├── lib
├── xstream-1.4.2.jar
└── blazeds-core-4.0.0.14931.jar
├── executables
└── burpAMFDser.jar
├── src
├── org
│ └── apache
│ │ └── jmeter
│ │ └── protocol
│ │ └── amf
│ │ └── util
│ │ ├── SampleRequestVO.java
│ │ ├── AmfResources.java
│ │ ├── ASObjectConverter.java
│ │ ├── AmfXmlConverterTest.java
│ │ └── AmfXmlConverter.java
└── burp
│ ├── AMFHttpListener.java
│ ├── AMFTabFactory.java
│ ├── IHttpRequestResponsePersisted.java
│ ├── ITempFile.java
│ ├── IExtensionStateListener.java
│ ├── IBurpExtender.java
│ ├── IScannerListener.java
│ ├── IHttpService.java
│ ├── ITab.java
│ ├── IMenuItemHandler.java
│ ├── IIntruderPayloadGeneratorFactory.java
│ ├── IResponseInfo.java
│ ├── IProxyListener.java
│ ├── IContextMenuFactory.java
│ ├── IScannerInsertionPointProvider.java
│ ├── IHttpListener.java
│ ├── IMessageEditorTabFactory.java
│ ├── BurpExtender.java
│ ├── IRequestInfo.java
│ ├── IIntruderPayloadProcessor.java
│ ├── IHttpRequestResponseWithMarkers.java
│ ├── IIntruderPayloadGenerator.java
│ ├── IMessageEditorController.java
│ ├── IMessageEditor.java
│ ├── ISessionHandlingAction.java
│ ├── AMFDeserializerTab.java
│ ├── AMFMenu.java
│ ├── IScanQueueItem.java
│ ├── ITextEditor.java
│ ├── IHttpRequestResponse.java
│ ├── IParameter.java
│ ├── IInterceptedProxyMessage.java
│ ├── AMFUtilities.java
│ ├── IMessageEditorTab.java
│ ├── IScanIssue.java
│ ├── IScannerCheck.java
│ ├── IContextMenuInvocation.java
│ ├── IScannerInsertionPoint.java
│ ├── IExtensionHelpers.java
│ └── IBurpExtenderCallbacks.java
├── .gitattributes
├── README.md
└── .gitignore
/lib/xstream-1.4.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/khai-tran/BurpAMFDser/HEAD/lib/xstream-1.4.2.jar
--------------------------------------------------------------------------------
/executables/burpAMFDser.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/khai-tran/BurpAMFDser/HEAD/executables/burpAMFDser.jar
--------------------------------------------------------------------------------
/lib/blazeds-core-4.0.0.14931.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/khai-tran/BurpAMFDser/HEAD/lib/blazeds-core-4.0.0.14931.jar
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/SampleRequestVO.java:
--------------------------------------------------------------------------------
1 | package org.apache.jmeter.protocol.amf.util;
2 |
3 | public class SampleRequestVO {
4 | String requestAction = "abc";
5 | String requestParams = "def,hij";
6 | }
7 |
--------------------------------------------------------------------------------
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
4 | # Custom for Visual Studio
5 | *.cs diff=csharp
6 | *.sln merge=union
7 | *.csproj merge=union
8 | *.vbproj merge=union
9 | *.fsproj merge=union
10 | *.dbproj merge=union
11 |
12 | # Standard to msysgit
13 | *.doc diff=astextplain
14 | *.DOC diff=astextplain
15 | *.docx diff=astextplain
16 | *.DOCX diff=astextplain
17 | *.dot diff=astextplain
18 | *.DOT diff=astextplain
19 | *.pdf diff=astextplain
20 | *.PDF diff=astextplain
21 | *.rtf diff=astextplain
22 | *.RTF diff=astextplain
23 |
--------------------------------------------------------------------------------
/src/burp/AMFHttpListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 | import burp.*;
3 |
4 | public class AMFHttpListener implements IHttpListener {
5 |
6 | @Override
7 | public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
8 | if (messageIsRequest) {
9 | if (toolFlag == IBurpExtenderCallbacks.TOOL_INTRUDER || toolFlag == IBurpExtenderCallbacks.TOOL_SCANNER) {
10 | byte[] currentMsg = messageInfo.getRequest();
11 | byte[] serializedMsg = AMFUtilities.serializeProxyItem(currentMsg);
12 | messageInfo.setRequest(serializedMsg);
13 | }
14 | }
15 | }
16 | }
--------------------------------------------------------------------------------
/src/burp/AMFTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | public class AMFTabFactory implements IMessageEditorTabFactory {
4 | private IBurpExtenderCallbacks m_callbacks;
5 | private IExtensionHelpers m_helpers;
6 |
7 | public AMFTabFactory(IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers) {
8 | m_callbacks = callbacks;
9 | m_helpers = helpers;
10 | }
11 |
12 | @Override
13 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable) {
14 | AMFDeserializerTab amfDeserializerTab = new AMFDeserializerTab(controller, editable, m_callbacks, m_helpers);
15 | return amfDeserializerTab;
16 | }
17 |
18 | }
19 |
--------------------------------------------------------------------------------
/src/burp/IHttpRequestResponsePersisted.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponsePersisted.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for an
14 | * IHttpRequestResponse object whose request and response messages
15 | * have been saved to temporary files using
16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles().
17 | */
18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
19 | {
20 | /**
21 | * This method is used to permanently delete the saved temporary files. It
22 | * will no longer be possible to retrieve the request or response for this
23 | * item.
24 | */
25 | void deleteTempFiles();
26 | }
27 |
--------------------------------------------------------------------------------
/src/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is used to permanently delete the temporary file when it is
30 | * no longer required.
31 | */
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/src/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionStateListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to
15 | * register an extension state listener. The listener will be notified of
16 | * changes to the extension's state. Note: Any extensions that start
17 | * background threads or open system resources (such as files or database
18 | * connections) should register a listener and terminate threads / close
19 | * resources when the extension is unloaded.
20 | */
21 | public interface IExtensionStateListener
22 | {
23 | /**
24 | * This method is called when the extension is unloaded.
25 | */
26 | void extensionUnloaded();
27 | }
28 |
--------------------------------------------------------------------------------
/src/burp/IBurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtender.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * All extensions must implement this interface.
14 | *
15 | * Implementations must be called BurpExtender, in the package burp, must be
16 | * declared public, and must provide a default (public, no-argument)
17 | * constructor.
18 | */
19 | public interface IBurpExtender
20 | {
21 | /**
22 | * This method is invoked when the extension is loaded. It registers an
23 | * instance of the
24 | * IBurpExtenderCallbacks interface, providing methods that may
25 | * be invoked by the extension to perform various actions.
26 | *
27 | * @param callbacks An
28 | * IBurpExtenderCallbacks object.
29 | */
30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
31 | }
32 |
--------------------------------------------------------------------------------
/src/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## Introduction
2 |
3 |
4 | BurpAMFDSer is a Burp plugin that will deserialze/serialize AMF request and response to and from XML with the use of Xtream library (http://xstream.codehaus.org/)
5 | BurpAMFDSer also utilizes part of Kenneth Hill's Jmeter source code for custom AMF deserialization (https://github.com/steeltomato/jmeter-amf)
6 |
7 | ## Usage
8 | ###1 Start Burp plugin
9 | java -classpath burp.jar;burpamfdser.jar;xstream-1.4.2.jar burp.StartBurp
10 |
11 | ###2 Inspect serialized AMF traffic
12 | - Serialized AMF request/response will be automatically converted to XML. Decoded XML should be in "Edited Request" and "Original Response" tabs.
13 | - Fuzz the request using Repeater/Intruder. Request will be automatically serialized back to binary format and response will be deserialized in XML format
14 |
15 | ###3 Bypass client-side authorization:
16 | Sometimes the client rely on server for authorization check. In case you may want to modify the serialized response to bypass it:
17 | - Inspect proxy response for possible authorization check
18 | - Modify potentially abusive parameters to bypass client-side restrictions
19 |
--------------------------------------------------------------------------------
/src/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpService.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to provide details about an HTTP service, to which
14 | * HTTP requests can be sent.
15 | */
16 | public interface IHttpService
17 | {
18 | /**
19 | * This method returns the hostname or IP address for the service.
20 | *
21 | * @return The hostname or IP address for the service.
22 | */
23 | String getHost();
24 |
25 | /**
26 | * This method returns the port number for the service.
27 | *
28 | * @return The port number for the service.
29 | */
30 | int getPort();
31 |
32 | /**
33 | * This method returns the protocol for the service.
34 | *
35 | * @return The protocol for the service. Expected values are "http" or
36 | * "https".
37 | */
38 | String getProtocol();
39 | }
40 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/AmfResources.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2011 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.apache.jmeter.protocol.amf.util;
18 |
19 | import java.util.MissingResourceException;
20 | import java.util.ResourceBundle;
21 |
22 |
23 | public class AmfResources {
24 |
25 | private static ResourceBundle resources = null;
26 |
27 | public static String getResString(String key) {
28 | if (resources == null) {
29 |
30 | }
31 |
32 | try {
33 | return resources.getString(key);
34 | } catch (MissingResourceException e) {
35 | return "[res_key=" + key + "]";
36 | }
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide Burp with details of a custom tab that will
16 | * be added to Burp's UI, using a method such as
17 | * IBurpExtenderCallbacks.addSuiteTab().
18 | */
19 | public interface ITab
20 | {
21 | /**
22 | * Burp uses this method to obtain the caption that should appear on the
23 | * custom tab when it is displayed.
24 | *
25 | * @return The caption that should appear on the custom tab when it is
26 | * displayed.
27 | */
28 | String getTabCaption();
29 |
30 | /**
31 | * Burp uses this method to obtain the component that should be used as the
32 | * contents of the custom tab when it is displayed.
33 | *
34 | * @return The component that should be used as the contents of the custom
35 | * tab when it is displayed.
36 | */
37 | Component getUiComponent();
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/IMenuItemHandler.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMenuItemHandler.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom
15 | * context menu item.
16 | *
17 | * @deprecated Use
18 | * IContextMenuFactory instead.
19 | */
20 | @Deprecated
21 | public interface IMenuItemHandler
22 | {
23 | /**
24 | * This method is invoked by Burp Suite when the user clicks on a custom
25 | * menu item which the extension has registered with Burp.
26 | *
27 | * @param menuItemCaption The caption of the menu item which was clicked.
28 | * This parameter enables extensions to provide a single implementation
29 | * which handles multiple different menu items.
30 | * @param messageInfo Details of the HTTP message(s) for which the context
31 | * menu was displayed.
32 | */
33 | void menuItemClicked(
34 | String menuItemCaption,
35 | IHttpRequestResponse[] messageInfo);
36 | }
37 |
--------------------------------------------------------------------------------
/src/burp/IIntruderPayloadGeneratorFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGeneratorFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
15 | * to register a factory for custom Intruder payloads.
16 | */
17 | public interface IIntruderPayloadGeneratorFactory
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload generator.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use extension-generated payloads.
23 | *
24 | * @return The name of the payload generator.
25 | */
26 | String getGeneratorName();
27 |
28 | /**
29 | * This method is used by Burp when the user starts an Intruder attack that
30 | * uses this payload generator.
31 | *
32 | * @return A new instance of
33 | * IIntruderPayloadGenerator that will be used to generate
34 | * payloads for the attack.
35 | */
36 | IIntruderPayloadGenerator createNewInstance();
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IResponseInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to retrieve key details about an HTTP response.
16 | * Extensions can obtain an
17 | * IResponseInfo object for a given response by calling
18 | * IExtensionHelpers.analyzeResponse().
19 | */
20 | public interface IResponseInfo
21 | {
22 | /**
23 | * This method is used to obtain the HTTP headers contained in the response.
24 | *
25 | * @return The HTTP headers contained in the response.
26 | */
27 | List getHeaders();
28 |
29 | /**
30 | * This method is used to obtain the offset within the response where the
31 | * message body begins.
32 | *
33 | * @return The offset within the response where the message body begins.
34 | */
35 | int getBodyOffset();
36 |
37 | /**
38 | * This method is used to obtain the HTTP status code contained in the
39 | * response.
40 | *
41 | * @return The HTTP status code contained in the response.
42 | */
43 | short getStatusCode();
44 | }
45 |
--------------------------------------------------------------------------------
/src/burp/IProxyListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IProxyListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerHttpListener() to register a
15 | * Proxy listener. The listener will be notified of requests and responses being
16 | * processed by the Proxy tool. Extensions can perform custom analysis or
17 | * modification of these messages, and control in-UI message interception, by
18 | * registering a proxy listener.
19 | */
20 | public interface IProxyListener
21 | {
22 | /**
23 | * This method is invoked when an HTTP message is being processed by the
24 | * Proxy.
25 | *
26 | * @param messageIsRequest Indicates whether the HTTP message is a request
27 | * or a response.
28 | * @param message An
29 | * IInterceptedProxyMessage object that extensions can use to
30 | * query and update details of the message, and control whether the message
31 | * should be intercepted and displayed to the user for manual review or
32 | * modification.
33 | */
34 | void processProxyMessage(
35 | boolean messageIsRequest,
36 | IInterceptedProxyMessage message);
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 | import javax.swing.JMenuItem;
14 |
15 | /**
16 | * Extensions can implement this interface and then call
17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register
18 | * a factory for custom context menu items.
19 | */
20 | public interface IContextMenuFactory
21 | {
22 | /**
23 | * This method will be called by Burp when the user invokes a context menu
24 | * anywhere within Burp. The factory can then provide any custom context
25 | * menu items that should be displayed in the context menu, based on the
26 | * details of the menu invocation.
27 | *
28 | * @param invocation An object that implements the
29 | * IMessageEditorTabFactory interface, which the extension can
30 | * query to obtain details of the context menu invocation.
31 | * @return A list of custom menu items (which may include sub-menus,
32 | * checkbox menu items, etc.) that should be displayed. Extensions may
33 | * return
34 | * null from this method, to indicate that no menu items are
35 | * required.
36 | */
37 | List createMenuItems(IContextMenuInvocation invocation);
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/IScannerInsertionPointProvider.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPointProvider.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider()
17 | * to register a factory for custom Scanner insertion points.
18 | */
19 | public interface IScannerInsertionPointProvider
20 | {
21 | /**
22 | * When a request is actively scanned, the Scanner will invoke this method,
23 | * and the provider should provide a list of custom insertion points that
24 | * will be used in the scan. Note: these insertion points are used in
25 | * addition to those that are derived from Burp Scanner's configuration, and
26 | * those provided by any other Burp extensions.
27 | *
28 | * @param baseRequestResponse The base request that will be actively
29 | * scanned.
30 | * @return A list of
31 | * IScannerInsertionPoint objects that should be used in the
32 | * scanning, or
33 | * null if no custom insertion points are applicable for this
34 | * request.
35 | */
36 | List getInsertionPoints(
37 | IHttpRequestResponse baseRequestResponse);
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/IHttpListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerHttpListener() to register an
15 | * HTTP listener. The listener will be notified of requests and responses made
16 | * by any Burp tool. Extensions can perform custom analysis or modification of
17 | * these messages by registering an HTTP listener.
18 | */
19 | public interface IHttpListener
20 | {
21 | /**
22 | * This method is invoked when an HTTP request is about to be issued, and
23 | * when an HTTP response has been received.
24 | *
25 | * @param toolFlag A flag indicating the Burp tool that issued the request.
26 | * Burp tool flags are defined in the
27 | * IBurpExtenderCallbacks interface.
28 | * @param messageIsRequest Flags whether the method is being invoked for a
29 | * request or response.
30 | * @param messageInfo Details of the request / response to be processed.
31 | * Extensions can call the setter methods on this object to update the
32 | * current message and so modify Burp's behavior.
33 | */
34 | void processHttpMessage(int toolFlag,
35 | boolean messageIsRequest,
36 | IHttpRequestResponse messageInfo);
37 | }
38 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTabFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
15 | * register a factory for custom message editor tabs. This allows extensions to
16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
17 | * editor.
