├── README.md └── burp ├── BurpExtender.java ├── CustomScanIssue.java ├── IBurpExtender.java ├── IBurpExtenderCallbacks.java ├── IContextMenuFactory.java ├── IContextMenuInvocation.java ├── ICookie.java ├── IExtensionHelpers.java ├── IExtensionStateListener.java ├── IHttpListener.java ├── IHttpRequestResponse.java ├── IHttpRequestResponsePersisted.java ├── IHttpRequestResponseWithMarkers.java ├── IHttpService.java ├── IInterceptedProxyMessage.java ├── IIntruderAttack.java ├── IIntruderPayloadGenerator.java ├── IIntruderPayloadGeneratorFactory.java ├── IIntruderPayloadProcessor.java ├── IMenuItemHandler.java ├── IMessageEditor.java ├── IMessageEditorController.java ├── IMessageEditorTab.java ├── IMessageEditorTabFactory.java ├── IParameter.java ├── IProxyListener.java ├── IRequestInfo.java ├── IResponseInfo.java ├── IScanIssue.java ├── IScanQueueItem.java ├── IScannerCheck.java ├── IScannerInsertionPoint.java ├── IScannerInsertionPointProvider.java ├── IScannerListener.java ├── IScopeChangeListener.java ├── ISessionHandlingAction.java ├── ITab.java ├── ITempFile.java ├── ITextEditor.java ├── MatchRule.java ├── ScannetMatch.java └── checkResult.java /README.md: -------------------------------------------------------------------------------- 1 | # BurpCRLFPlugin 2 | Another plugin for CRLF vulnerability detection 3 | 4 | This plugin use next payload's 5 | ``` 6 | %0a 7 | %0d 8 | %0d%0a 9 | %0d%0a%09 10 | %0d%0a+ 11 | %0d%20 12 | %0d+ 13 | %E5%98%8A%E5%98%8D 14 | %E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D 15 | \r 16 | \r\n 17 | \r\n 18 | \r\n\t 19 | \r\t 20 | ``` 21 | 22 | 23 | 24 | Thank's @virvales 25 | -------------------------------------------------------------------------------- /burp/BurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.io.IOException; 4 | import java.io.OutputStream; 5 | import java.net.URL; 6 | import java.util.*; 7 | import java.util.regex.Matcher; 8 | import java.util.regex.Pattern; 9 | 10 | 11 | public class BurpExtender implements IBurpExtender, IScannerCheck, IHttpListener { 12 | private IBurpExtenderCallbacks callbacks; 13 | private IExtensionHelpers helpers; 14 | private OutputStream output; 15 | 16 | //CRLF variables 17 | private static final String CRLFHeader = "Burp-Verification-Header: "; 18 | private static final Pattern CRLFPattern = Pattern.compile("\\n\\s*" + CRLFHeader); 19 | private static final List CRLFSplitters = new ArrayList(); 20 | private static String CRLFDescription = ""; 21 | 22 | 23 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { 24 | this.callbacks = callbacks; 25 | 26 | this.helpers = callbacks.getHelpers(); 27 | this.output = callbacks.getStdout(); 28 | 29 | 30 | callbacks.setExtensionName("Burp CRLF plugin"); 31 | callbacks.registerScannerCheck(BurpExtender.this); 32 | callbacks.registerHttpListener(BurpExtender.this); 33 | println("Burp CRLF plugin"); 34 | 35 | initCRLFSplitters(); 36 | 37 | CRLFDescription = "HTTP response splitting occurs when:
\n" + 40 | "HTTP response splitting is a means to an end, not an end in itself. At its root, the attack is straightforward: \n" + 41 | "an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header.

\n" + 42 | "To mount a successful exploit, the application must allow input that contains CR (carriage return, also given by %0d or \\r) \n" + 43 | "and LF (line feed, also given by %0a or \\n)characters into the header AND the underlying platform must be vulnerable to the injection\n" + 44 | "of such characters. These characters not only give attackers control of the remaining headers and body of the response the application intends"+ 45 | "to send, but also allow them to create additional responses entirely under their control.

\n" + 46 | "The example below uses a Java example, but this issue has been fixed in virtually all modern Java EE application servers." + 47 | "If you are concerned about this risk, you should test on the platform of concern to see if the underlying platform allows for CR or LF characters"+ 48 | "to be injected into headers. We suspect that, in general, this vulnerability has been fixed in most modern application servers, regardless of what language the code has been written in."; 49 | 50 | } 51 | 52 | public List doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { 53 | baseRequestResponse.getHttpService().getHost(); 54 | List results = new ArrayList(); 55 | checkResult res = doCRLF(baseRequestResponse, insertionPoint); 56 | if (res!=null) 57 | { 58 | IHttpRequestResponse attack = res.getAttack(); 59 | results.add(new CustomScanIssue(attack.getHttpService(), 60 | this.helpers.analyzeRequest(attack).getUrl(), 61 | new IHttpRequestResponse[]{attack}, 62 | "HTTP Response Splitting", 63 | "Vulnerability detected by BurpCRLFPlugin

" + res.getAttackDetails(), 64 | CRLFDescription, res.getPriority(), "Firm")); 65 | } 66 | 67 | 68 | return results; 69 | } 70 | 71 | public List doPassiveScan(IHttpRequestResponse baseRequestResponse){ 72 | return null; 73 | } 74 | 75 | 76 | public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) 77 | { 78 | return 0; 79 | } 80 | 81 | 82 | public checkResult doCRLF(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint){ 83 | 84 | String uuid = UUID.randomUUID().toString().replaceAll("-", ""); 85 | 86 | IHttpService httpService = baseRequestResponse.getHttpService(); 87 | IHttpRequestResponse checkUUID = this.callbacks.makeHttpRequest(httpService, 88 | insertionPoint.buildRequest(this.helpers.stringToBytes(uuid))); 89 | 90 | String respHeaders = String.join("\n", this.helpers.analyzeResponse(checkUUID.getResponse()).getHeaders()); 91 | 92 | 93 | if (respHeaders.contains(uuid)) { 94 | for (String payload: CRLFSplitters) { 95 | String finalPayload = new StringBuffer().append(uuid.substring(0,5)) 96 | .append(payload) 97 | .append(CRLFHeader) 98 | .append(uuid.substring(6)) 99 | .toString(); 100 | 101 | IHttpRequestResponse attack = this.callbacks.makeHttpRequest(httpService, 102 | insertionPoint.buildRequest(this.helpers.stringToBytes(finalPayload))); 103 | 104 | String respAttackHeaders = String.join("\n",this.helpers.analyzeResponse(attack.getResponse()).getHeaders()); 105 | 106 | Matcher m = CRLFPattern.matcher(respAttackHeaders); 107 | 108 | if (m.find() ){ 109 | String body = this.helpers.bytesToString(attack.getResponse()); 110 | 111 | List requestMarkers = new ArrayList(1); 112 | requestMarkers.add(insertionPoint.getPayloadOffsets(this.helpers.stringToBytes(finalPayload))); 113 | List responseMarkers = new ArrayList(1); 114 | //println(Integer.toString(body.indexOf(CRLFHeader))); 115 | //println(Integer.toString(body.indexOf(CRLFHeader)+CRLFHeader.length())); 116 | responseMarkers.add(new int[]{body.indexOf(CRLFHeader), body.indexOf(CRLFHeader)+CRLFHeader.length() }); 117 | 118 | 119 | String attackDetails = "Vulnerability detected at " + insertionPoint.getInsertionPointName() + ", " + 120 | "payload was set to " + this.helpers.urlEncode(finalPayload) + "
" + 121 | "Found response: " + m.group(); 122 | return new checkResult(true, 123 | finalPayload, 124 | this.callbacks.applyMarkers(attack,requestMarkers,responseMarkers), 125 | "High", 126 | attackDetails); 127 | } 128 | } 129 | } 130 | return null; 131 | } 132 | 133 | 134 | public void initCRLFSplitters() 135 | { 136 | byte[] CDRIVES = new byte[] {(byte)0xE5, (byte)0x98, (byte)0x8A, (byte)0xE5, (byte)0x98, (byte)0x8D, }; 137 | CRLFSplitters.add(this.helpers.bytesToString(CDRIVES)); 138 | CRLFSplitters.add("\r\n"); 139 | CRLFSplitters.add("\r "); 140 | CRLFSplitters.add("\r\t"); 141 | CRLFSplitters.add("\r\n "); 142 | CRLFSplitters.add("\r\n\t"); 143 | CRLFSplitters.add("\r\n\t"); 144 | 145 | CRLFSplitters.add("%0d"); 146 | CRLFSplitters.add("%0a"); 147 | CRLFSplitters.add("%0d%0a"); 148 | CRLFSplitters.add("%0d%0a%09"); 149 | CRLFSplitters.add("%0d+"); 150 | CRLFSplitters.add("%0d%20"); 151 | CRLFSplitters.add("%0d%0a+"); 152 | CRLFSplitters.add("%E5%98%8A%E5%98%8D"); 153 | CRLFSplitters.add("%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D"); 154 | } 155 | 156 | 157 | private void println(String toPrint) { 158 | try { 159 | this.output.write(toPrint.getBytes()); 160 | this.output.write("\n".getBytes()); 161 | this.output.flush(); 162 | } catch (IOException ioe) { 163 | ioe.printStackTrace(); 164 | } 165 | } 166 | 167 | @Override 168 | public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { 169 | // TODO Auto-generated method stub 170 | 171 | } 172 | } 173 | -------------------------------------------------------------------------------- /burp/CustomScanIssue.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.net.URL; 4 | 5 | class CustomScanIssue implements IScanIssue { 6 | private IHttpService httpService; 7 | private URL url; 8 | private IHttpRequestResponse[] httpMessages; 9 | private String name; 10 | private String detail; 11 | private String severity; 12 | private String confidence; 13 | private String background; 14 | 15 | public CustomScanIssue(IHttpService httpService, URL url, IHttpRequestResponse[] httpMessages, String name, 16 | String detail, String background, String severity, String confidence) 17 | { 18 | this.httpService = httpService; 19 | this.url = url; 20 | this.httpMessages = httpMessages; 21 | this.name = name; 22 | this.detail = detail; 23 | this.severity = severity; 24 | this.confidence = confidence; 25 | this.background = background; 26 | } 27 | 28 | public URL getUrl() 29 | { 30 | return this.url; 31 | } 32 | 33 | public String getIssueName() 34 | { 35 | return this.name; 36 | } 37 | 38 | public int getIssueType() 39 | { 40 | return 0; 41 | } 42 | 43 | public String getSeverity() 44 | { 45 | return this.severity; 46 | } 47 | 48 | public String getConfidence() 49 | { 50 | return this.confidence; 51 | } 52 | 53 | public String getIssueBackground() 54 | { 55 | return this.background; 56 | } 57 | 58 | public String getRemediationBackground() 59 | { 60 | return null; 61 | } 62 | 63 | public String getIssueDetail() 64 | { 65 | return this.detail; 66 | } 67 | 68 | public String getRemediationDetail() 69 | { 70 | return null; 71 | } 72 | 73 | public IHttpRequestResponse[] getHttpMessages() 74 | { 75 | return this.httpMessages; 76 | } 77 | 78 | public IHttpService getHttpService() 79 | { 80 | return this.httpService; 81 | } 82 | } -------------------------------------------------------------------------------- /burp/IBurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtender.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * All extensions must implement this interface. 14 | * 15 | * Implementations must be called BurpExtender, in the package burp, must be 16 | * declared public, and must provide a default (public, no-argument) 17 | * constructor. 18 | */ 19 | public interface IBurpExtender 20 | { 21 | /** 22 | * This method is invoked when the extension is loaded. It registers an 23 | * instance of the 24 | * IBurpExtenderCallbacks interface, providing methods that may 25 | * be invoked by the extension to perform various actions. 26 | * 27 | * @param callbacks An 28 | * IBurpExtenderCallbacks object. 29 | */ 30 | void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); 31 | } 32 | -------------------------------------------------------------------------------- /burp/IBurpExtenderCallbacks.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IBurpExtenderCallbacks.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | import java.io.OutputStream; 14 | import java.util.List; 15 | import java.util.Map; 16 | 17 | /** 18 | * This interface is used by Burp Suite to pass to extensions a set of callback 19 | * methods that can be used by extensions to perform various actions within 20 | * Burp. 21 | * 22 | * When an extension is loaded, Burp invokes its 23 | * registerExtenderCallbacks() method and passes an instance of the 24 | * IBurpExtenderCallbacks interface. The extension may then invoke 25 | * the methods of this interface as required in order to extend Burp's 26 | * functionality. 27 | */ 28 | public interface IBurpExtenderCallbacks 29 | { 30 | /** 31 | * Flag used to identify Burp Suite as a whole. 32 | */ 33 | static final int TOOL_SUITE = 0x00000001; 34 | /** 35 | * Flag used to identify the Burp Target tool. 36 | */ 37 | static final int TOOL_TARGET = 0x00000002; 38 | /** 39 | * Flag used to identify the Burp Proxy tool. 40 | */ 41 | static final int TOOL_PROXY = 0x00000004; 42 | /** 43 | * Flag used to identify the Burp Spider tool. 44 | */ 45 | static final int TOOL_SPIDER = 0x00000008; 46 | /** 47 | * Flag used to identify the Burp Scanner tool. 48 | */ 49 | static final int TOOL_SCANNER = 0x00000010; 50 | /** 51 | * Flag used to identify the Burp Intruder tool. 52 | */ 53 | static final int TOOL_INTRUDER = 0x00000020; 54 | /** 55 | * Flag used to identify the Burp Repeater tool. 56 | */ 57 | static final int TOOL_REPEATER = 0x00000040; 58 | /** 59 | * Flag used to identify the Burp Sequencer tool. 60 | */ 61 | static final int TOOL_SEQUENCER = 0x00000080; 62 | /** 63 | * Flag used to identify the Burp Decoder tool. 64 | */ 65 | static final int TOOL_DECODER = 0x00000100; 66 | /** 67 | * Flag used to identify the Burp Comparer tool. 68 | */ 69 | static final int TOOL_COMPARER = 0x00000200; 70 | /** 71 | * Flag used to identify the Burp Extender tool. 72 | */ 73 | static final int TOOL_EXTENDER = 0x00000400; 74 | 75 | /** 76 | * This method is used to set the display name for the current extension, 77 | * which will be displayed within the user interface for the Extender tool. 78 | * 79 | * @param name The extension name. 80 | */ 81 | void setExtensionName(String name); 82 | 83 | /** 84 | * This method is used to obtain an 85 | * IExtensionHelpers object, which can be used by the extension 86 | * to perform numerous useful tasks. 87 | * 88 | * @return An object containing numerous helper methods, for tasks such as 89 | * building and analyzing HTTP requests. 90 | */ 91 | IExtensionHelpers getHelpers(); 92 | 93 | /** 94 | * This method is used to obtain the current extension's standard output 95 | * stream. Extensions should write all output to this stream, allowing the 96 | * Burp user to configure how that output is handled from within the UI. 97 | * 98 | * @return The extension's standard output stream. 99 | */ 100 | OutputStream getStdout(); 101 | 102 | /** 103 | * This method is used to obtain the current extension's standard error 104 | * stream. Extensions should write all error messages to this stream, 105 | * allowing the Burp user to configure how that output is handled from 106 | * within the UI. 107 | * 108 | * @return The extension's standard error stream. 109 | */ 110 | OutputStream getStderr(); 111 | 112 | /** 113 | * This method is used to register a listener which will be notified of 114 | * changes to the extension's state. Note: Any extensions that start 115 | * background threads or open system resources (such as files or database 116 | * connections) should register a listener and terminate threads / close 117 | * resources when the extension is unloaded. 118 | * 119 | * @param listener An object created by the extension that implements the 120 | * IExtensionStateListener interface. 121 | */ 122 | void registerExtensionStateListener(IExtensionStateListener listener); 123 | 124 | /** 125 | * This method is used to register a listener which will be notified of 126 | * requests and responses made by any Burp tool. Extensions can perform 127 | * custom analysis or modification of these messages by registering an HTTP 128 | * listener. 129 | * 130 | * @param listener An object created by the extension that implements the 131 | * IHttpListener interface. 132 | */ 133 | void registerHttpListener(IHttpListener listener); 134 | 135 | /** 136 | * This method is used to register a listener which will be notified of 137 | * requests and responses being processed by the Proxy tool. Extensions can 138 | * perform custom analysis or modification of these messages, and control 139 | * in-UI message interception, by registering a proxy listener. 