├── images ├── nimbus.png └── darcula.png ├── src ├── burp │ ├── TabClickHandler.java │ ├── IScopeChangeListener.java │ ├── IHttpRequestResponsePersisted.java │ ├── IIntruderAttack.java │ ├── ITempFile.java │ ├── IExtensionStateListener.java │ ├── IBurpExtender.java │ ├── IScannerListener.java │ ├── IHttpService.java │ ├── ITab.java │ ├── IMenuItemHandler.java │ ├── IProxyListener.java │ ├── IBurpCollaboratorInteraction.java │ ├── IContextMenuFactory.java │ ├── IScannerInsertionPointProvider.java │ ├── IHttpListener.java │ ├── IIntruderPayloadGeneratorFactory.java │ ├── IMessageEditorTabFactory.java │ ├── IIntruderPayloadProcessor.java │ ├── IHttpRequestResponseWithMarkers.java │ ├── IIntruderPayloadGenerator.java │ ├── ICookie.java │ ├── IMessageEditorController.java │ ├── IResponseKeywords.java │ ├── ISessionHandlingAction.java │ ├── IResponseInfo.java │ ├── IResponseVariations.java │ ├── IMessageEditor.java │ ├── IScanQueueItem.java │ ├── IRequestInfo.java │ ├── TabWatcher.java │ ├── ITextEditor.java │ ├── IHttpRequestResponse.java │ ├── IParameter.java │ ├── IScannerCheck.java │ ├── IBurpCollaboratorClientContext.java │ ├── IMessageEditorTab.java │ ├── IScanIssue.java │ ├── IInterceptedProxyMessage.java │ ├── IContextMenuInvocation.java │ ├── IScannerInsertionPoint.java │ ├── BurpExtender.java │ └── IExtensionHelpers.java └── helper │ ├── BurpFunctions.java │ ├── UIStuff.java │ ├── Utilities.java │ └── HTTPMessage.java ├── .project ├── README.md ├── .externalToolBuilders └── MakeTabsEssentials.launch └── LICENSE /images/nimbus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/irsdl/BurpTabEssentials/HEAD/images/nimbus.png -------------------------------------------------------------------------------- /images/darcula.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/irsdl/BurpTabEssentials/HEAD/images/darcula.png -------------------------------------------------------------------------------- /src/burp/TabClickHandler.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.awt.event.MouseAdapter; 4 | import java.awt.event.MouseEvent; 5 | import java.util.function.Consumer; 6 | 7 | public class TabClickHandler extends MouseAdapter { 8 | 9 | Consumer mouseEventConsumer; 10 | 11 | public TabClickHandler(Consumer consumer){ 12 | this.mouseEventConsumer = consumer; 13 | } 14 | 15 | @Override 16 | public void mouseClicked(MouseEvent e) { 17 | this.mouseEventConsumer.accept(e); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | BurpTabsEssentials 4 | 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | org.eclipse.ui.externaltools.ExternalToolBuilder 15 | 16 | 17 | LaunchConfigHandle 18 | <project>/.externalToolBuilders/MakeTabsEssentials.launch 19 | 20 | 21 | 22 | 23 | 24 | org.eclipse.jdt.core.javanature 25 | 26 | 27 | -------------------------------------------------------------------------------- /src/burp/IScopeChangeListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScopeChangeListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register 15 | * a scope change listener. The listener will be notified whenever a change 16 | * occurs to Burp's suite-wide target scope. 17 | */ 18 | public interface IScopeChangeListener 19 | { 20 | /** 21 | * This method is invoked whenever a change occurs to Burp's suite-wide 22 | * target scope. 23 | */ 24 | void scopeChanged(); 25 | } 26 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponsePersisted.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponsePersisted.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for an 14 | * IHttpRequestResponse object whose request and response messages 15 | * have been saved to temporary files using 16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles(). 17 | */ 18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse 19 | { 20 | /** 21 | * This method is deprecated and no longer performs any action. 22 | */ 23 | @Deprecated 24 | void deleteTempFiles(); 25 | } 26 | -------------------------------------------------------------------------------- /src/burp/IIntruderAttack.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderAttack.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an Intruder attack. 14 | */ 15 | public interface IIntruderAttack 16 | { 17 | /** 18 | * This method is used to retrieve the HTTP service for the attack. 19 | * 20 | * @return The HTTP service for the attack. 21 | */ 22 | IHttpService getHttpService(); 23 | 24 | /** 25 | * This method is used to retrieve the request template for the attack. 26 | * 27 | * @return The request template for the attack. 28 | */ 29 | byte[] getRequestTemplate(); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /src/helper/BurpFunctions.java: -------------------------------------------------------------------------------- 1 | package helper; 2 | 3 | import java.io.PrintWriter; 4 | 5 | import burp.IBurpExtenderCallbacks; 6 | 7 | public class BurpFunctions { 8 | public static Object loadExtensionSettingHelper(String name, String type, Object defaultValue,IBurpExtenderCallbacks callbacks, PrintWriter stderr) { 9 | Object value = null; 10 | try { 11 | String temp_value = callbacks.loadExtensionSetting(name); 12 | if(temp_value!=null && !temp_value.equals("")) { 13 | switch(type.toLowerCase()){ 14 | case "int": 15 | case "integer": 16 | value = Integer.valueOf(temp_value); 17 | break; 18 | case "bool": 19 | case "boolean": 20 | value = Boolean.valueOf(temp_value); 21 | break; 22 | default: 23 | value = temp_value; 24 | break; 25 | } 26 | } 27 | }catch(Exception e) { 28 | stderr.println(e.getMessage()); 29 | } 30 | 31 | if(value==null) { 32 | value = defaultValue; 33 | } 34 | return value; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /src/burp/ITempFile.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITempFile.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details of a temporary file that has been 14 | * created via a call to 15 | * IBurpExtenderCallbacks.saveToTempFile(). 16 | * 17 | */ 18 | public interface ITempFile 19 | { 20 | /** 21 | * This method is used to retrieve the contents of the buffer that was saved 22 | * in the temporary file. 23 | * 24 | * @return The contents of the buffer that was saved in the temporary file. 25 | */ 26 | byte[] getBuffer(); 27 | 28 | /** 29 | * This method is deprecated and no longer performs any action. 30 | */ 31 | @Deprecated 32 | void delete(); 33 | } 34 | -------------------------------------------------------------------------------- /src/burp/IExtensionStateListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionStateListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to 15 | * register an extension state listener. The listener will be notified of 16 | * changes to the extension's state. Note: Any extensions that start 17 | * background threads or open system resources (such as files or database 18 | * connections) should register a listener and terminate threads / close 19 | * resources when the extension is unloaded. 20 | */ 21 | public interface IExtensionStateListener 22 | { 23 | /** 24 | * This method is called when the extension is unloaded. 25 | */ 26 | void extensionUnloaded(); 27 | } 28 | -------------------------------------------------------------------------------- /src/burp/IBurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtender.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * All extensions must implement this interface. 14 | * 15 | * Implementations must be called BurpExtender, in the package burp, must be 16 | * declared public, and must provide a default (public, no-argument) 17 | * constructor. 18 | */ 19 | public interface IBurpExtender 20 | { 21 | /** 22 | * This method is invoked when the extension is loaded. It registers an 23 | * instance of the 24 | * IBurpExtenderCallbacks interface, providing methods that may 25 | * be invoked by the extension to perform various actions. 26 | * 27 | * @param callbacks An 28 | * IBurpExtenderCallbacks object. 29 | */ 30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); 31 | } 32 | -------------------------------------------------------------------------------- /src/burp/IScannerListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScannerListener() to register a 15 | * Scanner listener. The listener will be notified of new issues that are 16 | * reported by the Scanner tool. Extensions can perform custom analysis or 17 | * logging of Scanner issues by registering a Scanner listener. 18 | */ 19 | public interface IScannerListener 20 | { 21 | /** 22 | * This method is invoked when a new issue is added to Burp Scanner's 23 | * results. 24 | * 25 | * @param issue An 26 | * IScanIssue object that the extension can query to obtain 27 | * details about the new issue. 28 | */ 29 | void newScanIssue(IScanIssue issue); 30 | } 31 | -------------------------------------------------------------------------------- /src/burp/IHttpService.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpService.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to provide details about an HTTP service, to which 14 | * HTTP requests can be sent. 15 | */ 16 | public interface IHttpService 17 | { 18 | /** 19 | * This method returns the hostname or IP address for the service. 20 | * 21 | * @return The hostname or IP address for the service. 22 | */ 23 | String getHost(); 24 | 25 | /** 26 | * This method returns the port number for the service. 27 | * 28 | * @return The port number for the service. 29 | */ 30 | int getPort(); 31 | 32 | /** 33 | * This method returns the protocol for the service. 34 | * 35 | * @return The protocol for the service. Expected values are "http" or 36 | * "https". 37 | */ 38 | String getProtocol(); 39 | } 40 | -------------------------------------------------------------------------------- /src/burp/ITab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide Burp with details of a custom tab that will 16 | * be added to Burp's UI, using a method such as 17 | * IBurpExtenderCallbacks.addSuiteTab(). 18 | */ 19 | public interface ITab 20 | { 21 | /** 22 | * Burp uses this method to obtain the caption that should appear on the 23 | * custom tab when it is displayed. 24 | * 25 | * @return The caption that should appear on the custom tab when it is 26 | * displayed. 27 | */ 28 | String getTabCaption(); 29 | 30 | /** 31 | * Burp uses this method to obtain the component that should be used as the 32 | * contents of the custom tab when it is displayed. 33 | * 34 | * @return The component that should be used as the contents of the custom 35 | * tab when it is displayed. 36 | */ 37 | Component getUiComponent(); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/IMenuItemHandler.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMenuItemHandler.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom 15 | * context menu item. 16 | * 17 | * @deprecated Use 18 | * IContextMenuFactory instead. 19 | */ 20 | @Deprecated 21 | public interface IMenuItemHandler 22 | { 23 | /** 24 | * This method is invoked by Burp Suite when the user clicks on a custom 25 | * menu item which the extension has registered with Burp. 26 | * 27 | * @param menuItemCaption The caption of the menu item which was clicked. 28 | * This parameter enables extensions to provide a single implementation 29 | * which handles multiple different menu items. 30 | * @param messageInfo Details of the HTTP message(s) for which the context 31 | * menu was displayed. 32 | */ 33 | void menuItemClicked( 34 | String menuItemCaption, 35 | IHttpRequestResponse[] messageInfo); 36 | } 37 | -------------------------------------------------------------------------------- /src/burp/IProxyListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IProxyListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerProxyListener() to register a 15 | * Proxy listener. The listener will be notified of requests and responses being 16 | * processed by the Proxy tool. Extensions can perform custom analysis or 17 | * modification of these messages, and control in-UI message interception, by 18 | * registering a proxy listener. 19 | */ 20 | public interface IProxyListener 21 | { 22 | /** 23 | * This method is invoked when an HTTP message is being processed by the 24 | * Proxy. 25 | * 26 | * @param messageIsRequest Indicates whether the HTTP message is a request 27 | * or a response. 28 | * @param message An 29 | * IInterceptedProxyMessage object that extensions can use to 30 | * query and update details of the message, and control whether the message 31 | * should be intercepted and displayed to the user for manual review or 32 | * modification. 33 | */ 34 | void processProxyMessage( 35 | boolean messageIsRequest, 36 | IInterceptedProxyMessage message); 37 | } 38 | -------------------------------------------------------------------------------- /src/burp/IBurpCollaboratorInteraction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpCollaboratorInteraction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Map; 13 | 14 | /** 15 | * This interface represents a network interaction that occurred with the Burp 16 | * Collaborator server. 17 | */ 18 | public interface IBurpCollaboratorInteraction 19 | { 20 | 21 | /** 22 | * This method is used to retrieve a property of the interaction. Properties 23 | * of all interactions are: interaction_id, type, client_ip, and time_stamp. 24 | * Properties of DNS interactions are: query_type and raw_query. The 25 | * raw_query value is Base64-encoded. Properties of HTTP interactions are: 26 | * protocol, request, and response. The request and response values are 27 | * Base64-encoded. 28 | * 29 | * @param name The name of the property to retrieve. 30 | * @return A string representing the property value, or null if not present. 31 | */ 32 | String getProperty(String name); 33 | 34 | /** 35 | * This method is used to retrieve a map containing all properties of the 36 | * interaction. 37 | * 38 | * @return A map containing all properties of the interaction. 39 | */ 40 | Map getProperties(); 41 | } 42 | -------------------------------------------------------------------------------- /src/burp/IContextMenuFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | 13 | import javax.swing.JMenuItem; 14 | import java.util.List; 15 | 16 | /** 17 | * Extensions can implement this interface and then call 18 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register 19 | * a factory for custom context menu items. 20 | */ 21 | public interface IContextMenuFactory 22 | { 23 | /** 24 | * This method will be called by Burp when the user invokes a context menu 25 | * anywhere within Burp. The factory can then provide any custom context 26 | * menu items that should be displayed in the context menu, based on the 27 | * details of the menu invocation. 28 | * 29 | * @param invocation An object that implements the 30 | * IContextMenuInvocation interface, which the extension can 31 | * query to obtain details of the context menu invocation. 32 | * @return A list of custom menu items (which may include sub-menus, 33 | * checkbox menu items, etc.) that should be displayed. Extensions may 34 | * return 35 | * null from this method, to indicate that no menu items are 36 | * required. 37 | */ 38 | List createMenuItems(IContextMenuInvocation invocation); 39 | } 40 | -------------------------------------------------------------------------------- /src/burp/IScannerInsertionPointProvider.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPointProvider.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() 17 | * to register a factory for custom Scanner insertion points. 18 | */ 19 | public interface IScannerInsertionPointProvider 20 | { 21 | /** 22 | * When a request is actively scanned, the Scanner will invoke this method, 23 | * and the provider should provide a list of custom insertion points that 24 | * will be used in the scan. Note: these insertion points are used in 25 | * addition to those that are derived from Burp Scanner's configuration, and 26 | * those provided by any other Burp extensions. 27 | * 28 | * @param baseRequestResponse The base request that will be actively 29 | * scanned. 