | * @return The path for which the cookie is in scope or null if none is set.
37 | */
38 | String getPath();
39 |
40 | /**
41 | * This method is used to retrieve the expiration time for the cookie.
42 | *
43 | * @return The expiration time for the cookie, or
44 | * null if none is set (i.e., for non-persistent session
45 | * cookies).
46 | */
47 | Date getExpiration();
48 |
49 | /**
50 | * This method is used to retrieve the name of the cookie.
51 | *
52 | * @return The name of the cookie.
53 | */
54 | String getName();
55 |
56 | /**
57 | * This method is used to retrieve the value of the cookie.
58 | * @return The value of the cookie.
59 | */
60 | String getValue();
61 | }
62 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorController.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used by an
14 | * IMessageEditor to obtain details about the currently displayed
15 | * message. Extensions that create instances of Burp's HTTP message editor can
16 | * optionally provide an implementation of
17 | * IMessageEditorController, which the editor will invoke when it
18 | * requires further information about the current message (for example, to send
19 | * it to another Burp tool). Extensions that provide custom editor tabs via an
20 | * IMessageEditorTabFactory will receive a reference to an
21 | * IMessageEditorController object for each tab instance they
22 | * generate, which the tab can invoke if it requires further information about
23 | * the current message.
24 | */
25 | public interface IMessageEditorController
26 | {
27 | /**
28 | * This method is used to retrieve the HTTP service for the current message.
29 | *
30 | * @return The HTTP service for the current message.
31 | */
32 | IHttpService getHttpService();
33 |
34 | /**
35 | * This method is used to retrieve the HTTP request associated with the
36 | * current message (which may itself be a response).
37 | *
38 | * @return The HTTP request associated with the current message.
39 | */
40 | byte[] getRequest();
41 |
42 | /**
43 | * This method is used to retrieve the HTTP response associated with the
44 | * current message (which may itself be a request).
45 | *
46 | * @return The HTTP response associated with the current message.
47 | */
48 | byte[] getResponse();
49 | }
50 |
--------------------------------------------------------------------------------
/src/burp/IResponseKeywords.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseKeywords.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to represent the counts of keywords appearing in a
16 | * number of HTTP responses.
17 | */
18 | public interface IResponseKeywords
19 | {
20 |
21 | /**
22 | * This method is used to obtain the list of keywords whose counts vary
23 | * between the analyzed responses.
24 | *
25 | * @return The keywords whose counts vary between the analyzed responses.
26 | */
27 | List getVariantKeywords();
28 |
29 | /**
30 | * This method is used to obtain the list of keywords whose counts do not
31 | * vary between the analyzed responses.
32 | *
33 | * @return The keywords whose counts do not vary between the analyzed
34 | * responses.
35 | */
36 | List getInvariantKeywords();
37 |
38 | /**
39 | * This method is used to obtain the number of occurrences of an individual
40 | * keyword in a response.
41 | *
42 | * @param keyword The keyword whose count will be retrieved.
43 | * @param responseIndex The index of the response. Note responses are
44 | * indexed from zero in the order they were originally supplied to the
45 | * IExtensionHelpers.analyzeResponseKeywords() and
46 | * IResponseKeywords.updateWith() methods.
47 | * @return The number of occurrences of the specified keyword for the
48 | * specified response.
49 | */
50 | int getKeywordCount(String keyword, int responseIndex);
51 |
52 | /**
53 | * This method is used to update the analysis based on additional responses.
54 | *
55 | * @param responses The new responses to include in the analysis.
56 | */
57 | void updateWith(byte[]... responses);
58 | }
59 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's HTTP
16 | * message editor, for the extension to use in its own UI. Extensions should
17 | * call
18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an
19 | * instance of this interface.
20 | */
21 | public interface IMessageEditor
22 | {
23 | /**
24 | * This method returns the UI component of the editor, for extensions to add
25 | * to their own UI.
26 | *
27 | * @return The UI component of the editor.
28 | */
29 | Component getComponent();
30 |
31 | /**
32 | * This method is used to display an HTTP message in the editor.
33 | *
34 | * @param message The HTTP message to be displayed.
35 | * @param isRequest Flags whether the message is an HTTP request or
36 | * response.
37 | */
38 | void setMessage(byte[] message, boolean isRequest);
39 |
40 | /**
41 | * This method is used to retrieve the currently displayed message, which
42 | * may have been modified by the user.
43 | *
44 | * @return The currently displayed HTTP message.
45 | */
46 | byte[] getMessage();
47 |
48 | /**
49 | * This method is used to determine whether the current message has been
50 | * modified by the user.
51 | *
52 | * @return An indication of whether the current message has been modified by
53 | * the user since it was first displayed.
54 | */
55 | boolean isMessageModified();
56 |
57 | /**
58 | * This method returns the data that is currently selected by the user.
59 | *
60 | * @return The data that is currently selected by the user, or
61 | * null if no selection is made.
62 | */
63 | byte[] getSelectedData();
64 | }
65 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
--------------------------------------------------------------------------------
/src/burp/ISessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ISessionHandlingAction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to
15 | * register a custom session handling action. Each registered action will be
16 | * available within the session handling rule UI for the user to select as a
17 | * rule action. Users can choose to invoke an action directly in its own right,
18 | * or following execution of a macro.
19 | */
20 | public interface ISessionHandlingAction
21 | {
22 | /**
23 | * This method is used by Burp to obtain the name of the session handling
24 | * action. This will be displayed as an option within the session handling
25 | * rule editor when the user selects to execute an extension-provided
26 | * action.
27 | *
28 | * @return The name of the action.
29 | */
30 | String getActionName();
31 |
32 | /**
33 | * This method is invoked when the session handling action should be
34 | * executed. This may happen as an action in its own right, or as a
35 | * sub-action following execution of a macro.
36 | *
37 | * @param currentRequest The base request that is currently being processed.
38 | * The action can query this object to obtain details about the base
39 | * request. It can issue additional requests of its own if necessary, and
40 | * can use the setter methods on this object to update the base request.
41 | * @param macroItems If the action is invoked following execution of a
42 | * macro, this parameter contains the result of executing the macro.
43 | * Otherwise, it is
44 | * null. Actions can use the details of the macro items to
45 | * perform custom analysis of the macro to derive values of non-standard
46 | * session handling tokens, etc.
47 | */
48 | void performAction(
49 | IHttpRequestResponse currentRequest,
50 | IHttpRequestResponse[] macroItems);
51 | }
52 |
--------------------------------------------------------------------------------
/src/burp/IResponseVariations.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseVariations.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to represent variations between a number HTTP
16 | * responses, according to various attributes.
17 | */
18 | public interface IResponseVariations
19 | {
20 |
21 | /**
22 | * This method is used to obtain the list of attributes that vary between
23 | * the analyzed responses.
24 | *
25 | * @return The attributes that vary between the analyzed responses.
26 | */
27 | List getVariantAttributes();
28 |
29 | /**
30 | * This method is used to obtain the list of attributes that do not vary
31 | * between the analyzed responses.
32 | *
33 | * @return The attributes that do not vary between the analyzed responses.
34 | */
35 | List getInvariantAttributes();
36 |
37 | /**
38 | * This method is used to obtain the value of an individual attribute in a
39 | * response. Note that the values of some attributes are intrinsically
40 | * meaningful (e.g. a word count) while the values of others are less so
41 | * (e.g. a checksum of the HTML tag names).
42 | *
43 | * @param attributeName The name of the attribute whose value will be
44 | * retrieved. Extension authors can obtain the list of supported attributes
45 | * by generating an IResponseVariations object for a single
46 | * response and calling
47 | * IResponseVariations.getInvariantAttributes().
48 | * @param responseIndex The index of the response. Note that responses are
49 | * indexed from zero in the order they were originally supplied to the
50 | * IExtensionHelpers.analyzeResponseVariations() and
51 | * IResponseVariations.updateWith() methods.
52 | * @return The value of the specified attribute for the specified response.
53 | */
54 | int getAttributeValue(String attributeName, int responseIndex);
55 |
56 | /**
57 | * This method is used to update the analysis based on additional responses.
58 | *
59 | * @param responses The new responses to include in the analysis.
60 | */
61 | void updateWith(byte[]... responses);
62 | }
63 |
--------------------------------------------------------------------------------
/src/burp/IResponseInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to retrieve key details about an HTTP response.
16 | * Extensions can obtain an
17 | * IResponseInfo object for a given response by calling
18 | * IExtensionHelpers.analyzeResponse().
19 | */
20 | public interface IResponseInfo
21 | {
22 | /**
23 | * This method is used to obtain the HTTP headers contained in the response.
24 | *
25 | * @return The HTTP headers contained in the response.
26 | */
27 | List getHeaders();
28 |
29 | /**
30 | * This method is used to obtain the offset within the response where the
31 | * message body begins.
32 | *
33 | * @return The offset within the response where the message body begins.
34 | */
35 | int getBodyOffset();
36 |
37 | /**
38 | * This method is used to obtain the HTTP status code contained in the
39 | * response.
40 | *
41 | * @return The HTTP status code contained in the response.
42 | */
43 | short getStatusCode();
44 |
45 | /**
46 | * This method is used to obtain details of the HTTP cookies set in the
47 | * response.
48 | *
49 | * @return A list of ICookie objects representing the cookies
50 | * set in the response, if any.
51 | */
52 | List getCookies();
53 |
54 | /**
55 | * This method is used to obtain the MIME type of the response, as stated in
56 | * the HTTP headers.
57 | *
58 | * @return A textual label for the stated MIME type, or an empty String if
59 | * this is not known or recognized. The possible labels are the same as
60 | * those used in the main Burp UI.
61 | */
62 | String getStatedMimeType();
63 |
64 | /**
65 | * This method is used to obtain the MIME type of the response, as inferred
66 | * from the contents of the HTTP message body.
67 | *
68 | * @return A textual label for the inferred MIME type, or an empty String if
69 | * this is not known or recognized. The possible labels are the same as
70 | * those used in the main Burp UI.
71 | */
72 | String getInferredMimeType();
73 | }
74 |
--------------------------------------------------------------------------------
/src/burp/IBurpCollaboratorClientContext.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpCollaboratorClientContext.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface represents an instance of a Burp Collaborator client context,
16 | * which can be used to generate Burp Collaborator payloads and poll the
17 | * Collaborator server for any network interactions that result from using those
18 | * payloads. Extensions can obtain new instances of this class by calling
19 | * IBurpExtenderCallbacks.createBurpCollaboratorClientContext().
20 | * Note that each Burp Collaborator client context is tied to the Collaborator
21 | * server configuration that was in place at the time the context was created.
22 | */
23 | public interface IBurpCollaboratorClientContext
24 | {
25 |
26 | /**
27 | * This method is used to generate new Burp Collaborator payloads.
28 | *
29 | * @param includeCollaboratorServerLocation Specifies whether to include the
30 | * Collaborator server location in the generated payload.
31 | * @return The payload that was generated.
32 | */
33 | String generatePayload(boolean includeCollaboratorServerLocation);
34 |
35 | /**
36 | * This method is used to retrieve all interactions received by the
37 | * Collaborator server resulting from payloads that were generated for this
38 | * context.
39 | *
40 | * @return The Collaborator interactions that have occurred resulting from
41 | * payloads that were generated for this context.
42 | */
43 | List fetchAllCollaboratorInteractions();
44 |
45 | /**
46 | * This method is used to retrieve interactions received by the Collaborator
47 | * server resulting from a single payload that was generated for this
48 | * context.
49 | *
50 | * @param payload The payload for which interactions will be retrieved.
51 | * @return The Collaborator interactions that have occurred resulting from
52 | * the given payload.
53 | */
54 | List fetchCollaboratorInteractionsFor(String payload);
55 |
56 | /**
57 | * This method is used to retrieve the network location of the Collaborator
58 | * server.
59 | *
60 | * @return The hostname or IP address of the Collaborator server.
61 | */
62 | String getCollaboratorServerLocation();
63 | }
64 |
--------------------------------------------------------------------------------
/src/burp/IScanQueueItem.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanQueueItem.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of items in the Burp Scanner
14 | * active scan queue. Extensions can obtain references to scan queue items by
15 | * calling
16 | * IBurpExtenderCallbacks.doActiveScan().
17 | */
18 | public interface IScanQueueItem
19 | {
20 | /**
21 | * This method returns a description of the status of the scan queue item.
22 | *
23 | * @return A description of the status of the scan queue item.
24 | */
25 | String getStatus();
26 |
27 | /**
28 | * This method returns an indication of the percentage completed for the
29 | * scan queue item.
30 | *
31 | * @return An indication of the percentage completed for the scan queue
32 | * item.
33 | */
34 | byte getPercentageComplete();
35 |
36 | /**
37 | * This method returns the number of requests that have been made for the
38 | * scan queue item.
39 | *
40 | * @return The number of requests that have been made for the scan queue
41 | * item.
42 | */
43 | int getNumRequests();
44 |
45 | /**
46 | * This method returns the number of network errors that have occurred for
47 | * the scan queue item.
48 | *
49 | * @return The number of network errors that have occurred for the scan
50 | * queue item.
51 | */
52 | int getNumErrors();
53 |
54 | /**
55 | * This method returns the number of attack insertion points being used for
56 | * the scan queue item.
57 | *
58 | * @return The number of attack insertion points being used for the scan
59 | * queue item.
60 | */
61 | int getNumInsertionPoints();
62 |
63 | /**
64 | * This method allows the scan queue item to be canceled.
65 | */
66 | void cancel();
67 |
68 | /**
69 | * This method returns details of the issues generated for the scan queue
70 | * item. Note: different items within the scan queue may contain
71 | * duplicated versions of the same issues - for example, if the same request
72 | * has been scanned multiple times. Duplicated issues are consolidated in
73 | * the main view of scan results. Extensions can register an
74 | * IScannerListener to get details only of unique, newly
75 | * discovered Scanner issues post-consolidation.
76 | *
77 | * @return Details of the issues generated for the scan queue item.
78 | */
79 | IScanIssue[] getIssues();
80 | }
81 |
--------------------------------------------------------------------------------
/src/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IRequestInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface is used to retrieve key details about an HTTP request.
17 | * Extensions can obtain an
18 | * IRequestInfo object for a given request by calling
19 | * IExtensionHelpers.analyzeRequest().
20 | */
21 | public interface IRequestInfo
22 | {
23 | /**
24 | * Used to indicate that there is no content.
25 | */
26 | static final byte CONTENT_TYPE_NONE = 0;
27 | /**
28 | * Used to indicate URL-encoded content.
29 | */
30 | static final byte CONTENT_TYPE_URL_ENCODED = 1;
31 | /**
32 | * Used to indicate multi-part content.
33 | */
34 | static final byte CONTENT_TYPE_MULTIPART = 2;
35 | /**
36 | * Used to indicate XML content.
37 | */
38 | static final byte CONTENT_TYPE_XML = 3;
39 | /**
40 | * Used to indicate JSON content.
41 | */
42 | static final byte CONTENT_TYPE_JSON = 4;
43 | /**
44 | * Used to indicate AMF content.
45 | */
46 | static final byte CONTENT_TYPE_AMF = 5;
47 | /**
48 | * Used to indicate unknown content.
49 | */
50 | static final byte CONTENT_TYPE_UNKNOWN = -1;
51 |
52 | /**
53 | * This method is used to obtain the HTTP method used in the request.
54 | *
55 | * @return The HTTP method used in the request.
56 | */
57 | String getMethod();
58 |
59 | /**
60 | * This method is used to obtain the URL in the request.
61 | *
62 | * @return The URL in the request.
63 | */
64 | URL getUrl();
65 |
66 | /**
67 | * This method is used to obtain the HTTP headers contained in the request.
68 | *
69 | * @return The HTTP headers contained in the request.
70 | */
71 | List getHeaders();
72 |
73 | /**
74 | * This method is used to obtain the parameters contained in the request.
75 | *
76 | * @return The parameters contained in the request.
77 | */
78 | List getParameters();
79 |
80 | /**
81 | * This method is used to obtain the offset within the request where the
82 | * message body begins.
83 | *
84 | * @return The offset within the request where the message body begins.
85 | */
86 | int getBodyOffset();
87 |
88 | /**
89 | * This method is used to obtain the content type of the message body.
90 | *
91 | * @return An indication of the content type of the message body. Available
92 | * types are defined within this interface.
93 | */
94 | byte getContentType();
95 | }
96 |
--------------------------------------------------------------------------------
/src/burp/ITextEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITextEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's raw
16 | * text editor, for the extension to use in its own UI. Extensions should call
17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance
18 | * of this interface.
19 | */
20 | public interface ITextEditor
21 | {
22 | /**
23 | * This method returns the UI component of the editor, for extensions to add
24 | * to their own UI.
25 | *
26 | * @return The UI component of the editor.
27 | */
28 | Component getComponent();
29 |
30 | /**
31 | * This method is used to control whether the editor is currently editable.
32 | * This status can be toggled on and off as required.
33 | *
34 | * @param editable Indicates whether the editor should be currently
35 | * editable.
36 | */
37 | void setEditable(boolean editable);
38 |
39 | /**
40 | * This method is used to update the currently displayed text in the editor.
41 | *
42 | * @param text The text to be displayed.
43 | */
44 | void setText(byte[] text);
45 |
46 | /**
47 | * This method is used to retrieve the currently displayed text.
48 | *
49 | * @return The currently displayed text.
50 | */
51 | byte[] getText();
52 |
53 | /**
54 | * This method is used to determine whether the user has modified the
55 | * contents of the editor.
56 | *
57 | * @return An indication of whether the user has modified the contents of
58 | * the editor since the last call to
59 | * setText().
60 | */
61 | boolean isTextModified();
62 |
63 | /**
64 | * This method is used to obtain the currently selected text.
65 | *
66 | * @return The currently selected text, or
67 | * null if the user has not made any selection.
68 | */
69 | byte[] getSelectedText();
70 |
71 | /**
72 | * This method can be used to retrieve the bounds of the user's selection
73 | * into the displayed text, if applicable.
74 | *
75 | * @return An int[2] array containing the start and end offsets of the
76 | * user's selection within the displayed text. If the user has not made any
77 | * selection in the current message, both offsets indicate the position of
78 | * the caret within the editor.
79 | */
80 | int[] getSelectionBounds();
81 |
82 | /**
83 | * This method is used to update the search expression that is shown in the
84 | * search bar below the editor. The editor will automatically highlight any
85 | * regions of the displayed text that match the search expression.
86 | *
87 | * @param expression The search expression.
88 | */
89 | void setSearchExpression(String expression);
90 | }
91 |
--------------------------------------------------------------------------------
/src/burp/IHttpRequestResponse.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponse.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve and update details about HTTP messages.
14 | *
15 | * Note: The setter methods generally can only be used before the message
16 | * has been processed, and not in read-only contexts. The getter methods
17 | * relating to response details can only be used after the request has been
18 | * issued.
19 | */
20 | public interface IHttpRequestResponse
21 | {
22 | /**
23 | * This method is used to retrieve the request message.
24 | *
25 | * @return The request message.
26 | */
27 | byte[] getRequest();
28 |
29 | /**
30 | * This method is used to update the request message.
31 | *
32 | * @param message The new request message.
33 | */
34 | void setRequest(byte[] message);
35 |
36 | /**
37 | * This method is used to retrieve the response message.
38 | *
39 | * @return The response message.
40 | */
41 | byte[] getResponse();
42 |
43 | /**
44 | * This method is used to update the response message.
45 | *
46 | * @param message The new response message.
47 | */
48 | void setResponse(byte[] message);
49 |
50 | /**
51 | * This method is used to retrieve the user-annotated comment for this item,
52 | * if applicable.
53 | *
54 | * @return The user-annotated comment for this item, or null if none is set.
