├── sql.jpg
├── sql2.jpg
├── jd-gui.jpg
├── sqlmap.jar
├── sqlmap4.jpg
├── sqlmap2burp.jpg
├── sqlmap4burp.jar
├── sqlmap4burp.jpg
├── burp_sqlmap
├── src
│ ├── META-INF
│ │ └── MANIFEST.MF
│ ├── latershow
│ │ └── sniffer
│ │ │ └── Main.java
│ └── burp
│ │ ├── EnvUtil.java
│ │ ├── IScopeChangeListener.java
│ │ ├── IIntruderAttack.java
│ │ ├── IHttpRequestResponsePersisted.java
│ │ ├── ITempFile.java
│ │ ├── Context.java
│ │ ├── IExtensionStateListener.java
│ │ ├── IBurpExtender.java
│ │ ├── IScannerListener.java
│ │ ├── IHttpService.java
│ │ ├── ITab.java
│ │ ├── IMenuItemHandler.java
│ │ ├── IProxyListener.java
│ │ ├── IContextMenuFactory.java
│ │ ├── IScannerInsertionPointProvider.java
│ │ ├── IIntruderPayloadGeneratorFactory.java
│ │ ├── IHttpListener.java
│ │ ├── IMessageEditorTabFactory.java
│ │ ├── SnifferContextMenuFactory.java
│ │ ├── ICookie.java
│ │ ├── IIntruderPayloadProcessor.java
│ │ ├── IHttpRequestResponseWithMarkers.java
│ │ ├── IIntruderPayloadGenerator.java
│ │ ├── IMessageEditorController.java
│ │ ├── SqlmapStarter.java
│ │ ├── IMessageEditor.java
│ │ ├── BurpExtender.java
│ │ ├── ISessionHandlingAction.java
│ │ ├── IResponseInfo.java
│ │ ├── IScanQueueItem.java
│ │ ├── IRequestInfo.java
│ │ ├── ITextEditor.java
│ │ ├── IHttpRequestResponse.java
│ │ ├── IParameter.java
│ │ ├── IScannerCheck.java
│ │ ├── IMessageEditorTab.java
│ │ ├── IScanIssue.java
│ │ ├── IInterceptedProxyMessage.java
│ │ ├── IScannerInsertionPoint.java
│ │ ├── IContextMenuInvocation.java
│ │ ├── IExtensionHelpers.java
│ │ └── IBurpExtenderCallbacks.java
├── .idea
│ ├── description.html
│ ├── encodings.xml
│ ├── vcs.xml
│ ├── modules.xml
│ ├── misc.xml
│ ├── artifacts
│ │ └── burp_sqlmap_jar.xml
│ ├── compiler.xml
│ └── workspace.xml
├── out
│ ├── production
│ │ └── burp_sqlmap
│ │ │ ├── META-INF
│ │ │ └── MANIFEST.MF
│ │ │ ├── burp
│ │ │ ├── ITab.class
│ │ │ ├── Context.class
│ │ │ ├── EnvUtil.class
│ │ │ ├── ICookie.class
│ │ │ ├── ITempFile.class
│ │ │ ├── IParameter.class
│ │ │ ├── IScanIssue.class
│ │ │ ├── ITextEditor.class
│ │ │ ├── BurpExtender$1.class
│ │ │ ├── BurpExtender.class
│ │ │ ├── IBurpExtender.class
│ │ │ ├── IHttpListener.class
│ │ │ ├── IHttpService.class
│ │ │ ├── IMessageEditor.class
│ │ │ ├── IProxyListener.class
│ │ │ ├── IRequestInfo.class
│ │ │ ├── IResponseInfo.class
│ │ │ ├── IScanQueueItem.class
│ │ │ ├── IScannerCheck.class
│ │ │ ├── SqlmapStarter.class
│ │ │ ├── BurpExtender$1$1.class
│ │ │ ├── IIntruderAttack.class
│ │ │ ├── IMenuItemHandler.class
│ │ │ ├── IScannerListener.class
│ │ │ ├── IContextMenuFactory.class
│ │ │ ├── IExtensionHelpers.class
│ │ │ ├── IMessageEditorTab.class
│ │ │ ├── IHttpRequestResponse.class
│ │ │ ├── IScopeChangeListener.class
│ │ │ ├── IBurpExtenderCallbacks.class
│ │ │ ├── IContextMenuInvocation.class
│ │ │ ├── IExtensionStateListener.class
│ │ │ ├── IInterceptedProxyMessage.class
│ │ │ ├── IMessageEditorController.class
│ │ │ ├── IMessageEditorTabFactory.class
│ │ │ ├── IScannerInsertionPoint.class
│ │ │ ├── ISessionHandlingAction.class
│ │ │ ├── IIntruderPayloadGenerator.class
│ │ │ ├── IIntruderPayloadProcessor.class
│ │ │ ├── SnifferContextMenuFactory.class
│ │ │ ├── IHttpRequestResponsePersisted.class
│ │ │ ├── SnifferContextMenuFactory$1.class
│ │ │ ├── IHttpRequestResponseWithMarkers.class
│ │ │ ├── IScannerInsertionPointProvider.class
│ │ │ └── IIntruderPayloadGeneratorFactory.class
│ │ │ └── latershow
│ │ │ └── sniffer
│ │ │ └── Main.class
│ └── artifacts
│ │ └── burp_sqlmap_jar
│ │ └── burp_sqlmap.jar
└── burp_sqlmap.iml
├── sqlmap-classpath
├── commons-io-2.4.jar
└── commons-lang3-3.6.jar
└── README.md
/sql.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sql.jpg
--------------------------------------------------------------------------------
/sql2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sql2.jpg
--------------------------------------------------------------------------------
/jd-gui.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/jd-gui.jpg
--------------------------------------------------------------------------------
/sqlmap.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sqlmap.jar
--------------------------------------------------------------------------------
/sqlmap4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sqlmap4.jpg
--------------------------------------------------------------------------------
/sqlmap2burp.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sqlmap2burp.jpg
--------------------------------------------------------------------------------
/sqlmap4burp.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sqlmap4burp.jar
--------------------------------------------------------------------------------
/sqlmap4burp.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sqlmap4burp.jpg
--------------------------------------------------------------------------------
/burp_sqlmap/src/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Main-Class: latershow.sniffer.Main
3 |
4 |
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/description.html:
--------------------------------------------------------------------------------
1 | Simple Java application that includes a class with main() method
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | Main-Class: latershow.sniffer.Main
3 |
4 |
--------------------------------------------------------------------------------
/sqlmap-classpath/commons-io-2.4.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sqlmap-classpath/commons-io-2.4.jar
--------------------------------------------------------------------------------
/sqlmap-classpath/commons-lang3-3.6.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/sqlmap-classpath/commons-lang3-3.6.jar
--------------------------------------------------------------------------------
/burp_sqlmap/src/latershow/sniffer/Main.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/src/latershow/sniffer/Main.java
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/ITab.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/ITab.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/artifacts/burp_sqlmap_jar/burp_sqlmap.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/artifacts/burp_sqlmap_jar/burp_sqlmap.jar
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/Context.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/Context.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/EnvUtil.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/EnvUtil.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/ICookie.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/ICookie.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/ITempFile.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/ITempFile.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IParameter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IParameter.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IScanIssue.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IScanIssue.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/ITextEditor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/ITextEditor.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/BurpExtender$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/BurpExtender$1.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/BurpExtender.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/BurpExtender.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IBurpExtender.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IBurpExtender.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpListener.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpService.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpService.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditor.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IProxyListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IProxyListener.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IRequestInfo.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IRequestInfo.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IResponseInfo.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IResponseInfo.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IScanQueueItem.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IScanQueueItem.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerCheck.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerCheck.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/SqlmapStarter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/SqlmapStarter.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/BurpExtender$1$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/BurpExtender$1$1.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderAttack.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderAttack.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IMenuItemHandler.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IMenuItemHandler.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerListener.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IContextMenuFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IContextMenuFactory.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IExtensionHelpers.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IExtensionHelpers.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditorTab.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditorTab.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/latershow/sniffer/Main.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/latershow/sniffer/Main.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpRequestResponse.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpRequestResponse.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IScopeChangeListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IScopeChangeListener.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IBurpExtenderCallbacks.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IBurpExtenderCallbacks.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IContextMenuInvocation.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IContextMenuInvocation.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IExtensionStateListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IExtensionStateListener.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IInterceptedProxyMessage.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IInterceptedProxyMessage.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditorController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditorController.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditorTabFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IMessageEditorTabFactory.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerInsertionPoint.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerInsertionPoint.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/ISessionHandlingAction.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/ISessionHandlingAction.class
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderPayloadGenerator.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderPayloadGenerator.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderPayloadProcessor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderPayloadProcessor.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/SnifferContextMenuFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/SnifferContextMenuFactory.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpRequestResponsePersisted.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpRequestResponsePersisted.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/SnifferContextMenuFactory$1.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/SnifferContextMenuFactory$1.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpRequestResponseWithMarkers.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IHttpRequestResponseWithMarkers.class
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerInsertionPointProvider.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IScannerInsertionPointProvider.class
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderPayloadGeneratorFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jas502n/SqlMap_BurpSuite/HEAD/burp_sqlmap/out/production/burp_sqlmap/burp/IIntruderPayloadGeneratorFactory.class
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/artifacts/burp_sqlmap_jar.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | $PROJECT_DIR$/out/artifacts/burp_sqlmap_jar
4 |
5 |
6 |
7 |
8 |
9 |
10 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/EnvUtil.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /**
4 | * Created by liushuqing on 16/11/2.
5 | */
6 | public class EnvUtil {
7 |
8 | private static String OS_NAME = System.getProperties().getProperty("os.name").toUpperCase();
9 |
10 | /**
11 | * if local env is windows(true) or linux(false)
12 | *
13 | * @return
14 | */
15 | public static boolean isWindows() {
16 | System.out.println("local env is:" + OS_NAME);
17 | if (OS_NAME.contains("WINDOW")) {
18 | System.out.println("local env is windows");
19 | return true;
20 | } else {
21 | System.out.println("local env is linux");
22 | }
23 | return false;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IScopeChangeListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScopeChangeListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register
15 | * a scope change listener. The listener will be notified whenever a change
16 | * occurs to Burp's suite-wide target scope.
17 | */
18 | public interface IScopeChangeListener
19 | {
20 | /**
21 | * This method is invoked whenever a change occurs to Burp's suite-wide
22 | * target scope.
23 | */
24 | void scopeChanged();
25 | }
26 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # SqlMap_BurpSuite
2 |
3 |
4 | ### 编译好的sqlmap.jar
5 |
6 | https://github.com/jas502n/SqlMap_BurpSuite/blob/master/burp_sqlmap/out/artifacts/burp_sqlmap_jar/burp_sqlmap.jar
7 |
8 |
9 | 
10 | 
11 | 
12 |
13 | ### grep -r "send to Sqlmap"
14 | `src/burp/SnifferContextMenuFactory.java: JMenuItem jMenuItem = new JMenuItem("send to Sqlmap"); `
15 |
16 | `JMenuItem jMenuItem = new JMenuItem("send to sqlmap4burp");`
17 |
18 | 
19 |
20 | https://github.com/jas502n/SqlMap_BurpSuite/blob/master/sqlmap4burp.jar
21 | 
22 | 
23 |
24 | ## 使用Burp, Sqlmap进行自动化批量SQL注入渗透测试
25 |
26 | https://t0data.gitbooks.io/burpsuite/content/chapter18.html
27 |
28 | 
29 |
30 |
31 | ### 参考链接
32 |
33 | https://github.com/difcareer/sqlmap4burp
34 |
35 | https://t0data.gitbooks.io/burpsuite/content/chapter18.html
36 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IIntruderAttack.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderAttack.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an Intruder attack.
14 | */
15 | public interface IIntruderAttack
16 | {
17 | /**
18 | * This method is used to retrieve the HTTP service for the attack.
19 | *
20 | * @return The HTTP service for the attack.
21 | */
22 | IHttpService getHttpService();
23 |
24 | /**
25 | * This method is used to retrieve the request template for the attack.
26 | *
27 | * @return The request template for the attack.
28 | */
29 | byte[] getRequestTemplate();
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IHttpRequestResponsePersisted.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponsePersisted.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for an
14 | * IHttpRequestResponse object whose request and response messages
15 | * have been saved to temporary files using
16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles().
17 | */
18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
19 | {
20 | /**
21 | * This method is used to permanently delete the saved temporary files. It
22 | * will no longer be possible to retrieve the request or response for this
23 | * item.
24 | */
25 | void deleteTempFiles();
26 | }
27 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is used to permanently delete the temporary file when it is
30 | * no longer required.
31 | */
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/Context.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import java.util.Properties;
4 |
5 | /**
6 | * Created by wm on 2014/9/25.
7 | */
8 | public class Context {
9 |
10 | public static Properties properties = System.getProperties();
11 |
12 | public final static String tempDir = (String) properties.get("java.io.tmpdir");
13 |
14 | public static String tempReqName = null;
15 |
16 | public static String tempBatName = null;
17 |
18 | public static String userConfig = null;
19 |
20 | public static String getTempReqName(boolean reGet) {
21 | if (tempReqName == null || reGet) {
22 | long ms = System.currentTimeMillis();
23 | tempReqName = tempDir + "/" + ms + ".req";
24 | }
25 | return tempReqName;
26 | }
27 |
28 | public static String getTempBatName(boolean reGet){
29 | if (tempBatName == null || reGet) {
30 | long ms = System.currentTimeMillis();
31 | tempBatName = tempDir + "/" + ms + ".bat";
32 | }
33 | return tempBatName;
34 | }
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionStateListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to
15 | * register an extension state listener. The listener will be notified of
16 | * changes to the extension's state. Note: Any extensions that start
17 | * background threads or open system resources (such as files or database
18 | * connections) should register a listener and terminate threads / close
19 | * resources when the extension is unloaded.
20 | */
21 | public interface IExtensionStateListener
22 | {
23 | /**
24 | * This method is called when the extension is unloaded.
25 | */
26 | void extensionUnloaded();
27 | }
28 |
--------------------------------------------------------------------------------
/burp_sqlmap/burp_sqlmap.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IBurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtender.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * All extensions must implement this interface.
14 | *
15 | * Implementations must be called BurpExtender, in the package burp, must be
16 | * declared public, and must provide a default (public, no-argument)
17 | * constructor.
18 | */
19 | public interface IBurpExtender
20 | {
21 | /**
22 | * This method is invoked when the extension is loaded. It registers an
23 | * instance of the
24 | * IBurpExtenderCallbacks interface, providing methods that may
25 | * be invoked by the extension to perform various actions.
26 | *
27 | * @param callbacks An
28 | * IBurpExtenderCallbacks object.
29 | */
30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
31 | }
32 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpService.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to provide details about an HTTP service, to which
14 | * HTTP requests can be sent.