30 | * @return A list of 31 | * IScannerInsertionPoint objects that should be used in the 32 | * scanning, or 33 | * null if no custom insertion points are applicable for this 34 | * request. 35 | */ 36 | List getInsertionPoints( 37 | IHttpRequestResponse baseRequestResponse); 38 | } 39 | -------------------------------------------------------------------------------- /src/burp/IHttpListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerHttpListener() to register an 15 | * HTTP listener. The listener will be notified of requests and responses made 16 | * by any Burp tool. Extensions can perform custom analysis or modification of 17 | * these messages by registering an HTTP listener. 18 | */ 19 | public interface IHttpListener 20 | { 21 | /** 22 | * This method is invoked when an HTTP request is about to be issued, and 23 | * when an HTTP response has been received. 24 | * 25 | * @param toolFlag A flag indicating the Burp tool that issued the request. 26 | * Burp tool flags are defined in the 27 | * IBurpExtenderCallbacks interface. 28 | * @param messageIsRequest Flags whether the method is being invoked for a 29 | * request or response. 30 | * @param messageInfo Details of the request / response to be processed. 31 | * Extensions can call the setter methods on this object to update the 32 | * current message and so modify Burp's behavior. 33 | */ 34 | void processHttpMessage(int toolFlag, 35 | boolean messageIsRequest, 36 | IHttpRequestResponse messageInfo); 37 | } 38 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadGeneratorFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGeneratorFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() 15 | * to register a factory for custom Intruder payloads. 16 | */ 17 | public interface IIntruderPayloadGeneratorFactory 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload generator. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use extension-generated payloads. 23 | * 24 | * @return The name of the payload generator. 25 | */ 26 | String getGeneratorName(); 27 | 28 | /** 29 | * This method is used by Burp when the user starts an Intruder attack that 30 | * uses this payload generator. 31 | * 32 | * @param attack An 33 | * IIntruderAttack object that can be queried to obtain details 34 | * about the attack in which the payload generator will be used. 35 | * @return A new instance of 36 | * IIntruderPayloadGenerator that will be used to generate 37 | * payloads for the attack. 38 | */ 39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); 40 | } 41 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorTabFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTabFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to 15 | * register a factory for custom message editor tabs. This allows extensions to 16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP 17 | * editor. 18 | */ 19 | public interface IMessageEditorTabFactory 20 | { 21 | /** 22 | * Burp will call this method once for each HTTP message editor, and the 23 | * factory should provide a new instance of an 24 | * IMessageEditorTab object. 25 | * 26 | * @param controller An 27 | * IMessageEditorController object, which the new tab can query 28 | * to retrieve details about the currently displayed message. This may be 29 | * null for extension-invoked message editors where the 30 | * extension has not provided an editor controller. 31 | * @param editable Indicates whether the hosting editor is editable or 32 | * read-only. 33 | * @return A new 34 | * IMessageEditorTab object for use within the message editor. 35 | */ 36 | IMessageEditorTab createNewInstance(IMessageEditorController controller, 37 | boolean editable); 38 | } 39 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # BurpTabEssentials 2 | This changes the style of Burp Suite's Repeater tabs to help the testers. 3 | 4 | These features have been added by traversing the Java UI objects and manipulating them along the way. Therefore, it might not be as good as other built-in features, but that's the only thing we have at the moment to change the tab colours or their style :-) 5 | 6 | # Installation and Usage 7 | * Download the jar file from the [release](https://github.com/irsdl/BurpTabEssentials/releases) section 8 | * Add it to Burp Suite using the Extender tab 9 | * You can use the following key combinations: 10 | 11 | | Combination | Description | 12 | | --- | --- | 13 | |Right Click| Show Context Menu| 14 | |Right Click + CTRL| Increase the Font Size + Bold| 15 | |Right Click + CTRL + SHIFT| Decrease the Font Size + Bold| 16 | |Right Click + SHIFT| Big + Green + Bold| 17 | |Right Click + ALT| Big + Blue + Bold| 18 | |Right Click + CTRL + ALT| Big + Orange + Bold| 19 | |Right Click + CTRL + ALT + Shift| Fun!| 20 | 21 | **Images** 22 | 23 | ![Darcula](https://github.com/irsdl/BurpTabEssentials/blob/master/images/darcula.png) 24 | 25 | ![Nimbus](https://github.com/irsdl/BurpTabEssentials/blob/master/images/nimbus.png) 26 | 27 | **Thanks to** 28 | 29 | The simple idea behind changing a repeater tab colour came originally from a private extension written by Bruno Demarche a few years before this extension. That extension changed the text colour of a repeater tab when a comment was added to a request. 30 | 31 | 32 | **Limitations** 33 | * It **does not** save the settings – they need to be saved against the project file 34 | * It's been tested against v2.0.x but should work fine against v1.7.x 35 | * It might be confused if you add the extension more than once or reload it multiple times (try to restart burp) 36 | 37 | Please feel free to report bugs or add features 38 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadProcessor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadProcessor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to 15 | * register a custom Intruder payload processor. 16 | */ 17 | public interface IIntruderPayloadProcessor 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload processor. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use an extension-provided payload processor. 23 | * 24 | * @return The name of the payload processor. 25 | */ 26 | String getProcessorName(); 27 | 28 | /** 29 | * This method is invoked by Burp each time the processor should be applied 30 | * to an Intruder payload. 31 | * 32 | * @param currentPayload The value of the payload to be processed. 33 | * @param originalPayload The value of the original payload prior to 34 | * processing by any already-applied processing rules. 35 | * @param baseValue The base value of the payload position, which will be 36 | * replaced with the current payload. 37 | * @return The value of the processed payload. This may be 38 | * null to indicate that the current payload should be skipped, 39 | * and the attack will move directly to the next payload. 40 | */ 41 | byte[] processPayload( 42 | byte[] currentPayload, 43 | byte[] originalPayload, 44 | byte[] baseValue); 45 | } 46 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponseWithMarkers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponseWithMarkers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used for an 16 | * IHttpRequestResponse object that has had markers applied. 17 | * Extensions can create instances of this interface using 18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own 19 | * implementation. Markers are used in various situations, such as specifying 20 | * Intruder payload positions, Scanner insertion points, and highlights in 21 | * Scanner issues. 22 | */ 23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse 24 | { 25 | /** 26 | * This method returns the details of the request markers. 27 | * 28 | * @return A list of index pairs representing the offsets of markers for the 29 | * request message. Each item in the list is an int[2] array containing the 30 | * start and end offsets for the marker. The method may return 31 | * null if no request markers are defined. 32 | */ 33 | List getRequestMarkers(); 34 | 35 | /** 36 | * This method returns the details of the response markers. 37 | * 38 | * @return A list of index pairs representing the offsets of markers for the 39 | * response message. Each item in the list is an int[2] array containing the 40 | * start and end offsets for the marker. The method may return 41 | * null if no response markers are defined. 42 | */ 43 | List getResponseMarkers(); 44 | } 45 | -------------------------------------------------------------------------------- /src/burp/IIntruderPayloadGenerator.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGenerator.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for custom Intruder payload generators. Extensions 14 | * that have registered an 15 | * IIntruderPayloadGeneratorFactory must return a new instance of 16 | * this interface when required as part of a new Intruder attack. 17 | */ 18 | public interface IIntruderPayloadGenerator 19 | { 20 | /** 21 | * This method is used by Burp to determine whether the payload generator is 22 | * able to provide any further payloads. 23 | * 24 | * @return Extensions should return 25 | * false when all the available payloads have been used up, 26 | * otherwise 27 | * true. 28 | */ 29 | boolean hasMorePayloads(); 30 | 31 | /** 32 | * This method is used by Burp to obtain the value of the next payload. 33 | * 34 | * @param baseValue The base value of the current payload position. This 35 | * value may be 36 | * null if the concept of a base value is not applicable (e.g. 37 | * in a battering ram attack). 38 | * @return The next payload to use in the attack. 39 | */ 40 | byte[] getNextPayload(byte[] baseValue); 41 | 42 | /** 43 | * This method is used by Burp to reset the state of the payload generator 44 | * so that the next call to 45 | * getNextPayload() returns the first payload again. This 46 | * method will be invoked when an attack uses the same payload generator for 47 | * more than one payload position, for example in a sniper attack. 48 | */ 49 | void reset(); 50 | } 51 | -------------------------------------------------------------------------------- /src/burp/ICookie.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ICookie.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Date; 13 | 14 | /** 15 | * This interface is used to hold details about an HTTP cookie. 16 | */ 17 | public interface ICookie 18 | { 19 | /** 20 | * This method is used to retrieve the domain for which the cookie is in 21 | * scope. 22 | * 23 | * @return The domain for which the cookie is in scope. Note: For 24 | * cookies that have been analyzed from responses (by calling 25 | * IExtensionHelpers.analyzeResponse() and then 26 | * IResponseInfo.getCookies(), the domain will be 27 | * null if the response did not explicitly set a domain 28 | * attribute for the cookie. 29 | */ 30 | String getDomain(); 31 | 32 | /** 33 | * This method is used to retrieve the path for which the cookie is in 34 | * scope. 35 | * 36 | * @return The path for which the cookie is in scope or null if none is set. 37 | */ 38 | String getPath(); 39 | 40 | /** 41 | * This method is used to retrieve the expiration time for the cookie. 42 | * 43 | * @return The expiration time for the cookie, or 44 | * null if none is set (i.e., for non-persistent session 45 | * cookies). 46 | */ 47 | Date getExpiration(); 48 | 49 | /** 50 | * This method is used to retrieve the name of the cookie. 51 | * 52 | * @return The name of the cookie. 53 | */ 54 | String getName(); 55 | 56 | /** 57 | * This method is used to retrieve the value of the cookie. 58 | * @return The value of the cookie. 59 | */ 60 | String getValue(); 61 | } 62 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorController.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorController.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used by an 14 | * IMessageEditor to obtain details about the currently displayed 15 | * message. Extensions that create instances of Burp's HTTP message editor can 16 | * optionally provide an implementation of 17 | * IMessageEditorController, which the editor will invoke when it 18 | * requires further information about the current message (for example, to send 19 | * it to another Burp tool). Extensions that provide custom editor tabs via an 20 | * IMessageEditorTabFactory will receive a reference to an 21 | * IMessageEditorController object for each tab instance they 22 | * generate, which the tab can invoke if it requires further information about 23 | * the current message. 24 | */ 25 | public interface IMessageEditorController 26 | { 27 | /** 28 | * This method is used to retrieve the HTTP service for the current message. 29 | * 30 | * @return The HTTP service for the current message. 31 | */ 32 | IHttpService getHttpService(); 33 | 34 | /** 35 | * This method is used to retrieve the HTTP request associated with the 36 | * current message (which may itself be a response). 37 | * 38 | * @return The HTTP request associated with the current message. 39 | */ 40 | byte[] getRequest(); 41 | 42 | /** 43 | * This method is used to retrieve the HTTP response associated with the 44 | * current message (which may itself be a request). 45 | * 46 | * @return The HTTP response associated with the current message. 47 | */ 48 | byte[] getResponse(); 49 | } 50 | -------------------------------------------------------------------------------- /.externalToolBuilders/MakeTabsEssentials.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /src/burp/IResponseKeywords.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseKeywords.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to represent the counts of keywords appearing in a 16 | * number of HTTP responses. 17 | */ 18 | public interface IResponseKeywords 19 | { 20 | 21 | /** 22 | * This method is used to obtain the list of keywords whose counts vary 23 | * between the analyzed responses. 24 | * 25 | * @return The keywords whose counts vary between the analyzed responses. 26 | */ 27 | List getVariantKeywords(); 28 | 29 | /** 30 | * This method is used to obtain the list of keywords whose counts do not 31 | * vary between the analyzed responses. 32 | * 33 | * @return The keywords whose counts do not vary between the analyzed 34 | * responses. 35 | */ 36 | List getInvariantKeywords(); 37 | 38 | /** 39 | * This method is used to obtain the number of occurrences of an individual 40 | * keyword in a response. 41 | * 42 | * @param keyword The keyword whose count will be retrieved. 43 | * @param responseIndex The index of the response. Note responses are 44 | * indexed from zero in the order they were originally supplied to the 45 | * IExtensionHelpers.analyzeResponseKeywords() and 46 | * IResponseKeywords.updateWith() methods. 47 | * @return The number of occurrences of the specified keyword for the 48 | * specified response. 49 | */ 50 | int getKeywordCount(String keyword, int responseIndex); 51 | 52 | /** 53 | * This method is used to update the analysis based on additional responses. 54 | * 55 | * @param responses The new responses to include in the analysis. 