getInsertionPoints(
37 | IHttpRequestResponse baseRequestResponse);
38 | }
39 |
--------------------------------------------------------------------------------
/burp-extender-api/src/main/java/burp/IScannerListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScannerListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScannerListener() to register a
15 | * Scanner listener. The listener will be notified of new issues that are
16 | * reported by the Scanner tool. Extensions can perform custom analysis or
17 | * logging of Scanner issues by registering a Scanner listener.
18 | */
19 | public interface IScannerListener
20 | {
21 | /**
22 | * This method is invoked when a new issue is added to Burp Scanner's
23 | * results.
24 | *
25 | * @param issue An
26 | * IScanIssue object that the extension can query to obtain
27 | * details about the new issue.
28 | */
29 | void newScanIssue(IScanIssue issue);
30 | }
31 |
--------------------------------------------------------------------------------
/burp-extender-api/src/main/java/burp/IScopeChangeListener.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)IScopeChangeListener.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * Extensions can implement this interface and then call
14 | * IBurpExtenderCallbacks.registerScopeChangeListener() to register
15 | * a scope change listener. The listener will be notified whenever a change
16 | * occurs to Burp's suite-wide target scope.
17 | */
18 | public interface IScopeChangeListener
19 | {
20 | /**
21 | * This method is invoked whenever a change occurs to Burp's suite-wide
22 | * target scope.
23 | */
24 | void scopeChanged();
25 | }
26 |
--------------------------------------------------------------------------------
/burp-extender-api/src/main/java/burp/ITab.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITab.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 |
13 | import java.awt.*;
14 |
15 | /**
16 | * This interface is used to provide Burp with details of a custom tab that will
17 | * be added to Burp's UI, using a method such as
18 | * IBurpExtenderCallbacks.addSuiteTab().
19 | */
20 | public interface ITab
21 | {
22 | /**
23 | * Burp uses this method to obtain the caption that should appear on the
24 | * custom tab when it is displayed.
25 | *
26 | * @return The caption that should appear on the custom tab when it is
27 | * displayed.
28 | */
29 | String getTabCaption();
30 |
31 | /**
32 | * Burp uses this method to obtain the component that should be used as the
33 | * contents of the custom tab when it is displayed.
34 | *
35 | * @return The component that should be used as the contents of the custom
36 | * tab when it is displayed.
37 | */
38 | Component getUiComponent();
39 | }
40 |
--------------------------------------------------------------------------------
/burp-extender-api/src/main/java/burp/ITempFile.java:
--------------------------------------------------------------------------------
1 | package burp;
2 |
3 | /*
4 | * @(#)ITempFile.java
5 | *
6 | * Copyright PortSwigger Ltd. All rights reserved.
7 | *
8 | * This code may be used to extend the functionality of Burp Suite Community Edition
9 | * and Burp Suite Professional, provided that this usage does not violate the
10 | * license terms for those products.
11 | */
12 | /**
13 | * This interface is used to hold details of a temporary file that has been
14 | * created via a call to
15 | * IBurpExtenderCallbacks.saveToTempFile().
16 | *
17 | */
18 | public interface ITempFile
19 | {
20 | /**
21 | * This method is used to retrieve the contents of the buffer that was saved
22 | * in the temporary file.
23 | *
24 | * @return The contents of the buffer that was saved in the temporary file.
25 | */
26 | byte[] getBuffer();
27 |
28 | /**
29 | * This method is deprecated and no longer performs any action.
30 | */
31 | @Deprecated
32 | void delete();
33 | }
34 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/common/config/ConfigContext.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.common.config;
2 |
3 | /**
4 | * 配置上下文
5 | *
6 | * Created by vaycore on 2022-01-28.
7 | */
8 | public interface ConfigContext {
9 | /**
10 | * 保存配置项
11 | *
12 | * @param key 配置项的key
13 | * @param value 配置项的值
14 | */
15 | void saveSetting(String key, Object value);
16 |
17 | /**
18 | * 根据key加载配置项的值
19 | *
20 | * @param key 配置项的key
21 | * @return 返回配置项的值,读取失败返回 null
22 | */
23 | Object loadSetting(String key);
24 |
25 | /**
26 | * 删除配置项
27 | *
28 | * @param key 配置项的key
29 | */
30 | void removeSetting(String key);
31 |
32 | /**
33 | * 配置项是否存在
34 | *
35 | * @param key 配置项的key
36 | * @return 是否存在 key 所对应的配置项
37 | */
38 | boolean hasSetting(String key);
39 | }
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/common/layout/BaseLayout.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.common.layout;
2 |
3 | import java.awt.*;
4 |
5 | /**
6 | * 布局管理器基类
7 | *
8 | * Created by vaycore on 2022-08-07.
9 | */
10 | public abstract class BaseLayout implements LayoutManager2 {
11 | @Override
12 | public Dimension maximumLayoutSize(Container target) {
13 | return null;
14 | }
15 |
16 | @Override
17 | public float getLayoutAlignmentX(Container target) {
18 | return 0;
19 | }
20 |
21 | @Override
22 | public float getLayoutAlignmentY(Container target) {
23 | return 0;
24 | }
25 |
26 | @Override
27 | public void invalidateLayout(Container target) {
28 |
29 | }
30 |
31 | @Override
32 | public void addLayoutComponent(String name, Component comp) {
33 |
34 | }
35 |
36 | @Override
37 | public Dimension preferredLayoutSize(Container parent) {
38 | return null;
39 | }
40 |
41 | @Override
42 | public Dimension minimumLayoutSize(Container parent) {
43 | return null;
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/common/utils/DateUtils.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.common.utils;
2 |
3 | import java.text.SimpleDateFormat;
4 | import java.util.Date;
5 | import java.util.Locale;
6 |
7 | /**
8 | * 日期时间工具类
9 | *
10 | * Created by vaycore on 2022-01-27.
11 | */
12 | public class DateUtils {
13 |
14 | private DateUtils() {
15 | throw new IllegalAccessError("utils class not support create instance.");
16 | }
17 |
18 | public static String getCurrentDate(String dateFormat) {
19 | SimpleDateFormat sdf = new SimpleDateFormat(dateFormat, Locale.CHINA);
20 | return sdf.format(new Date());
21 | }
22 |
23 | public static long getTimestamp() {
24 | return System.currentTimeMillis() / 1000;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/common/utils/HtmlUtils.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.common.utils;
2 |
3 | import java.nio.charset.Charset;
4 | import java.util.regex.Matcher;
5 | import java.util.regex.Pattern;
6 |
7 | /**
8 | * Html工具类
9 | *
10 | * Created by vaycore on 2022-08-11.
11 | */
12 | public class HtmlUtils {
13 |
14 | /**
15 | * 网页标题规则
16 | */
17 | private static final Pattern sTitleRegex;
18 |
19 | static {
20 | sTitleRegex = Pattern.compile("<\\s*title.*?>([^<]+)<\\s*/\\s*title>",
21 | Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
22 | }
23 |
24 | private HtmlUtils() {
25 | throw new IllegalAccessError("utils class not support create instance.");
26 | }
27 |
28 | public static String findTitleByHtmlBody(byte[] body) {
29 | return findTitleByHtmlBody(body, "UTF-8");
30 | }
31 |
32 | public static String findTitleByHtmlBody(byte[] body, String charsetName) {
33 | if (body == null || body.length == 0) {
34 | return "";
35 | }
36 | Charset charset;
37 | if (Charset.isSupported(charsetName)) {
38 | charset = Charset.forName(charsetName);
39 | } else {
40 | charset = Charset.defaultCharset();
41 | }
42 | String htmlBody = new String(body, charset);
43 | Matcher matcher = sTitleRegex.matcher(htmlBody);
44 | if (matcher.find()) {
45 | return matcher.group(1);
46 | }
47 | return "";
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/common/utils/IOUtils.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.common.utils;
2 |
3 | import java.io.ByteArrayOutputStream;
4 | import java.io.Closeable;
5 | import java.io.IOException;
6 | import java.io.InputStream;
7 |
8 | /**
9 | * IO工具类
10 | *
11 | * Created by vaycore on 2022-01-28.
12 | */
13 | public class IOUtils {
14 |
15 | private IOUtils() {
16 | throw new IllegalAccessError("utils class not support create instance.");
17 | }
18 |
19 | public static void closeIO(Closeable c) {
20 | try {
21 | if (c != null) {
22 | c.close();
23 | }
24 | } catch (IOException e) {
25 | e.printStackTrace();
26 | }
27 | }
28 |
29 | public static byte[] readStream(InputStream is) {
30 | byte[] result = new byte[0];
31 | if (is == null) {
32 | return result;
33 | }
34 | ByteArrayOutputStream baos = null;
35 | try {
36 | baos = new ByteArrayOutputStream();
37 | int len;
38 | byte[] temp = new byte[8192];
39 | while ((len = is.read(temp)) != -1) {
40 | baos.write(temp, 0, len);
41 | }
42 | baos.flush();
43 | return baos.toByteArray();
44 | } catch (IOException e) {
45 | e.printStackTrace();
46 | return result;
47 | } finally {
48 | IOUtils.closeIO(is);
49 | IOUtils.closeIO(baos);
50 | }
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/common/utils/PathUtils.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.common.utils;
2 |
3 | import java.io.File;
4 |
5 | /**
6 | * 路径工具类
7 | *
8 | * Created by vaycore on 2022-08-21.
9 | */
10 | public class PathUtils {
11 |
12 | private PathUtils() {
13 | throw new IllegalAccessError("utils class not support create instance.");
14 | }
15 |
16 | public static String getUserHome() {
17 | String userHome = System.getProperty("user.home");
18 | return userHome + File.separator;
19 | }
20 |
21 | public static String getParent(String path) {
22 | return getParent(new File(path));
23 | }
24 |
25 | public static String getParent(File path) {
26 | return getParentFile(path).getPath();
27 | }
28 |
29 | public static File getParentFile(String path) {
30 | return getParentFile(new File(path));
31 | }
32 |
33 | public static File getParentFile(File path) {
34 | return path.getParentFile();
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/common/widget/HintTextField.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.common.widget;
2 |
3 | import javax.swing.*;
4 | import javax.swing.text.Document;
5 | import java.awt.*;
6 |
7 | public class HintTextField extends JTextField {
8 |
9 | private String hintText;
10 |
11 | public HintTextField() {
12 | }
13 |
14 | public HintTextField(Document doc, String text, int columns) {
15 | super(doc, text, columns);
16 | }
17 |
18 | public HintTextField(int columns) {
19 | super(columns);
20 | }
21 |
22 | public HintTextField(String text) {
23 | super(text);
24 | }
25 |
26 | public HintTextField(String text, int columns) {
27 | super(text, columns);
28 | }
29 |
30 | public String getHintText() {
31 | return hintText;
32 | }
33 |
34 | @Override
35 | protected void paintComponent(Graphics graphics) {
36 | super.paintComponent(graphics);
37 | if (hintText == null || hintText.length() == 0 || getText().length() > 0) {
38 | return;
39 | }
40 | final Graphics2D g = (Graphics2D) graphics;
41 | g.setRenderingHint(
42 | RenderingHints.KEY_ANTIALIASING,
43 | RenderingHints.VALUE_ANTIALIAS_ON);
44 | g.setColor(getDisabledTextColor());
45 | g.drawString(hintText, getInsets().left, graphics.getFontMetrics()
46 | .getMaxAscent() + getInsets().top);
47 | }
48 |
49 | public void setHintText(String s) {
50 | hintText = s;
51 | }
52 | }
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/bean/CollectData.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.bean;
2 |
3 | /**
4 | * 收集数据的实体类(用于列表展示)
5 | *
6 | * Created by vaycore on 2023-12-23.
7 | */
8 | public class CollectData {
9 |
10 | /**
11 | * 列表中的 ID 显示
12 | */
13 | private int id;
14 | /**
15 | * 数据所属域名
16 | */
17 | private String domain;
18 | /**
19 | * 数据的实例
20 | */
21 | private T data;
22 |
23 | public CollectData() {
24 | }
25 |
26 | public CollectData(int id, String domain, T data) {
27 | this.id = id;
28 | this.domain = domain;
29 | this.data = data;
30 | }
31 |
32 | public int getId() {
33 | return id;
34 | }
35 |
36 | public void setId(int id) {
37 | this.id = id;
38 | }
39 |
40 | public String getDomain() {
41 | return domain;
42 | }
43 |
44 | public void setDomain(String domain) {
45 | this.domain = domain;
46 | }
47 |
48 | public T getData() {
49 | return data;
50 | }
51 |
52 | public void setData(T data) {
53 | this.data = data;
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/bean/CollectReqResp.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.bean;
2 |
3 | import java.nio.charset.StandardCharsets;
4 |
5 | /**
6 | * 数据收集的请求响应对象
7 | *
8 | * Created by vaycore on 2023-12-31.
9 | */
10 | public class CollectReqResp {
11 |
12 | private final boolean isRequest;
13 | private final byte[] mRawBytes;
14 | private final int mOffset;
15 | private final String mHeader;
16 | private final String mBody;
17 |
18 | public CollectReqResp(boolean isRequest, byte[] rawBytes) {
19 | this.isRequest = isRequest;
20 | if (rawBytes == null) {
21 | rawBytes = new byte[0];
22 | }
23 | this.mRawBytes = rawBytes;
24 | String text = new String(rawBytes, StandardCharsets.UTF_8);
25 | this.mOffset = text.indexOf("\r\n\r\n");
26 | // 通过偏移值,将请求头,请求体分离
27 | if (this.mOffset >= 0) {
28 | this.mHeader = text.substring(0, this.mOffset);
29 | this.mBody = text.substring(this.mOffset + 4);
30 | } else {
31 | this.mHeader = text;
32 | this.mBody = "";
33 | }
34 | }
35 |
36 | public boolean isRequest() {
37 | return isRequest;
38 | }
39 |
40 | public byte[] getRawBytes() {
41 | return mRawBytes;
42 | }
43 |
44 | public int getOffset() {
45 | return mOffset;
46 | }
47 |
48 | public String getHeader() {
49 | return mHeader;
50 | }
51 |
52 | public String getBody() {
53 | return mBody;
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/bean/FpColumn.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.bean;
2 |
3 | /**
4 | * 指纹字段
5 | *
6 | * Created by vaycore on 2025-05-19.
7 | */
8 | public class FpColumn {
9 |
10 | /**
11 | * 字段 ID 值
12 | */
13 | private String id;
14 |
15 | /**
16 | * 字段名
17 | */
18 | private String name;
19 |
20 | public String getId() {
21 | return id;
22 | }
23 |
24 | public void setId(String id) {
25 | this.id = id;
26 | }
27 |
28 | public String getName() {
29 | return name;
30 | }
31 |
32 | public void setName(String name) {
33 | this.name = name;
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/bean/FpDataSource.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.bean;
2 |
3 | import java.nio.charset.Charset;
4 | import java.util.regex.Matcher;
5 | import java.util.regex.Pattern;
6 |
7 | /**
8 | * 指纹规则数据源
9 | *
10 | * Created by vaycore on 2025-05-13.
11 | */
12 | public abstract class FpDataSource {
13 |
14 | private final String data;
15 | private final Charset _charset;
16 |
17 | public FpDataSource(byte[] data, Charset charset) {
18 | if (data == null || data.length == 0) {
19 | throw new IllegalArgumentException("data is null or empty");
20 | }
21 | this.data = new String(data, charset);
22 | this._charset = charset;
23 | }
24 |
25 | public String getData() {
26 | return data;
27 | }
28 |
29 | public byte[] getDataBytes() {
30 | return data.getBytes(_charset);
31 | }
32 |
33 | public Charset getCharset() {
34 | return _charset;
35 | }
36 |
37 | /**
38 | * 计算缓存 key 值
39 | *
40 | * @return 不能为空
41 | */
42 | public abstract String calculateCacheKey();
43 |
44 | /**
45 | * 提取正则表达式数据结果
46 | *
47 | * @param regex 正则表达式
48 | * @param data 数据
49 | * @return 失败返回空字符串
50 | */
51 | protected String fetchRegexResult(Pattern regex, String data) {
52 | Matcher matcher = regex.matcher(data);
53 | return matcher.find() ? matcher.group(1) : "";
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/bean/FpHttpReqDS.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.bean;
2 |
3 | import burp.vaycore.common.utils.Utils;
4 |
5 | import java.nio.charset.Charset;
6 | import java.util.regex.Pattern;
7 |
8 | /**
9 | * HTTP 请求数据源
10 | *
11 | * Created by vaycore on 2025-05-13.