15 | */
16 | public interface IHttpService
17 | {
18 | /**
19 | * This method returns the hostname or IP address for the service.
20 | *
21 | * @return The hostname or IP address for the service.
22 | */
23 | String getHost();
24 |
25 | /**
26 | * This method returns the port number for the service.
27 | *
28 | * @return The port number for the service.
29 | */
30 | int getPort();
31 |
32 | /**
33 | * This method returns the protocol for the service.
34 | *
35 | * @return The protocol for the service. Expected values are "http" or
36 | * "https".
37 | */
38 | String getProtocol();
39 | }
40 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide Burp with details of a custom tab that will
16 | * be added to Burp's UI, using a method such as
17 | * IBurpExtenderCallbacks.addSuiteTab().
18 | */
19 | public interface ITab
20 | {
21 | /**
22 | * Burp uses this method to obtain the caption that should appear on the
23 | * custom tab when it is displayed.
24 | *
25 | * @return The caption that should appear on the custom tab when it is
26 | * displayed.
27 | */
28 | String getTabCaption();
29 |
30 | /**
31 | * Burp uses this method to obtain the component that should be used as the
32 | * contents of the custom tab when it is displayed.
33 | *
34 | * @return The component that should be used as the contents of the custom
35 | * tab when it is displayed.
36 | */
37 | Component getUiComponent();
38 | }
39 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IMenuItemHandler.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMenuItemHandler.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom
15 | * context menu item.
16 | *
17 | * @deprecated Use
18 | * IContextMenuFactory instead.
19 | */
20 | @Deprecated
21 | public interface IMenuItemHandler
22 | {
23 | /**
24 | * This method is invoked by Burp Suite when the user clicks on a custom
25 | * menu item which the extension has registered with Burp.
26 | *
27 | * @param menuItemCaption The caption of the menu item which was clicked.
28 | * This parameter enables extensions to provide a single implementation
29 | * which handles multiple different menu items.
30 | * @param messageInfo Details of the HTTP message(s) for which the context
31 | * menu was displayed.
32 | */
33 | void menuItemClicked(
34 | String menuItemCaption,
35 | IHttpRequestResponse[] messageInfo);
36 | }
37 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IProxyListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IProxyListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerProxyListener() to register a
15 | * Proxy listener. The listener will be notified of requests and responses being
16 | * processed by the Proxy tool. Extensions can perform custom analysis or
17 | * modification of these messages, and control in-UI message interception, by
18 | * registering a proxy listener.
19 | */
20 | public interface IProxyListener
21 | {
22 | /**
23 | * This method is invoked when an HTTP message is being processed by the
24 | * Proxy.
25 | *
26 | * @param messageIsRequest Indicates whether the HTTP message is a request
27 | * or a response.
28 | * @param message An
29 | * IInterceptedProxyMessage object that extensions can use to
30 | * query and update details of the message, and control whether the message
31 | * should be intercepted and displayed to the user for manual review or
32 | * modification.
33 | */
34 | void processProxyMessage(
35 | boolean messageIsRequest,
36 | IInterceptedProxyMessage message);
37 | }
38 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 | import javax.swing.JMenuItem;
14 |
15 | /**
16 | * Extensions can implement this interface and then call
17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register
18 | * a factory for custom context menu items.
19 | */
20 | public interface IContextMenuFactory
21 | {
22 | /**
23 | * This method will be called by Burp when the user invokes a context menu
24 | * anywhere within Burp. The factory can then provide any custom context
25 | * menu items that should be displayed in the context menu, based on the
26 | * details of the menu invocation.
27 | *
28 | * @param invocation An object that implements the
29 | * IMessageEditorTabFactory interface, which the extension can
30 | * query to obtain details of the context menu invocation.
31 | * @return A list of custom menu items (which may include sub-menus,
32 | * checkbox menu items, etc.) that should be displayed. Extensions may
33 | * return
34 | * null from this method, to indicate that no menu items are
35 | * required.
36 | */
37 | List createMenuItems(IContextMenuInvocation invocation);
38 | }
39 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IScannerInsertionPointProvider.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPointProvider.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider()
17 | * to register a factory for custom Scanner insertion points.
18 | */
19 | public interface IScannerInsertionPointProvider
20 | {
21 | /**
22 | * When a request is actively scanned, the Scanner will invoke this method,
23 | * and the provider should provide a list of custom insertion points that
24 | * will be used in the scan. Note: these insertion points are used in
25 | * addition to those that are derived from Burp Scanner's configuration, and
26 | * those provided by any other Burp extensions.
27 | *
28 | * @param baseRequestResponse The base request that will be actively
29 | * scanned.
30 | * @return A list of
31 | * IScannerInsertionPoint objects that should be used in the
32 | * scanning, or
33 | * null if no custom insertion points are applicable for this
34 | * request.
35 | */
36 | List getInsertionPoints(
37 | IHttpRequestResponse baseRequestResponse);
38 | }
39 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IIntruderPayloadGeneratorFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGeneratorFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
15 | * to register a factory for custom Intruder payloads.
16 | */
17 | public interface IIntruderPayloadGeneratorFactory
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload generator.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use extension-generated payloads.
23 | *
24 | * @return The name of the payload generator.
25 | */
26 | String getGeneratorName();
27 |
28 | /**
29 | * This method is used by Burp when the user starts an Intruder attack that
30 | * uses this payload generator.
31 | *
32 | * @param attack An
33 | * IIntruderAttack object that can be queried to obtain details
34 | * about the attack in which the payload generator will be used.
35 | * @return A new instance of
36 | * IIntruderPayloadGenerator that will be used to generate
37 | * payloads for the attack.
38 | */
39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
40 | }
41 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IHttpListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerHttpListener() to register an
15 | * HTTP listener. The listener will be notified of requests and responses made
16 | * by any Burp tool. Extensions can perform custom analysis or modification of
17 | * these messages by registering an HTTP listener.
18 | */
19 | public interface IHttpListener
20 | {
21 | /**
22 | * This method is invoked when an HTTP request is about to be issued, and
23 | * when an HTTP response has been received.
24 | *
25 | * @param toolFlag A flag indicating the Burp tool that issued the request.
26 | * Burp tool flags are defined in the
27 | * IBurpExtenderCallbacks interface.
28 | * @param messageIsRequest Flags whether the method is being invoked for a
29 | * request or response.
30 | * @param messageInfo Details of the request / response to be processed.
31 | * Extensions can call the setter methods on this object to update the
32 | * current message and so modify Burp's behavior.
33 | */
34 | void processHttpMessage(int toolFlag,
35 | boolean messageIsRequest,
36 | IHttpRequestResponse messageInfo);
37 | }
38 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTabFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
15 | * register a factory for custom message editor tabs. This allows extensions to
16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
17 | * editor.
18 | */
19 | public interface IMessageEditorTabFactory
20 | {
21 | /**
22 | * Burp will call this method once for each HTTP message editor, and the
23 | * factory should provide a new instance of an
24 | * IMessageEditorTab object.
25 | *
26 | * @param controller An
27 | * IMessageEditorController object, which the new tab can query
28 | * to retrieve details about the currently displayed message. This may be
29 | * null for extension-invoked message editors where the
30 | * extension has not provided an editor controller.
31 | * @param editable Indicates whether the hosting editor is editable or
32 | * read-only.
33 | * @return A new
34 | * IMessageEditorTab object for use within the message editor.
35 | */
36 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
37 | boolean editable);
38 | }
39 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/SnifferContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import org.apache.commons.io.FileUtils;
4 |
5 | import javax.swing.*;
6 | import java.awt.event.ActionEvent;
7 | import java.awt.event.ActionListener;
8 | import java.io.File;
9 | import java.io.IOException;
10 | import java.util.ArrayList;
11 | import java.util.List;
12 |
13 | /**
14 | * Created by wm on 2014/9/24.
15 | */
16 | public class SnifferContextMenuFactory implements IContextMenuFactory {
17 |
18 | IExtensionHelpers helpers;
19 |
20 | public SnifferContextMenuFactory(IExtensionHelpers helpers){
21 | this.helpers = helpers;
22 | }
23 |
24 |
25 | @Override
26 | public List createMenuItems(final IContextMenuInvocation invocation) {
27 | List list = new ArrayList();
28 | JMenuItem jMenuItem = new JMenuItem("send to Sqlmap");
29 | list.add(jMenuItem);
30 | jMenuItem.addActionListener(new ActionListener() {
31 | @Override
32 | public void actionPerformed(ActionEvent e) {
33 | IHttpRequestResponse[] messages = invocation.getSelectedMessages();
34 | byte[] req = messages[0].getRequest();
35 | File file = new File(Context.getTempReqName(true));
36 | try {
37 | FileUtils.writeByteArrayToFile(file,req);
38 | } catch (IOException e1) {
39 | e1.printStackTrace();
40 | }
41 | System.out.println("sent to sqlMap");
42 | new Thread(new SqlmapStarter()).start();
43 |
44 | }
45 | });
46 | return list;
47 | }
48 |
49 | }
50 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/ICookie.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ICookie.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.Date;
13 |
14 | /**
15 | * This interface is used to hold details about an HTTP cookie.
16 | */
17 | public interface ICookie
18 | {
19 | /**
20 | * This method is used to retrieve the domain for which the cookie is in
21 | * scope.
22 | *
23 | * @return The domain for which the cookie is in scope. Note: For
24 | * cookies that have been analyzed from responses (by calling
25 | * IExtensionHelpers.analyzeResponse() and then
26 | * IResponseInfo.getCookies(), the domain will be
27 | * null if the response did not explicitly set a domain
28 | * attribute for the cookie.
29 | */
30 | String getDomain();
31 |
32 | /**
33 | * This method is used to retrieve the expiration time for the cookie.
34 | *
35 | * @return The expiration time for the cookie, or
36 | * null if none is set (i.e., for non-persistent session
37 | * cookies).
38 | */
39 | Date getExpiration();
40 |
41 | /**
42 | * This method is used to retrieve the name of the cookie.
43 | *
44 | * @return The name of the cookie.
45 | */
46 | String getName();
47 |
48 | /**
49 | * This method is used to retrieve the value of the cookie.
50 | * @return The value of the cookie.
51 | */
52 | String getValue();
53 | }
54 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IIntruderPayloadProcessor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadProcessor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
15 | * register a custom Intruder payload processor.
16 | */
17 | public interface IIntruderPayloadProcessor
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload processor.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use an extension-provided payload processor.
23 | *
24 | * @return The name of the payload processor.
25 | */
26 | String getProcessorName();
27 |
28 | /**
29 | * This method is invoked by Burp each time the processor should be applied
30 | * to an Intruder payload.
31 | *
32 | * @param currentPayload The value of the payload to be processed.
33 | * @param originalPayload The value of the original payload prior to
34 | * processing by any already-applied processing rules.
35 | * @param baseValue The base value of the payload position, which will be
36 | * replaced with the current payload.
37 | * @return The value of the processed payload. This may be
38 | * null to indicate that the current payload should be skipped,
39 | * and the attack will move directly to the next payload.
40 | */
41 | byte[] processPayload(
42 | byte[] currentPayload,
43 | byte[] originalPayload,
44 | byte[] baseValue);
45 | }
46 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IHttpRequestResponseWithMarkers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponseWithMarkers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used for an
16 | * IHttpRequestResponse object that has had markers applied.
17 | * Extensions can create instances of this interface using
18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own
19 | * implementation. Markers are used in various situations, such as specifying
20 | * Intruder payload positions, Scanner insertion points, and highlights in
21 | * Scanner issues.
22 | */
23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
24 | {
25 | /**
26 | * This method returns the details of the request markers.
27 | *
28 | * @return A list of index pairs representing the offsets of markers for the
29 | * request message. Each item in the list is an int[2] array containing the
30 | * start and end offsets for the marker. The method may return
31 | * null if no request markers are defined.
32 | */
33 | List getRequestMarkers();
34 |
35 | /**
36 | * This method returns the details of the response markers.
37 | *
38 | * @return A list of index pairs representing the offsets of markers for the
39 | * response message. Each item in the list is an int[2] array containing the
40 | * start and end offsets for the marker. The method may return
41 | * null if no response markers are defined.
42 | */
43 | List getResponseMarkers();
44 | }
45 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IIntruderPayloadGenerator.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGenerator.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for custom Intruder payload generators. Extensions
14 | * that have registered an
15 | * IIntruderPayloadGeneratorFactory must return a new instance of
16 | * this interface when required as part of a new Intruder attack.
17 | */
18 | public interface IIntruderPayloadGenerator
19 | {
20 | /**
21 | * This method is used by Burp to determine whether the payload generator is
22 | * able to provide any further payloads.
23 | *
24 | * @return Extensions should return
25 | * false when all the available payloads have been used up,
26 | * otherwise
27 | * true.
28 | */
29 | boolean hasMorePayloads();
30 |
31 | /**
32 | * This method is used by Burp to obtain the value of the next payload.
33 | *
34 | * @param baseValue The base value of the current payload position. This
35 | * value may be
36 | * null if the concept of a base value is not applicable (e.g.
37 | * in a battering ram attack).
38 | * @return The next payload to use in the attack.
39 | */
40 | byte[] getNextPayload(byte[] baseValue);
41 |
42 | /**
43 | * This method is used by Burp to reset the state of the payload generator
44 | * so that the next call to
45 | * getNextPayload() returns the first payload again. This
46 | * method will be invoked when an attack uses the same payload generator for
47 | * more than one payload position, for example in a sniper attack.
48 | */
49 | void reset();
50 | }
51 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorController.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used by an
14 | * IMessageEditor to obtain details about the currently displayed
15 | * message. Extensions that create instances of Burp's HTTP message editor can
16 | * optionally provide an implementation of
17 | * IMessageEditorController, which the editor will invoke when it
18 | * requires further information about the current message (for example, to send
19 | * it to another Burp tool). Extensions that provide custom editor tabs via an
20 | * IMessageEditorTabFactory will receive a reference to an
21 | * IMessageEditorController object for each tab instance they
22 | * generate, which the tab can invoke if it requires further information about
23 | * the current message.
24 | */
25 | public interface IMessageEditorController
26 | {
27 | /**
28 | * This method is used to retrieve the HTTP service for the current message.
29 | *
30 | * @return The HTTP service for the current message.
31 | */
32 | IHttpService getHttpService();
33 |
34 | /**
35 | * This method is used to retrieve the HTTP request associated with the
36 | * current message (which may itself be a response).
37 | *
38 | * @return The HTTP request associated with the current message.
39 | */
40 | byte[] getRequest();
41 |
42 | /**
43 | * This method is used to retrieve the HTTP response associated with the
44 | * current message (which may itself be a request).
45 | *
46 | * @return The HTTP response associated with the current message.