56 | */ 57 | void updateWith(byte[]... responses); 58 | } 59 | -------------------------------------------------------------------------------- /src/helper/UIStuff.java: -------------------------------------------------------------------------------- 1 | package helper; 2 | 3 | import java.awt.Component; 4 | import java.awt.Container; 5 | import javax.swing.JCheckBox; 6 | import javax.swing.JOptionPane; 7 | 8 | public class UIStuff { 9 | 10 | // Show a message to the user 11 | public static void showMessage(final String strMsg){ 12 | new Thread(new Runnable() 13 | { 14 | @Override 15 | public void run() 16 | { 17 | JOptionPane.showMessageDialog(null, strMsg); 18 | } 19 | }).start(); 20 | 21 | } 22 | 23 | // Show a message to the user 24 | public static void showWarningMessage(final String strMsg){ 25 | new Thread(new Runnable() 26 | { 27 | @Override 28 | public void run() 29 | { 30 | JOptionPane.showMessageDialog(null, strMsg, "Warning", JOptionPane.WARNING_MESSAGE); 31 | } 32 | }).start(); 33 | 34 | } 35 | 36 | // Show a message to the user 37 | public static String showPlainInputMessage(final String strMessage, final String strTitle, final String defaultValue){ 38 | String output = (String)JOptionPane.showInputDialog(null, 39 | strMessage,strTitle,JOptionPane.PLAIN_MESSAGE, null, null, defaultValue); 40 | if(output==null){ 41 | output = defaultValue; 42 | } 43 | return output; 44 | } 45 | 46 | // Common method to ask a multiple question 47 | public static Integer askConfirmMessage(final String strTitle, final String strQuestion, String[] msgOptions){ 48 | final Object[] options = msgOptions; 49 | final int[] choice = new int[1]; 50 | choice[0] = 0; 51 | choice[0] = JOptionPane.showOptionDialog(null, 52 | strQuestion, 53 | strTitle, 54 | JOptionPane.YES_NO_CANCEL_OPTION, 55 | JOptionPane.QUESTION_MESSAGE, 56 | null, 57 | options, 58 | options[0]); 59 | return choice[0]; 60 | } 61 | 62 | // to update the JCheckbox background colour after using the customizeUiComponent() method 63 | public static void updateJCheckBoxBackground(Container c) { 64 | Component[] components = c.getComponents(); 65 | for(Component com : components) { 66 | if(com instanceof JCheckBox) { 67 | com.setBackground(c.getBackground()); 68 | } else if(com instanceof Container) { 69 | updateJCheckBoxBackground((Container) com); 70 | } 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/burp/ISessionHandlingAction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ISessionHandlingAction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to 15 | * register a custom session handling action. Each registered action will be 16 | * available within the session handling rule UI for the user to select as a 17 | * rule action. Users can choose to invoke an action directly in its own right, 18 | * or following execution of a macro. 19 | */ 20 | public interface ISessionHandlingAction 21 | { 22 | /** 23 | * This method is used by Burp to obtain the name of the session handling 24 | * action. This will be displayed as an option within the session handling 25 | * rule editor when the user selects to execute an extension-provided 26 | * action. 27 | * 28 | * @return The name of the action. 29 | */ 30 | String getActionName(); 31 | 32 | /** 33 | * This method is invoked when the session handling action should be 34 | * executed. This may happen as an action in its own right, or as a 35 | * sub-action following execution of a macro. 36 | * 37 | * @param currentRequest The base request that is currently being processed. 38 | * The action can query this object to obtain details about the base 39 | * request. It can issue additional requests of its own if necessary, and 40 | * can use the setter methods on this object to update the base request. 41 | * @param macroItems If the action is invoked following execution of a 42 | * macro, this parameter contains the result of executing the macro. 43 | * Otherwise, it is 44 | * null. Actions can use the details of the macro items to 45 | * perform custom analysis of the macro to derive values of non-standard 46 | * session handling tokens, etc. 47 | */ 48 | void performAction( 49 | IHttpRequestResponse currentRequest, 50 | IHttpRequestResponse[] macroItems); 51 | } 52 | -------------------------------------------------------------------------------- /src/burp/IResponseInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to retrieve key details about an HTTP response. 16 | * Extensions can obtain an 17 | * IResponseInfo object for a given response by calling 18 | * IExtensionHelpers.analyzeResponse(). 19 | */ 20 | public interface IResponseInfo 21 | { 22 | /** 23 | * This method is used to obtain the HTTP headers contained in the response. 24 | * 25 | * @return The HTTP headers contained in the response. 26 | */ 27 | List getHeaders(); 28 | 29 | /** 30 | * This method is used to obtain the offset within the response where the 31 | * message body begins. 32 | * 33 | * @return The offset within the response where the message body begins. 34 | */ 35 | int getBodyOffset(); 36 | 37 | /** 38 | * This method is used to obtain the HTTP status code contained in the 39 | * response. 40 | * 41 | * @return The HTTP status code contained in the response. 42 | */ 43 | short getStatusCode(); 44 | 45 | /** 46 | * This method is used to obtain details of the HTTP cookies set in the 47 | * response. 48 | * 49 | * @return A list of ICookie objects representing the cookies 50 | * set in the response, if any. 51 | */ 52 | List getCookies(); 53 | 54 | /** 55 | * This method is used to obtain the MIME type of the response, as stated in 56 | * the HTTP headers. 57 | * 58 | * @return A textual label for the stated MIME type, or an empty String if 59 | * this is not known or recognized. The possible labels are the same as 60 | * those used in the main Burp UI. 61 | */ 62 | String getStatedMimeType(); 63 | 64 | /** 65 | * This method is used to obtain the MIME type of the response, as inferred 66 | * from the contents of the HTTP message body. 67 | * 68 | * @return A textual label for the inferred MIME type, or an empty String if 69 | * this is not known or recognized. The possible labels are the same as 70 | * those used in the main Burp UI. 71 | */ 72 | String getInferredMimeType(); 73 | } 74 | -------------------------------------------------------------------------------- /src/burp/IResponseVariations.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseVariations.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to represent variations between a number HTTP 16 | * responses, according to various attributes. 17 | */ 18 | public interface IResponseVariations 19 | { 20 | 21 | /** 22 | * This method is used to obtain the list of attributes that vary between 23 | * the analyzed responses. 24 | * 25 | * @return The attributes that vary between the analyzed responses. 26 | */ 27 | List getVariantAttributes(); 28 | 29 | /** 30 | * This method is used to obtain the list of attributes that do not vary 31 | * between the analyzed responses. 32 | * 33 | * @return The attributes that do not vary between the analyzed responses. 34 | */ 35 | List getInvariantAttributes(); 36 | 37 | /** 38 | * This method is used to obtain the value of an individual attribute in a 39 | * response. Note that the values of some attributes are intrinsically 40 | * meaningful (e.g. a word count) while the values of others are less so 41 | * (e.g. a checksum of the HTML tag names). 42 | * 43 | * @param attributeName The name of the attribute whose value will be 44 | * retrieved. Extension authors can obtain the list of supported attributes 45 | * by generating an IResponseVariations object for a single 46 | * response and calling 47 | * IResponseVariations.getInvariantAttributes(). 48 | * @param responseIndex The index of the response. Note that responses are 49 | * indexed from zero in the order they were originally supplied to the 50 | * IExtensionHelpers.analyzeResponseVariations() and 51 | * IResponseVariations.updateWith() methods. 52 | * @return The value of the specified attribute for the specified response. 53 | */ 54 | int getAttributeValue(String attributeName, int responseIndex); 55 | 56 | /** 57 | * This method is used to update the analysis based on additional responses. 58 | * 59 | * @param responses The new responses to include in the analysis. 60 | */ 61 | void updateWith(byte[]... responses); 62 | } 63 | -------------------------------------------------------------------------------- /src/burp/IMessageEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's HTTP 16 | * message editor, for the extension to use in its own UI. Extensions should 17 | * call IBurpExtenderCallbacks.createMessageEditor() to obtain an 18 | * instance of this interface. 19 | */ 20 | public interface IMessageEditor 21 | { 22 | 23 | /** 24 | * This method returns the UI component of the editor, for extensions to add 25 | * to their own UI. 26 | * 27 | * @return The UI component of the editor. 28 | */ 29 | Component getComponent(); 30 | 31 | /** 32 | * This method is used to display an HTTP message in the editor. 33 | * 34 | * @param message The HTTP message to be displayed. 35 | * @param isRequest Flags whether the message is an HTTP request or 36 | * response. 37 | */ 38 | void setMessage(byte[] message, boolean isRequest); 39 | 40 | /** 41 | * This method is used to retrieve the currently displayed message, which 42 | * may have been modified by the user. 43 | * 44 | * @return The currently displayed HTTP message. 45 | */ 46 | byte[] getMessage(); 47 | 48 | /** 49 | * This method is used to determine whether the current message has been 50 | * modified by the user. 51 | * 52 | * @return An indication of whether the current message has been modified by 53 | * the user since it was first displayed. 54 | */ 55 | boolean isMessageModified(); 56 | 57 | /** 58 | * This method returns the data that is currently selected by the user. 59 | * 60 | * @return The data that is currently selected by the user, or 61 | * null if no selection is made. 62 | */ 63 | byte[] getSelectedData(); 64 | 65 | /** 66 | * This method can be used to retrieve the bounds of the user's selection 67 | * into the displayed message, if applicable. 68 | * 69 | * @return An int[2] array containing the start and end offsets of the 70 | * user's selection within the displayed message. If the user has not made 71 | * any selection in the current message, both offsets indicate the position 72 | * of the caret within the editor. For some editor views, the concept of 73 | * selection within the message does not apply, in which case this method 74 | * returns null. 75 | */ 76 | int[] getSelectionBounds(); 77 | } 78 | -------------------------------------------------------------------------------- /src/burp/IScanQueueItem.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanQueueItem.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of items in the Burp Scanner 14 | * active scan queue. Extensions can obtain references to scan queue items by 15 | * calling 16 | * IBurpExtenderCallbacks.doActiveScan(). 17 | */ 18 | public interface IScanQueueItem 19 | { 20 | /** 21 | * This method returns a description of the status of the scan queue item. 22 | * 23 | * @return A description of the status of the scan queue item. 24 | */ 25 | String getStatus(); 26 | 27 | /** 28 | * This method returns an indication of the percentage completed for the 29 | * scan queue item. 30 | * 31 | * @return An indication of the percentage completed for the scan queue 32 | * item. 33 | */ 34 | byte getPercentageComplete(); 35 | 36 | /** 37 | * This method returns the number of requests that have been made for the 38 | * scan queue item. 39 | * 40 | * @return The number of requests that have been made for the scan queue 41 | * item. 42 | */ 43 | int getNumRequests(); 44 | 45 | /** 46 | * This method returns the number of network errors that have occurred for 47 | * the scan queue item. 48 | * 49 | * @return The number of network errors that have occurred for the scan 50 | * queue item. 51 | */ 52 | int getNumErrors(); 53 | 54 | /** 55 | * This method returns the number of attack insertion points being used for 56 | * the scan queue item. 57 | * 58 | * @return The number of attack insertion points being used for the scan 59 | * queue item. 60 | */ 61 | int getNumInsertionPoints(); 62 | 63 | /** 64 | * This method allows the scan queue item to be canceled. 65 | */ 66 | void cancel(); 67 | 68 | /** 69 | * This method returns details of the issues generated for the scan queue 70 | * item. Note: different items within the scan queue may contain 71 | * duplicated versions of the same issues - for example, if the same request 72 | * has been scanned multiple times. Duplicated issues are consolidated in 73 | * the main view of scan results. Extensions can register an 74 | * IScannerListener to get details only of unique, newly 75 | * discovered Scanner issues post-consolidation. 76 | * 77 | * @return Details of the issues generated for the scan queue item. 78 | */ 79 | IScanIssue[] getIssues(); 80 | } 81 | -------------------------------------------------------------------------------- /src/burp/IRequestInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IRequestInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface is used to retrieve key details about an HTTP request. 17 | * Extensions can obtain an 18 | * IRequestInfo object for a given request by calling 19 | * IExtensionHelpers.analyzeRequest(). 20 | */ 21 | public interface IRequestInfo 22 | { 23 | /** 24 | * Used to indicate that there is no content. 25 | */ 26 | static final byte CONTENT_TYPE_NONE = 0; 27 | /** 28 | * Used to indicate URL-encoded content. 29 | */ 30 | static final byte CONTENT_TYPE_URL_ENCODED = 1; 31 | /** 32 | * Used to indicate multi-part content. 33 | */ 34 | static final byte CONTENT_TYPE_MULTIPART = 2; 35 | /** 36 | * Used to indicate XML content. 37 | */ 38 | static final byte CONTENT_TYPE_XML = 3; 39 | /** 40 | * Used to indicate JSON content. 41 | */ 42 | static final byte CONTENT_TYPE_JSON = 4; 43 | /** 44 | * Used to indicate AMF content. 45 | */ 46 | static final byte CONTENT_TYPE_AMF = 5; 47 | /** 48 | * Used to indicate unknown content. 49 | */ 50 | static final byte CONTENT_TYPE_UNKNOWN = -1; 51 | 52 | /** 53 | * This method is used to obtain the HTTP method used in the request. 54 | * 55 | * @return The HTTP method used in the request. 56 | */ 57 | String getMethod(); 58 | 59 | /** 60 | * This method is used to obtain the URL in the request. 61 | * 62 | * @return The URL in the request. 63 | */ 64 | URL getUrl(); 65 | 66 | /** 67 | * This method is used to obtain the HTTP headers contained in the request. 68 | * 69 | * @return The HTTP headers contained in the request. 70 | */ 71 | List getHeaders(); 72 | 73 | /** 74 | * This method is used to obtain the parameters contained in the request. 75 | * 76 | * @return The parameters contained in the request. 77 | */ 78 | List getParameters(); 79 | 80 | /** 81 | * This method is used to obtain the offset within the request where the 82 | * message body begins. 83 | * 84 | * @return The offset within the request where the message body begins. 85 | */ 86 | int getBodyOffset(); 87 | 88 | /** 89 | * This method is used to obtain the content type of the message body. 90 | * 91 | * @return An indication of the content type of the message body. Available 92 | * types are defined within this interface. 93 | */ 94 | byte getContentType(); 95 | } 96 | -------------------------------------------------------------------------------- /src/burp/TabWatcher.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import javax.swing.*; 4 | import java.awt.*; 5 | import java.awt.event.ContainerEvent; 6 | import java.awt.event.ContainerListener; 7 | import java.awt.event.MouseEvent; 8 | import java.awt.event.MouseListener; 9 | import java.util.List; 10 | import java.util.function.Consumer; 11 | 12 | public class TabWatcher implements ContainerListener { 13 | 14 | List supportedTabTitles; 15 | Consumer mouseEventConsumer; 16 | 17 | public TabWatcher(List supportedTabTitles, Consumer mouseEventConsumer){ 18 | this.supportedTabTitles = supportedTabTitles; 19 | this.mouseEventConsumer = mouseEventConsumer; 20 | } 21 | 22 | public void addTabListener(JTabbedPane tabbedPane){ 23 | tabbedPane.addContainerListener(this); 24 | for (Component component : tabbedPane.getComponents()) { 25 | addListenerToSupportedTabbedPanels(tabbedPane, component); 26 | } 27 | } 28 | 29 | public void removeTabListener(JTabbedPane tabbedPane){ 30 | tabbedPane.removeContainerListener(this); 31 | for (Component component : tabbedPane.getComponents()) { 32 | removeListenerFromTabbedPanels(tabbedPane, component); 33 | } 34 | } 35 | 36 | @Override 37 | public void componentAdded(ContainerEvent e) { 38 | addListenerToSupportedTabbedPanels((JTabbedPane) e.getContainer(), e.getChild()); 39 | } 40 | 41 | private void addListenerToSupportedTabbedPanels(JTabbedPane tabbedPane, Component tabComponent){ 42 | //Check tab titles and continue for accepted tab paths. 