12 | */
13 | public class FpHttpReqDS extends FpHttpDS {
14 |
15 | /**
16 | * 获取请求方法正则表达式
17 | */
18 | private static final Pattern REGEX_REQ_METHOD = Pattern.compile("^([A-Z]+)\\s+.*?\\s+HTTP/\\d+(?:\\.\\d+)?",
19 | Pattern.CASE_INSENSITIVE);
20 |
21 | /**
22 | * 获取请求 URL 正则表达式
23 | */
24 | private static final Pattern REGEX_REQ_URL = Pattern.compile("[A-Z]+\\s+(.*?)\\s+HTTP/",
25 | Pattern.CASE_INSENSITIVE);
26 |
27 | private final String method;
28 | private final String url;
29 |
30 | public FpHttpReqDS(byte[] data, Charset charset) {
31 | super(data, charset);
32 | this.method = fetchRegexResult(REGEX_REQ_METHOD, getFirstLine());
33 | this.url = fetchRegexResult(REGEX_REQ_URL, getFirstLine());
34 | }
35 |
36 | @Override
37 | public String calculateCacheKey() {
38 | byte[] dataBytes = getDataBytes();
39 | return Utils.md5(dataBytes);
40 | }
41 |
42 | public String getMethod() {
43 | return method;
44 | }
45 |
46 | public String getUrl() {
47 | return url;
48 | }
49 | }
50 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/collect/JsonFieldCollect.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.collect;
2 |
3 | import burp.vaycore.common.utils.JsonUtils;
4 | import burp.vaycore.common.utils.StringUtils;
5 | import burp.vaycore.onescan.bean.CollectReqResp;
6 | import burp.vaycore.onescan.manager.CollectManager;
7 |
8 | import java.util.List;
9 |
10 | /**
11 | * Json 字段数据收集
12 | *
13 | * Created by vaycore on 2023-12-25.
14 | */
15 | public class JsonFieldCollect implements CollectManager.ICollectModule {
16 |
17 | @Override
18 | public String getName() {
19 | return "JsonField";
20 | }
21 |
22 | @Override
23 | public List doCollect(CollectReqResp reqResp) {
24 | String body = reqResp.getBody();
25 | if (StringUtils.isEmpty(body)) {
26 | return null;
27 | }
28 | // 检测 JSON 格式
29 | if (!JsonUtils.hasJson(body)) {
30 | return null;
31 | }
32 | // 提取所有 JSON 字段
33 | return JsonUtils.findAllKeysByJson(body);
34 | }
35 | }
36 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/Constants.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | import java.util.regex.Pattern;
4 |
5 | /**
6 | * 常量
7 | *
8 | * Created by vaycore on 2022-08-07.
9 | */
10 | public interface Constants {
11 |
12 | // 插件信息
13 | String PLUGIN_NAME = "OneScan";
14 | String PLUGIN_VERSION = "2.0.7";
15 | boolean DEBUG = false;
16 |
17 | // 插件启动显示的信息
18 | String BANNER = "#" +
19 | "#############################################\n" +
20 | " " + PLUGIN_NAME + " v" + PLUGIN_VERSION + "\n" +
21 | " Author: 0ne_1\n" +
22 | " Developer: vaycore\n" +
23 | " Developer: Rural.Dog\n" +
24 | " Github: https://github.com/vaycore/OneScan\n" +
25 | "##############################################\n";
26 |
27 | // 插件卸载显示的信息
28 | String UNLOAD_BANNER = "\n" +
29 | "###########################################################################\n" +
30 | " " + PLUGIN_NAME + " uninstallation completed, thank you for your attention and use." + "\n" +
31 | "###########################################################################\n";
32 |
33 | // 匹配请求行的 URL 位置
34 | Pattern REGEX_REQ_LINE_URL = Pattern.compile("[a-zA-Z]+\\s(.*?)\\sHTTP/", Pattern.CASE_INSENSITIVE);
35 | }
36 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/DialogCallbackAdapter.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | import burp.vaycore.common.filter.FilterRule;
4 | import burp.vaycore.common.filter.TableFilter;
5 | import burp.vaycore.common.filter.TableFilterPanel;
6 |
7 | import javax.swing.table.AbstractTableModel;
8 | import java.util.ArrayList;
9 |
10 | /**
11 | * 过滤对话框回调接口适配器
12 | *
13 | * Created by vaycore on 2023-04-21.
14 | */
15 | public class DialogCallbackAdapter implements TableFilterPanel.DialogCallback {
16 |
17 |
18 | @Override
19 | public void onConfirm(ArrayList filterRules, ArrayList> filters, String rulesText) {
20 |
21 | }
22 |
23 | @Override
24 | public void onReset() {
25 |
26 | }
27 |
28 | @Override
29 | public void onCancel() {
30 |
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/NumberFilter.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | import burp.vaycore.common.utils.StringUtils;
4 |
5 | import javax.swing.text.JTextComponent;
6 | import java.awt.event.KeyAdapter;
7 | import java.awt.event.KeyEvent;
8 |
9 | /**
10 | * 输入框数字过滤器
11 | *
12 | * Created by vaycore on 2023-02-23.
13 | */
14 | public class NumberFilter extends KeyAdapter {
15 |
16 | /**
17 | * 限制最大输入的位数(如果值是0,或者小于0,表示不限制长度)
18 | */
19 | private final int maxDigits;
20 |
21 | public NumberFilter() {
22 | this(0);
23 | }
24 |
25 | public NumberFilter(int maxDigits) {
26 | this.maxDigits = maxDigits;
27 | }
28 |
29 | @Override
30 | public void keyTyped(KeyEvent e) {
31 | int key = e.getKeyChar();
32 | if (key < KeyEvent.VK_0 || key > KeyEvent.VK_9) {
33 | e.consume();
34 | }
35 | // 如果值是0,或者小于0,不限制长度
36 | if (this.maxDigits <= 0) {
37 | return;
38 | }
39 | // 被选中场景时的处理
40 | Object source = e.getSource();
41 | int length = 0;
42 | if (source instanceof JTextComponent) {
43 | length = ((JTextComponent) source).getText().length();
44 | String selectedText = ((JTextComponent) source).getSelectedText();
45 | if (StringUtils.isNotEmpty(selectedText)) {
46 | length = length - selectedText.length();
47 | }
48 | }
49 | // 检测输入是否超过设置的值
50 | if (length >= this.maxDigits) {
51 | e.consume();
52 | }
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/OnDataChangeListener.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | /**
4 | * 数据修改监听器
5 | *
6 | * Created by vaycore on 2022-09-05.
7 | */
8 | public interface OnDataChangeListener {
9 |
10 | /**
11 | * 列表数据有修改
12 | *
13 | * @param action 通过 setActionCommand(String) 方法设置的值
14 | */
15 | void onDataChange(String action);
16 | }
17 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/OnFpColumnModifyListener.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | /**
4 | * 指纹字段修改监听器
5 | *
6 | * Created by vaycore on 2025-05-19.
7 | */
8 | public interface OnFpColumnModifyListener {
9 |
10 | /**
11 | * 指纹字段修改事件
12 | */
13 | void onFpColumnModify();
14 | }
15 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/OnTabEventListener.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | /**
4 | * Tab页面事件监听
5 | *
6 | * Created by vaycore on 2023-02-23.
7 | */
8 | public interface OnTabEventListener {
9 |
10 | /**
11 | * Tab事件方法
12 | *
13 | * @param action 事件action
14 | * @param params 事件带的参数
15 | */
16 | void onTabEventMethod(String action, Object... params);
17 | }
18 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/PopupMenuListenerAdapter.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | import javax.swing.event.PopupMenuEvent;
4 | import javax.swing.event.PopupMenuListener;
5 |
6 | /**
7 | * 弹出菜单监听适配器
8 | *
9 | * Created by vaycore on 2023-04-21.
10 | */
11 | public class PopupMenuListenerAdapter implements PopupMenuListener {
12 |
13 | @Override
14 | public void popupMenuWillBecomeVisible(PopupMenuEvent e) {
15 |
16 | }
17 |
18 | @Override
19 | public void popupMenuWillBecomeInvisible(PopupMenuEvent e) {
20 |
21 | }
22 |
23 | @Override
24 | public void popupMenuCanceled(PopupMenuEvent e) {
25 |
26 | }
27 | }
28 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/common/TaskRunnable.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.common;
2 |
3 | /**
4 | * 任务运行类
5 | *
6 | *
7 | * Created by vaycore on 2025-01-07.
8 | */
9 | public abstract class TaskRunnable implements Runnable {
10 |
11 | /**
12 | * 扫描任务的 URL
13 | */
14 | private final String mUrl;
15 |
16 | public TaskRunnable(String url) {
17 | this.mUrl = url;
18 | }
19 |
20 | public String getTaskUrl() {
21 | return mUrl;
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/base/BaseTab.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.base;
2 |
3 | import burp.vaycore.onescan.common.OnTabEventListener;
4 |
5 | import javax.swing.*;
6 |
7 | /**
8 | * Tab页面基类
9 | *
10 | * Created by vaycore on 2022-08-07.
11 | */
12 | public abstract class BaseTab extends JPanel {
13 |
14 | private OnTabEventListener mOnTabEventListener;
15 |
16 | public BaseTab() {
17 | initData();
18 | initView();
19 | }
20 |
21 | /**
22 | * 初始化数据
23 | */
24 | protected abstract void initData();
25 |
26 | /**
27 | * 初始化布局
28 | */
29 | protected abstract void initView();
30 |
31 | /**
32 | * 返回要指定的标题名
33 | *
34 | * @return 指定的标题名
35 | */
36 | public abstract String getTitleName();
37 |
38 | /**
39 | * 发送事件
40 | *
41 | * @param action 事件action
42 | */
43 | protected void sendTabEvent(String action) {
44 | this.sendTabEvent(action, "");
45 | }
46 |
47 | /**
48 | * 发送事件
49 | *
50 | * @param action 事件action
51 | * @param params 事件参数列表
52 | */
53 | protected void sendTabEvent(String action, Object... params) {
54 | if (mOnTabEventListener != null) {
55 | mOnTabEventListener.onTabEventMethod(action, params);
56 | }
57 | }
58 |
59 | /**
60 | * 设置事件监听
61 | *
62 | * @param l 事件监听接口
63 | */
64 | public void setOnTabEventListener(OnTabEventListener l) {
65 | this.mOnTabEventListener = l;
66 | }
67 | }
68 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/tab/config/HostTab.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.tab.config;
2 |
3 | import burp.vaycore.onescan.common.L;
4 | import burp.vaycore.onescan.manager.WordlistManager;
5 | import burp.vaycore.onescan.ui.base.BaseConfigTab;
6 |
7 | /**
8 | * Host设置
9 | *
10 | * Created by vaycore on 2022-08-20.
11 | */
12 | public class HostTab extends BaseConfigTab {
13 |
14 | @Override
15 | protected void initView() {
16 | // Host白名单配置
17 | addWordListPanel(L.get("host_allowlist"), L.get("host_allowlist_sub_title"), WordlistManager.KEY_HOST_ALLOWLIST);
18 | // Host黑名单配置
19 | addWordListPanel(L.get("host_blocklist"), L.get("host_blocklist_sub_title"), WordlistManager.KEY_HOST_BLOCKLIST);
20 | }
21 |
22 | @Override
23 | public String getTitleName() {
24 | return L.get("tab_name.host");
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/tab/config/PayloadTab.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.tab.config;
2 |
3 | import burp.vaycore.onescan.common.Config;
4 | import burp.vaycore.onescan.common.L;
5 | import burp.vaycore.onescan.common.OnDataChangeListener;
6 | import burp.vaycore.onescan.manager.WordlistManager;
7 | import burp.vaycore.onescan.ui.base.BaseConfigTab;
8 | import burp.vaycore.onescan.ui.widget.payloadlist.ProcessingItem;
9 | import burp.vaycore.onescan.ui.widget.payloadlist.SimpleProcessingList;
10 |
11 | import java.util.ArrayList;
12 |
13 | /**
14 | * Payload设置
15 | *
16 | * Created by vaycore on 2022-08-20.
17 | */
18 | public class PayloadTab extends BaseConfigTab implements OnDataChangeListener {
19 |
20 | private SimpleProcessingList mProcessList;
21 |
22 | @Override
23 | protected void initView() {
24 | // payload 列表配置
25 | addWordListPanel(L.get("payload"), L.get("payload_sub_title"), WordlistManager.KEY_PAYLOAD);
26 |
27 | // payload process 列表配置
28 | mProcessList = new SimpleProcessingList(Config.getPayloadProcessList());
29 | mProcessList.setActionCommand("payload-process-list-view");
30 | mProcessList.setOnDataChangeListener(this);
31 | addConfigItem(L.get("payload_processing"), L.get("payload_processing_sub_title"), mProcessList);
32 | }
33 |
34 | @Override
35 | public String getTitleName() {
36 | return L.get("tab_name.payload");
37 | }
38 |
39 | @Override
40 | public void onDataChange(String action) {
41 | if ("payload-process-list-view".equals(action)) {
42 | ArrayList list = mProcessList.getDataList();
43 | Config.put(Config.KEY_PAYLOAD_PROCESS_LIST, list);
44 | }
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/widget/payloadlist/PayloadItem.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.widget.payloadlist;
2 |
3 | /**
4 | * Payload数据
5 | *
6 | * Created by vaycore on 2022-09-02.
7 | */
8 | public class PayloadItem {
9 |
10 | private PayloadRule rule;
11 | private int scope;
12 | private String ruleType;
13 |
14 | public PayloadRule getRule() {
15 | return rule;
16 | }
17 |
18 | public void setRule(PayloadRule payloadRule) {
19 | if (payloadRule == null) {
20 | return;
21 | }
22 | this.rule = payloadRule;
23 | this.ruleType = payloadRule.getClass().getSimpleName();
24 | }
25 |
26 | /**
27 | * 设置作用域
28 | *
29 | * @param scope 作用域(常量:{@link PayloadRule#SCOPE_URL}、{@link PayloadRule#SCOPE_HEADER}、
30 | * {@link PayloadRule#SCOPE_BODY}、{@link PayloadRule#SCOPE_REQUEST},
31 | * 默认:{@link PayloadRule#SCOPE_URL})
32 | */
33 | public void setScope(int scope) {
34 | this.scope = scope;
35 | }
36 |
37 | public int getScope() {
38 | return scope;
39 | }
40 |
41 | public String getRuleType() {
42 | return ruleType;
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/widget/payloadlist/ProcessingItem.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.widget.payloadlist;
2 |
3 | import java.util.ArrayList;
4 |
5 | /**
6 | * Payload Processing数据
7 | *
8 | * Created by vaycore on 2023-11-07.
9 | */
10 | public class ProcessingItem {
11 |
12 | private boolean enabled;
13 | private boolean merge;
14 | private String name;
15 | private ArrayList items;
16 |
17 | public boolean isEnabled() {
18 | return enabled;
19 | }
20 |
21 | public void setEnabled(boolean enabled) {
22 | this.enabled = enabled;
23 | }
24 |
25 | public boolean isMerge() {
26 | return merge;
27 | }
28 |
29 | public void setMerge(boolean merge) {
30 | this.merge = merge;
31 | }
32 |
33 | public boolean isEnabledAndMerge() {
34 | return this.isEnabled() && this.isMerge();
35 | }
36 |
37 | public boolean isEnabledWithoutMerge() {
38 | return this.isEnabled() && !this.isMerge();
39 | }
40 |
41 | public String getName() {
42 | return name;
43 | }
44 |
45 | public void setName(String name) {
46 | this.name = name;
47 | }
48 |
49 | public ArrayList getItems() {
50 | return items;
51 | }
52 |
53 | public void setItems(ArrayList items) {
54 | this.items = items;
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/widget/payloadlist/rule/AddPrefix.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.widget.payloadlist.rule;
2 |
3 | import burp.vaycore.onescan.common.L;
4 | import burp.vaycore.onescan.ui.widget.payloadlist.PayloadRule;
5 |
6 | /**
7 | * 添加前缀
8 | *
9 | * Created by vaycore on 2022-09-02.