140 | * 141 | * @param listener An object created by the extension that implements the 142 | * IProxyListener interface. 143 | */ 144 | void registerProxyListener(IProxyListener listener); 145 | 146 | /** 147 | * This method is used to register a listener which will be notified of new 148 | * issues that are reported by the Scanner tool. Extensions can perform 149 | * custom analysis or logging of Scanner issues by registering a Scanner 150 | * listener. 151 | * 152 | * @param listener An object created by the extension that implements the 153 | * IScannerListener interface. 154 | */ 155 | void registerScannerListener(IScannerListener listener); 156 | 157 | /** 158 | * This method is used to register a listener which will be notified of 159 | * changes to Burp's suite-wide target scope. 160 | * 161 | * @param listener An object created by the extension that implements the 162 | * IScopeChangeListener interface. 163 | */ 164 | void registerScopeChangeListener(IScopeChangeListener listener); 165 | 166 | /** 167 | * This method is used to register a factory for custom context menu items. 168 | * When the user invokes a context menu anywhere within Burp, the factory 169 | * will be passed details of the invocation event, and asked to provide any 170 | * custom context menu items that should be shown. 171 | * 172 | * @param factory An object created by the extension that implements the 173 | * IContextMenuFactory interface. 174 | */ 175 | void registerContextMenuFactory(IContextMenuFactory factory); 176 | 177 | /** 178 | * This method is used to register a factory for custom message editor tabs. 179 | * For each message editor that already exists, or is subsequently created, 180 | * within Burp, the factory will be asked to provide a new instance of an 181 | * IMessageEditorTab object, which can provide custom rendering 182 | * or editing of HTTP messages. 183 | * 184 | * @param factory An object created by the extension that implements the 185 | * IMessageEditorTabFactory interface. 186 | */ 187 | void registerMessageEditorTabFactory(IMessageEditorTabFactory factory); 188 | 189 | /** 190 | * This method is used to register a provider of Scanner insertion points. 191 | * For each base request that is actively scanned, Burp will ask the 192 | * provider to provide any custom scanner insertion points that are 193 | * appropriate for the request. 194 | * 195 | * @param provider An object created by the extension that implements the 196 | * IScannerInsertionPointProvider interface. 197 | */ 198 | void registerScannerInsertionPointProvider( 199 | IScannerInsertionPointProvider provider); 200 | 201 | /** 202 | * This method is used to register a custom Scanner check. When performing 203 | * scanning, Burp will ask the check to perform active or passive scanning 204 | * on the base request, and report any Scanner issues that are identified. 205 | * 206 | * @param check An object created by the extension that implements the 207 | * IScannerCheck interface. 208 | */ 209 | void registerScannerCheck(IScannerCheck check); 210 | 211 | /** 212 | * This method is used to register a factory for Intruder payloads. Each 213 | * registered factory will be available within the Intruder UI for the user 214 | * to select as the payload source for an attack. When this is selected, the 215 | * factory will be asked to provide a new instance of an 216 | * IIntruderPayloadGenerator object, which will be used to 217 | * generate payloads for the attack. 218 | * 219 | * @param factory An object created by the extension that implements the 220 | * IIntruderPayloadGeneratorFactory interface. 221 | */ 222 | void registerIntruderPayloadGeneratorFactory( 223 | IIntruderPayloadGeneratorFactory factory); 224 | 225 | /** 226 | * This method is used to register a custom Intruder payload processor. Each 227 | * registered processor will be available within the Intruder UI for the 228 | * user to select as the action for a payload processing rule. 229 | * 230 | * @param processor An object created by the extension that implements the 231 | * IIntruderPayloadProcessor interface. 232 | */ 233 | void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor); 234 | 235 | /** 236 | * This method is used to register a custom session handling action. Each 237 | * registered action will be available within the session handling rule UI 238 | * for the user to select as a rule action. Users can choose to invoke an 239 | * action directly in its own right, or following execution of a macro. 240 | * 241 | * @param action An object created by the extension that implements the 242 | * ISessionHandlingAction interface. 243 | */ 244 | void registerSessionHandlingAction(ISessionHandlingAction action); 245 | 246 | /** 247 | * This method is used to unload the extension from Burp Suite. 248 | */ 249 | void unloadExtension(); 250 | 251 | /** 252 | * This method is used to add a custom tab to the main Burp Suite window. 253 | * 254 | * @param tab An object created by the extension that implements the 255 | * ITab interface. 256 | */ 257 | void addSuiteTab(ITab tab); 258 | 259 | /** 260 | * This method is used to remove a previously-added tab from the main Burp 261 | * Suite window. 262 | * 263 | * @param tab An object created by the extension that implements the 264 | * ITab interface. 265 | */ 266 | void removeSuiteTab(ITab tab); 267 | 268 | /** 269 | * This method is used to customize UI components in line with Burp's UI 270 | * style, including font size, colors, table line spacing, etc. 271 | * 272 | * @param component The UI component to be customized. 273 | */ 274 | void customizeUiComponent(Component component); 275 | 276 | /** 277 | * This method is used to create a new instance of Burp's HTTP message 278 | * editor, for the extension to use in its own UI. 279 | * 280 | * @param controller An object created by the extension that implements the 281 | * IMessageEditorController interface. This parameter is 282 | * optional and may be null. If it is provided, then the 283 | * message editor will query the controller when required to obtain details 284 | * about the currently displayed message, including the 285 | * IHttpService for the message, and the associated request or 286 | * response message. If a controller is not provided, then the message 287 | * editor will not support context menu actions, such as sending requests to 288 | * other Burp tools. 289 | * @param editable Indicates whether the editor created should be editable, 290 | * or used only for message viewing. 291 | * @return An object that implements the IMessageEditor 292 | * interface, and which the extension can use in its own UI. 293 | */ 294 | IMessageEditor createMessageEditor(IMessageEditorController controller, 295 | boolean editable); 296 | 297 | /** 298 | * This method returns the command line arguments that were passed to Burp 299 | * on startup. 300 | * 301 | * @return The command line arguments that were passed to Burp on startup. 302 | */ 303 | String[] getCommandLineArguments(); 304 | 305 | /** 306 | * This method is used to save configuration settings for the extension in a 307 | * persistent way that survives reloads of the extension and of Burp Suite. 308 | * Saved settings can be retrieved using the method 309 | * loadExtensionSetting(). 310 | * 311 | * @param name The name of the setting. 312 | * @param value The value of the setting. If this value is null 313 | * then any existing setting with the specified name will be removed. 314 | */ 315 | void saveExtensionSetting(String name, String value); 316 | 317 | /** 318 | * This method is used to load configuration settings for the extension that 319 | * were saved using the method 320 | * saveExtensionSetting(). 321 | * 322 | * @param name The name of the setting. 323 | * @return The value of the setting, or null if no value is 324 | * set. 325 | */ 326 | String loadExtensionSetting(String name); 327 | 328 | /** 329 | * This method is used to create a new instance of Burp's plain text editor, 330 | * for the extension to use in its own UI. 331 | * 332 | * @return An object that implements the ITextEditor interface, 333 | * and which the extension can use in its own UI. 334 | */ 335 | ITextEditor createTextEditor(); 336 | 337 | /** 338 | * This method can be used to send an HTTP request to the Burp Repeater 339 | * tool. The request will be displayed in the user interface, but will not 340 | * be issued until the user initiates this action. 341 | * 342 | * @param host The hostname of the remote HTTP server. 343 | * @param port The port of the remote HTTP server. 344 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 345 | * @param request The full HTTP request. 346 | * @param tabCaption An optional caption which will appear on the Repeater 347 | * tab containing the request. If this value is null then a 348 | * default tab index will be displayed. 349 | */ 350 | void sendToRepeater( 351 | String host, 352 | int port, 353 | boolean useHttps, 354 | byte[] request, 355 | String tabCaption); 356 | 357 | /** 358 | * This method can be used to send an HTTP request to the Burp Intruder 359 | * tool. The request will be displayed in the user interface, and markers 360 | * for attack payloads will be placed into default locations within the 361 | * request. 362 | * 363 | * @param host The hostname of the remote HTTP server. 364 | * @param port The port of the remote HTTP server. 365 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 366 | * @param request The full HTTP request. 367 | */ 368 | void sendToIntruder( 369 | String host, 370 | int port, 371 | boolean useHttps, 372 | byte[] request); 373 | 374 | /** 375 | * This method can be used to send an HTTP request to the Burp Intruder 376 | * tool. The request will be displayed in the user interface, and markers 377 | * for attack payloads will be placed into the specified locations within 378 | * the request. 379 | * 380 | * @param host The hostname of the remote HTTP server. 381 | * @param port The port of the remote HTTP server. 382 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 383 | * @param request The full HTTP request. 384 | * @param payloadPositionOffsets A list of index pairs representing the 385 | * payload positions to be used. Each item in the list must be an int[2] 386 | * array containing the start and end offsets for the payload position. 387 | */ 388 | void sendToIntruder( 389 | String host, 390 | int port, 391 | boolean useHttps, 392 | byte[] request, 393 | List payloadPositionOffsets); 394 | 395 | /** 396 | * This method can be used to send a seed URL to the Burp Spider tool. If 397 | * the URL is not within the current Spider scope, the user will be asked if 398 | * they wish to add the URL to the scope. If the Spider is not currently 399 | * running, it will be started. The seed URL will be requested, and the 400 | * Spider will process the application's response in the normal way. 401 | * 402 | * @param url The new seed URL to begin spidering from. 403 | */ 404 | void sendToSpider( 405 | java.net.URL url); 406 | 407 | /** 408 | * This method can be used to send an HTTP request to the Burp Scanner tool 409 | * to perform an active vulnerability scan. If the request is not within the 410 | * current active scanning scope, the user will be asked if they wish to 411 | * proceed with the scan. 412 | * 413 | * @param host The hostname of the remote HTTP server. 414 | * @param port The port of the remote HTTP server. 415 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 416 | * @param request The full HTTP request. 417 | * @return The resulting scan queue item. 418 | */ 419 | IScanQueueItem doActiveScan( 420 | String host, 421 | int port, 422 | boolean useHttps, 423 | byte[] request); 424 | 425 | /** 426 | * This method can be used to send an HTTP request to the Burp Scanner tool 427 | * to perform an active vulnerability scan, based on a custom list of 428 | * insertion points that are to be scanned. If the request is not within the 429 | * current active scanning scope, the user will be asked if they wish to 430 | * proceed with the scan. 431 | * 432 | * @param host The hostname of the remote HTTP server. 433 | * @param port The port of the remote HTTP server. 434 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 435 | * @param request The full HTTP request. 436 | * @param insertionPointOffsets A list of index pairs representing the 437 | * positions of the insertion points that should be scanned. Each item in 438 | * the list must be an int[2] array containing the start and end offsets for 439 | * the insertion point. 440 | * @return The resulting scan queue item. 441 | */ 442 | IScanQueueItem doActiveScan( 443 | String host, 444 | int port, 445 | boolean useHttps, 446 | byte[] request, 447 | List insertionPointOffsets); 448 | 449 | /** 450 | * This method can be used to send an HTTP request to the Burp Scanner tool 451 | * to perform a passive vulnerability scan. 452 | * 453 | * @param host The hostname of the remote HTTP server. 454 | * @param port The port of the remote HTTP server. 455 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 456 | * @param request The full HTTP request. 457 | * @param response The full HTTP response. 458 | */ 459 | void doPassiveScan( 460 | String host, 461 | int port, 462 | boolean useHttps, 463 | byte[] request, 464 | byte[] response); 465 | 466 | /** 467 | * This method can be used to issue HTTP requests and retrieve their 468 | * responses. 469 | * 470 | * @param httpService The HTTP service to which the request should be sent. 471 | * @param request The full HTTP request. 472 | * @return An object that implements the IHttpRequestResponse 473 | * interface, and which the extension can query to obtain the details of the 474 | * response. 475 | */ 476 | IHttpRequestResponse makeHttpRequest(IHttpService httpService, 477 | byte[] request); 478 | 479 | /** 480 | * This method can be used to issue HTTP requests and retrieve their 481 | * responses. 482 | * 483 | * @param host The hostname of the remote HTTP server. 484 | * @param port The port of the remote HTTP server. 485 | * @param useHttps Flags whether the protocol is HTTPS or HTTP. 486 | * @param request The full HTTP request. 487 | * @return The full response retrieved from the remote server. 488 | */ 489 | byte[] makeHttpRequest( 490 | String host, 491 | int port, 492 | boolean useHttps, 493 | byte[] request); 494 | 495 | /** 496 | * This method can be used to query whether a specified URL is within the 497 | * current Suite-wide scope. 498 | * 499 | * @param url The URL to query. 500 | * @return Returns true if the URL is within the current 501 | * Suite-wide scope. 502 | */ 503 | boolean isInScope(java.net.URL url); 504 | 505 | /** 506 | * This method can be used to include the specified URL in the Suite-wide 507 | * scope. 508 | * 509 | * @param url The URL to include in the Suite-wide scope. 510 | */ 511 | void includeInScope(java.net.URL url); 512 | 513 | /** 514 | * This method can be used to exclude the specified URL from the Suite-wide 515 | * scope. 516 | * 517 | * @param url The URL to exclude from the Suite-wide scope. 518 | */ 519 | void excludeFromScope(java.net.URL url); 520 | 521 | /** 522 | * This method can be used to display a specified message in the Burp Suite 523 | * alerts tab. 524 | * 525 | * @param message The alert message to display. 526 | */ 527 | void issueAlert(String message); 528 | 529 | /** 530 | * This method returns details of all items in the Proxy history. 531 | * 532 | * @return The contents of the Proxy history. 