18 | */
19 | public interface IMessageEditorTabFactory
20 | {
21 | /**
22 | * Burp will call this method once for each HTTP message editor, and the
23 | * factory should provide a new instance of an
24 | * IMessageEditorTab object.
25 | *
26 | * @param controller An
27 | * IMessageEditorController object, which the new tab can query
28 | * to retrieve details about the currently displayed message. This may be
29 | * null for extension-invoked message editors where the
30 | * extension has not provided an editor controller.
31 | * @param editable Indicates whether the hosting editor is editable or
32 | * read-only.
33 | * @return A new
34 | * IMessageEditorTab object for use within the message editor.
35 | */
36 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
37 | boolean editable);
38 | }
39 |
--------------------------------------------------------------------------------
/src/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 |
4 | import java.awt.Component;
5 |
6 | import org.apache.jmeter.protocol.amf.util.AmfXmlConverter;
7 |
8 | import burp.*;
9 |
10 | public class BurpExtender implements IBurpExtender, IMessageEditorTabFactory
11 | {
12 | private IBurpExtenderCallbacks m_callbacks;
13 | private IExtensionHelpers m_helpers;
14 |
15 | //
16 | // implement IBurpExtender
17 | //
18 |
19 | @Override
20 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
21 | {
22 | // keep a reference to our callbacks object
23 | this.m_callbacks = callbacks;
24 |
25 | // obtain an extension helpers object
26 | m_helpers = callbacks.getHelpers();
27 |
28 | // set our extension name
29 | callbacks.setExtensionName("AMF Deserializer");
30 |
31 | // register ourselves as a message editor tab factory
32 | AMFTabFactory factory = new AMFTabFactory(m_callbacks, m_helpers);
33 |
34 | callbacks.registerMessageEditorTabFactory(factory);
35 |
36 | callbacks.registerContextMenuFactory(new AMFMenu(callbacks));
37 |
38 | callbacks.registerHttpListener(new AMFHttpListener());
39 | }
40 |
41 | //
42 | // implement IMessageEditorTabFactory
43 | //
44 |
45 | @Override
46 | public IMessageEditorTab createNewInstance(IMessageEditorController controller, boolean editable)
47 | {
48 | // create a new instance of our custom editor tab
49 | return new AMFDeserializerTab(controller, editable, m_callbacks, m_helpers);
50 | }
51 |
52 | //
53 | // class implementing IMessageEditorTab
54 | //
55 |
56 |
57 | }
58 |
--------------------------------------------------------------------------------
/src/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IRequestInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface is used to retrieve key details about an HTTP request.
17 | * Extensions can obtain an
18 | * IRequestInfo object for a given request by calling
19 | * IExtensionHelpers.analyzeRequest().
20 | */
21 | public interface IRequestInfo
22 | {
23 | /**
24 | * This method is used to obtain the HTTP method used in the request.
25 | *
26 | * @return The HTTP method used in the request.
27 | */
28 | String getMethod();
29 |
30 | /**
31 | * This method is used to obtain the URL in the request.
32 | *
33 | * @return The URL in the request.
34 | */
35 | URL getUrl();
36 |
37 | /**
38 | * This method is used to obtain the HTTP headers contained in the request.
39 | *
40 | * @return The HTTP headers contained in the request.
41 | */
42 | List getHeaders();
43 |
44 | /**
45 | * This method is used to obtain the parameters contained in the request.
46 | *
47 | * @return The parameters contained in the request.
48 | */
49 | List getParameters();
50 |
51 | /**
52 | * This method is used to obtain the offset within the request where the
53 | * message body begins.
54 | *
55 | * @return The offset within the request where the message body begins.
56 | */
57 | int getBodyOffset();
58 | }
59 |
--------------------------------------------------------------------------------
/src/burp/IIntruderPayloadProcessor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadProcessor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
15 | * register a custom Intruder payload processor.
16 | */
17 | public interface IIntruderPayloadProcessor
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload processor.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use an extension-provided payload processor.
23 | *
24 | * @return The name of the payload processor.
25 | */
26 | String getProcessorName();
27 |
28 | /**
29 | * This method is invoked by Burp each time the processor should be applied
30 | * to an Intruder payload.
31 | *
32 | * @param currentPayload The value of the payload to be processed.
33 | * @param originalPayload The value of the original payload prior to
34 | * processing by any already-applied processing rules.
35 | * @param baseValue The base value of the payload position, which will be
36 | * replaced with the current payload.
37 | * @return The value of the processed payload. This may be
38 | * null to indicate that the current payload should be skipped,
39 | * and the attack will move directly to the next payload.
40 | */
41 | byte[] processPayload(
42 | byte[] currentPayload,
43 | byte[] originalPayload,
44 | byte[] baseValue);
45 | }
46 |
--------------------------------------------------------------------------------
/src/burp/IHttpRequestResponseWithMarkers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponseWithMarkers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used for an
16 | * IHttpRequestResponse object that has had markers applied.
17 | * Extensions can create instances of this interface using
18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own
19 | * implementation. Markers are used in various situations, such as specifying
20 | * Intruder payload positions, Scanner insertion points, and highlights in
21 | * Scanner issues.
22 | */
23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
24 | {
25 | /**
26 | * This method returns the details of the request markers.
27 | *
28 | * @return A list of index pairs representing the offsets of markers for the
29 | * request message. Each item in the list is an int[2] array containing the
30 | * start and end offsets for the marker. The method may return
31 | * null if no request markers are defined.
32 | */
33 | List getRequestMarkers();
34 |
35 | /**
36 | * This method returns the details of the response markers.
37 | *
38 | * @return A list of index pairs representing the offsets of markers for the
39 | * response message. Each item in the list is an int[2] array containing the
40 | * start and end offsets for the marker. The method may return
41 | * null if no response markers are defined.
42 | */
43 | List getResponseMarkers();
44 | }
45 |
--------------------------------------------------------------------------------
/src/burp/IIntruderPayloadGenerator.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGenerator.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for custom Intruder payload generators. Extensions
14 | * that have registered an
15 | * IIntruderPayloadGeneratorFactory must return a new instance of
16 | * this interface when required as part of a new Intruder attack.
17 | */
18 | public interface IIntruderPayloadGenerator
19 | {
20 | /**
21 | * This method is used by Burp to determine whether the payload generator is
22 | * able to provide any further payloads.
23 | *
24 | * @return Extensions should return
25 | * false when all the available payloads have been used up,
26 | * otherwise
27 | * true.
28 | */
29 | boolean hasMorePayloads();
30 |
31 | /**
32 | * This method is used by Burp to obtain the value of the next payload.
33 | *
34 | * @param baseValue The base value of the current payload position. This
35 | * value may be
36 | * null if the concept of a base value is not applicable (e.g.
37 | * in a battering ram attack).
38 | * @return The next payload to use in the attack.
39 | */
40 | byte[] getNextPayload(byte[] baseValue);
41 |
42 | /**
43 | * This method is used by Burp to reset the state of the payload generator
44 | * so that the next call to
45 | * getNextPayload() returns the first payload again. This
46 | * method will be invoked when an attack uses the same payload generator for
47 | * more than one payload position, for example in a sniper attack.
48 | */
49 | void reset();
50 | }
51 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorController.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used by an
14 | * IMessageEditor to obtain details about the currently displayed
15 | * message. Extensions that create instances of Burp's HTTP message editor can
16 | * optionally provide an implementation of
17 | * IMessageEditorController, which the editor will invoke when it
18 | * requires further information about the current message (for example, to send
19 | * it to another Burp tool). Extensions that provide custom editor tabs via an
20 | * IMessageEditorTabFactory will receive a reference to an
21 | * IMessageEditorController object for each tab instance they
22 | * generate, which the tab can invoke if it requires further information about
23 | * the current message.
24 | */
25 | public interface IMessageEditorController
26 | {
27 | /**
28 | * This method is used to retrieve the HTTP service for the current message.
29 | *
30 | * @return The HTTP service for the current message.
31 | */
32 | IHttpService getHttpService();
33 |
34 | /**
35 | * This method is used to retrieve the HTTP request associated with the
36 | * current message (which may itself be a response).
37 | *
38 | * @return The HTTP request associated with the current message.
39 | */
40 | byte[] getRequest();
41 |
42 | /**
43 | * This method is used to retrieve the HTTP response associated with the
44 | * current message (which may itself be a request).
45 | *
46 | * @return The HTTP response associated with the current message.
47 | */
48 | byte[] getResponse();
49 | }
50 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's HTTP
16 | * message editor, for the extension to use in its own UI. Extensions should
17 | * call
18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an
19 | * instance of this interface.
20 | */
21 | public interface IMessageEditor
22 | {
23 | /**
24 | * This method returns the UI component of the editor, for extensions to add
25 | * to their own UI.
26 | *
27 | * @return The UI component of the editor.
28 | */
29 | Component getComponent();
30 |
31 | /**
32 | * This method is used to display an HTTP message in the editor.
33 | *
34 | * @param message The HTTP message to be displayed.
35 | * @param isRequest Flags whether the message is an HTTP request or
36 | * response.
37 | */
38 | void setMessage(byte[] message, boolean isRequest);
39 |
40 | /**
41 | * This method is used to retrieve the currently displayed message, which
42 | * may have been modified by the user.
43 | *
44 | * @return The currently displayed HTTP message.
45 | */
46 | byte[] getMessage();
47 |
48 | /**
49 | * This method is used to determine whether the current message has been
50 | * modified by the user.
51 | *
52 | * @return An indication of whether the current message has been modified by
53 | * the user since it was first displayed.
54 | */
55 | boolean isMessageModified();
56 |
57 | /**
58 | * This method returns the data that is currently selected by the user.
59 | *
60 | * @return The data that is currently selected by the user, or
61 | * null if no selection is made.
62 | */
63 | byte[] getSelectedData();
64 | }
65 |
--------------------------------------------------------------------------------
/src/burp/ISessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ISessionHandlingAction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to
15 | * register a custom session handling action. Each registered action will be
16 | * available within the session handling rule UI for the user to select as a
17 | * rule action. Users can choose to invoke an action directly in its own right,
18 | * or following execution of a macro.
19 | */
20 | public interface ISessionHandlingAction
21 | {
22 | /**
23 | * This method is used by Burp to obtain the name of the session handling
24 | * action. This will be displayed as an option within the session handling
25 | * rule editor when the user selects to execute an extension-provided
26 | * action.
27 | *
28 | * @return The name of the action.
29 | */
30 | String getActionName();
31 |
32 | /**
33 | * This method is invoked when the session handling action should be
34 | * executed. This may happen as an action in its own right, or as a
35 | * sub-action following execution of a macro.
36 | *
37 | * @param currentRequest The base request that is currently being processed.
38 | * The action can query this object to obtain details about the base
39 | * request. It can issue additional requests of its own if necessary, and
40 | * can use the setter methods on this object to update the base request.
41 | * @param macroItems If the action is invoked following execution of a
42 | * macro, this parameter contains the result of executing the macro.
43 | * Otherwise, it is
44 | * null. Actions can use the details of the macro items to
45 | * perform custom analysis of the macro to derive values of non-standard
46 | * session handling tokens, etc.
47 | */
48 | void performAction(
49 | IHttpRequestResponse currentRequest,
50 | IHttpRequestResponse[] macroItems);
51 | }
52 |
--------------------------------------------------------------------------------
/src/burp/AMFDeserializerTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 | import java.awt.Color;
3 | import java.awt.Component;
4 |
5 | import javax.swing.plaf.basic.BasicTabbedPaneUI;
6 |
7 | import org.apache.jmeter.protocol.amf.util.AmfXmlConverter;
8 |
9 | import burp.*;
10 |
11 | class AMFDeserializerTab implements IMessageEditorTab
12 | {
13 | private boolean editable;
14 | private ITextEditor txtInput;
15 | private byte[] currentMessage;
16 | private IBurpExtenderCallbacks callbacks;
17 | private IExtensionHelpers helpers;
18 |
19 | public AMFDeserializerTab(IMessageEditorController controller, boolean editable, IBurpExtenderCallbacks callbacks2, IExtensionHelpers helpers2) {
20 | this.editable = editable;
21 | callbacks = callbacks2;
22 | helpers = helpers2;
23 | // create an instance of Burp's text editor, to display our deserialized
24 | // data
25 | txtInput = callbacks.createTextEditor();
26 | txtInput.setEditable(editable);
27 | }
28 |
29 | //
30 | // implement IMessageEditorTab
31 | //
32 |
33 | @Override
34 | public String getTabCaption() {
35 | return "AMF Deserialized";
36 | }
37 |
38 | @Override
39 | public Component getUiComponent() {
40 | return txtInput.getComponent();
41 | }
42 |
43 | @Override
44 | public boolean isEnabled(byte[] content, boolean isRequest) {
45 | // enable this tab for requests containing a data parameter
46 |
47 | return true;
48 | }
49 |
50 | @Override
51 | public void setMessage(byte[] content, boolean isRequest) {
52 | if (content == null) {
53 | // clear our display
54 | txtInput.setText(null);
55 | txtInput.setEditable(false);
56 | } else {
57 | // retrieve the data parameter
58 | IParameter parameter = helpers.getRequestParameter(content, "data");
59 |
60 | // deserialize the parameter value
61 | txtInput.setText((AmfXmlConverter.convertAmfMessageToXml(AMFUtilities.getBody(content), true)).getBytes());
62 | txtInput.setEditable(editable);
63 | }
64 |
65 | // remember the displayed content
66 | currentMessage = content;
67 | }
68 |
69 | @Override
70 | public byte[] getMessage() {
71 | // determine whether the user modified the deserialized data
72 | if (txtInput.isTextModified()) {
73 | // reserialize the data
74 | return AMFUtilities.serializeProxyItem(currentMessage, txtInput.getText());
75 | // helpers.buildParameter("data", input, IParameter.PARAM_BODY));
76 | } else
77 | return currentMessage;
78 | }
79 |
80 | @Override
81 | public boolean isModified() {
82 | return txtInput.isTextModified();
83 | }
84 |
85 | @Override
86 | public byte[] getSelectedData() {
87 | return txtInput.getSelectedText();
88 | }
89 | }
--------------------------------------------------------------------------------
/src/burp/AMFMenu.java:
--------------------------------------------------------------------------------
1 | package burp;
2 | import java.awt.event.MouseEvent;
3 | import java.awt.event.MouseListener;
4 | import java.util.List;
5 |
6 | import javax.swing.JMenuItem;
7 |
8 | import flex.messaging.io.ArrayList;
9 |
10 | public class AMFMenu implements IContextMenuFactory {
11 | private IBurpExtenderCallbacks m_callbacks;
12 |
13 | public AMFMenu(IBurpExtenderCallbacks callbacks) {
14 | m_callbacks = callbacks;
15 | }
16 |
17 | @Override
18 | public List createMenuItems(final IContextMenuInvocation invocation) {
19 | JMenuItem sendAMFToIntruderMenu = new JMenuItem("Send Deserialized AMF to Intruder");
20 | JMenuItem scanAMFMenu = new JMenuItem("Scan AMF with predefined insertion points");
21 | sendAMFToIntruderMenu.addMouseListener(new MouseListener() {
22 | @Override
23 | public void mouseClicked(MouseEvent arg0) {
24 |
25 | }
26 |
27 | @Override
28 | public void mouseEntered(MouseEvent arg0) {
29 | }
30 |
31 | @Override
32 | public void mouseExited(MouseEvent arg0) {
33 | }
34 |
35 | @Override
36 | public void mousePressed(MouseEvent arg0) {
37 | System.out.println("Menu clicked");
38 | IHttpRequestResponse[] selectedMessages = invocation.getSelectedMessages();
39 | for (IHttpRequestResponse iReqResp : selectedMessages) {
40 | IHttpService httpService = iReqResp.getHttpService();
41 | m_callbacks.sendToIntruder(httpService.getHost(), httpService.getPort(), (httpService.getProtocol().equals("https") ? true : false),
42 | AMFUtilities.deserializeProxyItem(iReqResp.getRequest()));
43 | }
44 | }
45 |
46 | @Override
47 | public void mouseReleased(MouseEvent arg0) {
48 | }
49 | });
50 |
51 | scanAMFMenu.addMouseListener(new MouseListener() {
52 | @Override
53 | public void mouseReleased(MouseEvent e) {
54 | }
55 |
56 | @Override
57 | public void mousePressed(MouseEvent e) {
58 | IHttpRequestResponse[] selectedMessages = invocation.getSelectedMessages();
59 | for (IHttpRequestResponse iReqResp : selectedMessages) {
60 | IHttpService httpService = iReqResp.getHttpService();
61 | m_callbacks.doActiveScan(httpService.getHost(), httpService.getPort(), (httpService.getProtocol().equals("https") ? true : false),
62 | AMFUtilities.serializeProxyItem(iReqResp.getRequest()));
63 | }
64 | }
65 |
66 | @Override
67 | public void mouseExited(MouseEvent e) {
68 | }
69 |
70 | @Override
71 | public void mouseEntered(MouseEvent e) {
72 | }
73 |
74 | @Override
75 | public void mouseClicked(MouseEvent arg0) {
76 | }
77 |
78 | });
79 | List menus = new ArrayList();
80 | menus.add(sendAMFToIntruderMenu);
81 | menus.add(scanAMFMenu);
82 | return menus;
83 | }
84 |
85 | }
86 |
--------------------------------------------------------------------------------
/src/burp/IScanQueueItem.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanQueueItem.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of items in the Burp Scanner
14 | * active scan queue. Extensions can obtain references to scan queue items by
15 | * calling
16 | * IBurpExtenderCallbacks.doActiveScan().