43 | int componentIndex = tabbedPane.indexOfComponent(tabComponent); 44 | if(componentIndex == -1) { 45 | return; 46 | } 47 | String componentTitle = tabbedPane.getTitleAt(componentIndex); 48 | if(!supportedTabTitles.contains(componentTitle)) return; 49 | 50 | System.out.println("Adding listener to " + componentTitle); 51 | tabComponent.addMouseListener(new TabClickHandler(this.mouseEventConsumer)); 52 | } 53 | 54 | @Override 55 | public void componentRemoved(ContainerEvent e) { 56 | removeListenerFromTabbedPanels((JTabbedPane) e.getContainer(), e.getChild()); 57 | } 58 | 59 | private void removeListenerFromTabbedPanels(JTabbedPane tabbedPane, Component tabComponent){ 60 | int componentIndex = tabbedPane.indexOfComponent(tabComponent); 61 | if(componentIndex == -1) { 62 | return; 63 | } 64 | String componentTitle = tabbedPane.getTitleAt(componentIndex); 65 | if(!supportedTabTitles.contains(componentTitle)) return; 66 | 67 | for (MouseListener mouseListener : tabComponent.getMouseListeners()) { 68 | if(mouseListener instanceof TabClickHandler){ 69 | tabComponent.removeMouseListener(mouseListener); 70 | } 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /src/burp/ITextEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITextEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's raw 16 | * text editor, for the extension to use in its own UI. Extensions should call 17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance 18 | * of this interface. 19 | */ 20 | public interface ITextEditor 21 | { 22 | /** 23 | * This method returns the UI component of the editor, for extensions to add 24 | * to their own UI. 25 | * 26 | * @return The UI component of the editor. 27 | */ 28 | Component getComponent(); 29 | 30 | /** 31 | * This method is used to control whether the editor is currently editable. 32 | * This status can be toggled on and off as required. 33 | * 34 | * @param editable Indicates whether the editor should be currently 35 | * editable. 36 | */ 37 | void setEditable(boolean editable); 38 | 39 | /** 40 | * This method is used to update the currently displayed text in the editor. 41 | * 42 | * @param text The text to be displayed. 43 | */ 44 | void setText(byte[] text); 45 | 46 | /** 47 | * This method is used to retrieve the currently displayed text. 48 | * 49 | * @return The currently displayed text. 50 | */ 51 | byte[] getText(); 52 | 53 | /** 54 | * This method is used to determine whether the user has modified the 55 | * contents of the editor. 56 | * 57 | * @return An indication of whether the user has modified the contents of 58 | * the editor since the last call to 59 | * setText(). 60 | */ 61 | boolean isTextModified(); 62 | 63 | /** 64 | * This method is used to obtain the currently selected text. 65 | * 66 | * @return The currently selected text, or 67 | * null if the user has not made any selection. 68 | */ 69 | byte[] getSelectedText(); 70 | 71 | /** 72 | * This method can be used to retrieve the bounds of the user's selection 73 | * into the displayed text, if applicable. 74 | * 75 | * @return An int[2] array containing the start and end offsets of the 76 | * user's selection within the displayed text. If the user has not made any 77 | * selection in the current message, both offsets indicate the position of 78 | * the caret within the editor. 79 | */ 80 | int[] getSelectionBounds(); 81 | 82 | /** 83 | * This method is used to update the search expression that is shown in the 84 | * search bar below the editor. The editor will automatically highlight any 85 | * regions of the displayed text that match the search expression. 86 | * 87 | * @param expression The search expression. 88 | */ 89 | void setSearchExpression(String expression); 90 | } 91 | -------------------------------------------------------------------------------- /src/helper/Utilities.java: -------------------------------------------------------------------------------- 1 | package helper; 2 | 3 | public class Utilities { 4 | private static final char[] hexChar = { 5 | '0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F' 6 | }; 7 | 8 | public static String URLEncodeAll(String input) { 9 | return URLEncode(input, ""); 10 | } 11 | 12 | public static String URLEncodeSpecial(String input, String specialChars) { 13 | if (specialChars.isEmpty()) specialChars = "!#$&'()*+,/:;=?@[] \"%-.<>\\^_`{|}~"; 14 | return URLEncode(input, specialChars); 15 | } 16 | 17 | public static String URLEncodeSpecial(String input) { 18 | return URLEncodeSpecial(input, ""); 19 | } 20 | 21 | public static String URLEncode(String input, String specialChars) { 22 | // idea from https://codereview.stackexchange.com/questions/102591/efficient-url-escape-percent-encoding 23 | if (input == null || input.isEmpty()) { 24 | return input; 25 | } 26 | StringBuilder result = new StringBuilder(input); 27 | for (int i = input.length() - 1; i >= 0; i--) { 28 | if(specialChars.isEmpty()) { 29 | result.replace(i, i + 1, "%" + String.format("%2s",Integer.toHexString(input.charAt(i))).replace(' ', '0').toUpperCase()); 30 | }else if(specialChars.indexOf(input.charAt(i)) != -1) { 31 | result.replace(i, i + 1, "%" + String.format("%2s",Integer.toHexString(input.charAt(i)).replace(' ', '0').toUpperCase())); 32 | } 33 | } 34 | return result.toString(); 35 | } 36 | 37 | public static String URLEncodeAllBytes(byte[] input) { 38 | // idea from https://codereview.stackexchange.com/questions/102591/efficient-url-escape-percent-encoding 39 | if (input == null) { 40 | return ""; 41 | } 42 | StringBuilder result = new StringBuilder(); 43 | for (byte b: input) { 44 | result.append("%" + String.format("%02x", b).toUpperCase()); 45 | } 46 | return result.toString(); 47 | } 48 | 49 | // https://docs.oracle.com/javase/tutorial/i18n/text/examples/UnicodeFormatter.java 50 | static public String byteToHex(byte b) { 51 | // Returns hex String representation of byte b 52 | char[] array = { hexChar[(b >> 4) & 0x0f], hexChar[b & 0x0f] }; 53 | return new String(array); 54 | } 55 | 56 | // https://docs.oracle.com/javase/tutorial/i18n/text/examples/UnicodeFormatter.java 57 | static public String charToHex(char c) { 58 | // Returns hex String representation of char c 59 | byte hi = (byte) (c >>> 8); 60 | byte lo = (byte) (c & 0xff); 61 | return byteToHex(hi) + byteToHex(lo); 62 | } 63 | 64 | 65 | // http://www.xinotes.net/notes/note/812/ 66 | static public String unicodeEscape(String s, boolean encodeAll, boolean isURL) { 67 | StringBuilder sb = new StringBuilder(); 68 | String escapePrefix = "\\u"; 69 | if(isURL) escapePrefix = "%u"; 70 | for (int i = 0; i < s.length(); i++) { 71 | char c = s.charAt(i); 72 | if ((c >> 7) > 0 || encodeAll) { 73 | sb.append(escapePrefix); 74 | sb.append(hexChar[(c >> 12) & 0xF]); // append the hex character for the left-most 4-bits 75 | sb.append(hexChar[(c >> 8) & 0xF]); // hex for the second group of 4-bits from the left 76 | sb.append(hexChar[(c >> 4) & 0xF]); // hex for the third group 77 | sb.append(hexChar[c & 0xF]); // hex for the last group, e.g., the right most 4-bits 78 | } 79 | else { 80 | sb.append(c); 81 | } 82 | } 83 | return sb.toString(); 84 | } 85 | 86 | 87 | } 88 | -------------------------------------------------------------------------------- /src/burp/IHttpRequestResponse.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponse.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve and update details about HTTP messages. 14 | * 15 | * Note: The setter methods generally can only be used before the message 16 | * has been processed, and not in read-only contexts. The getter methods 17 | * relating to response details can only be used after the request has been 18 | * issued. 19 | */ 20 | public interface IHttpRequestResponse 21 | { 22 | /** 23 | * This method is used to retrieve the request message. 24 | * 25 | * @return The request message. 26 | */ 27 | byte[] getRequest(); 28 | 29 | /** 30 | * This method is used to update the request message. 31 | * 32 | * @param message The new request message. 33 | */ 34 | void setRequest(byte[] message); 35 | 36 | /** 37 | * This method is used to retrieve the response message. 38 | * 39 | * @return The response message. 40 | */ 41 | byte[] getResponse(); 42 | 43 | /** 44 | * This method is used to update the response message. 45 | * 46 | * @param message The new response message. 47 | */ 48 | void setResponse(byte[] message); 49 | 50 | /** 51 | * This method is used to retrieve the user-annotated comment for this item, 52 | * if applicable. 53 | * 54 | * @return The user-annotated comment for this item, or null if none is set. 55 | */ 56 | String getComment(); 57 | 58 | /** 59 | * This method is used to update the user-annotated comment for this item. 60 | * 61 | * @param comment The comment to be assigned to this item. 62 | */ 63 | void setComment(String comment); 64 | 65 | /** 66 | * This method is used to retrieve the user-annotated highlight for this 67 | * item, if applicable. 68 | * 69 | * @return The user-annotated highlight for this item, or null if none is 70 | * set. 71 | */ 72 | String getHighlight(); 73 | 74 | /** 75 | * This method is used to update the user-annotated highlight for this item. 76 | * 77 | * @param color The highlight color to be assigned to this item. Accepted 78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, 79 | * or a null String to clear any existing highlight. 80 | */ 81 | void setHighlight(String color); 82 | 83 | /** 84 | * This method is used to retrieve the HTTP service for this request / 85 | * response. 86 | * 87 | * @return An 88 | * IHttpService object containing details of the HTTP service. 89 | */ 90 | IHttpService getHttpService(); 91 | 92 | /** 93 | * This method is used to update the HTTP service for this request / 94 | * response. 95 | * 96 | * @param httpService An 97 | * IHttpService object containing details of the new HTTP 98 | * service. 99 | */ 100 | void setHttpService(IHttpService httpService); 101 | 102 | } 103 | -------------------------------------------------------------------------------- /src/burp/IParameter.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IParameter.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an HTTP request parameter. 14 | */ 15 | public interface IParameter 16 | { 17 | /** 18 | * Used to indicate a parameter within the URL query string. 19 | */ 20 | static final byte PARAM_URL = 0; 21 | /** 22 | * Used to indicate a parameter within the message body. 23 | */ 24 | static final byte PARAM_BODY = 1; 25 | /** 26 | * Used to indicate an HTTP cookie. 27 | */ 28 | static final byte PARAM_COOKIE = 2; 29 | /** 30 | * Used to indicate an item of data within an XML structure. 31 | */ 32 | static final byte PARAM_XML = 3; 33 | /** 34 | * Used to indicate the value of a tag attribute within an XML structure. 35 | */ 36 | static final byte PARAM_XML_ATTR = 4; 37 | /** 38 | * Used to indicate the value of a parameter attribute within a multi-part 39 | * message body (such as the name of an uploaded file). 40 | */ 41 | static final byte PARAM_MULTIPART_ATTR = 5; 42 | /** 43 | * Used to indicate an item of data within a JSON structure. 44 | */ 45 | static final byte PARAM_JSON = 6; 46 | 47 | /** 48 | * This method is used to retrieve the parameter type. 49 | * 50 | * @return The parameter type. The available types are defined within this 51 | * interface. 52 | */ 53 | byte getType(); 54 | 55 | /** 56 | * This method is used to retrieve the parameter name. 57 | * 58 | * @return The parameter name. 59 | */ 60 | String getName(); 61 | 62 | /** 63 | * This method is used to retrieve the parameter value. 64 | * 65 | * @return The parameter value. 66 | */ 67 | String getValue(); 68 | 69 | /** 70 | * This method is used to retrieve the start offset of the parameter name 71 | * within the HTTP request. 72 | * 73 | * @return The start offset of the parameter name within the HTTP request, 74 | * or -1 if the parameter is not associated with a specific request. 75 | */ 76 | int getNameStart(); 77 | 78 | /** 79 | * This method is used to retrieve the end offset of the parameter name 80 | * within the HTTP request. 81 | * 82 | * @return The end offset of the parameter name within the HTTP request, or 83 | * -1 if the parameter is not associated with a specific request. 84 | */ 85 | int getNameEnd(); 86 | 87 | /** 88 | * This method is used to retrieve the start offset of the parameter value 89 | * within the HTTP request. 90 | * 91 | * @return The start offset of the parameter value within the HTTP request, 92 | * or -1 if the parameter is not associated with a specific request. 93 | */ 94 | int getValueStart(); 95 | 96 | /** 97 | * This method is used to retrieve the end offset of the parameter value 98 | * within the HTTP request. 99 | * 100 | * @return The end offset of the parameter value within the HTTP request, or 101 | * -1 if the parameter is not associated with a specific request. 102 | */ 103 | int getValueEnd(); 104 | } 105 | -------------------------------------------------------------------------------- /src/burp/IScannerCheck.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerCheck.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a 17 | * custom Scanner check. When performing scanning, Burp will ask the check to 18 | * perform active or passive scanning on the base request, and report any 19 | * Scanner issues that are identified. 20 | */ 21 | public interface IScannerCheck 22 | { 23 | 24 | /** 25 | * The Scanner invokes this method for each base request / response that is 26 | * passively scanned. Note: Extensions should only analyze the 27 | * HTTP messages provided during passive scanning, and should not make any 28 | * new HTTP requests of their own. 29 | * 30 | * @param baseRequestResponse The base HTTP request / response that should 31 | * be passively scanned. 32 | * @return A list of IScanIssue objects, or null 33 | * if no issues are identified. 34 | */ 35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse); 36 | 37 | /** 38 | * The Scanner invokes this method for each insertion point that is actively 39 | * scanned. Extensions may issue HTTP requests as required to carry out 40 | * active scanning, and should use the 41 | * IScannerInsertionPoint object provided to build scan 42 | * requests for particular payloads. 43 | * Note: 44 | * Scan checks should submit raw non-encoded payloads to insertion points, 45 | * and the insertion point has responsibility for performing any data 46 | * encoding that is necessary given the nature and location of the insertion 47 | * point. 48 | * 49 | * @param baseRequestResponse The base HTTP request / response that should 50 | * be actively scanned. 51 | * @param insertionPoint An IScannerInsertionPoint object that 52 | * can be queried to obtain details of the insertion point being tested, and 53 | * can be used to build scan requests for particular payloads. 54 | * @return A list of IScanIssue objects, or null 55 | * if no issues are identified. 56 | */ 57 | List doActiveScan( 58 | IHttpRequestResponse baseRequestResponse, 59 | IScannerInsertionPoint insertionPoint); 60 | 61 | /** 62 | * The Scanner invokes this method when the custom Scanner check has 63 | * reported multiple issues for the same URL path. This can arise either 64 | * because there are multiple distinct vulnerabilities, or because the same 65 | * (or a similar) request has been scanned more than once. The custom check 66 | * should determine whether the issues are duplicates. In most cases, where 67 | * a check uses distinct issue names or descriptions for distinct issues, 68 | * the consolidation process will simply be a matter of comparing these 69 | * features for the two issues. 70 | * 71 | * @param existingIssue An issue that was previously reported by this 72 | * Scanner check. 73 | * @param newIssue An issue at the same URL path that has been newly 74 | * reported by this Scanner check. 75 | * @return An indication of which issue(s) should be reported in the main 76 | * Scanner results. The method should return -1 to report the 77 | * existing issue only, 0 to report both issues, and 78 | * 1 to report the new issue only. 79 | */ 80 | int consolidateDuplicateIssues( 81 | IScanIssue existingIssue, 82 | IScanIssue newIssue); 83 | } 84 | -------------------------------------------------------------------------------- /src/burp/IBurpCollaboratorClientContext.