533 | */ 534 | IHttpRequestResponse[] getProxyHistory(); 535 | 536 | /** 537 | * This method returns details of items in the site map. 538 | * 539 | * @param urlPrefix This parameter can be used to specify a URL prefix, in 540 | * order to extract a specific subset of the site map. The method performs a 541 | * simple case-sensitive text match, returning all site map items whose URL 542 | * begins with the specified prefix. If this parameter is null, the entire 543 | * site map is returned. 544 | * 545 | * @return Details of items in the site map. 546 | */ 547 | IHttpRequestResponse[] getSiteMap(String urlPrefix); 548 | 549 | /** 550 | * This method returns all of the current scan issues for URLs matching the 551 | * specified literal prefix. 552 | * 553 | * @param urlPrefix This parameter can be used to specify a URL prefix, in 554 | * order to extract a specific subset of scan issues. The method performs a 555 | * simple case-sensitive text match, returning all scan issues whose URL 556 | * begins with the specified prefix. If this parameter is null, all issues 557 | * are returned. 558 | * @return Details of the scan issues. 559 | */ 560 | IScanIssue[] getScanIssues(String urlPrefix); 561 | 562 | /** 563 | * This method is used to generate a report for the specified Scanner 564 | * issues. The report format can be specified. For all other reporting 565 | * options, the default settings that appear in the reporting UI wizard are 566 | * used. 567 | * 568 | * @param format The format to be used in the report. Accepted values are 569 | * HTML and XML. 570 | * @param issues The Scanner issues to be reported. 571 | * @param file The file to which the report will be saved. 572 | */ 573 | void generateScanReport(String format, IScanIssue[] issues, java.io.File file); 574 | 575 | /** 576 | * This method is used to retrieve the contents of Burp's session handling 577 | * cookie jar. Extensions that provide an 578 | * ISessionHandlingAction can query and update the cookie jar 579 | * in order to handle unusual session handling mechanisms. 580 | * 581 | * @return A list of ICookie objects representing the contents 582 | * of Burp's session handling cookie jar. 583 | */ 584 | List getCookieJarContents(); 585 | 586 | /** 587 | * This method is used to update the contents of Burp's session handling 588 | * cookie jar. Extensions that provide an 589 | * ISessionHandlingAction can query and update the cookie jar 590 | * in order to handle unusual session handling mechanisms. 591 | * 592 | * @param cookie An ICookie object containing details of the 593 | * cookie to be updated. If the cookie jar already contains a cookie that 594 | * matches the specified domain and name, then that cookie will be updated 595 | * with the new value and expiration, unless the new value is 596 | * null, in which case the cookie will be removed. If the 597 | * cookie jar does not already contain a cookie that matches the specified 598 | * domain and name, then the cookie will be added. 599 | */ 600 | void updateCookieJar(ICookie cookie); 601 | 602 | /** 603 | * This method can be used to add an item to Burp's site map with the 604 | * specified request/response details. This will overwrite the details of 605 | * any existing matching item in the site map. 606 | * 607 | * @param item Details of the item to be added to the site map 608 | */ 609 | void addToSiteMap(IHttpRequestResponse item); 610 | 611 | /** 612 | * This method can be used to restore Burp's state from a specified saved 613 | * state file. This method blocks until the restore operation is completed, 614 | * and must not be called from the event dispatch thread. 615 | * 616 | * @param file The file containing Burp's saved state. 617 | */ 618 | void restoreState(java.io.File file); 619 | 620 | /** 621 | * This method can be used to save Burp's state to a specified file. This 622 | * method blocks until the save operation is completed, and must not be 623 | * called from the event dispatch thread. 624 | * 625 | * @param file The file to save Burp's state in. 626 | */ 627 | void saveState(java.io.File file); 628 | 629 | /** 630 | * This method causes Burp to save all of its current configuration as a Map 631 | * of name/value Strings. 632 | * 633 | * @return A Map of name/value Strings reflecting Burp's current 634 | * configuration. 635 | */ 636 | Map saveConfig(); 637 | 638 | /** 639 | * This method causes Burp to load a new configuration from the Map of 640 | * name/value Strings provided. Any settings not specified in the Map will 641 | * be restored to their default values. To selectively update only some 642 | * settings and leave the rest unchanged, you should first call 643 | * saveConfig() to obtain Burp's current configuration, modify 644 | * the relevant items in the Map, and then call 645 | * loadConfig() with the same Map. 646 | * 647 | * @param config A map of name/value Strings to use as Burp's new 648 | * configuration. 649 | */ 650 | void loadConfig(Map config); 651 | 652 | /** 653 | * This method sets the master interception mode for Burp Proxy. 654 | * 655 | * @param enabled Indicates whether interception of Proxy messages should be 656 | * enabled. 657 | */ 658 | void setProxyInterceptionEnabled(boolean enabled); 659 | 660 | /** 661 | * This method retrieves information about the version of Burp in which the 662 | * extension is running. It can be used by extensions to dynamically adjust 663 | * their behavior depending on the functionality and APIs supported by the 664 | * current version. 665 | * 666 | * @return An array of Strings comprised of: the product name (e.g. Burp 667 | * Suite Professional), the major version (e.g. 1.5), the minor version 668 | * (e.g. 03) 669 | */ 670 | String[] getBurpVersion(); 671 | 672 | /** 673 | * This method can be used to shut down Burp programmatically, with an 674 | * optional prompt to the user. If the method returns, the user canceled the 675 | * shutdown prompt. 676 | * 677 | * @param promptUser Indicates whether to prompt the user to confirm the 678 | * shutdown. 679 | */ 680 | void exitSuite(boolean promptUser); 681 | 682 | /** 683 | * This method is used to create a temporary file on disk containing the 684 | * provided data. Extensions can use temporary files for long-term storage 685 | * of runtime data, avoiding the need to retain that data in memory. 686 | * 687 | * @param buffer The data to be saved to a temporary file. 688 | * @return An object that implements the ITempFile interface. 689 | */ 690 | ITempFile saveToTempFile(byte[] buffer); 691 | 692 | /** 693 | * This method is used to save the request and response of an 694 | * IHttpRequestResponse object to temporary files, so that they 695 | * are no longer held in memory. Extensions can used this method to convert 696 | * IHttpRequestResponse objects into a form suitable for 697 | * long-term storage. 698 | * 699 | * @param httpRequestResponse The IHttpRequestResponse object 700 | * whose request and response messages are to be saved to temporary files. 701 | * @return An object that implements the 702 | * IHttpRequestResponsePersisted interface. 703 | */ 704 | IHttpRequestResponsePersisted saveBuffersToTempFiles( 705 | IHttpRequestResponse httpRequestResponse); 706 | 707 | /** 708 | * This method is used to apply markers to an HTTP request or response, at 709 | * offsets into the message that are relevant for some particular purpose. 710 | * Markers are used in various situations, such as specifying Intruder 711 | * payload positions, Scanner insertion points, and highlights in Scanner 712 | * issues. 713 | * 714 | * @param httpRequestResponse The IHttpRequestResponse object 715 | * to which the markers should be applied. 716 | * @param requestMarkers A list of index pairs representing the offsets of 717 | * markers to be applied to the request message. Each item in the list must 718 | * be an int[2] array containing the start and end offsets for the marker. 719 | * The markers in the list should be in sequence and not overlapping. This 720 | * parameter is optional and may be null if no request markers 721 | * are required. 722 | * @param responseMarkers A list of index pairs representing the offsets of 723 | * markers to be applied to the response message. Each item in the list must 724 | * be an int[2] array containing the start and end offsets for the marker. 725 | * The markers in the list should be in sequence and not overlapping. This 726 | * parameter is optional and may be null if no response markers 727 | * are required. 728 | * @return An object that implements the 729 | * IHttpRequestResponseWithMarkers interface. 730 | */ 731 | IHttpRequestResponseWithMarkers applyMarkers( 732 | IHttpRequestResponse httpRequestResponse, 733 | List requestMarkers, 734 | List responseMarkers); 735 | 736 | /** 737 | * This method is used to obtain the descriptive name for the Burp tool 738 | * identified by the tool flag provided. 739 | * 740 | * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY, 741 | * TOOL_SCANNER, etc.). Tool flags are defined within this 742 | * interface. 743 | * @return The descriptive name for the specified tool. 744 | */ 745 | String getToolName(int toolFlag); 746 | 747 | /** 748 | * This method is used to register a new Scanner issue. Note: 749 | * Wherever possible, extensions should implement custom Scanner checks 750 | * using 751 | * IScannerCheck and report issues via those checks, so as to 752 | * integrate with Burp's user-driven workflow, and ensure proper 753 | * consolidation of duplicate reported issues. This method is only designed 754 | * for tasks outside of the normal testing workflow, such as importing 755 | * results from other scanning tools. 756 | * 757 | * @param issue An object created by the extension that implements the 758 | * IScanIssue interface. 759 | */ 760 | void addScanIssue(IScanIssue issue); 761 | 762 | /** 763 | * This method parses the specified request and returns details of each 764 | * request parameter. 765 | * 766 | * @param request The request to be parsed. 767 | * @return An array of: String[] { name, value, type } 768 | * containing details of the parameters contained within the request. 769 | * @deprecated Use IExtensionHelpers.analyzeRequest() instead. 770 | */ 771 | @Deprecated 772 | String[][] getParameters(byte[] request); 773 | 774 | /** 775 | * This method parses the specified request and returns details of each HTTP 776 | * header. 777 | * 778 | * @param message The request to be parsed. 779 | * @return An array of HTTP headers. 780 | * @deprecated Use IExtensionHelpers.analyzeRequest() or 781 | * IExtensionHelpers.analyzeResponse() instead. 782 | */ 783 | @Deprecated 784 | String[] getHeaders(byte[] message); 785 | 786 | /** 787 | * This method can be used to register a new menu item which will appear on 788 | * the various context menus that are used throughout Burp Suite to handle 789 | * user-driven actions. 790 | * 791 | * @param menuItemCaption The caption to be displayed on the menu item. 792 | * @param menuItemHandler The handler to be invoked when the user clicks on 793 | * the menu item. 794 | * @deprecated Use registerContextMenuFactory() instead. 795 | */ 796 | @Deprecated 797 | void registerMenuItem( 798 | String menuItemCaption, 799 | IMenuItemHandler menuItemHandler); 800 | } 801 | -------------------------------------------------------------------------------- /burp/IContextMenuFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | import javax.swing.JMenuItem; 14 | 15 | /** 16 | * Extensions can implement this interface and then call 17 | * IBurpExtenderCallbacks.registerContextMenuFactory() to register 18 | * a factory for custom context menu items. 19 | */ 20 | public interface IContextMenuFactory 21 | { 22 | /** 23 | * This method will be called by Burp when the user invokes a context menu 24 | * anywhere within Burp. The factory can then provide any custom context 25 | * menu items that should be displayed in the context menu, based on the 26 | * details of the menu invocation. 27 | * 28 | * @param invocation An object that implements the 29 | * IMessageEditorTabFactory interface, which the extension can 30 | * query to obtain details of the context menu invocation. 31 | * @return A list of custom menu items (which may include sub-menus, 32 | * checkbox menu items, etc.) that should be displayed. Extensions may 33 | * return 34 | * null from this method, to indicate that no menu items are 35 | * required. 36 | */ 37 | List createMenuItems(IContextMenuInvocation invocation); 38 | } 39 | -------------------------------------------------------------------------------- /burp/IContextMenuInvocation.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IContextMenuInvocation.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.event.InputEvent; 13 | 14 | /** 15 | * This interface is used when Burp calls into an extension-provided 16 | * IContextMenuFactory with details of a context menu invocation. 17 | * The custom context menu factory can query this interface to obtain details of 18 | * the invocation event, in order to determine what menu items should be 19 | * displayed. 20 | */ 21 | public interface IContextMenuInvocation 22 | { 23 | /** 24 | * Used to indicate that the context menu is being invoked in a request 25 | * editor. 26 | */ 27 | static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; 28 | /** 29 | * Used to indicate that the context menu is being invoked in a response 30 | * editor. 31 | */ 32 | static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; 33 | /** 34 | * Used to indicate that the context menu is being invoked in a non-editable 35 | * request viewer. 36 | */ 37 | static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; 38 | /** 39 | * Used to indicate that the context menu is being invoked in a non-editable 40 | * response viewer. 41 | */ 42 | static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; 43 | /** 44 | * Used to indicate that the context menu is being invoked in the Target 45 | * site map tree. 46 | */ 47 | static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4; 48 | /** 49 | * Used to indicate that the context menu is being invoked in the Target 50 | * site map table. 51 | */ 52 | static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; 53 | /** 54 | * Used to indicate that the context menu is being invoked in the Proxy 55 | * history. 56 | */ 57 | static final byte CONTEXT_PROXY_HISTORY = 6; 58 | /** 59 | * Used to indicate that the context menu is being invoked in the Scanner 60 | * results. 61 | */ 62 | static final byte CONTEXT_SCANNER_RESULTS = 7; 63 | /** 64 | * Used to indicate that the context menu is being invoked in the Intruder 65 | * payload positions editor. 66 | */ 67 | static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; 68 | /** 69 | * Used to indicate that the context menu is being invoked in an Intruder 70 | * attack results. 71 | */ 72 | static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; 73 | /** 74 | * Used to indicate that the context menu is being invoked in a search 75 | * results window. 76 | */ 77 | static final byte CONTEXT_SEARCH_RESULTS = 10; 78 | 79 | /** 80 | * This method can be used to retrieve the native Java input event that was 81 | * the trigger for the context menu invocation. 82 | * 83 | * @return The InputEvent that was the trigger for the context 84 | * menu invocation. 85 | */ 86 | InputEvent getInputEvent(); 87 | 88 | /** 89 | * This method can be used to retrieve the Burp tool within which the 90 | * context menu was invoked. 91 | * 92 | * @return A flag indicating the Burp tool within which the context menu was 93 | * invoked. Burp tool flags are defined in the 94 | * IBurpExtenderCallbacks interface. 95 | */ 96 | int getToolFlag(); 97 | 98 | /** 99 | * This method can be used to retrieve the context within which the menu was 100 | * invoked. 