55 | */
56 | String getComment();
57 |
58 | /**
59 | * This method is used to update the user-annotated comment for this item.
60 | *
61 | * @param comment The comment to be assigned to this item.
62 | */
63 | void setComment(String comment);
64 |
65 | /**
66 | * This method is used to retrieve the user-annotated highlight for this
67 | * item, if applicable.
68 | *
69 | * @return The user-annotated highlight for this item, or null if none is
70 | * set.
71 | */
72 | String getHighlight();
73 |
74 | /**
75 | * This method is used to update the user-annotated highlight for this item.
76 | *
77 | * @param color The highlight color to be assigned to this item. Accepted
78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
79 | * or a null String to clear any existing highlight.
80 | */
81 | void setHighlight(String color);
82 |
83 | /**
84 | * This method is used to retrieve the HTTP service for this request /
85 | * response.
86 | *
87 | * @return An
88 | * IHttpService object containing details of the HTTP service.
89 | */
90 | IHttpService getHttpService();
91 |
92 | /**
93 | * This method is used to update the HTTP service for this request /
94 | * response.
95 | *
96 | * @param httpService An
97 | * IHttpService object containing details of the new HTTP
98 | * service.
99 | */
100 | void setHttpService(IHttpService httpService);
101 |
102 | }
103 |
--------------------------------------------------------------------------------
/src/burp/IParameter.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IParameter.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an HTTP request parameter.
14 | */
15 | public interface IParameter
16 | {
17 | /**
18 | * Used to indicate a parameter within the URL query string.
19 | */
20 | static final byte PARAM_URL = 0;
21 | /**
22 | * Used to indicate a parameter within the message body.
23 | */
24 | static final byte PARAM_BODY = 1;
25 | /**
26 | * Used to indicate an HTTP cookie.
27 | */
28 | static final byte PARAM_COOKIE = 2;
29 | /**
30 | * Used to indicate an item of data within an XML structure.
31 | */
32 | static final byte PARAM_XML = 3;
33 | /**
34 | * Used to indicate the value of a tag attribute within an XML structure.
35 | */
36 | static final byte PARAM_XML_ATTR = 4;
37 | /**
38 | * Used to indicate the value of a parameter attribute within a multi-part
39 | * message body (such as the name of an uploaded file).
40 | */
41 | static final byte PARAM_MULTIPART_ATTR = 5;
42 | /**
43 | * Used to indicate an item of data within a JSON structure.
44 | */
45 | static final byte PARAM_JSON = 6;
46 |
47 | /**
48 | * This method is used to retrieve the parameter type.
49 | *
50 | * @return The parameter type. The available types are defined within this
51 | * interface.
52 | */
53 | byte getType();
54 |
55 | /**
56 | * This method is used to retrieve the parameter name.
57 | *
58 | * @return The parameter name.
59 | */
60 | String getName();
61 |
62 | /**
63 | * This method is used to retrieve the parameter value.
64 | *
65 | * @return The parameter value.
66 | */
67 | String getValue();
68 |
69 | /**
70 | * This method is used to retrieve the start offset of the parameter name
71 | * within the HTTP request.
72 | *
73 | * @return The start offset of the parameter name within the HTTP request,
74 | * or -1 if the parameter is not associated with a specific request.
75 | */
76 | int getNameStart();
77 |
78 | /**
79 | * This method is used to retrieve the end offset of the parameter name
80 | * within the HTTP request.
81 | *
82 | * @return The end offset of the parameter name within the HTTP request, or
83 | * -1 if the parameter is not associated with a specific request.
84 | */
85 | int getNameEnd();
86 |
87 | /**
88 | * This method is used to retrieve the start offset of the parameter value
89 | * within the HTTP request.
90 | *
91 | * @return The start offset of the parameter value within the HTTP request,
92 | * or -1 if the parameter is not associated with a specific request.
93 | */
94 | int getValueStart();
95 |
96 | /**
97 | * This method is used to retrieve the end offset of the parameter value
98 | * within the HTTP request.
99 | *
100 | * @return The end offset of the parameter value within the HTTP request, or
101 | * -1 if the parameter is not associated with a specific request.
102 | */
103 | int getValueEnd();
104 | }
105 |
--------------------------------------------------------------------------------
/src/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerCheck.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a
17 | * custom Scanner check. When performing scanning, Burp will ask the check to
18 | * perform active or passive scanning on the base request, and report any
19 | * Scanner issues that are identified.
20 | */
21 | public interface IScannerCheck
22 | {
23 |
24 | /**
25 | * The Scanner invokes this method for each base request / response that is
26 | * passively scanned. Note: Extensions should only analyze the
27 | * HTTP messages provided during passive scanning, and should not make any
28 | * new HTTP requests of their own.
29 | *
30 | * @param baseRequestResponse The base HTTP request / response that should
31 | * be passively scanned.
32 | * @return A list of IScanIssue objects, or null
33 | * if no issues are identified.
34 | */
35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse);
36 |
37 | /**
38 | * The Scanner invokes this method for each insertion point that is actively
39 | * scanned. Extensions may issue HTTP requests as required to carry out
40 | * active scanning, and should use the
41 | * IScannerInsertionPoint object provided to build scan
42 | * requests for particular payloads.
43 | * Note:
44 | * Scan checks should submit raw non-encoded payloads to insertion points,
45 | * and the insertion point has responsibility for performing any data
46 | * encoding that is necessary given the nature and location of the insertion
47 | * point.
48 | *
49 | * @param baseRequestResponse The base HTTP request / response that should
50 | * be actively scanned.
51 | * @param insertionPoint An IScannerInsertionPoint object that
52 | * can be queried to obtain details of the insertion point being tested, and
53 | * can be used to build scan requests for particular payloads.
54 | * @return A list of IScanIssue objects, or null
55 | * if no issues are identified.
56 | */
57 | List doActiveScan(
58 | IHttpRequestResponse baseRequestResponse,
59 | IScannerInsertionPoint insertionPoint);
60 |
61 | /**
62 | * The Scanner invokes this method when the custom Scanner check has
63 | * reported multiple issues for the same URL path. This can arise either
64 | * because there are multiple distinct vulnerabilities, or because the same
65 | * (or a similar) request has been scanned more than once. The custom check
66 | * should determine whether the issues are duplicates. In most cases, where
67 | * a check uses distinct issue names or descriptions for distinct issues,
68 | * the consolidation process will simply be a matter of comparing these
69 | * features for the two issues.
70 | *
71 | * @param existingIssue An issue that was previously reported by this
72 | * Scanner check.
73 | * @param newIssue An issue at the same URL path that has been newly
74 | * reported by this Scanner check.
75 | * @return An indication of which issue(s) should be reported in the main
76 | * Scanner results. The method should return -1 to report the
77 | * existing issue only, 0 to report both issues, and
78 | * 1 to report the new issue only.
79 | */
80 | int consolidateDuplicateIssues(
81 | IScanIssue existingIssue,
82 | IScanIssue newIssue);
83 | }
84 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * Extensions that register an
16 | * IMessageEditorTabFactory must return instances of this
17 | * interface, which Burp will use to create custom tabs within its HTTP message
18 | * editors.
19 | */
20 | public interface IMessageEditorTab
21 | {
22 | /**
23 | * This method returns the caption that should appear on the custom tab when
24 | * it is displayed. Note: Burp invokes this method once when the tab
25 | * is first generated, and the same caption will be used every time the tab
26 | * is displayed.
27 | *
28 | * @return The caption that should appear on the custom tab when it is
29 | * displayed.
30 | */
31 | String getTabCaption();
32 |
33 | /**
34 | * This method returns the component that should be used as the contents of
35 | * the custom tab when it is displayed. Note: Burp invokes this
36 | * method once when the tab is first generated, and the same component will
37 | * be used every time the tab is displayed.
38 | *
39 | * @return The component that should be used as the contents of the custom
40 | * tab when it is displayed.
41 | */
42 | Component getUiComponent();
43 |
44 | /**
45 | * The hosting editor will invoke this method before it displays a new HTTP
46 | * message, so that the custom tab can indicate whether it should be enabled
47 | * for that message.
48 | *
49 | * @param content The message that is about to be displayed, or a zero-length
50 | * array if the existing message is to be cleared.
51 | * @param isRequest Indicates whether the message is a request or a
52 | * response.
53 | * @return The method should return
54 | * true if the custom tab is able to handle the specified
55 | * message, and so will be displayed within the editor. Otherwise, the tab
56 | * will be hidden while this message is displayed.
57 | */
58 | boolean isEnabled(byte[] content, boolean isRequest);
59 |
60 | /**
61 | * The hosting editor will invoke this method to display a new message or to
62 | * clear the existing message. This method will only be called with a new
63 | * message if the tab has already returned
64 | * true to a call to
65 | * isEnabled() with the same message details.
66 | *
67 | * @param content The message that is to be displayed, or
68 | * null if the tab should clear its contents and disable any
69 | * editable controls.
70 | * @param isRequest Indicates whether the message is a request or a
71 | * response.
72 | */
73 | void setMessage(byte[] content, boolean isRequest);
74 |
75 | /**
76 | * This method returns the currently displayed message.
77 | *
78 | * @return The currently displayed message.
79 | */
80 | byte[] getMessage();
81 |
82 | /**
83 | * This method is used to determine whether the currently displayed message
84 | * has been modified by the user. The hosting editor will always call
85 | * getMessage() before calling this method, so any pending
86 | * edits should be completed within
87 | * getMessage().
88 | *
89 | * @return The method should return
90 | * true if the user has modified the current message since it
91 | * was first displayed.
92 | */
93 | boolean isModified();
94 |
95 | /**
96 | * This method is used to retrieve the data that is currently selected by
97 | * the user.
98 | *
99 | * @return The data that is currently selected by the user. This may be
100 | * null if no selection is currently made.
101 | */
102 | byte[] getSelectedData();
103 | }
104 |
--------------------------------------------------------------------------------
/src/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanIssue.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of Scanner issues. Extensions can
14 | * obtain details of issues by registering an
15 | * IScannerListener or by calling
16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add
17 | * custom Scanner issues by registering an
18 | * IScannerCheck or calling
19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own
20 | * implementations of this interface
21 | */
22 | public interface IScanIssue
23 | {
24 | /**
25 | * This method returns the URL for which the issue was generated.
26 | *
27 | * @return The URL for which the issue was generated.
28 | */
29 | java.net.URL getUrl();
30 |
31 | /**
32 | * This method returns the name of the issue type.
33 | *
34 | * @return The name of the issue type (e.g. "SQL injection").
35 | */
36 | String getIssueName();
37 |
38 | /**
39 | * This method returns a numeric identifier of the issue type. See the Burp
40 | * Scanner help documentation for a listing of all the issue types.
41 | *
42 | * @return A numeric identifier of the issue type.
43 | */
44 | int getIssueType();
45 |
46 | /**
47 | * This method returns the issue severity level.
48 | *
49 | * @return The issue severity level. Expected values are "High", "Medium",
50 | * "Low", "Information" or "False positive".
51 | *
52 | */
53 | String getSeverity();
54 |
55 | /**
56 | * This method returns the issue confidence level.
57 | *
58 | * @return The issue confidence level. Expected values are "Certain", "Firm"
59 | * or "Tentative".
60 | */
61 | String getConfidence();
62 |
63 | /**
64 | * This method returns a background description for this type of issue.
65 | *
66 | * @return A background description for this type of issue, or
67 | * null if none applies.
68 | */
69 | String getIssueBackground();
70 |
71 | /**
72 | * This method returns a background description of the remediation for this
73 | * type of issue.
74 | *
75 | * @return A background description of the remediation for this type of
76 | * issue, or
77 | * null if none applies.
78 | */
79 | String getRemediationBackground();
80 |
81 | /**
82 | * This method returns detailed information about this specific instance of
83 | * the issue.
84 | *
85 | * @return Detailed information about this specific instance of the issue,
86 | * or
87 | * null if none applies.
88 | */
89 | String getIssueDetail();
90 |
91 | /**
92 | * This method returns detailed information about the remediation for this
93 | * specific instance of the issue.
94 | *
95 | * @return Detailed information about the remediation for this specific
96 | * instance of the issue, or
97 | * null if none applies.
98 | */
99 | String getRemediationDetail();
100 |
101 | /**
102 | * This method returns the HTTP messages on the basis of which the issue was
103 | * generated.
104 | *
105 | * @return The HTTP messages on the basis of which the issue was generated.
106 | * Note: The items in this array should be instances of
107 | * IHttpRequestResponseWithMarkers if applicable, so that
108 | * details of the relevant portions of the request and response messages are
109 | * available.
110 | */
111 | IHttpRequestResponse[] getHttpMessages();
112 |
113 | /**
114 | * This method returns the HTTP service for which the issue was generated.
115 | *
116 | * @return The HTTP service for which the issue was generated.
117 | */
118 | IHttpService getHttpService();
119 |
120 | }
121 |
--------------------------------------------------------------------------------
/src/burp/IInterceptedProxyMessage.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IInterceptedProxyMessage.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.InetAddress;
13 |
14 | /**
15 | * This interface is used to represent an HTTP message that has been intercepted
16 | * by Burp Proxy. Extensions can register an
17 | * IProxyListener to receive details of proxy messages using this
18 | * interface. *
19 | */
20 | public interface IInterceptedProxyMessage
21 | {
22 | /**
23 | * This action causes Burp Proxy to follow the current interception rules to
24 | * determine the appropriate action to take for the message.
25 | */
26 | static final int ACTION_FOLLOW_RULES = 0;
27 | /**
28 | * This action causes Burp Proxy to present the message to the user for
29 | * manual review or modification.
30 | */
31 | static final int ACTION_DO_INTERCEPT = 1;
32 | /**
33 | * This action causes Burp Proxy to forward the message to the remote server
34 | * or client, without presenting it to the user.
35 | */
36 | static final int ACTION_DONT_INTERCEPT = 2;
37 | /**
38 | * This action causes Burp Proxy to drop the message.
39 | */
40 | static final int ACTION_DROP = 3;
41 | /**
42 | * This action causes Burp Proxy to follow the current interception rules to
43 | * determine the appropriate action to take for the message, and then make a
44 | * second call to processProxyMessage.
45 | */
46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
47 | /**
48 | * This action causes Burp Proxy to present the message to the user for
49 | * manual review or modification, and then make a second call to
50 | * processProxyMessage.
51 | */
52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
53 | /**
54 | * This action causes Burp Proxy to skip user interception, and then make a
55 | * second call to processProxyMessage.
56 | */
57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
58 |
59 | /**
60 | * This method retrieves a unique reference number for this
61 | * request/response.
62 | *
63 | * @return An identifier that is unique to a single request/response pair.
64 | * Extensions can use this to correlate details of requests and responses
65 | * and perform processing on the response message accordingly.
66 | */
67 | int getMessageReference();
68 |
69 | /**
70 | * This method retrieves details of the intercepted message.
71 | *
72 | * @return An IHttpRequestResponse object containing details of
73 | * the intercepted message.
74 | */
75 | IHttpRequestResponse getMessageInfo();
76 |
77 | /**
78 | * This method retrieves the currently defined interception action. The
79 | * default action is
80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
81 | * registered, then other listeners may already have modified the
82 | * interception action before it reaches the current listener. This method
83 | * can be used to determine whether this has occurred.
84 | *
85 | * @return The currently defined interception action. Possible values are
86 | * defined within this interface.
87 | */
88 | int getInterceptAction();
89 |
90 | /**
91 | * This method is used to update the interception action.
92 | *
93 | * @param interceptAction The new interception action. Possible values are
94 | * defined within this interface.
95 | */
96 | void setInterceptAction(int interceptAction);
97 |
98 | /**
99 | * This method retrieves the name of the Burp Proxy listener that is
100 | * processing the intercepted message.
101 | *
102 | * @return The name of the Burp Proxy listener that is processing the
103 | * intercepted message. The format is the same as that shown in the Proxy
104 | * Listeners UI - for example, "127.0.0.1:8080".
105 | */
106 | String getListenerInterface();
107 |
108 | /**
109 | * This method retrieves the client IP address from which the request for
110 | * the intercepted message was received.
111 | *
112 | * @return The client IP address from which the request for the intercepted
113 | * message was received.
114 | */
115 | InetAddress getClientIpAddress();
116 | }
117 |
--------------------------------------------------------------------------------
/src/attacks/BurpArgsfind.java:
--------------------------------------------------------------------------------
1 | package attacks;
2 |
3 | import burp.*;
4 |
5 | import java.io.IOException;
6 | import java.io.InputStream;
7 | import java.util.ArrayList;
8 | import java.util.List;
9 | import java.util.Scanner;
10 |
11 | /**
12 | * Created by beched on 06.05.17.