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpCollaboratorClientContext.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface represents an instance of a Burp Collaborator client context, 16 | * which can be used to generate Burp Collaborator payloads and poll the 17 | * Collaborator server for any network interactions that result from using those 18 | * payloads. Extensions can obtain new instances of this class by calling 19 | * IBurpExtenderCallbacks.createBurpCollaboratorClientContext(). 20 | * Note that each Burp Collaborator client context is tied to the Collaborator 21 | * server configuration that was in place at the time the context was created. 22 | */ 23 | public interface IBurpCollaboratorClientContext 24 | { 25 | 26 | /** 27 | * This method is used to generate new Burp Collaborator payloads. 28 | * 29 | * @param includeCollaboratorServerLocation Specifies whether to include the 30 | * Collaborator server location in the generated payload. 31 | * @return The payload that was generated. 32 | * 33 | * @throws IllegalStateException if Burp Collaborator is disabled 34 | */ 35 | String generatePayload(boolean includeCollaboratorServerLocation); 36 | 37 | /** 38 | * This method is used to retrieve all interactions received by the 39 | * Collaborator server resulting from payloads that were generated for this 40 | * context. 41 | * 42 | * @return The Collaborator interactions that have occurred resulting from 43 | * payloads that were generated for this context. 44 | * 45 | * @throws IllegalStateException if Burp Collaborator is disabled 46 | */ 47 | List fetchAllCollaboratorInteractions(); 48 | 49 | /** 50 | * This method is used to retrieve interactions received by the Collaborator 51 | * server resulting from a single payload that was generated for this 52 | * context. 53 | * 54 | * @param payload The payload for which interactions will be retrieved. 55 | * @return The Collaborator interactions that have occurred resulting from 56 | * the given payload. 57 | * 58 | * @throws IllegalStateException if Burp Collaborator is disabled 59 | */ 60 | List fetchCollaboratorInteractionsFor(String payload); 61 | 62 | /** 63 | * This method is used to retrieve all interactions made by Burp Infiltrator 64 | * instrumentation resulting from payloads that were generated for this 65 | * context. 66 | * 67 | * @return The interactions triggered by the Burp Infiltrator 68 | * instrumentation that have occurred resulting from payloads that were 69 | * generated for this context. 70 | * 71 | * @throws IllegalStateException if Burp Collaborator is disabled 72 | */ 73 | List fetchAllInfiltratorInteractions(); 74 | 75 | /** 76 | * This method is used to retrieve interactions made by Burp Infiltrator 77 | * instrumentation resulting from a single payload that was generated for 78 | * this context. 79 | * 80 | * @param payload The payload for which interactions will be retrieved. 81 | * @return The interactions triggered by the Burp Infiltrator 82 | * instrumentation that have occurred resulting from the given payload. 83 | * 84 | * @throws IllegalStateException if Burp Collaborator is disabled 85 | */ 86 | List fetchInfiltratorInteractionsFor(String payload); 87 | 88 | /** 89 | * This method is used to retrieve the network location of the Collaborator 90 | * server. 91 | * 92 | * @return The hostname or IP address of the Collaborator server. 93 | * 94 | * @throws IllegalStateException if Burp Collaborator is disabled 95 | */ 96 | String getCollaboratorServerLocation(); 97 | } 98 | -------------------------------------------------------------------------------- /src/burp/IMessageEditorTab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * Extensions that register an 16 | * IMessageEditorTabFactory must return instances of this 17 | * interface, which Burp will use to create custom tabs within its HTTP message 18 | * editors. 19 | */ 20 | public interface IMessageEditorTab 21 | { 22 | /** 23 | * This method returns the caption that should appear on the custom tab when 24 | * it is displayed. Note: Burp invokes this method once when the tab 25 | * is first generated, and the same caption will be used every time the tab 26 | * is displayed. 27 | * 28 | * @return The caption that should appear on the custom tab when it is 29 | * displayed. 30 | */ 31 | String getTabCaption(); 32 | 33 | /** 34 | * This method returns the component that should be used as the contents of 35 | * the custom tab when it is displayed. Note: Burp invokes this 36 | * method once when the tab is first generated, and the same component will 37 | * be used every time the tab is displayed. 38 | * 39 | * @return The component that should be used as the contents of the custom 40 | * tab when it is displayed. 41 | */ 42 | Component getUiComponent(); 43 | 44 | /** 45 | * The hosting editor will invoke this method before it displays a new HTTP 46 | * message, so that the custom tab can indicate whether it should be enabled 47 | * for that message. 48 | * 49 | * @param content The message that is about to be displayed, or a zero-length 50 | * array if the existing message is to be cleared. 51 | * @param isRequest Indicates whether the message is a request or a 52 | * response. 53 | * @return The method should return 54 | * true if the custom tab is able to handle the specified 55 | * message, and so will be displayed within the editor. Otherwise, the tab 56 | * will be hidden while this message is displayed. 57 | */ 58 | boolean isEnabled(byte[] content, boolean isRequest); 59 | 60 | /** 61 | * The hosting editor will invoke this method to display a new message or to 62 | * clear the existing message. This method will only be called with a new 63 | * message if the tab has already returned 64 | * true to a call to 65 | * isEnabled() with the same message details. 66 | * 67 | * @param content The message that is to be displayed, or 68 | * null if the tab should clear its contents and disable any 69 | * editable controls. 70 | * @param isRequest Indicates whether the message is a request or a 71 | * response. 72 | */ 73 | void setMessage(byte[] content, boolean isRequest); 74 | 75 | /** 76 | * This method returns the currently displayed message. 77 | * 78 | * @return The currently displayed message. 79 | */ 80 | byte[] getMessage(); 81 | 82 | /** 83 | * This method is used to determine whether the currently displayed message 84 | * has been modified by the user. The hosting editor will always call 85 | * getMessage() before calling this method, so any pending 86 | * edits should be completed within 87 | * getMessage(). 88 | * 89 | * @return The method should return 90 | * true if the user has modified the current message since it 91 | * was first displayed. 92 | */ 93 | boolean isModified(); 94 | 95 | /** 96 | * This method is used to retrieve the data that is currently selected by 97 | * the user. 98 | * 99 | * @return The data that is currently selected by the user. This may be 100 | * null if no selection is currently made. 101 | */ 102 | byte[] getSelectedData(); 103 | } 104 | -------------------------------------------------------------------------------- /src/burp/IScanIssue.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanIssue.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of Scanner issues. Extensions can 14 | * obtain details of issues by registering an IScannerListener or 15 | * by calling IBurpExtenderCallbacks.getScanIssues(). Extensions 16 | * can also add custom Scanner issues by registering an 17 | * IScannerCheck or calling 18 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own 19 | * implementations of this interface. Note that issue descriptions and other 20 | * text generated by extensions are subject to an HTML whitelist that allows 21 | * only formatting tags and simple hyperlinks. 22 | */ 23 | public interface IScanIssue 24 | { 25 | 26 | /** 27 | * This method returns the URL for which the issue was generated. 28 | * 29 | * @return The URL for which the issue was generated. 30 | */ 31 | java.net.URL getUrl(); 32 | 33 | /** 34 | * This method returns the name of the issue type. 35 | * 36 | * @return The name of the issue type (e.g. "SQL injection"). 37 | */ 38 | String getIssueName(); 39 | 40 | /** 41 | * This method returns a numeric identifier of the issue type. See the Burp 42 | * Scanner help documentation for a listing of all the issue types. 43 | * 44 | * @return A numeric identifier of the issue type. 45 | */ 46 | int getIssueType(); 47 | 48 | /** 49 | * This method returns the issue severity level. 50 | * 51 | * @return The issue severity level. Expected values are "High", "Medium", 52 | * "Low", "Information" or "False positive". 53 | * 54 | */ 55 | String getSeverity(); 56 | 57 | /** 58 | * This method returns the issue confidence level. 59 | * 60 | * @return The issue confidence level. Expected values are "Certain", "Firm" 61 | * or "Tentative". 62 | */ 63 | String getConfidence(); 64 | 65 | /** 66 | * This method returns a background description for this type of issue. 67 | * 68 | * @return A background description for this type of issue, or 69 | * null if none applies. A limited set of HTML tags may be 70 | * used. 71 | */ 72 | String getIssueBackground(); 73 | 74 | /** 75 | * This method returns a background description of the remediation for this 76 | * type of issue. 77 | * 78 | * @return A background description of the remediation for this type of 79 | * issue, or null if none applies. A limited set of HTML tags 80 | * may be used. 81 | */ 82 | String getRemediationBackground(); 83 | 84 | /** 85 | * This method returns detailed information about this specific instance of 86 | * the issue. 87 | * 88 | * @return Detailed information about this specific instance of the issue, 89 | * or null if none applies. A limited set of HTML tags may be 90 | * used. 91 | */ 92 | String getIssueDetail(); 93 | 94 | /** 95 | * This method returns detailed information about the remediation for this 96 | * specific instance of the issue. 97 | * 98 | * @return Detailed information about the remediation for this specific 99 | * instance of the issue, or null if none applies. A limited 100 | * set of HTML tags may be used. 101 | */ 102 | String getRemediationDetail(); 103 | 104 | /** 105 | * This method returns the HTTP messages on the basis of which the issue was 106 | * generated. 107 | * 108 | * @return The HTTP messages on the basis of which the issue was generated. 109 | * Note: The items in this array should be instances of 110 | * IHttpRequestResponseWithMarkers if applicable, so that 111 | * details of the relevant portions of the request and response messages are 112 | * available. 113 | */ 114 | IHttpRequestResponse[] getHttpMessages(); 115 | 116 | /** 117 | * This method returns the HTTP service for which the issue was generated. 118 | * 119 | * @return The HTTP service for which the issue was generated. 120 | */ 121 | IHttpService getHttpService(); 122 | 123 | } 124 | -------------------------------------------------------------------------------- /src/burp/IInterceptedProxyMessage.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IInterceptedProxyMessage.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.InetAddress; 13 | 14 | /** 15 | * This interface is used to represent an HTTP message that has been intercepted 16 | * by Burp Proxy. Extensions can register an 17 | * IProxyListener to receive details of proxy messages using this 18 | * interface. * 19 | */ 20 | public interface IInterceptedProxyMessage 21 | { 22 | /** 23 | * This action causes Burp Proxy to follow the current interception rules to 24 | * determine the appropriate action to take for the message. 25 | */ 26 | static final int ACTION_FOLLOW_RULES = 0; 27 | /** 28 | * This action causes Burp Proxy to present the message to the user for 29 | * manual review or modification. 30 | */ 31 | static final int ACTION_DO_INTERCEPT = 1; 32 | /** 33 | * This action causes Burp Proxy to forward the message to the remote server 34 | * or client, without presenting it to the user. 35 | */ 36 | static final int ACTION_DONT_INTERCEPT = 2; 37 | /** 38 | * This action causes Burp Proxy to drop the message. 39 | */ 40 | static final int ACTION_DROP = 3; 41 | /** 42 | * This action causes Burp Proxy to follow the current interception rules to 43 | * determine the appropriate action to take for the message, and then make a 44 | * second call to processProxyMessage. 45 | */ 46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; 47 | /** 48 | * This action causes Burp Proxy to present the message to the user for 49 | * manual review or modification, and then make a second call to 50 | * processProxyMessage. 51 | */ 52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; 53 | /** 54 | * This action causes Burp Proxy to skip user interception, and then make a 55 | * second call to processProxyMessage. 56 | */ 57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; 58 | 59 | /** 60 | * This method retrieves a unique reference number for this 61 | * request/response. 62 | * 63 | * @return An identifier that is unique to a single request/response pair. 64 | * Extensions can use this to correlate details of requests and responses 65 | * and perform processing on the response message accordingly. 66 | */ 67 | int getMessageReference(); 68 | 69 | /** 70 | * This method retrieves details of the intercepted message. 71 | * 72 | * @return An IHttpRequestResponse object containing details of 73 | * the intercepted message. 74 | */ 75 | IHttpRequestResponse getMessageInfo(); 76 | 77 | /** 78 | * This method retrieves the currently defined interception action. The 79 | * default action is 80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are 81 | * registered, then other listeners may already have modified the 82 | * interception action before it reaches the current listener. This method 83 | * can be used to determine whether this has occurred. 84 | * 85 | * @return The currently defined interception action. Possible values are 86 | * defined within this interface. 87 | */ 88 | int getInterceptAction(); 89 | 90 | /** 91 | * This method is used to update the interception action. 92 | * 93 | * @param interceptAction The new interception action. Possible values are 94 | * defined within this interface. 95 | */ 96 | void setInterceptAction(int interceptAction); 97 | 98 | /** 99 | * This method retrieves the name of the Burp Proxy listener that is 100 | * processing the intercepted message. 101 | * 102 | * @return The name of the Burp Proxy listener that is processing the 103 | * intercepted message. The format is the same as that shown in the Proxy 104 | * Listeners UI - for example, "127.0.0.1:8080". 105 | */ 106 | String getListenerInterface(); 107 | 108 | /** 109 | * This method retrieves the client IP address from which the request for 110 | * the intercepted message was received. 111 | * 112 | * @return The client IP address from which the request for the intercepted 113 | * message was received. 114 | */ 115 | InetAddress getClientIpAddress(); 116 | } 117 | -------------------------------------------------------------------------------- /src/burp/IContextMenuInvocation.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuInvocation.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.event.InputEvent; 13 | 14 | /** 15 | * This interface is used when Burp calls into an extension-provided 16 | * IContextMenuFactory with details of a context menu invocation. 17 | * The custom context menu factory can query this interface to obtain details of 18 | * the invocation event, in order to determine what menu items should be 19 | * displayed. 20 | */ 21 | public interface IContextMenuInvocation 22 | { 23 | /** 24 | * Used to indicate that the context menu is being invoked in a request 25 | * editor. 26 | */ 27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; 28 | /** 29 | * Used to indicate that the context menu is being invoked in a response 30 | * editor. 31 | */ 32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; 33 | /** 34 | * Used to indicate that the context menu is being invoked in a non-editable 35 | * request viewer. 