17 | */
18 | public interface IScanQueueItem
19 | {
20 | /**
21 | * This method returns a description of the status of the scan queue item.
22 | *
23 | * @return A description of the status of the scan queue item.
24 | */
25 | String getStatus();
26 |
27 | /**
28 | * This method returns an indication of the percentage completed for the
29 | * scan queue item.
30 | *
31 | * @return An indication of the percentage completed for the scan queue
32 | * item.
33 | */
34 | byte getPercentageComplete();
35 |
36 | /**
37 | * This method returns the number of requests that have been made for the
38 | * scan queue item.
39 | *
40 | * @return The number of requests that have been made for the scan queue
41 | * item.
42 | */
43 | int getNumRequests();
44 |
45 | /**
46 | * This method returns the number of network errors that have occurred for
47 | * the scan queue item.
48 | *
49 | * @return The number of network errors that have occurred for the scan
50 | * queue item.
51 | */
52 | int getNumErrors();
53 |
54 | /**
55 | * This method returns the number of attack insertion points being used for
56 | * the scan queue item.
57 | *
58 | * @return The number of attack insertion points being used for the scan
59 | * queue item.
60 | */
61 | int getNumInsertionPoints();
62 |
63 | /**
64 | * This method allows the scan queue item to be canceled.
65 | */
66 | void cancel();
67 |
68 | /**
69 | * This method returns details of the issues generated for the scan queue
70 | * item. Note: different items within the scan queue may contain
71 | * duplicated versions of the same issues - for example, if the same request
72 | * has been scanned multiple times. Duplicated issues are consolidated in
73 | * the main view of scan results. Extensions can register an
74 | * IScannerListener to get details only of unique, newly
75 | * discovered Scanner issues post-consolidation.
76 | *
77 | * @return Details of the issues generated for the scan queue item.
78 | */
79 | IScanIssue[] getIssues();
80 | }
81 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | #################
2 | ## Eclipse
3 | #################
4 |
5 | *.pydevproject
6 | .project
7 | .metadata
8 | bin/
9 | tmp/
10 | *.tmp
11 | *.bak
12 | *.swp
13 | *~.nib
14 | local.properties
15 | .classpath
16 | .settings/
17 | .loadpath
18 |
19 | # External tool builders
20 | .externalToolBuilders/
21 |
22 | # Locally stored "Eclipse launch configurations"
23 | *.launch
24 |
25 | # CDT-specific
26 | .cproject
27 |
28 | # PDT-specific
29 | .buildpath
30 |
31 |
32 | #################
33 | ## Visual Studio
34 | #################
35 |
36 | ## Ignore Visual Studio temporary files, build results, and
37 | ## files generated by popular Visual Studio add-ons.
38 |
39 | # User-specific files
40 | *.suo
41 | *.user
42 | *.sln.docstates
43 |
44 | # Build results
45 | [Dd]ebug/
46 | [Rr]elease/
47 | *_i.c
48 | *_p.c
49 | *.ilk
50 | *.meta
51 | *.obj
52 | *.pch
53 | *.pdb
54 | *.pgc
55 | *.pgd
56 | *.rsp
57 | *.sbr
58 | *.tlb
59 | *.tli
60 | *.tlh
61 | *.tmp
62 | *.vspscc
63 | .builds
64 | *.dotCover
65 |
66 | ## TODO: If you have NuGet Package Restore enabled, uncomment this
67 | #packages/
68 |
69 | # Visual C++ cache files
70 | ipch/
71 | *.aps
72 | *.ncb
73 | *.opensdf
74 | *.sdf
75 |
76 | # Visual Studio profiler
77 | *.psess
78 | *.vsp
79 |
80 | # ReSharper is a .NET coding add-in
81 | _ReSharper*
82 |
83 | # Installshield output folder
84 | [Ee]xpress
85 |
86 | # DocProject is a documentation generator add-in
87 | DocProject/buildhelp/
88 | DocProject/Help/*.HxT
89 | DocProject/Help/*.HxC
90 | DocProject/Help/*.hhc
91 | DocProject/Help/*.hhk
92 | DocProject/Help/*.hhp
93 | DocProject/Help/Html2
94 | DocProject/Help/html
95 |
96 | # Click-Once directory
97 | publish
98 |
99 | # Others
100 | [Bb]in
101 | [Oo]bj
102 | sql
103 | TestResults
104 | *.Cache
105 | ClientBin
106 | stylecop.*
107 | ~$*
108 | *.dbmdl
109 | Generated_Code #added for RIA/Silverlight projects
110 |
111 | # Backup & report files from converting an old project file to a newer
112 | # Visual Studio version. Backup files are not needed, because we have git ;-)
113 | _UpgradeReport_Files/
114 | Backup*/
115 | UpgradeLog*.XML
116 |
117 |
118 |
119 | ############
120 | ## Windows
121 | ############
122 |
123 | # Windows image file caches
124 | Thumbs.db
125 |
126 | # Folder config file
127 | Desktop.ini
128 |
129 |
130 | #############
131 | ## Python
132 | #############
133 |
134 | *.py[co]
135 |
136 | # Packages
137 | *.egg
138 | *.egg-info
139 | dist
140 | build
141 | eggs
142 | parts
143 | bin
144 | var
145 | sdist
146 | develop-eggs
147 | .installed.cfg
148 |
149 | # Installer logs
150 | pip-log.txt
151 |
152 | # Unit test / coverage reports
153 | .coverage
154 | .tox
155 |
156 | #Translations
157 | *.mo
158 |
159 | #Mr Developer
160 | .mr.developer.cfg
161 |
162 | # Mac crap
163 | .DS_Store
164 |
--------------------------------------------------------------------------------
/src/burp/ITextEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITextEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's raw
16 | * text editor, for the extension to use in its own UI. Extensions should call
17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance
18 | * of this interface.
19 | */
20 | public interface ITextEditor
21 | {
22 | /**
23 | * This method returns the UI component of the editor, for extensions to add
24 | * to their own UI.
25 | *
26 | * @return The UI component of the editor.
27 | */
28 | Component getComponent();
29 |
30 | /**
31 | * This method is used to control whether the editor is currently editable.
32 | * This status can be toggled on and off as required.
33 | *
34 | * @param editable Indicates whether the editor should be currently
35 | * editable.
36 | */
37 | void setEditable(boolean editable);
38 |
39 | /**
40 | * This method is used to update the currently displayed text in the editor.
41 | *
42 | * @param text The text to be displayed.
43 | */
44 | void setText(byte[] text);
45 |
46 | /**
47 | * This method is used to retrieve the currently displayed text.
48 | *
49 | * @return The currently displayed text.
50 | */
51 | byte[] getText();
52 |
53 | /**
54 | * This method is used to determine whether the user has modified the
55 | * contents of the editor.
56 | *
57 | * @return An indication of whether the user has modified the contents of
58 | * the editor since the last call to
59 | * setText().
60 | */
61 | boolean isTextModified();
62 |
63 | /**
64 | * This method is used to obtain the currently selected text.
65 | *
66 | * @return The currently selected text, or
67 | * null if the user has not made any selection.
68 | */
69 | byte[] getSelectedText();
70 |
71 | /**
72 | * This method can be used to retrieve the bounds of the user's selection
73 | * into the displayed text, if applicable.
74 | *
75 | * @return An int[2] array containing the start and end offsets of the
76 | * user's selection within the displayed text. If the user has not made any
77 | * selection in the current message, both offsets indicate the position of
78 | * the caret within the editor.
79 | */
80 | int[] getSelectionBounds();
81 |
82 | /**
83 | * This method is used to update the search expression that is shown in the
84 | * search bar below the editor. The editor will automatically highlight any
85 | * regions of the displayed text that match the search expression.
86 | *
87 | * @param expression The search expression.
88 | */
89 | void setSearchExpression(String expression);
90 | }
91 |
--------------------------------------------------------------------------------
/src/burp/IHttpRequestResponse.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponse.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve and update details about HTTP messages.
14 | *
15 | * Note: The setter methods generally can only be used before the message
16 | * has been processed, and not in read-only contexts. The getter methods
17 | * relating to response details can only be used after the request has been
18 | * issued.
19 | */
20 | public interface IHttpRequestResponse
21 | {
22 | /**
23 | * This method is used to retrieve the request message.
24 | *
25 | * @return The request message.
26 | */
27 | byte[] getRequest();
28 |
29 | /**
30 | * This method is used to update the request message.
31 | *
32 | * @param message The new request message.
33 | */
34 | void setRequest(byte[] message);
35 |
36 | /**
37 | * This method is used to retrieve the response message.
38 | *
39 | * @return The response message.
40 | */
41 | byte[] getResponse();
42 |
43 | /**
44 | * This method is used to update the response message.
45 | *
46 | * @param message The new response message.
47 | */
48 | void setResponse(byte[] message);
49 |
50 | /**
51 | * This method is used to retrieve the user-annotated comment for this item,
52 | * if applicable.
53 | *
54 | * @return The user-annotated comment for this item, or null if none is set.
55 | */
56 | String getComment();
57 |
58 | /**
59 | * This method is used to update the user-annotated comment for this item.
60 | *
61 | * @param comment The comment to be assigned to this item.
62 | */
63 | void setComment(String comment);
64 |
65 | /**
66 | * This method is used to retrieve the user-annotated highlight for this
67 | * item, if applicable.
68 | *
69 | * @return The user-annotated highlight for this item, or null if none is
70 | * set.
71 | */
72 | String getHighlight();
73 |
74 | /**
75 | * This method is used to update the user-annotated highlight for this item.
76 | *
77 | * @param color The highlight color to be assigned to this item. Accepted
78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
79 | * or a null String to clear any existing highlight.
80 | */
81 | void setHighlight(String color);
82 |
83 | /**
84 | * This method is used to retrieve the HTTP service for this request /
85 | * response.
86 | *
87 | * @return An
88 | * IHttpService object containing details of the HTTP service.
89 | */
90 | IHttpService getHttpService();
91 |
92 | /**
93 | * This method is used to update the HTTP service for this request /
94 | * response.
95 | *
96 | * @param httpService An
97 | * IHttpService object containing details of the new HTTP
98 | * service.
99 | */
100 | void setHttpService(IHttpService httpService);
101 | }
102 |
--------------------------------------------------------------------------------
/src/burp/IParameter.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IParameter.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an HTTP request parameter.
14 | */
15 | public interface IParameter
16 | {
17 | /**
18 | * Used to indicate a parameter within the URL query string.
19 | */
20 | static final byte PARAM_URL = 0;
21 | /**
22 | * Used to indicate a parameter within the message body.
23 | */
24 | static final byte PARAM_BODY = 1;
25 | /**
26 | * Used to indicate an HTTP cookie.
27 | */
28 | static final byte PARAM_COOKIE = 2;
29 | /**
30 | * Used to indicate an item of data within an XML structure.
31 | */
32 | static final byte PARAM_XML = 3;
33 | /**
34 | * Used to indicate the value of a tag attribute within an XML structure.
35 | */
36 | static final byte PARAM_XML_ATTR = 4;
37 | /**
38 | * Used to indicate the value of a parameter attribute within a multi-part
39 | * message body (such as the name of an uploaded file).
40 | */
41 | static final byte PARAM_MULTIPART_ATTR = 5;
42 | /**
43 | * Used to indicate an item of data within a JSON structure.
44 | */
45 | static final byte PARAM_JSON = 6;
46 |
47 | /**
48 | * This method is used to retrieve the parameter type.
49 | *
50 | * @return The parameter type. The available types are defined within this
51 | * interface.
52 | */
53 | byte getType();
54 |
55 | /**
56 | * This method is used to retrieve the parameter name.
57 | *
58 | * @return The parameter name.
59 | */
60 | String getName();
61 |
62 | /**
63 | * This method is used to retrieve the parameter value.
64 | *
65 | * @return The parameter value.
66 | */
67 | String getValue();
68 |
69 | /**
70 | * This method is used to retrieve the start offset of the parameter name
71 | * within the HTTP request.
72 | *
73 | * @return The start offset of the parameter name within the HTTP request,
74 | * or -1 if the parameter is not associated with a specific request.
75 | */
76 | int getNameStart();
77 |
78 | /**
79 | * This method is used to retrieve the end offset of the parameter name
80 | * within the HTTP request.
81 | *
82 | * @return The end offset of the parameter name within the HTTP request, or
83 | * -1 if the parameter is not associated with a specific request.
84 | */
85 | int getNameEnd();
86 |
87 | /**
88 | * This method is used to retrieve the start offset of the parameter value
89 | * within the HTTP request.
90 | *
91 | * @return The start offset of the parameter value within the HTTP request,
92 | * or -1 if the parameter is not associated with a specific request.
93 | */
94 | int getValueStart();
95 |
96 | /**
97 | * This method is used to retrieve the end offset of the parameter value
98 | * within the HTTP request.
99 | *
100 | * @return The end offset of the parameter value within the HTTP request, or
101 | * -1 if the parameter is not associated with a specific request.
102 | */
103 | int getValueEnd();
104 | }
105 |
--------------------------------------------------------------------------------
/src/burp/IInterceptedProxyMessage.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IInterceptedProxyMessage.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to represent an HTTP message that has been intercepted
14 | * by Burp Proxy. Extensions can register an
15 | * IProxyListener to receive details of proxy messages using this
16 | * interface. *
17 | */
18 | public interface IInterceptedProxyMessage
19 | {
20 | /**
21 | * This action causes Burp Proxy to follow the current interception rules to
22 | * determine the appropriate action to take for the message.
23 | */
24 | static final int ACTION_FOLLOW_RULES = 0;
25 | /**
26 | * This action causes Burp Proxy to present the message to the user for
27 | * manual review or modification.
28 | */
29 | static final int ACTION_DO_INTERCEPT = 1;
30 | /**
31 | * This action causes Burp Proxy to forward the message to the remote server
32 | * or client, without presenting it to the user.
33 | */
34 | static final int ACTION_DONT_INTERCEPT = 2;
35 | /**
36 | * This action causes Burp Proxy to drop the message.
37 | */
38 | static final int ACTION_DROP = 3;
39 | /**
40 | * This action causes Burp Proxy to follow the current interception rules to
41 | * determine the appropriate action to take for the message, and then make a
42 | * second call to processProxyMessage.