13 | */
14 | public class BurpArgsfind {
15 | private IExtensionHelpers iHelpers;
16 | private IBurpExtenderCallbacks iCallbacks;
17 | private byte[] iRequest;
18 | private IHttpService iService;
19 | private int iSize;
20 | private short iCode;
21 | private List iBase = new ArrayList();
22 | private List iFound = new ArrayList();
23 | private byte pType;
24 | private IRequestInfo iInfo;
25 | private java.net.URL iURL;
26 |
27 | public BurpArgsfind(IBurpExtenderCallbacks callbacks) {
28 | iCallbacks = callbacks;
29 | iHelpers = callbacks.getHelpers();
30 | InputStream is = getClass().getResourceAsStream("/argsbase.txt");
31 | try {
32 | final Scanner s = new Scanner(is);
33 | while (s.hasNextLine()) {
34 | final String line = s.nextLine();
35 | iBase.add(line);
36 | }
37 | is.close();
38 | } catch (IOException ex) {
39 | iCallbacks.printError("WTF?");
40 | }
41 | }
42 |
43 | public void args_dichotomy(int l, int r) {
44 | String query = "";
45 | byte[] Request = new byte[1];
46 | for(int i = l; i < r; ++i) {
47 | query += iBase.get(i) + "=1";
48 | if(pType == IParameter.PARAM_COOKIE) {
49 | query += ";";
50 | }
51 | else if(pType == IParameter.PARAM_BODY || pType == IParameter.PARAM_URL) {
52 | query += "&";
53 | }
54 | }
55 | if(pType == IParameter.PARAM_URL) {
56 | try {
57 | java.net.URL URL = new java.net.URL(iURL + "?" + query);
58 | Request = iHelpers.buildHttpRequest(URL);
59 | } catch (Exception ex) {
60 | iCallbacks.printError("WTF??");
61 | }
62 | }
63 | if(pType == IParameter.PARAM_COOKIE) {
64 | List headers = iInfo.getHeaders();
65 | headers.add("Cookie: " + query);
66 | Request = iHelpers.buildHttpMessage(headers, null);
67 | }
68 | if(pType == IParameter.PARAM_BODY) {
69 | Request = iHelpers.buildHttpMessage(iInfo.getHeaders(), iHelpers.stringToBytes(query));
70 | /*byte[] query_string = iHelpers.stringToBytes(query);
71 | byte[] hdr = iHelpers.stringToBytes("Content-Length: " + query_string.length + "\r\n\r\n");
72 | Request = new byte[iRequest.length - 4 + hdr.length + query_string.length];
73 | System.arraycopy(iRequest, 0, Request, 0, iRequest.length - 4);
74 | System.arraycopy(hdr, 0, Request, iRequest.length - 4, hdr.length);
75 | System.arraycopy(query, 0, Request, iRequest.length - 4 + hdr.length, query_string.length);*/
76 | }
77 | int mid = (l + r) / 2;
78 | /*
79 | // This approach is painfully CPU-consuming
80 | IParameter param;
81 | for(int i = l; i < r; ++i) {
82 | param = iHelpers.buildParameter(iBase.get(i), "1", pType);
83 | Request = iHelpers.addParameter(Request, param);
84 | }
85 | */
86 | byte[] resp = iCallbacks.makeHttpRequest(iService, Request).getResponse();
87 | IResponseInfo info = iHelpers.analyzeResponse(resp);
88 | int size = resp.length;
89 | short code = info.getStatusCode();
90 | if(code == 414 || (pType == IParameter.PARAM_COOKIE && code == 400)) {
91 | iCallbacks.printOutput("\tToo big base, splitting...");
92 | args_dichotomy(l, mid);
93 | args_dichotomy(mid, r);
94 | return;
95 | }
96 | if(code != iCode || size != iSize) {
97 | iCallbacks.printOutput("\t*");
98 | //iCallbacks.printOutput(iHelpers.bytesToString(resp));
99 | if(r - l == 1) {
100 | iFound.add(iBase.get(l));
101 | iCallbacks.printOutput("\t[FOUND] " + iBase.get(l));
102 | }
103 | else {
104 | args_dichotomy(l, mid);
105 | args_dichotomy(mid, r);
106 | }
107 | }
108 | }
109 |
110 | public void process(IHttpRequestResponse Request) {
111 | iRequest = Request.getRequest();
112 | iService = Request.getHttpService();
113 | iInfo = iHelpers.analyzeRequest(Request);
114 | iURL = iInfo.getUrl();
115 | /*java.util.List params = info.getParameters();
116 |
117 | // Now clean the parameters
118 |
119 | for(IParameter param: params) {
120 | iRequest = IExtensionHelpers.removeParameter(Request, param);
121 | }*/
122 | iCallbacks.printOutput("[START] " + iURL);
123 | iRequest = iHelpers.buildHttpRequest(iURL);
124 | iCallbacks.makeHttpRequest(iService, iRequest);
125 | byte[] resp = iCallbacks.makeHttpRequest(iService, iRequest).getResponse();
126 | IResponseInfo resp_info = iHelpers.analyzeResponse(resp);
127 | iSize = resp.length;
128 | iCode = resp_info.getStatusCode();
129 |
130 | iCallbacks.printOutput("Searching for GET-parameters");
131 | pType = IParameter.PARAM_URL;
132 | args_dichotomy(0, iBase.size());
133 | iCallbacks.printOutput("Finished");
134 |
135 | iCallbacks.printOutput("Searching for Cookie-parameters");
136 | pType = IParameter.PARAM_COOKIE;
137 | args_dichotomy(0, iBase.size());
138 | iCallbacks.printOutput("Finished");
139 |
140 | iCallbacks.printOutput("Searching for POST-parameters");
141 | pType = IParameter.PARAM_BODY;
142 | iRequest = iHelpers.toggleRequestMethod(iRequest);
143 | args_dichotomy(0, iBase.size());
144 | iCallbacks.printOutput("Finished");
145 |
146 | /*iCallbacks.printOutput("Searching for JSON-parameters");
147 | pType = IParameter.PARAM_JSON;
148 | args_dichotomy(0, iBase.size());
149 |
150 | iCallbacks.printOutput("Searching for XML-parameters");
151 | pType = IParameter.PARAM_XML;
152 | args_dichotomy(0, iBase.size());*/
153 | }
154 | }
155 |
--------------------------------------------------------------------------------
/src/burp/IContextMenuInvocation.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuInvocation.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.event.InputEvent;
13 |
14 | /**
15 | * This interface is used when Burp calls into an extension-provided
16 | * IContextMenuFactory with details of a context menu invocation.
17 | * The custom context menu factory can query this interface to obtain details of
18 | * the invocation event, in order to determine what menu items should be
19 | * displayed.
20 | */
21 | public interface IContextMenuInvocation
22 | {
23 | /**
24 | * Used to indicate that the context menu is being invoked in a request
25 | * editor.
26 | */
27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
28 | /**
29 | * Used to indicate that the context menu is being invoked in a response
30 | * editor.
31 | */
32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
33 | /**
34 | * Used to indicate that the context menu is being invoked in a non-editable
35 | * request viewer.
36 | */
37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
38 | /**
39 | * Used to indicate that the context menu is being invoked in a non-editable
40 | * response viewer.
41 | */
42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
43 | /**
44 | * Used to indicate that the context menu is being invoked in the Target
45 | * site map tree.
46 | */
47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
48 | /**
49 | * Used to indicate that the context menu is being invoked in the Target
50 | * site map table.
51 | */
52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
53 | /**
54 | * Used to indicate that the context menu is being invoked in the Proxy
55 | * history.
56 | */
57 | static final byte CONTEXT_PROXY_HISTORY = 6;
58 | /**
59 | * Used to indicate that the context menu is being invoked in the Scanner
60 | * results.
61 | */
62 | static final byte CONTEXT_SCANNER_RESULTS = 7;
63 | /**
64 | * Used to indicate that the context menu is being invoked in the Intruder
65 | * payload positions editor.
66 | */
67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
68 | /**
69 | * Used to indicate that the context menu is being invoked in an Intruder
70 | * attack results.
71 | */
72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
73 | /**
74 | * Used to indicate that the context menu is being invoked in a search
75 | * results window.
76 | */
77 | static final byte CONTEXT_SEARCH_RESULTS = 10;
78 |
79 | /**
80 | * This method can be used to retrieve the native Java input event that was
81 | * the trigger for the context menu invocation.
82 | *
83 | * @return The InputEvent that was the trigger for the context
84 | * menu invocation.
85 | */
86 | InputEvent getInputEvent();
87 |
88 | /**
89 | * This method can be used to retrieve the Burp tool within which the
90 | * context menu was invoked.
91 | *
92 | * @return A flag indicating the Burp tool within which the context menu was
93 | * invoked. Burp tool flags are defined in the
94 | * IBurpExtenderCallbacks interface.
95 | */
96 | int getToolFlag();
97 |
98 | /**
99 | * This method can be used to retrieve the context within which the menu was
100 | * invoked.
101 | *
102 | * @return An index indicating the context within which the menu was
103 | * invoked. The indices used are defined within this interface.
104 | */
105 | byte getInvocationContext();
106 |
107 | /**
108 | * This method can be used to retrieve the bounds of the user's selection
109 | * into the current message, if applicable.
110 | *
111 | * @return An int[2] array containing the start and end offsets of the
112 | * user's selection in the current message. If the user has not made any
113 | * selection in the current message, both offsets indicate the position of
114 | * the caret within the editor. If the menu is not being invoked from a
115 | * message editor, the method returns null.
116 | */
117 | int[] getSelectionBounds();
118 |
119 | /**
120 | * This method can be used to retrieve details of the HTTP requests /
121 | * responses that were shown or selected by the user when the context menu
122 | * was invoked.
123 | *
124 | * Note: For performance reasons, the objects returned from this
125 | * method are tied to the originating context of the messages within the
126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept
127 | * panel, then the
128 | * IHttpRequestResponse returned by this method will reflect
129 | * the current contents of the interception panel, and this will change when
130 | * the current message has been forwarded or dropped. If your extension
131 | * needs to store details of the message for which the context menu has been
132 | * invoked, then you should query those details from the
133 | * IHttpRequestResponse at the time of invocation, or you
134 | * should use
135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a
136 | * persistent read-only copy of the
137 | * IHttpRequestResponse.
138 | *
139 | * @return An array of IHttpRequestResponse objects
140 | * representing the items that were shown or selected by the user when the
141 | * context menu was invoked. This method returns null if no
142 | * messages are applicable to the invocation.
143 | */
144 | IHttpRequestResponse[] getSelectedMessages();
145 |
146 | /**
147 | * This method can be used to retrieve details of the Scanner issues that
148 | * were selected by the user when the context menu was invoked.
149 | *
150 | * @return An array of IScanIssue objects representing the
151 | * issues that were selected by the user when the context menu was invoked.
152 | * This method returns null if no Scanner issues are applicable
153 | * to the invocation.
154 | */
155 | IScanIssue[] getSelectedIssues();
156 | }
157 |
--------------------------------------------------------------------------------
/src/burp/IScannerInsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPoint.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to define an insertion point for use by active Scanner
14 | * checks. Extensions can obtain instances of this interface by registering an
15 | * IScannerCheck, or can create instances for use by Burp's own
16 | * scan checks by registering an
17 | * IScannerInsertionPointProvider.
18 | */
19 | public interface IScannerInsertionPoint
20 | {
21 |
22 | /**
23 | * Used to indicate where the payload is inserted into the value of a URL
24 | * parameter.
25 | */
26 | static final byte INS_PARAM_URL = 0x00;
27 | /**
28 | * Used to indicate where the payload is inserted into the value of a body
29 | * parameter.
30 | */
31 | static final byte INS_PARAM_BODY = 0x01;
32 | /**
33 | * Used to indicate where the payload is inserted into the value of an HTTP
34 | * cookie.
35 | */
36 | static final byte INS_PARAM_COOKIE = 0x02;
37 | /**
38 | * Used to indicate where the payload is inserted into the value of an item
39 | * of data within an XML data structure.
40 | */
41 | static final byte INS_PARAM_XML = 0x03;
42 | /**
43 | * Used to indicate where the payload is inserted into the value of a tag
44 | * attribute within an XML structure.
45 | */
46 | static final byte INS_PARAM_XML_ATTR = 0x04;
47 | /**
48 | * Used to indicate where the payload is inserted into the value of a
49 | * parameter attribute within a multi-part message body (such as the name of
50 | * an uploaded file).
51 | */
52 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
53 | /**
54 | * Used to indicate where the payload is inserted into the value of an item
55 | * of data within a JSON structure.
56 | */
57 | static final byte INS_PARAM_JSON = 0x06;
58 | /**
59 | * Used to indicate where the payload is inserted into the value of an AMF
60 | * parameter.
61 | */
62 | static final byte INS_PARAM_AMF = 0x07;
63 | /**
64 | * Used to indicate where the payload is inserted into the value of an HTTP
65 | * request header.
66 | */
67 | static final byte INS_HEADER = 0x20;
68 | /**
69 | * Used to indicate where the payload is inserted into a URL path folder.
70 | */
71 | static final byte INS_URL_PATH_FOLDER = 0x21;
72 | /**
73 | * Used to indicate where the payload is inserted into a URL path folder.
74 | * This is now deprecated; use INS_URL_PATH_FOLDER instead.
75 | */
76 | @Deprecated
77 | static final byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER;
78 | /**
79 | * Used to indicate where the payload is inserted into the name of an added
80 | * URL parameter.
81 | */
82 | static final byte INS_PARAM_NAME_URL = 0x22;
83 | /**
84 | * Used to indicate where the payload is inserted into the name of an added
85 | * body parameter.
86 | */
87 | static final byte INS_PARAM_NAME_BODY = 0x23;
88 | /**
89 | * Used to indicate where the payload is inserted into the body of the HTTP
90 | * request.
91 | */
92 | static final byte INS_ENTIRE_BODY = 0x24;
93 | /**
94 | * Used to indicate where the payload is inserted into the URL path
95 | * filename.
96 | */
97 | static final byte INS_URL_PATH_FILENAME = 0x25;
98 | /**
99 | * Used to indicate where the payload is inserted at a location manually
100 | * configured by the user.
101 | */
102 | static final byte INS_USER_PROVIDED = 0x40;
103 | /**
104 | * Used to indicate where the insertion point is provided by an
105 | * extension-registered
106 | * IScannerInsertionPointProvider.
107 | */
108 | static final byte INS_EXTENSION_PROVIDED = 0x41;
109 | /**
110 | * Used to indicate where the payload is inserted at an unknown location
111 | * within the request.
112 | */
113 | static final byte INS_UNKNOWN = 0x7f;
114 |
115 | /**
116 | * This method returns the name of the insertion point.
117 | *
118 | * @return The name of the insertion point (for example, a description of a
119 | * particular request parameter).
120 | */
121 | String getInsertionPointName();
122 |
123 | /**
124 | * This method returns the base value for this insertion point.
125 | *
126 | * @return the base value that appears in this insertion point in the base
127 | * request being scanned, or null if there is no value in the
128 | * base request that corresponds to this insertion point.
129 | */
130 | String getBaseValue();
131 |
132 | /**
133 | * This method is used to build a request with the specified payload placed
134 | * into the insertion point. There is no requirement for extension-provided
135 | * insertion points to adjust the Content-Length header in requests if the
136 | * body length has changed, although Burp-provided insertion points will
137 | * always do this and will return a request with a valid Content-Length
138 | * header.
139 | * Note:
140 | * Scan checks should submit raw non-encoded payloads to insertion points,
141 | * and the insertion point has responsibility for performing any data
142 | * encoding that is necessary given the nature and location of the insertion
143 | * point.
144 | *
145 | * @param payload The payload that should be placed into the insertion
146 | * point.
147 | * @return The resulting request.
148 | */
149 | byte[] buildRequest(byte[] payload);
150 |
151 | /**
152 | * This method is used to determine the offsets of the payload value within
153 | * the request, when it is placed into the insertion point. Scan checks may
154 | * invoke this method when reporting issues, so as to highlight the relevant
155 | * part of the request within the UI.
156 | *
157 | * @param payload The payload that should be placed into the insertion
158 | * point.
159 | * @return An int[2] array containing the start and end offsets of the
160 | * payload within the request, or null if this is not applicable (for
161 | * example, where the insertion point places a payload into a serialized
162 | * data structure, the raw payload may not literally appear anywhere within
163 | * the resulting request).
164 | */
165 | int[] getPayloadOffsets(byte[] payload);
166 |
167 | /**
168 | * This method returns the type of the insertion point.
169 | *
170 | * @return The type of the insertion point. Available types are defined in
171 | * this interface.
172 | */
173 | byte getInsertionPointType();
174 | }
175 |
--------------------------------------------------------------------------------
/.idea/uiDesigner.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
--------------------------------------------------------------------------------
/src/burp/IExtensionHelpers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionHelpers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface contains a number of helper methods, which extensions can use
17 | * to assist with various common tasks that arise for Burp extensions.
18 | *
19 | * Extensions can call IBurpExtenderCallbacks.getHelpers to obtain
20 | * an instance of this interface.
21 | */
22 | public interface IExtensionHelpers
23 | {
24 |
25 | /**
26 | * This method can be used to analyze an HTTP request, and obtain various
27 | * key details about it.
28 | *
29 | * @param request An IHttpRequestResponse object containing the
30 | * request to be analyzed.
31 | * @return An IRequestInfo object that can be queried to obtain
32 | * details about the request.
33 | */
34 | IRequestInfo analyzeRequest(IHttpRequestResponse request);
35 |
36 | /**
37 | * This method can be used to analyze an HTTP request, and obtain various
38 | * key details about it.
39 | *
40 | * @param httpService The HTTP service associated with the request. This is
41 | * optional and may be null, in which case the resulting
42 | * IRequestInfo object will not include the full request URL.
43 | * @param request The request to be analyzed.
44 | * @return An IRequestInfo object that can be queried to obtain
45 | * details about the request.
46 | */
47 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
48 |
49 | /**
50 | * This method can be used to analyze an HTTP request, and obtain various
51 | * key details about it. The resulting IRequestInfo object will
52 | * not include the full request URL. To obtain the full URL, use one of the
53 | * other overloaded analyzeRequest() methods.
54 | *
55 | * @param request The request to be analyzed.
56 | * @return An IRequestInfo object that can be queried to obtain
57 | * details about the request.
58 | */
59 | IRequestInfo analyzeRequest(byte[] request);
60 |
61 | /**
62 | * This method can be used to analyze an HTTP response, and obtain various
63 | * key details about it.
64 | *
65 | * @param response The response to be analyzed.
66 | * @return An IResponseInfo object that can be queried to
67 | * obtain details about the response.
68 | */
69 | IResponseInfo analyzeResponse(byte[] response);
70 |
71 | /**
72 | * This method can be used to retrieve details of a specified parameter
73 | * within an HTTP request. Note: Use analyzeRequest() to
74 | * obtain details of all parameters within the request.
75 | *
76 | * @param request The request to be inspected for the specified parameter.
77 | * @param parameterName The name of the parameter to retrieve.
78 | * @return An IParameter object that can be queried to obtain
79 | * details about the parameter, or null if the parameter was
80 | * not found.
81 | */
82 | IParameter getRequestParameter(byte[] request, String parameterName);
83 |
84 | /**
85 | * This method can be used to URL-decode the specified data.
86 | *
87 | * @param data The data to be decoded.
88 | * @return The decoded data.
89 | */
90 | String urlDecode(String data);
91 |
92 | /**
93 | * This method can be used to URL-encode the specified data. Any characters
94 | * that do not need to be encoded within HTTP requests are not encoded.
95 | *
96 | * @param data The data to be encoded.
97 | * @return The encoded data.
98 | */
99 | String urlEncode(String data);
100 |
101 | /**
102 | * This method can be used to URL-decode the specified data.
103 | *
104 | * @param data The data to be decoded.
105 | * @return The decoded data.
106 | */
107 | byte[] urlDecode(byte[] data);
108 |
109 | /**
110 | * This method can be used to URL-encode the specified data. Any characters
111 | * that do not need to be encoded within HTTP requests are not encoded.
112 | *
113 | * @param data The data to be encoded.
114 | * @return The encoded data.
115 | */
116 | byte[] urlEncode(byte[] data);
117 |
118 | /**
119 | * This method can be used to Base64-decode the specified data.
120 | *
121 | * @param data The data to be decoded.
122 | * @return The decoded data.
123 | */
124 | byte[] base64Decode(String data);
125 |
126 | /**
127 | * This method can be used to Base64-decode the specified data.
128 | *
129 | * @param data The data to be decoded.
130 | * @return The decoded data.
131 | */
132 | byte[] base64Decode(byte[] data);
133 |
134 | /**
135 | * This method can be used to Base64-encode the specified data.
136 | *
137 | * @param data The data to be encoded.
138 | * @return The encoded data.
139 | */
140 | String base64Encode(String data);
141 |
142 | /**
143 | * This method can be used to Base64-encode the specified data.
144 | *
145 | * @param data The data to be encoded.
146 | * @return The encoded data.
147 | */
148 | String base64Encode(byte[] data);
149 |
150 | /**
151 | * This method can be used to convert data from String form into an array of
152 | * bytes. The conversion does not reflect any particular character set, and
153 | * a character with the hex representation 0xWXYZ will always be converted
154 | * into a byte with the representation 0xYZ. It performs the opposite
155 | * conversion to the method bytesToString(), and byte-based
156 | * data that is converted to a String and back again using these two methods
157 | * is guaranteed to retain its integrity (which may not be the case with
158 | * conversions that reflect a given character set).
159 | *
160 | * @param data The data to be converted.
161 | * @return The converted data.
162 | */
163 | byte[] stringToBytes(String data);
164 |
165 | /**
166 | * This method can be used to convert data from an array of bytes into
167 | * String form. The conversion does not reflect any particular character
168 | * set, and a byte with the representation 0xYZ will always be converted
169 | * into a character with the hex representation 0x00YZ. It performs the
170 | * opposite conversion to the method stringToBytes(), and
171 | * byte-based data that is converted to a String and back again using these
172 | * two methods is guaranteed to retain its integrity (which may not be the
173 | * case with conversions that reflect a given character set).
174 | *
175 | * @param data The data to be converted.
176 | * @return The converted data.
177 | */
178 | String bytesToString(byte[] data);
179 |
180 | /**
181 | * This method searches a piece of data for the first occurrence of a
182 | * specified pattern. It works on byte-based data in a way that is similar
183 | * to the way the native Java method String.indexOf() works on
184 | * String-based data.
185 | *
186 | * @param data The data to be searched.
187 | * @param pattern The pattern to be searched for.