36 | */ 37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; 38 | /** 39 | * Used to indicate that the context menu is being invoked in a non-editable 40 | * response viewer. 41 | */ 42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; 43 | /** 44 | * Used to indicate that the context menu is being invoked in the Target 45 | * site map tree. 46 | */ 47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4; 48 | /** 49 | * Used to indicate that the context menu is being invoked in the Target 50 | * site map table. 51 | */ 52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; 53 | /** 54 | * Used to indicate that the context menu is being invoked in the Proxy 55 | * history. 56 | */ 57 | static final byte CONTEXT_PROXY_HISTORY = 6; 58 | /** 59 | * Used to indicate that the context menu is being invoked in the Scanner 60 | * results. 61 | */ 62 | static final byte CONTEXT_SCANNER_RESULTS = 7; 63 | /** 64 | * Used to indicate that the context menu is being invoked in the Intruder 65 | * payload positions editor. 66 | */ 67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; 68 | /** 69 | * Used to indicate that the context menu is being invoked in an Intruder 70 | * attack results. 71 | */ 72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; 73 | /** 74 | * Used to indicate that the context menu is being invoked in a search 75 | * results window. 76 | */ 77 | static final byte CONTEXT_SEARCH_RESULTS = 10; 78 | 79 | /** 80 | * This method can be used to retrieve the native Java input event that was 81 | * the trigger for the context menu invocation. 82 | * 83 | * @return The InputEvent that was the trigger for the context 84 | * menu invocation. 85 | */ 86 | InputEvent getInputEvent(); 87 | 88 | /** 89 | * This method can be used to retrieve the Burp tool within which the 90 | * context menu was invoked. 91 | * 92 | * @return A flag indicating the Burp tool within which the context menu was 93 | * invoked. Burp tool flags are defined in the 94 | * IBurpExtenderCallbacks interface. 95 | */ 96 | int getToolFlag(); 97 | 98 | /** 99 | * This method can be used to retrieve the context within which the menu was 100 | * invoked. 101 | * 102 | * @return An index indicating the context within which the menu was 103 | * invoked. The indices used are defined within this interface. 104 | */ 105 | byte getInvocationContext(); 106 | 107 | /** 108 | * This method can be used to retrieve the bounds of the user's selection 109 | * into the current message, if applicable. 110 | * 111 | * @return An int[2] array containing the start and end offsets of the 112 | * user's selection in the current message. If the user has not made any 113 | * selection in the current message, both offsets indicate the position of 114 | * the caret within the editor. If the menu is not being invoked from a 115 | * message editor, the method returns null. 116 | */ 117 | int[] getSelectionBounds(); 118 | 119 | /** 120 | * This method can be used to retrieve details of the HTTP requests / 121 | * responses that were shown or selected by the user when the context menu 122 | * was invoked. 123 | * 124 | * Note: For performance reasons, the objects returned from this 125 | * method are tied to the originating context of the messages within the 126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept 127 | * panel, then the 128 | * IHttpRequestResponse returned by this method will reflect 129 | * the current contents of the interception panel, and this will change when 130 | * the current message has been forwarded or dropped. If your extension 131 | * needs to store details of the message for which the context menu has been 132 | * invoked, then you should query those details from the 133 | * IHttpRequestResponse at the time of invocation, or you 134 | * should use 135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a 136 | * persistent read-only copy of the 137 | * IHttpRequestResponse. 138 | * 139 | * @return An array of IHttpRequestResponse objects 140 | * representing the items that were shown or selected by the user when the 141 | * context menu was invoked. This method returns null if no 142 | * messages are applicable to the invocation. 143 | */ 144 | IHttpRequestResponse[] getSelectedMessages(); 145 | 146 | /** 147 | * This method can be used to retrieve details of the Scanner issues that 148 | * were selected by the user when the context menu was invoked. 149 | * 150 | * @return An array of IScanIssue objects representing the 151 | * issues that were selected by the user when the context menu was invoked. 152 | * This method returns null if no Scanner issues are applicable 153 | * to the invocation. 154 | */ 155 | IScanIssue[] getSelectedIssues(); 156 | } 157 | -------------------------------------------------------------------------------- /src/burp/IScannerInsertionPoint.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPoint.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to define an insertion point for use by active Scanner 14 | * checks. Extensions can obtain instances of this interface by registering an 15 | * IScannerCheck, or can create instances for use by Burp's own 16 | * scan checks by registering an 17 | * IScannerInsertionPointProvider. 18 | */ 19 | public interface IScannerInsertionPoint 20 | { 21 | 22 | /** 23 | * Used to indicate where the payload is inserted into the value of a URL 24 | * parameter. 25 | */ 26 | static final byte INS_PARAM_URL = 0x00; 27 | /** 28 | * Used to indicate where the payload is inserted into the value of a body 29 | * parameter. 30 | */ 31 | static final byte INS_PARAM_BODY = 0x01; 32 | /** 33 | * Used to indicate where the payload is inserted into the value of an HTTP 34 | * cookie. 35 | */ 36 | static final byte INS_PARAM_COOKIE = 0x02; 37 | /** 38 | * Used to indicate where the payload is inserted into the value of an item 39 | * of data within an XML data structure. 40 | */ 41 | static final byte INS_PARAM_XML = 0x03; 42 | /** 43 | * Used to indicate where the payload is inserted into the value of a tag 44 | * attribute within an XML structure. 45 | */ 46 | static final byte INS_PARAM_XML_ATTR = 0x04; 47 | /** 48 | * Used to indicate where the payload is inserted into the value of a 49 | * parameter attribute within a multi-part message body (such as the name of 50 | * an uploaded file). 51 | */ 52 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05; 53 | /** 54 | * Used to indicate where the payload is inserted into the value of an item 55 | * of data within a JSON structure. 56 | */ 57 | static final byte INS_PARAM_JSON = 0x06; 58 | /** 59 | * Used to indicate where the payload is inserted into the value of an AMF 60 | * parameter. 61 | */ 62 | static final byte INS_PARAM_AMF = 0x07; 63 | /** 64 | * Used to indicate where the payload is inserted into the value of an HTTP 65 | * request header. 66 | */ 67 | static final byte INS_HEADER = 0x20; 68 | /** 69 | * Used to indicate where the payload is inserted into a URL path folder. 70 | */ 71 | static final byte INS_URL_PATH_FOLDER = 0x21; 72 | /** 73 | * Used to indicate where the payload is inserted into a URL path folder. 74 | * This is now deprecated; use INS_URL_PATH_FOLDER instead. 75 | */ 76 | @Deprecated 77 | static final byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER; 78 | /** 79 | * Used to indicate where the payload is inserted into the name of an added 80 | * URL parameter. 81 | */ 82 | static final byte INS_PARAM_NAME_URL = 0x22; 83 | /** 84 | * Used to indicate where the payload is inserted into the name of an added 85 | * body parameter. 86 | */ 87 | static final byte INS_PARAM_NAME_BODY = 0x23; 88 | /** 89 | * Used to indicate where the payload is inserted into the body of the HTTP 90 | * request. 91 | */ 92 | static final byte INS_ENTIRE_BODY = 0x24; 93 | /** 94 | * Used to indicate where the payload is inserted into the URL path 95 | * filename. 96 | */ 97 | static final byte INS_URL_PATH_FILENAME = 0x25; 98 | /** 99 | * Used to indicate where the payload is inserted at a location manually 100 | * configured by the user. 101 | */ 102 | static final byte INS_USER_PROVIDED = 0x40; 103 | /** 104 | * Used to indicate where the insertion point is provided by an 105 | * extension-registered 106 | * IScannerInsertionPointProvider. 107 | */ 108 | static final byte INS_EXTENSION_PROVIDED = 0x41; 109 | /** 110 | * Used to indicate where the payload is inserted at an unknown location 111 | * within the request. 112 | */ 113 | static final byte INS_UNKNOWN = 0x7f; 114 | 115 | /** 116 | * This method returns the name of the insertion point. 117 | * 118 | * @return The name of the insertion point (for example, a description of a 119 | * particular request parameter). 120 | */ 121 | String getInsertionPointName(); 122 | 123 | /** 124 | * This method returns the base value for this insertion point. 125 | * 126 | * @return the base value that appears in this insertion point in the base 127 | * request being scanned, or null if there is no value in the 128 | * base request that corresponds to this insertion point. 129 | */ 130 | String getBaseValue(); 131 | 132 | /** 133 | * This method is used to build a request with the specified payload placed 134 | * into the insertion point. There is no requirement for extension-provided 135 | * insertion points to adjust the Content-Length header in requests if the 136 | * body length has changed, although Burp-provided insertion points will 137 | * always do this and will return a request with a valid Content-Length 138 | * header. 139 | * Note: 140 | * Scan checks should submit raw non-encoded payloads to insertion points, 141 | * and the insertion point has responsibility for performing any data 142 | * encoding that is necessary given the nature and location of the insertion 143 | * point. 144 | * 145 | * @param payload The payload that should be placed into the insertion 146 | * point. 147 | * @return The resulting request. 148 | */ 149 | byte[] buildRequest(byte[] payload); 150 | 151 | /** 152 | * This method is used to determine the offsets of the payload value within 153 | * the request, when it is placed into the insertion point. Scan checks may 154 | * invoke this method when reporting issues, so as to highlight the relevant 155 | * part of the request within the UI. 156 | * 157 | * @param payload The payload that should be placed into the insertion 158 | * point. 159 | * @return An int[2] array containing the start and end offsets of the 160 | * payload within the request, or null if this is not applicable (for 161 | * example, where the insertion point places a payload into a serialized 162 | * data structure, the raw payload may not literally appear anywhere within 163 | * the resulting request). 164 | */ 165 | int[] getPayloadOffsets(byte[] payload); 166 | 167 | /** 168 | * This method returns the type of the insertion point. 169 | * 170 | * @return The type of the insertion point. Available types are defined in 171 | * this interface. 172 | */ 173 | byte getInsertionPointType(); 174 | } 175 | -------------------------------------------------------------------------------- /src/burp/BurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * Burp Tab Essentials 5 | * 6 | * 7 | * Developed by: 8 | * Soroush Dalili (@irsdl) 9 | * Corey Arthur (@CoreyD97) 10 | * 11 | * Project link: https://github.com/irsdl/BurpTabEssentials 12 | * 13 | * Released under AGPL v3.0 see LICENSE for more information 14 | * 15 | * */ 16 | 17 | import java.awt.*; 18 | import java.awt.event.*; 19 | import java.io.PrintWriter; 20 | import java.util.ArrayList; 21 | import java.util.Arrays; 22 | import java.util.List; 23 | import javax.swing.*; 24 | 25 | public class BurpExtender 26 | implements IBurpExtender, ITab, IExtensionStateListener { 27 | 28 | private String version = "0.3"; 29 | private PrintWriter _stdout; 30 | private PrintWriter _stderr; 31 | private IBurpExtenderCallbacks _callbacks; 32 | private Boolean isActive = null; 33 | private Boolean isDebug = false; 34 | 35 | private JPanel dummyPanel; 36 | private TabWatcher tabWatcher; 37 | private JTabbedPane rootTabbedPane; 38 | 39 | public synchronized Boolean getIsActive() { 40 | if (this.isActive == null) 41 | setIsActive(false); 42 | return this.isActive; 43 | } 44 | 45 | public synchronized void setIsActive(Boolean isActive) { 46 | this.isActive = isActive; 47 | } 48 | 49 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { 50 | _callbacks = callbacks; 51 | // obtain our output stream 52 | _stdout = new PrintWriter(_callbacks.getStdout(), true); 53 | _stderr = new PrintWriter(_callbacks.getStderr(), true); 54 | 55 | // set our extension name 56 | _callbacks.setExtensionName("Tab Essentials"); 57 | callbacks.registerExtensionStateListener(this); 58 | 59 | // create our UI 60 | SwingUtilities.invokeLater(new Runnable() { 61 | @Override 62 | public void run() { 63 | dummyPanel = new JPanel(); //Will be removed shortly after it's added, doesn't need to be anything special! 64 | _callbacks.addSuiteTab(BurpExtender.this); 65 | 66 | new Thread(() -> { 67 | boolean foundUI = false; 68 | int attemptsRemaining = 5; 69 | 70 | while (!foundUI && attemptsRemaining > 0) { 71 | try { 72 | getRootTabbedPane(); 73 | foundUI = true; 74 | } catch (Exception e) { 75 | attemptsRemaining--; 76 | try { 77 | Thread.currentThread().sleep(1000); 78 | } catch (InterruptedException ignored) {} 79 | } 80 | } 81 | 82 | if(foundUI){ 83 | tabWatcher = new TabWatcher(Arrays.asList("Repeater", "Intruder"), mouseEvent -> { 84 | tabClicked(mouseEvent); 85 | }); 86 | 87 | if(BurpExtender.this.rootTabbedPane != null) { 88 | tabWatcher.addTabListener(BurpExtender.this.rootTabbedPane); 89 | } 90 | callbacks.removeSuiteTab(BurpExtender.this); 91 | } 92 | }).start(); 93 | } 94 | }); 95 | 96 | } 97 | 98 | @Override 99 | public String getTabCaption() { 100 | return "Tab Essentials"; 101 | } 102 | 103 | @Override 104 | public Component getUiComponent() { 105 | return dummyPanel; 106 | } 107 | 108 | private void getRootTabbedPane(){ 109 | if(this.dummyPanel != null) { 110 | JRootPane rootPane = ((JFrame) SwingUtilities.getWindowAncestor(this.dummyPanel)).getRootPane(); 111 | rootTabbedPane = (JTabbedPane) rootPane.getContentPane().getComponent(0); 112 | } 113 | } 114 | 115 | private void tabClicked(final MouseEvent e){ 116 | if(SwingUtilities.isRightMouseButton(e)){ 117 | if(e.getComponent() instanceof JTabbedPane){ 118 | JTabbedPane tabbedPane = (JTabbedPane) e.getComponent(); 119 | int tabIndex = tabbedPane.getUI().tabForCoordinate(tabbedPane, e.getX(), e.getY()); 120 | if(tabIndex < 0 || tabIndex > tabbedPane.getTabCount()-1) return; 121 | 122 | Component clickedTab = tabbedPane.getTabComponentAt(tabIndex); 123 | if(!(clickedTab instanceof Container)) return; 124 | 125 | String tabTitle = tabbedPane.getTitleAt(tabIndex); 126 | 127 | boolean isCTRL_Key = (e.getModifiers() & ActionEvent.CTRL_MASK) == ActionEvent.CTRL_MASK; 128 | boolean isALT_Key = (e.getModifiers() & ActionEvent.ALT_MASK) == ActionEvent.ALT_MASK; 129 | boolean isSHIFT_Key = (e.getModifiers() & ActionEvent.SHIFT_MASK) == ActionEvent.SHIFT_MASK; 130 | 131 | Component gotLabel = ((Container) clickedTab).getComponent(0); 132 | Font currentFont = gotLabel.getFont(); 133 | Component gotExitBox = ((Container) clickedTab).getComponent(1); // removing the X button 134 | int maxSize = 40; 135 | int minSize = 10; 136 | int currentSize = currentFont.getSize(); 137 | 138 | 139 | if(!isCTRL_Key && !isALT_Key && !isSHIFT_Key) { 140 | JPopupMenu popupMenu = createPopupMenu(tabbedPane, tabIndex, tabTitle, (Container) clickedTab); 141 | popupMenu.show(tabbedPane, e.getX(), e.getY()); 142 | } else if (isCTRL_Key && !isALT_Key && !isSHIFT_Key) { 143 | // Make it bigger and bold when rightclick + ctrl 144 | if (currentSize < maxSize) { 145 | gotLabel.setFont(new Font(currentFont.getFontName(), 146 | Font.BOLD, ++currentSize)); 147 | gotExitBox.setVisible(false); 148 | } 149 | } else if (isCTRL_Key && !isALT_Key && isSHIFT_Key) { 150 | // Make it smaller but bold when rightclick + ctrl + shift 151 | if (currentSize > minSize) { 152 | gotLabel.setFont(new Font(currentFont.getFontName(), 153 | Font.BOLD, --currentSize)); 154 | gotExitBox.setVisible(false); 155 | } 156 | }else if (!isCTRL_Key && !isALT_Key && isSHIFT_Key) { 157 | // right click with shift: should make it green and big and bold 158 | Color textColor = new Color(0, 204, 51); // Green 159 | tabbedPane.setBackgroundAt(tabIndex, textColor); 160 | gotLabel.setFont(new Font("Dialog", Font.BOLD, 20)); 161 | gotExitBox.setVisible(false); 162 | } else if (!isCTRL_Key && isALT_Key && !isSHIFT_Key) { 163 | // right click with alt: should make it blue and big and bold 164 | Color textColor = new Color(0, 102, 255); // BLUE 165 | tabbedPane.setBackgroundAt(tabIndex, textColor); 166 | gotLabel.setFont(new Font("Dialog", Font.BOLD, 20)); 167 | gotExitBox.setVisible(false); 168 | } else if (isCTRL_Key && isALT_Key && !isSHIFT_Key) { 169 | // right click with alt and ctrl: should make it orange and big and bold 170 | Color textColor = new Color(255, 204, 51); // ORANGE 171 | tabbedPane.setBackgroundAt(tabIndex, textColor); 172 | gotLabel.setFont(new Font("Dialog", Font.BOLD, 20)); 173 | gotExitBox.setVisible(false); 174 | }else if (isCTRL_Key && isALT_Key && isSHIFT_Key){ 175 | // this is the funky mode! we don't serve drunks! but we do serve mad keyboard skillz!! 