10 | */
11 | public class AddPrefix extends PayloadRule {
12 |
13 | @Override
14 | public String ruleName() {
15 | return L.get("payload_rule.add_prefix.name");
16 | }
17 |
18 | @Override
19 | public int paramCount() {
20 | return 1;
21 | }
22 |
23 | @Override
24 | public String paramName(int index) {
25 | return L.get("payload_rule.add_prefix.param.prefix");
26 | }
27 |
28 | @Override
29 | public String toDescribe() {
30 | String[] values = getParamValues();
31 | String paramValue = values[0];
32 | // 特殊处理 '\r'、'\n' 字符
33 | if (paramValue.contains("\r")) {
34 | paramValue = paramValue.replaceAll("\r", "\\\\r");
35 | }
36 | if (paramValue.contains("\n")) {
37 | paramValue = paramValue.replaceAll("\n", "\\\\n");
38 | }
39 | return L.get("payload_rule.add_prefix.describe", paramValue);
40 | }
41 |
42 | @Override
43 | public String handleProcess(String content) {
44 | String[] values = getParamValues();
45 | return values[0] + content;
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/widget/payloadlist/rule/AddSuffix.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.widget.payloadlist.rule;
2 |
3 | import burp.vaycore.onescan.common.L;
4 | import burp.vaycore.onescan.ui.widget.payloadlist.PayloadRule;
5 |
6 | /**
7 | * 添加后缀
8 | *
9 | * Created by vaycore on 2022-09-06.
10 | */
11 | public class AddSuffix extends PayloadRule {
12 |
13 | @Override
14 | public String ruleName() {
15 | return L.get("payload_rule.add_suffix.name");
16 | }
17 |
18 | @Override
19 | public int paramCount() {
20 | return 1;
21 | }
22 |
23 | @Override
24 | public String paramName(int index) {
25 | return L.get("payload_rule.add_suffix.param.suffix");
26 | }
27 |
28 | @Override
29 | public String toDescribe() {
30 | String[] values = getParamValues();
31 | String paramValue = values[0];
32 | // 特殊处理 '\r'、'\n' 字符
33 | if (paramValue.contains("\r")) {
34 | paramValue = paramValue.replaceAll("\r", "\\\\r");
35 | }
36 | if (paramValue.contains("\n")) {
37 | paramValue = paramValue.replaceAll("\n", "\\\\n");
38 | }
39 | return L.get("payload_rule.add_suffix.describe", paramValue);
40 | }
41 |
42 | @Override
43 | public String handleProcess(String content) {
44 | String[] values = getParamValues();
45 | return content + values[0];
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/extender/src/main/java/burp/vaycore/onescan/ui/widget/payloadlist/rule/ConditionCheck.java:
--------------------------------------------------------------------------------
1 | package burp.vaycore.onescan.ui.widget.payloadlist.rule;
2 |
3 | import burp.vaycore.onescan.common.L;
4 | import burp.vaycore.onescan.ui.widget.payloadlist.PayloadRule;
5 |
6 | import java.util.regex.Matcher;
7 | import java.util.regex.Pattern;
8 |
9 | /**
10 | * 条件检查
11 | *
12 | * Created by vaycore on 2024-06-06.
13 | */
14 | public class ConditionCheck extends PayloadRule {
15 |
16 | @Override
17 | public String ruleName() {
18 | return L.get("payload_rule.condition_check.name");
19 | }
20 |
21 | @Override
22 | public int paramCount() {
23 | return 1;
24 | }
25 |
26 | @Override
27 | public String paramName(int index) {
28 | if (index == 0) {
29 | return L.get("payload_rule.condition_check.param.match_regex");
30 | }
31 | return "";
32 | }
33 |
34 | @Override
35 | public String toDescribe() {
36 | String[] values = getParamValues();
37 | return L.get("payload_rule.condition_check.describe", values[0]);
38 | }
39 |
40 | @Override
41 | public String handleProcess(String content) throws IllegalStateException {
42 | String[] values = getParamValues();
43 | String regex = values[0];
44 | Pattern p = Pattern.compile(regex);
45 | Matcher matcher = p.matcher(content);
46 | boolean find = matcher.find();
47 | if (!find) {
48 | throw new IllegalStateException("Condition not match!");
49 | }
50 | return content;
51 | }
52 | }
53 |
--------------------------------------------------------------------------------
/extender/src/main/resources/header.txt:
--------------------------------------------------------------------------------
1 | Host: {{host}}
2 | User-Agent: {{random.ua}}
3 | Referer: {{protocol}}://{{host}}/
4 | Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
5 | Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
6 | Accept-Encoding: gzip, deflate
7 | Cache-Control: max-age=0
8 | X-Forwarded-For: {{random.local-ip}}
9 | Range: bytes=1-10000
--------------------------------------------------------------------------------
/extender/src/main/resources/host_allowlist.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/extender/src/main/resources/host_allowlist.txt
--------------------------------------------------------------------------------
/extender/src/main/resources/host_blocklist.txt:
--------------------------------------------------------------------------------
1 | *google.*
2 | *github.*
3 | *shodan.io
4 | *fofa.info
5 | *adblockplus.org
6 | *bing.com
7 | *gov.cn
8 | *edu.cn
--------------------------------------------------------------------------------
/extender/src/main/resources/payload.txt:
--------------------------------------------------------------------------------
1 | /api-docs
2 | /api/v1
3 | /api/v1/api-docs
4 | /api/v2
5 | /api/v2/api-docs
6 | /file/upload
7 | /swagger-resources
8 | /swagger-ui.html
9 | /swagger-ui/index.html
10 | /swagger.json
11 | /swagger.yaml
12 | /upload
13 | /v1/api-docs
14 | /v2/api-docs
15 | /{{date.yyyy}}_{{date.MM}}_{{date.dd}}.log
16 | /{{date.yy}}_{{date.MM}}_{{date.dd}}.log
17 | /{{domain.main}}.zip
18 | /{{domain.name}}.zip
19 | /{{domain}}.zip
20 | /{{subdomain}}.zip
21 | /{{webroot}}.zip
--------------------------------------------------------------------------------
/extender/src/main/resources/remove_header.txt:
--------------------------------------------------------------------------------
1 | Cookie
--------------------------------------------------------------------------------
/extender/src/main/resources/user_agent.txt:
--------------------------------------------------------------------------------
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
2 | Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
4 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
5 | Mozilla/5.0 (Windows NT 6.1; rv:101.0) Gecko/20100101 Firefox/101.0
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
7 | Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
8 | Mozilla/5.0 (Windows NT 6.1; rv:99.0) Gecko/20100101 Firefox/99.0
9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Edg/100.0.1185.29
10 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.17 Safari/537.36 Edg/99.0.1150.11
12 | Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 Edg/98.0.1108.50
--------------------------------------------------------------------------------
/imgs/add_fingerprint_ui.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/add_fingerprint_ui.png
--------------------------------------------------------------------------------
/imgs/chat_group.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/chat_group.jpg
--------------------------------------------------------------------------------
/imgs/collect_panel.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/collect_panel.png
--------------------------------------------------------------------------------
/imgs/config_host.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/config_host.png
--------------------------------------------------------------------------------
/imgs/config_other.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/config_other.png
--------------------------------------------------------------------------------
/imgs/config_payload.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/config_payload.png
--------------------------------------------------------------------------------
/imgs/config_request.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/config_request.png
--------------------------------------------------------------------------------
/imgs/fingerprint_panel.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/fingerprint_panel.png
--------------------------------------------------------------------------------
/imgs/install_success.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/install_success.png
--------------------------------------------------------------------------------
/imgs/main_panel.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/main_panel.png
--------------------------------------------------------------------------------
/imgs/main_panel_temp_filter.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/main_panel_temp_filter.png
--------------------------------------------------------------------------------
/imgs/main_panel_test.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/main_panel_test.png
--------------------------------------------------------------------------------
/imgs/onescan_info.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/onescan_info.png
--------------------------------------------------------------------------------
/imgs/send_to_onescan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/send_to_onescan.png
--------------------------------------------------------------------------------
/imgs/setup_filter.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/setup_filter.png
--------------------------------------------------------------------------------
/imgs/show_json_param.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/show_json_param.png
--------------------------------------------------------------------------------
/imgs/use_payload_scan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vaycore/OneScan/1e52c887fd69a6d5a7dd2e119b86872a8904562e/imgs/use_payload_scan.png
--------------------------------------------------------------------------------
/montoya-api/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 |
6 | burp.vaycore
7 | onescan
8 | parent
9 |
10 | 4.0.0
11 |
12 | net.portswigger.burp.extensions
13 | montoya-api
14 | 2023.12.1
15 |
16 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/BurpExtension.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya;
10 |
11 | /**
12 | * All extensions must implement this interface.
13 | *
14 | * Implementations must be declared public, and must provide a default (public, no-argument) constructor.
15 | */
16 | public interface BurpExtension
17 | {
18 | /**
19 | * Invoked when the extension is loaded. Any registered handlers will only be enabled once this method has completed.
20 | *
21 | * @param api The API implementation to access the functionality of Burp Suite.
22 | */
23 | void initialize(MontoyaApi api);
24 | }
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/burpsuite/ShutdownOptions.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.burpsuite;
10 |
11 | /**
12 | * Shutdown options that can be used when calling {@link BurpSuite#shutdown(ShutdownOptions...)}.
13 | */
14 | public enum ShutdownOptions
15 | {
16 | /**
17 | * Display a dialog to the user allowing them to confirm or cancel the shutdown
18 | */
19 | PROMPT_USER
20 | }
21 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/burpsuite/TaskExecutionEngine.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.burpsuite;
10 |
11 | /**
12 | * Provides access to the task execution engine.
13 | */
14 | public interface TaskExecutionEngine
15 | {
16 | /**
17 | * Task execution engine state
18 | */
19 | enum TaskExecutionEngineState
20 | {
21 | RUNNING, PAUSED
22 | }
23 |
24 | /**
25 | * Retrieves the current state of the task execution engine.
26 | *
27 | * @return current state
28 | */
29 | TaskExecutionEngineState getState();
30 |
31 | /**
32 | * Sets the task execution engine state
33 | *
34 | * @param state new state
35 | */
36 | void setState(TaskExecutionEngineState state);
37 | }
38 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/CollaboratorPayload.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | import java.util.Optional;
12 |
13 | /**
14 | * Burp Collaborator payload.
15 | */
16 | public interface CollaboratorPayload
17 | {
18 | /**
19 | * Payload's interaction id.
20 | *
21 | * @return The interaction id of the payload.
22 | */
23 | InteractionId id();
24 |
25 | /**
26 | * Custom data from the payload.
27 | *
28 | * @return The payload's custom data.
29 | */
30 | Optional customData();
31 |
32 | /**
33 | * Optional instance of CollaboratorServer describing the
34 | * server location for this payload. If the payload was generated without
35 | * the server location this method will return an empty Optional.
36 | *
37 | * @return Details of the collaborator server referenced in the payload
38 | * or empty if the payload was generated without the server location.
39 | */
40 | Optional server();
41 |
42 | /**
43 | * The payload.
44 | *
45 | * @return The payload string.
46 | */
47 | @Override
48 | String toString();
49 | }
50 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/CollaboratorPayloadGenerator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | /**
12 | * Burp Collaborator payload generator
13 | * that can be used to generate Burp Collaborator payloads.
14 | */
15 | public interface CollaboratorPayloadGenerator
16 | {
17 | /**
18 | * Generate new Burp Collaborator payloads. Options
19 | * can be specified to alter the way the payloads are generated. If no
20 | * options are specified, generated payloads will include the server
21 | * location.
22 | *
23 | * @param options The optional payload options to apply
24 | *
25 | * @return The generated payload.
26 | *
27 | * @throws IllegalStateException if Burp Collaborator is disabled
28 | */
29 | CollaboratorPayload generatePayload(PayloadOption... options);
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/CollaboratorServer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | /**
12 | * Provides details of the Collaborator server associated with
13 | * this client.
14 | */
15 | public interface CollaboratorServer
16 | {
17 | /**
18 | * Address of the Collaborator server.
19 | *
20 | * @return The hostname or IP address of the Collaborator server.
21 | */
22 | String address();
23 |
24 | /**
25 | * Indicates whether the server address is an IP address.
26 | *
27 | * @return {@code true} if the address is an IP address; {@code false}
28 | * otherwise.
29 | */
30 | boolean isLiteralAddress();
31 | }
32 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/DnsDetails.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * Provides information about a DNS interaction detected by Burp
15 | * Collaborator.
16 | */
17 | public interface DnsDetails
18 | {
19 | /**
20 | * DNS query type.
21 | *
22 | * @return The type of DNS query performed by the interaction.
23 | */
24 | DnsQueryType queryType();
25 |
26 | /**
27 | * Raw DNS query.
28 | *
29 | * @return The raw DNS query sent to the Collaborator server.
30 | */
31 | ByteArray query();
32 | }
33 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/DnsQueryType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | /**
12 | * Domain Name System (DNS) query types.
13 | */
14 | public enum DnsQueryType
15 | {
16 | /**
17 | * Address Record
18 | */
19 | A,
20 | /**
21 | * IPv6 address record
22 | */
23 | AAAA,
24 | /**
25 | * All cached records
26 | */
27 | ALL,
28 | /**
29 | * Certification Authority Authorization
30 | */
31 | CAA,
32 | /**
33 | * Canonical name record
34 | */
35 | CNAME,
36 | /**
37 | * DNS Key record
38 | */
39 | DNSKEY,
40 | /**
41 | * Delegation signer
42 | */
43 | DS,
44 | /**
45 | * Host Information
46 | */
47 | HINFO,
48 | /**
49 | * HTTPS Binding
50 | */
51 | HTTPS,
52 | /**
53 | * Mail exchange record
54 | */
55 | MX,
56 | /**
57 | * Naming Authority Pointer
58 | */
59 | NAPTR,
60 | /**
61 | * Name Server Record
62 | */
63 | NS,
64 | /**
65 | * PTR Resource Record
66 | */
67 | PTR,
68 | /**
69 | * Start of authority record
70 | */
71 | SOA,
72 | /**
73 | * Service locator
74 | */
75 | SRV,
76 | /**
77 | * Text record
78 | */
79 | TXT,
80 | /**
81 | * Unknown / Not Mapped / Obsolete
82 | */
83 | UNKNOWN
84 |
85 | }
86 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/HttpDetails.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | import burp.api.montoya.http.HttpProtocol;
12 | import burp.api.montoya.http.message.HttpRequestResponse;
13 |
14 | /**
15 | * Provides information about an HTTP interaction detected by
16 | * Burp Collaborator.
17 | */
18 | public interface HttpDetails
19 | {
20 | /**
21 | * HTTP protocol.
22 | *
23 | * @return The HTTP protocol used by the interaction.
24 | */
25 | HttpProtocol protocol();
26 |
27 | /**
28 | * HTTP request and response.
29 | *
30 | * @return The HTTP request sent to the Collaborator server and the
31 | * server's response.
32 | */
33 | HttpRequestResponse requestResponse();
34 | }
35 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/InteractionId.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 |
12 | /**
13 | * Burp Collaborator interaction id.
14 | */
15 | public interface InteractionId
16 | {
17 | /**
18 | * Interaction id.
19 | *
20 | * @return The interaction id string.
21 | */
22 | @Override
23 | String toString();
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/InteractionType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | /**
12 | * Possible types of interaction with Burp Collaborator.
13 | */
14 | public enum InteractionType
15 | {
16 | /**
17 | * Domain Name System
18 | */
19 | DNS,
20 | /**
21 | * Hypertext Transfer Protocol
22 | */
23 | HTTP,
24 | /**
25 | * Simple Mail Transfer Protocol
26 | */
27 | SMTP
28 | }
29 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/PayloadOption.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | /**
12 | * Options that can be specified when generating Burp Collaborator payloads.
13 | */
14 | public enum PayloadOption
15 | {
16 | /**
17 | * Generate a payload excluding the server location
18 | */
19 | WITHOUT_SERVER_LOCATION
20 | }
21 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/SecretKey.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
12 |
13 | /**
14 | * Secret key that is associated with a {@link CollaboratorClient}
15 | */
16 | public interface SecretKey
17 | {
18 | /**
19 | * Secret key in string form.
20 | *
21 | * @return The base64 encoded secret key.
22 | */
23 | @Override
24 | String toString();
25 |
26 | /**
27 | * Create an instance of {@link SecretKey} which
28 | * you will be able to use to restore a previously created {@link CollaboratorClient}
29 | * with the {@link Collaborator#restoreClient(SecretKey)} method.
30 | *
31 | * @param encodedKey The base64 encoded raw secret key.
32 | *
33 | * @return An instance of {@link SecretKey} wrapping the provided secret key.
34 | */
35 | static SecretKey secretKey(String encodedKey)
36 | {
37 | return FACTORY.secretKey(encodedKey);
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/SmtpDetails.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | /**
12 | * SMTP interaction detected by Burp Collaborator.
13 | */
14 | public interface SmtpDetails
15 | {
16 | /**
17 | * SMTP protocol.
18 | *
19 | * @return The protocol used by the interaction.
20 | */
21 | SmtpProtocol protocol();
22 |
23 | /**
24 | * SMTP conversation.
25 | *
26 | * @return The SMTP conversation between the client and the Collaborator
27 | * server.