101 | * 102 | * @return An index indicating the context within which the menu was 103 | * invoked. The indices used are defined within this interface. 104 | */ 105 | byte getInvocationContext(); 106 | 107 | /** 108 | * This method can be used to retrieve the bounds of the user's selection 109 | * into the current message, if applicable. 110 | * 111 | * @return An int[2] array containing the start and end offsets of the 112 | * user's selection in the current message. If the user has not made any 113 | * selection in the current message, both offsets indicate the position of 114 | * the caret within the editor. If the menu is not being invoked from a 115 | * message editor, the method returns null. 116 | */ 117 | int[] getSelectionBounds(); 118 | 119 | /** 120 | * This method can be used to retrieve details of the HTTP requests / 121 | * responses that were shown or selected by the user when the context menu 122 | * was invoked. 123 | * 124 | * Note: For performance reasons, the objects returned from this 125 | * method are tied to the originating context of the messages within the 126 | * Burp UI. For example, if a context menu is invoked on the Proxy intercept 127 | * panel, then the 128 | * IHttpRequestResponse returned by this method will reflect 129 | * the current contents of the interception panel, and this will change when 130 | * the current message has been forwarded or dropped. If your extension 131 | * needs to store details of the message for which the context menu has been 132 | * invoked, then you should query those details from the 133 | * IHttpRequestResponse at the time of invocation, or you 134 | * should use 135 | * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a 136 | * persistent read-only copy of the 137 | * IHttpRequestResponse. 138 | * 139 | * @return An array of IHttpRequestResponse objects 140 | * representing the items that were shown or selected by the user when the 141 | * context menu was invoked. This method returns null if no 142 | * messages are applicable to the invocation. 143 | */ 144 | IHttpRequestResponse[] getSelectedMessages(); 145 | 146 | /** 147 | * This method can be used to retrieve details of the Scanner issues that 148 | * were selected by the user when the context menu was invoked. 149 | * 150 | * @return An array of IScanIssue objects representing the 151 | * issues that were selected by the user when the context menu was invoked. 152 | * This method returns null if no Scanner issues are applicable 153 | * to the invocation. 154 | */ 155 | IScanIssue[] getSelectedIssues(); 156 | } 157 | -------------------------------------------------------------------------------- /burp/ICookie.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ICookie.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.Date; 13 | 14 | /** 15 | * This interface is used to hold details about an HTTP cookie. 16 | */ 17 | public interface ICookie 18 | { 19 | /** 20 | * This method is used to retrieve the domain for which the cookie is in 21 | * scope. 22 | * 23 | * @return The domain for which the cookie is in scope. Note: For 24 | * cookies that have been analyzed from responses (by calling 25 | * IExtensionHelpers.analyzeResponse() and then 26 | * IResponseInfo.getCookies(), the domain will be 27 | * null if the response did not explicitly set a domain 28 | * attribute for the cookie. 29 | */ 30 | String getDomain(); 31 | 32 | /** 33 | * This method is used to retrieve the expiration time for the cookie. 34 | * 35 | * @return The expiration time for the cookie, or 36 | * null if none is set (i.e., for non-persistent session 37 | * cookies). 38 | */ 39 | Date getExpiration(); 40 | 41 | /** 42 | * This method is used to retrieve the name of the cookie. 43 | * 44 | * @return The name of the cookie. 45 | */ 46 | String getName(); 47 | 48 | /** 49 | * This method is used to retrieve the value of the cookie. 50 | * @return The value of the cookie. 51 | */ 52 | String getValue(); 53 | } 54 | -------------------------------------------------------------------------------- /burp/IExtensionHelpers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionHelpers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface contains a number of helper methods, which extensions can use 17 | * to assist with various common tasks that arise for Burp extensions. 18 | * 19 | * Extensions can call 20 | * IBurpExtenderCallbacks.getHelpers to obtain an instance of this 21 | * interface. 22 | */ 23 | public interface IExtensionHelpers 24 | { 25 | /** 26 | * This method can be used to analyze an HTTP request, and obtain various 27 | * key details about it. 28 | * 29 | * @param request An 30 | * IHttpRequestResponse object containing the request to be 31 | * analyzed. 32 | * @return An 33 | * IRequestInfo object that can be queried to obtain details 34 | * about the request. 35 | */ 36 | IRequestInfo analyzeRequest(IHttpRequestResponse request); 37 | 38 | /** 39 | * This method can be used to analyze an HTTP request, and obtain various 40 | * key details about it. 41 | * 42 | * @param httpService The HTTP service associated with the request. This is 43 | * optional and may be 44 | * null, in which case the resulting 45 | * IRequestInfo object will not include the full request URL. 46 | * @param request The request to be analyzed. 47 | * @return An 48 | * IRequestInfo object that can be queried to obtain details 49 | * about the request. 50 | */ 51 | IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); 52 | 53 | /** 54 | * This method can be used to analyze an HTTP request, and obtain various 55 | * key details about it. The resulting 56 | * IRequestInfo object will not include the full request URL. 57 | * To obtain the full URL, use one of the other overloaded 58 | * analyzeRequest() methods. 59 | * 60 | * @param request The request to be analyzed. 61 | * @return An 62 | * IRequestInfo object that can be queried to obtain details 63 | * about the request. 64 | */ 65 | IRequestInfo analyzeRequest(byte[] request); 66 | 67 | /** 68 | * This method can be used to analyze an HTTP response, and obtain various 69 | * key details about it. 70 | * 71 | * @param response The response to be analyzed. 72 | * @return An 73 | * IResponseInfo object that can be queried to obtain details 74 | * about the response. 75 | */ 76 | IResponseInfo analyzeResponse(byte[] response); 77 | 78 | /** 79 | * This method can be used to retrieve details of a specified parameter 80 | * within an HTTP request. Note: Use 81 | * analyzeRequest() to obtain details of all parameters within 82 | * the request. 83 | * 84 | * @param request The request to be inspected for the specified parameter. 85 | * @param parameterName The name of the parameter to retrieve. 86 | * @return An 87 | * IParameter object that can be queried to obtain details 88 | * about the parameter, or 89 | * null if the parameter was not found. 90 | */ 91 | IParameter getRequestParameter(byte[] request, String parameterName); 92 | 93 | /** 94 | * This method can be used to URL-decode the specified data. 95 | * 96 | * @param data The data to be decoded. 97 | * @return The decoded data. 98 | */ 99 | String urlDecode(String data); 100 | 101 | /** 102 | * This method can be used to URL-encode the specified data. Any characters 103 | * that do not need to be encoded within HTTP requests are not encoded. 104 | * 105 | * @param data The data to be encoded. 106 | * @return The encoded data. 107 | */ 108 | String urlEncode(String data); 109 | 110 | /** 111 | * This method can be used to URL-decode the specified data. 112 | * 113 | * @param data The data to be decoded. 114 | * @return The decoded data. 115 | */ 116 | byte[] urlDecode(byte[] data); 117 | 118 | /** 119 | * This method can be used to URL-encode the specified data. Any characters 120 | * that do not need to be encoded within HTTP requests are not encoded. 121 | * 122 | * @param data The data to be encoded. 123 | * @return The encoded data. 124 | */ 125 | byte[] urlEncode(byte[] data); 126 | 127 | /** 128 | * This method can be used to Base64-decode the specified data. 129 | * 130 | * @param data The data to be decoded. 131 | * @return The decoded data. 132 | */ 133 | byte[] base64Decode(String data); 134 | 135 | /** 136 | * This method can be used to Base64-decode the specified data. 137 | * 138 | * @param data The data to be decoded. 139 | * @return The decoded data. 140 | */ 141 | byte[] base64Decode(byte[] data); 142 | 143 | /** 144 | * This method can be used to Base64-encode the specified data. 145 | * 146 | * @param data The data to be encoded. 147 | * @return The encoded data. 148 | */ 149 | String base64Encode(String data); 150 | 151 | /** 152 | * This method can be used to Base64-encode the specified data. 153 | * 154 | * @param data The data to be encoded. 155 | * @return The encoded data. 156 | */ 157 | String base64Encode(byte[] data); 158 | 159 | /** 160 | * This method can be used to convert data from String form into an array of 161 | * bytes. The conversion does not reflect any particular character set, and 162 | * a character with the hex representation 0xWXYZ will always be converted 163 | * into a byte with the representation 0xYZ. It performs the opposite 164 | * conversion to the method 165 | * bytesToString(), and byte-based data that is converted to a 166 | * String and back again using these two methods is guaranteed to retain its 167 | * integrity (which may not be the case with conversions that reflect a 168 | * given character set). 169 | * 170 | * @param data The data to be converted. 171 | * @return The converted data. 172 | */ 173 | byte[] stringToBytes(String data); 174 | 175 | /** 176 | * This method can be used to convert data from an array of bytes into 177 | * String form. The conversion does not reflect any particular character 178 | * set, and a byte with the representation 0xYZ will always be converted 179 | * into a character with the hex representation 0x00YZ. It performs the 180 | * opposite conversion to the method 181 | * stringToBytes(), and byte-based data that is converted to a 182 | * String and back again using these two methods is guaranteed to retain its 183 | * integrity (which may not be the case with conversions that reflect a 184 | * given character set). 185 | * 186 | * @param data The data to be converted. 187 | * @return The converted data. 188 | */ 189 | String bytesToString(byte[] data); 190 | 191 | /** 192 | * This method searches a piece of data for the first occurrence of a 193 | * specified pattern. It works on byte-based data in a way that is similar 194 | * to the way the native Java method 195 | * String.indexOf() works on String-based data. 196 | * 197 | * @param data The data to be searched. 198 | * @param pattern The pattern to be searched for. 199 | * @param caseSensitive Flags whether or not the search is case-sensitive. 200 | * @param from The offset within 201 | * data where the search should begin. 202 | * @param to The offset within 203 | * data where the search should end. 204 | * @return The offset of the first occurrence of the pattern within the 205 | * specified bounds, or -1 if no match is found. 206 | */ 207 | int indexOf(byte[] data, 208 | byte[] pattern, 209 | boolean caseSensitive, 210 | int from, 211 | int to); 212 | 213 | /** 214 | * This method builds an HTTP message containing the specified headers and 215 | * message body. If applicable, the Content-Length header will be added or 216 | * updated, based on the length of the body. 217 | * 218 | * @param headers A list of headers to include in the message. 219 | * @param body The body of the message, of 220 | * null if the message has an empty body. 221 | * @return The resulting full HTTP message. 222 | */ 223 | byte[] buildHttpMessage(List headers, byte[] body); 224 | 225 | /** 226 | * This method creates a GET request to the specified URL. The headers used 227 | * in the request are determined by the Request headers settings as 228 | * configured in Burp Spider's options. 229 | * 230 | * @param url The URL to which the request should be made. 231 | * @return A request to the specified URL. 232 | */ 233 | byte[] buildHttpRequest(URL url); 234 | 235 | /** 236 | * This method adds a new parameter to an HTTP request, and if appropriate 237 | * updates the Content-Length header. 238 | * 239 | * @param request The request to which the parameter should be added. 240 | * @param parameter An 241 | * IParameter object containing details of the parameter to be 242 | * added. Supported parameter types are: 243 | * PARAM_URL, 244 | * PARAM_BODY and 245 | * PARAM_COOKIE. 246 | * @return A new HTTP request with the new parameter added. 247 | */ 248 | byte[] addParameter(byte[] request, IParameter parameter); 249 | 250 | /** 251 | * This method removes a parameter from an HTTP request, and if appropriate 252 | * updates the Content-Length header. 253 | * 254 | * @param request The request from which the parameter should be removed. 255 | * @param parameter An 256 | * IParameter object containing details of the parameter to be 257 | * removed. Supported parameter types are: 258 | * PARAM_URL, 259 | * PARAM_BODY and 260 | * PARAM_COOKIE. 261 | * @return A new HTTP request with the parameter removed. 262 | */ 263 | byte[] removeParameter(byte[] request, IParameter parameter); 264 | 265 | /** 266 | * This method updates the value of a parameter within an HTTP request, and 267 | * if appropriate updates the Content-Length header. Note: This 268 | * method can only be used to update the value of an existing parameter of a 269 | * specified type. If you need to change the type of an existing parameter, 270 | * you should first call 271 | * removeParameter() to remove the parameter with the old type, 272 | * and then call 273 | * addParameter() to add a parameter with the new type. 274 | * 275 | * @param request The request containing the parameter to be updated. 276 | * @param parameter An 277 | * IParameter object containing details of the parameter to be 278 | * updated. Supported parameter types are: 279 | * PARAM_URL, 280 | * PARAM_BODY and 281 | * PARAM_COOKIE. 282 | * @return A new HTTP request with the parameter updated. 283 | */ 284 | byte[] updateParameter(byte[] request, IParameter parameter); 285 | 286 | /** 287 | * This method can be used to toggle a request's method between GET and 288 | * POST. Parameters are relocated between the URL query string and message 289 | * body as required, and the Content-Length header is created or removed as 290 | * applicable. 291 | * 292 | * @param request The HTTP request whose method should be toggled. 293 | * @return A new HTTP request using the toggled method. 294 | */ 295 | byte[] toggleRequestMethod(byte[] request); 296 | 297 | /** 298 | * This method constructs an 299 | * IHttpService object based on the details provided. 300 | * 301 | * @param host The HTTP service host. 302 | * @param port The HTTP service port. 303 | * @param protocol The HTTP service protocol. 304 | * @return An 305 | * IHttpService object based on the details provided. 306 | */ 307 | IHttpService buildHttpService(String host, int port, String protocol); 308 | 309 | /** 310 | * This method constructs an 311 | * IHttpService object based on the details provided. 312 | * 313 | * @param host The HTTP service host. 314 | * @param port The HTTP service port. 315 | * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. 316 | * @return An 317 | * IHttpService object based on the details provided. 318 | */ 319 | IHttpService buildHttpService(String host, int port, boolean useHttps); 320 | 321 | /** 322 | * This method constructs an 323 | * IParameter object based on the details provided. 324 | * 325 | * @param name The parameter name. 326 | * @param value The parameter value. 327 | * @param type The parameter type, as defined in the 328 | * IParameter interface. 