188 | * @param caseSensitive Flags whether or not the search is case-sensitive.
189 | * @param from The offset within data where the search should
190 | * begin.
191 | * @param to The offset within data where the search should
192 | * end.
193 | * @return The offset of the first occurrence of the pattern within the
194 | * specified bounds, or -1 if no match is found.
195 | */
196 | int indexOf(byte[] data,
197 | byte[] pattern,
198 | boolean caseSensitive,
199 | int from,
200 | int to);
201 |
202 | /**
203 | * This method builds an HTTP message containing the specified headers and
204 | * message body. If applicable, the Content-Length header will be added or
205 | * updated, based on the length of the body.
206 | *
207 | * @param headers A list of headers to include in the message.
208 | * @param body The body of the message, of null if the message
209 | * has an empty body.
210 | * @return The resulting full HTTP message.
211 | */
212 | byte[] buildHttpMessage(List headers, byte[] body);
213 |
214 | /**
215 | * This method creates a GET request to the specified URL. The headers used
216 | * in the request are determined by the Request headers settings as
217 | * configured in Burp Spider's options.
218 | *
219 | * @param url The URL to which the request should be made.
220 | * @return A request to the specified URL.
221 | */
222 | byte[] buildHttpRequest(URL url);
223 |
224 | /**
225 | * This method adds a new parameter to an HTTP request, and if appropriate
226 | * updates the Content-Length header.
227 | *
228 | * @param request The request to which the parameter should be added.
229 | * @param parameter An IParameter object containing details of
230 | * the parameter to be added. Supported parameter types are:
231 | * PARAM_URL, PARAM_BODY and
232 | * PARAM_COOKIE.
233 | * @return A new HTTP request with the new parameter added.
234 | */
235 | byte[] addParameter(byte[] request, IParameter parameter);
236 |
237 | /**
238 | * This method removes a parameter from an HTTP request, and if appropriate
239 | * updates the Content-Length header.
240 | *
241 | * @param request The request from which the parameter should be removed.
242 | * @param parameter An IParameter object containing details of
243 | * the parameter to be removed. Supported parameter types are:
244 | * PARAM_URL, PARAM_BODY and
245 | * PARAM_COOKIE.
246 | * @return A new HTTP request with the parameter removed.
247 | */
248 | byte[] removeParameter(byte[] request, IParameter parameter);
249 |
250 | /**
251 | * This method updates the value of a parameter within an HTTP request, and
252 | * if appropriate updates the Content-Length header. Note: This
253 | * method can only be used to update the value of an existing parameter of a
254 | * specified type. If you need to change the type of an existing parameter,
255 | * you should first call removeParameter() to remove the
256 | * parameter with the old type, and then call addParameter() to
257 | * add a parameter with the new type.
258 | *
259 | * @param request The request containing the parameter to be updated.
260 | * @param parameter An IParameter object containing details of
261 | * the parameter to be updated. Supported parameter types are:
262 | * PARAM_URL, PARAM_BODY and
263 | * PARAM_COOKIE.
264 | * @return A new HTTP request with the parameter updated.
265 | */
266 | byte[] updateParameter(byte[] request, IParameter parameter);
267 |
268 | /**
269 | * This method can be used to toggle a request's method between GET and
270 | * POST. Parameters are relocated between the URL query string and message
271 | * body as required, and the Content-Length header is created or removed as
272 | * applicable.
273 | *
274 | * @param request The HTTP request whose method should be toggled.
275 | * @return A new HTTP request using the toggled method.
276 | */
277 | byte[] toggleRequestMethod(byte[] request);
278 |
279 | /**
280 | * This method constructs an IHttpService object based on the
281 | * details provided.
282 | *
283 | * @param host The HTTP service host.
284 | * @param port The HTTP service port.
285 | * @param protocol The HTTP service protocol.
286 | * @return An IHttpService object based on the details
287 | * provided.
288 | */
289 | IHttpService buildHttpService(String host, int port, String protocol);
290 |
291 | /**
292 | * This method constructs an IHttpService object based on the
293 | * details provided.
294 | *
295 | * @param host The HTTP service host.
296 | * @param port The HTTP service port.
297 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
298 | * @return An IHttpService object based on the details
299 | * provided.
300 | */
301 | IHttpService buildHttpService(String host, int port, boolean useHttps);
302 |
303 | /**
304 | * This method constructs an IParameter object based on the
305 | * details provided.
306 | *
307 | * @param name The parameter name.
308 | * @param value The parameter value.
309 | * @param type The parameter type, as defined in the IParameter
310 | * interface.
311 | * @return An IParameter object based on the details provided.
312 | */
313 | IParameter buildParameter(String name, String value, byte type);
314 |
315 | /**
316 | * This method constructs an IScannerInsertionPoint object
317 | * based on the details provided. It can be used to quickly create a simple
318 | * insertion point based on a fixed payload location within a base request.
319 | *
320 | * @param insertionPointName The name of the insertion point.
321 | * @param baseRequest The request from which to build scan requests.
322 | * @param from The offset of the start of the payload location.
323 | * @param to The offset of the end of the payload location.
324 | * @return An IScannerInsertionPoint object based on the
325 | * details provided.
326 | */
327 | IScannerInsertionPoint makeScannerInsertionPoint(
328 | String insertionPointName,
329 | byte[] baseRequest,
330 | int from,
331 | int to);
332 |
333 | /**
334 | * This method analyzes one or more responses to identify variations in a
335 | * number of attributes and returns an IResponseVariations
336 | * object that can be queried to obtain details of the variations.
337 | *
338 | * @param responses The responses to analyze.
339 | * @return An IResponseVariations object representing the
340 | * variations in the responses.
341 | */
342 | IResponseVariations analyzeResponseVariations(byte[]... responses);
343 |
344 | /**
345 | * This method analyzes one or more responses to identify the number of
346 | * occurrences of the specified keywords and returns an
347 | * IResponseKeywords object that can be queried to obtain
348 | * details of the number of occurrences of each keyword.
349 | *
350 | * @param keywords The keywords to look for.
351 | * @param responses The responses to analyze.
352 | * @return An IResponseKeywords object representing the counts
353 | * of the keywords appearing in the responses.
354 | */
355 | IResponseKeywords analyzeResponseKeywords(List keywords, byte[]... responses);
356 | }
357 |
--------------------------------------------------------------------------------
/resources/argsbase.txt:
--------------------------------------------------------------------------------
1 | f
2 | q
3 | batch
4 | cron_key
5 | token
6 | start
7 | type
8 | settings
9 | theme
10 | key
11 | comment_post_ID
12 | author
13 | email
14 | url
15 | comment
16 | _wp_unfiltered_html_comment
17 | comment_parent
18 | redirect_to
19 | link_cat
20 | user_login
21 | user_email
22 | error
23 | login
24 | log
25 | loggedout
26 | testcookie
27 | TEST_COOKIE
28 | registration
29 | checkemail
30 | rememberme
31 | post_password
32 | blog_public
33 | blogname
34 | blog_title
35 | user_name
36 | signup_for
37 | new
38 | stage
39 | tb_id
40 | charset
41 | title
42 | excerpt
43 | blog_name
44 | rsd
45 | metakeyinput
46 | metavalue
47 | post_type
48 | main
49 | extended
50 | submit
51 | akismet_discard_month
52 | check
53 | action
54 | not_spam
55 | display_time
56 | recovered
57 | deleted
58 | s
59 | apage
60 | ctype
61 | recheckqueue
62 | post_ID
63 | tax
64 | test
65 | postid
66 | post
67 | _total
68 | _per_page
69 | _page
70 | _url
71 | post_category
72 | tax_input
73 | id
74 | trash
75 | untrash
76 | spam
77 | unspam
78 | delete
79 | tag_ID
80 | taxonomy
81 | newcat
82 | name
83 | screen
84 | comment_status
85 | per_page
86 | page
87 | mode
88 | p
89 | comment_type
90 | num
91 | content
92 | comment_ID
93 | position
94 | checkbox
95 | status
96 | comments_listing
97 | post_id
98 | metakeyselect
99 | post_status
100 | post_title
101 | meta
102 | catslist
103 | autosave
104 | ID
105 | auto_draft
106 | closed
107 | hidden
108 | order
109 | page_columns
110 | new_title
111 | new_slug
112 | post_content
113 | post_excerpt
114 | post_view
115 | tax_ID
116 | tax_type
117 | description
118 | ps
119 | step
120 | savewidgets
121 | sidebars
122 | id_base
123 | sidebar
124 | multi_number
125 | delete_widget
126 | add_new
127 | do
128 | thumbnail_id
129 | import
130 | noheader
131 | deletecomment
132 | dt
133 | c
134 | referredby
135 | resetheader
136 | resettext
137 | removeheader
138 | oitar
139 | x1
140 | y1
141 | width
142 | height
143 | attachment_id
144 | _wp_http_referer
145 | approved
146 | trashed
147 | untrashed
148 | spammed
149 | unspammed
150 | same
151 | ids
152 | revision
153 | message
154 | action2
155 | pagenum
156 | added
157 | delete_tags
158 | page_id
159 | paged
160 | doaction
161 | doaction2
162 | delete_all
163 | delete_all2
164 | bulk_edit
165 | all_posts
166 | posted
167 | locked
168 | skipped
169 | updated
170 | undeleted
171 | m
172 | download
173 | export_taxonomy
174 | export_post_type
175 | export_post_status
176 | mm_start
177 | mm_end
178 | invalid
179 | jax
180 | weblog_title
181 | admin_password
182 | admin_email
183 | admin_password2
184 | cat_ID
185 | linkcheck
186 | deletebookmarks
187 | move
188 | link_id
189 | load
190 | dir
191 | inline
192 | tab
193 | h
194 | confirmdelete
195 | WPLANG
196 | illegal_names
197 | limited_email_domains
198 | banned_email_domains
199 | default_user_role
200 | dashboard_blog_orig
201 | dashboard_blog
202 | blog
203 | option
204 | update_home_url
205 | role
206 | blogusers
207 | user_password
208 | pass1
209 | pass2
210 | rich_editing
211 | newuser
212 | new_role
213 | allblogs
214 | msg
215 | allusers
216 | user
217 | searchaction
218 | sortby
219 | n
220 | primary_blog
221 | sitename
222 | subdomain_install
223 | permalink_structure
224 | category_base
225 | selection
226 | tag_base
227 | dismiss
228 | option_page
229 | date_format
230 | date_format_custom
231 | time_format
232 | time_format_custom
233 | timezone_string
234 | gmt_offset
235 | newcontent
236 | phperror
237 | liveupdate
238 | networkwide
239 | a
240 | _error_nonce
241 | from
242 | checked
243 | plugins
244 | charsout
245 | activate
246 | deactivate
247 | saveasdraft
248 | publish
249 | save
250 | addmeta
251 | deletemeta
252 | deletepost
253 | ping_status
254 | quickpress_post_ID
255 | guid
256 | thumb
257 | photo_src
258 | photo_description
259 | t
260 | u
261 | i
262 | noapi
263 | dbname
264 | uname
265 | pwd
266 | dbhost
267 | prefix
268 | template
269 | stylesheet
270 | activated
271 | version
272 | locale
273 | undismiss
274 | upgrade
275 | themes
276 | failure
277 | success
278 | _wpnonce
279 | backto
280 | find_detached
281 | detached
282 | found_post_id
283 | media
284 | post_mime_type
285 | attached
286 | super_admin
287 | update
288 | send_password
289 | changeit
290 | usersearch
291 | userspage
292 | delete_count
293 | savewidget
294 | removewidget
295 | editwidget
296 | addnew
297 | base
298 | link_url
299 | link_name
300 | link_image
301 | link_rss
302 | link_visible
303 | linkurl
304 | argv
305 | comment_author
306 | newcomment_author
307 | comment_author_email
308 | newcomment_author_email
309 | comment_author_url
310 | newcomment_author_url
311 | comment_approved
312 | comment_content
313 | edit_date
314 | aa
315 | mm
316 | jj
317 | hh
318 | mn
319 | ss
320 | comment_date
321 | widget_id
322 | edit
323 | hostname
324 | username
325 | password
326 | public_key
327 | private_key
328 | connection_type
329 | send
330 | attachments
331 | menu_order
332 | post_parent
333 | errors
334 | insertonlybutton
335 | insertonly
336 | wp_screen_options
337 | unfoldmenu
338 | IIS_UrlRewriteModule
339 | user_id
340 | feed_dismiss
341 | temp_ID
342 | visibility
343 | sticky
344 | tags_input
345 | features
346 | first_name
347 | last_name
348 | nickname
349 | display_name
350 | admin_color
351 | comment_shortcuts
352 | use_ssl
353 | default_password_nag
354 | callback
355 | params
356 | repair
357 | referrer
358 | day
359 | monthnum
360 | year
361 | replytocom
362 | doing_wp_cron
363 | https
364 | w
365 | ref
366 | redirect
367 | post_date_gmt
368 | post_gmt_ts
369 | _signup_form
370 | filter
371 | post_modified
372 | post_modified_gmt
373 | preview_id
374 | preview_nonce
375 | hotkeys_highlight_first
376 | hotkeys_highlight_last
377 | preview
378 | widget_number
379 | act
380 | actid
381 | area
382 | article
383 | cat
384 | category
385 | categoryid
386 | catid
387 | cmd
388 | count
389 | deb
390 | debug
391 | func
392 | include
393 | lan
394 | lang
395 | loc
396 | op
397 | param
398 | part
399 | path
400 | pg
401 | query
402 | say
403 | section
404 | sess
405 | sessid
406 | value
407 | subdirs
408 | ignore_warning
409 | search
410 | verbosity
411 | vector
412 | regex
413 | treestyle
414 | file
415 | lines
416 | get
417 | cookie
418 | files
419 | server
420 | end
421 | function
422 | asd
423 | pass
424 | data
425 | stat
426 | pwdwso
427 | to
428 | country
429 | host
430 | port
431 | command
432 | proxy
433 | application_path
434 | exit
435 | phpver
436 | info
437 | guest
438 | length
439 | sym
440 | arr
441 | qG_del
442 | qG_ins
443 | qG_up
444 | qG_nl
445 | qG_remnl
446 | _savedok_x
447 | _saveandclosedok_x
448 | _savedokview_x
449 | _savedoknew_x
450 | _translation_savedok_x
451 | _translation_savedokclear_x
452 | _saveclosedok_x
453 | _deletedok_x
454 | GLOBALS
455 | savedok_x
456 | saveandclosedok_x
457 | expires
458 | domain
459 | secure
460 | _with_selected_do
461 | items
462 | TYPO3_INSTALL
463 | installToolPassword_check
464 | PRESET
465 | locationData
466 | ADMCMD_prev
467 | be_typo_user
468 | formtype_db
469 | formtype_db_x
470 | formtype_mail
471 | formtype_mail_x
472 | update_value
473 | add_property
474 | clear_object
475 | search_field
476 | submit_x
477 | submit_y
478 | saveclose
479 | saveclose_x
480 | saveclose_y
481 | abort
482 | abort_x
483 | abort_y
484 | DATA
485 | login_status
486 | sql
487 | exps
488 | expe
489 | clearsql
490 | nsql
491 | hidem
492 | expsixora
493 | expeixora
494 | SMARTY_DEBUG
495 | d
496 | progress_key
497 | module
498 | counter
499 | musername
500 | dateline
501 | startdate
502 | enddate
503 | statusicon
504 | announcementid
505 | stc
506 | dodelete
507 | WYSIWYG_HTML
508 | iconid
509 | parseurl
510 | signature
511 | disablesmilies
512 | reason
513 | folderid
514 | emailupdate
515 | /URL
516 | vbulletin_collapse
517 | forumid
518 | usergroupid
519 | userid
520 | warning_level
521 | warnings
522 | alerts
523 | avgtimespent
524 | timespent
525 | joindate
526 | postuser
527 | posts
528 | upload
529 | quickreply
530 | pagetext
531 | fromquickreply
532 | rating
533 | hasattachment
534 | poststarttime
535 | posthash
536 | stickunstick
537 | openclose
538 | visible
539 | allowsmilie
540 | qty
541 | postpoll
542 | subject
543 | polloptions
544 | threadid
545 | parentid
546 | isdeleted
547 | deleteduserid
548 | deletedusername
549 | deletedreason
550 | threadtitle
551 | 0
552 | postdate
553 | posttime
554 | postusername
555 | folder
556 | receipt
557 | filename
558 | p_title
559 | size
560 | p_dateline
561 | attachmentextension
562 | hasthumbnail
563 | inprogress
564 | open
565 | emailconfirm
566 | coppauser
567 | parentemail
568 | password_md5
569 | passwordconfirm
570 | passwordconfirm_md5
571 | referrername
572 | imagestamp
573 | imagehash
574 | month
575 | timezoneoffset
576 | dst
577 | who
578 | doprefs
579 | postdateline
580 | post_statusicon
581 | post_statustitle
582 | allowicons
583 | posticonpath
584 | posticonid
585 | posticontitle
586 | posticon
587 | posttitle
588 | highlight
589 | videosHTML
590 | videos
591 | postcount
592 | attach
593 | islastshown
594 | forum_options
595 | usernoteid
596 | deletenotechecked
597 | displaygroupid
598 | rank
599 | docomplete
600 | doadd
601 | postvars
602 | allowhtml
603 | allowbbcode
604 | message_html
605 | vbcodemode
606 | enablesmilies
607 | ipaddress
608 | proxyip
609 | iconpath
610 | icontitle
611 | savecopy
612 | reputation
613 | reputation_green
614 | showreputation
615 | level
616 | reputationlevelid
617 | wordid
618 | score
619 | options
620 | firstnewinsert
621 | edit_userid
622 | edit_dateline
623 | edit_time
624 | statustitle
625 | avatarid
626 | avatarpath
627 | hascustomavatar
628 | avatardateline
629 | reppower
630 | customtitle
631 | usertitle
632 | showemail
633 | homepage
634 | receivepm
635 | birthday
636 | age
637 | showsignature
638 | warn_flag
639 | avatar
640 | profile
641 | useremail
642 | icqicon
643 | aimicon
644 | yahooicon
645 | msnicon
646 | findposts
647 | reputationdisplay
648 | iplogged
649 | ip
650 | allowsmilies
651 | editlink
652 | replylink
653 | forwardlink
654 | pmid
655 | pagetext_html
656 | hasimages
657 | date
658 | time
659 | paperclip
660 | backcolor
661 | bgclass
662 | explain
663 | showqueries
664 | sessionhash
665 | subact
666 | pda
667 | del_username
668 | del_reason
669 | thread_title
670 | oldcache
671 | accessupdate
672 | calendarcustomfieldid
673 | calendarid
674 | calendarmoderatorid
675 | holidayid
676 | oldpermissions
677 | adminpermissions
678 | minimumreputation
679 | attachpath
680 | dowhat
681 | next_page
682 | prev_page
683 | attachmentid
684 | avatarurl
685 | cronid
686 | passthru_dowhat
687 | emailaddress
688 | serializeduser
689 | serializedprofile
690 | septext
691 | perpage
692 | startat
693 | faqname
694 | faqparent
695 | faq
696 | deftitle
697 | reputation_base
698 | lastpost
699 | ismaster
700 | sub
701 | subscriptionid
702 | displayorder
703 | dostyleid
704 | confirmremoval
705 | group
706 | confirmerrors
707 | pollid
708 | deletethread
709 | criteria
710 | destforumid
711 | thread
712 | daysprune