47 | */
48 | byte[] getResponse();
49 | }
50 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/SqlmapStarter.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import org.apache.commons.io.FileUtils;
4 | import org.apache.commons.lang3.StringUtils;
5 |
6 | import java.io.BufferedReader;
7 | import java.io.File;
8 | import java.io.IOException;
9 | import java.io.InputStreamReader;
10 | import java.util.Properties;
11 |
12 | /**
13 | * Created by wm on 2014/9/25.
14 | */
15 | public class SqlmapStarter implements Runnable {
16 |
17 |
18 | @Override
19 | public void run() {
20 | try {
21 | StringBuilder sb = new StringBuilder();
22 | sb.append("sqlmap.py -r " + Context.getTempReqName(false));
23 | if (StringUtils.isNoneBlank(Context.userConfig)) {
24 | sb.append(" " + Context.userConfig);
25 | }
26 | File batFile = new File(Context.getTempBatName(true));
27 | if (!batFile.exists()) {
28 | batFile.createNewFile();
29 | }
30 | FileUtils.writeByteArrayToFile(batFile, sb.toString().getBytes());
31 | boolean isWindows= EnvUtil.isWindows();
32 | String command="/bin/sh " + Context.getTempBatName(false);
33 | if(isWindows){
34 | command="cmd /c start " + Context.getTempBatName(false);
35 | }
36 | System.out.println("use command: " + command);
37 | Process process = Runtime.getRuntime().exec(command);
38 | InputStreamReader ir = new
39 | InputStreamReader(process.getInputStream());
40 | BufferedReader input = new BufferedReader (ir);
41 | String line;
42 | while ((line = input.readLine()) != null) {
43 | System.out.println(line);
44 | }
45 | System.out.println("**----sqlMap finish!!!----**");
46 | } catch (IOException e) {
47 | e.printStackTrace();
48 | }
49 |
50 | }
51 |
52 | public static void main(String[] args) {
53 | // new Thread(new SqlmapStarter()).start();
54 | Properties properties = System.getProperties();
55 | System.out.println(properties.get("java.io.tmpdir"));
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IMessageEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's HTTP
16 | * message editor, for the extension to use in its own UI. Extensions should
17 | * call
18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an
19 | * instance of this interface.
20 | */
21 | public interface IMessageEditor
22 | {
23 | /**
24 | * This method returns the UI component of the editor, for extensions to add
25 | * to their own UI.
26 | *
27 | * @return The UI component of the editor.
28 | */
29 | Component getComponent();
30 |
31 | /**
32 | * This method is used to display an HTTP message in the editor.
33 | *
34 | * @param message The HTTP message to be displayed.
35 | * @param isRequest Flags whether the message is an HTTP request or
36 | * response.
37 | */
38 | void setMessage(byte[] message, boolean isRequest);
39 |
40 | /**
41 | * This method is used to retrieve the currently displayed message, which
42 | * may have been modified by the user.
43 | *
44 | * @return The currently displayed HTTP message.
45 | */
46 | byte[] getMessage();
47 |
48 | /**
49 | * This method is used to determine whether the current message has been
50 | * modified by the user.
51 | *
52 | * @return An indication of whether the current message has been modified by
53 | * the user since it was first displayed.
54 | */
55 | boolean isMessageModified();
56 |
57 | /**
58 | * This method returns the data that is currently selected by the user.
59 | *
60 | * @return The data that is currently selected by the user, or
61 | * null if no selection is made.
62 | */
63 | byte[] getSelectedData();
64 | }
65 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import javax.swing.*;
4 | import java.awt.*;
5 | import java.awt.event.ActionEvent;
6 | import java.awt.event.ActionListener;
7 |
8 | /**
9 | * Author: latershow
10 | * Date: 14-8-23
11 | * Time: 下午4:53
12 | */
13 | public class BurpExtender implements IBurpExtender, ITab, IHttpListener {
14 |
15 | private IExtensionHelpers helpers;
16 | private JPanel mainPanel;
17 |
18 | @Override
19 | public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) {
20 | this.helpers = callbacks.getHelpers();
21 |
22 | callbacks.registerContextMenuFactory(new SnifferContextMenuFactory(this.helpers));
23 |
24 | callbacks.setExtensionName("Sqlmap");
25 | callbacks.registerHttpListener(this);
26 | SwingUtilities.invokeLater(new Runnable() {
27 | public void run() {
28 | mainPanel = new JPanel();
29 | final JTextArea config = new JTextArea();
30 | config.setRows(10);
31 | config.setColumns(100);
32 | final JButton submit = new JButton("save");
33 | mainPanel.add(config);
34 | mainPanel.add(submit);
35 | callbacks.customizeUiComponent(submit);
36 | callbacks.customizeUiComponent(config);
37 | callbacks.customizeUiComponent(mainPanel);
38 | callbacks.addSuiteTab(BurpExtender.this);
39 | submit.addActionListener(new ActionListener() {
40 | @Override
41 | public void actionPerformed(ActionEvent e) {
42 | Context.userConfig = config.getText();
43 | submit.setText("saved...");
44 | }
45 | });
46 | }
47 | });
48 | }
49 |
50 | @Override
51 | public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
52 |
53 | }
54 |
55 | @Override
56 | public String getTabCaption() {
57 | return "Sqlmap";
58 | }
59 |
60 | @Override
61 | public Component getUiComponent() {
62 | return mainPanel;
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/ISessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ISessionHandlingAction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to
15 | * register a custom session handling action. Each registered action will be
16 | * available within the session handling rule UI for the user to select as a
17 | * rule action. Users can choose to invoke an action directly in its own right,
18 | * or following execution of a macro.
19 | */
20 | public interface ISessionHandlingAction
21 | {
22 | /**
23 | * This method is used by Burp to obtain the name of the session handling
24 | * action. This will be displayed as an option within the session handling
25 | * rule editor when the user selects to execute an extension-provided
26 | * action.
27 | *
28 | * @return The name of the action.
29 | */
30 | String getActionName();
31 |
32 | /**
33 | * This method is invoked when the session handling action should be
34 | * executed. This may happen as an action in its own right, or as a
35 | * sub-action following execution of a macro.
36 | *
37 | * @param currentRequest The base request that is currently being processed.
38 | * The action can query this object to obtain details about the base
39 | * request. It can issue additional requests of its own if necessary, and
40 | * can use the setter methods on this object to update the base request.
41 | * @param macroItems If the action is invoked following execution of a
42 | * macro, this parameter contains the result of executing the macro.
43 | * Otherwise, it is
44 | * null. Actions can use the details of the macro items to
45 | * perform custom analysis of the macro to derive values of non-standard
46 | * session handling tokens, etc.
47 | */
48 | void performAction(
49 | IHttpRequestResponse currentRequest,
50 | IHttpRequestResponse[] macroItems);
51 | }
52 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IResponseInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to retrieve key details about an HTTP response.
16 | * Extensions can obtain an
17 | * IResponseInfo object for a given response by calling
18 | * IExtensionHelpers.analyzeResponse().
19 | */
20 | public interface IResponseInfo
21 | {
22 | /**
23 | * This method is used to obtain the HTTP headers contained in the response.
24 | *
25 | * @return The HTTP headers contained in the response.
26 | */
27 | List getHeaders();
28 |
29 | /**
30 | * This method is used to obtain the offset within the response where the
31 | * message body begins.
32 | *
33 | * @return The offset within the response where the message body begins.
34 | */
35 | int getBodyOffset();
36 |
37 | /**
38 | * This method is used to obtain the HTTP status code contained in the
39 | * response.
40 | *
41 | * @return The HTTP status code contained in the response.
42 | */
43 | short getStatusCode();
44 |
45 | /**
46 | * This method is used to obtain details of the HTTP cookies set in the
47 | * response.
48 | *
49 | * @return A list of ICookie objects representing the cookies
50 | * set in the response, if any.
51 | */
52 | List getCookies();
53 |
54 | /**
55 | * This method is used to obtain the MIME type of the response, as stated in
56 | * the HTTP headers.
57 | *
58 | * @return A textual label for the stated MIME type, or an empty String if
59 | * this is not known or recognized. The possible labels are the same as
60 | * those used in the main Burp UI.
61 | */
62 | String getStatedMimeType();
63 |
64 | /**
65 | * This method is used to obtain the MIME type of the response, as inferred
66 | * from the contents of the HTTP message body.
67 | *
68 | * @return A textual label for the inferred MIME type, or an empty String if
69 | * this is not known or recognized. The possible labels are the same as
70 | * those used in the main Burp UI.
71 | */
72 | String getInferredMimeType();
73 | }
74 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IScanQueueItem.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanQueueItem.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of items in the Burp Scanner
14 | * active scan queue. Extensions can obtain references to scan queue items by
15 | * calling
16 | * IBurpExtenderCallbacks.doActiveScan().
17 | */
18 | public interface IScanQueueItem
19 | {
20 | /**
21 | * This method returns a description of the status of the scan queue item.
22 | *
23 | * @return A description of the status of the scan queue item.
24 | */
25 | String getStatus();
26 |
27 | /**
28 | * This method returns an indication of the percentage completed for the
29 | * scan queue item.
30 | *
31 | * @return An indication of the percentage completed for the scan queue
32 | * item.
33 | */
34 | byte getPercentageComplete();
35 |
36 | /**
37 | * This method returns the number of requests that have been made for the
38 | * scan queue item.
39 | *
40 | * @return The number of requests that have been made for the scan queue
41 | * item.
42 | */
43 | int getNumRequests();
44 |
45 | /**
46 | * This method returns the number of network errors that have occurred for
47 | * the scan queue item.
48 | *
49 | * @return The number of network errors that have occurred for the scan
50 | * queue item.
51 | */
52 | int getNumErrors();
53 |
54 | /**
55 | * This method returns the number of attack insertion points being used for
56 | * the scan queue item.
57 | *
58 | * @return The number of attack insertion points being used for the scan
59 | * queue item.
60 | */
61 | int getNumInsertionPoints();
62 |
63 | /**
64 | * This method allows the scan queue item to be canceled.
65 | */
66 | void cancel();
67 |
68 | /**
69 | * This method returns details of the issues generated for the scan queue
70 | * item. Note: different items within the scan queue may contain
71 | * duplicated versions of the same issues - for example, if the same request
72 | * has been scanned multiple times. Duplicated issues are consolidated in
73 | * the main view of scan results. Extensions can register an
74 | * IScannerListener to get details only of unique, newly
75 | * discovered Scanner issues post-consolidation.
76 | *
77 | * @return Details of the issues generated for the scan queue item.
78 | */
79 | IScanIssue[] getIssues();
80 | }
81 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IRequestInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface is used to retrieve key details about an HTTP request.
17 | * Extensions can obtain an
18 | * IRequestInfo object for a given request by calling
19 | * IExtensionHelpers.analyzeRequest().
20 | */
21 | public interface IRequestInfo
22 | {
23 | /**
24 | * Used to indicate that there is no content.
25 | */
26 | static final byte CONTENT_TYPE_NONE = 0;
27 | /**
28 | * Used to indicate URL-encoded content.
29 | */
30 | static final byte CONTENT_TYPE_URL_ENCODED = 1;
31 | /**
32 | * Used to indicate multi-part content.
33 | */
34 | static final byte CONTENT_TYPE_MULTIPART = 2;
35 | /**
36 | * Used to indicate XML content.
37 | */
38 | static final byte CONTENT_TYPE_XML = 3;
39 | /**
40 | * Used to indicate JSON content.
41 | */
42 | static final byte CONTENT_TYPE_JSON = 4;
43 | /**
44 | * Used to indicate AMF content.
45 | */
46 | static final byte CONTENT_TYPE_AMF = 5;
47 | /**
48 | * Used to indicate unknown content.
49 | */
50 | static final byte CONTENT_TYPE_UNKNOWN = -1;
51 |
52 | /**
53 | * This method is used to obtain the HTTP method used in the request.
54 | *
55 | * @return The HTTP method used in the request.
56 | */
57 | String getMethod();
58 |
59 | /**
60 | * This method is used to obtain the URL in the request.
61 | *
62 | * @return The URL in the request.
63 | */
64 | URL getUrl();
65 |
66 | /**
67 | * This method is used to obtain the HTTP headers contained in the request.
68 | *
69 | * @return The HTTP headers contained in the request.
70 | */
71 | List getHeaders();
72 |
73 | /**
74 | * This method is used to obtain the parameters contained in the request.
75 | *
76 | * @return The parameters contained in the request.
77 | */
78 | List getParameters();
79 |
80 | /**
81 | * This method is used to obtain the offset within the request where the
82 | * message body begins.
83 | *
84 | * @return The offset within the request where the message body begins.
85 | */
86 | int getBodyOffset();
87 |
88 | /**
89 | * This method is used to obtain the content type of the message body.
90 | *
91 | * @return An indication of the content type of the message body. Available
92 | * types are defined within this interface.
93 | */
94 | byte getContentType();
95 | }
96 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/ITextEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITextEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's raw
16 | * text editor, for the extension to use in its own UI. Extensions should call
17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance
18 | * of this interface.
19 | */
20 | public interface ITextEditor
21 | {
22 | /**
23 | * This method returns the UI component of the editor, for extensions to add
24 | * to their own UI.
25 | *
26 | * @return The UI component of the editor.
27 | */
28 | Component getComponent();
29 |
30 | /**
31 | * This method is used to control whether the editor is currently editable.
32 | * This status can be toggled on and off as required.
33 | *
34 | * @param editable Indicates whether the editor should be currently
35 | * editable.
36 | */
37 | void setEditable(boolean editable);
38 |
39 | /**
40 | * This method is used to update the currently displayed text in the editor.
41 | *
42 | * @param text The text to be displayed.
43 | */
44 | void setText(byte[] text);
45 |
46 | /**
47 | * This method is used to retrieve the currently displayed text.
48 | *
49 | * @return The currently displayed text.
50 | */
51 | byte[] getText();
52 |
53 | /**
54 | * This method is used to determine whether the user has modified the
55 | * contents of the editor.
56 | *
57 | * @return An indication of whether the user has modified the contents of
58 | * the editor since the last call to
59 | * setText().
60 | */
61 | boolean isTextModified();
62 |
63 | /**
64 | * This method is used to obtain the currently selected text.
65 | *
66 | * @return The currently selected text, or
67 | * null if the user has not made any selection.
68 | */
69 | byte[] getSelectedText();
70 |
71 | /**
72 | * This method can be used to retrieve the bounds of the user's selection
73 | * into the displayed text, if applicable.
74 | *
75 | * @return An int[2] array containing the start and end offsets of the
76 | * user's selection within the displayed text. If the user has not made any
77 | * selection in the current message, both offsets indicate the position of
78 | * the caret within the editor.
79 | */
80 | int[] getSelectionBounds();
81 |
82 | /**
83 | * This method is used to update the search expression that is shown in the
84 | * search bar below the editor. The editor will automatically highlight any
85 | * regions of the displayed text that match the search expression.
86 | *
87 | * @param expression The search expression.