176 | // crazy mode 177 | 178 | tabbedPane.setBackgroundAt(tabIndex, Color.MAGENTA); 179 | gotLabel.setFont(new Font("Dialog", Font.BOLD, 20)); 180 | gotExitBox.setVisible(false); 181 | Component selectedComp = tabbedPane.getSelectedComponent(); 182 | selectedComp.setBackground(Color.GREEN); // change colour of surrounding 183 | tabbedPane.getParent().getParent().setBackground(Color.PINK); 184 | JTabbedPane parentJTabbedPane = (JTabbedPane) tabbedPane.getParent(); 185 | 186 | for(int i=0; i < parentJTabbedPane.getTabCount(); i++) { 187 | if (parentJTabbedPane.getTitleAt(i).equals("Repeater")){ 188 | parentJTabbedPane.setTitleAt(i, "Repeater on ster0ids"); 189 | break; 190 | } 191 | } 192 | } 193 | } 194 | } 195 | } 196 | 197 | private JPopupMenu createPopupMenu(JTabbedPane tabbedPane, int index, String title, Container tabComponent){ 198 | Component labelComponent = tabComponent.getComponent(0); 199 | Component removeButton = tabComponent.getComponent(1); 200 | JPopupMenu popupMenu = new JPopupMenu(); 201 | 202 | JMenuItem menuItem = new JMenuItem(title); 203 | menuItem.setEnabled(false); 204 | popupMenu.add(menuItem); 205 | popupMenu.addSeparator(); 206 | 207 | JCheckBoxMenuItem closeButtonMenuItem = new JCheckBoxMenuItem("Remove Close Button"); 208 | closeButtonMenuItem.addActionListener(e -> { 209 | removeButton.setVisible(!closeButtonMenuItem.isSelected()); 210 | }); 211 | closeButtonMenuItem.setSelected(!removeButton.isVisible()); 212 | popupMenu.add(closeButtonMenuItem); 213 | 214 | JMenu fontSizeMenu = new JMenu("Font Size"); 215 | float minFontSize = 10, maxFontSize = 40; 216 | for (float fontSize = minFontSize; fontSize < maxFontSize; fontSize+=2) { 217 | JCheckBoxMenuItem sizeItem = new JCheckBoxMenuItem(fontSize + ""); 218 | float finalFontSize = fontSize; 219 | sizeItem.addActionListener(e -> { 220 | labelComponent.setFont(labelComponent.getFont().deriveFont(finalFontSize)); 221 | }); 222 | sizeItem.setSelected(labelComponent.getFont().getSize() == fontSize); 223 | fontSizeMenu.add(sizeItem); 224 | } 225 | popupMenu.add(fontSizeMenu); 226 | 227 | JCheckBoxMenuItem boldMenu = new JCheckBoxMenuItem("Bold"); 228 | boldMenu.setSelected(labelComponent.getFont().isBold()); 229 | boldMenu.addActionListener(e -> { 230 | Font font = labelComponent.getFont().deriveFont(labelComponent.getFont().getStyle() ^ Font.BOLD); 231 | labelComponent.setFont(font); 232 | }); 233 | popupMenu.add(boldMenu); 234 | 235 | JCheckBoxMenuItem italicMenu = new JCheckBoxMenuItem("Italic"); 236 | italicMenu.setSelected(labelComponent.getFont().isItalic()); 237 | italicMenu.addActionListener(e -> { 238 | Font font = labelComponent.getFont().deriveFont(labelComponent.getFont().getStyle() ^ Font.ITALIC); 239 | labelComponent.setFont(font); 240 | }); 241 | popupMenu.add(italicMenu); 242 | 243 | JMenuItem colorMenu = new JMenuItem("Set Foreground Color"); 244 | colorMenu.addActionListener(e -> { 245 | Color color = JColorChooser.showDialog(colorMenu, "Select Foreground Color", labelComponent.getForeground()); 246 | tabbedPane.setBackgroundAt(index, color); 247 | }); 248 | popupMenu.add(colorMenu); 249 | 250 | return popupMenu; 251 | } 252 | 253 | @Override 254 | public void extensionUnloaded() { 255 | if(tabWatcher != null && rootTabbedPane != null){ 256 | tabWatcher.removeTabListener(rootTabbedPane); 257 | } 258 | } 259 | 260 | // This is for later when I figure out how to save settings per project: https://twitter.com/irsdl/status/1138401437686423552 261 | private Object loadExtensionSettingHelper(String name, String type, Object defaultValue) { 262 | Object value = null; 263 | try { 264 | String temp_value = _callbacks.loadExtensionSetting(name); 265 | if (temp_value != null && !temp_value.equals("")) { 266 | switch (type.toLowerCase()) { 267 | case "int": 268 | case "integer": 269 | value = Integer.valueOf(temp_value); 270 | break; 271 | case "bool": 272 | case "boolean": 273 | value = Boolean.valueOf(temp_value); 274 | break; 275 | default: 276 | value = temp_value; 277 | break; 278 | } 279 | } 280 | } catch (Exception e) { 281 | _stderr.println(e.getMessage()); 282 | } 283 | 284 | if (value == null) { 285 | value = defaultValue; 286 | } 287 | return value; 288 | } 289 | 290 | } -------------------------------------------------------------------------------- /src/helper/HTTPMessage.java: -------------------------------------------------------------------------------- 1 | package helper; 2 | 3 | import java.awt.Component; 4 | import java.awt.Container; 5 | import java.io.UnsupportedEncodingException; 6 | import java.net.URL; 7 | import java.util.ArrayList; 8 | import java.util.List; 9 | import java.util.Map; 10 | import java.util.regex.Matcher; 11 | import java.util.regex.Pattern; 12 | import javax.swing.JCheckBox; 13 | import javax.swing.JOptionPane; 14 | 15 | public class HTTPMessage { 16 | 17 | //private static String LWSP_Regex= "(([\\r\\n]|\\r\\n)[ \\t]+|[ \\t])*"; // https://tools.ietf.org/html/rfc5234 - ToDo -> add support of LWSP when finding header values 18 | 19 | // Reads the Content-Type value from the header - no LWSP support yet! - reads the value before ";", "," or space 20 | public static String findHeaderContentType(String strHeader){ 21 | String contentType=""; 22 | if(!strHeader.equals("")){ 23 | Pattern my_pattern = Pattern.compile("(?im)^content-type:[ \\t]*([^;,\\s]+)"); 24 | Matcher m = my_pattern.matcher(strHeader); 25 | if (m.find()) { 26 | contentType = m.group(1); 27 | } 28 | } 29 | return contentType; 30 | } 31 | 32 | // Reads the Content-Type charset value from the header - no LWSP support yet! no support for double quotes around charset value either! 33 | public static String findCharsetFromHeader(String strHeader, boolean trimSpaces){ 34 | String charset=""; 35 | if(!strHeader.equals("")){ 36 | Pattern my_pattern = Pattern.compile("(?im)^content-type:.*?[ \\t;,]+charset=[ \\t]*([\"]([^\"]+)[\"]|([^;\\s,]+))"); 37 | Matcher m = my_pattern.matcher(strHeader); 38 | if (m.find()) { 39 | charset = m.group(1); 40 | charset = charset.replaceAll("\"", ""); 41 | if (trimSpaces) 42 | charset = charset.trim(); 43 | } 44 | } 45 | return charset; 46 | } 47 | 48 | // Reads the Content-Type boundary value from the header - no LWSP support yet! 49 | public static String findBoundaryFromHeader(String strHeader, boolean trimSpaces){ 50 | String boundary=""; 51 | if(!strHeader.equals("")){ 52 | Pattern my_pattern = Pattern.compile("(?im)^content-type:.*?[ \\t;,]+boundary=[ \\t]*([\"]([^\"]+)[\"]|([^\\s,]+))"); 53 | Matcher m = my_pattern.matcher(strHeader); 54 | if (m.find()) { 55 | boundary = m.group(1); 56 | boundary = boundary.replaceAll("\"", ""); 57 | if (trimSpaces) 58 | boundary = boundary.trim(); 59 | } 60 | } 61 | return boundary; 62 | } 63 | 64 | // Makes a content-type header using provided parameters 65 | // Obviously the ; delimiter can be changed by comma in certain cases but that's not for discussion here! 66 | public static String createContentTypeHeader(String cType, String charset, String boundary, boolean trimSpaces){ 67 | String contentType=""; 68 | if(trimSpaces) { 69 | charset = charset.trim(); 70 | boundary = boundary.trim(); 71 | } 72 | 73 | if(charset.contains(" ")) 74 | charset = "\""+charset+"\""; 75 | if(boundary.contains(" ")) 76 | boundary = "\""+boundary+"\""; 77 | 78 | contentType = cType + "; charset=" + charset; 79 | 80 | if(!boundary.isEmpty()) { 81 | contentType = cType + "; boundary="+boundary + " ; charset=" + charset; 82 | // contentType = cType + "; charset=" + charset + ", boundary="+boundary; // another format 83 | } 84 | 85 | return contentType; 86 | } 87 | 88 | // Reads the Content-Type value from the header - reads the value before ";", "," or space 89 | public static String findHeaderContentType(List headers){ 90 | String contentType=""; 91 | for(String strHeader : headers){ 92 | if(!strHeader.equals("")){ 93 | Pattern my_pattern = Pattern.compile("(?im)^content-type:[ \\t]*([^;, \\s]+)"); 94 | Matcher m = my_pattern.matcher(strHeader); 95 | if (m.find()) { 96 | contentType = m.group(1); 97 | break; 98 | } 99 | } 100 | } 101 | return contentType; 102 | } 103 | 104 | 105 | // Splits header and body of a request or response 106 | public static String[] getHeaderAndBody(byte[] fullMessage,String encoding) throws UnsupportedEncodingException{ 107 | String[] result = {"",""}; 108 | String strFullMessage = ""; 109 | if(fullMessage != null){ 110 | // splitting the message to retrieve the header and the body 111 | strFullMessage = new String(fullMessage,encoding); 112 | if(strFullMessage.contains("\r\n\r\n")) 113 | result = strFullMessage.split("\r\n\r\n",2); 114 | } 115 | return result; 116 | } 117 | 118 | // Splits header and body of a request or response 119 | public static String[] getHeaderAndBody(String fullMessage) { 120 | String[] result = {"",""}; 121 | if(fullMessage != null){ 122 | // splitting the message to retrieve the header and the body 123 | if(fullMessage.contains("\r\n\r\n")) 124 | result = fullMessage.split("\r\n\r\n",2); 125 | } 126 | return result; 127 | } 128 | 129 | 130 | public static List> getQueryString(String fullMessage){ 131 | return getQueryString(fullMessage, "" , ""); 132 | } 133 | public static List> getQueryString(String fullMessage, String delimiter_QS_param){ 134 | return getQueryString(fullMessage, "" , delimiter_QS_param); 135 | } 136 | // gets querystring parameters because burp can't handle special cases such as when we have jsessionid after ; 137 | public static List> getQueryString(String reqMessage, String delimiter_QS, String delimiter_QS_param){ 138 | if (delimiter_QS.isEmpty()) delimiter_QS = "?"; 139 | if (delimiter_QS_param.isEmpty()) delimiter_QS = "&"; 140 | // final object with qs name and its value 141 | List> qs_list = new ArrayList>(); 142 | 143 | // we assume that we are dealing with one HTTP message (not multiple in a pipeline) 144 | String firstline = reqMessage.split("\r\n|\r|\n", 2)[0]; 145 | 146 | // we assume that we are dealing with an standard HTTP message in which there is a space after the last parameter value 147 | String QS = ""; 148 | Pattern pattern = Pattern.compile("\\"+delimiter_QS+"([^ \\s]+)"); 149 | Matcher matcher = pattern.matcher(firstline); 150 | if (matcher.find()) 151 | { 152 | QS = matcher.group(1); 153 | } 154 | 155 | if (!QS.isEmpty()) { 156 | String[] keyValues = QS.split("\\"+delimiter_QS_param); 157 | for(String keyValue:keyValues){ 158 | List keyValueList = new ArrayList(); 159 | String key = keyValue; 160 | String value = ""; 161 | if(keyValue.contains("=")) { 162 | key = keyValue.split("=",2)[0]; 163 | value = keyValue.split("=",2)[1]; 164 | } 165 | keyValueList.add(key); 166 | keyValueList.add(value); 167 | qs_list.add(keyValueList); 168 | } 169 | } 170 | return qs_list; 171 | } 172 | 173 | 174 | public static List> getURLEncodedBodyParams(String strMessage, boolean isBodyOnly){ 175 | return getURLEncodedBodyParams(strMessage, isBodyOnly, ""); 176 | } 177 | // gets URLEncoded POST parameters - it can use different delimiters than & 178 | public static List> getURLEncodedBodyParams(String strMessage, boolean isBodyOnly, String delimiter_urlencoded_body_param){ 179 | if (delimiter_urlencoded_body_param.isEmpty()) delimiter_urlencoded_body_param = "&"; 180 | if(!isBodyOnly) { 181 | strMessage = getHeaderAndBody(strMessage)[1]; 182 | } 183 | // final object with param name and its value 184 | List> param_list = new ArrayList>(); 185 | String[] keyValues = strMessage.split("\\"+delimiter_urlencoded_body_param); 186 | for(String keyValue:keyValues){ 187 | List keyValueList = new ArrayList(); 188 | String key = keyValue; 189 | String value = ""; 190 | if(keyValue.contains("=")) { 191 | key = keyValue.split("=",2)[0]; 192 | value = keyValue.split("=",2)[1]; 193 | } 194 | keyValueList.add(key); 195 | keyValueList.add(value); 196 | param_list.add(keyValueList); 197 | } 198 | return param_list; 199 | } 200 | 201 | 202 | public static String replaceQueryString(String reqMessage, String newQS){ 203 | return replaceQueryString(reqMessage, newQS, ""); 204 | } 205 | // replaces querystring or adds it if empty in a request 206 | public static String replaceQueryString(String reqMessage, String newQS, String delimiter_QS){ 207 | String finalMessage = reqMessage; 208 | if (delimiter_QS.isEmpty()) delimiter_QS = "?"; 209 | // we assume that we are dealing with one HTTP message (not multiple in a pipeline) 210 | String[] splittedRequest = reqMessage.split("\r\n|\r|\n", 2); 211 | String firstline = splittedRequest[0]; 212 | firstline = firstline.trim(); // we don't have spaces before or after the first line if it is standard! 213 | 214 | String QS_pattern = "\\"+delimiter_QS+"[^ \\s]+"; 215 | Pattern pattern = Pattern.compile(QS_pattern); 216 | Matcher matcher = pattern.matcher(firstline); 217 | if(matcher.find()) { 218 | // replacing existing QS 219 | firstline = matcher.replaceAll(delimiter_QS + newQS); 220 | }else { 221 | // adding QS to the request 222 | String HTTP_version_pattern = "([ ]+HTTP/[^ \\s]+)"; 223 | pattern = Pattern.compile(HTTP_version_pattern); 224 | matcher = pattern.matcher(firstline); 225 | if(matcher.find()) { 226 | firstline = matcher.replaceAll(delimiter_QS + newQS + "$1"); 227 | }else { 228 | // HTTP v0.9?! 229 | firstline += delimiter_QS + newQS; 230 | } 231 | 232 | } 233 | finalMessage = firstline + "\r\n" + splittedRequest[1]; 234 | return finalMessage; 235 | } 236 | 237 | // get values of a header even when it is duplicated 238 | public static ArrayList getHeaderValuesByName(List headers, String headername){ 239 | ArrayList result = new ArrayList(); 240 | headername = headername.toLowerCase(); 241 | for(String item:headers){ 242 | if(item.indexOf(":")>=0){ 243 | String[] headerItem = item.split(":",2); 244 | String headerNameLC = headerItem[0].toLowerCase(); 245 | if(headerNameLC.equals(headername)){ 246 | // We have a match 247 | result.add(headerItem[1].trim()); 248 | } 249 | } 250 | } 251 | return result; 252 | } 253 | 254 | // get the first value of a header 255 | public static String getHeaderValueByName(List headers, String headerName){ 256 | String result = ""; 257 | headerName = headerName.toLowerCase(); 258 | for(String item:headers){ 259 | if(item.indexOf(":")>=0){ 260 | String[] headerItem = item.split(":",2); 261 | String headerNameLC = headerItem[0].toLowerCase(); 262 | if(headerNameLC.equals(headerName)){ 263 | // We have a match 264 | result = headerItem[1].trim(); 265 | break; 266 | } 267 | } 268 | } 269 | return result; 270 | } 271 | 272 | // replace a header value with the new value 273 | public static List replaceHeaderValue(List headers, String headerName, String newHeaderValue, boolean isCaseSensitive) { 274 | List result = new ArrayList(); 275 | if(!isCaseSensitive) 276 | headerName = headerName.toLowerCase(); 277 | int counter = 0; 278 | for(String item:headers){ 279 | if(item.indexOf(":")>=0 && counter != 0){ 280 | String[] headerItem = item.split(":",2); 281 | String headerNameForComp = headerItem[0]; 282 | if(!isCaseSensitive) 283 | headerNameForComp = headerNameForComp.toLowerCase(); 284 | if(headerNameForComp.equals(headerName)){ 285 | // We have a match 286 | headerItem[1] = newHeaderValue; 287 | } 288 | result.add(headerItem[0]+": "+headerItem[1].trim()); 289 | }else{ 290 | result.add(item); 291 | } 292 | counter++; 293 | } 294 | return result; 295 | } 296 | 297 | // replace a header value with the new value 298 | public static String replaceHeaderValue(String strHeader, String headerName, String newHeaderValue, boolean isCaseSensitive) { 299 | String result = ""; 300 | String header_pattern_string = "(?im)^("+Pattern.quote(headerName)+":).