43 | */
44 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
45 | /**
46 | * This action causes Burp Proxy to present the message to the user for
47 | * manual review or modification, and then make a second call to
48 | * processProxyMessage.
49 | */
50 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
51 | /**
52 | * This action causes Burp Proxy to skip user interception, and then make a
53 | * second call to processProxyMessage.
54 | */
55 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
56 |
57 | /**
58 | * This method retrieves a unique reference number for this
59 | * request/response.
60 | *
61 | * @return An identifier that is unique to a single request/response pair.
62 | * Extensions can use this to correlate details of requests and responses
63 | * and perform processing on the response message accordingly.
64 | */
65 | int getMessageReference();
66 |
67 | /**
68 | * This method retrieves details of the intercepted message.
69 | *
70 | * @return An
71 | * IHttpRequestResponse object containing details of the
72 | * intercepted message.
73 | */
74 | IHttpRequestResponse getMessageInfo();
75 |
76 | /**
77 | * This method retrieves the currently defined interception action. The
78 | * default action is
79 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
80 | * registered, then other listeners may already have modified the
81 | * interception action before it reaches the current listener. This method
82 | * can be used to determine whether this has occurred.
83 | *
84 | * @return The currently defined interception action. Possible values are
85 | * defined within this interface.
86 | */
87 | int getInterceptAction();
88 |
89 | /**
90 | * This method is used to update the interception action.
91 | *
92 | * @param interceptAction The new interception action. Possible values are
93 | * defined within this interface.
94 | */
95 | void setInterceptAction(int interceptAction);
96 | }
97 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/ASObjectConverter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2011 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.apache.jmeter.protocol.amf.util;
18 |
19 | import java.util.Iterator;
20 | import java.util.Map;
21 |
22 | import com.thoughtworks.xstream.converters.MarshallingContext;
23 | import com.thoughtworks.xstream.converters.UnmarshallingContext;
24 | import com.thoughtworks.xstream.converters.collections.AbstractCollectionConverter;
25 | import com.thoughtworks.xstream.io.ExtendedHierarchicalStreamWriterHelper;
26 | import com.thoughtworks.xstream.io.HierarchicalStreamReader;
27 | import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
28 | import com.thoughtworks.xstream.mapper.Mapper;
29 |
30 | import flex.messaging.io.amf.ASObject;
31 |
32 | public class ASObjectConverter extends AbstractCollectionConverter {
33 |
34 | private static final String SERIAL_VER_1 = "1";
35 |
36 | private final String currSerialVer = SERIAL_VER_1;
37 |
38 | public ASObjectConverter(Mapper mapper) {
39 | super(mapper);
40 | }
41 |
42 | @SuppressWarnings("rawtypes")
43 | @Override
44 | public boolean canConvert(Class clazz) {
45 | return clazz.equals(ASObject.class);
46 | }
47 |
48 | @SuppressWarnings({ "rawtypes" })
49 | @Override
50 | public void marshal(Object obj, HierarchicalStreamWriter writer,
51 | MarshallingContext context) {
52 | ASObject asObj = (ASObject) obj;
53 |
54 | writer.addAttribute("serialVer", currSerialVer);
55 |
56 | if (asObj.getType() != null)
57 | writer.addAttribute("objClass", asObj.getType());
58 |
59 | for (Iterator iterator = asObj.entrySet().iterator(); iterator.hasNext();) {
60 | Map.Entry entry = (Map.Entry) iterator.next();
61 | ExtendedHierarchicalStreamWriterHelper.startNode(writer, mapper().serializedClass(Map.Entry.class), Map.Entry.class);
62 |
63 | writeItem(entry.getKey(), context, writer);
64 | writeItem(entry.getValue(), context, writer);
65 |
66 | writer.endNode();
67 | }
68 | }
69 |
70 | // TODO: If serialization changes
71 | //public void marshal_v1(Object obj, HierarchicalStreamWriter writer,
72 | // MarshallingContext context) {
73 | //
74 | //}
75 |
76 | public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {
77 | ASObject asObj = new ASObject();
78 |
79 | String type = reader.getAttribute("objClass");
80 | if (type != null) {
81 | asObj.setType(type);
82 | }
83 |
84 | populateMap(reader, context, asObj);
85 |
86 | return asObj;
87 | }
88 |
89 | // TODO: If serialization changes
90 | //public Object unmarshal_v1(HierarchicalStreamReader reader, UnmarshallingContext context) {
91 | // return null;
92 | //}
93 |
94 | @SuppressWarnings("unchecked")
95 | protected void populateMap(HierarchicalStreamReader reader, UnmarshallingContext context, ASObject map) {
96 | while (reader.hasMoreChildren()) {
97 | reader.moveDown();
98 |
99 | reader.moveDown();
100 | Object key = readItem(reader, context, map);
101 | reader.moveUp();
102 |
103 | reader.moveDown();
104 | Object value = readItem(reader, context, map);
105 | reader.moveUp();
106 |
107 | map.put(key, value);
108 |
109 | reader.moveUp();
110 | }
111 | }
112 |
113 | }
114 |
--------------------------------------------------------------------------------
/src/burp/AMFUtilities.java:
--------------------------------------------------------------------------------
1 | package burp;
2 | import java.net.URL;
3 | import java.util.Arrays;
4 |
5 | import org.apache.jmeter.protocol.amf.util.AmfXmlConverter;
6 |
7 | public class AMFUtilities {
8 | static final String X_BURP_DESERIALIZED = "X-Burp: Deserialized";
9 | static final String X_BURP_INITDESERIALIZED = "X-Burp: InitDeserialized";
10 |
11 | static final String X_BURP_SERIALIZED = "X-Burp: Serialized";
12 | static String DOUBLELINEBREAK = "\\r\\n\\r\\n";
13 | static String LINESEPARATOR = System.getProperty("line.separator");
14 |
15 | static String AMF_CONTENT_TYPE = "application/x-amf";
16 | static String CONTENT_TYPE = "content-type: ";
17 |
18 | public static byte[] getBody(byte[] message) {
19 |
20 | String testStr = new String(message);
21 | String[] strHeadersAndContent = testStr.split(DOUBLELINEBREAK);
22 | byte[] reqBody = Arrays.copyOfRange(message, strHeadersAndContent[0].getBytes().length + 4, message.length);
23 | return reqBody;
24 | }
25 | public static String getHeader(byte[] message) {
26 |
27 | String testStr = new String(message);
28 | String[] strHeadersAndContent = testStr.split(DOUBLELINEBREAK);
29 | return strHeadersAndContent[0];
30 | }
31 |
32 |
33 | public static byte[] deserializeProxyItem(byte[] message) {
34 | try {
35 | String testStr = new String(message);
36 | String[] strHeadersAndContent = testStr.split(DOUBLELINEBREAK);
37 | String xml = AmfXmlConverter.convertAmfMessageToXml(getBody(message), true);
38 | if (xml == null) {
39 | return null;
40 | }
41 | String headerWithUpdatedLength = strHeadersAndContent[0].replaceAll("Content-Length: .*", "Content-Length: " + String.valueOf(xml.length()));
42 | return (headerWithUpdatedLength + LINESEPARATOR + X_BURP_DESERIALIZED + LINESEPARATOR + LINESEPARATOR + xml).getBytes();
43 | } catch (Exception e) {
44 | e.printStackTrace();
45 | return message;
46 | }
47 | }
48 |
49 | public static byte[] serializeProxyItem(byte[] message) {
50 |
51 | try {
52 | String strMessage = new String(message);
53 | String[] strHeadersAndContent = strMessage.split(DOUBLELINEBREAK);
54 | byte[] content = AmfXmlConverter.convertXmlToAmfMessage(strHeadersAndContent[1]);
55 | if (content == null)
56 | return null;
57 | String headerWithUpdatedLength = strHeadersAndContent[0].replaceAll("Content-Length: .*", "Content-Length: " + String.valueOf(content.length));
58 | byte[] header = (headerWithUpdatedLength + LINESEPARATOR + LINESEPARATOR).getBytes();
59 | byte[] retArray = new byte[header.length + content.length];
60 | System.arraycopy(header, 0, retArray, 0, header.length);
61 | System.arraycopy(content, 0, retArray, header.length, content.length);
62 | return retArray;
63 | } catch (Exception e) {
64 | e.printStackTrace();
65 | return message;
66 | }
67 |
68 | }
69 |
70 | public static byte[] serializeProxyItem(byte[] message, byte[] body) {
71 |
72 | try {
73 | String strMessage = new String(message);
74 | String[] strHeadersAndContent = strMessage.split(DOUBLELINEBREAK);
75 | byte[] content = AmfXmlConverter.convertXmlToAmfMessage(new String(body));
76 | if (content == null)
77 | return null;
78 | String headerWithUpdatedLength = strHeadersAndContent[0].replaceAll("Content-Length: .*", "Content-Length: " + String.valueOf(content.length));
79 | byte[] header = (headerWithUpdatedLength + LINESEPARATOR + LINESEPARATOR).getBytes();
80 | byte[] retArray = new byte[header.length + content.length];
81 | System.arraycopy(header, 0, retArray, 0, header.length);
82 | System.arraycopy(content, 0, retArray, header.length, content.length);
83 | return retArray;
84 | } catch (Exception e) {
85 | e.printStackTrace();
86 | return message;
87 | }
88 |
89 | }
90 | public static void print(byte[] header) {
91 | System.out.println(new String(header));
92 | }
93 |
94 | public static void print(String header) {
95 | System.out.println(header);
96 | }
97 |
98 | public static void print(URL url) {
99 | System.out.println(url.getPath());
100 | }
101 |
102 | }
103 |
--------------------------------------------------------------------------------
/src/burp/IMessageEditorTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * Extensions that register an
16 | * IMessageEditorTabFactory must return instances of this
17 | * interface, which Burp will use to create custom tabs within its HTTP message
18 | * editors.
19 | */
20 | public interface IMessageEditorTab
21 | {
22 | /**
23 | * This method returns the caption that should appear on the custom tab when
24 | * it is displayed. Note: Burp invokes this method once when the tab
25 | * is first generated, and the same caption will be used every time the tab
26 | * is displayed.
27 | *
28 | * @return The caption that should appear on the custom tab when it is
29 | * displayed.
30 | */
31 | String getTabCaption();
32 |
33 | /**
34 | * This method returns the component that should be used as the contents of
35 | * the custom tab when it is displayed. Note: Burp invokes this
36 | * method once when the tab is first generated, and the same component will
37 | * be used every time the tab is displayed.
38 | *
39 | * @return The component that should be used as the contents of the custom
40 | * tab when it is displayed.
41 | */
42 | Component getUiComponent();
43 |
44 | /**
45 | * The hosting editor will invoke this method before it displays a new HTTP
46 | * message, so that the custom tab can indicate whether it should be enabled
47 | * for that message.
48 | *
49 | * @param content The message that is about to be displayed.
50 | * @param isRequest Indicates whether the message is a request or a
51 | * response.
52 | * @return The method should return
53 | * true if the custom tab is able to handle the specified
54 | * message, and so will be displayed within the editor. Otherwise, the tab
55 | * will be hidden while this message is displayed.
56 | */
57 | boolean isEnabled(byte[] content, boolean isRequest);
58 |
59 | /**
60 | * The hosting editor will invoke this method to display a new message or to
61 | * clear the existing message. This method will only be called with a new
62 | * message if the tab has already returned
63 | * true to a call to
64 | * isEnabled() with the same message details.
65 | *
66 | * @param content The message that is to be displayed, or
67 | * null if the tab should clear its contents and disable any
68 | * editable controls.
69 | * @param isRequest Indicates whether the message is a request or a
70 | * response.
71 | */
72 | void setMessage(byte[] content, boolean isRequest);
73 |
74 | /**
75 | * This method returns the currently displayed message.
76 | *
77 | * @return The currently displayed message.
78 | */
79 | byte[] getMessage();
80 |
81 | /**
82 | * This method is used to determine whether the currently displayed message
83 | * has been modified by the user. The hosting editor will always call
84 | * getMessage() before calling this method, so any pending
85 | * edits should be completed within
86 | * getMessage().
87 | *
88 | * @return The method should return
89 | * true if the user has modified the current message since it
90 | * was first displayed.
91 | */
92 | boolean isModified();
93 |
94 | /**
95 | * This method is used to retrieve the data that is currently selected by
96 | * the user.
97 | *
98 | * @return The data that is currently selected by the user. This may be
99 | * null if no selection is currently made.
100 | */
101 | byte[] getSelectedData();
102 | }
103 |
--------------------------------------------------------------------------------
/src/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanIssue.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of Scanner issues. Extensions can
14 | * obtain details of issues by registering an
15 | * IScannerListener or by calling
16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add
17 | * custom Scanner issues by registering an
18 | * IScannerCheck or calling
19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own
20 | * implementations of this interface
21 | */
22 | public interface IScanIssue
23 | {
24 | /**
25 | * This method returns the URL for which the issue was generated.
26 | *
27 | * @return The URL for which the issue was generated.
28 | */
29 | java.net.URL getUrl();
30 |
31 | /**
32 | * This method returns the name of the issue type.
33 | *
34 | * @return The name of the issue type (e.g. "SQL injection").
35 | */
36 | String getIssueName();
37 |
38 | /**
39 | * This method returns a numeric identifier of the issue type. See the Burp
40 | * Scanner help documentation for a listing of all the issue types.
41 | *
42 | * @return A numeric identifier of the issue type.
43 | */
44 | int getIssueType();
45 |
46 | /**
47 | * This method returns the issue severity level.
48 | *
49 | * @return The issue severity level. Expected values are "High", "Medium",
50 | * "Low", "Information" or "False positive".
51 | *
52 | */
53 | String getSeverity();
54 |
55 | /**
56 | * This method returns the issue confidence level.
57 | *
58 | * @return The issue confidence level. Expected values are "Certain", "Firm"
59 | * or "Tentative".
60 | */
61 | String getConfidence();
62 |
63 | /**
64 | * This method returns a background description for this type of issue.
65 | *
66 | * @return A background description for this type of issue, or
67 | * null if none applies.
68 | */
69 | String getIssueBackground();
70 |
71 | /**
72 | * This method returns a background description of the remediation for this
73 | * type of issue.
74 | *
75 | * @return A background description of the remediation for this type of
76 | * issue, or
77 | * null if none applies.
78 | */
79 | String getRemediationBackground();
80 |
81 | /**
82 | * This method returns detailed information about this specific instance of
83 | * the issue.
84 | *
85 | * @return Detailed information about this specific instance of the issue,
86 | * or
87 | * null if none applies.
88 | */
89 | String getIssueDetail();
90 |
91 | /**
92 | * This method returns detailed information about the remediation for this
93 | * specific instance of the issue.
94 | *
95 | * @return Detailed information about the remediation for this specific
96 | * instance of the issue, or
97 | * null if none applies.
98 | */
99 | String getRemediationDetail();
100 |
101 | /**
102 | * This method returns the HTTP messages on the basis of which the issue was
103 | * generated.
104 | *
105 | * @return The HTTP messages on the basis of which the issue was generated.
106 | * Note: The items in this array should be instances of
107 | * IHttpRequestResponseWithMarkers if applicable, so that
108 | * details of the relevant portions of the request and response messages are
109 | * available.
110 | */
111 | IHttpRequestResponse[] getHttpMessages();
112 |
113 | /**
114 | * This method returns the HTTP service for which the issue was generated.
115 | *
116 | * @return The HTTP service for which the issue was generated.
117 | */
118 | IHttpService getHttpService();
119 | }
120 |
--------------------------------------------------------------------------------
/src/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerCheck.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a
17 | * custom Scanner check. When performing scanning, Burp will ask the check to
18 | * perform active or passive scanning on the base request, and report any
19 | * Scanner issues that are identified.