88 | */
89 | void setSearchExpression(String expression);
90 | }
91 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IHttpRequestResponse.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponse.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve and update details about HTTP messages.
14 | *
15 | * Note: The setter methods generally can only be used before the message
16 | * has been processed, and not in read-only contexts. The getter methods
17 | * relating to response details can only be used after the request has been
18 | * issued.
19 | */
20 | public interface IHttpRequestResponse
21 | {
22 | /**
23 | * This method is used to retrieve the request message.
24 | *
25 | * @return The request message.
26 | */
27 | byte[] getRequest();
28 |
29 | /**
30 | * This method is used to update the request message.
31 | *
32 | * @param message The new request message.
33 | */
34 | void setRequest(byte[] message);
35 |
36 | /**
37 | * This method is used to retrieve the response message.
38 | *
39 | * @return The response message.
40 | */
41 | byte[] getResponse();
42 |
43 | /**
44 | * This method is used to update the response message.
45 | *
46 | * @param message The new response message.
47 | */
48 | void setResponse(byte[] message);
49 |
50 | /**
51 | * This method is used to retrieve the user-annotated comment for this item,
52 | * if applicable.
53 | *
54 | * @return The user-annotated comment for this item, or null if none is set.
55 | */
56 | String getComment();
57 |
58 | /**
59 | * This method is used to update the user-annotated comment for this item.
60 | *
61 | * @param comment The comment to be assigned to this item.
62 | */
63 | void setComment(String comment);
64 |
65 | /**
66 | * This method is used to retrieve the user-annotated highlight for this
67 | * item, if applicable.
68 | *
69 | * @return The user-annotated highlight for this item, or null if none is
70 | * set.
71 | */
72 | String getHighlight();
73 |
74 | /**
75 | * This method is used to update the user-annotated highlight for this item.
76 | *
77 | * @param color The highlight color to be assigned to this item. Accepted
78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
79 | * or a null String to clear any existing highlight.
80 | */
81 | void setHighlight(String color);
82 |
83 | /**
84 | * This method is used to retrieve the HTTP service for this request /
85 | * response.
86 | *
87 | * @return An
88 | * IHttpService object containing details of the HTTP service.
89 | */
90 | IHttpService getHttpService();
91 |
92 | /**
93 | * This method is used to update the HTTP service for this request /
94 | * response.
95 | *
96 | * @param httpService An
97 | * IHttpService object containing details of the new HTTP
98 | * service.
99 | */
100 | void setHttpService(IHttpService httpService);
101 |
102 | }
103 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IParameter.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IParameter.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an HTTP request parameter.
14 | */
15 | public interface IParameter
16 | {
17 | /**
18 | * Used to indicate a parameter within the URL query string.
19 | */
20 | static final byte PARAM_URL = 0;
21 | /**
22 | * Used to indicate a parameter within the message body.
23 | */
24 | static final byte PARAM_BODY = 1;
25 | /**
26 | * Used to indicate an HTTP cookie.
27 | */
28 | static final byte PARAM_COOKIE = 2;
29 | /**
30 | * Used to indicate an item of data within an XML structure.
31 | */
32 | static final byte PARAM_XML = 3;
33 | /**
34 | * Used to indicate the value of a tag attribute within an XML structure.
35 | */
36 | static final byte PARAM_XML_ATTR = 4;
37 | /**
38 | * Used to indicate the value of a parameter attribute within a multi-part
39 | * message body (such as the name of an uploaded file).
40 | */
41 | static final byte PARAM_MULTIPART_ATTR = 5;
42 | /**
43 | * Used to indicate an item of data within a JSON structure.
44 | */
45 | static final byte PARAM_JSON = 6;
46 |
47 | /**
48 | * This method is used to retrieve the parameter type.
49 | *
50 | * @return The parameter type. The available types are defined within this
51 | * interface.
52 | */
53 | byte getType();
54 |
55 | /**
56 | * This method is used to retrieve the parameter name.
57 | *
58 | * @return The parameter name.
59 | */
60 | String getName();
61 |
62 | /**
63 | * This method is used to retrieve the parameter value.
64 | *
65 | * @return The parameter value.
66 | */
67 | String getValue();
68 |
69 | /**
70 | * This method is used to retrieve the start offset of the parameter name
71 | * within the HTTP request.
72 | *
73 | * @return The start offset of the parameter name within the HTTP request,
74 | * or -1 if the parameter is not associated with a specific request.
75 | */
76 | int getNameStart();
77 |
78 | /**
79 | * This method is used to retrieve the end offset of the parameter name
80 | * within the HTTP request.
81 | *
82 | * @return The end offset of the parameter name within the HTTP request, or
83 | * -1 if the parameter is not associated with a specific request.
84 | */
85 | int getNameEnd();
86 |
87 | /**
88 | * This method is used to retrieve the start offset of the parameter value
89 | * within the HTTP request.
90 | *
91 | * @return The start offset of the parameter value within the HTTP request,
92 | * or -1 if the parameter is not associated with a specific request.
93 | */
94 | int getValueStart();
95 |
96 | /**
97 | * This method is used to retrieve the end offset of the parameter value
98 | * within the HTTP request.
99 | *
100 | * @return The end offset of the parameter value within the HTTP request, or
101 | * -1 if the parameter is not associated with a specific request.
102 | */
103 | int getValueEnd();
104 | }
105 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerCheck.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a
17 | * custom Scanner check. When performing scanning, Burp will ask the check to
18 | * perform active or passive scanning on the base request, and report any
19 | * Scanner issues that are identified.
20 | */
21 | public interface IScannerCheck
22 | {
23 |
24 | /**
25 | * The Scanner invokes this method for each base request / response that is
26 | * passively scanned. Note: Extensions should not only analyze the
27 | * HTTP messages provided during passive scanning, and should not make any
28 | * new HTTP requests of their own.
29 | *
30 | * @param baseRequestResponse The base HTTP request / response that should
31 | * be passively scanned.
32 | * @return A list of IScanIssue objects, or null
33 | * if no issues are identified.
34 | */
35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse);
36 |
37 | /**
38 | * The Scanner invokes this method for each insertion point that is actively
39 | * scanned. Extensions may issue HTTP requests as required to carry out
40 | * active scanning, and should use the
41 | * IScannerInsertionPoint object provided to build scan
42 | * requests for particular payloads.
43 | * Note:
44 | * Scan checks should submit raw non-encoded payloads to insertion points,
45 | * and the insertion point has responsibility for performing any data
46 | * encoding that is necessary given the nature and location of the insertion
47 | * point.
48 | *
49 | * @param baseRequestResponse The base HTTP request / response that should
50 | * be actively scanned.
51 | * @param insertionPoint An IScannerInsertionPoint object that
52 | * can be queried to obtain details of the insertion point being tested, and
53 | * can be used to build scan requests for particular payloads.
54 | * @return A list of IScanIssue objects, or null
55 | * if no issues are identified.
56 | */
57 | List doActiveScan(
58 | IHttpRequestResponse baseRequestResponse,
59 | IScannerInsertionPoint insertionPoint);
60 |
61 | /**
62 | * The Scanner invokes this method when the custom Scanner check has
63 | * reported multiple issues for the same URL path. This can arise either
64 | * because there are multiple distinct vulnerabilities, or because the same
65 | * (or a similar) request has been scanned more than once. The custom check
66 | * should determine whether the issues are duplicates. In most cases, where
67 | * a check uses distinct issue names or descriptions for distinct issues,
68 | * the consolidation process will simply be a matter of comparing these
69 | * features for the two issues.
70 | *
71 | * @param existingIssue An issue that was previously reported by this
72 | * Scanner check.
73 | * @param newIssue An issue at the same URL path that has been newly
74 | * reported by this Scanner check.
75 | * @return An indication of which issue(s) should be reported in the main
76 | * Scanner results. The method should return -1 to report the
77 | * existing issue only, 0 to report both issues, and
78 | * 1 to report the new issue only.
79 | */
80 | int consolidateDuplicateIssues(
81 | IScanIssue existingIssue,
82 | IScanIssue newIssue);
83 | }
84 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IMessageEditorTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * Extensions that register an
16 | * IMessageEditorTabFactory must return instances of this
17 | * interface, which Burp will use to create custom tabs within its HTTP message
18 | * editors.
19 | */
20 | public interface IMessageEditorTab
21 | {
22 | /**
23 | * This method returns the caption that should appear on the custom tab when
24 | * it is displayed. Note: Burp invokes this method once when the tab
25 | * is first generated, and the same caption will be used every time the tab
26 | * is displayed.
27 | *
28 | * @return The caption that should appear on the custom tab when it is
29 | * displayed.
30 | */
31 | String getTabCaption();
32 |
33 | /**
34 | * This method returns the component that should be used as the contents of
35 | * the custom tab when it is displayed. Note: Burp invokes this
36 | * method once when the tab is first generated, and the same component will
37 | * be used every time the tab is displayed.
38 | *
39 | * @return The component that should be used as the contents of the custom
40 | * tab when it is displayed.
41 | */
42 | Component getUiComponent();
43 |
44 | /**
45 | * The hosting editor will invoke this method before it displays a new HTTP
46 | * message, so that the custom tab can indicate whether it should be enabled
47 | * for that message.
48 | *
49 | * @param content The message that is about to be displayed.
50 | * @param isRequest Indicates whether the message is a request or a
51 | * response.
52 | * @return The method should return
53 | * true if the custom tab is able to handle the specified
54 | * message, and so will be displayed within the editor. Otherwise, the tab
55 | * will be hidden while this message is displayed.
56 | */
57 | boolean isEnabled(byte[] content, boolean isRequest);
58 |
59 | /**
60 | * The hosting editor will invoke this method to display a new message or to
61 | * clear the existing message. This method will only be called with a new
62 | * message if the tab has already returned
63 | * true to a call to
64 | * isEnabled() with the same message details.
65 | *
66 | * @param content The message that is to be displayed, or
67 | * null if the tab should clear its contents and disable any
68 | * editable controls.
69 | * @param isRequest Indicates whether the message is a request or a
70 | * response.
71 | */
72 | void setMessage(byte[] content, boolean isRequest);
73 |
74 | /**
75 | * This method returns the currently displayed message.
76 | *
77 | * @return The currently displayed message.
78 | */
79 | byte[] getMessage();
80 |
81 | /**
82 | * This method is used to determine whether the currently displayed message
83 | * has been modified by the user. The hosting editor will always call
84 | * getMessage() before calling this method, so any pending
85 | * edits should be completed within
86 | * getMessage().
87 | *
88 | * @return The method should return
89 | * true if the user has modified the current message since it
90 | * was first displayed.
91 | */
92 | boolean isModified();
93 |
94 | /**
95 | * This method is used to retrieve the data that is currently selected by
96 | * the user.
97 | *
98 | * @return The data that is currently selected by the user. This may be
99 | * null if no selection is currently made.
100 | */
101 | byte[] getSelectedData();
102 | }
103 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanIssue.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of Scanner issues. Extensions can
14 | * obtain details of issues by registering an
15 | * IScannerListener or by calling
16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add
17 | * custom Scanner issues by registering an
18 | * IScannerCheck or calling
19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own
20 | * implementations of this interface
21 | */
22 | public interface IScanIssue
23 | {
24 | /**
25 | * This method returns the URL for which the issue was generated.
26 | *
27 | * @return The URL for which the issue was generated.
28 | */
29 | java.net.URL getUrl();
30 |
31 | /**
32 | * This method returns the name of the issue type.
33 | *
34 | * @return The name of the issue type (e.g. "SQL injection").
35 | */
36 | String getIssueName();
37 |
38 | /**
39 | * This method returns a numeric identifier of the issue type. See the Burp
40 | * Scanner help documentation for a listing of all the issue types.
41 | *
42 | * @return A numeric identifier of the issue type.
43 | */
44 | int getIssueType();
45 |
46 | /**
47 | * This method returns the issue severity level.
48 | *
49 | * @return The issue severity level. Expected values are "High", "Medium",
50 | * "Low", "Information" or "False positive".
51 | *
52 | */
53 | String getSeverity();
54 |
55 | /**
56 | * This method returns the issue confidence level.
57 | *
58 | * @return The issue confidence level. Expected values are "Certain", "Firm"
59 | * or "Tentative".
60 | */
61 | String getConfidence();
62 |
63 | /**
64 | * This method returns a background description for this type of issue.
65 | *
66 | * @return A background description for this type of issue, or
67 | * null if none applies.
68 | */
69 | String getIssueBackground();
70 |
71 | /**
72 | * This method returns a background description of the remediation for this
73 | * type of issue.
74 | *
75 | * @return A background description of the remediation for this type of
76 | * issue, or
77 | * null if none applies.
78 | */
79 | String getRemediationBackground();
80 |
81 | /**
82 | * This method returns detailed information about this specific instance of
83 | * the issue.
84 | *
85 | * @return Detailed information about this specific instance of the issue,
86 | * or
87 | * null if none applies.
88 | */
89 | String getIssueDetail();
90 |
91 | /**
92 | * This method returns detailed information about the remediation for this
93 | * specific instance of the issue.
94 | *
95 | * @return Detailed information about the remediation for this specific
96 | * instance of the issue, or
97 | * null if none applies.
98 | */
99 | String getRemediationDetail();
100 |
101 | /**
102 | * This method returns the HTTP messages on the basis of which the issue was
103 | * generated.
104 | *
105 | * @return The HTTP messages on the basis of which the issue was generated.
106 | * Note: The items in this array should be instances of
107 | * IHttpRequestResponseWithMarkers if applicable, so that
108 | * details of the relevant portions of the request and response messages are
109 | * available.
110 | */
111 | IHttpRequestResponse[] getHttpMessages();
112 |
113 | /**
114 | * This method returns the HTTP service for which the issue was generated.
115 | *
116 | * @return The HTTP service for which the issue was generated.
117 | */
118 | IHttpService getHttpService();
119 |
120 | }
121 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IInterceptedProxyMessage.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IInterceptedProxyMessage.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.InetAddress;
13 |
14 | /**
15 | * This interface is used to represent an HTTP message that has been intercepted
16 | * by Burp Proxy. Extensions can register an
17 | * IProxyListener to receive details of proxy messages using this
18 | * interface. *
19 | */
20 | public interface IInterceptedProxyMessage
21 | {
22 | /**
23 | * This action causes Burp Proxy to follow the current interception rules to
24 | * determine the appropriate action to take for the message.
25 | */
26 | static final int ACTION_FOLLOW_RULES = 0;
27 | /**
28 | * This action causes Burp Proxy to present the message to the user for
29 | * manual review or modification.
30 | */
31 | static final int ACTION_DO_INTERCEPT = 1;
32 | /**
33 | * This action causes Burp Proxy to forward the message to the remote server
34 | * or client, without presenting it to the user.
35 | */
36 | static final int ACTION_DONT_INTERCEPT = 2;
37 | /**
38 | * This action causes Burp Proxy to drop the message.