28 | */
29 | String conversation();
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/collaborator/SmtpProtocol.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.collaborator;
10 |
11 | /**
12 | * Simple Mail Transfer Protocol (SMTP) protocols.
13 | */
14 | public enum SmtpProtocol
15 | {
16 | /**
17 | * Simple Mail Transfer Protocol
18 | */
19 | SMTP,
20 | /**
21 | * Simple Mail Transfer Protocol Secure
22 | */
23 | SMTPS
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/comparer/Comparer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.comparer;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * Provides access to the functionality of the Comparer tool.
15 | */
16 | public interface Comparer
17 | {
18 | /**
19 | * Send data to the Comparer tool.
20 | *
21 | * @param data The data to be sent to Comparer.
22 | */
23 | void sendToComparer(ByteArray... data);
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/BurpSuiteEdition.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | /**
12 | * Editions of Burp Suite.
13 | */
14 | public enum BurpSuiteEdition
15 | {
16 | /**
17 | * Burp Suite professional edition
18 | */
19 | PROFESSIONAL("Professional"),
20 | /**
21 | * Burp Suite community edition
22 | */
23 | COMMUNITY_EDITION("Community Edition"),
24 | /**
25 | * Burp Suite enterprise edition
26 | */
27 | ENTERPRISE_EDITION("Enterprise Edition");
28 |
29 | private final String displayName;
30 |
31 | BurpSuiteEdition(String displayName)
32 | {
33 | this.displayName = displayName;
34 | }
35 |
36 | /**
37 | * @return displayName for this edition of Burp Suite.
38 | */
39 | public String displayName()
40 | {
41 | return displayName;
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/HighlightColor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
12 |
13 | /**
14 | * Colors that can be used for highlights in Burp Suite.
15 | */
16 | public enum HighlightColor
17 | {
18 | NONE("None"),
19 | RED("Red"),
20 | ORANGE("Orange"),
21 | YELLOW("Yellow"),
22 | GREEN("Green"),
23 | CYAN("Cyan"),
24 | BLUE("Blue"),
25 | PINK("Pink"),
26 | MAGENTA("Magenta"),
27 | GRAY("Gray");
28 |
29 | private final String displayName;
30 |
31 | HighlightColor(String displayName)
32 | {
33 | this.displayName = displayName;
34 | }
35 |
36 | /**
37 | * @return displayName of highlightColor
38 | */
39 | public String displayName()
40 | {
41 | return displayName;
42 | }
43 |
44 | /**
45 | * Create HighlightColor from display name string.
46 | *
47 | * @param colorName Color's display name
48 | *
49 | * @return highlight color instance
50 | */
51 | public static HighlightColor highlightColor(String colorName)
52 | {
53 | return FACTORY.highlightColor(colorName);
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/Marker.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
12 |
13 | /**
14 | * Marker containing a range representing interesting data in requests and responses.
15 | */
16 | public interface Marker
17 | {
18 | /**
19 | * @return The range of the marker.
20 | */
21 | Range range();
22 |
23 | /**
24 | * Create a marker object with a range.
25 | *
26 | * @param range The range of the marker.
27 | *
28 | * @return The marker with the range.
29 | */
30 | static Marker marker(Range range)
31 | {
32 | return FACTORY.marker(range);
33 | }
34 |
35 | /**
36 | * Create a marker object from two indices representing a range.
37 | *
38 | * @param startIndexInclusive The start index of the range inclusive of this value.
39 | * @param endIndexExclusive The end index of the range exclusive of this value.
40 | *
41 | * @return The marker with the range.
42 | */
43 | static Marker marker(int startIndexInclusive, int endIndexExclusive)
44 | {
45 | return FACTORY.marker(startIndexInclusive, endIndexExclusive);
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/Range.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
12 |
13 | /**
14 | * Range of integer values between two values in which the range includes the start value but excludes the end value.
15 | */
16 | public interface Range
17 | {
18 | /**
19 | * @return the inclusive start index
20 | */
21 | int startIndexInclusive();
22 |
23 | /**
24 | * @return the exclusive end index
25 | */
26 | int endIndexExclusive();
27 |
28 | /**
29 | * @param index The index to test.
30 | *
31 | * @return True if the index is in the range.
32 | */
33 | boolean contains(int index);
34 |
35 | /**
36 | * Create a range object from two indices.
37 | *
38 | * @param startIndexInclusive The start index of the range inclusive of this value.
39 | * @param endIndexExclusive The end index of the range exclusive of this value.
40 | *
41 | * @return The range.
42 | */
43 | static Range range(int startIndexInclusive, int endIndexExclusive)
44 | {
45 | return FACTORY.range(startIndexInclusive, endIndexExclusive);
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/Registration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | /**
12 | * Returned when an object is registered by an extension in Burp Suite.
13 | */
14 | public interface Registration
15 | {
16 | /**
17 | * Determines whether the object registered by the extension is currently registered.
18 | *
19 | * @return Returns {@code true} if the object is registered.
20 | */
21 | boolean isRegistered();
22 |
23 | /**
24 | * Remove the object registered by the extension.
25 | */
26 | void deregister();
27 | }
28 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/Task.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | /**
12 | * Task on the Dashboard.
13 | */
14 | public interface Task
15 | {
16 | /**
17 | * Delete the task.
18 | */
19 | void delete();
20 |
21 | /**
22 | * @return the current status message of the task
23 | */
24 | String statusMessage();
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/ToolSource.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | /**
12 | * Tool that is the source of an object.
13 | */
14 | public interface ToolSource
15 | {
16 | /**
17 | * @return the tool type.
18 | */
19 | ToolType toolType();
20 |
21 | /**
22 | * Determine whether this tool source is from a specified tool.
23 | *
24 | * @param toolType The tool types to check.
25 | *
26 | * @return Returns {@code true} if this tool source is from any of the
27 | * specified tool types.
28 | */
29 | boolean isFromTool(ToolType... toolType);
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/core/ToolType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.core;
10 |
11 | /**
12 | * Tools in Burp Suite.
13 | */
14 | public enum ToolType
15 | {
16 | SUITE("Suite"),
17 | TARGET("Target"),
18 | PROXY("Proxy"),
19 | SCANNER("Scanner"),
20 | INTRUDER("Intruder"),
21 | REPEATER("Repeater"),
22 | LOGGER("Logger"),
23 | SEQUENCER("Sequencer"),
24 | DECODER("Decoder"),
25 | COMPARER("Comparer"),
26 | EXTENSIONS("Extensions"),
27 | RECORDED_LOGIN_REPLAYER("Recorded login replayer"),
28 | ORGANIZER("Organizer");
29 |
30 | private final String toolName;
31 |
32 | ToolType(String toolName)
33 | {
34 | this.toolName = toolName;
35 | }
36 |
37 | /**
38 | * @return The tool name.
39 | */
40 | public String toolName()
41 | {
42 | return toolName;
43 | }
44 |
45 | /**
46 | * @return The tool name.
47 | */
48 | @Override
49 | public String toString()
50 | {
51 | return toolName;
52 | }
53 | }
54 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/decoder/Decoder.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.decoder;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * Provides access to the functionality of the Decoder tool.
15 | */
16 | public interface Decoder
17 | {
18 | /**
19 | * Send data to the Decoder tool.
20 | *
21 | * @param data The data to be sent to Decoder.
22 | */
23 | void sendToDecoder(ByteArray data);
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/extension/ExtensionUnloadingHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.extension;
10 |
11 |
12 | /**
13 | * Extensions can implement this interface and then call
14 | * {@link Extension#registerUnloadingHandler(ExtensionUnloadingHandler)} to
15 | * register an extension unload handler. The handler will be notified when an
16 | * extension is unloaded.
17 | * Note: Any extensions that start background
18 | * threads or open system resources (such as files or database connections)
19 | * should register a handler and terminate threads / close resources when the
20 | * extension is unloaded.
21 | */
22 | public interface ExtensionUnloadingHandler
23 | {
24 | /**
25 | * This method is invoked when the extension is unloaded.
26 | */
27 | void extensionUnloaded();
28 | }
29 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/HttpMode.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http;
10 |
11 | /**
12 | * HTTP modes when sending a request.
13 | */
14 | public enum HttpMode
15 | {
16 | /**
17 | * Use the HTTP protocol specified by the server
18 | */
19 | AUTO,
20 | /**
21 | * Use HTTP 1 protocol for the connection.
22 | * Will error if server is HTTP 2 only.
23 | */
24 | HTTP_1,
25 | /**
26 | * Use HTTP 2 protocol for the connection.
27 | * Will error if server is HTTP 1 only.
28 | */
29 | HTTP_2,
30 | /**
31 | * Force HTTP 2 and ignore ALPN.
32 | * Will not error if server is HTTP 1 only.
33 | */
34 | HTTP_2_IGNORE_ALPN
35 | }
36 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/HttpProtocol.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http;
10 |
11 | /**
12 | * HTTP protocols.
13 | */
14 | public enum HttpProtocol
15 | {
16 | /**
17 | * Hypertext Transfer Protocol
18 | */
19 | HTTP,
20 | /**
21 | * Hypertext Transfer Protocol Secure
22 | */
23 | HTTPS
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/RequestOptions.java:
--------------------------------------------------------------------------------
1 | package burp.api.montoya.http;
2 |
3 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
4 |
5 | /**
6 | * Interface used to specify options for making HTTP requests.
7 | */
8 | public interface RequestOptions
9 | {
10 | /**
11 | * Specify HTTP mode to be used when request sent.
12 | *
13 | * @param httpMode An {@link HttpMode} enum value which indicates how a request should be sent.
14 | *
15 | * @return request options
16 | */
17 | RequestOptions withHttpMode(HttpMode httpMode);
18 |
19 | /**
20 | * Specify connectionId when sending request over specific connection.
21 | *
22 | * @param connectionId The connection identifier to use.
23 | *
24 | * @return request options
25 | */
26 | RequestOptions withConnectionId(String connectionId);
27 |
28 | /**
29 | * Enforce upstream TLS verification when request sent.
30 | *
31 | * @return request options
32 | */
33 | RequestOptions withUpstreamTLSVerification();
34 |
35 | /**
36 | * Use to obtain a new RequestOptions instance
37 | *
38 | * @return request options
39 | */
40 | static RequestOptions requestOptions()
41 | {
42 | return FACTORY.requestOptions();
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/handler/HttpHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.handler;
10 |
11 | import burp.api.montoya.http.Http;
12 |
13 | /**
14 | * Extensions can implement this interface and then call {@link Http#registerHttpHandler} to register an HTTP handler. The handler
15 | * will be notified of requests and responses made and received by any Burp tool. Extensions can perform custom analysis or modification
16 | * of these messages by registering an HTTP handler.
17 | */
18 | public interface HttpHandler
19 | {
20 | /**
21 | * Invoked by Burp when an HTTP request is about to be sent.
22 | *
23 | * @param requestToBeSent information about the HTTP request that is going to be sent.
24 | *
25 | * @return An instance of {@link RequestToBeSentAction}.
26 | */
27 | RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent requestToBeSent);
28 |
29 | /**
30 | * Invoked by Burp when an HTTP response has been received.
31 | *
32 | * @param responseReceived information about HTTP response that was received.
33 | *
34 | * @return An instance of {@link ResponseReceivedAction}.
35 | */
36 | ResponseReceivedAction handleHttpResponseReceived(HttpResponseReceived responseReceived);
37 | }
38 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/handler/RequestAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.handler;
10 |
11 | /**
12 | * Action to be taken when intercepting HTTP requests.
13 | */
14 | public enum RequestAction
15 | {
16 | /**
17 | * Causes Burp to send the request.
18 | */
19 | CONTINUE
20 | }
21 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/handler/ResponseAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.handler;
10 |
11 | /**
12 | * Action to be taken when intercepting HTTP responses.
13 | */
14 | public enum ResponseAction
15 | {
16 | /**
17 | * Causes Burp to send the response.
18 | */
19 | CONTINUE
20 | }
21 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/handler/TimingData.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.handler;
10 |
11 | import java.time.Duration;
12 | import java.time.ZonedDateTime;
13 |
14 | /**
15 | * Timing data
16 | */
17 | public interface TimingData
18 | {
19 | /**
20 | * The time between when Burp sent the request and the start of the response being received.
21 | *
22 | * @return the duration or null if no response returned.
23 | */
24 | Duration timeBetweenRequestSentAndStartOfResponse();
25 |
26 | /**
27 | * The time between when Burp sent the request and the end of the response being received.
28 | *
29 | * @return the duration or null if no response returned or the response never completes.
30 | */
31 | Duration timeBetweenRequestSentAndEndOfResponse();
32 |
33 | /**
34 | * The time that Burp issued the request.
35 | *
36 | * @return the time that Burp issued the request.
37 | */
38 | ZonedDateTime timeRequestSent();
39 | }
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/ContentType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message;
10 |
11 | /**
12 | * Content types recognised by Burp.
13 | */
14 | public enum ContentType
15 | {
16 | NONE,
17 | UNKNOWN,
18 | AMF,
19 | JSON,
20 | MULTIPART,
21 | URL_ENCODED,
22 | XML
23 | }
24 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/Cookie.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message;
10 |
11 | import burp.api.montoya.http.message.responses.HttpResponse;
12 |
13 | import java.time.ZonedDateTime;
14 | import java.util.Optional;
15 |
16 | /**
17 | * Burp cookie able to retrieve and hold details about a cookie.
18 | */
19 | public interface Cookie
20 | {
21 | /**
22 | * @return The name of the cookie
23 | */
24 | String name();
25 |
26 | /**
27 | * @return The value of the cookie.
28 | */
29 | String value();
30 |
31 | /**
32 | * Domain for which the cookie is in scope.
33 | * Note: For cookies that have been obtained from generated responses
34 | * (by calling {@link HttpResponse#httpResponse} and then {@link HttpResponse#cookies}), the domain will be {@code null} if the response
35 | * did not explicitly set a domain attribute for the cookie.
36 | *
37 | * @return The domain for which the cookie is in scope.
38 | */
39 | String domain();
40 |
41 | /**
42 | * Path for which the cookie is in scope.
43 | *
44 | * @return The path for which the cookie is in scope or {@code null} if none is set.
45 | */
46 | String path();
47 |
48 | /**
49 | * Expiration time for the cookie if available.
50 | *
51 | * @return The expiration time for the cookie (i.e., for non-persistent session cookies).
52 | */
53 | Optional expiration();
54 | }
55 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/MimeType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message;
10 |
11 | /**
12 | * MIME types that are recognised by Burp.
13 | */
14 | public enum MimeType
15 | {
16 | NONE("none"),
17 | UNRECOGNIZED("unrecognized content"),
18 | AMBIGUOUS("ambiguous"),
19 | HTML("HTML"),
20 | PLAIN_TEXT("plain text"),
21 | CSS("CSS"),
22 | SCRIPT("script"),
23 | JSON("JSON"),
24 | RTF("RTF"),
25 | XML("XML"),
26 | YAML("YAML"),
27 | IMAGE_UNKNOWN("an unknown image type"),
28 | IMAGE_JPEG("a JPEG image"),
29 | IMAGE_GIF("a GIF image"),
30 | IMAGE_PNG("a PNG image"),
31 | IMAGE_BMP("a BMP image"),
32 | IMAGE_TIFF("a TIFF image"),
33 | IMAGE_SVG_XML("a SVG image"),
34 | SOUND("sound"),
35 | VIDEO("video"),
36 | APPLICATION_FLASH("a flash object"),
37 | APPLICATION_UNKNOWN("an unknown application type"),
38 | FONT_WOFF("a WOFF font file"),
39 | FONT_WOFF2("a WOFF2 font file"),
40 | LEGACY_SER_AMF("");
41 |
42 | private final String description;
43 |
44 | MimeType(String description)
45 | {
46 | this.description = description;
47 | }
48 |
49 | /**
50 | * @return MIME type description.
51 | */
52 | public String description()
53 | {
54 | return description;
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/params/HttpParameterType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.params;
10 |
11 | /**
12 | * HTTP parameter types.
13 | */
14 | public enum HttpParameterType
15 | {
16 | URL,
17 | BODY,
18 | COOKIE,
19 | XML,
20 | XML_ATTRIBUTE,
21 | MULTIPART_ATTRIBUTE,
22 | JSON
23 | }
24 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/params/ParsedHttpParameter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.params;
10 |
11 | import burp.api.montoya.core.Range;
12 |
13 | /**
14 | * Burp {@link HttpParameter} with additional details about an HTTP request parameter that has been parsed by Burp.
15 | */
16 | public interface ParsedHttpParameter extends HttpParameter
17 | {
18 | /**
19 | * @return The parameter type.