20 | */
21 | public interface IScannerCheck
22 | {
23 | /**
24 | * The Scanner invokes this method for each base request / response that is
25 | * passively scanned. Note: Extensions should not only analyze the
26 | * HTTP messages provided during passive scanning, and should not make any
27 | * new HTTP requests of their own.
28 | *
29 | * @param baseRequestResponse The base HTTP request / response that should
30 | * be passively scanned.
31 | * @return A list of
32 | * IScanIssue objects, or
33 | * null if no issues are identified.
34 | */
35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse);
36 |
37 | /**
38 | * The Scanner invokes this method for each insertion point that is actively
39 | * scanned. Extensions may issue HTTP requests as required to carry out
40 | * active scanning, and should use the
41 | * IScannerInsertionPoint object provided to build scan
42 | * requests for particular payloads. Note: Extensions are responsible
43 | * for ensuring that attack payloads are suitably encoded within requests
44 | * (for example, by URL-encoding relevant metacharacters in the URL query
45 | * string). Encoding is not automatically carried out by the
46 | * IScannerInsertionPoint, because this would prevent Scanner
47 | * checks from testing for certain input filter bypasses. Extensions should
48 | * query the
49 | * IScannerInsertionPoint to determine its type, and apply any
50 | * encoding that may be appropriate.
51 | *
52 | * @param baseRequestResponse The base HTTP request / response that should
53 | * be actively scanned.
54 | * @param insertionPoint An
55 | * IScannerInsertionPoint object that can be queried to obtain
56 | * details of the insertion point being tested, and can be used to build
57 | * scan requests for particular payloads.
58 | * @return A list of
59 | * IScanIssue objects, or
60 | * null if no issues are identified.
61 | */
62 | List doActiveScan(
63 | IHttpRequestResponse baseRequestResponse,
64 | IScannerInsertionPoint insertionPoint);
65 |
66 | /**
67 | * The Scanner invokes this method when the custom Scanner check has
68 | * reported multiple issues for the same URL path. This can arise either
69 | * because there are multiple distinct vulnerabilities, or because the same
70 | * (or a similar) request has been scanned more than once. The custom check
71 | * should determine whether the issues are duplicates. In most cases, where
72 | * a check uses distinct issue names or descriptions for distinct issues,
73 | * the consolidation process will simply be a matter of comparing these
74 | * features for the two issues.
75 | *
76 | * @param existingIssue An issue that was previously reported by this
77 | * Scanner check.
78 | * @param newIssue An issue at the same URL path that has been newly
79 | * reported by this Scanner check.
80 | * @return An indication of which issue(s) should be reported in the main
81 | * Scanner results. The method should return
82 | * -1 to report the existing issue only,
83 | * 0 to report both issues, and
84 | * 1 to report the new issue only.
85 | */
86 | int consolidateDuplicateIssues(
87 | IScanIssue existingIssue,
88 | IScanIssue newIssue);
89 | }
90 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/AmfXmlConverterTest.java:
--------------------------------------------------------------------------------
1 | package org.apache.jmeter.protocol.amf.util;
2 | /*
3 | * Copyright 2011 the original author or authors.
4 | *
5 | * Licensed under the Apache License, Version 2.0 (the "License");
6 | * you may not use this file except in compliance with the License.
7 | * You may obtain a copy of the License at
8 | *
9 | * http://www.apache.org/licenses/LICENSE-2.0
10 | *
11 | * Unless required by applicable law or agreed to in writing, software
12 | * distributed under the License is distributed on an "AS IS" BASIS,
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | * See the License for the specific language governing permissions and
15 | * limitations under the License.
16 | */
17 |
18 | import java.io.BufferedReader;
19 | import java.io.FileNotFoundException;
20 | import java.io.FileReader;
21 | import java.io.IOException;
22 | import java.io.RandomAccessFile;
23 | import java.util.HashMap;
24 | import java.util.Map;
25 |
26 | import sun.misc.IOUtils;
27 |
28 |
29 | import com.thoughtworks.xstream.XStream;
30 |
31 | import flex.messaging.io.MessageIOConstants;
32 | import flex.messaging.io.amf.ASObject;
33 | import flex.messaging.io.amf.ActionMessage;
34 | import flex.messaging.io.amf.MessageBody;
35 | import flex.messaging.messages.AsyncMessage;
36 | import flex.messaging.messages.RemotingMessage;
37 |
38 | public class AmfXmlConverterTest {
39 |
40 | public static void main(String[] args) throws IOException {
41 | // runXmlAmfXmlTest();
42 |
43 | // runXmlAmfXmlMessageTest();
44 |
45 | // testASObjectConverter();
46 | test();
47 | }
48 | public static void test() throws IOException{
49 | RandomAccessFile f = new RandomAccessFile("request.ser", "r");
50 | byte[] amf = new byte[(int)f.length()];
51 | f.read(amf);
52 | System.out.println("*** Request: \n " + AmfXmlConverter.convertAmfMessageToXml(amf, true));
53 | f = new RandomAccessFile("response.ser", "r");
54 | byte[] resp = new byte[(int)f.length()];
55 | f.read(resp);
56 | System.out.println("*** Response: \n " + AmfXmlConverter.convertAmfMessageToXml(resp, true));
57 | }
58 |
59 | @SuppressWarnings({ "rawtypes", "unchecked" })
60 | public static RemotingMessage createTestObject() {
61 | RemotingMessage msg = new RemotingMessage();
62 | msg.setOperation("perform");
63 |
64 | Map headers = new HashMap();
65 | msg.setHeaders(headers);
66 |
67 | headers.put("DSid", "");
68 | headers.put("DSEndpoint", "");
69 |
70 | SampleRequestVO vo = new SampleRequestVO();
71 |
72 | msg.setBody(vo);
73 |
74 | return msg;
75 | }
76 |
77 | public static void runXmlAmfXmlMessageTest() {
78 | XStream xs = AmfXmlConverter.getXStream();
79 |
80 | ActionMessage msg = createTestMessage();
81 |
82 | String xmlIn = xs.toXML(msg);
83 |
84 | System.out.println("Original XML: \n"+xmlIn);
85 |
86 | byte[] amfIn = AmfXmlConverter.convertXmlToAmfMessage(xmlIn);
87 |
88 | String amfInStr = "";
89 | for (byte i : amfIn) {
90 | amfInStr += i + ", ";
91 | }
92 | System.out.println("Original AMF: \n"+amfInStr);
93 |
94 | String xmlOut = AmfXmlConverter.convertAmfMessageToXml(amfIn, false);
95 |
96 | System.out.println("Result XML: \n" + xmlOut);
97 |
98 | byte[] amfOut = AmfXmlConverter.convertXmlToAmfMessage(xmlIn);
99 |
100 | String amfOutStr = "";
101 | for (byte i : amfOut) {
102 | amfOutStr += i + ", ";
103 | }
104 | System.out.println("Result AMF: \n"+amfOutStr);
105 |
106 | System.out.println("Result AMF is " + (amfOut.length - amfIn.length) + " bytes longer");
107 |
108 | int bytesMismatch = 0;
109 | for (int i=0; i < Math.min(amfOut.length, amfIn.length); i++) {
110 | if (amfOut[i] != amfIn[i])
111 | bytesMismatch++;
112 | }
113 | System.out.println("Result and original AMF have " + bytesMismatch + " bytes different");
114 | }
115 |
116 | public static ActionMessage createTestMessage() {
117 | // Body
118 | AsyncMessage asMsg= new AsyncMessage();
119 | RemotingMessage msg = new RemotingMessage();
120 | msg.setOperation("perform");
121 | HashMap headers = new HashMap();
122 | msg.setHeaders(headers);
123 | headers.put("DSid", "");
124 | headers.put("DSEndpoint", "");
125 |
126 | SampleRequestVO vo = new SampleRequestVO();
127 | msg.setBody(vo);
128 |
129 | // Message
130 | ActionMessage requestMessage = new ActionMessage(MessageIOConstants.AMF3);
131 |
132 | // None required
133 | //MessageHeader header1 = new MessageHeader("someHeader", false, "someHeaderContentObject");
134 | //requestMessage.addHeader(header1);
135 |
136 | MessageBody body1 = new MessageBody("/2/OnResult", "", asMsg);
137 | asMsg.setBody(body1);
138 |
139 | requestMessage.addBody(body1);
140 |
141 | return requestMessage;
142 | }
143 |
144 | @SuppressWarnings("unchecked")
145 | public static void testASObjectConverter() {
146 | ASObject asObj = new ASObject();
147 |
148 | Object[] objArr = {"thing", "other thing"};
149 |
150 | asObj.setType("com.test.RequestVO");
151 | asObj.put("clientId", "abcd");
152 | asObj.put("args", objArr);
153 |
154 | XStream xs = AmfXmlConverter.getXStream();
155 |
156 | String xml = xs.toXML(asObj);
157 |
158 | System.out.println("Result: \n"+xml);
159 |
160 | ASObject newASObj = (ASObject) xs.fromXML(xml);
161 |
162 | System.out.print("Rebuilt: \nType: "+newASObj.getType()+"\n"+newASObj.toString());
163 | }
164 | }
165 |
--------------------------------------------------------------------------------
/src/burp/IContextMenuInvocation.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuInvocation.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.event.InputEvent;
13 |
14 | /**
15 | * This interface is used when Burp calls into an extension-provided
16 | * IContextMenuFactory with details of a context menu invocation.
17 | * The custom context menu factory can query this interface to obtain details of
18 | * the invocation event, in order to determine what menu items should be
19 | * displayed.
20 | */
21 | public interface IContextMenuInvocation
22 | {
23 | /**
24 | * Used to indicate that the context menu is being invoked in a request
25 | * editor.
26 | */
27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
28 | /**
29 | * Used to indicate that the context menu is being invoked in a response
30 | * editor.
31 | */
32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
33 | /**
34 | * Used to indicate that the context menu is being invoked in a non-editable
35 | * request viewer.
36 | */
37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
38 | /**
39 | * Used to indicate that the context menu is being invoked in a non-editable
40 | * response viewer.
41 | */
42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
43 | /**
44 | * Used to indicate that the context menu is being invoked in the Target
45 | * site map tree.
46 | */
47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
48 | /**
49 | * Used to indicate that the context menu is being invoked in the Target
50 | * site map table.
51 | */
52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
53 | /**
54 | * Used to indicate that the context menu is being invoked in the Proxy
55 | * history.
56 | */
57 | static final byte CONTEXT_PROXY_HISTORY = 6;
58 | /**
59 | * Used to indicate that the context menu is being invoked in the Scanner
60 | * results.
61 | */
62 | static final byte CONTEXT_SCANNER_RESULTS = 7;
63 | /**
64 | * Used to indicate that the context menu is being invoked in the Intruder
65 | * payload positions editor.
66 | */
67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
68 | /**
69 | * Used to indicate that the context menu is being invoked in an Intruder
70 | * attack results.
71 | */
72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
73 | /**
74 | * Used to indicate that the context menu is being invoked in a search
75 | * results window.
76 | */
77 | static final byte CONTEXT_SEARCH_RESULTS = 10;
78 |
79 | /**
80 | * This method can be used to retrieve the native Java input event that was
81 | * the trigger for the context menu invocation.
82 | *
83 | * @return The
84 | * InputEvent that was the trigger for the context menu
85 | * invocation.
86 | */
87 | InputEvent getInputEvent();
88 |
89 | /**
90 | * This method can be used to retrieve the Burp tool within which the
91 | * context menu was invoked.
92 | *
93 | * @return A flag indicating the Burp tool within which the context menu was
94 | * invoked. Burp tool flags are defined in the
95 | * IBurpExtenderCallbacks interface.
96 | */
97 | int getToolFlag();
98 |
99 | /**
100 | * This method can be used to retrieve the context within which the menu was
101 | * invoked.
102 | *
103 | * @return An index indicating the context within which the menu was
104 | * invoked. The indices used are defined within this interface.
105 | */
106 | byte getInvocationContext();
107 |
108 | /**
109 | * This method can be used to retrieve the bounds of the user's selection
110 | * into the current message, if applicable.
111 | *
112 | * @return An int[2] array containing the start and end offsets of the
113 | * user's selection in the current message. If the user has not made any
114 | * selection in the current message, both offsets indicate the position of
115 | * the caret within the editor. If the menu is not being invoked from a
116 | * message editor, the method returns
117 | * null.
118 | */
119 | int[] getSelectionBounds();
120 |
121 | /**
122 | * This method can be used to retrieve details of the HTTP requests /
123 | * responses that were shown or selected by the user when the context menu
124 | * was invoked.
125 | *
126 | * @return An array of
127 | * IHttpRequestResponse objects representing the items that
128 | * were shown or selected by the user when the context menu was invoked.
129 | * This method returns
130 | * null if no messages are applicable to the invocation.
131 | */
132 | IHttpRequestResponse[] getSelectedMessages();
133 |
134 | /**
135 | * This method can be used to retrieve details of the Scanner issues that
136 | * were selected by the user when the context menu was invoked.
137 | *
138 | * @return An array of
139 | * IScanIssue objects representing the issues that were
140 | * selected by the user when the context menu was invoked. This method
141 | * returns
142 | * null if no Scanner issues are applicable to the invocation.
143 | */
144 | IScanIssue[] getSelectedIssues();
145 | }
146 |
--------------------------------------------------------------------------------
/src/burp/IScannerInsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPoint.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to define an insertion point for use by active Scanner
14 | * checks. Extensions can obtain instances of this interface by registering an
15 | * IScannerCheck, or can create instances for use by Burp's own
16 | * scan checks by registering an
17 | * IScannerInsertionPointProvider.
18 | */
19 | public interface IScannerInsertionPoint
20 | {
21 | /**
22 | * Used to indicate where the payload is inserted into the value of a URL
23 | * parameter.
24 | */
25 | static final byte INS_PARAM_URL = 0x00;
26 | /**
27 | * Used to indicate where the payload is inserted into the value of a body
28 | * parameter.
29 | */
30 | static final byte INS_PARAM_BODY = 0x01;
31 | /**
32 | * Used to indicate where the payload is inserted into the value of an HTTP
33 | * cookie.
34 | */
35 | static final byte INS_PARAM_COOKIE = 0x02;
36 | /**
37 | * Used to indicate where the payload is inserted into the value of an item
38 | * of data within an XML data structure.
39 | */
40 | static final byte INS_PARAM_XML = 0x03;
41 | /**
42 | * Used to indicate where the payload is inserted into the value of a tag
43 | * attribute within an XML structure.
44 | */
45 | static final byte INS_PARAM_XML_ATTR = 0x04;
46 | /**
47 | * Used to indicate where the payload is inserted into the value of a
48 | * parameter attribute within a multi-part message body (such as the name of
49 | * an uploaded file).
50 | */
51 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
52 | /**
53 | * Used to indicate where the payload is inserted into the value of an item
54 | * of data within a JSON structure.
55 | */
56 | static final byte INS_PARAM_JSON = 0x06;
57 | /**
58 | * Used to indicate where the payload is inserted into the value of an AMF
59 | * parameter.
60 | */
61 | static final byte INS_PARAM_AMF = 0x07;
62 | /**
63 | * Used to indicate where the payload is inserted into the value of an HTTP
64 | * request header.
65 | */
66 | static final byte INS_HEADER = 0x20;
67 | /**
68 | * Used to indicate where the payload is inserted into a REST parameter
69 | * within the URL file path.
70 | */
71 | static final byte INS_URL_REST = 0x21;
72 | /**
73 | * Used to indicate where the payload is inserted into the name of an added
74 | * URL parameter.
75 | */
76 | static final byte INS_PARAM_NAME_URL = 0x22;
77 | /**
78 | * Used to indicate where the payload is inserted into the name of an added
79 | * body parameter.
80 | */
81 | static final byte INS_PARAM_NAME_BODY = 0x23;
82 | /**
83 | * Used to indicate where the payload is inserted at a location manually
84 | * configured by the user.