329 | * @return An 330 | * IParameter object based on the details provided. 331 | */ 332 | IParameter buildParameter(String name, String value, byte type); 333 | 334 | /** 335 | * This method constructs an 336 | * IScannerInsertionPoint object based on the details provided. 337 | * It can be used to quickly create a simple insertion point based on a 338 | * fixed payload location within a base request. 339 | * 340 | * @param insertionPointName The name of the insertion point. 341 | * @param baseRequest The request from which to build scan requests. 342 | * @param from The offset of the start of the payload location. 343 | * @param to The offset of the end of the payload location. 344 | * @return An 345 | * IScannerInsertionPoint object based on the details provided. 346 | */ 347 | IScannerInsertionPoint makeScannerInsertionPoint( 348 | String insertionPointName, 349 | byte[] baseRequest, 350 | int from, 351 | int to); 352 | } 353 | -------------------------------------------------------------------------------- /burp/IExtensionStateListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IExtensionStateListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerExtensionStateListener() to 15 | * register an extension state listener. The listener will be notified of 16 | * changes to the extension's state. Note: Any extensions that start 17 | * background threads or open system resources (such as files or database 18 | * connections) should register a listener and terminate threads / close 19 | * resources when the extension is unloaded. 20 | */ 21 | public interface IExtensionStateListener 22 | { 23 | /** 24 | * This method is called when the extension is unloaded. 25 | */ 26 | void extensionUnloaded(); 27 | } 28 | -------------------------------------------------------------------------------- /burp/IHttpListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerHttpListener() to register an 15 | * HTTP listener. The listener will be notified of requests and responses made 16 | * by any Burp tool. Extensions can perform custom analysis or modification of 17 | * these messages by registering an HTTP listener. 18 | */ 19 | public interface IHttpListener 20 | { 21 | /** 22 | * This method is invoked when an HTTP request is about to be issued, and 23 | * when an HTTP response has been received. 24 | * 25 | * @param toolFlag A flag indicating the Burp tool that issued the request. 26 | * Burp tool flags are defined in the 27 | * IBurpExtenderCallbacks interface. 28 | * @param messageIsRequest Flags whether the method is being invoked for a 29 | * request or response. 30 | * @param messageInfo Details of the request / response to be processed. 31 | * Extensions can call the setter methods on this object to update the 32 | * current message and so modify Burp's behavior. 33 | */ 34 | void processHttpMessage(int toolFlag, 35 | boolean messageIsRequest, 36 | IHttpRequestResponse messageInfo); 37 | } 38 | -------------------------------------------------------------------------------- /burp/IHttpRequestResponse.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponse.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve and update details about HTTP messages. 14 | * 15 | * Note: The setter methods generally can only be used before the message 16 | * has been processed, and not in read-only contexts. The getter methods 17 | * relating to response details can only be used after the request has been 18 | * issued. 19 | */ 20 | public interface IHttpRequestResponse 21 | { 22 | /** 23 | * This method is used to retrieve the request message. 24 | * 25 | * @return The request message. 26 | */ 27 | byte[] getRequest(); 28 | 29 | /** 30 | * This method is used to update the request message. 31 | * 32 | * @param message The new request message. 33 | */ 34 | void setRequest(byte[] message); 35 | 36 | /** 37 | * This method is used to retrieve the response message. 38 | * 39 | * @return The response message. 40 | */ 41 | byte[] getResponse(); 42 | 43 | /** 44 | * This method is used to update the response message. 45 | * 46 | * @param message The new response message. 47 | */ 48 | void setResponse(byte[] message); 49 | 50 | /** 51 | * This method is used to retrieve the user-annotated comment for this item, 52 | * if applicable. 53 | * 54 | * @return The user-annotated comment for this item, or null if none is set. 55 | */ 56 | String getComment(); 57 | 58 | /** 59 | * This method is used to update the user-annotated comment for this item. 60 | * 61 | * @param comment The comment to be assigned to this item. 62 | */ 63 | void setComment(String comment); 64 | 65 | /** 66 | * This method is used to retrieve the user-annotated highlight for this 67 | * item, if applicable. 68 | * 69 | * @return The user-annotated highlight for this item, or null if none is 70 | * set. 71 | */ 72 | String getHighlight(); 73 | 74 | /** 75 | * This method is used to update the user-annotated highlight for this item. 76 | * 77 | * @param color The highlight color to be assigned to this item. Accepted 78 | * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, 79 | * or a null String to clear any existing highlight. 80 | */ 81 | void setHighlight(String color); 82 | 83 | /** 84 | * This method is used to retrieve the HTTP service for this request / 85 | * response. 86 | * 87 | * @return An 88 | * IHttpService object containing details of the HTTP service. 89 | */ 90 | IHttpService getHttpService(); 91 | 92 | /** 93 | * This method is used to update the HTTP service for this request / 94 | * response. 95 | * 96 | * @param httpService An 97 | * IHttpService object containing details of the new HTTP 98 | * service. 99 | */ 100 | void setHttpService(IHttpService httpService); 101 | 102 | } 103 | -------------------------------------------------------------------------------- /burp/IHttpRequestResponsePersisted.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponsePersisted.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for an 14 | * IHttpRequestResponse object whose request and response messages 15 | * have been saved to temporary files using 16 | * IBurpExtenderCallbacks.saveBuffersToTempFiles(). 17 | */ 18 | public interface IHttpRequestResponsePersisted extends IHttpRequestResponse 19 | { 20 | /** 21 | * This method is used to permanently delete the saved temporary files. It 22 | * will no longer be possible to retrieve the request or response for this 23 | * item. 24 | */ 25 | void deleteTempFiles(); 26 | } 27 | -------------------------------------------------------------------------------- /burp/IHttpRequestResponseWithMarkers.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpRequestResponseWithMarkers.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used for an 16 | * IHttpRequestResponse object that has had markers applied. 17 | * Extensions can create instances of this interface using 18 | * IBurpExtenderCallbacks.applyMarkers(), or provide their own 19 | * implementation. Markers are used in various situations, such as specifying 20 | * Intruder payload positions, Scanner insertion points, and highlights in 21 | * Scanner issues. 22 | */ 23 | public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse 24 | { 25 | /** 26 | * This method returns the details of the request markers. 27 | * 28 | * @return A list of index pairs representing the offsets of markers for the 29 | * request message. Each item in the list is an int[2] array containing the 30 | * start and end offsets for the marker. The method may return 31 | * null if no request markers are defined. 32 | */ 33 | List getRequestMarkers(); 34 | 35 | /** 36 | * This method returns the details of the response markers. 37 | * 38 | * @return A list of index pairs representing the offsets of markers for the 39 | * response message. Each item in the list is an int[2] array containing the 40 | * start and end offsets for the marker. The method may return 41 | * null if no response markers are defined. 42 | */ 43 | List getResponseMarkers(); 44 | } 45 | -------------------------------------------------------------------------------- /burp/IHttpService.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IHttpService.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to provide details about an HTTP service, to which 14 | * HTTP requests can be sent. 15 | */ 16 | public interface IHttpService 17 | { 18 | /** 19 | * This method returns the hostname or IP address for the service. 20 | * 21 | * @return The hostname or IP address for the service. 22 | */ 23 | String getHost(); 24 | 25 | /** 26 | * This method returns the port number for the service. 27 | * 28 | * @return The port number for the service. 29 | */ 30 | int getPort(); 31 | 32 | /** 33 | * This method returns the protocol for the service. 34 | * 35 | * @return The protocol for the service. Expected values are "http" or 36 | * "https". 37 | */ 38 | String getProtocol(); 39 | } 40 | -------------------------------------------------------------------------------- /burp/IInterceptedProxyMessage.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IInterceptedProxyMessage.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.InetAddress; 13 | 14 | /** 15 | * This interface is used to represent an HTTP message that has been intercepted 16 | * by Burp Proxy. Extensions can register an 17 | * IProxyListener to receive details of proxy messages using this 18 | * interface. * 19 | */ 20 | public interface IInterceptedProxyMessage 21 | { 22 | /** 23 | * This action causes Burp Proxy to follow the current interception rules to 24 | * determine the appropriate action to take for the message. 25 | */ 26 | static final int ACTION_FOLLOW_RULES = 0; 27 | /** 28 | * This action causes Burp Proxy to present the message to the user for 29 | * manual review or modification. 30 | */ 31 | static final int ACTION_DO_INTERCEPT = 1; 32 | /** 33 | * This action causes Burp Proxy to forward the message to the remote server 34 | * or client, without presenting it to the user. 35 | */ 36 | static final int ACTION_DONT_INTERCEPT = 2; 37 | /** 38 | * This action causes Burp Proxy to drop the message. 39 | */ 40 | static final int ACTION_DROP = 3; 41 | /** 42 | * This action causes Burp Proxy to follow the current interception rules to 43 | * determine the appropriate action to take for the message, and then make a 44 | * second call to processProxyMessage. 45 | */ 46 | static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; 47 | /** 48 | * This action causes Burp Proxy to present the message to the user for 49 | * manual review or modification, and then make a second call to 50 | * processProxyMessage. 51 | */ 52 | static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; 53 | /** 54 | * This action causes Burp Proxy to skip user interception, and then make a 55 | * second call to processProxyMessage. 56 | */ 57 | static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; 58 | 59 | /** 60 | * This method retrieves a unique reference number for this 61 | * request/response. 62 | * 63 | * @return An identifier that is unique to a single request/response pair. 64 | * Extensions can use this to correlate details of requests and responses 65 | * and perform processing on the response message accordingly. 66 | */ 67 | int getMessageReference(); 68 | 69 | /** 70 | * This method retrieves details of the intercepted message. 71 | * 72 | * @return An IHttpRequestResponse object containing details of 73 | * the intercepted message. 74 | */ 75 | IHttpRequestResponse getMessageInfo(); 76 | 77 | /** 78 | * This method retrieves the currently defined interception action. The 79 | * default action is 80 | * ACTION_FOLLOW_RULES. If multiple proxy listeners are 81 | * registered, then other listeners may already have modified the 82 | * interception action before it reaches the current listener. This method 83 | * can be used to determine whether this has occurred. 84 | * 85 | * @return The currently defined interception action. Possible values are 86 | * defined within this interface. 87 | */ 88 | int getInterceptAction(); 89 | 90 | /** 91 | * This method is used to update the interception action. 92 | * 93 | * @param interceptAction The new interception action. Possible values are 94 | * defined within this interface. 95 | */ 96 | void setInterceptAction(int interceptAction); 97 | 98 | /** 99 | * This method retrieves the name of the Burp Proxy listener that is 100 | * processing the intercepted message. 101 | * 102 | * @return The name of the Burp Proxy listener that is processing the 103 | * intercepted message. The format is the same as that shown in the Proxy 104 | * Listeners UI - for example, "127.0.0.1:8080". 105 | */ 106 | String getListenerInterface(); 107 | 108 | /** 109 | * This method retrieves the client IP address from which the request for 110 | * the intercepted message was received. 111 | * 112 | * @return The client IP address from which the request for the intercepted 113 | * message was received. 114 | */ 115 | InetAddress getClientIpAddress(); 116 | } 117 | -------------------------------------------------------------------------------- /burp/IIntruderAttack.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderAttack.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an Intruder attack. 14 | */ 15 | public interface IIntruderAttack 16 | { 17 | /** 18 | * This method is used to retrieve the HTTP service for the attack. 19 | * 20 | * @return The HTTP service for the attack. 21 | */ 22 | IHttpService getHttpService(); 23 | 24 | /** 25 | * This method is used to retrieve the request template for the attack. 26 | * 27 | * @return The request template for the attack. 28 | */ 29 | byte[] getRequestTemplate(); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /burp/IIntruderPayloadGenerator.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGenerator.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used for custom Intruder payload generators. Extensions 14 | * that have registered an 15 | * IIntruderPayloadGeneratorFactory must return a new instance of 16 | * this interface when required as part of a new Intruder attack. 17 | */ 18 | public interface IIntruderPayloadGenerator 19 | { 20 | /** 21 | * This method is used by Burp to determine whether the payload generator is 22 | * able to provide any further payloads. 23 | * 24 | * @return Extensions should return 25 | * false when all the available payloads have been used up, 26 | * otherwise 27 | * true. 28 | */ 29 | boolean hasMorePayloads(); 30 | 31 | /** 32 | * This method is used by Burp to obtain the value of the next payload. 33 | * 34 | * @param baseValue The base value of the current payload position. This 35 | * value may be 36 | * null if the concept of a base value is not applicable (e.g. 37 | * in a battering ram attack). 38 | * @return The next payload to use in the attack. 39 | */ 40 | byte[] getNextPayload(byte[] baseValue); 41 | 42 | /** 43 | * This method is used by Burp to reset the state of the payload generator 44 | * so that the next call to 45 | * getNextPayload() returns the first payload again. This 46 | * method will be invoked when an attack uses the same payload generator for 47 | * more than one payload position, for example in a sniper attack. 48 | */ 49 | void reset(); 50 | } 51 | -------------------------------------------------------------------------------- /burp/IIntruderPayloadGeneratorFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadGeneratorFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() 15 | * to register a factory for custom Intruder payloads. 16 | */ 17 | public interface IIntruderPayloadGeneratorFactory 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload generator. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use extension-generated payloads. 