*$"; 301 | if(isCaseSensitive) { 302 | header_pattern_string = "(?m)^("+Pattern.quote(headerName)+":).*$"; 303 | } 304 | 305 | Pattern header_pattern = Pattern.compile(header_pattern_string); 306 | Matcher m = header_pattern.matcher(strHeader); 307 | if(m.find()) { 308 | // replacing 309 | result = m.replaceAll("$1 " + newHeaderValue); 310 | }else { 311 | // adding 312 | result = addHeader(strHeader, headerName, newHeaderValue); 313 | } 314 | return result; 315 | } 316 | 317 | // add a new header and its value - this is vulnerable to CRLF but that's intentional 318 | public static String addHeader(String strHeader, String newHeaderName, String newHeaderValue) { 319 | return addHeader(strHeader, newHeaderName + ": " +newHeaderValue); 320 | } 321 | 322 | // add a new header - this is vulnerable to CRLF but that's intentional 323 | public static String addHeader(String strHeader, String newHeader) { 324 | String result = ""; 325 | // adding the new header to the second line after the HTTP version! 326 | result = strHeader.replaceFirst("([\r\n]+)", "$1"+newHeader+"$1"); 327 | return result; 328 | } 329 | 330 | // replace a header verb with a new verb 331 | public static String replaceHeaderVerb(String strHeader, String newVerb) { 332 | String result = ""; 333 | result = strHeader.replaceFirst("^[^ \t]+", newVerb); 334 | return result; 335 | } 336 | } 337 | -------------------------------------------------------------------------------- /src/burp/IExtensionHelpers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionHelpers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Community Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface contains a number of helper methods, which extensions can use 17 | * to assist with various common tasks that arise for Burp extensions. 18 | * 19 | * Extensions can call IBurpExtenderCallbacks.getHelpers to obtain 20 | * an instance of this interface. 21 | */ 22 | public interface IExtensionHelpers 23 | { 24 | 25 | /** 26 | * This method can be used to analyze an HTTP request, and obtain various 27 | * key details about it. 28 | * 29 | * @param request An IHttpRequestResponse object containing the 30 | * request to be analyzed. 31 | * @return An IRequestInfo object that can be queried to obtain 32 | * details about the request. 33 | */ 34 | IRequestInfo analyzeRequest(IHttpRequestResponse request); 35 | 36 | /** 37 | * This method can be used to analyze an HTTP request, and obtain various 38 | * key details about it. 39 | * 40 | * @param httpService The HTTP service associated with the request. This is 41 | * optional and may be null, in which case the resulting 42 | * IRequestInfo object will not include the full request URL. 43 | * @param request The request to be analyzed. 44 | * @return An IRequestInfo object that can be queried to obtain 45 | * details about the request. 46 | */ 47 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); 48 | 49 | /** 50 | * This method can be used to analyze an HTTP request, and obtain various 51 | * key details about it. The resulting IRequestInfo object will 52 | * not include the full request URL. To obtain the full URL, use one of the 53 | * other overloaded analyzeRequest() methods. 54 | * 55 | * @param request The request to be analyzed. 56 | * @return An IRequestInfo object that can be queried to obtain 57 | * details about the request. 58 | */ 59 | IRequestInfo analyzeRequest(byte[] request); 60 | 61 | /** 62 | * This method can be used to analyze an HTTP response, and obtain various 63 | * key details about it. 64 | * 65 | * @param response The response to be analyzed. 66 | * @return An IResponseInfo object that can be queried to 67 | * obtain details about the response. 68 | */ 69 | IResponseInfo analyzeResponse(byte[] response); 70 | 71 | /** 72 | * This method can be used to retrieve details of a specified parameter 73 | * within an HTTP request. Note: Use analyzeRequest() to 74 | * obtain details of all parameters within the request. 75 | * 76 | * @param request The request to be inspected for the specified parameter. 77 | * @param parameterName The name of the parameter to retrieve. 78 | * @return An IParameter object that can be queried to obtain 79 | * details about the parameter, or null if the parameter was 80 | * not found. 81 | */ 82 | IParameter getRequestParameter(byte[] request, String parameterName); 83 | 84 | /** 85 | * This method can be used to URL-decode the specified data. 86 | * 87 | * @param data The data to be decoded. 88 | * @return The decoded data. 89 | */ 90 | String urlDecode(String data); 91 | 92 | /** 93 | * This method can be used to URL-encode the specified data. Any characters 94 | * that do not need to be encoded within HTTP requests are not encoded. 95 | * 96 | * @param data The data to be encoded. 97 | * @return The encoded data. 98 | */ 99 | String urlEncode(String data); 100 | 101 | /** 102 | * This method can be used to URL-decode the specified data. 103 | * 104 | * @param data The data to be decoded. 105 | * @return The decoded data. 106 | */ 107 | byte[] urlDecode(byte[] data); 108 | 109 | /** 110 | * This method can be used to URL-encode the specified data. Any characters 111 | * that do not need to be encoded within HTTP requests are not encoded. 112 | * 113 | * @param data The data to be encoded. 114 | * @return The encoded data. 115 | */ 116 | byte[] urlEncode(byte[] data); 117 | 118 | /** 119 | * This method can be used to Base64-decode the specified data. 120 | * 121 | * @param data The data to be decoded. 122 | * @return The decoded data. 123 | */ 124 | byte[] base64Decode(String data); 125 | 126 | /** 127 | * This method can be used to Base64-decode the specified data. 128 | * 129 | * @param data The data to be decoded. 130 | * @return The decoded data. 131 | */ 132 | byte[] base64Decode(byte[] data); 133 | 134 | /** 135 | * This method can be used to Base64-encode the specified data. 136 | * 137 | * @param data The data to be encoded. 138 | * @return The encoded data. 139 | */ 140 | String base64Encode(String data); 141 | 142 | /** 143 | * This method can be used to Base64-encode the specified data. 144 | * 145 | * @param data The data to be encoded. 146 | * @return The encoded data. 147 | */ 148 | String base64Encode(byte[] data); 149 | 150 | /** 151 | * This method can be used to convert data from String form into an array of 152 | * bytes. The conversion does not reflect any particular character set, and 153 | * a character with the hex representation 0xWXYZ will always be converted 154 | * into a byte with the representation 0xYZ. It performs the opposite 155 | * conversion to the method bytesToString(), and byte-based 156 | * data that is converted to a String and back again using these two methods 157 | * is guaranteed to retain its integrity (which may not be the case with 158 | * conversions that reflect a given character set). 159 | * 160 | * @param data The data to be converted. 161 | * @return The converted data. 162 | */ 163 | byte[] stringToBytes(String data); 164 | 165 | /** 166 | * This method can be used to convert data from an array of bytes into 167 | * String form. The conversion does not reflect any particular character 168 | * set, and a byte with the representation 0xYZ will always be converted 169 | * into a character with the hex representation 0x00YZ. It performs the 170 | * opposite conversion to the method stringToBytes(), and 171 | * byte-based data that is converted to a String and back again using these 172 | * two methods is guaranteed to retain its integrity (which may not be the 173 | * case with conversions that reflect a given character set). 174 | * 175 | * @param data The data to be converted. 176 | * @return The converted data. 177 | */ 178 | String bytesToString(byte[] data); 179 | 180 | /** 181 | * This method searches a piece of data for the first occurrence of a 182 | * specified pattern. It works on byte-based data in a way that is similar 183 | * to the way the native Java method String.indexOf() works on 184 | * String-based data. 185 | * 186 | * @param data The data to be searched. 187 | * @param pattern The pattern to be searched for. 188 | * @param caseSensitive Flags whether or not the search is case-sensitive. 189 | * @param from The offset within data where the search should 190 | * begin. 191 | * @param to The offset within data where the search should 192 | * end. 193 | * @return The offset of the first occurrence of the pattern within the 194 | * specified bounds, or -1 if no match is found. 195 | */ 196 | int indexOf(byte[] data, 197 | byte[] pattern, 198 | boolean caseSensitive, 199 | int from, 200 | int to); 201 | 202 | /** 203 | * This method builds an HTTP message containing the specified headers and 204 | * message body. If applicable, the Content-Length header will be added or 205 | * updated, based on the length of the body. 206 | * 207 | * @param headers A list of headers to include in the message. 208 | * @param body The body of the message, of null if the message 209 | * has an empty body. 210 | * @return The resulting full HTTP message. 211 | */ 212 | byte[] buildHttpMessage(List headers, byte[] body); 213 | 214 | /** 215 | * This method creates a GET request to the specified URL. The headers used 216 | * in the request are determined by the Request headers settings as 217 | * configured in Burp Spider's options. 218 | * 219 | * @param url The URL to which the request should be made. 220 | * @return A request to the specified URL. 221 | */ 222 | byte[] buildHttpRequest(URL url); 223 | 224 | /** 225 | * This method adds a new parameter to an HTTP request, and if appropriate 226 | * updates the Content-Length header. 227 | * 228 | * @param request The request to which the parameter should be added. 229 | * @param parameter An IParameter object containing details of 230 | * the parameter to be added. Supported parameter types are: 231 | * PARAM_URL, PARAM_BODY and 232 | * PARAM_COOKIE. 233 | * @return A new HTTP request with the new parameter added. 234 | */ 235 | byte[] addParameter(byte[] request, IParameter parameter); 236 | 237 | /** 238 | * This method removes a parameter from an HTTP request, and if appropriate 239 | * updates the Content-Length header. 240 | * 241 | * @param request The request from which the parameter should be removed. 242 | * @param parameter An IParameter object containing details of 243 | * the parameter to be removed. Supported parameter types are: 244 | * PARAM_URL, PARAM_BODY and 245 | * PARAM_COOKIE. 246 | * @return A new HTTP request with the parameter removed. 247 | */ 248 | byte[] removeParameter(byte[] request, IParameter parameter); 249 | 250 | /** 251 | * This method updates the value of a parameter within an HTTP request, and 252 | * if appropriate updates the Content-Length header. Note: This 253 | * method can only be used to update the value of an existing parameter of a 254 | * specified type. If you need to change the type of an existing parameter, 255 | * you should first call removeParameter() to remove the 256 | * parameter with the old type, and then call addParameter() to 257 | * add a parameter with the new type. 258 | * 259 | * @param request The request containing the parameter to be updated. 260 | * @param parameter An IParameter object containing details of 261 | * the parameter to be updated. Supported parameter types are: 262 | * PARAM_URL, PARAM_BODY and 263 | * PARAM_COOKIE. 264 | * @return A new HTTP request with the parameter updated. 265 | */ 266 | byte[] updateParameter(byte[] request, IParameter parameter); 267 | 268 | /** 269 | * This method can be used to toggle a request's method between GET and 270 | * POST. Parameters are relocated between the URL query string and message 271 | * body as required, and the Content-Length header is created or removed as 272 | * applicable. 273 | * 274 | * @param request The HTTP request whose method should be toggled. 275 | * @return A new HTTP request using the toggled method. 276 | */ 277 | byte[] toggleRequestMethod(byte[] request); 278 | 279 | /** 280 | * This method constructs an IHttpService object based on the 281 | * details provided. 282 | * 283 | * @param host The HTTP service host. 284 | * @param port The HTTP service port. 285 | * @param protocol The HTTP service protocol. 286 | * @return An IHttpService object based on the details 287 | * provided. 288 | */ 289 | IHttpService buildHttpService(String host, int port, String protocol); 290 | 291 | /** 292 | * This method constructs an IHttpService object based on the 293 | * details provided. 294 | * 295 | * @param host The HTTP service host. 296 | * @param port The HTTP service port. 297 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. 298 | * @return An IHttpService object based on the details 299 | * provided. 300 | */ 301 | IHttpService buildHttpService(String host, int port, boolean useHttps); 302 | 303 | /** 304 | * This method constructs an IParameter object based on the 305 | * details provided. 306 | * 307 | * @param name The parameter name. 308 | * @param value The parameter value. 309 | * @param type The parameter type, as defined in the IParameter 310 | * interface. 311 | * @return An IParameter object based on the details provided. 312 | */ 313 | IParameter buildParameter(String name, String value, byte type); 314 | 315 | /** 316 | * This method constructs an IScannerInsertionPoint object 317 | * based on the details provided. It can be used to quickly create a simple 318 | * insertion point based on a fixed payload location within a base request. 319 | * 320 | * @param insertionPointName The name of the insertion point. 321 | * @param baseRequest The request from which to build scan requests. 322 | * @param from The offset of the start of the payload location. 323 | * @param to The offset of the end of the payload location. 324 | * @return An IScannerInsertionPoint object based on the 325 | * details provided. 326 | */ 327 | IScannerInsertionPoint makeScannerInsertionPoint( 328 | String insertionPointName, 329 | byte[] baseRequest, 330 | int from, 331 | int to); 332 | 333 | /** 334 | * This method analyzes one or more responses to identify variations in a 335 | * number of attributes and returns an IResponseVariations 336 | * object that can be queried to obtain details of the variations. 337 | * 338 | * @param responses The responses to analyze. 339 | * @return An IResponseVariations object representing the 340 | * variations in the responses. 341 | */ 342 | IResponseVariations analyzeResponseVariations(byte[]... responses); 343 | 344 | /** 345 | * This method analyzes one or more responses to identify the number of 346 | * occurrences of the specified keywords and returns an 347 | * IResponseKeywords object that can be queried to obtain 348 | * details of the number of occurrences of each keyword. 349 | * 350 | * @param keywords The keywords to look for. 351 | * @param responses The responses to analyze. 352 | * @return An IResponseKeywords object representing the counts 353 | * of the keywords appearing in the responses. 354 | */ 355 | IResponseKeywords analyzeResponseKeywords(List keywords, byte[]... responses); 356 | } 357 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | --------------------------------------------------------------------------------