713 | serializeddisplay
714 | hour
715 | minute
716 | validate
717 | usergroup
718 | ugid_base
719 | usergroupleaderid
720 | userpromotionid
721 | SECURE_AUTH_COOKIE
722 | AUTH_COOKIE
723 | LOGGED_IN_COOKIE
724 | extAction
725 | extUpload
726 | extMethod
727 | extTID
728 | goggle
729 | ppp
730 | sid
731 | t24
732 | tl24
733 | R
734 | BingReverseIpPostSettings
735 | EngineNamePostSettings
736 | SaveToFile
737 | about
738 | stop
739 | MainScanner
740 | SearchFiles
741 | ScanStructure
742 | EngineName
743 | ServerInfo
744 | SearchUrl
745 | SocketPool_UseKeepAlive
746 | LoadReverse
747 | BingReverseIp_OnlyTarget
748 | SearchFiles_SearchOnAllHosts
749 | SearchFiles_RemoveGroupsFile
750 | ScanStructurePostSettings
751 | SearchFilesPostSettings
752 | ServerInfoPostSettings
753 | SocketPoolPostSettings
754 | seclev_submit
755 | phpids
756 | Submit
757 | Login
758 | btnSign
759 | mtxMessage
760 | txtName
761 | Upload
762 | security
763 | Change
764 | password_current
765 | password_new
766 | password_conf
767 | clear_log
768 | ticket
769 | sort
770 | categor
771 | itm
772 | QUERY_VAR_MODULE
773 | remember
774 | COOKIE_USER
775 | COOKIE_PASS
776 | botsaction
777 | bots
778 | used
779 | comments
780 | ipv4
781 | yes
782 | no
783 | smode
784 | sord
785 | reports_to_db
786 | reports_to_fs
787 | botnets
788 | ips
789 | countries
790 | nat
791 | online
792 | install
793 | help
794 | enable
795 | scriptsaction
796 | scripts
797 | view
798 | limit
799 | context
800 | date1
801 | date2
802 | blt
803 | cs
804 | grouping
805 | nonames
806 | plain
807 | rm
808 | mask
809 | cd
810 | filesaction
811 | account
812 | masks
813 | script
814 | logfile
815 | reset_installs
816 | botnet
817 | reports_path
818 | botnet_timeout
819 | botnet_cryptkey
820 | language
821 | ss_format
822 | ss_quality
823 | passold
824 | usersaction
825 | users
826 | tnumber
827 | p1
828 | p2
829 | p3
830 | ajax
831 | proto
832 | reverse
833 | dict
834 | sql_host
835 | sql_login
836 | sql_pass
837 | sql_base
838 | tbl
839 | sql_count
840 | graph
841 | png
842 | b
843 | VBSEO_BLOG_CATID_URI
844 | tag
845 | cp
846 | blogid
847 | blogtype
848 | span
849 | goto
850 | VBSEO_THREADID_URI
851 | VBSEO_POSTID_URI
852 | VBSEO_PAGENUM_URI_GARS
853 | pp
854 | ltr
855 | VBSEO_PAGENUM_URI
856 | find
857 | VBSEO_USERID_URI
858 | vmid
859 | VBSEO_FORUMID_URI
860 | u2
861 | commentid
862 | VBSEO_PICID_URI
863 | albumid
864 | groupid
865 | usercss
866 | vbseoembedd
867 | logout
868 | getsettings
869 | setting
870 | settingset
871 | loadpreset
872 | VBSEO_ON_MORE
873 | VBSEO_EXPOSE_MORE
874 | VBSEO_OFF_MORE
875 | vbseo_loggedin
876 | vbseo_redirect
877 | vbseo_nocleanup
878 | gmid
879 | discussionid
880 | vbseo_is_retrtitle
881 | vbseo_retrtitle
882 | vbseourl
883 | nojs
884 | vbseoaddon
885 | vbseorelpath
886 | linkbacksno
887 | preposts
888 | prepostsproc
889 | post_count
890 | vbseocpid
891 | pma_switch_to_new
892 | db
893 | table
894 | with_field_names
895 | showwysiwyg
896 | /kbd
897 | /a
898 | pma_collation_connection
899 | pma_fontsize
900 | fontsize
901 | usesubform
902 | subform
903 | pmaCookieVer
904 | back
905 | pma_db_filename_template
906 | pma_table_filename_template
907 | pma_server_filename_template
908 | pma_lang
909 | pma_charset
910 | pma_mcrypt_iv
911 | swekey_reset
912 | docsql_table
913 | sql_delimiter
914 | bug_encoded
915 | eol
916 | submit_clear
917 | submit_download
918 | submit_save
919 | submit_load
920 | submit_delete
921 | version_check
922 | cc_email
923 | cancel
924 | add_file
925 | delete_file
926 | full_editor
927 | cancel_unglobalise
928 | edit_reason
929 | disable_bbcode
930 | disable_smilies
931 | disable_magic_url
932 | attach_sig
933 | notify
934 | lock_topic
935 | lock_post
936 | poll_delete
937 | poll_vote_change
938 | e
939 | creation_time
940 | form_token
941 | confirm
942 | autologin
943 | viewonline
944 | unwatch
945 | watch
946 | attachment_data
947 | style
948 | add_extension_check
949 | allow_in_pm
950 | allow_group
951 | add
952 | ipexclude
953 | unsecuresubmit
954 | bansubmit
955 | unbansubmit
956 | allow_quick_reply_enable
957 | captcha_demo
958 | disallow
959 | allow
960 | send_immediately
961 | left_id
962 | right_id
963 | forum_name
964 | addusers
965 | display_gallery
966 | image
967 | add_img
968 | display_on_posting
969 | add_additional_code
970 | add_display_on_posting
971 | update_details
972 | download_file
973 | upload_file
974 | upload_data
975 | submit_file
976 | remove_store
977 | test_connection
978 | missing_file
979 | entry
980 | delmarked
981 | delall
982 | module_langname
983 | psubmit
984 | all_users
985 | all_groups
986 | create
987 | field_default_value
988 | prune
989 | imgpath
990 | sk
991 | sd
992 | move_leave_shadow
993 | forum_id
994 | topic_id
995 | change_default
996 | unbookmark
997 | submit_mark
998 | move_pm
999 | marked_msg_id
1000 | msg_id
1001 | folder_id
1002 | message_text
1003 | author_id
1004 | bbcode_uid
1005 | enable_magic_url
1006 | enable_sig
1007 | message_attachment
1008 | message_subject
1009 | message_time
1010 | quote_username
1011 | icon_id
1012 | to_address
1013 | bcc_address
1014 | enable_bbcode
1015 | enable_smilies
1016 | root_level
1017 | fullfolder
1018 | addfolder
1019 | rename_folder
1020 | remove_folder
1021 | add_rule
1022 | delete_rule
1023 | submit_export
1024 | agreed
1025 | change_lang
1026 | remove
1027 | testdb
1028 | dldone
1029 | dlconfig
1030 | apps
1031 | sxd
1032 | db_backup
1033 | tables
1034 | comp_method
1035 | comp_level
1036 | db_restore
1037 | msg_sent_to_count
1038 | msg_date
1039 | msg_post
1040 | msg_post_key
1041 | msg_author_id
1042 | msg_ip_address
1043 | Post
1044 | current_pass
1045 | in_email_1
1046 | in_email_2
1047 | css_content
1048 | _css_group
1049 | css_attributes
1050 | css_app
1051 | replacement_content
1052 | _replacement_key
1053 | _template_name
1054 | template_content
1055 | template_group
1056 | _template_group
1057 | template_data
1058 | groups
1059 | templates
1060 | uagent_name
1061 | uagent_regex
1062 | sys_module_title
1063 | sys_module_description
1064 | sys_module_key
1065 | sys_module_version
1066 | sys_module_parent
1067 | sys_module_protected
1068 | sys_module_visible
1069 | sys_module_admin
1070 | app_title
1071 | app_public_title
1072 | app_description
1073 | app_author
1074 | app_version
1075 | app_directory
1076 | app_protected
1077 | app_enabled
1078 | app_hide_tab
1079 | cb
1080 | word_default
1081 | qstring
1082 | notes
1083 | bbtest
1084 | bbcode_desc
1085 | bbcode_replace
1086 | bbcode_example
1087 | mediatag_match
1088 | mediatag_replace
1089 | finish
1090 | plugi_title
1091 | plugi_desc
1092 | plugi_file
1093 | plugi_can_report
1094 | plugi_gperm
1095 | img_filename
1096 | stat_ppr
1097 | stat_pph
1098 | logo_url
1099 | exportApps
1100 | importName
1101 | importLocation
1102 | searchFor
1103 | replaceWith
1104 | set_permissions
1105 | set_name
1106 | set_key
1107 | set_is_default
1108 | set_author_name
1109 | set_author_url
1110 | set_parent_id
1111 | set_image_dir
1112 | set_emo_dir
1113 | set_output_format
1114 | set_hide_from_list
1115 | set_minify
1116 | set_permissions_all
1117 | setID
1118 | map_title
1119 | map_url
1120 | map_match_type
1121 | uGroups
1122 | uAgents
1123 | uAgentVersion
1124 | api_user_name
1125 | api_user_ip
1126 | editor_main
1127 | login_description
1128 | login_alt_login_html
1129 | login_alt_acp_html
1130 | login_title
1131 | login_folder_name
1132 | login_maintain_url
1133 | login_register_url
1134 | login_login_url
1135 | login_logout_url
1136 | login_enabled
1137 | login_settings
1138 | login_replace_form
1139 | login_user_id
1140 | login_safemode
1141 | question
1142 | answers
1143 | st
1144 | max
1145 | conf_title_title
1146 | conf_title_desc
1147 | conf_title_app
1148 | conf_title_tab
1149 | conf_title_keyword
1150 | conf_title_noshow
1151 | conf_title
1152 | conf_position
1153 | conf_description
1154 | conf_group
1155 | conf_type
1156 | conf_key
1157 | conf_value
1158 | conf_default
1159 | conf_extra
1160 | conf_evalphp
1161 | conf_keywords
1162 | conf_start_group
1163 | conf_end_group
1164 | conf_add_cache
1165 | conf_protected
1166 | uAgentsData
1167 | ugroup_title
1168 | post_key
1169 | string_url
1170 | string_title
1171 | required_input
1172 | showtopic
1173 | showforum
1174 | announce_forum
1175 | extension
1176 | filesize_gt
1177 | filesize
1178 | days_gt
1179 | days
1180 | hits_gt
1181 | hits
1182 | authorname
1183 | onlyimage
1184 | orderby
1185 | show
1186 | body
1187 | parent_id
1188 | sub_can_post
1189 | redirect_url
1190 | redirect_on
1191 | redirect_hits
1192 | permission_showtopic
1193 | permission_custom_error
1194 | use_html
1195 | use_ibc
1196 | quick_reply
1197 | allow_poll
1198 | allow_pollbump
1199 | inc_postcount
1200 | forum_allow_rating
1201 | min_posts_post
1202 | min_posts_view
1203 | can_view_others
1204 | hide_last_info
1205 | preview_posts
1206 | notify_modq_emails
1207 | password_override
1208 | sort_key
1209 | sort_order
1210 | topicfilter
1211 | topic_title_st
1212 | topic_title_end
1213 | topic_reply_content
1214 | forums
1215 | _tmpPostField
1216 | new_topic
1217 | pid
1218 | queued
1219 | post_edit_reason
1220 | use_emo
1221 | post_htmlstate
1222 | append_edit
1223 | edit_name
1224 | attachmentHtml
1225 | choice
1226 | title_seo
1227 | author_name
1228 | post_date
1229 | TopicTitle
1230 | TopicDesc
1231 | members_display_name
1232 | last_poster_id
1233 | last_poster_name
1234 | last_post
1235 | tid
1236 | depthguide
1237 | linked_name
1238 | formatted_date
1239 | new_post
1240 | _show_highlight
1241 | open_time_date
1242 | open_time_time
1243 | close_time_date
1244 | close_time_time
1245 | use_sig
1246 | ip_address
1247 | topic_firstpost
1248 | multi
1249 | votes
1250 | showuser
1251 | email_contents
1252 | html
1253 | text
1254 | mail_subject
1255 | mail_content
1256 | mail_post_ltmt
1257 | mail_filter_post
1258 | mail_visit_ltmt
1259 | mail_filter_visit
1260 | mail_joined_ltmt
1261 | mail_filter_joined
1262 | mail_html_on
1263 | suffix
1264 | g_icon
1265 | pf_content
1266 | pf_topic_format
1267 | mgroup_others
1268 | new_status
1269 | msgContent
1270 | msg_title
1271 | inviteUsers
1272 | msgid
1273 | contact
1274 | mail_post_ltml
1275 | mail_visit_ltml
1276 | mail_joined_ltml
1277 | member_group_id
1278 | coppa
1279 | sendemail
1280 | _fastReplyUsed
1281 | cal_title
1282 | e_groups
1283 | autocom
1284 | automodule
1285 | _sd
1286 | _admin_auth_key
1287 | greset
1288 | global
1289 | delete_photo
1290 | session_id
1291 | member_id
1292 | pass_hash
1293 | editor_ids
1294 | std_used
1295 | product_id
1296 | cookies
1297 | app
1298 | auth_token
1299 | g
1300 | hello
1301 | continue
1302 | nid
1303 | l
1304 | _xfSessionId
1305 | thread_id
1306 | first_post_id
1307 | message_state
1308 | avatar_width
1309 | custom_title
1310 | messageText
1311 | messageHtml
1312 | attach_count
1313 | warning_id
1314 | is_admin
1315 | is_moderator
1316 | canInlineMod
1317 | canEdit
1318 | canViewHistory
1319 | canDelete
1320 | canLike
1321 | canReport
1322 | canWarn
1323 | isFirst
1324 | isDeleted
1325 | isModerated
1326 | isNew
1327 | canCleanSpam
1328 | user_group_id
1329 | delete_date
1330 | deleteInfo
1331 | delete_user_id
1332 | delete_username
1333 | delete_reason
1334 | likes
1335 | likeUsers
1336 | like_users
1337 | node_permission_cache
1338 | canComment
1339 | profile_username
1340 | profileUser
1341 | profile_user_id
1342 | latest_comment_ids
1343 | profile_post_id
1344 | last_post_id
1345 | last_post_date
1346 | last_post_user_id
1347 | last_post_username
1348 | permissions
1349 | like_date
1350 | ip_id
1351 | position_on_page
1352 | node_id
1353 | hasPreview
1354 | node_title
1355 | node_name
1356 | msg_author_name
1357 | xf_post_id
1358 | quotes
1359 | uid
1360 | post_subject
1361 | post_text
1362 | poster_id
1363 | post_time
1364 | poster_ip
1365 | post_approved
1366 | comment_count
1367 | new_post_id
1368 | editdate
1369 | edituserid
1370 | database
1371 | step0
1372 | step1
1373 | step2
1374 | license_agree
1375 | step3
1376 | step5
1377 | step4
1378 | create_database
1379 | clear_database
1380 | step6
1381 | step7
1382 | step8
1383 | step9
1384 | template_id
1385 | template_type_id
1386 | step_lng
1387 | JsHttpRequest
1388 | documents_version_current
1389 | use_typograph
1390 | trailing_punctuation
1391 | documents_dir_id
1392 | documents_name
1393 | documents_version_id
1394 | documents_version_comment
1395 | documents_text
1396 | documents_dir_name
1397 | documents_status_id
1398 | documents_status_description
1399 | maillist_id
1400 | send_as_fascicle
1401 | information_group_id
1402 | information_system_id
1403 | information_group_parent_id
1404 | information_group_path
1405 | information_group_allow_indexation
1406 | information_group_create_url_type
1407 | information_group_activity
1408 | use_typograph_for_description
1409 | trailing_punctuation_for_description
1410 | information_group_seo_keywords
1411 | information_group_name
1412 | site_users_id
1413 | sns_type_id
1414 | information_group_order
1415 | information_group_seo_title
1416 | information_group_seo_description
1417 | information_group_access
1418 | used_big_image_information_group_image
1419 | used_big_image_id_information_group_image
1420 | big_image_max_width_information_group_image
1421 | big_image_max_height_information_group_image
1422 | small_image_max_width_information_group_image
1423 | small_image_max_height_information_group_image
1424 | image_watermark_position_x_information_group_image
1425 | image_watermark_position_y_information_group_image
1426 | big_image_is_use_watermark_information_group_image
1427 | small_image_is_use_watermark_information_group_image
1428 | big_image_preserve_aspect_ratio_information_group_image
1429 | small_image_preserve_aspect_ratio_information_group_image
1430 | information_groups_id
1431 | information_item_url
1432 | information_item_id
1433 | information_item_allow_indexation
1434 | information_item_description
1435 | information_item_text
1436 | use_typograph_for_item_text
1437 | trailing_punctuation_for_item_text
1438 | information_item_date
1439 | information_item_putoff_date
1440 | information_item_putend_date
1441 | information_item_show_count
1442 | new_information_systems_id
1443 | information_item_name
1444 | information_item_status
1445 | information_item_order
1446 | information_item_ip
1447 | information_item_seo_title
1448 | information_item_seo_description
1449 | information_item_seo_keywords
1450 | information_item_access
1451 | used_big_image_information_item_image
1452 | big_image_max_width_information_item_image
1453 | big_image_max_height_information_item_image
1454 | small_image_max_width_information_item_image
1455 | small_image_max_height_information_item_image
1456 | image_watermark_position_x_information_item_image
1457 | image_watermark_position_y_information_item_image
1458 | big_image_is_use_watermark_information_item_image
1459 | small_image_is_use_watermark_information_item_image
1460 | big_image_preserve_aspect_ratio_information_item_image
1461 | small_image_preserve_aspect_ratio_information_item_image
1462 | information_item_tags
1463 | information_propertys_groups_lists_id
1464 | information_propertys_groups_xml_name
1465 | information_propertys_groups_type
1466 | information_propertys_groups_default_value
1467 | information_propertys_groups_define_checked_value
1468 | information_propertys_groups_date_default_value
1469 | information_propertys_groups_datetime_default_value
1470 | information_propertys_groups_name
1471 | information_propertys_groups_order
1472 | information_propertys_groups_information_system_id
1473 | information_propertys_groups_dir_id
1474 | information_propertys_groups_big_width
1475 | information_propertys_groups_big_height
1476 | information_propertys_groups_small_width
1477 | information_propertys_groups_small_height
1478 | information_propertys_items_lists_id
1479 | information_propertys_items_xml_name
1480 | information_propertys_information_system_id
1481 | information_propertys_items_type
1482 | information_propertys_items_default_value
1483 | information_propertys_items_define_checked_value
1484 | information_propertys_items_date_default_value
1485 | information_propertys_items_datetime_default_value
1486 | information_propertys_items_name
1487 | information_propertys_items_order
1488 | information_propertys_items_information_system_id
1489 | information_propertys_items_dir_id
1490 | information_propertys_default_big_width
1491 | information_propertys_default_small_width
1492 | information_propertys_default_big_height
1493 | information_propertys_default_small_height
1494 | information_systems_default_used_watermark
1495 | information_systems_default_used_small_watermark
1496 | current_information_systems_dir_id
1497 | site_id
1498 | information_systems_name
1499 | information_systems_description
1500 | information_systems_items_order_field
1501 | information_systems_items_order_type
1502 | information_systems_access
1503 | information_systems_captcha_used
1504 | information_systems_watermark_default_position_x
1505 | information_systems_watermark_default_position_y
1506 | structure_id
1507 | information_systems_items_on_page
1508 | information_systems_group_items_order_field
1509 | information_systems_group_items_order_type
1510 | information_systems_format_date
1511 | information_systems_format_datetime
1512 | information_systems_image_big_max_width_group
1513 | information_systems_image_big_max_height_group
1514 | information_systems_image_small_max_width_group
1515 | information_systems_image_small_max_height_group
1516 | information_systems_image_big_max_width
1517 | information_systems_image_big_max_height
1518 | information_systems_image_small_max_width
1519 | information_systems_image_small_max_height
1520 | information_systems_url_type
1521 | information_systems_typograph_item
1522 | information_systems_default_save_proportions
1523 | information_systems_typograph_group
1524 | information_systems_apply_tags_automatic
1525 | information_systems_file_name_conversion
1526 | information_systems_apply_keywords_automatic
1527 | comment_id
1528 | comment_text
1529 | use_typograph_for_comment_text
1530 | trailing_punctuation_for_comment_text
1531 | comment_parent_id
1532 | comment_fio
1533 | comment_email