39 | */
40 | static final int ACTION_DROP = 3;
41 | /**
42 | * This action causes Burp Proxy to follow the current interception rules to
43 | * determine the appropriate action to take for the message, and then make a
44 | * second call to processProxyMessage.
45 | */
46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
47 | /**
48 | * This action causes Burp Proxy to present the message to the user for
49 | * manual review or modification, and then make a second call to
50 | * processProxyMessage.
51 | */
52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
53 | /**
54 | * This action causes Burp Proxy to skip user interception, and then make a
55 | * second call to processProxyMessage.
56 | */
57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
58 |
59 | /**
60 | * This method retrieves a unique reference number for this
61 | * request/response.
62 | *
63 | * @return An identifier that is unique to a single request/response pair.
64 | * Extensions can use this to correlate details of requests and responses
65 | * and perform processing on the response message accordingly.
66 | */
67 | int getMessageReference();
68 |
69 | /**
70 | * This method retrieves details of the intercepted message.
71 | *
72 | * @return An IHttpRequestResponse object containing details of
73 | * the intercepted message.
74 | */
75 | IHttpRequestResponse getMessageInfo();
76 |
77 | /**
78 | * This method retrieves the currently defined interception action. The
79 | * default action is
80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
81 | * registered, then other listeners may already have modified the
82 | * interception action before it reaches the current listener. This method
83 | * can be used to determine whether this has occurred.
84 | *
85 | * @return The currently defined interception action. Possible values are
86 | * defined within this interface.
87 | */
88 | int getInterceptAction();
89 |
90 | /**
91 | * This method is used to update the interception action.
92 | *
93 | * @param interceptAction The new interception action. Possible values are
94 | * defined within this interface.
95 | */
96 | void setInterceptAction(int interceptAction);
97 |
98 | /**
99 | * This method retrieves the name of the Burp Proxy listener that is
100 | * processing the intercepted message.
101 | *
102 | * @return The name of the Burp Proxy listener that is processing the
103 | * intercepted message. The format is the same as that shown in the Proxy
104 | * Listeners UI - for example, "127.0.0.1:8080".
105 | */
106 | String getListenerInterface();
107 |
108 | /**
109 | * This method retrieves the client IP address from which the request for
110 | * the intercepted message was received.
111 | *
112 | * @return The client IP address from which the request for the intercepted
113 | * message was received.
114 | */
115 | InetAddress getClientIpAddress();
116 | }
117 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IScannerInsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPoint.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to define an insertion point for use by active Scanner
14 | * checks. Extensions can obtain instances of this interface by registering an
15 | * IScannerCheck, or can create instances for use by Burp's own
16 | * scan checks by registering an
17 | * IScannerInsertionPointProvider.
18 | */
19 | public interface IScannerInsertionPoint
20 | {
21 |
22 | /**
23 | * Used to indicate where the payload is inserted into the value of a URL
24 | * parameter.
25 | */
26 | static final byte INS_PARAM_URL = 0x00;
27 | /**
28 | * Used to indicate where the payload is inserted into the value of a body
29 | * parameter.
30 | */
31 | static final byte INS_PARAM_BODY = 0x01;
32 | /**
33 | * Used to indicate where the payload is inserted into the value of an HTTP
34 | * cookie.
35 | */
36 | static final byte INS_PARAM_COOKIE = 0x02;
37 | /**
38 | * Used to indicate where the payload is inserted into the value of an item
39 | * of data within an XML data structure.
40 | */
41 | static final byte INS_PARAM_XML = 0x03;
42 | /**
43 | * Used to indicate where the payload is inserted into the value of a tag
44 | * attribute within an XML structure.
45 | */
46 | static final byte INS_PARAM_XML_ATTR = 0x04;
47 | /**
48 | * Used to indicate where the payload is inserted into the value of a
49 | * parameter attribute within a multi-part message body (such as the name of
50 | * an uploaded file).
51 | */
52 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
53 | /**
54 | * Used to indicate where the payload is inserted into the value of an item
55 | * of data within a JSON structure.
56 | */
57 | static final byte INS_PARAM_JSON = 0x06;
58 | /**
59 | * Used to indicate where the payload is inserted into the value of an AMF
60 | * parameter.
61 | */
62 | static final byte INS_PARAM_AMF = 0x07;
63 | /**
64 | * Used to indicate where the payload is inserted into the value of an HTTP
65 | * request header.
66 | */
67 | static final byte INS_HEADER = 0x20;
68 | /**
69 | * Used to indicate where the payload is inserted into a REST parameter
70 | * within the URL file path.
71 | */
72 | static final byte INS_URL_REST = 0x21;
73 | /**
74 | * Used to indicate where the payload is inserted into the name of an added
75 | * URL parameter.
76 | */
77 | static final byte INS_PARAM_NAME_URL = 0x22;
78 | /**
79 | * Used to indicate where the payload is inserted into the name of an added
80 | * body parameter.
81 | */
82 | static final byte INS_PARAM_NAME_BODY = 0x23;
83 | /**
84 | * Used to indicate where the payload is inserted at a location manually
85 | * configured by the user.
86 | */
87 | static final byte INS_USER_PROVIDED = 0x40;
88 | /**
89 | * Used to indicate where the insertion point is provided by an
90 | * extension-registered
91 | * IScannerInsertionPointProvider.
92 | */
93 | static final byte INS_EXTENSION_PROVIDED = 0x41;
94 | /**
95 | * Used to indicate where the payload is inserted at an unknown location
96 | * within the request.
97 | */
98 | static final byte INS_UNKNOWN = 0x7f;
99 |
100 | /**
101 | * This method returns the name of the insertion point.
102 | *
103 | * @return The name of the insertion point (for example, a description of a
104 | * particular request parameter).
105 | */
106 | String getInsertionPointName();
107 |
108 | /**
109 | * This method returns the base value for this insertion point.
110 | *
111 | * @return the base value that appears in this insertion point in the base
112 | * request being scanned, or null if there is no value in the
113 | * base request that corresponds to this insertion point.
114 | */
115 | String getBaseValue();
116 |
117 | /**
118 | * This method is used to build a request with the specified payload placed
119 | * into the insertion point. There is no requirement for extension-provided
120 | * insertion points to adjust the Content-Length header in requests if the
121 | * body length has changed, although Burp-provided insertion points will
122 | * always do this and will return a request with a valid Content-Length
123 | * header.
124 | * Note:
125 | * Scan checks should submit raw non-encoded payloads to insertion points,
126 | * and the insertion point has responsibility for performing any data
127 | * encoding that is necessary given the nature and location of the insertion
128 | * point.
129 | *
130 | * @param payload The payload that should be placed into the insertion
131 | * point.
132 | * @return The resulting request.
133 | */
134 | byte[] buildRequest(byte[] payload);
135 |
136 | /**
137 | * This method is used to determine the offsets of the payload value within
138 | * the request, when it is placed into the insertion point. Scan checks may
139 | * invoke this method when reporting issues, so as to highlight the relevant
140 | * part of the request within the UI.
141 | *
142 | * @param payload The payload that should be placed into the insertion
143 | * point.
144 | * @return An int[2] array containing the start and end offsets of the
145 | * payload within the request, or null if this is not applicable (for
146 | * example, where the insertion point places a payload into a serialized
147 | * data structure, the raw payload may not literally appear anywhere within
148 | * the resulting request).
149 | */
150 | int[] getPayloadOffsets(byte[] payload);
151 |
152 | /**
153 | * This method returns the type of the insertion point.
154 | *
155 | * @return The type of the insertion point. Available types are defined in
156 | * this interface.
157 | */
158 | byte getInsertionPointType();
159 | }
160 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IContextMenuInvocation.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuInvocation.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.event.InputEvent;
13 |
14 | /**
15 | * This interface is used when Burp calls into an extension-provided
16 | * IContextMenuFactory with details of a context menu invocation.
17 | * The custom context menu factory can query this interface to obtain details of
18 | * the invocation event, in order to determine what menu items should be
19 | * displayed.
20 | */
21 | public interface IContextMenuInvocation
22 | {
23 | /**
24 | * Used to indicate that the context menu is being invoked in a request
25 | * editor.
26 | */
27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
28 | /**
29 | * Used to indicate that the context menu is being invoked in a response
30 | * editor.
31 | */
32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
33 | /**
34 | * Used to indicate that the context menu is being invoked in a non-editable
35 | * request viewer.
36 | */
37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
38 | /**
39 | * Used to indicate that the context menu is being invoked in a non-editable
40 | * response viewer.
41 | */
42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
43 | /**
44 | * Used to indicate that the context menu is being invoked in the Target
45 | * site map tree.
46 | */
47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
48 | /**
49 | * Used to indicate that the context menu is being invoked in the Target
50 | * site map table.
51 | */
52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
53 | /**
54 | * Used to indicate that the context menu is being invoked in the Proxy
55 | * history.
56 | */
57 | static final byte CONTEXT_PROXY_HISTORY = 6;
58 | /**
59 | * Used to indicate that the context menu is being invoked in the Scanner
60 | * results.
61 | */
62 | static final byte CONTEXT_SCANNER_RESULTS = 7;
63 | /**
64 | * Used to indicate that the context menu is being invoked in the Intruder
65 | * payload positions editor.
66 | */
67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
68 | /**
69 | * Used to indicate that the context menu is being invoked in an Intruder
70 | * attack results.
71 | */
72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
73 | /**
74 | * Used to indicate that the context menu is being invoked in a search
75 | * results window.
76 | */
77 | static final byte CONTEXT_SEARCH_RESULTS = 10;
78 |
79 | /**
80 | * This method can be used to retrieve the native Java input event that was
81 | * the trigger for the context menu invocation.
82 | *
83 | * @return The InputEvent that was the trigger for the context
84 | * menu invocation.
85 | */
86 | InputEvent getInputEvent();
87 |
88 | /**
89 | * This method can be used to retrieve the Burp tool within which the
90 | * context menu was invoked.
91 | *
92 | * @return A flag indicating the Burp tool within which the context menu was
93 | * invoked. Burp tool flags are defined in the
94 | * IBurpExtenderCallbacks interface.
95 | */
96 | int getToolFlag();
97 |
98 | /**
99 | * This method can be used to retrieve the context within which the menu was
100 | * invoked.
101 | *
102 | * @return An index indicating the context within which the menu was
103 | * invoked. The indices used are defined within this interface.
104 | */
105 | byte getInvocationContext();
106 |
107 | /**
108 | * This method can be used to retrieve the bounds of the user's selection
109 | * into the current message, if applicable.
110 | *
111 | * @return An int[2] array containing the start and end offsets of the
112 | * user's selection in the current message. If the user has not made any
113 | * selection in the current message, both offsets indicate the position of
114 | * the caret within the editor. If the menu is not being invoked from a
115 | * message editor, the method returns null.
116 | */
117 | int[] getSelectionBounds();
118 |
119 | /**
120 | * This method can be used to retrieve details of the HTTP requests /
121 | * responses that were shown or selected by the user when the context menu
122 | * was invoked.
123 | *
124 | * Note: For performance reasons, the objects returned from this
125 | * method are tied to the originating context of the messages within the
126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept
127 | * panel, then the
128 | * IHttpRequestResponse returned by this method will reflect
129 | * the current contents of the interception panel, and this will change when
130 | * the current message has been forwarded or dropped. If your extension
131 | * needs to store details of the message for which the context menu has been
132 | * invoked, then you should query those details from the
133 | * IHttpRequestResponse at the time of invocation, or you
134 | * should use
135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a
136 | * persistent read-only copy of the
137 | * IHttpRequestResponse.
138 | *
139 | * @return An array of IHttpRequestResponse objects
140 | * representing the items that were shown or selected by the user when the
141 | * context menu was invoked. This method returns null if no
142 | * messages are applicable to the invocation.
143 | */
144 | IHttpRequestResponse[] getSelectedMessages();
145 |
146 | /**
147 | * This method can be used to retrieve details of the Scanner issues that
148 | * were selected by the user when the context menu was invoked.
149 | *
150 | * @return An array of IScanIssue objects representing the
151 | * issues that were selected by the user when the context menu was invoked.
152 | * This method returns null if no Scanner issues are applicable
153 | * to the invocation.
154 | */
155 | IScanIssue[] getSelectedIssues();
156 | }
157 |
--------------------------------------------------------------------------------
/burp_sqlmap/.idea/workspace.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 | 1565834573421
168 |
169 |
170 | 1565834573421
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 |
220 |
221 |
222 |
223 |
224 |
225 |
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 |
238 |
239 |
240 |
241 |
242 |
243 |
244 |
245 |
246 |
247 | burp_sqlmap:jar
248 |
249 |
255 |
256 |
257 |
258 |
259 |
260 |
261 |
266 |
267 |
268 |
269 |
270 |
271 |
272 |
277 |
278 |
279 |
280 |
281 |
282 |
283 |
288 |
289 |
290 |
291 |
292 |
293 | burp_sqlmap
294 |
295 |
300 |
301 |
302 |
303 |
304 |
305 |
306 |
311 |
312 |
313 |
314 |
315 |
316 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IExtensionHelpers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionHelpers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface contains a number of helper methods, which extensions can use
17 | * to assist with various common tasks that arise for Burp extensions.
18 | *
19 | * Extensions can call
20 | * IBurpExtenderCallbacks.getHelpers to obtain an instance of this
21 | * interface.
22 | */
23 | public interface IExtensionHelpers
24 | {
25 | /**
26 | * This method can be used to analyze an HTTP request, and obtain various
27 | * key details about it.
28 | *
29 | * @param request An
30 | * IHttpRequestResponse object containing the request to be
31 | * analyzed.
32 | * @return An
33 | * IRequestInfo object that can be queried to obtain details
34 | * about the request.
35 | */
36 | IRequestInfo analyzeRequest(IHttpRequestResponse request);
37 |
38 | /**
39 | * This method can be used to analyze an HTTP request, and obtain various
40 | * key details about it.
41 | *
42 | * @param httpService The HTTP service associated with the request. This is
43 | * optional and may be
44 | * null, in which case the resulting
45 | * IRequestInfo object will not include the full request URL.
46 | * @param request The request to be analyzed.
47 | * @return An
48 | * IRequestInfo object that can be queried to obtain details
49 | * about the request.
50 | */
51 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
52 |
53 | /**
54 | * This method can be used to analyze an HTTP request, and obtain various
55 | * key details about it. The resulting
56 | * IRequestInfo object will not include the full request URL.
57 | * To obtain the full URL, use one of the other overloaded
58 | * analyzeRequest() methods.
59 | *
60 | * @param request The request to be analyzed.
61 | * @return An
62 | * IRequestInfo object that can be queried to obtain details
63 | * about the request.
64 | */
65 | IRequestInfo analyzeRequest(byte[] request);
66 |
67 | /**
68 | * This method can be used to analyze an HTTP response, and obtain various
69 | * key details about it.