23 | * 24 | * @return The name of the payload generator. 25 | */ 26 | String getGeneratorName(); 27 | 28 | /** 29 | * This method is used by Burp when the user starts an Intruder attack that 30 | * uses this payload generator. 31 | * 32 | * @param attack An 33 | * IIntruderAttack object that can be queried to obtain details 34 | * about the attack in which the payload generator will be used. 35 | * @return A new instance of 36 | * IIntruderPayloadGenerator that will be used to generate 37 | * payloads for the attack. 38 | */ 39 | IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); 40 | } 41 | -------------------------------------------------------------------------------- /burp/IIntruderPayloadProcessor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IIntruderPayloadProcessor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to 15 | * register a custom Intruder payload processor. 16 | */ 17 | public interface IIntruderPayloadProcessor 18 | { 19 | /** 20 | * This method is used by Burp to obtain the name of the payload processor. 21 | * This will be displayed as an option within the Intruder UI when the user 22 | * selects to use an extension-provided payload processor. 23 | * 24 | * @return The name of the payload processor. 25 | */ 26 | String getProcessorName(); 27 | 28 | /** 29 | * This method is invoked by Burp each time the processor should be applied 30 | * to an Intruder payload. 31 | * 32 | * @param currentPayload The value of the payload to be processed. 33 | * @param originalPayload The value of the original payload prior to 34 | * processing by any already-applied processing rules. 35 | * @param baseValue The base value of the payload position, which will be 36 | * replaced with the current payload. 37 | * @return The value of the processed payload. This may be 38 | * null to indicate that the current payload should be skipped, 39 | * and the attack will move directly to the next payload. 40 | */ 41 | byte[] processPayload( 42 | byte[] currentPayload, 43 | byte[] originalPayload, 44 | byte[] baseValue); 45 | } 46 | -------------------------------------------------------------------------------- /burp/IMenuItemHandler.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMenuItemHandler.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMenuItem() to register a custom 15 | * context menu item. 16 | * 17 | * @deprecated Use 18 | * IContextMenuFactory instead. 19 | */ 20 | @Deprecated 21 | public interface IMenuItemHandler 22 | { 23 | /** 24 | * This method is invoked by Burp Suite when the user clicks on a custom 25 | * menu item which the extension has registered with Burp. 26 | * 27 | * @param menuItemCaption The caption of the menu item which was clicked. 28 | * This parameter enables extensions to provide a single implementation 29 | * which handles multiple different menu items. 30 | * @param messageInfo Details of the HTTP message(s) for which the context 31 | * menu was displayed. 32 | */ 33 | void menuItemClicked( 34 | String menuItemCaption, 35 | IHttpRequestResponse[] messageInfo); 36 | } 37 | -------------------------------------------------------------------------------- /burp/IMessageEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's HTTP 16 | * message editor, for the extension to use in its own UI. Extensions should 17 | * call 18 | * IBurpExtenderCallbacks.createMessageEditor() to obtain an 19 | * instance of this interface. 20 | */ 21 | public interface IMessageEditor 22 | { 23 | /** 24 | * This method returns the UI component of the editor, for extensions to add 25 | * to their own UI. 26 | * 27 | * @return The UI component of the editor. 28 | */ 29 | Component getComponent(); 30 | 31 | /** 32 | * This method is used to display an HTTP message in the editor. 33 | * 34 | * @param message The HTTP message to be displayed. 35 | * @param isRequest Flags whether the message is an HTTP request or 36 | * response. 37 | */ 38 | void setMessage(byte[] message, boolean isRequest); 39 | 40 | /** 41 | * This method is used to retrieve the currently displayed message, which 42 | * may have been modified by the user. 43 | * 44 | * @return The currently displayed HTTP message. 45 | */ 46 | byte[] getMessage(); 47 | 48 | /** 49 | * This method is used to determine whether the current message has been 50 | * modified by the user. 51 | * 52 | * @return An indication of whether the current message has been modified by 53 | * the user since it was first displayed. 54 | */ 55 | boolean isMessageModified(); 56 | 57 | /** 58 | * This method returns the data that is currently selected by the user. 59 | * 60 | * @return The data that is currently selected by the user, or 61 | * null if no selection is made. 62 | */ 63 | byte[] getSelectedData(); 64 | } 65 | -------------------------------------------------------------------------------- /burp/IMessageEditorController.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorController.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used by an 14 | * IMessageEditor to obtain details about the currently displayed 15 | * message. Extensions that create instances of Burp's HTTP message editor can 16 | * optionally provide an implementation of 17 | * IMessageEditorController, which the editor will invoke when it 18 | * requires further information about the current message (for example, to send 19 | * it to another Burp tool). Extensions that provide custom editor tabs via an 20 | * IMessageEditorTabFactory will receive a reference to an 21 | * IMessageEditorController object for each tab instance they 22 | * generate, which the tab can invoke if it requires further information about 23 | * the current message. 24 | */ 25 | public interface IMessageEditorController 26 | { 27 | /** 28 | * This method is used to retrieve the HTTP service for the current message. 29 | * 30 | * @return The HTTP service for the current message. 31 | */ 32 | IHttpService getHttpService(); 33 | 34 | /** 35 | * This method is used to retrieve the HTTP request associated with the 36 | * current message (which may itself be a response). 37 | * 38 | * @return The HTTP request associated with the current message. 39 | */ 40 | byte[] getRequest(); 41 | 42 | /** 43 | * This method is used to retrieve the HTTP response associated with the 44 | * current message (which may itself be a request). 45 | * 46 | * @return The HTTP response associated with the current message. 47 | */ 48 | byte[] getResponse(); 49 | } 50 | -------------------------------------------------------------------------------- /burp/IMessageEditorTab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * Extensions that register an 16 | * IMessageEditorTabFactory must return instances of this 17 | * interface, which Burp will use to create custom tabs within its HTTP message 18 | * editors. 19 | */ 20 | public interface IMessageEditorTab 21 | { 22 | /** 23 | * This method returns the caption that should appear on the custom tab when 24 | * it is displayed. Note: Burp invokes this method once when the tab 25 | * is first generated, and the same caption will be used every time the tab 26 | * is displayed. 27 | * 28 | * @return The caption that should appear on the custom tab when it is 29 | * displayed. 30 | */ 31 | String getTabCaption(); 32 | 33 | /** 34 | * This method returns the component that should be used as the contents of 35 | * the custom tab when it is displayed. Note: Burp invokes this 36 | * method once when the tab is first generated, and the same component will 37 | * be used every time the tab is displayed. 38 | * 39 | * @return The component that should be used as the contents of the custom 40 | * tab when it is displayed. 41 | */ 42 | Component getUiComponent(); 43 | 44 | /** 45 | * The hosting editor will invoke this method before it displays a new HTTP 46 | * message, so that the custom tab can indicate whether it should be enabled 47 | * for that message. 48 | * 49 | * @param content The message that is about to be displayed. 50 | * @param isRequest Indicates whether the message is a request or a 51 | * response. 52 | * @return The method should return 53 | * true if the custom tab is able to handle the specified 54 | * message, and so will be displayed within the editor. Otherwise, the tab 55 | * will be hidden while this message is displayed. 56 | */ 57 | boolean isEnabled(byte[] content, boolean isRequest); 58 | 59 | /** 60 | * The hosting editor will invoke this method to display a new message or to 61 | * clear the existing message. This method will only be called with a new 62 | * message if the tab has already returned 63 | * true to a call to 64 | * isEnabled() with the same message details. 65 | * 66 | * @param content The message that is to be displayed, or 67 | * null if the tab should clear its contents and disable any 68 | * editable controls. 69 | * @param isRequest Indicates whether the message is a request or a 70 | * response. 71 | */ 72 | void setMessage(byte[] content, boolean isRequest); 73 | 74 | /** 75 | * This method returns the currently displayed message. 76 | * 77 | * @return The currently displayed message. 78 | */ 79 | byte[] getMessage(); 80 | 81 | /** 82 | * This method is used to determine whether the currently displayed message 83 | * has been modified by the user. The hosting editor will always call 84 | * getMessage() before calling this method, so any pending 85 | * edits should be completed within 86 | * getMessage(). 87 | * 88 | * @return The method should return 89 | * true if the user has modified the current message since it 90 | * was first displayed. 91 | */ 92 | boolean isModified(); 93 | 94 | /** 95 | * This method is used to retrieve the data that is currently selected by 96 | * the user. 97 | * 98 | * @return The data that is currently selected by the user. This may be 99 | * null if no selection is currently made. 100 | */ 101 | byte[] getSelectedData(); 102 | } 103 | -------------------------------------------------------------------------------- /burp/IMessageEditorTabFactory.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IMessageEditorTabFactory.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to 15 | * register a factory for custom message editor tabs. This allows extensions to 16 | * provide custom rendering or editing of HTTP messages, within Burp's own HTTP 17 | * editor. 18 | */ 19 | public interface IMessageEditorTabFactory 20 | { 21 | /** 22 | * Burp will call this method once for each HTTP message editor, and the 23 | * factory should provide a new instance of an 24 | * IMessageEditorTab object. 25 | * 26 | * @param controller An 27 | * IMessageEditorController object, which the new tab can query 28 | * to retrieve details about the currently displayed message. This may be 29 | * null for extension-invoked message editors where the 30 | * extension has not provided an editor controller. 31 | * @param editable Indicates whether the hosting editor is editable or 32 | * read-only. 33 | * @return A new 34 | * IMessageEditorTab object for use within the message editor. 35 | */ 36 | IMessageEditorTab createNewInstance(IMessageEditorController controller, 37 | boolean editable); 38 | } 39 | -------------------------------------------------------------------------------- /burp/IParameter.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IParameter.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details about an HTTP request parameter. 14 | */ 15 | public interface IParameter 16 | { 17 | /** 18 | * Used to indicate a parameter within the URL query string. 19 | */ 20 | static final byte PARAM_URL = 0; 21 | /** 22 | * Used to indicate a parameter within the message body. 23 | */ 24 | static final byte PARAM_BODY = 1; 25 | /** 26 | * Used to indicate an HTTP cookie. 27 | */ 28 | static final byte PARAM_COOKIE = 2; 29 | /** 30 | * Used to indicate an item of data within an XML structure. 31 | */ 32 | static final byte PARAM_XML = 3; 33 | /** 34 | * Used to indicate the value of a tag attribute within an XML structure. 35 | */ 36 | static final byte PARAM_XML_ATTR = 4; 37 | /** 38 | * Used to indicate the value of a parameter attribute within a multi-part 39 | * message body (such as the name of an uploaded file). 40 | */ 41 | static final byte PARAM_MULTIPART_ATTR = 5; 42 | /** 43 | * Used to indicate an item of data within a JSON structure. 44 | */ 45 | static final byte PARAM_JSON = 6; 46 | 47 | /** 48 | * This method is used to retrieve the parameter type. 49 | * 50 | * @return The parameter type. The available types are defined within this 51 | * interface. 52 | */ 53 | byte getType(); 54 | 55 | /** 56 | * This method is used to retrieve the parameter name. 57 | * 58 | * @return The parameter name. 59 | */ 60 | String getName(); 61 | 62 | /** 63 | * This method is used to retrieve the parameter value. 64 | * 65 | * @return The parameter value. 66 | */ 67 | String getValue(); 68 | 69 | /** 70 | * This method is used to retrieve the start offset of the parameter name 71 | * within the HTTP request. 72 | * 73 | * @return The start offset of the parameter name within the HTTP request, 74 | * or -1 if the parameter is not associated with a specific request. 75 | */ 76 | int getNameStart(); 77 | 78 | /** 79 | * This method is used to retrieve the end offset of the parameter name 80 | * within the HTTP request. 81 | * 82 | * @return The end offset of the parameter name within the HTTP request, or 83 | * -1 if the parameter is not associated with a specific request. 84 | */ 85 | int getNameEnd(); 86 | 87 | /** 88 | * This method is used to retrieve the start offset of the parameter value 89 | * within the HTTP request. 90 | * 91 | * @return The start offset of the parameter value within the HTTP request, 92 | * or -1 if the parameter is not associated with a specific request. 93 | */ 94 | int getValueStart(); 95 | 96 | /** 97 | * This method is used to retrieve the end offset of the parameter value 98 | * within the HTTP request. 99 | * 100 | * @return The end offset of the parameter value within the HTTP request, or 101 | * -1 if the parameter is not associated with a specific request. 102 | */ 103 | int getValueEnd(); 104 | } 105 | -------------------------------------------------------------------------------- /burp/IProxyListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IProxyListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerProxyListener() to register a 15 | * Proxy listener. The listener will be notified of requests and responses being 16 | * processed by the Proxy tool. Extensions can perform custom analysis or 17 | * modification of these messages, and control in-UI message interception, by 18 | * registering a proxy listener. 19 | */ 20 | public interface IProxyListener 21 | { 22 | /** 23 | * This method is invoked when an HTTP message is being processed by the 24 | * Proxy. 25 | * 26 | * @param messageIsRequest Indicates whether the HTTP message is a request 27 | * or a response. 28 | * @param message An 29 | * IInterceptedProxyMessage object that extensions can use to 30 | * query and update details of the message, and control whether the message 31 | * should be intercepted and displayed to the user for manual review or 32 | * modification. 33 | */ 34 | void processProxyMessage( 35 | boolean messageIsRequest, 36 | IInterceptedProxyMessage message); 37 | } 38 | -------------------------------------------------------------------------------- /burp/IRequestInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IRequestInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.net.URL; 13 | import java.util.List; 14 | 15 | /** 16 | * This interface is used to retrieve key details about an HTTP request. 17 | * Extensions can obtain an 18 | * IRequestInfo object for a given request by calling 19 | * IExtensionHelpers.analyzeRequest(). 