1534 | comment_phone
1535 | comment_subject
1536 | comment_ip
1537 | comment_grade
1538 | delete_information_item_big_image
1539 | delete_information_item_small_image
1540 | delete_information_system_watermark
1541 | information_group_description
1542 | information_items_sns_accessibility
1543 | information_items_sns_show_comments_mode
1544 | information_items_sns_add_comments_mode
1545 | templates_id
1546 | templates_parent_group_id
1547 | templates_name
1548 | templates_order
1549 | templates_value
1550 | css_value
1551 | templates_group_id
1552 | edit_templates_group_parent_id
1553 | templates_group_name
1554 | data_templates_group_id
1555 | edit_data_templates_group_parent_id
1556 | data_templates_group_name
1557 | seo_characteristic_id
1558 | seo_characteristic_yc_rubric
1559 | seo_characteristic_yc
1560 | seo_characteristic_pr
1561 | seo_characteristic_links_google
1562 | seo_characteristic_links_yandex
1563 | seo_characteristic_links_yahoo
1564 | seo_characteristic_links_msn
1565 | seo_characteristic_indexed_aport
1566 | seo_characteristic_indexed_yandex
1567 | seo_characteristic_indexed_yahoo
1568 | seo_characteristic_indexed_msn
1569 | seo_characteristic_indexed_rambler
1570 | seo_characteristic_indexed_google
1571 | seo_characteristic_catalog_yandex
1572 | seo_characteristic_catalog_rambler
1573 | seo_characteristic_catalog_mail
1574 | seo_characteristic_catalog_dmoz
1575 | seo_characteristic_catalog_aport
1576 | seo_characteristic_counter_rambler
1577 | seo_characteristic_counter_spylog
1578 | seo_characteristic_counter_hotlog
1579 | seo_characteristic_counter_mail
1580 | seo_characteristic_counter_liveinternet
1581 | seo_characteristic_date_time
1582 | seo_position_search_query_id
1583 | seo_search_query_id
1584 | seo_position_search_query_yandex
1585 | seo_position_search_query_rambler
1586 | seo_position_search_query_google
1587 | seo_position_search_query_aport
1588 | seo_position_search_query_gogo
1589 | seo_position_search_query_yahoo
1590 | seo_position_search_query_livesearch
1591 | seo_position_search_query_date_time
1592 | seo_search_query_value
1593 | pr
1594 | tyc
1595 | column_count
1596 | position_yandex
1597 | position_google
1598 | position_rambler
1599 | position_aport
1600 | position_gogo
1601 | position_yahoo
1602 | position_livesearch
1603 | links_google
1604 | links_yandex
1605 | links_yahoo
1606 | links_msn
1607 | indexed_aport
1608 | indexed_yandex
1609 | indexed_yahoo
1610 | indexed_msn
1611 | indexed_rambler
1612 | indexed_google
1613 | catalog_yandex
1614 | catalog_rambler
1615 | catalog_mail
1616 | catalog_dmoz
1617 | catalog_aport
1618 | counter_rambler
1619 | counter_spylog
1620 | counter_hotlog
1621 | counter_mail
1622 | counter_liveinternet
1623 | date_start
1624 | date_end
1625 | shop_eitem_id
1626 | big_image_max_width_groups_image
1627 | big_image_max_height_groups_image
1628 | small_image_max_width_groups_image
1629 | small_image_max_height_groups_image
1630 | big_image_preserve_aspect_ratio_groups_image
1631 | small_image_preserve_aspect_ratio_groups_image
1632 | edit_item_discount
1633 | shop_discount_id
1634 | shop_id
1635 | shop_group_id
1636 | shop_item_id
1637 | big_image_max_width_items_catalog_image
1638 | big_image_max_height_items_catalog_image
1639 | used_big_image_items_catalog_image
1640 | small_image_max_width_items_catalog_image
1641 | small_image_max_height_items_catalog_image
1642 | image_watermark_position_x_items_catalog_image
1643 | image_watermark_position_y_items_catalog_image
1644 | big_image_is_use_watermark_items_catalog_image
1645 | small_image_is_use_watermark_items_catalog_image
1646 | big_image_preserve_aspect_ratio_items_catalog_image
1647 | small_image_preserve_aspect_ratio_items_catalog_image
1648 | edit_prices
1649 | prices_name
1650 | prices_percent_to_basic
1651 | prices_users_group
1652 | shop_shops_id
1653 | shop_list_of_prices_cml_id
1654 | edit_producer
1655 | producer_name
1656 | producer_description
1657 | producer_order
1658 | producer_path
1659 | shop_producers_list_address
1660 | shop_producers_list_phone
1661 | shop_producers_list_fax
1662 | shop_producers_list_site
1663 | shop_producers_list_email
1664 | shop_producers_list_inn
1665 | shop_producers_list_kpp
1666 | shop_producers_list_ogrn
1667 | shop_producers_list_okpo
1668 | shop_producers_list_okved
1669 | shop_producers_list_bik
1670 | shop_producers_list_account
1671 | shop_producers_list_corr_account
1672 | shop_producers_list_bank_name
1673 | shop_producers_list_bank_address
1674 | shop_producers_list_seo_title
1675 | shop_producers_list_seo_description
1676 | shop_producers_list_seo_keywords
1677 | used_big_image_shop_sallers_image
1678 | big_image_max_width_shop_sallers_image
1679 | big_image_max_height_shop_sallers_image
1680 | small_image_max_width_shop_sallers_image
1681 | small_image_max_height_shop_sallers_image
1682 | image_watermark_position_x_shop_sallers_image
1683 | image_watermark_position_y_shop_sallers_image
1684 | big_image_is_use_watermark_shop_sallers_image
1685 | small_image_is_use_watermark_shop_sallers_image
1686 | big_image_preserve_aspect_ratio_shop_sallers_image
1687 | small_image_preserve_aspect_ratio_shop_sallers_image
1688 | sales_order_begin_date
1689 | sales_order_end_date
1690 | shop_system_of_pay_id
1691 | shop_order_status_id
1692 | sales_order_grouping
1693 | sales_order_show_list_items
1694 | import_price_name_field_f
1695 | print_order
1696 | users_superuser
1697 | users_id
1698 | users_name
1699 | admin_forms_edit_id
1700 | admin_forms_on_page_field
1701 | admin_forms_key_field
1702 | admin_forms_show_operations
1703 | admin_forms_show_group_operations
1704 | admin_forms_group_operations_as_images
1705 | admin_forms_default_order_field
1706 | admin_forms_default_order_direction
1707 | admin_words_id
1708 | admin_forms_events_id
1709 | admin_forms_events_function
1710 | admin_forms_events_picture
1711 | admin_forms_events_show_button
1712 | admin_forms_events_group_operation
1713 | admin_forms_events_ask
1714 | admin_forms_events_order
1715 | admin_forms_events_dataset_id
1716 | admin_forms_field_id
1717 | admin_forms_field_name
1718 | admin_forms_field_order
1719 | admin_forms_field_type
1720 | admin_forms_field_format
1721 | admin_forms_field_allow_order
1722 | admin_forms_field_allow_filter
1723 | admin_forms_field_align_title
1724 | admin_forms_field_align
1725 | admin_forms_field_width
1726 | admin_forms_field_style
1727 | admin_forms_field_attrib
1728 | admin_forms_field_image
1729 | admin_forms_field_link
1730 | admin_forms_field_onclick
1731 | admin_forms_field_list
1732 | admin_language_id
1733 | admin_language_name
1734 | admin_language_short_name
1735 | admin_language_active
1736 | admin_language_order
1737 | lib_id
1738 | structure_access_protocol
1739 | xsl_name
1740 | xsl_dir_id
1741 | xsl_value
1742 | xsl_comment
1743 | xsl_order
1744 | xsl_format
1745 | edit_xsl_dir_parent_id
1746 | xsl_dir_name
1747 | xsl_dir_order
1748 | tag_name
1749 | tag_group_id
1750 | pg_sig
1751 | pg_result
1752 | pg_net_amount
1753 | pg_payment_id
1754 | pg_salt
1755 | partner_id
1756 | service_id
1757 | order_id
1758 | partner_income
1759 | system_income
1760 | qiwi_payment_options
1761 | user_qiwi
1762 | need_to_register_user_qiwi
1763 | purse
1764 | LMI_PAYMENT_AMOUNT
1765 | LMI_PAYEE_PURSE
1766 | LMI_PAYMENT_NO
1767 | LMI_MODE
1768 | LMI_SYS_INVS_NO
1769 | LMI_SYS_TRANS_NO
1770 | LMI_SYS_TRANS_DATE
1771 | LMI_PAYER_PURSE
1772 | LMI_PAYER_WM
1773 | LMI_HASH
1774 | Pay
1775 | eshopId
1776 | orderId
1777 | paymentStatus
1778 | hash
1779 | paymentId
1780 | edit_advertisement
1781 | advertisement_title
1782 | advertisement_text
1783 | advertisement_price
1784 | advertisement_id
1785 | advertisement_fio
1786 | advertisement_phone
1787 | advertisement_email
1788 | producer_id
1789 | saller_id
1790 | price_from
1791 | price_to
1792 | on_page
1793 | order_direction
1794 | sort_by_field
1795 | advertisement_currency
1796 | anonymousmaillist
1797 | site_users_login
1798 | apply
1799 | location
1800 | conference_id
1801 | forums_id
1802 | current_page
1803 | theme_id
1804 | current_page_message
1805 | renewmaillist
1806 | site_user_login
1807 | site_user_password
1808 | remember_me
1809 | accept
1810 | captcha_key
1811 | captcha_keystring
1812 | add_edit_theme
1813 | name_theme
1814 | first_message
1815 | theme_close
1816 | theme_notice
1817 | theme_visible
1818 | del_message_id
1819 | add_message
1820 | theme_title
1821 | forums_message_text
1822 | message_id
1823 | theme_send_letter
1824 | edit_message_id
1825 | close_theme_id
1826 | notice_theme_id
1827 | visible_theme_id
1828 | delete_theme_id
1829 | quick_reg
1830 | site_user_email
1831 | add_comment
1832 | comment_autor
1833 | submit_question
1834 | text_item
1835 | autor
1836 | phone
1837 | submit_comment
1838 | all_group
1839 | SHOPCOMPARE
1840 | delete_compare
1841 | delete_all_compare
1842 | sent_message
1843 | add_ticket
1844 | critical_level_id
1845 | notify_status_change
1846 | notify_answer
1847 | ticket_category_id
1848 | get_attachment_id
1849 | vote
1850 | poll_reply_id
1851 | PayPalOrderConfirmation
1852 | x_response_code
1853 | orderNumber
1854 | step1_2
1855 | site_users_password
1856 | site_users_email
1857 | site_users_password_retry
1858 | site_users_name
1859 | site_users_surname
1860 | site_users_patronymic
1861 | site_users_country
1862 | site_users_company
1863 | site_users_phone
1864 | affiliate_name
1865 | step_1_1a
1866 | step_1
1867 | site_users_fax
1868 | site_users_address
1869 | shop_coupon_text
1870 | step_2
1871 | sel_city
1872 | sel_city_area
1873 | index
1874 | full_address
1875 | step_3
1876 | cond_of_delivery
1877 | step_4
1878 | system_of_pay_id
1879 | invoiceId
1880 | step1_1
1881 | ajax_add_item_id
1882 | item_id
1883 | recount
1884 | list_id
1885 | banner_id
1886 | delete_value_property
1887 | add_user
1888 | site_users_site
1889 | site_users_icq
1890 | site_users_postcode
1891 | site_users_city
1892 | change_order_type_button
1893 | customized
1894 | customize_messenger_channel
1895 | TinyMCE_content_size
1896 | ch
1897 | post_name
1898 | post_author
1899 | terms
1900 | custom_fields
1901 | enclosure
1902 | more_text
1903 | preview_iframe
1904 | post_start_date
1905 | post_end_date
1906 | page_author
1907 | page_start_date
1908 | page_end_date
1909 | page_status
1910 | review
1911 | post_format
1912 | broken
1913 | previewed
1914 | createuser
1915 | enabled
1916 | disabled
1917 | list_args
1918 | widget
1919 | approve_parent
1920 | menu
1921 | active_post_lock
1922 | pointer
1923 | attachment
1924 | src
1925 | media_type
1926 | alt
1927 | align
1928 | chromeless
1929 | welcome
1930 | admin_bar_front
1931 | wpdmact
1932 | task
1933 | re
1934 | access
1935 | wpdm_login_msg
1936 | cid
1937 | wpdmtask
1938 | did
1939 | wpdm_action
1940 | akismet_show_user_comments_approved
1941 | akismet_comment_nonce
1942 | nivoslider4wp_width
1943 | nivoslider4wp_height
1944 | nivoslider4wp_colsBox
1945 | nivoslider4wp_rowsBox
1946 | nivoslider4wp_effect
1947 | nivoslider4wp_animSpeed
1948 | nivoslider4wp_pauseTime
1949 | nivoslider4wp_directionNav
1950 | nivoslider4wp_directionNavHide
1951 | nivoslider4wp_controlNav
1952 | nivoslider4wp_keyboardNav
1953 | nivoslider4wp_pauseOnHover
1954 | nivoslider4wp_manualAdvance
1955 | nivoslider4wp_backgroundCaption
1956 | nivoslider4wp_colorCaption
1957 | nivoslider4wp_captionOpacity
1958 | nivoslider4wp_js
1959 | nivoslider4wp_imageQuality
1960 | disable
1961 | order_value
1962 | x
1963 | nivoslider4wp_file_type
1964 | nivoslider4wp_file_id
1965 | y
1966 | x2
1967 | y2
1968 | nivoslider4wp_file_text_headline
1969 | nivoslider4wp_image_link
1970 | uniqueid
1971 | fromquickcomment
1972 | postuserid
1973 | thread_visible
1974 | total
1975 | useragent
1976 | firstpostid
1977 | skippostcount
1978 | posteruserid
1979 | infractionid
1980 | issubscribed
1981 | autosubscribe
1982 | infraction
1983 | moderateddateline
1984 | deleteddateline
1985 | maxpostid
1986 | threadread
1987 | spamlog_postid
1988 | pdel_userid
1989 | pdel_username
1990 | del_userid
1991 | pdel_reason
1992 | tdel_userid
1993 | tdel_username
1994 | tdel_reason
1995 | humanverify
1996 | ajaxqrfailed
1997 | toppadding
1998 | prefixid
1999 | taglist
2000 | podcasturl
2001 | podcastsize
2002 | podcastexplicit
2003 | podcastkeywords
2004 | podcastsubtitle
2005 | podcastauthor
2006 | original_pagetext
2007 | del_phrase
2008 | prefix_plain_html
2009 | prefix_rich
2010 | isfirstshown
2011 | viewself
2012 | maxpost
2013 | announcementoptions
2014 | lastposter
2015 | lastpostid
2016 | lastthread
2017 | lastthreadid
2018 | lasticonid
2019 | lastprefixid
2020 | hashistory
2021 | avatarrevision
2022 | avwidth
2023 | avheight
2024 | adminavatar
2025 | postsperday
2026 | showbirthday
2027 | ipoints
2028 | infractions
2029 | signatureparsed
2030 | sighasimages
2031 | skypeicon
2032 | onlinestatus
2033 | adminoptions
2034 | checkbox_value
2035 | scrolltothis
2036 | readannouncement
2037 | fromuserid
2038 | fromusername
2039 | messageread
2040 | posterid
2041 | thumbnailattachments
2042 | imageattachments
2043 | imageattachmentlinks
2044 | otherattachments
2045 | postvisible
2046 | threadvisible
2047 | lastposterid
2048 | min
2049 | firstpost
2050 | doreset
2051 | profilefieldcategoryid
2052 | tagid
2053 | pagetext_simp
2054 | mail
2055 | item_module
2056 | altname
2057 | login_name
2058 | login_password
2059 | tripi_hash
2060 | tripi_user_id
2061 | tripi_password
2062 | tripi_allow_hash
2063 | password1
2064 | password2
2065 | altpass
2066 | fullname
2067 | city
2068 | icq
2069 | site
2070 | del_avatar
2071 | submit_reg
2072 | icaptcha
2073 | captcha_code
2074 | rules
2075 | submit_val
2076 | douser
2077 | lostid
2078 | submit_lost
2079 | lostname
2080 | place
2081 | skin
2082 | seourl
2083 | user_forums_read
2084 | user_forums_read_all
2085 | karma_id
2086 | rep_id
2087 | mark
2088 | poster
2089 | topic_title
2090 | topic_open
2091 | topic_fixed
2092 | topic_tags
2093 | poll_title
2094 | poll_body
2095 | poll_multi
2096 | poll_days
2097 | poll_clear
2098 | poll_close
2099 | mass_action
2100 | selected_posts
2101 | topic_id_new
2102 | fixed
2103 | tags
2104 | subscribe
2105 | forum
2106 | descr
2107 | posi
2108 | alt_name
2109 | hide
2110 | close
2111 | access_add
2112 | access_reply
2113 | access_read
2114 | access_topicedit
2115 | access_topicdel
2116 | access_postedit
2117 | access_postdel
2118 | allow_hash
2119 | comm_txt
2120 | recip
2121 | blockoff
2122 | block_reason
2123 | block_days
2124 | subj
2125 | open_invite
2126 | selected_language
2127 | mod
2128 | approve
2129 | save_con
2130 | short_text
2131 | full_text
2132 | allow_home
2133 | allow_rating
2134 | forum_link
2135 | meta_title
2136 | meta_description
2137 | meta_keywords
2138 | items_sort
2139 | items_sortby
2140 | items_limit
2141 | items_tpl
2142 | item_tpl
2143 | del_image
2144 | new_autor
2145 | old_autor
2146 | tpl
2147 | xinfo
2148 | open_topic
2149 | edit_topic
2150 | delete_topic
2151 | move_topic
2152 | fix_topic
2153 | edit_post
2154 | delete_post
2155 | move_post
2156 | combine_post
2157 | del_logo
2158 | tag_old
2159 | tag_new
2160 | import_file_add
2161 | empfanger
2162 | start_from
2163 | interval
2164 | imax
2165 | tmax
2166 | dmax
2167 | datef
2168 | thumbs_xy
2169 | thumbs_size
2170 | images
2171 | file_number
2172 | fileurl
2173 | allow_resize
2174 | allow_watermark
2175 | user_group
2176 | ip_add
2177 | banned_info
2178 | banned
2179 | rang_id
2180 | allow_mail
2181 | banned_days
2182 | group_name
2183 | group_nick
2184 | group_color
2185 | allow_admin
2186 | admin_rules
2187 | admin_etpl
2188 | admin_config
2189 | admin_content
2190 | admin_chat
2191 | admin_forum
2192 | admin_newsletter
2193 | admin_pm
2194 | admin_rssinform
2195 | admin_banners
2196 | admin_users
2197 | admin_users_add
2198 | admin_users_edit
2199 | admin_users_del
2200 | admin_users_block
2201 | admin_users_rang
2202 | allow_addwarn
2203 | alow_users_edit
2204 | alow_users_block
2205 | global_moderator
2206 | karma_manage
2207 | reput_manage
2208 | show_ip
2209 | complaint_manage
2210 | mad_manage
2211 | allow_hide
2212 | allow_url
2213 | allow_image
2214 | allow_file_upload
2215 | allow_files_dload
2216 | allow_complaint
2217 | captcha
2218 | allow_warn
2219 | alow_addkarma
2220 | alow_karma
2221 | alow_addrep
2222 | alow_rep
2223 | alow_users_posts
2224 | alow_users_topics
2225 | alow_new_posts
2226 | alow_active_topics
2227 | alow_search
2228 | alow_search_captcha
2229 | alow_addchat
2230 | alow_chat
2231 | allow_pm
2232 | edit_pm
2233 | delete_pm
2234 | alow_uforums
2235 | approve_uforums
2236 | limit_uforums
2237 | allow_addc
2238 | allow_editc
2239 | allow_delc
2240 | edit_allc
2241 | del_allc
2242 | spec
2243 | notice
2244 | tripi_newpm
2245 | tripi_newntf
2246 | tripi_compl
2247 | xdebug
2248 | minifyDebug
2249 | ololo
2250 | pay
2251 | xss
2252 | cmt
2253 | xssfilter
2254 | xss1
2255 | xss2
2256 | wd
2257 | ht
2258 | vid
2259 | 1
2260 | code
2261 | amount
2262 | mac
2263 | zzz
2264 | qaz
2265 | qwe
2266 | varname
2267 | line
2268 | flag
2269 | verification
2270 | hosts
2271 | pin2enc
2272 | pin2
2273 | pan
2274 | currency
2275 | transaction_amount
2276 | expiration_date
2277 | cardholder_name
2278 | input1
2279 | smooth
2280 | by
2281 | sentence
2282 | passed_captcha
2283 | cash_in_method
2284 | cash_out_method
2285 | invoice
2286 | send_private_message
2287 | send_exchange
2288 | ajax_data_tables
2289 | send_user_data
2290 | send_prove_trans
2291 | send_message
2292 | send_approve
2293 | send_prove_pays
2294 | cold_storage
2295 | balance_control
2296 | method
2297 | complaintId
2298 | date_one
2299 | date_two
2300 | select_order
2301 | add_order
2302 | action_order
2303 | send_new_password
2304 | route
2305 | r
2306 | Save
2307 |
--------------------------------------------------------------------------------
/src/burp/IBurpExtenderCallbacks.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtenderCallbacks.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 | import java.io.OutputStream;
14 | import java.util.List;
15 | import java.util.Map;
16 |
17 | /**
18 | * This interface is used by Burp Suite to pass to extensions a set of callback
19 | * methods that can be used by extensions to perform various actions within
20 | * Burp.