70 | *
71 | * @param response The response to be analyzed.
72 | * @return An
73 | * IResponseInfo object that can be queried to obtain details
74 | * about the response.
75 | */
76 | IResponseInfo analyzeResponse(byte[] response);
77 |
78 | /**
79 | * This method can be used to retrieve details of a specified parameter
80 | * within an HTTP request. Note: Use
81 | * analyzeRequest() to obtain details of all parameters within
82 | * the request.
83 | *
84 | * @param request The request to be inspected for the specified parameter.
85 | * @param parameterName The name of the parameter to retrieve.
86 | * @return An
87 | * IParameter object that can be queried to obtain details
88 | * about the parameter, or
89 | * null if the parameter was not found.
90 | */
91 | IParameter getRequestParameter(byte[] request, String parameterName);
92 |
93 | /**
94 | * This method can be used to URL-decode the specified data.
95 | *
96 | * @param data The data to be decoded.
97 | * @return The decoded data.
98 | */
99 | String urlDecode(String data);
100 |
101 | /**
102 | * This method can be used to URL-encode the specified data. Any characters
103 | * that do not need to be encoded within HTTP requests are not encoded.
104 | *
105 | * @param data The data to be encoded.
106 | * @return The encoded data.
107 | */
108 | String urlEncode(String data);
109 |
110 | /**
111 | * This method can be used to URL-decode the specified data.
112 | *
113 | * @param data The data to be decoded.
114 | * @return The decoded data.
115 | */
116 | byte[] urlDecode(byte[] data);
117 |
118 | /**
119 | * This method can be used to URL-encode the specified data. Any characters
120 | * that do not need to be encoded within HTTP requests are not encoded.
121 | *
122 | * @param data The data to be encoded.
123 | * @return The encoded data.
124 | */
125 | byte[] urlEncode(byte[] data);
126 |
127 | /**
128 | * This method can be used to Base64-decode the specified data.
129 | *
130 | * @param data The data to be decoded.
131 | * @return The decoded data.
132 | */
133 | byte[] base64Decode(String data);
134 |
135 | /**
136 | * This method can be used to Base64-decode the specified data.
137 | *
138 | * @param data The data to be decoded.
139 | * @return The decoded data.
140 | */
141 | byte[] base64Decode(byte[] data);
142 |
143 | /**
144 | * This method can be used to Base64-encode the specified data.
145 | *
146 | * @param data The data to be encoded.
147 | * @return The encoded data.
148 | */
149 | String base64Encode(String data);
150 |
151 | /**
152 | * This method can be used to Base64-encode the specified data.
153 | *
154 | * @param data The data to be encoded.
155 | * @return The encoded data.
156 | */
157 | String base64Encode(byte[] data);
158 |
159 | /**
160 | * This method can be used to convert data from String form into an array of
161 | * bytes. The conversion does not reflect any particular character set, and
162 | * a character with the hex representation 0xWXYZ will always be converted
163 | * into a byte with the representation 0xYZ. It performs the opposite
164 | * conversion to the method
165 | * bytesToString(), and byte-based data that is converted to a
166 | * String and back again using these two methods is guaranteed to retain its
167 | * integrity (which may not be the case with conversions that reflect a
168 | * given character set).
169 | *
170 | * @param data The data to be converted.
171 | * @return The converted data.
172 | */
173 | byte[] stringToBytes(String data);
174 |
175 | /**
176 | * This method can be used to convert data from an array of bytes into
177 | * String form. The conversion does not reflect any particular character
178 | * set, and a byte with the representation 0xYZ will always be converted
179 | * into a character with the hex representation 0x00YZ. It performs the
180 | * opposite conversion to the method
181 | * stringToBytes(), and byte-based data that is converted to a
182 | * String and back again using these two methods is guaranteed to retain its
183 | * integrity (which may not be the case with conversions that reflect a
184 | * given character set).
185 | *
186 | * @param data The data to be converted.
187 | * @return The converted data.
188 | */
189 | String bytesToString(byte[] data);
190 |
191 | /**
192 | * This method searches a piece of data for the first occurrence of a
193 | * specified pattern. It works on byte-based data in a way that is similar
194 | * to the way the native Java method
195 | * String.indexOf() works on String-based data.
196 | *
197 | * @param data The data to be searched.
198 | * @param pattern The pattern to be searched for.
199 | * @param caseSensitive Flags whether or not the search is case-sensitive.
200 | * @param from The offset within
201 | * data where the search should begin.
202 | * @param to The offset within
203 | * data where the search should end.
204 | * @return The offset of the first occurrence of the pattern within the
205 | * specified bounds, or -1 if no match is found.
206 | */
207 | int indexOf(byte[] data,
208 | byte[] pattern,
209 | boolean caseSensitive,
210 | int from,
211 | int to);
212 |
213 | /**
214 | * This method builds an HTTP message containing the specified headers and
215 | * message body. If applicable, the Content-Length header will be added or
216 | * updated, based on the length of the body.
217 | *
218 | * @param headers A list of headers to include in the message.
219 | * @param body The body of the message, of
220 | * null if the message has an empty body.
221 | * @return The resulting full HTTP message.
222 | */
223 | byte[] buildHttpMessage(List headers, byte[] body);
224 |
225 | /**
226 | * This method creates a GET request to the specified URL. The headers used
227 | * in the request are determined by the Request headers settings as
228 | * configured in Burp Spider's options.
229 | *
230 | * @param url The URL to which the request should be made.
231 | * @return A request to the specified URL.
232 | */
233 | byte[] buildHttpRequest(URL url);
234 |
235 | /**
236 | * This method adds a new parameter to an HTTP request, and if appropriate
237 | * updates the Content-Length header.
238 | *
239 | * @param request The request to which the parameter should be added.
240 | * @param parameter An
241 | * IParameter object containing details of the parameter to be
242 | * added. Supported parameter types are:
243 | * PARAM_URL,
244 | * PARAM_BODY and
245 | * PARAM_COOKIE.
246 | * @return A new HTTP request with the new parameter added.
247 | */
248 | byte[] addParameter(byte[] request, IParameter parameter);
249 |
250 | /**
251 | * This method removes a parameter from an HTTP request, and if appropriate
252 | * updates the Content-Length header.
253 | *
254 | * @param request The request from which the parameter should be removed.
255 | * @param parameter An
256 | * IParameter object containing details of the parameter to be
257 | * removed. Supported parameter types are:
258 | * PARAM_URL,
259 | * PARAM_BODY and
260 | * PARAM_COOKIE.
261 | * @return A new HTTP request with the parameter removed.
262 | */
263 | byte[] removeParameter(byte[] request, IParameter parameter);
264 |
265 | /**
266 | * This method updates the value of a parameter within an HTTP request, and
267 | * if appropriate updates the Content-Length header. Note: This
268 | * method can only be used to update the value of an existing parameter of a
269 | * specified type. If you need to change the type of an existing parameter,
270 | * you should first call
271 | * removeParameter() to remove the parameter with the old type,
272 | * and then call
273 | * addParameter() to add a parameter with the new type.
274 | *
275 | * @param request The request containing the parameter to be updated.
276 | * @param parameter An
277 | * IParameter object containing details of the parameter to be
278 | * updated. Supported parameter types are:
279 | * PARAM_URL,
280 | * PARAM_BODY and
281 | * PARAM_COOKIE.
282 | * @return A new HTTP request with the parameter updated.
283 | */
284 | byte[] updateParameter(byte[] request, IParameter parameter);
285 |
286 | /**
287 | * This method can be used to toggle a request's method between GET and
288 | * POST. Parameters are relocated between the URL query string and message
289 | * body as required, and the Content-Length header is created or removed as
290 | * applicable.
291 | *
292 | * @param request The HTTP request whose method should be toggled.
293 | * @return A new HTTP request using the toggled method.
294 | */
295 | byte[] toggleRequestMethod(byte[] request);
296 |
297 | /**
298 | * This method constructs an
299 | * IHttpService object based on the details provided.
300 | *
301 | * @param host The HTTP service host.
302 | * @param port The HTTP service port.
303 | * @param protocol The HTTP service protocol.
304 | * @return An
305 | * IHttpService object based on the details provided.
306 | */
307 | IHttpService buildHttpService(String host, int port, String protocol);
308 |
309 | /**
310 | * This method constructs an
311 | * IHttpService object based on the details provided.
312 | *
313 | * @param host The HTTP service host.
314 | * @param port The HTTP service port.
315 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
316 | * @return An
317 | * IHttpService object based on the details provided.
318 | */
319 | IHttpService buildHttpService(String host, int port, boolean useHttps);
320 |
321 | /**
322 | * This method constructs an
323 | * IParameter object based on the details provided.
324 | *
325 | * @param name The parameter name.
326 | * @param value The parameter value.
327 | * @param type The parameter type, as defined in the
328 | * IParameter interface.
329 | * @return An
330 | * IParameter object based on the details provided.
331 | */
332 | IParameter buildParameter(String name, String value, byte type);
333 |
334 | /**
335 | * This method constructs an
336 | * IScannerInsertionPoint object based on the details provided.
337 | * It can be used to quickly create a simple insertion point based on a
338 | * fixed payload location within a base request.
339 | *
340 | * @param insertionPointName The name of the insertion point.
341 | * @param baseRequest The request from which to build scan requests.
342 | * @param from The offset of the start of the payload location.
343 | * @param to The offset of the end of the payload location.
344 | * @return An
345 | * IScannerInsertionPoint object based on the details provided.
346 | */
347 | IScannerInsertionPoint makeScannerInsertionPoint(
348 | String insertionPointName,
349 | byte[] baseRequest,
350 | int from,
351 | int to);
352 | }
353 |
--------------------------------------------------------------------------------
/burp_sqlmap/src/burp/IBurpExtenderCallbacks.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtenderCallbacks.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 | import java.io.OutputStream;
14 | import java.util.List;
15 | import java.util.Map;
16 |
17 | /**
18 | * This interface is used by Burp Suite to pass to extensions a set of callback
19 | * methods that can be used by extensions to perform various actions within
20 | * Burp.
21 | *
22 | * When an extension is loaded, Burp invokes its
23 | * registerExtenderCallbacks() method and passes an instance of the
24 | * IBurpExtenderCallbacks interface. The extension may then invoke
25 | * the methods of this interface as required in order to extend Burp's
26 | * functionality.
27 | */
28 | public interface IBurpExtenderCallbacks
29 | {
30 | /**
31 | * Flag used to identify Burp Suite as a whole.
32 | */
33 | static final int TOOL_SUITE = 0x00000001;
34 | /**
35 | * Flag used to identify the Burp Target tool.
36 | */
37 | static final int TOOL_TARGET = 0x00000002;
38 | /**
39 | * Flag used to identify the Burp Proxy tool.
40 | */
41 | static final int TOOL_PROXY = 0x00000004;
42 | /**
43 | * Flag used to identify the Burp Spider tool.
44 | */
45 | static final int TOOL_SPIDER = 0x00000008;
46 | /**
47 | * Flag used to identify the Burp Scanner tool.
48 | */
49 | static final int TOOL_SCANNER = 0x00000010;
50 | /**
51 | * Flag used to identify the Burp Intruder tool.
52 | */
53 | static final int TOOL_INTRUDER = 0x00000020;
54 | /**
55 | * Flag used to identify the Burp Repeater tool.
56 | */
57 | static final int TOOL_REPEATER = 0x00000040;
58 | /**
59 | * Flag used to identify the Burp Sequencer tool.
60 | */
61 | static final int TOOL_SEQUENCER = 0x00000080;
62 | /**
63 | * Flag used to identify the Burp Decoder tool.
64 | */
65 | static final int TOOL_DECODER = 0x00000100;
66 | /**
67 | * Flag used to identify the Burp Comparer tool.
68 | */
69 | static final int TOOL_COMPARER = 0x00000200;
70 | /**
71 | * Flag used to identify the Burp Extender tool.
72 | */
73 | static final int TOOL_EXTENDER = 0x00000400;
74 |
75 | /**
76 | * This method is used to set the display name for the current extension,
77 | * which will be displayed within the user interface for the Extender tool.
78 | *
79 | * @param name The extension name.
80 | */
81 | void setExtensionName(String name);
82 |
83 | /**
84 | * This method is used to obtain an
85 | * IExtensionHelpers object, which can be used by the extension
86 | * to perform numerous useful tasks.
87 | *
88 | * @return An object containing numerous helper methods, for tasks such as
89 | * building and analyzing HTTP requests.
90 | */
91 | IExtensionHelpers getHelpers();
92 |
93 | /**
94 | * This method is used to obtain the current extension's standard output
95 | * stream. Extensions should write all output to this stream, allowing the
96 | * Burp user to configure how that output is handled from within the UI.
97 | *
98 | * @return The extension's standard output stream.
99 | */
100 | OutputStream getStdout();
101 |
102 | /**
103 | * This method is used to obtain the current extension's standard error
104 | * stream. Extensions should write all error messages to this stream,
105 | * allowing the Burp user to configure how that output is handled from
106 | * within the UI.
107 | *
108 | * @return The extension's standard error stream.
109 | */
110 | OutputStream getStderr();
111 |
112 | /**
113 | * This method prints a line of output to the current extension's standard
114 | * output stream.
115 | *
116 | * @param output The message to print.
117 | */
118 | void printOutput(String output);
119 |
120 | /**
121 | * This method prints a line of output to the current extension's standard
122 | * error stream.
123 | *
124 | * @param error The message to print.
125 | */
126 | void printError(String error);
127 |
128 | /**
129 | * This method is used to register a listener which will be notified of
130 | * changes to the extension's state. Note: Any extensions that start
131 | * background threads or open system resources (such as files or database
132 | * connections) should register a listener and terminate threads / close
133 | * resources when the extension is unloaded.
134 | *
135 | * @param listener An object created by the extension that implements the
136 | * IExtensionStateListener interface.
137 | */
138 | void registerExtensionStateListener(IExtensionStateListener listener);
139 |
140 | /**
141 | * This method is used to retrieve the extension state listeners that are
142 | * registered by the extension.
143 | *
144 | * @return A list of extension state listeners that are currently registered
145 | * by this extension.
146 | */
147 | List getExtensionStateListeners();
148 |
149 | /**
150 | * This method is used to remove an extension state listener that has been
151 | * registered by the extension.
152 | *
153 | * @param listener The extension state listener to be removed.
154 | */
155 | void removeExtensionStateListener(IExtensionStateListener listener);
156 |
157 | /**
158 | * This method is used to register a listener which will be notified of
159 | * requests and responses made by any Burp tool. Extensions can perform
160 | * custom analysis or modification of these messages by registering an HTTP
161 | * listener.
162 | *
163 | * @param listener An object created by the extension that implements the
164 | * IHttpListener interface.