85 | */
86 | static final byte INS_USER_PROVIDED = 0x40;
87 | /**
88 | * Used to indicate where the insertion point is provided by an
89 | * extension-registered
90 | * IScannerInsertionPointProvider.
91 | */
92 | static final byte INS_EXTENSION_PROVIDED = 0x41;
93 | /**
94 | * Used to indicate where the payload is inserted at an unknown location
95 | * within the request.
96 | */
97 | static final byte INS_UNKNOWN = 0x7f;
98 |
99 | /**
100 | * This method returns the name of the insertion point.
101 | *
102 | * @return The name of the insertion point (for example, a description of a
103 | * particular request parameter).
104 | */
105 | String getInsertionPointName();
106 |
107 | /**
108 | * This method returns the base value for this insertion point.
109 | *
110 | * @return the base value that appears in this insertion point in the base
111 | * request being scanned, or
112 | * null if there is no value in the base request that
113 | * corresponds to this insertion point.
114 | */
115 | String getBaseValue();
116 |
117 | /**
118 | * This method is used to build a request with the specified payload placed
119 | * into the insertion point. Any necessary adjustments to the Content-Length
120 | * header will be made by the Scanner itself when the request is issued, and
121 | * there is no requirement for the insertion point to do this. Note:
122 | * Burp's built-in scan checks do not apply any payload encoding (such as
123 | * URL-encoding) when dealing with an extension-provided insertion point.
124 | * Custom insertion points are responsible for performing any data encoding
125 | * that is necessary given the nature and location of the insertion point.
126 | *
127 | * @param payload The payload that should be placed into the insertion
128 | * point.
129 | * @return The resulting request.
130 | */
131 | byte[] buildRequest(byte[] payload);
132 |
133 | /**
134 | * This method is used to determine the offsets of the payload value within
135 | * the request, when it is placed into the insertion point. Scan checks may
136 | * invoke this method when reporting issues, so as to highlight the relevant
137 | * part of the request within the UI.
138 | *
139 | * @param payload The payload that should be placed into the insertion
140 | * point.
141 | * @return An int[2] array containing the start and end offsets of the
142 | * payload within the request, or null if this is not applicable (for
143 | * example, where the insertion point places a payload into a serialized
144 | * data structure, the raw payload may not literally appear anywhere within
145 | * the resulting request).
146 | */
147 | int[] getPayloadOffsets(byte[] payload);
148 |
149 | /**
150 | * This method returns the type of the insertion point.
151 | *
152 | * @return The type of the insertion point. Available types are defined in
153 | * this interface.
154 | */
155 | byte getInsertionPointType();
156 | }
157 |
--------------------------------------------------------------------------------
/src/org/apache/jmeter/protocol/amf/util/AmfXmlConverter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright 2011 the original author or authors.
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | */
16 |
17 | package org.apache.jmeter.protocol.amf.util;
18 |
19 | import java.io.ByteArrayInputStream;
20 | import java.io.ByteArrayOutputStream;
21 | import java.io.IOException;
22 | import java.lang.reflect.Array;
23 | import java.lang.reflect.Field;
24 |
25 | import com.thoughtworks.xstream.XStream;
26 | import com.thoughtworks.xstream.io.xml.DomDriver;
27 | import com.thoughtworks.xstream.mapper.Mapper;
28 |
29 | import flex.messaging.io.ClassAliasRegistry;
30 | import flex.messaging.io.MessageDeserializer;
31 | import flex.messaging.io.SerializationContext;
32 | import flex.messaging.io.amf.ASObject;
33 | import flex.messaging.io.amf.ActionContext;
34 | import flex.messaging.io.amf.ActionMessage;
35 | import flex.messaging.io.amf.Amf3Output;
36 | import flex.messaging.io.amf.AmfMessageDeserializer;
37 | import flex.messaging.io.amf.AmfMessageSerializer;
38 | import flex.messaging.io.amf.MessageBody;
39 | import flex.messaging.io.amf.MessageHeader;
40 | import flex.messaging.messages.AcknowledgeMessage;
41 | import flex.messaging.messages.AcknowledgeMessageExt;
42 | import flex.messaging.messages.AsyncMessage;
43 | import flex.messaging.messages.CommandMessage;
44 | import flex.messaging.messages.CommandMessageExt;
45 | import flex.messaging.messages.ErrorMessage;
46 | import flex.messaging.messages.RemotingMessage;
47 |
48 | public class AmfXmlConverter {
49 |
50 | private static XStream xstream;
51 |
52 | /**
53 | * Converts XML to an object then serializes it
54 | */
55 | public static byte[] convertXmlToAmf(String xml) {
56 | XStream xs = getXStream();
57 | Amf3Output amf3out = new Amf3Output(SerializationContext.getSerializationContext());
58 |
59 | try {
60 | Object msg = xs.fromXML(xml);
61 |
62 | ByteArrayOutputStream baos = new ByteArrayOutputStream();
63 | amf3out.setOutputStream(baos);
64 | amf3out.writeObject(msg);
65 |
66 | return baos.toByteArray();
67 | } catch (Exception ex) {
68 | }
69 |
70 | return new byte[0];
71 | }
72 |
73 |
74 | /**
75 | * Converts XML to a complete AMF message
76 | */
77 | public static byte[] convertXmlToAmfMessage(String xml) {
78 |
79 | XStream xs = getXStream();
80 | ActionMessage message = (ActionMessage) xs.fromXML(xml);
81 | // if (checkAckMessage(message))
82 | // return null;
83 |
84 | ByteArrayOutputStream baos = new ByteArrayOutputStream();
85 |
86 | ActionContext actionContext = new ActionContext();
87 | actionContext.setRequestMessage(message);
88 |
89 | AmfMessageSerializer amfMessageSerializer = new AmfMessageSerializer();
90 | SerializationContext serializationContext = SerializationContext.getSerializationContext();
91 | amfMessageSerializer.initialize(serializationContext, baos, null);
92 |
93 | try {
94 | amfMessageSerializer.writeMessage(message);
95 | return baos.toByteArray();
96 | } catch (IOException ex) {
97 | ex.printStackTrace();
98 | return null;
99 | } finally {
100 | baos = null;
101 | }
102 | }
103 |
104 | public static boolean checkAMFHeader(byte[] amf){
105 | return false;
106 | }
107 |
108 | public static String convertAmfMessageToXml(byte[] amf, boolean useAliasRegistry) {
109 | XStream xs = getXStream();
110 | ActionContext actionContext = new ActionContext();
111 | SerializationContext serializationContext = new SerializationContext();
112 | // Class aliases for deserialization, mimics registerClassAlias in Flex
113 | // Generally only used in rendering as it can cause serious problems for
114 | // proxy sampling
115 | serializationContext.createASObjectForMissingType = true;
116 | // serializationContext.supportRemoteClass=true;
117 | ByteArrayInputStream bin = new ByteArrayInputStream(amf);
118 | ActionMessage message = new ActionMessage();
119 |
120 | MessageDeserializer deserializer = new AmfMessageDeserializer();
121 | deserializer.initialize(serializationContext, bin, null);
122 |
123 | try {
124 | deserializer.readMessage(message, actionContext);
125 | if (checkAckMessage(message))
126 | return null;
127 | String xml = xs.toXML(message);
128 | return xml;
129 |
130 | } catch (Exception ex) {
131 | ex.printStackTrace();
132 | return null;
133 | }
134 | }
135 |
136 |
137 |
138 | private static boolean checkAckMessage(ActionMessage message) {
139 | /* Object data = message.getBody(0).getData();
140 | Object cloneData = data;
141 | int bodyCount = message.getBodyCount();
142 | if (bodyCount == 0)
143 | return true;
144 | else if (bodyCount == 1) {
145 | if (data instanceof List)
146 | cloneData = ((List) data).get(0);
147 | else if (data.getClass().isArray())
148 | cloneData = Array.get(data, 0);
149 | if (cloneData instanceof ASObject) {
150 | String type = ((ASObject) cloneData).getType();
151 | if (type.matches("DSC|DSK"))
152 | return true;
153 | }
154 | }*/
155 | return false;
156 | }
157 |
158 | public static XStream getXStream() {
159 | if (xstream == null) {
160 | xstream = new XStream(new DomDriver());
161 |
162 | xstream.alias("ActionMessage", ActionMessage.class);
163 | xstream.alias("MessageHeader", MessageHeader.class);
164 | xstream.alias("MessageBody", MessageBody.class);
165 | xstream.alias("RemotingMessage", RemotingMessage.class);
166 | xstream.alias("CommandMessage", CommandMessage.class);
167 | xstream.alias("AcknowledgeMessage", AcknowledgeMessage.class);
168 | xstream.alias("ErrorMessage", ErrorMessage.class);
169 | xstream.alias("ASObject", ASObject.class);
170 | xstream.alias("AsyncMessage", AsyncMessage.class);
171 | xstream.alias("DSC", CommandMessageExt.class);
172 | // xstream.alias("DSK", AcknowledgeMessageExt.class);
173 |
174 | // Better ASObject Converter
175 | Mapper mapper = xstream.getMapper();
176 | xstream.registerConverter(new ASObjectConverter(mapper));
177 | }
178 |
179 | return xstream;
180 | }
181 | public static String objDump(Object o) {
182 | StringBuffer buffer = new StringBuffer();
183 | Class oClass = o.getClass();
184 | if (oClass.isArray()) {
185 | buffer.append("Array: ");
186 | buffer.append("[");
187 | for (int i = 0; i < Array.getLength(o); i++) {
188 | Object value = Array.get(o, i);
189 | if (value != null) {
190 | if (value.getClass().isPrimitive()
191 | || value.getClass() == java.lang.Long.class
192 | || value.getClass() == java.lang.String.class
193 | || value.getClass() == java.lang.Integer.class
194 | || value.getClass() == java.lang.Boolean.class
195 | || value.getClass() == java.lang.Short.class
196 | || value.getClass() == java.lang.Float.class
197 | || value.getClass() == java.lang.Character.class
198 | || value.getClass() == java.lang.Double.class
199 | || value.getClass() == java.lang.Byte.class) {
200 | buffer.append(value);
201 | if (i != (Array.getLength(o) - 1)) {
202 | buffer.append(",");
203 | }
204 | } else {
205 | buffer.append(objDump(value));
206 | }
207 | }
208 | }
209 | buffer.append("]\n");
210 | } else {
211 | buffer.append("Class: " + oClass.getName());
212 | buffer.append("{");
213 | while (oClass != null) {
214 | Field[] fields = oClass.getDeclaredFields();
215 | for (int i = 0; i < fields.length; i++) {
216 | fields[i].setAccessible(true);
217 | buffer.append(fields[i].getName());
218 | buffer.append("=");
219 | try {
220 | Object value = fields[i].get(o);
221 | if (value != null) {
222 | if (value.getClass().isPrimitive()
223 | || value.getClass() == java.lang.Long.class
224 | || value.getClass() == java.lang.String.class
225 | || value.getClass() == java.lang.Integer.class
226 | || value.getClass() == java.lang.Boolean.class
227 | || value.getClass() == java.lang.Short.class
228 | || value.getClass() == java.lang.Float.class
229 | || value.getClass() == java.lang.Character.class
230 | || value.getClass() == java.lang.Double.class
231 | || value.getClass() == java.lang.Byte.class) {
232 | buffer.append(value);
233 | } else {
234 | buffer.append(objDump(value));
235 | }
236 | }
237 | } catch (IllegalAccessException e) {
238 | buffer.append(e.getMessage());
239 | }
240 | if(iIBurpExtenderCallbacks.getHelpers to obtain an instance of this
21 | * interface.
22 | */
23 | public interface IExtensionHelpers
24 | {
25 | /**
26 | * This method can be used to analyze an HTTP request, and obtain various
27 | * key details about it.
28 | *
29 | * @param request An
30 | * IHttpRequestResponse object containing the request to be
31 | * analyzed.
32 | * @return An
33 | * IRequestInfo object that can be queried to obtain details
34 | * about the request.
35 | */
36 | IRequestInfo analyzeRequest(IHttpRequestResponse request);
37 |
38 | /**
39 | * This method can be used to analyze an HTTP request, and obtain various
40 | * key details about it.
41 | *
42 | * @param httpService The HTTP service associated with the request. This is
43 | * optional and may be
44 | * null, in which case the resulting
45 | * IRequestInfo object will not include the full request URL.
46 | * @param request The request to be analyzed.
47 | * @return An
48 | * IRequestInfo object that can be queried to obtain details
49 | * about the request.
50 | */
51 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
52 |
53 | /**
54 | * This method can be used to analyze an HTTP request, and obtain various
55 | * key details about it. The resulting
56 | * IRequestInfo object will not include the full request URL.
57 | * To obtain the full URL, use one of the other overloaded
58 | * analyzeRequest() methods.
59 | *
60 | * @param request The request to be analyzed.
61 | * @return An
62 | * IRequestInfo object that can be queried to obtain details
63 | * about the request.
64 | */
65 | IRequestInfo analyzeRequest(byte[] request);
66 |
67 | /**
68 | * This method can be used to analyze an HTTP response, and obtain various
69 | * key details about it.
70 | *
71 | * @param response The response to be analyzed.
72 | * @return An
73 | * IResponseInfo object that can be queried to obtain details
74 | * about the response.
75 | */
76 | IResponseInfo analyzeResponse(byte[] response);
77 |
78 | /**
79 | * This method can be used to retrieve details of a specified parameter
80 | * within an HTTP request. Note: Use
81 | * analyzeRequest() to obtain details of all parameters within
82 | * the request.
83 | *
84 | * @param request The request to be inspected for the specified parameter.
85 | * @param parameterName The name of the parameter to retrieve.
86 | * @return An
87 | * IParameter object that can be queried to obtain details
88 | * about the parameter, or
89 | * null if the parameter was not found.
90 | */
91 | IParameter getRequestParameter(byte[] request, String parameterName);
92 |
93 | /**
94 | * This method can be used to URL-decode the specified data.
95 | *
96 | * @param data The data to be decoded.
97 | * @return The decoded data.
98 | */
99 | String urlDecode(String data);
100 |
101 | /**
102 | * This method can be used to URL-encode the specified data. Any characters
103 | * that do not need to be encoded within HTTP requests are not encoded.
104 | *
105 | * @param data The data to be encoded.
106 | * @return The encoded data.
107 | */
108 | String urlEncode(String data);
109 |
110 | /**
111 | * This method can be used to URL-decode the specified data.
112 | *
113 | * @param data The data to be decoded.
114 | * @return The decoded data.
115 | */
116 | byte[] urlDecode(byte[] data);
117 |
118 | /**
119 | * This method can be used to URL-encode the specified data. Any characters
120 | * that do not need to be encoded within HTTP requests are not encoded.
121 | *
122 | * @param data The data to be encoded.
123 | * @return The encoded data.
124 | */
125 | byte[] urlEncode(byte[] data);
126 |
127 | /**
128 | * This method can be used to Base64-decode the specified data.
129 | *
130 | * @param data The data to be decoded.
131 | * @return The decoded data.
132 | */
133 | byte[] base64Decode(String data);
134 |
135 | /**
136 | * This method can be used to Base64-decode the specified data.
137 | *
138 | * @param data The data to be decoded.
139 | * @return The decoded data.
140 | */
141 | byte[] base64Decode(byte[] data);
142 |
143 | /**
144 | * This method can be used to Base64-encode the specified data.
145 | *
146 | * @param data The data to be encoded.
147 | * @return The encoded data.
148 | */
149 | String base64Encode(String data);
150 |
151 | /**
152 | * This method can be used to Base64-encode the specified data.
153 | *
154 | * @param data The data to be encoded.
155 | * @return The encoded data.
156 | */
157 | String base64Encode(byte[] data);
158 |
159 | /**
160 | * This method can be used to convert data from String form into an array of
161 | * bytes. The conversion does not reflect any particular character set, and
162 | * a character with the hex representation 0xWXYZ will always be converted
163 | * into a byte with the representation 0xYZ. It performs the opposite
164 | * conversion to the method
165 | * bytesToString(), and byte-based data that is converted to a
166 | * String and back again using these two methods is guaranteed to retain its
167 | * integrity (which may not be the case with conversions that reflect a
168 | * given character set).