21 | *
22 | * When an extension is loaded, Burp invokes its
23 | * registerExtenderCallbacks() method and passes an instance of the
24 | * IBurpExtenderCallbacks interface. The extension may then invoke
25 | * the methods of this interface as required in order to extend Burp's
26 | * functionality.
27 | */
28 | public interface IBurpExtenderCallbacks
29 | {
30 |
31 | /**
32 | * Flag used to identify Burp Suite as a whole.
33 | */
34 | static final int TOOL_SUITE = 0x00000001;
35 | /**
36 | * Flag used to identify the Burp Target tool.
37 | */
38 | static final int TOOL_TARGET = 0x00000002;
39 | /**
40 | * Flag used to identify the Burp Proxy tool.
41 | */
42 | static final int TOOL_PROXY = 0x00000004;
43 | /**
44 | * Flag used to identify the Burp Spider tool.
45 | */
46 | static final int TOOL_SPIDER = 0x00000008;
47 | /**
48 | * Flag used to identify the Burp Scanner tool.
49 | */
50 | static final int TOOL_SCANNER = 0x00000010;
51 | /**
52 | * Flag used to identify the Burp Intruder tool.
53 | */
54 | static final int TOOL_INTRUDER = 0x00000020;
55 | /**
56 | * Flag used to identify the Burp Repeater tool.
57 | */
58 | static final int TOOL_REPEATER = 0x00000040;
59 | /**
60 | * Flag used to identify the Burp Sequencer tool.
61 | */
62 | static final int TOOL_SEQUENCER = 0x00000080;
63 | /**
64 | * Flag used to identify the Burp Decoder tool.
65 | */
66 | static final int TOOL_DECODER = 0x00000100;
67 | /**
68 | * Flag used to identify the Burp Comparer tool.
69 | */
70 | static final int TOOL_COMPARER = 0x00000200;
71 | /**
72 | * Flag used to identify the Burp Extender tool.
73 | */
74 | static final int TOOL_EXTENDER = 0x00000400;
75 |
76 | /**
77 | * This method is used to set the display name for the current extension,
78 | * which will be displayed within the user interface for the Extender tool.
79 | *
80 | * @param name The extension name.
81 | */
82 | void setExtensionName(String name);
83 |
84 | /**
85 | * This method is used to obtain an IExtensionHelpers object,
86 | * which can be used by the extension to perform numerous useful tasks.
87 | *
88 | * @return An object containing numerous helper methods, for tasks such as
89 | * building and analyzing HTTP requests.
90 | */
91 | IExtensionHelpers getHelpers();
92 |
93 | /**
94 | * This method is used to obtain the current extension's standard output
95 | * stream. Extensions should write all output to this stream, allowing the
96 | * Burp user to configure how that output is handled from within the UI.
97 | *
98 | * @return The extension's standard output stream.
99 | */
100 | OutputStream getStdout();
101 |
102 | /**
103 | * This method is used to obtain the current extension's standard error
104 | * stream. Extensions should write all error messages to this stream,
105 | * allowing the Burp user to configure how that output is handled from
106 | * within the UI.
107 | *
108 | * @return The extension's standard error stream.
109 | */
110 | OutputStream getStderr();
111 |
112 | /**
113 | * This method prints a line of output to the current extension's standard
114 | * output stream.
115 | *
116 | * @param output The message to print.
117 | */
118 | void printOutput(String output);
119 |
120 | /**
121 | * This method prints a line of output to the current extension's standard
122 | * error stream.
123 | *
124 | * @param error The message to print.
125 | */
126 | void printError(String error);
127 |
128 | /**
129 | * This method is used to register a listener which will be notified of
130 | * changes to the extension's state. Note: Any extensions that start
131 | * background threads or open system resources (such as files or database
132 | * connections) should register a listener and terminate threads / close
133 | * resources when the extension is unloaded.
134 | *
135 | * @param listener An object created by the extension that implements the
136 | * IExtensionStateListener interface.
137 | */
138 | void registerExtensionStateListener(IExtensionStateListener listener);
139 |
140 | /**
141 | * This method is used to retrieve the extension state listeners that are
142 | * registered by the extension.
143 | *
144 | * @return A list of extension state listeners that are currently registered
145 | * by this extension.
146 | */
147 | List getExtensionStateListeners();
148 |
149 | /**
150 | * This method is used to remove an extension state listener that has been
151 | * registered by the extension.
152 | *
153 | * @param listener The extension state listener to be removed.
154 | */
155 | void removeExtensionStateListener(IExtensionStateListener listener);
156 |
157 | /**
158 | * This method is used to register a listener which will be notified of
159 | * requests and responses made by any Burp tool. Extensions can perform
160 | * custom analysis or modification of these messages by registering an HTTP
161 | * listener.
162 | *
163 | * @param listener An object created by the extension that implements the
164 | * IHttpListener interface.
165 | */
166 | void registerHttpListener(IHttpListener listener);
167 |
168 | /**
169 | * This method is used to retrieve the HTTP listeners that are registered by
170 | * the extension.
171 | *
172 | * @return A list of HTTP listeners that are currently registered by this
173 | * extension.
174 | */
175 | List getHttpListeners();
176 |
177 | /**
178 | * This method is used to remove an HTTP listener that has been registered
179 | * by the extension.
180 | *
181 | * @param listener The HTTP listener to be removed.
182 | */
183 | void removeHttpListener(IHttpListener listener);
184 |
185 | /**
186 | * This method is used to register a listener which will be notified of
187 | * requests and responses being processed by the Proxy tool. Extensions can
188 | * perform custom analysis or modification of these messages, and control
189 | * in-UI message interception, by registering a proxy listener.
190 | *
191 | * @param listener An object created by the extension that implements the
192 | * IProxyListener interface.
193 | */
194 | void registerProxyListener(IProxyListener listener);
195 |
196 | /**
197 | * This method is used to retrieve the Proxy listeners that are registered
198 | * by the extension.
199 | *
200 | * @return A list of Proxy listeners that are currently registered by this
201 | * extension.
202 | */
203 | List getProxyListeners();
204 |
205 | /**
206 | * This method is used to remove a Proxy listener that has been registered
207 | * by the extension.
208 | *
209 | * @param listener The Proxy listener to be removed.
210 | */
211 | void removeProxyListener(IProxyListener listener);
212 |
213 | /**
214 | * This method is used to register a listener which will be notified of new
215 | * issues that are reported by the Scanner tool. Extensions can perform
216 | * custom analysis or logging of Scanner issues by registering a Scanner
217 | * listener.
218 | *
219 | * @param listener An object created by the extension that implements the
220 | * IScannerListener interface.
221 | */
222 | void registerScannerListener(IScannerListener listener);
223 |
224 | /**
225 | * This method is used to retrieve the Scanner listeners that are registered
226 | * by the extension.
227 | *
228 | * @return A list of Scanner listeners that are currently registered by this
229 | * extension.
230 | */
231 | List getScannerListeners();
232 |
233 | /**
234 | * This method is used to remove a Scanner listener that has been registered
235 | * by the extension.
236 | *
237 | * @param listener The Scanner listener to be removed.
238 | */
239 | void removeScannerListener(IScannerListener listener);
240 |
241 | /**
242 | * This method is used to register a listener which will be notified of
243 | * changes to Burp's suite-wide target scope.
244 | *
245 | * @param listener An object created by the extension that implements the
246 | * IScopeChangeListener interface.
247 | */
248 | void registerScopeChangeListener(IScopeChangeListener listener);
249 |
250 | /**
251 | * This method is used to retrieve the scope change listeners that are
252 | * registered by the extension.
253 | *
254 | * @return A list of scope change listeners that are currently registered by
255 | * this extension.
256 | */
257 | List getScopeChangeListeners();
258 |
259 | /**
260 | * This method is used to remove a scope change listener that has been
261 | * registered by the extension.
262 | *
263 | * @param listener The scope change listener to be removed.
264 | */
265 | void removeScopeChangeListener(IScopeChangeListener listener);
266 |
267 | /**
268 | * This method is used to register a factory for custom context menu items.
269 | * When the user invokes a context menu anywhere within Burp, the factory
270 | * will be passed details of the invocation event, and asked to provide any
271 | * custom context menu items that should be shown.
272 | *
273 | * @param factory An object created by the extension that implements the
274 | * IContextMenuFactory interface.
275 | */
276 | void registerContextMenuFactory(IContextMenuFactory factory);
277 |
278 | /**
279 | * This method is used to retrieve the context menu factories that are
280 | * registered by the extension.
281 | *
282 | * @return A list of context menu factories that are currently registered by
283 | * this extension.
284 | */
285 | List getContextMenuFactories();
286 |
287 | /**
288 | * This method is used to remove a context menu factory that has been
289 | * registered by the extension.
290 | *
291 | * @param factory The context menu factory to be removed.
292 | */
293 | void removeContextMenuFactory(IContextMenuFactory factory);
294 |
295 | /**
296 | * This method is used to register a factory for custom message editor tabs.
297 | * For each message editor that already exists, or is subsequently created,
298 | * within Burp, the factory will be asked to provide a new instance of an
299 | * IMessageEditorTab object, which can provide custom rendering
300 | * or editing of HTTP messages.
301 | *
302 | * @param factory An object created by the extension that implements the
303 | * IMessageEditorTabFactory interface.
304 | */
305 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
306 |
307 | /**
308 | * This method is used to retrieve the message editor tab factories that are
309 | * registered by the extension.
310 | *
311 | * @return A list of message editor tab factories that are currently
312 | * registered by this extension.
313 | */
314 | List getMessageEditorTabFactories();
315 |
316 | /**
317 | * This method is used to remove a message editor tab factory that has been
318 | * registered by the extension.
319 | *
320 | * @param factory The message editor tab factory to be removed.
321 | */
322 | void removeMessageEditorTabFactory(IMessageEditorTabFactory factory);
323 |
324 | /**
325 | * This method is used to register a provider of Scanner insertion points.
326 | * For each base request that is actively scanned, Burp will ask the
327 | * provider to provide any custom scanner insertion points that are
328 | * appropriate for the request.
329 | *
330 | * @param provider An object created by the extension that implements the
331 | * IScannerInsertionPointProvider interface.
332 | */
333 | void registerScannerInsertionPointProvider(
334 | IScannerInsertionPointProvider provider);
335 |
336 | /**
337 | * This method is used to retrieve the Scanner insertion point providers
338 | * that are registered by the extension.
339 | *
340 | * @return A list of Scanner insertion point providers that are currently
341 | * registered by this extension.
342 | */
343 | List getScannerInsertionPointProviders();
344 |
345 | /**
346 | * This method is used to remove a Scanner insertion point provider that has
347 | * been registered by the extension.
348 | *
349 | * @param provider The Scanner insertion point provider to be removed.
350 | */
351 | void removeScannerInsertionPointProvider(
352 | IScannerInsertionPointProvider provider);
353 |
354 | /**
355 | * This method is used to register a custom Scanner check. When performing
356 | * scanning, Burp will ask the check to perform active or passive scanning
357 | * on the base request, and report any Scanner issues that are identified.
358 | *
359 | * @param check An object created by the extension that implements the
360 | * IScannerCheck interface.
361 | */
362 | void registerScannerCheck(IScannerCheck check);
363 |
364 | /**
365 | * This method is used to retrieve the Scanner checks that are registered by
366 | * the extension.
367 | *
368 | * @return A list of Scanner checks that are currently registered by this
369 | * extension.
370 | */
371 | List getScannerChecks();
372 |
373 | /**
374 | * This method is used to remove a Scanner check that has been registered by
375 | * the extension.
376 | *
377 | * @param check The Scanner check to be removed.
378 | */
379 | void removeScannerCheck(IScannerCheck check);
380 |
381 | /**
382 | * This method is used to register a factory for Intruder payloads. Each
383 | * registered factory will be available within the Intruder UI for the user
384 | * to select as the payload source for an attack. When this is selected, the
385 | * factory will be asked to provide a new instance of an
386 | * IIntruderPayloadGenerator object, which will be used to
387 | * generate payloads for the attack.
388 | *
389 | * @param factory An object created by the extension that implements the
390 | * IIntruderPayloadGeneratorFactory interface.
391 | */
392 | void registerIntruderPayloadGeneratorFactory(
393 | IIntruderPayloadGeneratorFactory factory);
394 |
395 | /**
396 | * This method is used to retrieve the Intruder payload generator factories
397 | * that are registered by the extension.
398 | *
399 | * @return A list of Intruder payload generator factories that are currently
400 | * registered by this extension.
401 | */
402 | List
403 | getIntruderPayloadGeneratorFactories();
404 |
405 | /**
406 | * This method is used to remove an Intruder payload generator factory that
407 | * has been registered by the extension.
408 | *
409 | * @param factory The Intruder payload generator factory to be removed.
410 | */
411 | void removeIntruderPayloadGeneratorFactory(
412 | IIntruderPayloadGeneratorFactory factory);
413 |
414 | /**
415 | * This method is used to register a custom Intruder payload processor. Each
416 | * registered processor will be available within the Intruder UI for the
417 | * user to select as the action for a payload processing rule.
418 | *
419 | * @param processor An object created by the extension that implements the
420 | * IIntruderPayloadProcessor interface.
421 | */
422 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
423 |
424 | /**
425 | * This method is used to retrieve the Intruder payload processors that are
426 | * registered by the extension.
427 | *
428 | * @return A list of Intruder payload processors that are currently
429 | * registered by this extension.
430 | */
431 | List getIntruderPayloadProcessors();
432 |
433 | /**
434 | * This method is used to remove an Intruder payload processor that has been
435 | * registered by the extension.
436 | *
437 | * @param processor The Intruder payload processor to be removed.
438 | */
439 | void removeIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
440 |
441 | /**
442 | * This method is used to register a custom session handling action. Each
443 | * registered action will be available within the session handling rule UI
444 | * for the user to select as a rule action. Users can choose to invoke an
445 | * action directly in its own right, or following execution of a macro.
446 | *
447 | * @param action An object created by the extension that implements the
448 | * ISessionHandlingAction interface.
449 | */
450 | void registerSessionHandlingAction(ISessionHandlingAction action);
451 |
452 | /**
453 | * This method is used to retrieve the session handling actions that are
454 | * registered by the extension.
455 | *
456 | * @return A list of session handling actions that are currently registered
457 | * by this extension.
458 | */
459 | List getSessionHandlingActions();
460 |
461 | /**
462 | * This method is used to remove a session handling action that has been
463 | * registered by the extension.
464 | *
465 | * @param action The extension session handling action to be removed.
466 | */
467 | void removeSessionHandlingAction(ISessionHandlingAction action);
468 |
469 | /**
470 | * This method is used to unload the extension from Burp Suite.
471 | */
472 | void unloadExtension();
473 |
474 | /**
475 | * This method is used to add a custom tab to the main Burp Suite window.
476 | *
477 | * @param tab An object created by the extension that implements the
478 | * ITab interface.
479 | */
480 | void addSuiteTab(ITab tab);
481 |
482 | /**
483 | * This method is used to remove a previously-added tab from the main Burp
484 | * Suite window.
485 | *
486 | * @param tab An object created by the extension that implements the
487 | * ITab interface.
488 | */
489 | void removeSuiteTab(ITab tab);
490 |
491 | /**
492 | * This method is used to customize UI components in line with Burp's UI
493 | * style, including font size, colors, table line spacing, etc. The action
494 | * is performed recursively on any child components of the passed-in
495 | * component.
496 | *
497 | * @param component The UI component to be customized.
498 | */
499 | void customizeUiComponent(Component component);
500 |
501 | /**
502 | * This method is used to create a new instance of Burp's HTTP message
503 | * editor, for the extension to use in its own UI.
504 | *
505 | * @param controller An object created by the extension that implements the
506 | * IMessageEditorController interface. This parameter is
507 | * optional and may be null. If it is provided, then the
508 | * message editor will query the controller when required to obtain details
509 | * about the currently displayed message, including the
510 | * IHttpService for the message, and the associated request or
511 | * response message. If a controller is not provided, then the message
512 | * editor will not support context menu actions, such as sending requests to
513 | * other Burp tools.
514 | * @param editable Indicates whether the editor created should be editable,
515 | * or used only for message viewing.
516 | * @return An object that implements the IMessageEditor
517 | * interface, and which the extension can use in its own UI.
518 | */
519 | IMessageEditor createMessageEditor(IMessageEditorController controller,
520 | boolean editable);
521 |
522 | /**
523 | * This method returns the command line arguments that were passed to Burp
524 | * on startup.
525 | *
526 | * @return The command line arguments that were passed to Burp on startup.
527 | */
528 | String[] getCommandLineArguments();
529 |
530 | /**
531 | * This method is used to save configuration settings for the extension in a
532 | * persistent way that survives reloads of the extension and of Burp Suite.
533 | * Saved settings can be retrieved using the method
534 | * loadExtensionSetting().
535 | *
536 | * @param name The name of the setting.
537 | * @param value The value of the setting. If this value is null
538 | * then any existing setting with the specified name will be removed.
539 | */
540 | void saveExtensionSetting(String name, String value);
541 |
542 | /**
543 | * This method is used to load configuration settings for the extension that
544 | * were saved using the method saveExtensionSetting().
545 | *
546 | * @param name The name of the setting.