20 | */
21 | @Override
22 | HttpParameterType type();
23 |
24 | /**
25 | * @return The parameter name.
26 | */
27 | @Override
28 | String name();
29 |
30 | /**
31 | * @return The parameter value.
32 | */
33 | @Override
34 | String value();
35 |
36 | /**
37 | * Offsets of the parameter name within the HTTP request.
38 | *
39 | * @return The parameter name offsets.
40 | */
41 | Range nameOffsets();
42 |
43 | /**
44 | * Offsets of the parameter value within the HTTP request.
45 | *
46 | * @return The parameter value offsets.
47 | */
48 | Range valueOffsets();
49 | }
50 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/requests/HttpTransformation.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.requests;
10 |
11 | /**
12 | * This enum defines transformations that Burp can apply to an HTTP request.
13 | */
14 | public enum HttpTransformation
15 | {
16 | /**
17 | * Convert a GET request into a POST request
18 | * or
19 | * Convert a POST request into a GET request
20 | */
21 | TOGGLE_METHOD
22 | }
23 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/requests/MalformedRequestException.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.requests;
10 |
11 | /**
12 | * This class represents an exception which is thrown when trying to retrieve attributes from a malformed request.
13 | */
14 | public class MalformedRequestException extends RuntimeException
15 | {
16 | public MalformedRequestException(String message)
17 | {
18 | super(message);
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/responses/analysis/Attribute.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.responses.analysis;
10 |
11 | /**
12 | * Burp attribute able to retrieve to hold details about HTTP response attributes.
13 | */
14 | public interface Attribute
15 | {
16 | /**
17 | * @return The attribute type.
18 | */
19 | AttributeType type();
20 |
21 | /**
22 | * @return The attribute value.
23 | */
24 | int value();
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/responses/analysis/AttributeType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.responses.analysis;
10 |
11 | /**
12 | * Otions that Burp can use to query attributes of HTTP responses.
13 | */
14 | public enum AttributeType
15 | {
16 | STATUS_CODE,
17 | ETAG_HEADER,
18 | LAST_MODIFIED_HEADER,
19 | CONTENT_TYPE,
20 | CONTENT_LENGTH,
21 | COOKIE_NAMES,
22 | TAG_NAMES,
23 | TAG_IDS,
24 | DIV_IDS,
25 | BODY_CONTENT,
26 | VISIBLE_TEXT,
27 | WORD_COUNT,
28 | VISIBLE_WORD_COUNT,
29 | COMMENTS,
30 | INITIAL_CONTENT,
31 | CANONICAL_LINK,
32 | PAGE_TITLE,
33 | FIRST_HEADER_TAG,
34 | HEADER_TAGS,
35 | ANCHOR_LABELS,
36 | INPUT_SUBMIT_LABELS,
37 | BUTTON_SUBMIT_LABELS,
38 | CSS_CLASSES,
39 | LINE_COUNT,
40 | LIMITED_BODY_CONTENT,
41 | OUTBOUND_EDGE_COUNT,
42 | OUTBOUND_EDGE_TAG_NAMES,
43 | INPUT_IMAGE_LABELS,
44 | CONTENT_LOCATION,
45 | LOCATION,
46 | NON_HIDDEN_FORM_INPUT_TYPES
47 | }
48 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/responses/analysis/KeywordCount.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.responses.analysis;
10 |
11 | /**
12 | * Stores the number of types a given keyword appeared in a response.
13 | */
14 | public interface KeywordCount
15 | {
16 | /**
17 | * @return The keyword.
18 | */
19 | String keyword();
20 |
21 | /**
22 | * @return The number of times the keyword appeared in a response.
23 | */
24 | int count();
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/responses/analysis/ResponseKeywordsAnalyzer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.responses.analysis;
10 |
11 | import burp.api.montoya.http.message.responses.HttpResponse;
12 |
13 | import java.util.Set;
14 |
15 | /**
16 | * Analyze HTTP responses and retrieve keywords.
17 | */
18 | public interface ResponseKeywordsAnalyzer
19 | {
20 | /**
21 | * @return A set of keywords whose counts vary between the analyzed responses.
22 | */
23 | Set variantKeywords();
24 |
25 | /**
26 | * @return A set of keywords whose counts do not vary between the analyzed responses.
27 | */
28 | Set invariantKeywords();
29 |
30 | /**
31 | * Update the analysis based on an additional response.
32 | *
33 | * @param response The new response to include in the analysis.
34 | */
35 | void updateWith(HttpResponse response);
36 | }
37 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/message/responses/analysis/ResponseVariationsAnalyzer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.message.responses.analysis;
10 |
11 | import burp.api.montoya.http.message.responses.HttpResponse;
12 |
13 | import java.util.Set;
14 |
15 | /**
16 | * Analyze HTTP responses and find variations between them, according to various attributes.
17 | */
18 | public interface ResponseVariationsAnalyzer
19 | {
20 | /**
21 | * @return The attributes that vary between the analyzed responses.
22 | */
23 | Set variantAttributes();
24 |
25 | /**
26 | * @return The attributes that do not vary between the analyzed responses.
27 | */
28 | Set invariantAttributes();
29 |
30 | /**
31 | * Update the analysis based on an additional response.
32 | *
33 | * @param response The new response to include in the analysis.
34 | */
35 | void updateWith(HttpResponse response);
36 | }
37 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/sessions/ActionResult.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.sessions;
10 |
11 | import burp.api.montoya.core.Annotations;
12 | import burp.api.montoya.http.message.requests.HttpRequest;
13 |
14 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
15 |
16 | /**
17 | * An instance of this interface should be returned by {@link SessionHandlingAction#performAction(SessionHandlingActionData)}.
18 | */
19 | public interface ActionResult
20 | {
21 | /**
22 | * @return The HTTP request.
23 | */
24 | HttpRequest request();
25 |
26 | /**
27 | * @return The annotations.
28 | */
29 | Annotations annotations();
30 |
31 | /**
32 | * Create a new instance of {@code ActionResult}.
33 | * Annotations will not be modified.
34 | *
35 | * @param request An HTTP request.
36 | *
37 | * @return A new {@code ActionResult} instance.
38 | */
39 | static ActionResult actionResult(HttpRequest request)
40 | {
41 | return FACTORY.actionResult(request);
42 | }
43 |
44 | /**
45 | * Create a new instance of {@code ActionResult}.
46 | *
47 | * @param request An HTTP request.
48 | * @param annotations modified annotations.
49 | *
50 | * @return A new {@code ActionResult} instance.
51 | */
52 | static ActionResult actionResult(HttpRequest request, Annotations annotations)
53 | {
54 | return FACTORY.actionResult(request, annotations);
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/sessions/CookieJar.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.sessions;
10 |
11 | import burp.api.montoya.http.message.Cookie;
12 |
13 | import java.time.ZonedDateTime;
14 | import java.util.List;
15 |
16 | /**
17 | * Provides access to Burp's Cookie Jar functionality.
18 | */
19 | public interface CookieJar
20 | {
21 | /**
22 | * Add a new HTTP cookie to the Cookie Jar.
23 | *
24 | * @param name The name of the cookie.
25 | * @param value The value of the cookie.
26 | * @param path The path for which the cookie is in scope or {@code null} if none is set.
27 | * @param domain The domain for which the cookie is in scope.
28 | * @param expiration The expiration time for the cookie, or {@code null} if none is set (i.e., for non-persistent session cookies).
29 | */
30 | void setCookie(String name, String value, String path, String domain, ZonedDateTime expiration);
31 |
32 | /**
33 | * @return A list of stored cookies.
34 | */
35 | List cookies();
36 | }
37 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/sessions/SessionHandlingAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.sessions;
10 |
11 | import burp.api.montoya.http.Http;
12 |
13 | /**
14 | * Extensions can implement this interface and then call {@link Http#registerSessionHandlingAction} to register a custom session handling action. Each registered action will be
15 | * available within the session handling rule UI for the user to select as a rule action. Users can choose to invoke an action directly in its own right, or following execution of
16 | * a macro.
17 | */
18 | public interface SessionHandlingAction
19 | {
20 | /**
21 | * @return Action name
22 | */
23 | String name();
24 |
25 | /**
26 | * Invoked when the session handling action should be executed.
27 | * This may happen as an action in its own right, or as a sub-action following execution of a macro.
28 | * It can issue additional requests of its own if necessary, and can return a modified base request in the {@link ActionResult}
29 | *
30 | * @param actionData {@link SessionHandlingActionData} The action can query this object to obtain details about the base request.
31 | *
32 | * @return A new {@link ActionResult} instance.
33 | */
34 | ActionResult performAction(SessionHandlingActionData actionData);
35 | }
36 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/http/sessions/SessionHandlingActionData.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.http.sessions;
10 |
11 | import burp.api.montoya.core.Annotations;
12 | import burp.api.montoya.http.message.HttpRequestResponse;
13 | import burp.api.montoya.http.message.requests.HttpRequest;
14 |
15 | import java.util.List;
16 |
17 | /**
18 | * Information required for session handling.
19 | */
20 | public interface SessionHandlingActionData
21 | {
22 | /**
23 | * @return The base request that is currently being processed.
24 | */
25 | HttpRequest request();
26 |
27 | /**
28 | * If the action is invoked following execution of a macro, this method contains the result of executing the macro. Otherwise, it is an empty list. Actions can use the details
29 | * of the macro items to perform custom analysis of the macro to derive values of non-standard session handling tokens, etc.
30 | *
31 | * @return List of {@link HttpRequestResponse} generated during the execution of the macro.
32 | */
33 | List macroRequestResponses();
34 |
35 | /**
36 | * @return The message annotation on the request.
37 | */
38 | Annotations annotations();
39 | }
40 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/internal/ObjectFactoryLocator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.internal;
10 |
11 | public class ObjectFactoryLocator
12 | {
13 | /**
14 | * This is initialized when your extension is loaded.
15 | */
16 | public static MontoyaObjectFactory FACTORY = null;
17 | }
18 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/AttackConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | import burp.api.montoya.http.HttpService;
12 |
13 | import java.util.Optional;
14 |
15 | /**
16 | * Intruder attack configuration.
17 | */
18 | public interface AttackConfiguration
19 | {
20 | /**
21 | * {@link HttpService} for the attack.
22 | *
23 | * @return An {@link Optional} of {@link HttpService} instance derived from this attack configuration or {@link Optional#empty} if the target template contains payload markers.
24 | */
25 | Optional httpService();
26 |
27 | /**
28 | * HTTP request template and insertion point offsets in a
29 | * form of an {@link HttpRequestTemplate} instance.
30 | *
31 | * @return An instance of {@link HttpRequestTemplate}.
32 | */
33 | HttpRequestTemplate requestTemplate();
34 | }
35 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/GeneratedPayload.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
14 |
15 | /**
16 | * Intruder payload.
17 | */
18 | public interface GeneratedPayload
19 | {
20 | /**
21 | * @return Payload value.
22 | */
23 | ByteArray value();
24 |
25 | /**
26 | * Create a new {@link GeneratedPayload} instance from a String payload value.
27 | *
28 | * @param payload String payload value.
29 | *
30 | * @return A new {@link GeneratedPayload} instance.
31 | */
32 | static GeneratedPayload payload(String payload)
33 | {
34 | return FACTORY.payload(payload);
35 | }
36 |
37 | /**
38 | * Create a new {@link GeneratedPayload} instance from a byte array payload value.
39 | *
40 | * @param payload Byte array payload value.
41 | *
42 | * @return A new {@link GeneratedPayload} instance.
43 | */
44 | static GeneratedPayload payload(ByteArray payload)
45 | {
46 | return FACTORY.payload(payload);
47 | }
48 |
49 | /**
50 | * Create a new {@link GeneratedPayload} instance to signify there are no more payloads.
51 | *
52 | * @return A new {@link GeneratedPayload} instance.
53 | */
54 | static GeneratedPayload end()
55 | {
56 | return FACTORY.payloadEnd();
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/HttpRequestTemplateGenerationOptions.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | /**
12 | * Options that can be used to generate a new HttpRequestTemplate.
13 | */
14 | public enum HttpRequestTemplateGenerationOptions
15 | {
16 | /**
17 | * Replace base parameter value with offsets.
18 | */
19 | REPLACE_BASE_PARAMETER_VALUE_WITH_OFFSETS,
20 |
21 | /**
22 | * Append offsets to base parameter value.
23 | */
24 | APPEND_OFFSETS_TO_BASE_PARAMETER_VALUE
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/IntruderInsertionPoint.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * Intruder insertion point for attack payloads.
15 | */
16 | public interface IntruderInsertionPoint
17 | {
18 | /**
19 | * @return The base value of the insertion point.
20 | */
21 | ByteArray baseValue();
22 | }
23 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/PayloadData.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * Contains information about the payload
15 | */
16 | public interface PayloadData
17 | {
18 | /**
19 | * @return The value of the payload to be processed.
20 | */
21 | ByteArray currentPayload();
22 |
23 | /**
24 | * @return The value of the original payload prior to processing by any already-applied processing rules
25 | */
26 | ByteArray originalPayload();
27 |
28 | /**
29 | * @return The insertion point data.
30 | */
31 | IntruderInsertionPoint insertionPoint();
32 | }
33 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/PayloadGenerator.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | /**
12 | * Intruder payload generator. Extensions that have registered
13 | * a {@link PayloadGeneratorProvider} must return a new instance of this interface when required as part
14 | * of a new Intruder attack.
15 | */
16 | public interface PayloadGenerator
17 | {
18 | /**
19 | * Invoked by Burp to obtain the value of the next payload.
20 | * Should return {@link GeneratedPayload#end()} instance to signal to Burp that the generator has finished.
21 | *
22 | * @param insertionPoint Insertion point for the payload.
23 | *
24 | * @return A generated Intruder payload.
25 | */
26 | GeneratedPayload generatePayloadFor(IntruderInsertionPoint insertionPoint);
27 | }
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/PayloadGeneratorProvider.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | /**
12 | * Extensions can implement this interface and then call {@link Intruder#registerPayloadGeneratorProvider}
13 | * to register a provider for custom Intruder payload generators.
14 | */
15 | public interface PayloadGeneratorProvider
16 | {
17 | /**
18 | * Name Burp will use when displaying the payload generator
19 | * in a dropdown list in the UI.
20 | *
21 | * @return Name of the payload generator.
22 | */
23 | String displayName();
24 |
25 | /**
26 | * Invoked by Burp to obtain an instance of {@link PayloadGenerator}
27 | * to add to Intruder.
28 | *
29 | * @param attackConfiguration An object containing information about the currently
30 | * selected attack configuration tab.
31 | *
32 | * @return An instance of an object that implements the {@link PayloadGenerator} interface.
33 | */
34 | PayloadGenerator providePayloadGenerator(AttackConfiguration attackConfiguration);
35 | }
36 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/PayloadProcessingAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | /**
12 | * Instructions that the payload processor can give Intruder for the current payload.
13 | */
14 | public enum PayloadProcessingAction
15 | {
16 | /**
17 | * Skip the current payload
18 | */
19 | SKIP_PAYLOAD,
20 | /**
21 | * Use the current payload
22 | */
23 | USE_PAYLOAD
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/intruder/PayloadProcessor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.intruder;
10 |
11 | /**
12 | * Extensions can implement this interface and then call {@link Intruder#registerPayloadProcessor} to register a
13 | * custom Intruder payload processor.
14 | */
15 | public interface PayloadProcessor
16 | {
17 | /**
18 | * Name Burp will use when displaying the payload processor
19 | * in a dropdown list in the UI.
20 | *
21 | * @return Name of the payload processor
22 | */
23 | String displayName();
24 |
25 | /**
26 | * Invoked by Burp each time the processor should be applied to an Intruder payload.
27 | *
28 | * @param payloadData Information about the current payload to be processed
29 | *
30 | * @return The value of the processed payload.
31 | */
32 | PayloadProcessingResult processPayload(PayloadData payloadData);
33 | }
34 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/organizer/Organizer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.organizer;
10 |
11 | import burp.api.montoya.http.message.HttpRequestResponse;
12 | import burp.api.montoya.http.message.requests.HttpRequest;
13 |
14 | /**
15 | * Provides access to the functionality of the Organizer tool.
16 | */
17 | public interface Organizer
18 | {
19 | /**
20 | * This method can be used to send an HTTP request to the Burp Organizer
21 | * tool.
22 | *
23 | * @param request The full HTTP request.
24 | */
25 | void sendToOrganizer(HttpRequest request);
26 |
27 | /**
28 | * This method can be used to send an HTTP request and response to the Burp
29 | * Organizer tool.
30 | *
31 | * @param requestResponse The full HTTP request and response.