165 | */
166 | void registerHttpListener(IHttpListener listener);
167 |
168 | /**
169 | * This method is used to retrieve the HTTP listeners that are registered by
170 | * the extension.
171 | *
172 | * @return A list of HTTP listeners that are currently registered by this
173 | * extension.
174 | */
175 | List getHttpListeners();
176 |
177 | /**
178 | * This method is used to remove an HTTP listener that has been registered
179 | * by the extension.
180 | *
181 | * @param listener The HTTP listener to be removed.
182 | */
183 | void removeHttpListener(IHttpListener listener);
184 |
185 | /**
186 | * This method is used to register a listener which will be notified of
187 | * requests and responses being processed by the Proxy tool. Extensions can
188 | * perform custom analysis or modification of these messages, and control
189 | * in-UI message interception, by registering a proxy listener.
190 | *
191 | * @param listener An object created by the extension that implements the
192 | * IProxyListener interface.
193 | */
194 | void registerProxyListener(IProxyListener listener);
195 |
196 | /**
197 | * This method is used to retrieve the Proxy listeners that are registered
198 | * by the extension.
199 | *
200 | * @return A list of Proxy listeners that are currently registered by this
201 | * extension.
202 | */
203 | List getProxyListeners();
204 |
205 | /**
206 | * This method is used to remove a Proxy listener that has been registered
207 | * by the extension.
208 | *
209 | * @param listener The Proxy listener to be removed.
210 | */
211 | void removeProxyListener(IProxyListener listener);
212 |
213 | /**
214 | * This method is used to register a listener which will be notified of new
215 | * issues that are reported by the Scanner tool. Extensions can perform
216 | * custom analysis or logging of Scanner issues by registering a Scanner
217 | * listener.
218 | *
219 | * @param listener An object created by the extension that implements the
220 | * IScannerListener interface.
221 | */
222 | void registerScannerListener(IScannerListener listener);
223 |
224 | /**
225 | * This method is used to retrieve the Scanner listeners that are registered
226 | * by the extension.
227 | *
228 | * @return A list of Scanner listeners that are currently registered by this
229 | * extension.
230 | */
231 | List getScannerListeners();
232 |
233 | /**
234 | * This method is used to remove a Scanner listener that has been registered
235 | * by the extension.
236 | *
237 | * @param listener The Scanner listener to be removed.
238 | */
239 | void removeScannerListener(IScannerListener listener);
240 |
241 | /**
242 | * This method is used to register a listener which will be notified of
243 | * changes to Burp's suite-wide target scope.
244 | *
245 | * @param listener An object created by the extension that implements the
246 | * IScopeChangeListener interface.
247 | */
248 | void registerScopeChangeListener(IScopeChangeListener listener);
249 |
250 | /**
251 | * This method is used to retrieve the scope change listeners that are
252 | * registered by the extension.
253 | *
254 | * @return A list of scope change listeners that are currently registered by
255 | * this extension.
256 | */
257 | List getScopeChangeListeners();
258 |
259 | /**
260 | * This method is used to remove a scope change listener that has been
261 | * registered by the extension.
262 | *
263 | * @param listener The scope change listener to be removed.
264 | */
265 | void removeScopeChangeListener(IScopeChangeListener listener);
266 |
267 | /**
268 | * This method is used to register a factory for custom context menu items.
269 | * When the user invokes a context menu anywhere within Burp, the factory
270 | * will be passed details of the invocation event, and asked to provide any
271 | * custom context menu items that should be shown.
272 | *
273 | * @param factory An object created by the extension that implements the
274 | * IContextMenuFactory interface.
275 | */
276 | void registerContextMenuFactory(IContextMenuFactory factory);
277 |
278 | /**
279 | * This method is used to retrieve the context menu factories that are
280 | * registered by the extension.
281 | *
282 | * @return A list of context menu factories that are currently registered by
283 | * this extension.
284 | */
285 | List getContextMenuFactories();
286 |
287 | /**
288 | * This method is used to remove a context menu factory that has been
289 | * registered by the extension.
290 | *
291 | * @param factory The context menu factory to be removed.
292 | */
293 | void removeContextMenuFactory(IContextMenuFactory factory);
294 |
295 | /**
296 | * This method is used to register a factory for custom message editor tabs.
297 | * For each message editor that already exists, or is subsequently created,
298 | * within Burp, the factory will be asked to provide a new instance of an
299 | * IMessageEditorTab object, which can provide custom rendering
300 | * or editing of HTTP messages.
301 | *
302 | * @param factory An object created by the extension that implements the
303 | * IMessageEditorTabFactory interface.
304 | */
305 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
306 |
307 | /**
308 | * This method is used to retrieve the message editor tab factories that are
309 | * registered by the extension.
310 | *
311 | * @return A list of message editor tab factories that are currently
312 | * registered by this extension.
313 | */
314 | List getMessageEditorTabFactories();
315 |
316 | /**
317 | * This method is used to remove a message editor tab factory that has been
318 | * registered by the extension.
319 | *
320 | * @param factory The message editor tab factory to be removed.
321 | */
322 | void removeMessageEditorTabFactory(IMessageEditorTabFactory factory);
323 |
324 | /**
325 | * This method is used to register a provider of Scanner insertion points.
326 | * For each base request that is actively scanned, Burp will ask the
327 | * provider to provide any custom scanner insertion points that are
328 | * appropriate for the request.
329 | *
330 | * @param provider An object created by the extension that implements the
331 | * IScannerInsertionPointProvider interface.
332 | */
333 | void registerScannerInsertionPointProvider(
334 | IScannerInsertionPointProvider provider);
335 |
336 | /**
337 | * This method is used to retrieve the Scanner insertion point providers
338 | * that are registered by the extension.
339 | *
340 | * @return A list of Scanner insertion point providers that are currently
341 | * registered by this extension.
342 | */
343 | List getScannerInsertionPointProviders();
344 |
345 | /**
346 | * This method is used to remove a Scanner insertion point provider that has
347 | * been registered by the extension.
348 | *
349 | * @param provider The Scanner insertion point provider to be removed.
350 | */
351 | void removeScannerInsertionPointProvider(
352 | IScannerInsertionPointProvider provider);
353 |
354 | /**
355 | * This method is used to register a custom Scanner check. When performing
356 | * scanning, Burp will ask the check to perform active or passive scanning
357 | * on the base request, and report any Scanner issues that are identified.
358 | *
359 | * @param check An object created by the extension that implements the
360 | * IScannerCheck interface.
361 | */
362 | void registerScannerCheck(IScannerCheck check);
363 |
364 | /**
365 | * This method is used to retrieve the Scanner checks that are registered by
366 | * the extension.
367 | *
368 | * @return A list of Scanner checks that are currently registered by this
369 | * extension.
370 | */
371 | List getScannerChecks();
372 |
373 | /**
374 | * This method is used to remove a Scanner check that has been registered by
375 | * the extension.
376 | *
377 | * @param check The Scanner check to be removed.
378 | */
379 | void removeScannerCheck(IScannerCheck check);
380 |
381 | /**
382 | * This method is used to register a factory for Intruder payloads. Each
383 | * registered factory will be available within the Intruder UI for the user
384 | * to select as the payload source for an attack. When this is selected, the
385 | * factory will be asked to provide a new instance of an
386 | * IIntruderPayloadGenerator object, which will be used to
387 | * generate payloads for the attack.
388 | *
389 | * @param factory An object created by the extension that implements the
390 | * IIntruderPayloadGeneratorFactory interface.
391 | */
392 | void registerIntruderPayloadGeneratorFactory(
393 | IIntruderPayloadGeneratorFactory factory);
394 |
395 | /**
396 | * This method is used to retrieve the Intruder payload generator factories
397 | * that are registered by the extension.
398 | *
399 | * @return A list of Intruder payload generator factories that are currently
400 | * registered by this extension.
401 | */
402 | List
403 | getIntruderPayloadGeneratorFactories();
404 |
405 | /**
406 | * This method is used to remove an Intruder payload generator factory that
407 | * has been registered by the extension.
408 | *
409 | * @param factory The Intruder payload generator factory to be removed.
410 | */
411 | void removeIntruderPayloadGeneratorFactory(
412 | IIntruderPayloadGeneratorFactory factory);
413 |
414 | /**
415 | * This method is used to register a custom Intruder payload processor. Each
416 | * registered processor will be available within the Intruder UI for the
417 | * user to select as the action for a payload processing rule.
418 | *
419 | * @param processor An object created by the extension that implements the
420 | * IIntruderPayloadProcessor interface.
421 | */
422 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
423 |
424 | /**
425 | * This method is used to retrieve the Intruder payload processors that are
426 | * registered by the extension.
427 | *
428 | * @return A list of Intruder payload processors that are currently
429 | * registered by this extension.
430 | */
431 | List getIntruderPayloadProcessors();
432 |
433 | /**
434 | * This method is used to remove an Intruder payload processor that has been
435 | * registered by the extension.
436 | *
437 | * @param processor The Intruder payload processor to be removed.
438 | */
439 | void removeIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
440 |
441 | /**
442 | * This method is used to register a custom session handling action. Each
443 | * registered action will be available within the session handling rule UI
444 | * for the user to select as a rule action. Users can choose to invoke an
445 | * action directly in its own right, or following execution of a macro.
446 | *
447 | * @param action An object created by the extension that implements the
448 | * ISessionHandlingAction interface.
449 | */
450 | void registerSessionHandlingAction(ISessionHandlingAction action);
451 |
452 | /**
453 | * This method is used to retrieve the session handling actions that are
454 | * registered by the extension.
455 | *
456 | * @return A list of session handling actions that are currently registered
457 | * by this extension.
458 | */
459 | List getSessionHandlingActions();
460 |
461 | /**
462 | * This method is used to remove a session handling action that has been
463 | * registered by the extension.
464 | *
465 | * @param action The extension session handling action to be removed.
466 | */
467 | void removeSessionHandlingAction(ISessionHandlingAction action);
468 |
469 | /**
470 | * This method is used to unload the extension from Burp Suite.
471 | */
472 | void unloadExtension();
473 |
474 | /**
475 | * This method is used to add a custom tab to the main Burp Suite window.
476 | *
477 | * @param tab An object created by the extension that implements the
478 | * ITab interface.
479 | */
480 | void addSuiteTab(ITab tab);
481 |
482 | /**
483 | * This method is used to remove a previously-added tab from the main Burp
484 | * Suite window.
485 | *
486 | * @param tab An object created by the extension that implements the
487 | * ITab interface.
488 | */
489 | void removeSuiteTab(ITab tab);
490 |
491 | /**
492 | * This method is used to customize UI components in line with Burp's UI
493 | * style, including font size, colors, table line spacing, etc. The action
494 | * is performed recursively on any child components of the passed-in
495 | * component.
496 | *
497 | * @param component The UI component to be customized.
498 | */
499 | void customizeUiComponent(Component component);
500 |
501 | /**
502 | * This method is used to create a new instance of Burp's HTTP message
503 | * editor, for the extension to use in its own UI.
504 | *
505 | * @param controller An object created by the extension that implements the
506 | * IMessageEditorController interface. This parameter is
507 | * optional and may be null. If it is provided, then the
508 | * message editor will query the controller when required to obtain details
509 | * about the currently displayed message, including the
510 | * IHttpService for the message, and the associated request or
511 | * response message. If a controller is not provided, then the message
512 | * editor will not support context menu actions, such as sending requests to
513 | * other Burp tools.
514 | * @param editable Indicates whether the editor created should be editable,
515 | * or used only for message viewing.
516 | * @return An object that implements the IMessageEditor
517 | * interface, and which the extension can use in its own UI.
518 | */
519 | IMessageEditor createMessageEditor(IMessageEditorController controller,
520 | boolean editable);
521 |
522 | /**
523 | * This method returns the command line arguments that were passed to Burp
524 | * on startup.
525 | *
526 | * @return The command line arguments that were passed to Burp on startup.
527 | */
528 | String[] getCommandLineArguments();
529 |
530 | /**
531 | * This method is used to save configuration settings for the extension in a
532 | * persistent way that survives reloads of the extension and of Burp Suite.
533 | * Saved settings can be retrieved using the method
534 | * loadExtensionSetting().
535 | *
536 | * @param name The name of the setting.
537 | * @param value The value of the setting. If this value is null
538 | * then any existing setting with the specified name will be removed.
539 | */
540 | void saveExtensionSetting(String name, String value);
541 |
542 | /**
543 | * This method is used to load configuration settings for the extension that
544 | * were saved using the method
545 | * saveExtensionSetting().
546 | *
547 | * @param name The name of the setting.
548 | * @return The value of the setting, or null if no value is
549 | * set.
550 | */
551 | String loadExtensionSetting(String name);
552 |
553 | /**
554 | * This method is used to create a new instance of Burp's plain text editor,
555 | * for the extension to use in its own UI.
556 | *
557 | * @return An object that implements the ITextEditor interface,
558 | * and which the extension can use in its own UI.
559 | */
560 | ITextEditor createTextEditor();
561 |
562 | /**
563 | * This method can be used to send an HTTP request to the Burp Repeater
564 | * tool. The request will be displayed in the user interface, but will not
565 | * be issued until the user initiates this action.
566 | *
567 | * @param host The hostname of the remote HTTP server.
568 | * @param port The port of the remote HTTP server.
569 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
570 | * @param request The full HTTP request.
571 | * @param tabCaption An optional caption which will appear on the Repeater
572 | * tab containing the request. If this value is null then a
573 | * default tab index will be displayed.
574 | */
575 | void sendToRepeater(
576 | String host,
577 | int port,
578 | boolean useHttps,
579 | byte[] request,
580 | String tabCaption);
581 |
582 | /**
583 | * This method can be used to send an HTTP request to the Burp Intruder
584 | * tool. The request will be displayed in the user interface, and markers
585 | * for attack payloads will be placed into default locations within the
586 | * request.
587 | *
588 | * @param host The hostname of the remote HTTP server.
589 | * @param port The port of the remote HTTP server.
590 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
591 | * @param request The full HTTP request.
592 | */
593 | void sendToIntruder(
594 | String host,
595 | int port,
596 | boolean useHttps,
597 | byte[] request);
598 |
599 | /**
600 | * This method can be used to send an HTTP request to the Burp Intruder
601 | * tool. The request will be displayed in the user interface, and markers
602 | * for attack payloads will be placed into the specified locations within
603 | * the request.
604 | *
605 | * @param host The hostname of the remote HTTP server.
606 | * @param port The port of the remote HTTP server.
607 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
608 | * @param request The full HTTP request.
609 | * @param payloadPositionOffsets A list of index pairs representing the
610 | * payload positions to be used. Each item in the list must be an int[2]
611 | * array containing the start and end offsets for the payload position.
612 | */
613 | void sendToIntruder(
614 | String host,
615 | int port,
616 | boolean useHttps,
617 | byte[] request,
618 | List payloadPositionOffsets);
619 |
620 | /**
621 | * This method can be used to send data to the Comparer tool.