20 | */ 21 | public interface IRequestInfo 22 | { 23 | /** 24 | * Used to indicate that there is no content. 25 | */ 26 | static final byte CONTENT_TYPE_NONE = 0; 27 | /** 28 | * Used to indicate URL-encoded content. 29 | */ 30 | static final byte CONTENT_TYPE_URL_ENCODED = 1; 31 | /** 32 | * Used to indicate multi-part content. 33 | */ 34 | static final byte CONTENT_TYPE_MULTIPART = 2; 35 | /** 36 | * Used to indicate XML content. 37 | */ 38 | static final byte CONTENT_TYPE_XML = 3; 39 | /** 40 | * Used to indicate JSON content. 41 | */ 42 | static final byte CONTENT_TYPE_JSON = 4; 43 | /** 44 | * Used to indicate AMF content. 45 | */ 46 | static final byte CONTENT_TYPE_AMF = 5; 47 | /** 48 | * Used to indicate unknown content. 49 | */ 50 | static final byte CONTENT_TYPE_UNKNOWN = -1; 51 | 52 | /** 53 | * This method is used to obtain the HTTP method used in the request. 54 | * 55 | * @return The HTTP method used in the request. 56 | */ 57 | String getMethod(); 58 | 59 | /** 60 | * This method is used to obtain the URL in the request. 61 | * 62 | * @return The URL in the request. 63 | */ 64 | URL getUrl(); 65 | 66 | /** 67 | * This method is used to obtain the HTTP headers contained in the request. 68 | * 69 | * @return The HTTP headers contained in the request. 70 | */ 71 | List getHeaders(); 72 | 73 | /** 74 | * This method is used to obtain the parameters contained in the request. 75 | * 76 | * @return The parameters contained in the request. 77 | */ 78 | List getParameters(); 79 | 80 | /** 81 | * This method is used to obtain the offset within the request where the 82 | * message body begins. 83 | * 84 | * @return The offset within the request where the message body begins. 85 | */ 86 | int getBodyOffset(); 87 | 88 | /** 89 | * This method is used to obtain the content type of the message body. 90 | * 91 | * @return An indication of the content type of the message body. Available 92 | * types are defined within this interface. 93 | */ 94 | byte getContentType(); 95 | } 96 | -------------------------------------------------------------------------------- /burp/IResponseInfo.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IResponseInfo.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * This interface is used to retrieve key details about an HTTP response. 16 | * Extensions can obtain an 17 | * IResponseInfo object for a given response by calling 18 | * IExtensionHelpers.analyzeResponse(). 19 | */ 20 | public interface IResponseInfo 21 | { 22 | /** 23 | * This method is used to obtain the HTTP headers contained in the response. 24 | * 25 | * @return The HTTP headers contained in the response. 26 | */ 27 | List getHeaders(); 28 | 29 | /** 30 | * This method is used to obtain the offset within the response where the 31 | * message body begins. 32 | * 33 | * @return The offset within the response where the message body begins. 34 | */ 35 | int getBodyOffset(); 36 | 37 | /** 38 | * This method is used to obtain the HTTP status code contained in the 39 | * response. 40 | * 41 | * @return The HTTP status code contained in the response. 42 | */ 43 | short getStatusCode(); 44 | 45 | /** 46 | * This method is used to obtain details of the HTTP cookies set in the 47 | * response. 48 | * 49 | * @return A list of ICookie objects representing the cookies 50 | * set in the response, if any. 51 | */ 52 | List getCookies(); 53 | 54 | /** 55 | * This method is used to obtain the MIME type of the response, as stated in 56 | * the HTTP headers. 57 | * 58 | * @return A textual label for the stated MIME type, or an empty String if 59 | * this is not known or recognized. The possible labels are the same as 60 | * those used in the main Burp UI. 61 | */ 62 | String getStatedMimeType(); 63 | 64 | /** 65 | * This method is used to obtain the MIME type of the response, as inferred 66 | * from the contents of the HTTP message body. 67 | * 68 | * @return A textual label for the inferred MIME type, or an empty String if 69 | * this is not known or recognized. The possible labels are the same as 70 | * those used in the main Burp UI. 71 | */ 72 | String getInferredMimeType(); 73 | } 74 | -------------------------------------------------------------------------------- /burp/IScanIssue.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanIssue.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of Scanner issues. Extensions can 14 | * obtain details of issues by registering an 15 | * IScannerListener or by calling 16 | * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add 17 | * custom Scanner issues by registering an 18 | * IScannerCheck or calling 19 | * IBurpExtenderCallbacks.addScanIssue(), and providing their own 20 | * implementations of this interface 21 | */ 22 | public interface IScanIssue 23 | { 24 | /** 25 | * This method returns the URL for which the issue was generated. 26 | * 27 | * @return The URL for which the issue was generated. 28 | */ 29 | java.net.URL getUrl(); 30 | 31 | /** 32 | * This method returns the name of the issue type. 33 | * 34 | * @return The name of the issue type (e.g. "SQL injection"). 35 | */ 36 | String getIssueName(); 37 | 38 | /** 39 | * This method returns a numeric identifier of the issue type. See the Burp 40 | * Scanner help documentation for a listing of all the issue types. 41 | * 42 | * @return A numeric identifier of the issue type. 43 | */ 44 | int getIssueType(); 45 | 46 | /** 47 | * This method returns the issue severity level. 48 | * 49 | * @return The issue severity level. Expected values are "High", "Medium", 50 | * "Low", "Information" or "False positive". 51 | * 52 | */ 53 | String getSeverity(); 54 | 55 | /** 56 | * This method returns the issue confidence level. 57 | * 58 | * @return The issue confidence level. Expected values are "Certain", "Firm" 59 | * or "Tentative". 60 | */ 61 | String getConfidence(); 62 | 63 | /** 64 | * This method returns a background description for this type of issue. 65 | * 66 | * @return A background description for this type of issue, or 67 | * null if none applies. 68 | */ 69 | String getIssueBackground(); 70 | 71 | /** 72 | * This method returns a background description of the remediation for this 73 | * type of issue. 74 | * 75 | * @return A background description of the remediation for this type of 76 | * issue, or 77 | * null if none applies. 78 | */ 79 | String getRemediationBackground(); 80 | 81 | /** 82 | * This method returns detailed information about this specific instance of 83 | * the issue. 84 | * 85 | * @return Detailed information about this specific instance of the issue, 86 | * or 87 | * null if none applies. 88 | */ 89 | String getIssueDetail(); 90 | 91 | /** 92 | * This method returns detailed information about the remediation for this 93 | * specific instance of the issue. 94 | * 95 | * @return Detailed information about the remediation for this specific 96 | * instance of the issue, or 97 | * null if none applies. 98 | */ 99 | String getRemediationDetail(); 100 | 101 | /** 102 | * This method returns the HTTP messages on the basis of which the issue was 103 | * generated. 104 | * 105 | * @return The HTTP messages on the basis of which the issue was generated. 106 | * Note: The items in this array should be instances of 107 | * IHttpRequestResponseWithMarkers if applicable, so that 108 | * details of the relevant portions of the request and response messages are 109 | * available. 110 | */ 111 | IHttpRequestResponse[] getHttpMessages(); 112 | 113 | /** 114 | * This method returns the HTTP service for which the issue was generated. 115 | * 116 | * @return The HTTP service for which the issue was generated. 117 | */ 118 | IHttpService getHttpService(); 119 | 120 | } 121 | -------------------------------------------------------------------------------- /burp/IScanQueueItem.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScanQueueItem.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to retrieve details of items in the Burp Scanner 14 | * active scan queue. Extensions can obtain references to scan queue items by 15 | * calling 16 | * IBurpExtenderCallbacks.doActiveScan(). 17 | */ 18 | public interface IScanQueueItem 19 | { 20 | /** 21 | * This method returns a description of the status of the scan queue item. 22 | * 23 | * @return A description of the status of the scan queue item. 24 | */ 25 | String getStatus(); 26 | 27 | /** 28 | * This method returns an indication of the percentage completed for the 29 | * scan queue item. 30 | * 31 | * @return An indication of the percentage completed for the scan queue 32 | * item. 33 | */ 34 | byte getPercentageComplete(); 35 | 36 | /** 37 | * This method returns the number of requests that have been made for the 38 | * scan queue item. 39 | * 40 | * @return The number of requests that have been made for the scan queue 41 | * item. 42 | */ 43 | int getNumRequests(); 44 | 45 | /** 46 | * This method returns the number of network errors that have occurred for 47 | * the scan queue item. 48 | * 49 | * @return The number of network errors that have occurred for the scan 50 | * queue item. 51 | */ 52 | int getNumErrors(); 53 | 54 | /** 55 | * This method returns the number of attack insertion points being used for 56 | * the scan queue item. 57 | * 58 | * @return The number of attack insertion points being used for the scan 59 | * queue item. 60 | */ 61 | int getNumInsertionPoints(); 62 | 63 | /** 64 | * This method allows the scan queue item to be canceled. 65 | */ 66 | void cancel(); 67 | 68 | /** 69 | * This method returns details of the issues generated for the scan queue 70 | * item. Note: different items within the scan queue may contain 71 | * duplicated versions of the same issues - for example, if the same request 72 | * has been scanned multiple times. Duplicated issues are consolidated in 73 | * the main view of scan results. Extensions can register an 74 | * IScannerListener to get details only of unique, newly 75 | * discovered Scanner issues post-consolidation. 76 | * 77 | * @return Details of the issues generated for the scan queue item. 78 | */ 79 | IScanIssue[] getIssues(); 80 | } 81 | -------------------------------------------------------------------------------- /burp/IScannerCheck.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerCheck.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerCheck() to register a 17 | * custom Scanner check. When performing scanning, Burp will ask the check to 18 | * perform active or passive scanning on the base request, and report any 19 | * Scanner issues that are identified. 20 | */ 21 | public interface IScannerCheck 22 | { 23 | /** 24 | * The Scanner invokes this method for each base request / response that is 25 | * passively scanned. Note: Extensions should not only analyze the 26 | * HTTP messages provided during passive scanning, and should not make any 27 | * new HTTP requests of their own. 28 | * 29 | * @param baseRequestResponse The base HTTP request / response that should 30 | * be passively scanned. 31 | * @return A list of 32 | * IScanIssue objects, or 33 | * null if no issues are identified. 34 | */ 35 | List doPassiveScan(IHttpRequestResponse baseRequestResponse); 36 | 37 | /** 38 | * The Scanner invokes this method for each insertion point that is actively 39 | * scanned. Extensions may issue HTTP requests as required to carry out 40 | * active scanning, and should use the 41 | * IScannerInsertionPoint object provided to build scan 42 | * requests for particular payloads. Note: Extensions are responsible 43 | * for ensuring that attack payloads are suitably encoded within requests 44 | * (for example, by URL-encoding relevant metacharacters in the URL query 45 | * string). Encoding is not automatically carried out by the 46 | * IScannerInsertionPoint, because this would prevent Scanner 47 | * checks from testing for certain input filter bypasses. Extensions should 48 | * query the 49 | * IScannerInsertionPoint to determine its type, and apply any 50 | * encoding that may be appropriate. 51 | * 52 | * @param baseRequestResponse The base HTTP request / response that should 53 | * be actively scanned. 54 | * @param insertionPoint An 55 | * IScannerInsertionPoint object that can be queried to obtain 56 | * details of the insertion point being tested, and can be used to build 57 | * scan requests for particular payloads. 58 | * @return A list of 59 | * IScanIssue objects, or 60 | * null if no issues are identified. 61 | */ 62 | List doActiveScan( 63 | IHttpRequestResponse baseRequestResponse, 64 | IScannerInsertionPoint insertionPoint); 65 | 66 | /** 67 | * The Scanner invokes this method when the custom Scanner check has 68 | * reported multiple issues for the same URL path. This can arise either 69 | * because there are multiple distinct vulnerabilities, or because the same 70 | * (or a similar) request has been scanned more than once. The custom check 71 | * should determine whether the issues are duplicates. In most cases, where 72 | * a check uses distinct issue names or descriptions for distinct issues, 73 | * the consolidation process will simply be a matter of comparing these 74 | * features for the two issues. 75 | * 76 | * @param existingIssue An issue that was previously reported by this 77 | * Scanner check. 78 | * @param newIssue An issue at the same URL path that has been newly 79 | * reported by this Scanner check. 80 | * @return An indication of which issue(s) should be reported in the main 81 | * Scanner results. The method should return 82 | * -1 to report the existing issue only, 83 | * 0 to report both issues, and 84 | * 1 to report the new issue only. 85 | */ 86 | int consolidateDuplicateIssues( 87 | IScanIssue existingIssue, 88 | IScanIssue newIssue); 89 | } 90 | -------------------------------------------------------------------------------- /burp/IScannerInsertionPoint.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPoint.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to define an insertion point for use by active Scanner 14 | * checks. Extensions can obtain instances of this interface by registering an 15 | * IScannerCheck, or can create instances for use by Burp's own 16 | * scan checks by registering an 17 | * IScannerInsertionPointProvider. 18 | */ 19 | public interface IScannerInsertionPoint 20 | { 21 | /** 22 | * Used to indicate where the payload is inserted into the value of a URL 23 | * parameter. 24 | */ 25 | static final byte INS_PARAM_URL = 0x00; 26 | /** 27 | * Used to indicate where the payload is inserted into the value of a body 28 | * parameter. 29 | */ 30 | static final byte INS_PARAM_BODY = 0x01; 31 | /** 32 | * Used to indicate where the payload is inserted into the value of an HTTP 33 | * cookie. 34 | */ 35 | static final byte INS_PARAM_COOKIE = 0x02; 36 | /** 37 | * Used to indicate where the payload is inserted into the value of an item 38 | * of data within an XML data structure. 39 | */ 40 | static final byte INS_PARAM_XML = 0x03; 41 | /** 42 | * Used to indicate where the payload is inserted into the value of a tag 43 | * attribute within an XML structure. 44 | */ 45 | static final byte INS_PARAM_XML_ATTR = 0x04; 46 | /** 47 | * Used to indicate where the payload is inserted into the value of a 48 | * parameter attribute within a multi-part message body (such as the name of 49 | * an uploaded file). 50 | */ 51 | static final byte INS_PARAM_MULTIPART_ATTR = 0x05; 52 | /** 53 | * Used to indicate where the payload is inserted into the value of an item 54 | * of data within a JSON structure. 55 | */ 56 | static final byte INS_PARAM_JSON = 0x06; 57 | /** 58 | * Used to indicate where the payload is inserted into the value of an AMF 59 | * parameter. 60 | */ 61 | static final byte INS_PARAM_AMF = 0x07; 62 | /** 63 | * Used to indicate where the payload is inserted into the value of an HTTP 64 | * request header. 