169 | *
170 | * @param data The data to be converted.
171 | * @return The converted data.
172 | */
173 | byte[] stringToBytes(String data);
174 |
175 | /**
176 | * This method can be used to convert data from an array of bytes into
177 | * String form. The conversion does not reflect any particular character
178 | * set, and a byte with the representation 0xYZ will always be converted
179 | * into a character with the hex representation 0x00YZ. It performs the
180 | * opposite conversion to the method
181 | * stringToBytes(), and byte-based data that is converted to a
182 | * String and back again using these two methods is guaranteed to retain its
183 | * integrity (which may not be the case with conversions that reflect a
184 | * given character set).
185 | *
186 | * @param data The data to be converted.
187 | * @return The converted data.
188 | */
189 | String bytesToString(byte[] data);
190 |
191 | /**
192 | * This method searches a piece of data for the first occurrence of a
193 | * specified pattern. It works on byte-based data in a way that is similar
194 | * to the way the native Java method
195 | * String.indexOf() works on String-based data.
196 | *
197 | * @param data The data to be searched.
198 | * @param pattern The pattern to be searched for.
199 | * @param caseSensitive Flags whether or not the search is case-sensitive.
200 | * @param from The offset within
201 | * data where the search should begin.
202 | * @param to The offset within
203 | * data where the search should end.
204 | * @return The offset of the first occurrence of the pattern within the
205 | * specified bounds, or -1 if no match is found.
206 | */
207 | int indexOf(byte[] data,
208 | byte[] pattern,
209 | boolean caseSensitive,
210 | int from,
211 | int to);
212 |
213 | /**
214 | * This method builds an HTTP message containing the specified headers and
215 | * message body. If applicable, the Content-Length header will be added or
216 | * updated, based on the length of the body.
217 | *
218 | * @param headers A list of headers to include in the message.
219 | * @param body The body of the message, of
220 | * null if the message has an empty body.
221 | * @return The resulting full HTTP message.
222 | */
223 | byte[] buildHttpMessage(List headers, byte[] body);
224 |
225 | /**
226 | * This method creates a GET request to the specified URL. The headers used
227 | * in the request are determined by the Request headers settings as
228 | * configured in Burp Spider's options.
229 | *
230 | * @param url The URL to which the request should be made.
231 | * @return A request to the specified URL.
232 | */
233 | byte[] buildHttpRequest(URL url);
234 |
235 | /**
236 | * This method adds a new parameter to an HTTP request, and if appropriate
237 | * updates the Content-Length header.
238 | *
239 | * @param request The request to which the parameter should be added.
240 | * @param parameter An
241 | * IParameter object containing details of the parameter to be
242 | * added. Supported parameter types are:
243 | * PARAM_URL,
244 | * PARAM_BODY and
245 | * PARAM_COOKIE.
246 | * @return A new HTTP request with the new parameter added.
247 | */
248 | byte[] addParameter(byte[] request, IParameter parameter);
249 |
250 | /**
251 | * This method removes a parameter from an HTTP request, and if appropriate
252 | * updates the Content-Length header.
253 | *
254 | * @param request The request from which the parameter should be removed.
255 | * @param parameter An
256 | * IParameter object containing details of the parameter to be
257 | * removed. Supported parameter types are:
258 | * PARAM_URL,
259 | * PARAM_BODY and
260 | * PARAM_COOKIE.
261 | * @return A new HTTP request with the parameter removed.
262 | */
263 | byte[] removeParameter(byte[] request, IParameter parameter);
264 |
265 | /**
266 | * This method updates the value of a parameter within an HTTP request, and
267 | * if appropriate updates the Content-Length header. Note: This
268 | * method can only be used to update the value of an existing parameter of a
269 | * specified type. If you need to change the type of an existing parameter,
270 | * you should first call
271 | * removeParameter() to remove the parameter with the old type,
272 | * and then call
273 | * addParameter() to add a parameter with the new type.
274 | *
275 | * @param request The request containing the parameter to be updated.
276 | * @param parameter An
277 | * IParameter object containing details of the parameter to be
278 | * updated. Supported parameter types are:
279 | * PARAM_URL,
280 | * PARAM_BODY and
281 | * PARAM_COOKIE.
282 | * @return A new HTTP request with the parameter updated.
283 | */
284 | byte[] updateParameter(byte[] request, IParameter parameter);
285 |
286 | /**
287 | * This method can be used to toggle a request's method between GET and
288 | * POST. Parameters are relocated between the URL query string and message
289 | * body as required, and the Content-Length header is created or removed as
290 | * applicable.
291 | *
292 | * @param request The HTTP request whose method should be toggled.
293 | * @return A new HTTP request using the toggled method.
294 | */
295 | byte[] toggleRequestMethod(byte[] request);
296 |
297 | /**
298 | * This method constructs an
299 | * IHttpService object based on the details provided.
300 | *
301 | * @param host The HTTP service host.
302 | * @param port The HTTP service port.
303 | * @param protocol The HTTP service protocol.
304 | * @return An
305 | * IHttpService object based on the details provided.
306 | */
307 | IHttpService buildHttpService(String host, int port, String protocol);
308 |
309 | /**
310 | * This method constructs an
311 | * IHttpService object based on the details provided.
312 | *
313 | * @param host The HTTP service host.
314 | * @param port The HTTP service port.
315 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
316 | * @return An
317 | * IHttpService object based on the details provided.
318 | */
319 | IHttpService buildHttpService(String host, int port, boolean useHttps);
320 |
321 | /**
322 | * This method constructs an
323 | * IParameter object based on the details provided.
324 | *
325 | * @param name The parameter name.
326 | * @param value The parameter value.
327 | * @param type The parameter type, as defined in the
328 | * IParameter interface.
329 | * @return An
330 | * IParameter object based on the details provided.
331 | */
332 | IParameter buildParameter(String name, String value, byte type);
333 |
334 | /**
335 | * This method constructs an
336 | * IScannerInsertionPoint object based on the details provided.
337 | * It can be used to quickly create a simple insertion point based on a
338 | * fixed payload location within a base request.
339 | *
340 | * @param insertionPointName The name of the insertion point.
341 | * @param baseRequest The request from which to build scan requests.
342 | * @param from The offset of the start of the payload location.
343 | * @param to The offset of the end of the payload location.
344 | * @return An
345 | * IScannerInsertionPoint object based on the details provided.
346 | */
347 | IScannerInsertionPoint makeScannerInsertionPoint(
348 | String insertionPointName,
349 | byte[] baseRequest,
350 | int from,
351 | int to);
352 | }
353 |
--------------------------------------------------------------------------------
/src/burp/IBurpExtenderCallbacks.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtenderCallbacks.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Free Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 | import java.io.OutputStream;
14 | import java.util.List;
15 | import java.util.Map;
16 |
17 | /**
18 | * This interface is used by Burp Suite to pass to extensions a set of callback
19 | * methods that can be used by extensions to perform various actions within
20 | * Burp.
21 | *
22 | * When an extension is loaded, Burp invokes its
23 | * registerExtenderCallbacks() method and passes an instance of the
24 | * IBurpExtenderCallbacks interface. The extension may then invoke
25 | * the methods of this interface as required in order to extend Burp's
26 | * functionality.
27 | */
28 | public interface IBurpExtenderCallbacks
29 | {
30 | /**
31 | * Flag used to identify Burp Suite as a whole.
32 | */
33 | static final int TOOL_SUITE = 0x00000001;
34 | /**
35 | * Flag used to identify the Burp Target tool.
36 | */
37 | static final int TOOL_TARGET = 0x00000002;
38 | /**
39 | * Flag used to identify the Burp Proxy tool.
40 | */
41 | static final int TOOL_PROXY = 0x00000004;
42 | /**
43 | * Flag used to identify the Burp Spider tool.
44 | */
45 | static final int TOOL_SPIDER = 0x00000008;
46 | /**
47 | * Flag used to identify the Burp Scanner tool.
48 | */
49 | static final int TOOL_SCANNER = 0x00000010;
50 | /**
51 | * Flag used to identify the Burp Intruder tool.
52 | */
53 | static final int TOOL_INTRUDER = 0x00000020;
54 | /**
55 | * Flag used to identify the Burp Repeater tool.
56 | */
57 | static final int TOOL_REPEATER = 0x00000040;
58 | /**
59 | * Flag used to identify the Burp Sequencer tool.
60 | */
61 | static final int TOOL_SEQUENCER = 0x00000080;
62 | /**
63 | * Flag used to identify the Burp Decoder tool.
64 | */
65 | static final int TOOL_DECODER = 0x00000100;
66 | /**
67 | * Flag used to identify the Burp Comparer tool.
68 | */
69 | static final int TOOL_COMPARER = 0x00000200;
70 | /**
71 | * Flag used to identify the Burp Extender tool.
72 | */
73 | static final int TOOL_EXTENDER = 0x00000400;
74 |
75 | /**
76 | * This method is used to set the display name for the current extension,
77 | * which will be displayed within the user interface for the Extender tool.
78 | *
79 | * @param name The extension name.
80 | */
81 | void setExtensionName(String name);
82 |
83 | /**
84 | * This method is used to obtain an
85 | * IExtensionHelpers object, which can be used by the extension
86 | * to perform numerous useful tasks.
87 | *
88 | * @return An object containing numerous helper methods, for tasks such as
89 | * building and analyzing HTTP requests.
90 | */
91 | IExtensionHelpers getHelpers();
92 |
93 | /**
94 | * This method is used to obtain the current extension's standard output
95 | * stream. Extensions should write all output to this stream, allowing the
96 | * Burp user to configure how that output is handled from within the UI.
97 | *
98 | * @return The extension's standard output stream.
99 | */
100 | OutputStream getStdout();
101 |
102 | /**
103 | * This method is used to obtain the current extension's standard error
104 | * stream. Extensions should write all error messages to this stream,
105 | * allowing the Burp user to configure how that output is handled from
106 | * within the UI.
107 | *
108 | * @return The extension's standard error stream.
109 | */
110 | OutputStream getStderr();
111 |
112 | /**
113 | * This method is used to register a listener which will be notified of
114 | * changes to the extension's state. Note: Any extensions that start
115 | * background threads or open system resources (such as files or database
116 | * connections) should register a listener and terminate threads / close
117 | * resources when the extension is unloaded.
118 | *
119 | * @param listener An object created by the extension that implements the
120 | * IExtensionStateListener interface.
121 | */
122 | void registerExtensionStateListener(IExtensionStateListener listener);
123 |
124 | /**
125 | * This method is used to register a listener which will be notified of
126 | * requests and responses made by any Burp tool. Extensions can perform
127 | * custom analysis or modification of these messages by registering an HTTP
128 | * listener.
129 | *
130 | * @param listener An object created by the extension that implements the
131 | * IHttpListener interface.
132 | */
133 | void registerHttpListener(IHttpListener listener);
134 |
135 | /**
136 | * This method is used to register a listener which will be notified of
137 | * requests and responses being processed by the Proxy tool. Extensions can
138 | * perform custom analysis or modification of these messages, and control
139 | * in-UI message interception, by registering a proxy listener.
140 | *
141 | * @param listener An object created by the extension that implements the
142 | * IProxyListener interface.
143 | */
144 | void registerProxyListener(IProxyListener listener);
145 |
146 | /**
147 | * This method is used to register a listener which will be notified of new
148 | * issues that are reported by the Scanner tool. Extensions can perform
149 | * custom analysis or logging of Scanner issues by registering a Scanner
150 | * listener.
151 | *
152 | * @param listener An object created by the extension that implements the
153 | * IScannerListener interface.
154 | */
155 | void registerScannerListener(IScannerListener listener);
156 |
157 | /**
158 | * This method is used to register a factory for custom context menu items.
159 | * When the user invokes a context menu anywhere within Burp, the factory
160 | * will be passed details of the invocation event, and asked to provide any
161 | * custom context menu items that should be shown.
162 | *
163 | * @param factory An object created by the extension that implements the
164 | * IContextMenuFactory interface.
165 | */
166 | void registerContextMenuFactory(IContextMenuFactory factory);
167 |
168 | /**
169 | * This method is used to register a factory for custom message editor tabs.
170 | * For each message editor that already exists, or is subsequently created,
171 | * within Burp, the factory will be asked to provide a new instance of an
172 | * IMessageEditorTab object, which can provide custom rendering
173 | * or editing of HTTP messages.
174 | *
175 | * @param factory An object created by the extension that implements the
176 | * IMessageEditorTabFactory interface.
177 | */
178 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
179 |
180 | /**
181 | * This method is used to register a provider of Scanner insertion points.
182 | * For each base request that is actively scanned, Burp will ask the
183 | * provider to provide any custom scanner insertion points that are
184 | * appropriate for the request.
185 | *
186 | * @param provider An object created by the extension that implements the
187 | * IScannerInsertionPointProvider interface.
188 | */
189 | void registerScannerInsertionPointProvider(
190 | IScannerInsertionPointProvider provider);
191 |
192 | /**
193 | * This method is used to register a custom Scanner check. When performing
194 | * scanning, Burp will ask the check to perform active or passive scanning
195 | * on the base request, and report any Scanner issues that are identified.
196 | *
197 | * @param check An object created by the extension that implements the
198 | * IScannerCheck interface.
199 | */
200 | void registerScannerCheck(IScannerCheck check);
201 |
202 | /**
203 | * This method is used to register a factory for Intruder payloads. Each
204 | * registered factory will be available within the Intruder UI for the user
205 | * to select as the payload source for an attack. When this is selected, the
206 | * factory will be asked to provide a new instance of an
207 | * IIntruderPayloadGenerator object, which will be used to
208 | * generate payloads for the attack.
209 | *
210 | * @param factory An object created by the extension that implements the
211 | * IIntruderPayloadGeneratorFactory interface.
212 | */
213 | void registerIntruderPayloadGeneratorFactory(
214 | IIntruderPayloadGeneratorFactory factory);
215 |
216 | /**
217 | * This method is used to register a custom Intruder payload processor. Each
218 | * registered processor will be available within the Intruder UI for the
219 | * user to select as the action for a payload processing rule.
220 | *
221 | * @param processor An object created by the extension that implements the
222 | * IIntruderPayloadProcessor interface.
223 | */
224 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
225 |
226 | /**
227 | * This method is used to register a custom session handling action. Each
228 | * registered action will be available within the session handling rule UI
229 | * for the user to select as a rule action. Users can choose to invoke an
230 | * action directly in its own right, or following execution of a macro.
231 | *
232 | * @param action An object created by the extension that implements the
233 | * ISessionHandlingAction interface.
234 | */
235 | void registerSessionHandlingAction(ISessionHandlingAction action);
236 |
237 | /**
238 | * This method is used to add a custom tab to the main Burp Suite window.
239 | *
240 | * @param tab An object created by the extension that implements the
241 | * ITab interface.
242 | */
243 | void addSuiteTab(ITab tab);
244 |
245 | /**
246 | * This method is used to remove a previously-added tab from the main Burp
247 | * Suite window.
248 | *
249 | * @param tab An object created by the extension that implements the
250 | * ITab interface.
251 | */
252 | void removeSuiteTab(ITab tab);
253 |
254 | /**
255 | * This method is used to customize UI components in line with Burp's UI
256 | * style, including font size, colors, table line spacing, etc.
257 | *
258 | * @param component The UI component to be customized.
259 | */
260 | void customizeUiComponent(Component component);
261 |
262 | /**
263 | * This method is used to create a new instance of Burp's HTTP message
264 | * editor, for the extension to use in its own UI.
265 | *
266 | * @param controller An object created by the extension that implements the
267 | * IMessageEditorController interface. This parameter is
268 | * optional and may be
269 | * null. If it is provided, then the message editor will query
270 | * the controller when required to obtain details about the currently
271 | * displayed message, including the
272 | * IHttpService for the message, and the associated request or
273 | * response message. If a controller is not provided, then the message
274 | * editor will not support context menu actions, such as sending requests to
275 | * other Burp tools.