32 | */
33 | void sendToOrganizer(HttpRequestResponse requestResponse);
34 | }
35 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/persistence/Persistence.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.persistence;
10 |
11 | /**
12 | * Provides access to the persistence functionality.
13 | */
14 | public interface Persistence
15 | {
16 | /**
17 | * Access data storage functionality in the Burp project. When Burp is started without
18 | * a project file, the data is stored in memory.
19 | *
20 | * @return An implementation of the {@link PersistedObject} interface
21 | * that stores data in either the project file or memory.
22 | */
23 | PersistedObject extensionData();
24 |
25 | /**
26 | * Access Java preference store functionality
27 | * in a way that survives reloads of the extension and of Burp Suite.
28 | *
29 | * @return An implementation of the {@link Preferences} interface
30 | * that stores data in a persistent way.
31 | */
32 | Preferences preferences();
33 | }
34 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/MessageReceivedAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy;
10 |
11 | /**
12 | * This enum represents the initial action to be taken when intercepting HTTP and WebSocket
13 | * messages in the Proxy.
14 | */
15 | public enum MessageReceivedAction
16 | {
17 | /**
18 | * Causes Burp Proxy to follow the current interception rules to determine
19 | * the appropriate action to take for the message.
20 | */
21 | CONTINUE,
22 |
23 | /**
24 | * Causes Burp Proxy to present the message to the user for manual review
25 | * or modification.
26 | */
27 | INTERCEPT,
28 |
29 | /**
30 | * Causes Burp Proxy to forward the message without presenting it to the
31 | * user.
32 | */
33 | DO_NOT_INTERCEPT,
34 |
35 | /**
36 | * Causes Burp Proxy to drop the message.
37 | */
38 | DROP
39 | }
40 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/MessageToBeSentAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy;
10 |
11 | /**
12 | * This enum represents the final action to be taken when intercepting HTTP and WebSocket
13 | * messages in the Proxy.
14 | */
15 | public enum MessageToBeSentAction
16 | {
17 | /**
18 | * Causes Burp Proxy to forward the message.
19 | */
20 | CONTINUE,
21 |
22 | /**
23 | * Causes Burp Proxy to drop the message.
24 | */
25 | DROP
26 | }
27 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/ProxyHistoryFilter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy;
10 |
11 | /**
12 | * Extensions can implement this interface and then call
13 | * {@link Proxy#history(ProxyHistoryFilter)} to get a filtered list of items in
14 | * the Proxy history.
15 | */
16 | public interface ProxyHistoryFilter
17 | {
18 | /**
19 | * This method is invoked for every item in the Proxy history to determine
20 | * whether it should be included in the filtered list of items.
21 | *
22 | * @param requestResponse A {@link ProxyHttpRequestResponse} object that
23 | * extensions can use to determine whether the item should be included in
24 | * the filtered list of items.
25 | *
26 | * @return Return {@code true} if the item should be included in the
27 | * filtered list of items.
28 | */
29 | boolean matches(ProxyHttpRequestResponse requestResponse);
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/ProxyWebSocketHistoryFilter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy;
10 |
11 | /**
12 | * Extensions can implement this interface and then call
13 | * {@link Proxy#webSocketHistory(ProxyWebSocketHistoryFilter)} to get a filtered list of items in
14 | * the Proxy WebSockets history.
15 | */
16 | public interface ProxyWebSocketHistoryFilter
17 | {
18 | /**
19 | * This method is invoked for every item in the Proxy WebSockets history to determine
20 | * whether it should be included in the filtered list of items.
21 | *
22 | * @param message A {@link ProxyWebSocketMessage} object that
23 | * extensions can use to determine whether the item should be included in
24 | * the filtered list of items.
25 | *
26 | * @return Return {@code true} if the item should be included in the
27 | * filtered list of items.
28 | */
29 | boolean matches(ProxyWebSocketMessage message);
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/websocket/InterceptedBinaryMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy.websocket;
10 |
11 | import burp.api.montoya.core.Annotations;
12 | import burp.api.montoya.core.ByteArray;
13 | import burp.api.montoya.websocket.BinaryMessage;
14 | import burp.api.montoya.websocket.Direction;
15 |
16 | public interface InterceptedBinaryMessage extends BinaryMessage
17 | {
18 | /**
19 | * @return The annotations.
20 | */
21 | Annotations annotations();
22 |
23 | /**
24 | * @return Binary based WebSocket payload.
25 | */
26 | @Override
27 | ByteArray payload();
28 |
29 | /**
30 | * @return The direction of the message.
31 | */
32 | @Override
33 | Direction direction();
34 | }
35 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/websocket/InterceptedTextMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy.websocket;
10 |
11 | import burp.api.montoya.core.Annotations;
12 | import burp.api.montoya.websocket.Direction;
13 | import burp.api.montoya.websocket.TextMessage;
14 |
15 | public interface InterceptedTextMessage extends TextMessage
16 | {
17 | /**
18 | * @return The annotations.
19 | */
20 | Annotations annotations();
21 |
22 | /**
23 | * @return Text based WebSocket payload.
24 | */
25 | @Override
26 | String payload();
27 |
28 | /**
29 | * @return The direction of the message.
30 | */
31 | @Override
32 | Direction direction();
33 | }
34 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/websocket/ProxyWebSocketCreation.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy.websocket;
10 |
11 | import burp.api.montoya.http.message.requests.HttpRequest;
12 |
13 | /**
14 | * Information about the proxy web socket that is being created.
15 | */
16 | public interface ProxyWebSocketCreation
17 | {
18 | /**
19 | * @return The ProxyWebSocket that is being created.
20 | */
21 | ProxyWebSocket proxyWebSocket();
22 |
23 | /**
24 | * @return The HTTP upgrade request that initiated the WebSocket creation.
25 | */
26 | HttpRequest upgradeRequest();
27 | }
28 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/proxy/websocket/ProxyWebSocketCreationHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.proxy.websocket;
10 |
11 | import burp.api.montoya.proxy.Proxy;
12 |
13 | /**
14 | * Extensions can implement this interface and then call {@link Proxy#registerWebSocketCreationHandler} to register a WebSocket handler.
15 | * The handler will be notified of new WebSockets being created by the Proxy tool.
16 | */
17 | public interface ProxyWebSocketCreationHandler
18 | {
19 | /**
20 | * Invoked by Burp when a WebSocket is being created by the Proxy tool.
21 | * Note that the client side of the connection will not be upgraded until after this method completes.
22 | *
23 | * @param webSocketCreation {@link ProxyWebSocketCreation} containing information about the proxy websocket that is being created
24 | */
25 | void handleWebSocketCreation(ProxyWebSocketCreation webSocketCreation);
26 | }
27 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/repeater/Repeater.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.repeater;
10 |
11 | import burp.api.montoya.http.message.requests.HttpRequest;
12 |
13 | /**
14 | * Provides access to the functionality of the Repeater tool.
15 | */
16 | public interface Repeater
17 | {
18 | /**
19 | * This method can be used to send an HTTP request to the Burp Repeater
20 | * tool. The request will be displayed in the user interface using a
21 | * default tab index, but will not be sent until the user initiates
22 | * this action.
23 | *
24 | * @param request The full HTTP request.
25 | */
26 | void sendToRepeater(HttpRequest request);
27 |
28 | /**
29 | * This method can be used to send an HTTP request to the Burp Repeater
30 | * tool. The request will be displayed in the user interface, but will not
31 | * be issued until the user initiates this action.
32 | *
33 | * @param request The full HTTP request.
34 | * @param name An optional caption which will appear on the Repeater
35 | * tab containing the request. If this value is {@code null} then a default
36 | * tab index will be displayed.
37 | */
38 | void sendToRepeater(HttpRequest request, String name);
39 | }
40 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/AuditConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
12 |
13 | /**
14 | * This class represents the configuration required for an audit in the Burp Scanner Tool.
15 | */
16 | public interface AuditConfiguration
17 | {
18 | /**
19 | * This method can be used to create a built-in audit configuration.
20 | *
21 | * @param configuration The {@link BuiltInAuditConfiguration} to use for the audit.
22 | *
23 | * @return a {@code AuditConfiguration} based on a built-in configuration
24 | */
25 | static AuditConfiguration auditConfiguration(BuiltInAuditConfiguration configuration)
26 | {
27 | return FACTORY.auditConfiguration(configuration);
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/AuditResult.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | import burp.api.montoya.scanner.audit.issues.AuditIssue;
12 |
13 | import java.util.List;
14 |
15 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
16 |
17 | public interface AuditResult
18 | {
19 | List auditIssues();
20 |
21 | static AuditResult auditResult(List auditIssues)
22 | {
23 | return FACTORY.auditResult(auditIssues);
24 | }
25 |
26 | static AuditResult auditResult(AuditIssue... auditIssues)
27 | {
28 | return FACTORY.auditResult(auditIssues);
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/BuiltInAuditConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | /**
12 | * This enum represents built in configurations for the Burp Scanner tool.
13 | */
14 | public enum BuiltInAuditConfiguration
15 | {
16 | LEGACY_PASSIVE_AUDIT_CHECKS,
17 | LEGACY_ACTIVE_AUDIT_CHECKS
18 | }
19 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/ConsolidationAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | /**
12 | * This enum represents the action to be taken when duplicate audit issues are
13 | * found.
14 | */
15 | public enum ConsolidationAction
16 | {
17 | KEEP_EXISTING,
18 | KEEP_BOTH,
19 | KEEP_NEW
20 | }
21 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/Crawl.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | /**
12 | * Crawl in the Burp Scanner tool.
13 | */
14 | public interface Crawl extends ScanTask
15 | {
16 | /**
17 | * Number of requests that have been made for the
18 | * scan task.
19 | *
20 | * @return The number of requests that have been made for the scan task.
21 | */
22 | @Override
23 | int requestCount();
24 |
25 | /**
26 | * Number of network errors that have occurred for
27 | * the scan task.
28 | *
29 | * @return The number of network errors that have occurred for the scan
30 | * task.
31 | */
32 | @Override
33 | int errorCount();
34 |
35 | /**
36 | * Delete the task.
37 | */
38 | @Override
39 | void delete();
40 |
41 | /**
42 | * This functionality is not yet implemented.
43 | *
44 | * @return the current status message of the task
45 | */
46 | @Override
47 | String statusMessage();
48 | }
49 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/CrawlAndAudit.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | /**
12 | * Crawl and audit in the Burp Scanner tool.
13 | */
14 | public interface CrawlAndAudit extends ScanTask
15 | {
16 | /**
17 | * Number of requests that have been made for the
18 | * scan task.
19 | *
20 | * @return The number of requests that have been made for the scan task.
21 | */
22 | @Override
23 | int requestCount();
24 |
25 | /**
26 | * Number of network errors that have occurred for
27 | * the scan task.
28 | *
29 | * @return The number of network errors that have occurred for the scan
30 | * task.
31 | */
32 | @Override
33 | int errorCount();
34 |
35 | /**
36 | * Delete the task.
37 | */
38 | @Override
39 | void delete();
40 |
41 | /**
42 | * @return the current status message of the task
43 | */
44 | @Override
45 | String statusMessage();
46 | }
47 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/CrawlConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | import java.util.List;
12 |
13 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
14 |
15 | /**
16 | * This class represents the configuration required for an crawl in the Burp Scanner Tool.
17 | */
18 | public interface CrawlConfiguration
19 | {
20 | /**
21 | * @return the seed urls for the crawl
22 | */
23 | List seedUrls();
24 |
25 | /**
26 | * Build a crawl configuration with seed urls
27 | *
28 | * @param seedUrls used by the crawler
29 | *
30 | * @return crawl configuration required by the crawler.
31 | */
32 | static CrawlConfiguration crawlConfiguration(String... seedUrls)
33 | {
34 | return FACTORY.crawlConfiguration(seedUrls);
35 | }
36 | }
37 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/ReportFormat.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | /**
12 | * This enum represents the formats for scan reports.
13 | */
14 | public enum ReportFormat
15 | {
16 | HTML,
17 | XML
18 | }
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/ScanConfiguration.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | /**
12 | * Configurations for the Burp Scanner tool.
13 | */
14 | public interface ScanConfiguration
15 | {
16 | }
17 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/ScanTask.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner;
10 |
11 | import burp.api.montoya.core.Task;
12 |
13 | /**
14 | * This interface is used to retrieve details of tasks in the Burp Scanner.
15 | */
16 | public interface ScanTask extends Task
17 | {
18 | /**
19 | * Number of requests that have been made for the
20 | * scan task.
21 | *
22 | * @return The number of requests that have been made for the scan task.
23 | */
24 | int requestCount();
25 |
26 | /**
27 | * Number of network errors that have occurred for
28 | * the scan task.
29 | *
30 | * @return The number of network errors that have occurred for the scan
31 | * task.
32 | */
33 | int errorCount();
34 |
35 | /**
36 | * Delete the task.
37 | */
38 | @Override
39 | void delete();
40 |
41 | /**
42 | * @return the current status message of the task
43 | */
44 | @Override
45 | String statusMessage();
46 | }
47 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/audit/AuditIssueHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner.audit;
10 |
11 | import burp.api.montoya.scanner.Scanner;
12 | import burp.api.montoya.scanner.audit.issues.AuditIssue;
13 |
14 | /**
15 | * Extensions can implement this interface and then call
16 | * {@link Scanner#registerAuditIssueHandler(AuditIssueHandler)} to register an
17 | * audit issue handler. The handler will be notified of new issues that are
18 | * reported by the Scanner tool. Extensions can perform custom analysis or
19 | * logging of audit issues by registering an audit issue handler.
20 | */
21 | public interface AuditIssueHandler
22 | {
23 | /**
24 | * This method is invoked when a new issue is added to Burp Scanner's
25 | * results.
26 | *
27 | * @param auditIssue An {@link AuditIssue} object that the extension can
28 | * query to obtain details about the new issue.
29 | */
30 | void handleNewAuditIssue(AuditIssue auditIssue);
31 | }
32 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/audit/insertionpoint/AuditInsertionPointProvider.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner.audit.insertionpoint;
10 |
11 | import burp.api.montoya.http.message.HttpRequestResponse;
12 | import burp.api.montoya.scanner.Scanner;
13 |
14 | import java.util.List;
15 |
16 | /**
17 | * Extensions can implement this interface and then call
18 | * {@link Scanner#registerInsertionPointProvider(AuditInsertionPointProvider)}
19 | * to register a provider for custom audit insertion points.
20 | */
21 | public interface AuditInsertionPointProvider
22 | {
23 | /**
24 | * The Scanner invokes this method when a request is actively audited. The
25 | * provider should provide a list of custom insertion points that
26 | * will be used in the audit. Note: these insertion points are used
27 | * in addition to those that are derived from Burp Scanner's configuration,
28 | * and those provided by any other Burp extensions.
29 | *
30 | * @param baseHttpRequestResponse The base {@link HttpRequestResponse} that
31 | * will be actively audited.
32 | *
33 | * @return A list of {@link AuditInsertionPoint} objects
34 | * that should be used in the audit, or {@code null} if no custom insertion
35 | * points are applicable for this request.
36 | */
37 | List provideInsertionPoints(HttpRequestResponse baseHttpRequestResponse);
38 | }
39 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/audit/insertionpoint/AuditInsertionPointType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner.audit.insertionpoint;
10 |
11 | /**
12 | * This enum represents the audit insertion point type.
13 | */
14 | public enum AuditInsertionPointType
15 | {
16 | PARAM_URL,
17 | PARAM_BODY,
18 | PARAM_COOKIE,
19 | PARAM_XML,
20 | PARAM_XML_ATTR,
21 | PARAM_MULTIPART_ATTR,
22 | PARAM_JSON,
23 | PARAM_AMF,
24 | HEADER,
25 | PARAM_NAME_URL,
26 | PARAM_NAME_BODY,
27 | ENTIRE_BODY,
28 | URL_PATH_FILENAME,
29 | URL_PATH_FOLDER,
30 | USER_PROVIDED,
31 | EXTENSION_PROVIDED,
32 | UNKNOWN
33 | }
34 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/audit/issues/AuditIssueConfidence.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner.audit.issues;
10 |
11 | /**
12 | * This enum represents the confidence level of an audit issue.
13 | */
14 | public enum AuditIssueConfidence
15 | {
16 | CERTAIN,
17 | FIRM,
18 | TENTATIVE
19 | }
20 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/audit/issues/AuditIssueSeverity.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scanner.audit.issues;
10 |
11 | /**
12 | * This enum represents the severity level of an audit issue.