65 | */ 66 | static final byte INS_HEADER = 0x20; 67 | /** 68 | * Used to indicate where the payload is inserted into a REST parameter 69 | * within the URL file path. 70 | */ 71 | static final byte INS_URL_REST = 0x21; 72 | /** 73 | * Used to indicate where the payload is inserted into the name of an added 74 | * URL parameter. 75 | */ 76 | static final byte INS_PARAM_NAME_URL = 0x22; 77 | /** 78 | * Used to indicate where the payload is inserted into the name of an added 79 | * body parameter. 80 | */ 81 | static final byte INS_PARAM_NAME_BODY = 0x23; 82 | /** 83 | * Used to indicate where the payload is inserted at a location manually 84 | * configured by the user. 85 | */ 86 | static final byte INS_USER_PROVIDED = 0x40; 87 | /** 88 | * Used to indicate where the insertion point is provided by an 89 | * extension-registered 90 | * IScannerInsertionPointProvider. 91 | */ 92 | static final byte INS_EXTENSION_PROVIDED = 0x41; 93 | /** 94 | * Used to indicate where the payload is inserted at an unknown location 95 | * within the request. 96 | */ 97 | static final byte INS_UNKNOWN = 0x7f; 98 | 99 | /** 100 | * This method returns the name of the insertion point. 101 | * 102 | * @return The name of the insertion point (for example, a description of a 103 | * particular request parameter). 104 | */ 105 | String getInsertionPointName(); 106 | 107 | /** 108 | * This method returns the base value for this insertion point. 109 | * 110 | * @return the base value that appears in this insertion point in the base 111 | * request being scanned, or 112 | * null if there is no value in the base request that 113 | * corresponds to this insertion point. 114 | */ 115 | String getBaseValue(); 116 | 117 | /** 118 | * This method is used to build a request with the specified payload placed 119 | * into the insertion point. Any necessary adjustments to the Content-Length 120 | * header will be made by the Scanner itself when the request is issued, and 121 | * there is no requirement for the insertion point to do this. Note: 122 | * Burp's built-in scan checks do not apply any payload encoding (such as 123 | * URL-encoding) when dealing with an extension-provided insertion point. 124 | * Custom insertion points are responsible for performing any data encoding 125 | * that is necessary given the nature and location of the insertion point. 126 | * 127 | * @param payload The payload that should be placed into the insertion 128 | * point. 129 | * @return The resulting request. 130 | */ 131 | byte[] buildRequest(byte[] payload); 132 | 133 | /** 134 | * This method is used to determine the offsets of the payload value within 135 | * the request, when it is placed into the insertion point. Scan checks may 136 | * invoke this method when reporting issues, so as to highlight the relevant 137 | * part of the request within the UI. 138 | * 139 | * @param payload The payload that should be placed into the insertion 140 | * point. 141 | * @return An int[2] array containing the start and end offsets of the 142 | * payload within the request, or null if this is not applicable (for 143 | * example, where the insertion point places a payload into a serialized 144 | * data structure, the raw payload may not literally appear anywhere within 145 | * the resulting request). 146 | */ 147 | int[] getPayloadOffsets(byte[] payload); 148 | 149 | /** 150 | * This method returns the type of the insertion point. 151 | * 152 | * @return The type of the insertion point. Available types are defined in 153 | * this interface. 154 | */ 155 | byte getInsertionPointType(); 156 | } 157 | -------------------------------------------------------------------------------- /burp/IScannerInsertionPointProvider.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerInsertionPointProvider.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.util.List; 13 | 14 | /** 15 | * Extensions can implement this interface and then call 16 | * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() 17 | * to register a factory for custom Scanner insertion points. 18 | */ 19 | public interface IScannerInsertionPointProvider 20 | { 21 | /** 22 | * When a request is actively scanned, the Scanner will invoke this method, 23 | * and the provider should provide a list of custom insertion points that 24 | * will be used in the scan. Note: these insertion points are used in 25 | * addition to those that are derived from Burp Scanner's configuration, and 26 | * those provided by any other Burp extensions. 27 | * 28 | * @param baseRequestResponse The base request that will be actively 29 | * scanned. 30 | * @return A list of 31 | * IScannerInsertionPoint objects that should be used in the 32 | * scanning, or 33 | * null if no custom insertion points are applicable for this 34 | * request. 35 | */ 36 | List getInsertionPoints( 37 | IHttpRequestResponse baseRequestResponse); 38 | } 39 | -------------------------------------------------------------------------------- /burp/IScannerListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScannerListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScannerListener() to register a 15 | * Scanner listener. The listener will be notified of new issues that are 16 | * reported by the Scanner tool. Extensions can perform custom analysis or 17 | * logging of Scanner issues by registering a Scanner listener. 18 | */ 19 | public interface IScannerListener 20 | { 21 | /** 22 | * This method is invoked when a new issue is added to Burp Scanner's 23 | * results. 24 | * 25 | * @param issue An 26 | * IScanIssue object that the extension can query to obtain 27 | * details about the new issue. 28 | */ 29 | void newScanIssue(IScanIssue issue); 30 | } 31 | -------------------------------------------------------------------------------- /burp/IScopeChangeListener.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)IScopeChangeListener.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register 15 | * a scope change listener. The listener will be notified whenever a change 16 | * occurs to Burp's suite-wide target scope. 17 | */ 18 | public interface IScopeChangeListener 19 | { 20 | /** 21 | * This method is invoked whenever a change occurs to Burp's suite-wide 22 | * target scope. 23 | */ 24 | void scopeChanged(); 25 | } 26 | -------------------------------------------------------------------------------- /burp/ISessionHandlingAction.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ISessionHandlingAction.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * Extensions can implement this interface and then call 14 | * IBurpExtenderCallbacks.registerSessionHandlingAction() to 15 | * register a custom session handling action. Each registered action will be 16 | * available within the session handling rule UI for the user to select as a 17 | * rule action. Users can choose to invoke an action directly in its own right, 18 | * or following execution of a macro. 19 | */ 20 | public interface ISessionHandlingAction 21 | { 22 | /** 23 | * This method is used by Burp to obtain the name of the session handling 24 | * action. This will be displayed as an option within the session handling 25 | * rule editor when the user selects to execute an extension-provided 26 | * action. 27 | * 28 | * @return The name of the action. 29 | */ 30 | String getActionName(); 31 | 32 | /** 33 | * This method is invoked when the session handling action should be 34 | * executed. This may happen as an action in its own right, or as a 35 | * sub-action following execution of a macro. 36 | * 37 | * @param currentRequest The base request that is currently being processed. 38 | * The action can query this object to obtain details about the base 39 | * request. It can issue additional requests of its own if necessary, and 40 | * can use the setter methods on this object to update the base request. 41 | * @param macroItems If the action is invoked following execution of a 42 | * macro, this parameter contains the result of executing the macro. 43 | * Otherwise, it is 44 | * null. Actions can use the details of the macro items to 45 | * perform custom analysis of the macro to derive values of non-standard 46 | * session handling tokens, etc. 47 | */ 48 | void performAction( 49 | IHttpRequestResponse currentRequest, 50 | IHttpRequestResponse[] macroItems); 51 | } 52 | -------------------------------------------------------------------------------- /burp/ITab.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITab.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide Burp with details of a custom tab that will 16 | * be added to Burp's UI, using a method such as 17 | * IBurpExtenderCallbacks.addSuiteTab(). 18 | */ 19 | public interface ITab 20 | { 21 | /** 22 | * Burp uses this method to obtain the caption that should appear on the 23 | * custom tab when it is displayed. 24 | * 25 | * @return The caption that should appear on the custom tab when it is 26 | * displayed. 27 | */ 28 | String getTabCaption(); 29 | 30 | /** 31 | * Burp uses this method to obtain the component that should be used as the 32 | * contents of the custom tab when it is displayed. 33 | * 34 | * @return The component that should be used as the contents of the custom 35 | * tab when it is displayed. 36 | */ 37 | Component getUiComponent(); 38 | } 39 | -------------------------------------------------------------------------------- /burp/ITempFile.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITempFile.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | /** 13 | * This interface is used to hold details of a temporary file that has been 14 | * created via a call to 15 | * IBurpExtenderCallbacks.saveToTempFile(). 16 | * 17 | */ 18 | public interface ITempFile 19 | { 20 | /** 21 | * This method is used to retrieve the contents of the buffer that was saved 22 | * in the temporary file. 23 | * 24 | * @return The contents of the buffer that was saved in the temporary file. 25 | */ 26 | byte[] getBuffer(); 27 | 28 | /** 29 | * This method is used to permanently delete the temporary file when it is 30 | * no longer required. 31 | */ 32 | void delete(); 33 | } 34 | -------------------------------------------------------------------------------- /burp/ITextEditor.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | /* 4 | * @(#)ITextEditor.java 5 | * 6 | * Copyright PortSwigger Ltd. All rights reserved. 7 | * 8 | * This code may be used to extend the functionality of Burp Suite Free Edition 9 | * and Burp Suite Professional, provided that this usage does not violate the 10 | * license terms for those products. 11 | */ 12 | import java.awt.Component; 13 | 14 | /** 15 | * This interface is used to provide extensions with an instance of Burp's raw 16 | * text editor, for the extension to use in its own UI. Extensions should call 17 | * IBurpExtenderCallbacks.createTextEditor() to obtain an instance 18 | * of this interface. 19 | */ 20 | public interface ITextEditor 21 | { 22 | /** 23 | * This method returns the UI component of the editor, for extensions to add 24 | * to their own UI. 25 | * 26 | * @return The UI component of the editor. 27 | */ 28 | Component getComponent(); 29 | 30 | /** 31 | * This method is used to control whether the editor is currently editable. 32 | * This status can be toggled on and off as required. 33 | * 34 | * @param editable Indicates whether the editor should be currently 35 | * editable. 36 | */ 37 | void setEditable(boolean editable); 38 | 39 | /** 40 | * This method is used to update the currently displayed text in the editor. 41 | * 42 | * @param text The text to be displayed. 43 | */ 44 | void setText(byte[] text); 45 | 46 | /** 47 | * This method is used to retrieve the currently displayed text. 48 | * 49 | * @return The currently displayed text. 50 | */ 51 | byte[] getText(); 52 | 53 | /** 54 | * This method is used to determine whether the user has modified the 55 | * contents of the editor. 56 | * 57 | * @return An indication of whether the user has modified the contents of 58 | * the editor since the last call to 59 | * setText(). 60 | */ 61 | boolean isTextModified(); 62 | 63 | /** 64 | * This method is used to obtain the currently selected text. 65 | * 66 | * @return The currently selected text, or 67 | * null if the user has not made any selection. 68 | */ 69 | byte[] getSelectedText(); 70 | 71 | /** 72 | * This method can be used to retrieve the bounds of the user's selection 73 | * into the displayed text, if applicable. 74 | * 75 | * @return An int[2] array containing the start and end offsets of the 76 | * user's selection within the displayed text. If the user has not made any 77 | * selection in the current message, both offsets indicate the position of 78 | * the caret within the editor. 79 | */ 80 | int[] getSelectionBounds(); 81 | 82 | /** 83 | * This method is used to update the search expression that is shown in the 84 | * search bar below the editor. The editor will automatically highlight any 85 | * regions of the displayed text that match the search expression. 86 | * 87 | * @param expression The search expression. 88 | */ 89 | void setSearchExpression(String expression); 90 | } 91 | -------------------------------------------------------------------------------- /burp/MatchRule.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.util.regex.Pattern; 4 | 5 | class MatchRule 6 | { 7 | private Pattern pattern; 8 | private Integer matchGroup; 9 | private String type; 10 | 11 | public MatchRule(Pattern pattern, Integer matchGroup, String type) 12 | { 13 | this.pattern = pattern; 14 | this.matchGroup = matchGroup; 15 | this.type = type; 16 | } 17 | 18 | public Pattern getPattern() { 19 | return this.pattern; 20 | } 21 | 22 | public Integer getMatchGroup() { 23 | return this.matchGroup; 24 | } 25 | 26 | public String getType() { 27 | return this.type; 28 | } 29 | } -------------------------------------------------------------------------------- /burp/ScannetMatch.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | class ScannerMatch 4 | implements Comparable 5 | { 6 | private Integer start; 7 | private int end; 8 | private String match; 9 | private String type; 10 | 11 | public ScannerMatch(int start, int end, String match, String type) 12 | { 13 | this.start = Integer.valueOf(start); 14 | this.end = end; 15 | this.match = match; 16 | this.type = type; 17 | } 18 | 19 | public int getStart() { 20 | return this.start.intValue(); 21 | } 22 | 23 | public int getEnd() { 24 | return this.end; 25 | } 26 | 27 | public String getMatch() { 28 | return this.match; 29 | } 30 | 31 | public String getType() { 32 | return this.type; 33 | } 34 | 35 | public int compareTo(ScannerMatch m) 36 | { 37 | return this.start.compareTo(Integer.valueOf(m.getStart())); 38 | } 39 | } -------------------------------------------------------------------------------- /burp/checkResult.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | public class checkResult { 4 | 5 | private boolean status; 6 | private String payload; 7 | private IHttpRequestResponse attack; 8 | private String priority; 9 | private String attackDetails; 10 | 11 | public boolean status() { 12 | return status; 13 | } 14 | 15 | public String getPayload() { 16 | return payload; 17 | } 18 | 19 | public IHttpRequestResponse getAttack() { 20 | return attack; 21 | } 22 | 23 | public String getPriority() { 24 | return priority; 25 | } 26 | 27 | public String getAttackDetails() { return attackDetails;} 28 | 29 | 30 | 31 | public checkResult(boolean status, String payload, IHttpRequestResponse attack, String priority, String attackDetails) { 32 | this.status = status; 33 | this.payload = payload; 34 | this.attack = attack; 35 | this.priority = priority; 36 | this.attackDetails = attackDetails; 37 | } 38 | 39 | } 40 | --------------------------------------------------------------------------------