276 | * @param editable Indicates whether the editor created should be editable,
277 | * or used only for message viewing.
278 | * @return An object that implements the
279 | * IMessageEditor interface, and which the extension can use in
280 | * its own UI.
281 | */
282 | IMessageEditor createMessageEditor(IMessageEditorController controller,
283 | boolean editable);
284 |
285 | /**
286 | * This method is used to create a new instance of Burp's plain text editor,
287 | * for the extension to use in its own UI.
288 | *
289 | * @return An object that implements the
290 | * ITextEditor interface, and which the extension can use in
291 | * its own UI.
292 | */
293 | ITextEditor createTextEditor();
294 |
295 | /**
296 | * This method can be used to send an HTTP request to the Burp Repeater
297 | * tool. The request will be displayed in the user interface, but will not
298 | * be issued until the user initiates this action.
299 | *
300 | * @param host The hostname of the remote HTTP server.
301 | * @param port The port of the remote HTTP server.
302 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
303 | * @param request The full HTTP request.
304 | * @param tabCaption An optional caption which will appear on the Repeater
305 | * tab containing the request. If this value is
306 | * null then a default tab index will be displayed.
307 | */
308 | void sendToRepeater(
309 | String host,
310 | int port,
311 | boolean useHttps,
312 | byte[] request,
313 | String tabCaption);
314 |
315 | /**
316 | * This method can be used to send an HTTP request to the Burp Intruder
317 | * tool. The request will be displayed in the user interface, and markers
318 | * for attack payloads will be placed into default locations within the
319 | * request.
320 | *
321 | * @param host The hostname of the remote HTTP server.
322 | * @param port The port of the remote HTTP server.
323 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
324 | * @param request The full HTTP request.
325 | */
326 | void sendToIntruder(
327 | String host,
328 | int port,
329 | boolean useHttps,
330 | byte[] request);
331 |
332 | /**
333 | * This method can be used to send an HTTP request to the Burp Intruder
334 | * tool. The request will be displayed in the user interface, and markers
335 | * for attack payloads will be placed into the specified locations within
336 | * the request.
337 | *
338 | * @param host The hostname of the remote HTTP server.
339 | * @param port The port of the remote HTTP server.
340 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
341 | * @param request The full HTTP request.
342 | * @param payloadPositionOffsets A list of index pairs representing the
343 | * payload positions to be used. Each item in the list must be an int[2]
344 | * array containing the start and end offsets for the payload position.
345 | */
346 | void sendToIntruder(
347 | String host,
348 | int port,
349 | boolean useHttps,
350 | byte[] request,
351 | List payloadPositionOffsets);
352 |
353 | /**
354 | * This method can be used to send a seed URL to the Burp Spider tool. If
355 | * the URL is not within the current Spider scope, the user will be asked if
356 | * they wish to add the URL to the scope. If the Spider is not currently
357 | * running, it will be started. The seed URL will be requested, and the
358 | * Spider will process the application's response in the normal way.
359 | *
360 | * @param url The new seed URL to begin spidering from.
361 | */
362 | void sendToSpider(
363 | java.net.URL url);
364 |
365 | /**
366 | * This method can be used to send an HTTP request to the Burp Scanner tool
367 | * to perform an active vulnerability scan. If the request is not within the
368 | * current active scanning scope, the user will be asked if they wish to
369 | * proceed with the scan.
370 | *
371 | * @param host The hostname of the remote HTTP server.
372 | * @param port The port of the remote HTTP server.
373 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
374 | * @param request The full HTTP request.
375 | * @return The resulting scan queue item.
376 | */
377 | IScanQueueItem doActiveScan(
378 | String host,
379 | int port,
380 | boolean useHttps,
381 | byte[] request);
382 |
383 | /**
384 | * This method can be used to send an HTTP request to the Burp Scanner tool
385 | * to perform an active vulnerability scan, based on a custom list of
386 | * insertion points that are to be scanned. If the request is not within the
387 | * current active scanning scope, the user will be asked if they wish to
388 | * proceed with the scan.
389 | *
390 | * @param host The hostname of the remote HTTP server.
391 | * @param port The port of the remote HTTP server.
392 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
393 | * @param request The full HTTP request.
394 | * @param insertionPointOffsets A list of index pairs representing the
395 | * positions of the insertion points that should be scanned. Each item in
396 | * the list must be an int[2] array containing the start and end offsets for
397 | * the insertion point.
398 | * @return The resulting scan queue item.
399 | */
400 | IScanQueueItem doActiveScan(
401 | String host,
402 | int port,
403 | boolean useHttps,
404 | byte[] request,
405 | List insertionPointOffsets);
406 |
407 | /**
408 | * This method can be used to send an HTTP request to the Burp Scanner tool
409 | * to perform a passive vulnerability scan.
410 | *
411 | * @param host The hostname of the remote HTTP server.
412 | * @param port The port of the remote HTTP server.
413 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
414 | * @param request The full HTTP request.
415 | * @param response The full HTTP response.
416 | */
417 | void doPassiveScan(
418 | String host,
419 | int port,
420 | boolean useHttps,
421 | byte[] request,
422 | byte[] response);
423 |
424 | /**
425 | * This method can be used to issue HTTP requests and retrieve their
426 | * responses.
427 | *
428 | * @param httpService The HTTP service to which the request should be sent.
429 | * @param request The full HTTP request.
430 | * @return An object that implements the
431 | * IHttpRequestResponse interface, and which the extension can
432 | * query to obtain the details of the response.
433 | */
434 | IHttpRequestResponse makeHttpRequest(IHttpService httpService,
435 | byte[] request);
436 |
437 | /**
438 | * This method can be used to issue HTTP requests and retrieve their
439 | * responses.
440 | *
441 | * @param host The hostname of the remote HTTP server.
442 | * @param port The port of the remote HTTP server.
443 | * @param useHttps Flags whether the protocol is HTTPS or HTTP.
444 | * @param request The full HTTP request.
445 | * @return The full response retrieved from the remote server.
446 | */
447 | byte[] makeHttpRequest(
448 | String host,
449 | int port,
450 | boolean useHttps,
451 | byte[] request);
452 |
453 | /**
454 | * This method can be used to query whether a specified URL is within the
455 | * current Suite-wide scope.
456 | *
457 | * @param url The URL to query.
458 | * @return Returns
459 | * true if the URL is within the current Suite-wide scope.
460 | */
461 | boolean isInScope(java.net.URL url);
462 |
463 | /**
464 | * This method can be used to include the specified URL in the Suite-wide
465 | * scope.
466 | *
467 | * @param url The URL to include in the Suite-wide scope.
468 | */
469 | void includeInScope(java.net.URL url);
470 |
471 | /**
472 | * This method can be used to exclude the specified URL from the Suite-wide
473 | * scope.
474 | *
475 | * @param url The URL to exclude from the Suite-wide scope.
476 | */
477 | void excludeFromScope(java.net.URL url);
478 |
479 | /**
480 | * This method can be used to display a specified message in the Burp Suite
481 | * alerts tab.
482 | *
483 | * @param message The alert message to display.
484 | */
485 | void issueAlert(String message);
486 |
487 | /**
488 | * This method returns details of all items in the Proxy history.
489 | *
490 | * @return The contents of the Proxy history.
491 | */
492 | IHttpRequestResponse[] getProxyHistory();
493 |
494 | /**
495 | * This method returns details of items in the site map.
496 | *
497 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
498 | * order to extract a specific subset of the site map. The method performs a
499 | * simple case-sensitive text match, returning all site map items whose URL
500 | * begins with the specified prefix. If this parameter is null, the entire
501 | * site map is returned.
502 | *
503 | * @return Details of items in the site map.
504 | */
505 | IHttpRequestResponse[] getSiteMap(String urlPrefix);
506 |
507 | /**
508 | * This method returns all of the current scan issues for URLs matching the
509 | * specified literal prefix.
510 | *
511 | * @param urlPrefix This parameter can be used to specify a URL prefix, in
512 | * order to extract a specific subset of scan issues. The method performs a
513 | * simple case-sensitive text match, returning all scan issues whose URL
514 | * begins with the specified prefix. If this parameter is null, all issues
515 | * are returned.
516 | * @return Details of the scan issues.
517 | */
518 | IScanIssue[] getScanIssues(String urlPrefix);
519 |
520 | /**
521 | * This method can be used to add an item to Burp's site map with the
522 | * specified request/response details. This will overwrite the details of
523 | * any existing matching item in the site map.
524 | *
525 | * @param item Details of the item to be added to the site map
526 | */
527 | void addToSiteMap(IHttpRequestResponse item);
528 |
529 | /**
530 | * This method can be used to restore Burp's state from a specified saved
531 | * state file. This method blocks until the restore operation is completed,
532 | * and must not be called from the event dispatch thread.
533 | *
534 | * @param file The file containing Burp's saved state.
535 | */
536 | void restoreState(java.io.File file);
537 |
538 | /**
539 | * This method can be used to save Burp's state to a specified file. This
540 | * method blocks until the save operation is completed, and must not be
541 | * called from the event dispatch thread.
542 | *
543 | * @param file The file to save Burp's state in.
544 | */
545 | void saveState(java.io.File file);
546 |
547 | /**
548 | * This method causes Burp to save all of its current configuration as a Map
549 | * of name/value Strings.
550 | *
551 | * @return A Map of name/value Strings reflecting Burp's current
552 | * configuration.
553 | */
554 | Map saveConfig();
555 |
556 | /**
557 | * This method causes Burp to load a new configuration from the Map of
558 | * name/value Strings provided. Any settings not specified in the Map will
559 | * be restored to their default values. To selectively update only some
560 | * settings and leave the rest unchanged, you should first call
561 | * saveConfig() to obtain Burp's current configuration, modify
562 | * the relevant items in the Map, and then call
563 | * loadConfig() with the same Map.
564 | *
565 | * @param config A map of name/value Strings to use as Burp's new
566 | * configuration.
567 | */
568 | void loadConfig(Map config);
569 |
570 | /**
571 | * This method sets the master interception mode for Burp Proxy.
572 | *
573 | * @param enabled Indicates whether interception of Proxy messages should be
574 | * enabled.
575 | */
576 | void setProxyInterceptionEnabled(boolean enabled);
577 |
578 | /**
579 | * This method retrieves information about the version of Burp in which the
580 | * extension is running. It can be used by extensions to dynamically adjust
581 | * their behavior depending on the functionality and APIs supported by the
582 | * current version.
583 | *
584 | * @return An array of Strings comprised of: the product name (e.g. Burp
585 | * Suite Professional), the major version (e.g. 1.5), the minor version
586 | * (e.g. 03)
587 | */
588 | String[] getBurpVersion();
589 |
590 | /**
591 | * This method can be used to shut down Burp programmatically, with an
592 | * optional prompt to the user. If the method returns, the user canceled the
593 | * shutdown prompt.
594 | *
595 | * @param promptUser Indicates whether to prompt the user to confirm the
596 | * shutdown.
597 | */
598 | void exitSuite(boolean promptUser);
599 |
600 | /**
601 | * This method is used to create a temporary file on disk containing the
602 | * provided data. Extensions can use temporary files for long-term storage
603 | * of runtime data, avoiding the need to retain that data in memory.
604 | *
605 | * @param buffer The data to be saved to a temporary file.
606 | * @return An object that implements the
607 | * ITempFile interface.
608 | */
609 | ITempFile saveToTempFile(byte[] buffer);
610 |
611 | /**
612 | * This method is used to save the request and response of an
613 | * IHttpRequestResponse object to temporary files, so that they
614 | * are no longer held in memory. Extensions can used this method to convert
615 | * IHttpRequestResponse objects into a form suitable for
616 | * long-term storage.
617 | *
618 | * @param httpRequestResponse The
619 | * IHttpRequestResponse object whose request and response
620 | * messages are to be saved to temporary files.
621 | * @return An object that implements the
622 | * IHttpRequestResponsePersisted interface.
623 | */
624 | IHttpRequestResponsePersisted saveBuffersToTempFiles(
625 | IHttpRequestResponse httpRequestResponse);
626 |
627 | /**
628 | * This method is used to apply markers to an HTTP request or response, at
629 | * offsets into the message that are relevant for some particular purpose.
630 | * Markers are used in various situations, such as specifying Intruder
631 | * payload positions, Scanner insertion points, and highlights in Scanner
632 | * issues.
633 | *
634 | * @param httpRequestResponse The
635 | * IHttpRequestResponse object to which the markers should be
636 | * applied.
637 | * @param requestMarkers A list of index pairs representing the offsets of
638 | * markers to be applied to the request message. Each item in the list must
639 | * be an int[2] array containing the start and end offsets for the marker.
640 | * This parameter is optional and may be
641 | * null if no request markers are required.
642 | * @param responseMarkers A list of index pairs representing the offsets of
643 | * markers to be applied to the response message. Each item in the list must
644 | * be an int[2] array containing the start and end offsets for the marker.
645 | * This parameter is optional and may be
646 | * null if no response markers are required.
647 | * @return An object that implements the
648 | * IHttpRequestResponseWithMarkers interface.
649 | */
650 | IHttpRequestResponseWithMarkers applyMarkers(
651 | IHttpRequestResponse httpRequestResponse,
652 | List requestMarkers,
653 | List responseMarkers);
654 |
655 | /**
656 | * This method is used to obtain the descriptive name for the Burp tool
657 | * identified by the tool flag provided.
658 | *
659 | * @param toolFlag A flag identifying a Burp tool (
660 | * TOOL_PROXY,
661 | * TOOL_SCANNER, etc.). Tool flags are defined within this
662 | * interface.
663 | * @return The descriptive name for the specified tool.
664 | */
665 | String getToolName(int toolFlag);
666 |
667 | /**
668 | * This method is used to register a new Scanner issue. Note:
669 | * Wherever possible, extensions should implement custom Scanner checks
670 | * using
671 | * IScannerCheck and report issues via those checks, so as to
672 | * integrate with Burp's user-driven workflow, and ensure proper
673 | * consolidation of duplicate reported issues. This method is only designed
674 | * for tasks outside of the normal testing workflow, such as importing
675 | * results from other scanning tools.
676 | *
677 | * @param issue An object created by the extension that implements the
678 | * IScanIssue interface.
679 | */
680 | void addScanIssue(IScanIssue issue);
681 |
682 | /**
683 | * This method parses the specified request and returns details of each
684 | * request parameter.
685 | *
686 | * @param request The request to be parsed.
687 | * @return An array of:
688 | * String[] { name, value, type } containing details of the
689 | * parameters contained within the request.
690 | * @deprecated Use
691 | * IExtensionHelpers.analyzeRequest() instead.
692 | */
693 | @Deprecated
694 | String[][] getParameters(byte[] request);
695 |
696 | /**
697 | * This method parses the specified request and returns details of each HTTP
698 | * header.
699 | *
700 | * @param message The request to be parsed.
701 | * @return An array of HTTP headers.
702 | * @deprecated Use
703 | * IExtensionHelpers.analyzeRequest() or
704 | * IExtensionHelpers.analyzeResponse() instead.
705 | */
706 | @Deprecated
707 | String[] getHeaders(byte[] message);
708 |
709 | /**
710 | * This method can be used to register a new menu item which will appear on
711 | * the various context menus that are used throughout Burp Suite to handle
712 | * user-driven actions.
713 | *
714 | * @param menuItemCaption The caption to be displayed on the menu item.
715 | * @param menuItemHandler The handler to be invoked when the user clicks on
716 | * the menu item.
717 | * @deprecated Use
718 | * registerContextMenuFactory() instead.
719 | */
720 | @Deprecated
721 | void registerMenuItem(
722 | String menuItemCaption,
723 | IMenuItemHandler menuItemHandler);
724 | }
725 |
--------------------------------------------------------------------------------