13 | */
14 | public enum AuditIssueSeverity
15 | {
16 | HIGH,
17 | MEDIUM,
18 | LOW,
19 | INFORMATION,
20 | FALSE_POSITIVE
21 | }
22 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/bchecks/BCheckImportResult.java:
--------------------------------------------------------------------------------
1 | package burp.api.montoya.scanner.bchecks;
2 |
3 | import java.util.List;
4 |
5 | /**
6 | * The result of importing a BCheck
7 | */
8 | public interface BCheckImportResult
9 | {
10 | /**
11 | * The status of an imported BCheck
12 | */
13 | enum Status
14 | {
15 | LOADED_WITHOUT_ERRORS,
16 | LOADED_WITH_ERRORS
17 | }
18 |
19 | /**
20 | * The status of the BCheck after import
21 | *
22 | * @return the status
23 | */
24 | Status status();
25 |
26 | /**
27 | * @return a list of errors if the script was invalid or empty is the script was valid.
28 | */
29 | List importErrors();
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scanner/bchecks/BChecks.java:
--------------------------------------------------------------------------------
1 | package burp.api.montoya.scanner.bchecks;
2 |
3 | /**
4 | * Provides access to functionality related to BChecks.
5 | */
6 | public interface BChecks
7 | {
8 | /**
9 | * This method can be used to import a BCheck. By default, these will be enabled if the
10 | * script imports without errors.
11 | *
12 | * @param script the BCheck script to import
13 | *
14 | * @return The {@link BCheckImportResult} which contains the result of importing the BCheck.
15 | */
16 | BCheckImportResult importBCheck(String script);
17 |
18 | /**
19 | * This method can be used to import a BCheck.
20 | *
21 | * @param script the BCheck script to import
22 | * @param enabled whether the script should be enabled after successful import
23 | *
24 | * @return The {@link BCheckImportResult} which contains the result of importing the BCheck.
25 | */
26 | BCheckImportResult importBCheck(String script, boolean enabled);
27 | }
28 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scope/ScopeChange.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scope;
10 |
11 | /**
12 | * Change to Burp's Suite-wide target scope.
13 | */
14 | public interface ScopeChange
15 | {
16 | }
17 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/scope/ScopeChangeHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.scope;
10 |
11 | /**
12 | * Extensions can implement this interface and then call
13 | * {@link Scope#registerScopeChangeHandler(ScopeChangeHandler)} to register a scope change
14 | * handler. The handler will be notified whenever a change occurs to Burp's
15 | * Suite-wide target scope.
16 | */
17 | public interface ScopeChangeHandler
18 | {
19 | /**
20 | * This method is invoked whenever a change occurs to Burp's Suite-wide
21 | * target scope.
22 | *
23 | * @param scopeChange An object representing the change to Burp's
24 | * Suite-wide target scope.
25 | */
26 | void scopeChanged(ScopeChange scopeChange);
27 | }
28 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/sitemap/SiteMapFilter.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.sitemap;
10 |
11 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
12 |
13 | /**
14 | * This interface is used to filter items when querying Burp's site map.
15 | */
16 | public interface SiteMapFilter
17 | {
18 | /**
19 | * Invoked by Burp to check whether a given site map node matches the filter.
20 | *
21 | * @param node Site map node to match.
22 | *
23 | * @return Returns true if the site map node matches the filter.
24 | */
25 | boolean matches(SiteMapNode node);
26 |
27 | /**
28 | * This method returns a site map filter object that matches site map nodes with URLs
29 | * starting with the specified prefix. Note that the prefix is case-sensitive.
30 | *
31 | * @param prefix Case-sensitive URL prefix used to match site tree nodes. If {@code null} is
32 | * passed, the resulting filter will match all site map nodes.
33 | *
34 | * @return A site map filter object that matches nodes via a URL prefix
35 | */
36 | static SiteMapFilter prefixFilter(String prefix)
37 | {
38 | return FACTORY.prefixFilter(prefix);
39 | }
40 | }
41 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/sitemap/SiteMapNode.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.sitemap;
10 |
11 | /**
12 | * This interface is used to represent items in the Burp's site map.
13 | */
14 | public interface SiteMapNode
15 | {
16 | /**
17 | * Retrieve the URL associated with the site map's node.
18 | *
19 | * @return The URL of the node.
20 | */
21 | String url();
22 | }
23 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/Theme.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui;
10 |
11 | /**
12 | * This enum contains the different themes available in Burp Suites user interface.
13 | */
14 | public enum Theme
15 | {
16 | DARK,
17 | LIGHT
18 | }
19 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/contextmenu/AuditIssueContextMenuEvent.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.contextmenu;
10 |
11 | import burp.api.montoya.core.ToolSource;
12 | import burp.api.montoya.scanner.audit.issues.AuditIssue;
13 |
14 | import java.util.List;
15 |
16 | public interface AuditIssueContextMenuEvent extends ComponentEvent, ToolSource, InvocationSource
17 | {
18 | /**
19 | * This method can be used to retrieve details of the Scanner audit issues that were selected by the user when the context menu was invoked.
20 | * This will return an empty list if no issues are applicable to the invocation.
21 | *
22 | * @return a List of {@link AuditIssue} objects representing the items that were shown or selected by the user when the context menu was invoked.
23 | */
24 | List selectedIssues();
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/contextmenu/ComponentEvent.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.contextmenu;
10 |
11 | import java.awt.event.InputEvent;
12 |
13 | /**
14 | * This interface describes an action or event that has occurred with a user interface component.
15 | */
16 | public interface ComponentEvent
17 | {
18 | /**
19 | * This method can be used to retrieve the native Java input event that was
20 | * the trigger for the context menu invocation.
21 | *
22 | * @return The {@link InputEvent} that was the trigger for the context menu invocation.
23 | */
24 | InputEvent inputEvent();
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/contextmenu/InvocationSource.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.contextmenu;
10 |
11 | /**
12 | * Provides information about the source from which a context menu was invoked.
13 | */
14 | public interface InvocationSource
15 | {
16 | /**
17 | * @return An instance of {@link InvocationType} which provides the current location of the context menu being invoked.
18 | */
19 | InvocationType invocationType();
20 |
21 | /**
22 | * A helper method to allow the extension to ask if the context is within a set of locations.
23 | *
24 | * @param invocationType One or more instances of {@link InvocationType} to check.
25 | *
26 | * @return True if the context menu is being invoked from one of the types that is being checked.
27 | */
28 | boolean isFrom(InvocationType... invocationType);
29 | }
30 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/contextmenu/WebSocketContextMenuEvent.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.contextmenu;
10 |
11 | import burp.api.montoya.core.ToolSource;
12 |
13 | import java.util.List;
14 | import java.util.Optional;
15 |
16 | public interface WebSocketContextMenuEvent extends ComponentEvent, ToolSource
17 | {
18 | /**
19 | * This method can be used to retrieve details of the currently selected WebSocket message when the context menu was invoked from an editor.
20 | *
21 | * @return an {@link Optional} describing the currently selected WebSocket message with selection metadata.
22 | */
23 | Optional messageEditorWebSocket();
24 |
25 | /**
26 | * This method can be used to retrieve details of the currently selected WebSocket messages that are
27 | * selected by the user when the context menu was invoked. This will return an empty list if the user has not made a selection.
28 | *
29 | * @return A list of WebSocket messages that have been selected by the user.
30 | */
31 | List selectedWebSocketMessages();
32 | }
33 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/contextmenu/WebSocketEditorEvent.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.contextmenu;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 | import burp.api.montoya.core.Range;
13 | import burp.api.montoya.core.ToolSource;
14 |
15 | import java.util.Optional;
16 |
17 | public interface WebSocketEditorEvent extends ComponentEvent, ToolSource
18 | {
19 | /**
20 | * @return The contents of the message editor.
21 | */
22 | ByteArray getContents();
23 |
24 | /**
25 | * This method can be used to set the content within the message editor programmatically.
26 | * If the editor is read only the contents will not be updated.
27 | *
28 | * @param contents The content to set in the message editor.
29 | */
30 | void setContents(ByteArray contents);
31 |
32 | /**
33 | * @return the WebSocket message used to populate the editor.
34 | */
35 | WebSocketMessage webSocketMessage();
36 |
37 | /**
38 | * @return if the editor is read only.
39 | */
40 | boolean isReadOnly();
41 |
42 | /**
43 | * This will return {@link Optional#empty()} if the user has not made a selection.
44 | *
45 | * @return An {@link Optional} range of indices that indicates the position of the users current selection.
46 | */
47 | Optional selectionOffsets();
48 |
49 | /**
50 | * @return The index of the position for the carat within the current message editor.
51 | */
52 | int caretPosition();
53 | }
54 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/contextmenu/WebSocketMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.contextmenu;
10 |
11 | import burp.api.montoya.core.Annotations;
12 | import burp.api.montoya.core.ByteArray;
13 | import burp.api.montoya.http.message.requests.HttpRequest;
14 | import burp.api.montoya.websocket.Direction;
15 |
16 | public interface WebSocketMessage
17 | {
18 | /**
19 | * This method retrieves the annotations for the message.
20 | *
21 | * @return The {@link Annotations} for the message.
22 | */
23 | Annotations annotations();
24 |
25 | /**
26 | * @return The direction of the message.
27 | */
28 | Direction direction();
29 |
30 | /**
31 | * @return WebSocket payload.
32 | */
33 | ByteArray payload();
34 |
35 | /**
36 | * @return The {@link HttpRequest} used to create the WebSocket.
37 | */
38 | HttpRequest upgradeRequest();
39 | }
40 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/editor/Editor.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.editor;
10 |
11 | import burp.api.montoya.ui.Selection;
12 |
13 | import java.awt.*;
14 | import java.util.Optional;
15 |
16 | /**
17 | * Provides the shared behaviour between the different editor types.
18 | */
19 | public interface Editor
20 | {
21 | /**
22 | * Update the search expression that is shown in the search bar below the editor.
23 | *
24 | * @param expression The search expression.
25 | */
26 | void setSearchExpression(String expression);
27 |
28 | /**
29 | * @return True if the user has modified the contents of the editor since the last time the content was set programmatically.
30 | */
31 | boolean isModified();
32 |
33 | /**
34 | * @return The index of the position for the carat within the current message editor.
35 | */
36 | int caretPosition();
37 |
38 | /**
39 | * This will return {@link Optional#empty()} if the user has not made a selection.
40 | *
41 | * @return An {@link Optional} containing the users current selection in the editor.
42 | */
43 | Optional selection();
44 |
45 | /**
46 | * @return UI component of the editor, for extensions to add to their own UI.
47 | */
48 | Component uiComponent();
49 | }
50 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/editor/EditorOptions.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.editor;
10 |
11 | /**
12 | * These options allow you to configure additional behaviour to {@link Editor} implementations.
13 | */
14 | public enum EditorOptions
15 | {
16 | READ_ONLY
17 | }
18 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/editor/extension/EditorMode.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.editor.extension;
10 |
11 | /**
12 | * An enum to describe the different modes of Burp Suites message editor.
13 | */
14 | public enum EditorMode
15 | {
16 | DEFAULT,
17 | READ_ONLY
18 | }
19 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/editor/extension/HttpRequestEditorProvider.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.editor.extension;
10 |
11 | /**
12 | * Extensions can register an instance of this interface to provide custom HTTP request editors within Burp's user interface.
13 | */
14 | public interface HttpRequestEditorProvider
15 | {
16 | /**
17 | * Invoked by Burp when a new HTTP request editor is required from the extension.
18 | *
19 | * @param creationContext details about the context that is requiring a request editor
20 | *
21 | * @return An instance of {@link ExtensionProvidedHttpRequestEditor}
22 | */
23 | ExtensionProvidedHttpRequestEditor provideHttpRequestEditor(EditorCreationContext creationContext);
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/editor/extension/HttpResponseEditorProvider.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.editor.extension;
10 |
11 | /**
12 | * Extensions can register an instance of this interface to provide custom HTTP response editors within Burp's user interface.
13 | */
14 | public interface HttpResponseEditorProvider
15 | {
16 | /**
17 | * Invoked by Burp when a new HTTP response editor is required from the extension.
18 | *
19 | * @param creationContext details about the context that is requiring a response editor
20 | *
21 | * @return An instance of {@link ExtensionProvidedHttpResponseEditor}
22 | */
23 | ExtensionProvidedHttpResponseEditor provideHttpResponseEditor(EditorCreationContext creationContext);
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/editor/extension/WebSocketMessageEditorProvider.java:
--------------------------------------------------------------------------------
1 | package burp.api.montoya.ui.editor.extension;
2 |
3 | /**
4 | * Extensions can register an instance of this interface to provide custom Web Socket message editors within Burp's user interface.
5 | */
6 | public interface WebSocketMessageEditorProvider
7 | {
8 | /**
9 | * Invoked by Burp when a new Web Socket message editor is required from the extension.
10 | *
11 | * @param creationContext details about the context that is requiring a message editor
12 | *
13 | * @return An instance of {@link ExtensionProvidedWebSocketMessageEditor}
14 | */
15 | ExtensionProvidedWebSocketMessageEditor provideMessageEditor(EditorCreationContext creationContext);
16 | }
17 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/menu/BasicMenuItem.java:
--------------------------------------------------------------------------------
1 | package burp.api.montoya.ui.menu;
2 |
3 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
4 |
5 | public interface BasicMenuItem extends MenuItem
6 | {
7 | /**
8 | * The action performed when the {@link BasicMenuItem} is clicked.
9 | */
10 | void action();
11 |
12 | /**
13 | * Create a copy of {@link BasicMenuItem} with a new {@link Runnable} action.
14 | *
15 | * @param action The new {@link Runnable} action.
16 | *
17 | * @return An updated copy of {@link BasicMenuItem}.
18 | */
19 | BasicMenuItem withAction(Runnable action);
20 |
21 | /**
22 | * Create a copy of {@link BasicMenuItem} with a new caption.
23 | *
24 | * @param caption The new caption.
25 | *
26 | * @return An updated copy of {@link BasicMenuItem}
27 | */
28 | BasicMenuItem withCaption(String caption);
29 |
30 | /**
31 | * Create a new instance of {@link BasicMenuItem} with a caption.
32 | *
33 | * @param caption The caption for the {@link BasicMenuItem}.
34 | *
35 | * @return A new instance of the {@link BasicMenuItem}.
36 | */
37 | static BasicMenuItem basicMenuItem(String caption)
38 | {
39 | return FACTORY.basicMenuItem(caption);
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/menu/MenuBar.java:
--------------------------------------------------------------------------------
1 | package burp.api.montoya.ui.menu;
2 |
3 | import burp.api.montoya.core.Registration;
4 |
5 | import javax.swing.*;
6 |
7 | /**
8 | * The top menu bar for the main suite frame.
9 | */
10 | public interface MenuBar
11 | {
12 | /**
13 | * Register a menu to be added to the menu bar.
14 | * This option is available if you want more control over the menu structure.
15 | *
16 | * @param menu The menu to be registered.
17 | *
18 | * @return A {@link Registration} for the menu.
19 | */
20 | Registration registerMenu(JMenu menu);
21 |
22 | /**
23 | * Register a menu to be added to the menu bar.
24 | * This option is available if you want to add a simple menu.
25 | *
26 | * @param menu The menu to be registered.
27 | *
28 | * @return A {@link Registration} for the menu.
29 | */
30 | Registration registerMenu(Menu menu);
31 | }
32 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/menu/MenuItem.java:
--------------------------------------------------------------------------------
1 | package burp.api.montoya.ui.menu;
2 |
3 | import static burp.api.montoya.internal.ObjectFactoryLocator.FACTORY;
4 |
5 | /**
6 | * An item to be displayed in a {@link Menu}.
7 | */
8 | public interface MenuItem
9 | {
10 | /**
11 | * The caption of the {@link MenuItem}.
12 | *
13 | * @return The caption.
14 | */
15 | String caption();
16 |
17 | /**
18 | * Create a new instance of {@link BasicMenuItem} with a caption.
19 | *
20 | * @param caption The caption for the {@link BasicMenuItem}.
21 | *
22 | * @return A new instance of the {@link BasicMenuItem}.
23 | */
24 | static BasicMenuItem basicMenuItem(String caption)
25 | {
26 | return FACTORY.basicMenuItem(caption);
27 | }
28 | }
29 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/ui/swing/SwingUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.ui.swing;
10 |
11 | import burp.api.montoya.core.HighlightColor;
12 |
13 | import java.awt.*;
14 |
15 | /**
16 | * This interface gives you access to swing utilities.
17 | */
18 | public interface SwingUtils
19 | {
20 | /**
21 | * @return the main Burp suite frame.
22 | */
23 | Frame suiteFrame();
24 |
25 | /**
26 | * Retrieve the top-level {@code Window} containing the supplied component.