547 | * @return The value of the setting, or null if no value is
548 | * set.
549 | */
550 | String loadExtensionSetting(String name);
551 |
552 | /**
553 | * This method is used to create a new instance of Burp's plain text editor,
554 | * for the extension to use in its own UI.
555 | *
556 | * @return An object that implements the ITextEditor interface,
557 | * and which the extension can use in its own UI.
558 | */
559 | ITextEditor createTextEditor();
560 |
561 | /**
562 | * This method can be used to send an HTTP request to the Burp Repeater
563 | * tool. The request will be displayed in the user interface, but will not
564 | * be issued until the user initiates this action.
565 | *
566 | * @param host The hostname of the remote HTTP server.
567 | * @param port The port of the remote HTTP server.
568 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
569 | * @param request The full HTTP request.
570 | * @param tabCaption An optional caption which will appear on the Repeater
571 | * tab containing the request. If this value is null then a
572 | * default tab index will be displayed.
573 | */
574 | void sendToRepeater(
575 | String host,
576 | int port,
577 | boolean useHttps,
578 | byte[] request,
579 | String tabCaption);
580 |
581 | /**
582 | * This method can be used to send an HTTP request to the Burp Intruder
583 | * tool. The request will be displayed in the user interface, and markers
584 | * for attack payloads will be placed into default locations within the
585 | * request.
586 | *
587 | * @param host The hostname of the remote HTTP server.
588 | * @param port The port of the remote HTTP server.
589 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
590 | * @param request The full HTTP request.
591 | */
592 | void sendToIntruder(
593 | String host,
594 | int port,
595 | boolean useHttps,
596 | byte[] request);
597 |
598 | /**
599 | * This method can be used to send an HTTP request to the Burp Intruder
600 | * tool. The request will be displayed in the user interface, and markers
601 | * for attack payloads will be placed into the specified locations within
602 | * the request.
603 | *
604 | * @param host The hostname of the remote HTTP server.
605 | * @param port The port of the remote HTTP server.
606 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
607 | * @param request The full HTTP request.
608 | * @param payloadPositionOffsets A list of index pairs representing the
609 | * payload positions to be used. Each item in the list must be an int[2]
610 | * array containing the start and end offsets for the payload position.
611 | */
612 | void sendToIntruder(
613 | String host,
614 | int port,
615 | boolean useHttps,
616 | byte[] request,
617 | List payloadPositionOffsets);
618 |
619 | /**
620 | * This method can be used to send data to the Comparer tool.
621 | *
622 | * @param data The data to be sent to Comparer.
623 | */
624 | void sendToComparer(byte[] data);
625 |
626 | /**
627 | * This method can be used to send a seed URL to the Burp Spider tool. If
628 | * the URL is not within the current Spider scope, the user will be asked if
629 | * they wish to add the URL to the scope. If the Spider is not currently
630 | * running, it will be started. The seed URL will be requested, and the
631 | * Spider will process the application's response in the normal way.
632 | *
633 | * @param url The new seed URL to begin spidering from.
634 | */
635 | void sendToSpider(
636 | java.net.URL url);
637 |
638 | /**
639 | * This method can be used to send an HTTP request to the Burp Scanner tool
640 | * to perform an active vulnerability scan. If the request is not within the
641 | * current active scanning scope, the user will be asked if they wish to
642 | * proceed with the scan.
643 | *
644 | * @param host The hostname of the remote HTTP server.
645 | * @param port The port of the remote HTTP server.
646 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
647 | * @param request The full HTTP request.
648 | * @return The resulting scan queue item.
649 | */
650 | IScanQueueItem doActiveScan(
651 | String host,
652 | int port,
653 | boolean useHttps,
654 | byte[] request);
655 |
656 | /**
657 | * This method can be used to send an HTTP request to the Burp Scanner tool
658 | * to perform an active vulnerability scan, based on a custom list of
659 | * insertion points that are to be scanned. If the request is not within the
660 | * current active scanning scope, the user will be asked if they wish to
661 | * proceed with the scan.
662 | *
663 | * @param host The hostname of the remote HTTP server.
664 | * @param port The port of the remote HTTP server.
665 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
666 | * @param request The full HTTP request.
667 | * @param insertionPointOffsets A list of index pairs representing the
668 | * positions of the insertion points that should be scanned. Each item in
669 | * the list must be an int[2] array containing the start and end offsets for
670 | * the insertion point.
671 | * @return The resulting scan queue item.
672 | */
673 | IScanQueueItem doActiveScan(
674 | String host,
675 | int port,
676 | boolean useHttps,
677 | byte[] request,
678 | List insertionPointOffsets);
679 |
680 | /**
681 | * This method can be used to send an HTTP request to the Burp Scanner tool
682 | * to perform a passive vulnerability scan.
683 | *
684 | * @param host The hostname of the remote HTTP server.
685 | * @param port The port of the remote HTTP server.
686 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
687 | * @param request The full HTTP request.
688 | * @param response The full HTTP response.
689 | */
690 | void doPassiveScan(
691 | String host,
692 | int port,
693 | boolean useHttps,
694 | byte[] request,
695 | byte[] response);
696 |
697 | /**
698 | * This method can be used to issue HTTP requests and retrieve their
699 | * responses.
700 | *
701 | * @param httpService The HTTP service to which the request should be sent.
702 | * @param request The full HTTP request.
703 | * @return An object that implements the IHttpRequestResponse
704 | * interface, and which the extension can query to obtain the details of the
705 | * response.
706 | */
707 | IHttpRequestResponse makeHttpRequest(IHttpService httpService,
708 | byte[] request);
709 |
710 | /**
711 | * This method can be used to issue HTTP requests and retrieve their
712 | * responses.
713 | *
714 | * @param host The hostname of the remote HTTP server.
715 | * @param port The port of the remote HTTP server.
716 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
717 | * @param request The full HTTP request.
718 | * @return The full response retrieved from the remote server.
719 | */
720 | byte[] makeHttpRequest(
721 | String host,
722 | int port,
723 | boolean useHttps,
724 | byte[] request);
725 |
726 | /**
727 | * This method can be used to query whether a specified URL is within the
728 | * current Suite-wide scope.
729 | *
730 | * @param url The URL to query.
731 | * @return Returns true if the URL is within the current
732 | * Suite-wide scope.
733 | */
734 | boolean isInScope(java.net.URL url);
735 |
736 | /**
737 | * This method can be used to include the specified URL in the Suite-wide
738 | * scope.
739 | *
740 | * @param url The URL to include in the Suite-wide scope.
741 | */
742 | void includeInScope(java.net.URL url);
743 |
744 | /**
745 | * This method can be used to exclude the specified URL from the Suite-wide
746 | * scope.
747 | *
748 | * @param url The URL to exclude from the Suite-wide scope.
749 | */
750 | void excludeFromScope(java.net.URL url);
751 |
752 | /**
753 | * This method can be used to display a specified message in the Burp Suite
754 | * alerts tab.
755 | *
756 | * @param message The alert message to display.
757 | */
758 | void issueAlert(String message);
759 |
760 | /**
761 | * This method returns details of all items in the Proxy history.
762 | *
763 | * @return The contents of the Proxy history.
764 | */
765 | IHttpRequestResponse[] getProxyHistory();
766 |
767 | /**
768 | * This method returns details of items in the site map.
769 | *
770 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
771 | * order to extract a specific subset of the site map. The method performs a
772 | * simple case-sensitive text match, returning all site map items whose URL
773 | * begins with the specified prefix. If this parameter is null, the entire
774 | * site map is returned.
775 | *
776 | * @return Details of items in the site map.
777 | */
778 | IHttpRequestResponse[] getSiteMap(String urlPrefix);
779 |
780 | /**
781 | * This method returns all of the current scan issues for URLs matching the
782 | * specified literal prefix.
783 | *
784 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
785 | * order to extract a specific subset of scan issues. The method performs a
786 | * simple case-sensitive text match, returning all scan issues whose URL
787 | * begins with the specified prefix. If this parameter is null, all issues
788 | * are returned.
789 | * @return Details of the scan issues.
790 | */
791 | IScanIssue[] getScanIssues(String urlPrefix);
792 |
793 | /**
794 | * This method is used to generate a report for the specified Scanner
795 | * issues. The report format can be specified. For all other reporting
796 | * options, the default settings that appear in the reporting UI wizard are
797 | * used.
798 | *
799 | * @param format The format to be used in the report. Accepted values are
800 | * HTML and XML.
801 | * @param issues The Scanner issues to be reported.
802 | * @param file The file to which the report will be saved.
803 | */
804 | void generateScanReport(String format, IScanIssue[] issues,
805 | java.io.File file);
806 |
807 | /**
808 | * This method is used to retrieve the contents of Burp's session handling
809 | * cookie jar. Extensions that provide an
810 | * ISessionHandlingAction can query and update the cookie jar
811 | * in order to handle unusual session handling mechanisms.
812 | *
813 | * @return A list of ICookie objects representing the contents
814 | * of Burp's session handling cookie jar.
815 | */
816 | List getCookieJarContents();
817 |
818 | /**
819 | * This method is used to update the contents of Burp's session handling
820 | * cookie jar. Extensions that provide an
821 | * ISessionHandlingAction can query and update the cookie jar
822 | * in order to handle unusual session handling mechanisms.
823 | *
824 | * @param cookie An ICookie object containing details of the
825 | * cookie to be updated. If the cookie jar already contains a cookie that
826 | * matches the specified domain and name, then that cookie will be updated
827 | * with the new value and expiration, unless the new value is
828 | * null, in which case the cookie will be removed. If the
829 | * cookie jar does not already contain a cookie that matches the specified
830 | * domain and name, then the cookie will be added.
831 | */
832 | void updateCookieJar(ICookie cookie);
833 |
834 | /**
835 | * This method can be used to add an item to Burp's site map with the
836 | * specified request/response details. This will overwrite the details of
837 | * any existing matching item in the site map.
838 | *
839 | * @param item Details of the item to be added to the site map
840 | */
841 | void addToSiteMap(IHttpRequestResponse item);
842 |
843 | /**
844 | * This method can be used to restore Burp's state from a specified saved
845 | * state file. This method blocks until the restore operation is completed,
846 | * and must not be called from the event dispatch thread.
847 | *
848 | * @param file The file containing Burp's saved state.
849 | * @deprecated State files have been replaced with Burp project files.
850 | */
851 | @Deprecated
852 | void restoreState(java.io.File file);
853 |
854 | /**
855 | * This method can be used to save Burp's state to a specified file. This
856 | * method blocks until the save operation is completed, and must not be
857 | * called from the event dispatch thread.
858 | *
859 | * @param file The file to save Burp's state in.
860 | * @deprecated State files have been replaced with Burp project files.
861 | */
862 | @Deprecated
863 | void saveState(java.io.File file);
864 |
865 | /**
866 | * This method causes Burp to save all of its current configuration as a Map
867 | * of name/value Strings.
868 | *
869 | * @return A Map of name/value Strings reflecting Burp's current
870 | * configuration.
871 | * @deprecated Use saveConfigAsJson() instead.
872 | */
873 | @Deprecated
874 | Map saveConfig();
875 |
876 | /**
877 | * This method causes Burp to load a new configuration from the Map of
878 | * name/value Strings provided. Any settings not specified in the Map will
879 | * be restored to their default values. To selectively update only some
880 | * settings and leave the rest unchanged, you should first call
881 | * saveConfig() to obtain Burp's current configuration, modify
882 | * the relevant items in the Map, and then call loadConfig()
883 | * with the same Map.
884 | *
885 | * @param config A map of name/value Strings to use as Burp's new
886 | * configuration.
887 | * @deprecated Use loadConfigFromJson() instead.
888 | */
889 | @Deprecated
890 | void loadConfig(Map config);
891 |
892 | /**
893 | * This method causes Burp to save its current project-level configuration
894 | * in JSON format. This is the same format that can be saved and loaded via
895 | * the Burp user interface. To include only certain sections of the
896 | * configuration, you can optionally supply the path to each section that
897 | * should be included, for example: "project_options.connections". If no
898 | * paths are provided, then the entire configuration will be saved.
899 | *
900 | * @param configPaths A list of Strings representing the path to each
901 | * configuration section that should be included.
902 | * @return A String representing the current configuration in JSON format.
903 | */
904 | String saveConfigAsJson(String... configPaths);
905 |
906 | /**
907 | * This method causes Burp to load a new project-level configuration from
908 | * the JSON String provided. This is the same format that can be saved and
909 | * loaded via the Burp user interface. Partial configurations are
910 | * acceptable, and any settings not specified will be left unmodified.
911 | *
912 | * Any user-level configuration options contained in the input will be
913 | * ignored.
914 | *
915 | * @param config A JSON String containing the new configuration.
916 | */
917 | void loadConfigFromJson(String config);
918 |
919 | /**
920 | * This method sets the master interception mode for Burp Proxy.
921 | *
922 | * @param enabled Indicates whether interception of Proxy messages should be
923 | * enabled.
924 | */
925 | void setProxyInterceptionEnabled(boolean enabled);
926 |
927 | /**
928 | * This method retrieves information about the version of Burp in which the
929 | * extension is running. It can be used by extensions to dynamically adjust
930 | * their behavior depending on the functionality and APIs supported by the
931 | * current version.
932 | *
933 | * @return An array of Strings comprised of: the product name (e.g. Burp
934 | * Suite Professional), the major version (e.g. 1.5), the minor version
935 | * (e.g. 03)
936 | */
937 | String[] getBurpVersion();
938 |
939 | /**
940 | * This method retrieves the absolute path name of the file from which the
941 | * current extension was loaded.
942 | *
943 | * @return The absolute path name of the file from which the current
944 | * extension was loaded.
945 | */
946 | String getExtensionFilename();
947 |
948 | /**
949 | * This method determines whether the current extension was loaded as a BApp
950 | * (a Burp App from the BApp Store).
951 | *
952 | * @return Returns true if the current extension was loaded as a BApp.
953 | */
954 | boolean isExtensionBapp();
955 |
956 | /**
957 | * This method can be used to shut down Burp programmatically, with an
958 | * optional prompt to the user. If the method returns, the user canceled the
959 | * shutdown prompt.
960 | *
961 | * @param promptUser Indicates whether to prompt the user to confirm the
962 | * shutdown.
963 | */
964 | void exitSuite(boolean promptUser);
965 |
966 | /**
967 | * This method is used to create a temporary file on disk containing the
968 | * provided data. Extensions can use temporary files for long-term storage
969 | * of runtime data, avoiding the need to retain that data in memory.
970 | *
971 | * @param buffer The data to be saved to a temporary file.
972 | * @return An object that implements the ITempFile interface.
973 | */
974 | ITempFile saveToTempFile(byte[] buffer);
975 |
976 | /**
977 | * This method is used to save the request and response of an
978 | * IHttpRequestResponse object to temporary files, so that they
979 | * are no longer held in memory. Extensions can used this method to convert
980 | * IHttpRequestResponse objects into a form suitable for
981 | * long-term storage.
982 | *
983 | * @param httpRequestResponse The IHttpRequestResponse object
984 | * whose request and response messages are to be saved to temporary files.
985 | * @return An object that implements the
986 | * IHttpRequestResponsePersisted interface.
987 | */
988 | IHttpRequestResponsePersisted saveBuffersToTempFiles(
989 | IHttpRequestResponse httpRequestResponse);
990 |
991 | /**
992 | * This method is used to apply markers to an HTTP request or response, at
993 | * offsets into the message that are relevant for some particular purpose.
994 | * Markers are used in various situations, such as specifying Intruder
995 | * payload positions, Scanner insertion points, and highlights in Scanner
996 | * issues.
997 | *
998 | * @param httpRequestResponse The IHttpRequestResponse object
999 | * to which the markers should be applied.
1000 | * @param requestMarkers A list of index pairs representing the offsets of
1001 | * markers to be applied to the request message. Each item in the list must
1002 | * be an int[2] array containing the start and end offsets for the marker.
1003 | * The markers in the list should be in sequence and not overlapping. This
1004 | * parameter is optional and may be null if no request markers
1005 | * are required.
1006 | * @param responseMarkers A list of index pairs representing the offsets of
1007 | * markers to be applied to the response message. Each item in the list must
1008 | * be an int[2] array containing the start and end offsets for the marker.
1009 | * The markers in the list should be in sequence and not overlapping. This
1010 | * parameter is optional and may be null if no response markers
1011 | * are required.
1012 | * @return An object that implements the
1013 | * IHttpRequestResponseWithMarkers interface.
1014 | */
1015 | IHttpRequestResponseWithMarkers applyMarkers(
1016 | IHttpRequestResponse httpRequestResponse,
1017 | List requestMarkers,
1018 | List responseMarkers);
1019 |
1020 | /**
1021 | * This method is used to obtain the descriptive name for the Burp tool
1022 | * identified by the tool flag provided.
1023 | *
1024 | * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY,
1025 | * TOOL_SCANNER, etc.). Tool flags are defined within this
1026 | * interface.
1027 | * @return The descriptive name for the specified tool.
1028 | */
1029 | String getToolName(int toolFlag);
1030 |
1031 | /**
1032 | * This method is used to register a new Scanner issue. Note:
1033 | * Wherever possible, extensions should implement custom Scanner checks
1034 | * using IScannerCheck and report issues via those checks, so
1035 | * as to integrate with Burp's user-driven workflow, and ensure proper
1036 | * consolidation of duplicate reported issues. This method is only designed
1037 | * for tasks outside of the normal testing workflow, such as importing
1038 | * results from other scanning tools.
1039 | *
1040 | * @param issue An object created by the extension that implements the
1041 | * IScanIssue interface.
1042 | */
1043 | void addScanIssue(IScanIssue issue);
1044 |
1045 | /**
1046 | * This method is used to create a new Burp Collaborator client context,
1047 | * which can be used to generate Burp Collaborator payloads and poll the
1048 | * Collaborator server for any network interactions that result from using
1049 | * those payloads.
1050 | *
1051 | * @return A new instance of IBurpCollaboratorClientContext
1052 | * that can be used to generate Collaborator payloads and retrieve
1053 | * interactions.
1054 | */
1055 | IBurpCollaboratorClientContext createBurpCollaboratorClientContext();
1056 |
1057 | /**
1058 | * This method parses the specified request and returns details of each
1059 | * request parameter.
1060 | *
1061 | * @param request The request to be parsed.
1062 | * @return An array of: String[] { name, value, type }
1063 | * containing details of the parameters contained within the request.
1064 | * @deprecated Use IExtensionHelpers.analyzeRequest() instead.
1065 | */
1066 | @Deprecated
1067 | String[][] getParameters(byte[] request);
1068 |
1069 | /**
1070 | * This method parses the specified request and returns details of each HTTP
1071 | * header.
1072 | *
1073 | * @param message The request to be parsed.
1074 | * @return An array of HTTP headers.
1075 | * @deprecated Use IExtensionHelpers.analyzeRequest() or
1076 | * IExtensionHelpers.analyzeResponse() instead.
1077 | */
1078 | @Deprecated
1079 | String[] getHeaders(byte[] message);
1080 |
1081 | /**
1082 | * This method can be used to register a new menu item which will appear on
1083 | * the various context menus that are used throughout Burp Suite to handle
1084 | * user-driven actions.
1085 | *
1086 | * @param menuItemCaption The caption to be displayed on the menu item.
1087 | * @param menuItemHandler The handler to be invoked when the user clicks on
1088 | * the menu item.
1089 | * @deprecated Use registerContextMenuFactory() instead.
1090 | */
1091 | @Deprecated
1092 | void registerMenuItem(
1093 | String menuItemCaption,
1094 | IMenuItemHandler menuItemHandler);
1095 | }
1096 |
--------------------------------------------------------------------------------