622 | *
623 | * @param data The data to be sent to Comparer.
624 | */
625 | void sendToComparer(byte[] data);
626 |
627 | /**
628 | * This method can be used to send a seed URL to the Burp Spider tool. If
629 | * the URL is not within the current Spider scope, the user will be asked if
630 | * they wish to add the URL to the scope. If the Spider is not currently
631 | * running, it will be started. The seed URL will be requested, and the
632 | * Spider will process the application's response in the normal way.
633 | *
634 | * @param url The new seed URL to begin spidering from.
635 | */
636 | void sendToSpider(
637 | java.net.URL url);
638 |
639 | /**
640 | * This method can be used to send an HTTP request to the Burp Scanner tool
641 | * to perform an active vulnerability scan. If the request is not within the
642 | * current active scanning scope, the user will be asked if they wish to
643 | * proceed with the scan.
644 | *
645 | * @param host The hostname of the remote HTTP server.
646 | * @param port The port of the remote HTTP server.
647 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
648 | * @param request The full HTTP request.
649 | * @return The resulting scan queue item.
650 | */
651 | IScanQueueItem doActiveScan(
652 | String host,
653 | int port,
654 | boolean useHttps,
655 | byte[] request);
656 |
657 | /**
658 | * This method can be used to send an HTTP request to the Burp Scanner tool
659 | * to perform an active vulnerability scan, based on a custom list of
660 | * insertion points that are to be scanned. If the request is not within the
661 | * current active scanning scope, the user will be asked if they wish to
662 | * proceed with the scan.
663 | *
664 | * @param host The hostname of the remote HTTP server.
665 | * @param port The port of the remote HTTP server.
666 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
667 | * @param request The full HTTP request.
668 | * @param insertionPointOffsets A list of index pairs representing the
669 | * positions of the insertion points that should be scanned. Each item in
670 | * the list must be an int[2] array containing the start and end offsets for
671 | * the insertion point.
672 | * @return The resulting scan queue item.
673 | */
674 | IScanQueueItem doActiveScan(
675 | String host,
676 | int port,
677 | boolean useHttps,
678 | byte[] request,
679 | List insertionPointOffsets);
680 |
681 | /**
682 | * This method can be used to send an HTTP request to the Burp Scanner tool
683 | * to perform a passive vulnerability scan.
684 | *
685 | * @param host The hostname of the remote HTTP server.
686 | * @param port The port of the remote HTTP server.
687 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
688 | * @param request The full HTTP request.
689 | * @param response The full HTTP response.
690 | */
691 | void doPassiveScan(
692 | String host,
693 | int port,
694 | boolean useHttps,
695 | byte[] request,
696 | byte[] response);
697 |
698 | /**
699 | * This method can be used to issue HTTP requests and retrieve their
700 | * responses.
701 | *
702 | * @param httpService The HTTP service to which the request should be sent.
703 | * @param request The full HTTP request.
704 | * @return An object that implements the IHttpRequestResponse
705 | * interface, and which the extension can query to obtain the details of the
706 | * response.
707 | */
708 | IHttpRequestResponse makeHttpRequest(IHttpService httpService,
709 | byte[] request);
710 |
711 | /**
712 | * This method can be used to issue HTTP requests and retrieve their
713 | * responses.
714 | *
715 | * @param host The hostname of the remote HTTP server.
716 | * @param port The port of the remote HTTP server.
717 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
718 | * @param request The full HTTP request.
719 | * @return The full response retrieved from the remote server.
720 | */
721 | byte[] makeHttpRequest(
722 | String host,
723 | int port,
724 | boolean useHttps,
725 | byte[] request);
726 |
727 | /**
728 | * This method can be used to query whether a specified URL is within the
729 | * current Suite-wide scope.
730 | *
731 | * @param url The URL to query.
732 | * @return Returns true if the URL is within the current
733 | * Suite-wide scope.
734 | */
735 | boolean isInScope(java.net.URL url);
736 |
737 | /**
738 | * This method can be used to include the specified URL in the Suite-wide
739 | * scope.
740 | *
741 | * @param url The URL to include in the Suite-wide scope.
742 | */
743 | void includeInScope(java.net.URL url);
744 |
745 | /**
746 | * This method can be used to exclude the specified URL from the Suite-wide
747 | * scope.
748 | *
749 | * @param url The URL to exclude from the Suite-wide scope.
750 | */
751 | void excludeFromScope(java.net.URL url);
752 |
753 | /**
754 | * This method can be used to display a specified message in the Burp Suite
755 | * alerts tab.
756 | *
757 | * @param message The alert message to display.
758 | */
759 | void issueAlert(String message);
760 |
761 | /**
762 | * This method returns details of all items in the Proxy history.
763 | *
764 | * @return The contents of the Proxy history.
765 | */
766 | IHttpRequestResponse[] getProxyHistory();
767 |
768 | /**
769 | * This method returns details of items in the site map.
770 | *
771 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
772 | * order to extract a specific subset of the site map. The method performs a
773 | * simple case-sensitive text match, returning all site map items whose URL
774 | * begins with the specified prefix. If this parameter is null, the entire
775 | * site map is returned.
776 | *
777 | * @return Details of items in the site map.
778 | */
779 | IHttpRequestResponse[] getSiteMap(String urlPrefix);
780 |
781 | /**
782 | * This method returns all of the current scan issues for URLs matching the
783 | * specified literal prefix.
784 | *
785 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
786 | * order to extract a specific subset of scan issues. The method performs a
787 | * simple case-sensitive text match, returning all scan issues whose URL
788 | * begins with the specified prefix. If this parameter is null, all issues
789 | * are returned.
790 | * @return Details of the scan issues.
791 | */
792 | IScanIssue[] getScanIssues(String urlPrefix);
793 |
794 | /**
795 | * This method is used to generate a report for the specified Scanner
796 | * issues. The report format can be specified. For all other reporting
797 | * options, the default settings that appear in the reporting UI wizard are
798 | * used.
799 | *
800 | * @param format The format to be used in the report. Accepted values are
801 | * HTML and XML.
802 | * @param issues The Scanner issues to be reported.
803 | * @param file The file to which the report will be saved.
804 | */
805 | void generateScanReport(String format, IScanIssue[] issues,
806 | java.io.File file);
807 |
808 | /**
809 | * This method is used to retrieve the contents of Burp's session handling
810 | * cookie jar. Extensions that provide an
811 | * ISessionHandlingAction can query and update the cookie jar
812 | * in order to handle unusual session handling mechanisms.
813 | *
814 | * @return A list of ICookie objects representing the contents
815 | * of Burp's session handling cookie jar.
816 | */
817 | List getCookieJarContents();
818 |
819 | /**
820 | * This method is used to update the contents of Burp's session handling
821 | * cookie jar. Extensions that provide an
822 | * ISessionHandlingAction can query and update the cookie jar
823 | * in order to handle unusual session handling mechanisms.
824 | *
825 | * @param cookie An ICookie object containing details of the
826 | * cookie to be updated. If the cookie jar already contains a cookie that
827 | * matches the specified domain and name, then that cookie will be updated
828 | * with the new value and expiration, unless the new value is
829 | * null, in which case the cookie will be removed. If the
830 | * cookie jar does not already contain a cookie that matches the specified
831 | * domain and name, then the cookie will be added.
832 | */
833 | void updateCookieJar(ICookie cookie);
834 |
835 | /**
836 | * This method can be used to add an item to Burp's site map with the
837 | * specified request/response details. This will overwrite the details of
838 | * any existing matching item in the site map.
839 | *
840 | * @param item Details of the item to be added to the site map
841 | */
842 | void addToSiteMap(IHttpRequestResponse item);
843 |
844 | /**
845 | * This method can be used to restore Burp's state from a specified saved
846 | * state file. This method blocks until the restore operation is completed,
847 | * and must not be called from the event dispatch thread.
848 | *
849 | * @param file The file containing Burp's saved state.
850 | */
851 | void restoreState(java.io.File file);
852 |
853 | /**
854 | * This method can be used to save Burp's state to a specified file. This
855 | * method blocks until the save operation is completed, and must not be
856 | * called from the event dispatch thread.
857 | *
858 | * @param file The file to save Burp's state in.
859 | */
860 | void saveState(java.io.File file);
861 |
862 | /**
863 | * This method causes Burp to save all of its current configuration as a Map
864 | * of name/value Strings.
865 | *
866 | * @return A Map of name/value Strings reflecting Burp's current
867 | * configuration.
868 | */
869 | Map saveConfig();
870 |
871 | /**
872 | * This method causes Burp to load a new configuration from the Map of
873 | * name/value Strings provided. Any settings not specified in the Map will
874 | * be restored to their default values. To selectively update only some
875 | * settings and leave the rest unchanged, you should first call
876 | * saveConfig() to obtain Burp's current configuration, modify
877 | * the relevant items in the Map, and then call
878 | * loadConfig() with the same Map.
879 | *
880 | * @param config A map of name/value Strings to use as Burp's new
881 | * configuration.
882 | */
883 | void loadConfig(Map config);
884 |
885 | /**
886 | * This method sets the master interception mode for Burp Proxy.
887 | *
888 | * @param enabled Indicates whether interception of Proxy messages should be
889 | * enabled.
890 | */
891 | void setProxyInterceptionEnabled(boolean enabled);
892 |
893 | /**
894 | * This method retrieves information about the version of Burp in which the
895 | * extension is running. It can be used by extensions to dynamically adjust
896 | * their behavior depending on the functionality and APIs supported by the
897 | * current version.
898 | *
899 | * @return An array of Strings comprised of: the product name (e.g. Burp
900 | * Suite Professional), the major version (e.g. 1.5), the minor version
901 | * (e.g. 03)
902 | */
903 | String[] getBurpVersion();
904 |
905 | /**
906 | * This method can be used to shut down Burp programmatically, with an
907 | * optional prompt to the user. If the method returns, the user canceled the
908 | * shutdown prompt.
909 | *
910 | * @param promptUser Indicates whether to prompt the user to confirm the
911 | * shutdown.
912 | */
913 | void exitSuite(boolean promptUser);
914 |
915 | /**
916 | * This method is used to create a temporary file on disk containing the
917 | * provided data. Extensions can use temporary files for long-term storage
918 | * of runtime data, avoiding the need to retain that data in memory.
919 | *
920 | * @param buffer The data to be saved to a temporary file.
921 | * @return An object that implements the ITempFile interface.
922 | */
923 | ITempFile saveToTempFile(byte[] buffer);
924 |
925 | /**
926 | * This method is used to save the request and response of an
927 | * IHttpRequestResponse object to temporary files, so that they
928 | * are no longer held in memory. Extensions can used this method to convert
929 | * IHttpRequestResponse objects into a form suitable for
930 | * long-term storage.
931 | *
932 | * @param httpRequestResponse The IHttpRequestResponse object
933 | * whose request and response messages are to be saved to temporary files.
934 | * @return An object that implements the
935 | * IHttpRequestResponsePersisted interface.
936 | */
937 | IHttpRequestResponsePersisted saveBuffersToTempFiles(
938 | IHttpRequestResponse httpRequestResponse);
939 |
940 | /**
941 | * This method is used to apply markers to an HTTP request or response, at
942 | * offsets into the message that are relevant for some particular purpose.
943 | * Markers are used in various situations, such as specifying Intruder
944 | * payload positions, Scanner insertion points, and highlights in Scanner
945 | * issues.
946 | *
947 | * @param httpRequestResponse The IHttpRequestResponse object
948 | * to which the markers should be applied.
949 | * @param requestMarkers A list of index pairs representing the offsets of
950 | * markers to be applied to the request message. Each item in the list must
951 | * be an int[2] array containing the start and end offsets for the marker.
952 | * The markers in the list should be in sequence and not overlapping. This
953 | * parameter is optional and may be null if no request markers
954 | * are required.
955 | * @param responseMarkers A list of index pairs representing the offsets of
956 | * markers to be applied to the response message. Each item in the list must
957 | * be an int[2] array containing the start and end offsets for the marker.
958 | * The markers in the list should be in sequence and not overlapping. This
959 | * parameter is optional and may be null if no response markers
960 | * are required.
961 | * @return An object that implements the
962 | * IHttpRequestResponseWithMarkers interface.
963 | */
964 | IHttpRequestResponseWithMarkers applyMarkers(
965 | IHttpRequestResponse httpRequestResponse,
966 | List requestMarkers,
967 | List responseMarkers);
968 |
969 | /**
970 | * This method is used to obtain the descriptive name for the Burp tool
971 | * identified by the tool flag provided.
972 | *
973 | * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY,
974 | * TOOL_SCANNER, etc.). Tool flags are defined within this
975 | * interface.
976 | * @return The descriptive name for the specified tool.
977 | */
978 | String getToolName(int toolFlag);
979 |
980 | /**
981 | * This method is used to register a new Scanner issue. Note:
982 | * Wherever possible, extensions should implement custom Scanner checks
983 | * using
984 | * IScannerCheck and report issues via those checks, so as to
985 | * integrate with Burp's user-driven workflow, and ensure proper
986 | * consolidation of duplicate reported issues. This method is only designed
987 | * for tasks outside of the normal testing workflow, such as importing
988 | * results from other scanning tools.
989 | *
990 | * @param issue An object created by the extension that implements the
991 | * IScanIssue interface.
992 | */
993 | void addScanIssue(IScanIssue issue);
994 |
995 | /**
996 | * This method parses the specified request and returns details of each
997 | * request parameter.
998 | *
999 | * @param request The request to be parsed.
1000 | * @return An array of: String[] { name, value, type }
1001 | * containing details of the parameters contained within the request.
1002 | * @deprecated Use IExtensionHelpers.analyzeRequest() instead.
1003 | */
1004 | @Deprecated
1005 | String[][] getParameters(byte[] request);
1006 |
1007 | /**
1008 | * This method parses the specified request and returns details of each HTTP
1009 | * header.
1010 | *
1011 | * @param message The request to be parsed.
1012 | * @return An array of HTTP headers.
1013 | * @deprecated Use IExtensionHelpers.analyzeRequest() or
1014 | * IExtensionHelpers.analyzeResponse() instead.
1015 | */
1016 | @Deprecated
1017 | String[] getHeaders(byte[] message);
1018 |
1019 | /**
1020 | * This method can be used to register a new menu item which will appear on
1021 | * the various context menus that are used throughout Burp Suite to handle
1022 | * user-driven actions.
1023 | *
1024 | * @param menuItemCaption The caption to be displayed on the menu item.
1025 | * @param menuItemHandler The handler to be invoked when the user clicks on
1026 | * the menu item.
1027 | * @deprecated Use registerContextMenuFactory() instead.
1028 | */
1029 | @Deprecated
1030 | void registerMenuItem(
1031 | String menuItemCaption,
1032 | IMenuItemHandler menuItemHandler);
1033 | }
1034 |
--------------------------------------------------------------------------------