27 | *
28 | * @param component the component.
29 | *
30 | * @return the top-level {@code Window} containing the component.
31 | */
32 | Window windowForComponent(Component component);
33 |
34 | /**
35 | * Convert a highlight color to a java color.
36 | *
37 | * @param highlightColor the {@link HighlightColor}
38 | *
39 | * @return the java color for the highlight color.
40 | */
41 | Color colorForHighLight(HighlightColor highlightColor);
42 | }
43 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/Base64DecodingOptions.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | /**
12 | * This enum defines HTML encodings.
13 | */
14 | public enum Base64DecodingOptions
15 | {
16 | /**
17 | * Decode using the URL and Filename safe type base64 transcoding scheme
18 | */
19 | URL
20 | }
21 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/Base64EncodingOptions.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | /**
12 | * This enum defines HTML encodings.
13 | */
14 | public enum Base64EncodingOptions
15 | {
16 | /**
17 | * Encode using the URL and Filename safe type base64 transcoding scheme
18 | */
19 | URL,
20 |
21 | /**
22 | * Encode without adding any padding characters at the end of the data.
23 | */
24 | NO_PADDING
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/CompressionType.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | /**
12 | * This enum defines available compression types.
13 | */
14 | public enum CompressionType
15 | {
16 | GZIP,
17 | DEFLATE,
18 | BROTLI
19 | }
20 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/CompressionUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * This interface gives you access to data compression features.
15 | */
16 | public interface CompressionUtils
17 | {
18 | /**
19 | * Compress data using the specified compression type.
20 | *
21 | * @param data data to be compressed
22 | * @param type {@link CompressionType} to use. Only GZIP is supported
23 | *
24 | * @return compressed data
25 | */
26 | ByteArray compress(ByteArray data, CompressionType type);
27 |
28 | /**
29 | * Decompress data compressed using the specified compression type.
30 | *
31 | * @param compressedData data to be decompressed
32 | * @param type {@link CompressionType} of the compressed data
33 | *
34 | * @return decompressed data
35 | */
36 | ByteArray decompress(ByteArray compressedData, CompressionType type);
37 | }
38 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/CryptoUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * This interface gives you access to cryptographic features.
15 | */
16 | public interface CryptoUtils
17 | {
18 | /**
19 | * Generate a message digest for the supplied data using the specified algorithm
20 | *
21 | * @param data the data to generate the digest from
22 | * @param algorithm the message {@link DigestAlgorithm} to use
23 | *
24 | * @return the generated message digest
25 | */
26 | ByteArray generateDigest(ByteArray data, DigestAlgorithm algorithm);
27 | }
28 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/HtmlEncoding.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | /**
12 | * This enum defines HTML encodings.
13 | */
14 | public enum HtmlEncoding
15 | {
16 | /**
17 | * Encode only HTML special characters.
18 | */
19 | STANDARD,
20 |
21 | /**
22 | * Encode HTML special characters as per STANDARD,
23 | * encode all other characters as decimal entities.
24 | */
25 | ALL_CHARACTERS,
26 |
27 | /**
28 | * Encode all characters as decimal entities.
29 | */
30 | ALL_CHARACTERS_DECIMAL,
31 |
32 | /**
33 | * Encode all characters as hex entities.
34 | */
35 | ALL_CHARACTERS_HEX
36 | }
37 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/HtmlUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | /**
12 | * This interface gives you access to HTML encoding and decoding features.
13 | */
14 | public interface HtmlUtils
15 | {
16 | /**
17 | * Encode HTML text using {@link HtmlEncoding#STANDARD} encoding.
18 | *
19 | * @param html {@code String} to be encoded.
20 | *
21 | * @return the encoded {@code String}.
22 | */
23 | String encode(String html);
24 |
25 | /**
26 | * Encode HTML text.
27 | *
28 | * @param html {@code String} to be encoded.
29 | * @param encoding {@link HtmlEncoding} to be used.
30 | *
31 | * @return the encoded {@code String}.
32 | */
33 | String encode(String html, HtmlEncoding encoding);
34 |
35 | /**
36 | * Decode encoded HTML text.
37 | *
38 | * @param encodedHtml {@code String} to be decoded.
39 | *
40 | * @return the decoded {@code String}.
41 | */
42 | String decode(String encodedHtml);
43 | }
44 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/StringUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | /**
12 | * This interface gives you access to String manipulation features.
13 | */
14 | public interface StringUtils
15 | {
16 | /**
17 | * Convert a string to the hex values of its ASCII characters.
18 | * Each character will be converted to a two digit hex value.
19 | *
20 | * @param data The ASCII data to convert.
21 | *
22 | * @return The string of hex values.
23 | */
24 | String convertAsciiToHexString(String data);
25 |
26 | /**
27 | * Convert a string of hex values to a string of ASCII characters.
28 | * Each pair of hex digits will be converted to a single ASCII character.
29 | *
30 | * @param data The string of hex values to convert.
31 | *
32 | * @return The string of ASCII characters.
33 | */
34 | String convertHexStringToAscii(String data);
35 | }
36 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/URLUtils.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | /**
14 | * This interface gives you access to URL encoding and decoding features.
15 | */
16 | public interface URLUtils
17 | {
18 | /**
19 | * @param string {@code String} to be url encoded.
20 | *
21 | * @return the url encoded {@code String}.
22 | *
23 | * @see java.net.URLEncoder#encode(String, String)
24 | */
25 | String encode(String string);
26 |
27 | /**
28 | * @param string the {@code String} to be url decoded
29 | *
30 | * @return the url decoded {@code String}
31 | *
32 | * @see java.net.URLDecoder#decode(String, String)
33 | */
34 | String decode(String string);
35 |
36 | /**
37 | * @param byteArray {@link ByteArray} to be url encoded.
38 | *
39 | * @return the url encoded {@link ByteArray}.
40 | *
41 | * @see java.net.URLEncoder#encode(String, String)
42 | */
43 | ByteArray encode(ByteArray byteArray);
44 |
45 | /**
46 | * @param byteArray the {@link ByteArray} to be url decoded
47 | *
48 | * @return the url decoded {@link ByteArray}
49 | *
50 | * @see java.net.URLDecoder#decode(String, String)
51 | */
52 | ByteArray decode(ByteArray byteArray);
53 | }
54 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/utilities/Utilities.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.utilities;
10 |
11 | /**
12 | * This interface gives you access to other interfaces that have various data conversion and querying features.
13 | */
14 | public interface Utilities
15 | {
16 | /**
17 | * @return an instance of {@link Base64Utils}
18 | */
19 | Base64Utils base64Utils();
20 |
21 | /**
22 | * @return an instance of {@link ByteUtils}
23 | */
24 | ByteUtils byteUtils();
25 |
26 | /**
27 | * @return an instance of {@link CompressionUtils}
28 | */
29 | CompressionUtils compressionUtils();
30 |
31 | /**
32 | * @return an instance of {@link CryptoUtils}
33 | */
34 | CryptoUtils cryptoUtils();
35 |
36 | /**
37 | * @return an instance of {@link HtmlUtils}
38 | */
39 | HtmlUtils htmlUtils();
40 |
41 | /**
42 | * @return an instance of {@link NumberUtils}
43 | */
44 | NumberUtils numberUtils();
45 |
46 | /**
47 | * @return an instance of {@link RandomUtils}
48 | */
49 | RandomUtils randomUtils();
50 |
51 | /**
52 | * @return an instance of {@link StringUtils}
53 | */
54 | StringUtils stringUtils();
55 |
56 | /**
57 | * @return an instance of {@link URLUtils}
58 | */
59 | URLUtils urlUtils();
60 | }
61 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/BinaryMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 |
13 | public interface BinaryMessage
14 | {
15 | /**
16 | * @return Binary based WebSocket payload.
17 | */
18 | ByteArray payload();
19 |
20 | /**
21 | * @return The direction of the message.
22 | */
23 | Direction direction();
24 | }
25 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/Direction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | /**
12 | * This enum is used to indicate the direction of the WebSocket message.
13 | */
14 | public enum Direction
15 | {
16 | CLIENT_TO_SERVER,
17 | SERVER_TO_CLIENT
18 | }
19 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/MessageAction.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | /**
12 | * This enum represents the action to be applied to a {@link TextMessageAction} or {@link BinaryMessageAction}.
13 | */
14 | public enum MessageAction
15 | {
16 | /**
17 | * Causes Burp to forward the message.
18 | */
19 | CONTINUE,
20 |
21 | /**
22 | * Causes Burp to drop the message.
23 | */
24 | DROP
25 | }
26 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/MessageHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | /**
12 | * This interface allows an extension to be notified when messages are received or the WebSocket has been closed.
13 | */
14 | public interface MessageHandler
15 | {
16 | /**
17 | * Invoked when a text message is sent or received from the application.
18 | * This gives the extension the ability to modify the message before it is
19 | * sent to the application or processed by Burp.
20 | *
21 | * @param textMessage Intercepted text based WebSocket message.
22 | *
23 | * @return The message.
24 | */
25 | TextMessageAction handleTextMessage(TextMessage textMessage);
26 |
27 | /**
28 | * Invoked when a binary message is sent or received from the application.
29 | * This gives the extension the ability to modify the message before it is
30 | * sent to the application or processed by Burp.
31 | *
32 | * @param binaryMessage Intercepted binary based WebSocket message.
33 | *
34 | * @return The message.
35 | */
36 | BinaryMessageAction handleBinaryMessage(BinaryMessage binaryMessage);
37 |
38 | /**
39 | * Invoked when the WebSocket is closed.
40 | */
41 | default void onClose()
42 | {
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/TextMessage.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | public interface TextMessage
12 | {
13 | /**
14 | * @return Text based WebSocket payload.
15 | */
16 | String payload();
17 |
18 | /**
19 | * @return The direction of the message.
20 | */
21 | Direction direction();
22 | }
23 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/WebSocket.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 | import burp.api.montoya.core.Registration;
13 |
14 | /**
15 | * WebSocket within Burp.
16 | */
17 | public interface WebSocket
18 | {
19 | /**
20 | * This method allows an extension to send a text message via the WebSocket.
21 | *
22 | * @param message The message to be sent.
23 | */
24 | void sendTextMessage(String message);
25 |
26 | /**
27 | * This method allows an extension to send a binary message via the WebSocket.
28 | *
29 | * @param message The message to be sent.
30 | */
31 | void sendBinaryMessage(ByteArray message);
32 |
33 | /**
34 | * This method will close the WebSocket.
35 | */
36 | void close();
37 |
38 | /**
39 | * Register a handler which will perform an action when a message is sent to or received from the application.
40 | *
41 | * @param handler An object created by the extension that implements {@link MessageHandler} interface.
42 | *
43 | * @return The {@link Registration} for the handler.
44 | */
45 | Registration registerMessageHandler(MessageHandler handler);
46 | }
47 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/WebSocketCreated.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | import burp.api.montoya.core.ToolSource;
12 | import burp.api.montoya.http.message.requests.HttpRequest;
13 |
14 | public interface WebSocketCreated
15 | {
16 | /**
17 | * @return The WebSocket that was created.
18 | */
19 | WebSocket webSocket();
20 |
21 | /**
22 | * @return The HTTP upgrade request that initiated the WebSocket creation.
23 | */
24 | HttpRequest upgradeRequest();
25 |
26 | /**
27 | * @return Indicates which Burp tool that created the WebSocket.
28 | */
29 | ToolSource toolSource();
30 | }
31 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/WebSocketCreatedHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2022-2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket;
10 |
11 | /**
12 | * Extensions can implement this interface and then call {@link WebSockets#registerWebSocketCreatedHandler} to register a WebSocket handler.
13 | * The handler will be notified of new WebSockets created by any Burp tool.
14 | */
15 | public interface WebSocketCreatedHandler
16 | {
17 | /**
18 | * Invoked by Burp when an application WebSocket has been created.
19 | *
20 | * @param webSocketCreated {@link WebSocketCreated} containing information about the application websocket that is being created.
21 | */
22 | void handleWebSocketCreated(WebSocketCreated webSocketCreated);
23 | }
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/extension/ExtensionWebSocket.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket.extension;
10 |
11 | import burp.api.montoya.core.ByteArray;
12 | import burp.api.montoya.core.Registration;
13 |
14 | /**
15 | * A WebSocket created via the Extension API.
16 | */
17 | public interface ExtensionWebSocket
18 | {
19 | /**
20 | * This method allows an extension to send a text message via the WebSocket.
21 | *
22 | * @param message The message to be sent.
23 | */
24 | void sendTextMessage(String message);
25 |
26 | /**
27 | * This method allows an extension to send a binary message via the WebSocket.
28 | *
29 | * @param message The message to be sent.
30 | */
31 | void sendBinaryMessage(ByteArray message);
32 |
33 | /**
34 | * This method will close the WebSocket.
35 | */
36 | void close();
37 |
38 | /**
39 | * Register an interface that is notified when messages arrive from the server.
40 | *
41 | * @param handler An object created by the extension that implements {@link ExtensionWebSocketMessageHandler} interface.
42 | *
43 | * @return The {@link Registration} for the handler.
44 | */
45 | Registration registerMessageHandler(ExtensionWebSocketMessageHandler handler);
46 | }
47 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/extension/ExtensionWebSocketCreation.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket.extension;
10 |
11 | import burp.api.montoya.http.message.responses.HttpResponse;
12 |
13 | import java.util.Optional;
14 |
15 | /**
16 | * Result of a WebSocket creation attempt
17 | */
18 | public interface ExtensionWebSocketCreation
19 | {
20 | /**
21 | * The status of the WebSocket creation attempt.
22 | *
23 | * @return The {@link ExtensionWebSocketCreationStatus} creation status
24 | */
25 | ExtensionWebSocketCreationStatus status();
26 |
27 | /**
28 | * The created WebSocket.
29 | *
30 | * @return the created {@link ExtensionWebSocket}
31 | */
32 | Optional webSocket();
33 |
34 | /**
35 | * The HTTP response from the WebSocket creation attempt.
36 | *
37 | * @return the {@link HttpResponse}
38 | */
39 | Optional upgradeResponse();
40 | }
41 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/extension/ExtensionWebSocketCreationStatus.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket.extension;
10 |
11 | /**
12 | * Status of a WebSocket creation attempt
13 | */
14 | public enum ExtensionWebSocketCreationStatus
15 | {
16 | /**
17 | * WebSocket creation was successful.
18 | */
19 | SUCCESS,
20 |
21 | /**
22 | * Specified host was invalid.
23 | */
24 | INVALID_HOST,
25 |
26 | /**
27 | * Unable to resolve address for specified host.
28 | */
29 | UNKNOWN_HOST,
30 |
31 | /**
32 | * Specified port was invalid.
33 | */
34 | INVALID_PORT,
35 |
36 | /**
37 | * Unable to connect to specified host.
38 | */
39 | CONNECTION_FAILED,
40 |
41 | /**
42 | * Specified upgrade request was invalid.
43 | */
44 | INVALID_REQUEST,
45 |
46 | /**
47 | * Server returned a non-upgrade response.
48 | */
49 | NON_UPGRADE_RESPONSE,
50 |
51 | /**
52 | * Specified endpoint is configured for streaming responses.
53 | */
54 | STREAMING_RESPONSE
55 | }
56 |
--------------------------------------------------------------------------------
/montoya-api/src/main/java/burp/api/montoya/websocket/extension/ExtensionWebSocketMessageHandler.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2023. PortSwigger Ltd. All rights reserved.
3 | *
4 | * This code may be used to extend the functionality of Burp Suite Community Edition
5 | * and Burp Suite Professional, provided that this usage does not violate the
6 | * license terms for those products.
7 | */
8 |
9 | package burp.api.montoya.websocket.extension;
10 |
11 | import burp.api.montoya.websocket.BinaryMessage;
12 | import burp.api.montoya.websocket.TextMessage;
13 |
14 | /**
15 | * This interface allows an extension to be notified when messages are received or the WebSocket has been closed.
16 | */
17 | public interface ExtensionWebSocketMessageHandler
18 | {
19 | /**
20 | * Invoked when a text message is received from the application.
21 | *
22 | * @param textMessage text WebSocket message.
23 | */
24 | void textMessageReceived(TextMessage textMessage);
25 |
26 | /**
27 | * Invoked when a binary message is received from the application.
28 | *
29 | * @param binaryMessage binary WebSocket message.
30 | */
31 | void binaryMessageReceived(BinaryMessage binaryMessage);
32 |
33 | /**
34 | * Invoked when the WebSocket is closed.
35 | */
36 | default void onClose()
37 | {
38 | }
39 | }
40 |
--------------------------------------------------------------------------------