@Override public URL getUrl() { return helpers.analyzeRequest(baseRequestResponse).getUrl(); }
private byte[] addHeader(byte[] request) { IExtensionHelpers helpers = BurpExtender.getHelpers(); IRequestInfo analyzedRequest = helpers.analyzeRequest(request); List<String> headers = analyzedRequest.getHeaders(); // Strip content-length to make sure it's the last param if (headers.get(headers.size()-1).startsWith("Content-Length:")) { headers.remove(headers.size()-1); } byte[] body = Arrays.copyOfRange(request, analyzedRequest.getBodyOffset(), request.length); headers.add(this.replace); return helpers.buildHttpMessage(headers, body); }
public List<IParameter> getParas(IHttpRequestResponse messageInfo){ IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); return analyzeRequest.getParameters(); }
public List<IScanIssue> doScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { IResponseInfo resp = helpers.analyzeResponse(baseRequestResponse.getResponse()); IRequestInfo req = helpers.analyzeRequest(baseRequestResponse.getRequest()); if (resp == null | req == null) return null; URL url = helpers.analyzeRequest(baseRequestResponse).getUrl(); if (flags.contains(url.toString())) return null; else flags.add(url.toString()); List<IScanIssue> issues = new ArrayList<>(); IHttpService httpService = baseRequestResponse.getHttpService(); List<String> headers = req.getHeaders(); for (String i : Payloads) { String finalPayload = req.getMethod() + " " + url.getPath() + i + " HTTP/1.1"; headers.set(0, finalPayload); byte[] body = helpers.stringToBytes(helpers.bytesToString(baseRequestResponse.getRequest()).substring(req.getBodyOffset())); byte[] modifiedReq = helpers.buildHttpMessage(headers, body); IHttpRequestResponse attack = this.callbacks.makeHttpRequest(httpService, modifiedReq); IScanIssue res = analyzeResponse(attack); if (res != null) issues.add(res); } if (issues.size() > 0) return issues; return issues; }
public void updateTableModel() { data.clear(); // this is safe because we update this one first List<IHttpRequestResponse> rrs = tabbedReplayDetails.getOriginalDetailsPanel().listHTTPRequestsResponses; for (int i = 0; i < rrs.size(); i++) { IHttpRequestResponse reqres = rrs.get(i); //IHttpService httpService = reqres.getHttpService(); IRequestInfo reqInfo = helpers.analyzeRequest(reqres); String method = reqInfo.getMethod(); String url = reqInfo.getUrl().toString(); String[] row = new String[3]; row[0] = Integer.toString(i+1); row[1] = method; row[2] = url; data.add(row); } //log("updating model..."); fireTableDataChanged(); }
if (!Utilities.callbacks.isInScope(reqInfo.getUrl())) { return; String contentType = respInfo.getStatedMimeType(); codeBuidler.append(reqInfo.getUrl().getHost()); codeBuidler.append(contentType); reqInfo.getParameters().stream() .map(IParameter::getName) .collect(Collectors.joining(" ")) codeBuidler.append(reqInfo.getUrl().getPath()); if (reqInfo.getMethod().equals("POST")) { guessType = IParameter.PARAM_BODY; Utilities.out("Queueing params on "+reqInfo.getUrl()); taskEngine.execute(new ParamGuesser(Utilities.callbacks.saveBuffersToTempFiles(messageInfo), false, guessType, this, taskEngine, Utilities.globalSettings.getInt("rotation interval"), Utilities.globalSettings)); alreadyScanned.add(paramCode);
if (resp == null | req == null) return null; URL url = helpers.analyzeRequest(baseRequestResponse).getUrl(); if (flags.contains(url.toString())) return null; else flags.add(url.toString()); List<String> headers = helpers.analyzeRequest(baseRequestResponse).getHeaders(); String finalPayload = req.getMethod() + " " + url.getPath() + status + " HTTP/1.1"; headers.set(0, finalPayload); byte[] attackReq = helpers.buildHttpMessage(headers, null); && helpers.bytesToString(attackRequestResponse.getResponse()).toLowerCase().contains("connections")) { String attackDetails = "Restriction bypass was found at:\n<b>" + helpers.analyzeRequest(attackRequestResponse).getUrl() + "</b>"; helpers.analyzeRequest(baseRequestResponse).getUrl(), new IHttpRequestResponse[]{callbacks.applyMarkers(attackRequestResponse, null, responseMarkers)}, attackDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE,
private SSOProtocol checkRequestForBrowserId(IRequestInfo requestInfo, IHttpRequestResponse httpRequestResponse) { final List<IParameter> parameterList = requestInfo.getParameters(); String host = requestInfo.getUrl().getHost(); if(host.contains("persona.org")){ if (parameterListContainsParameterName(parameterList, IN_REQUEST_BROWSERID_PARAMETER)) { markRequestResponse(httpRequestResponse, "BrowserID", HIGHLIGHT_COLOR); return new BrowserID(httpRequestResponse, "BrowserID", callbacks); } } return null; }
public String getHost(IRequestInfo analyzeRequest){ List<String> headers = analyzeRequest.getHeaders(); String domain = ""; for(String item:headers){ if (item.toLowerCase().contains("host")){ domain = new String(item.substring(6)); } } return domain ; } public static String getFileType(IResponseInfo analyzeResponse) {
public IScanIssue scanRootDirectory(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { IRequestInfo req = helpers.analyzeRequest(baseRequestResponse.getRequest()); IHttpService httpService = baseRequestResponse.getHttpService(); String uuid = UUID.randomUUID().toString().replaceAll("-", ""); String uuidPayload = req.getMethod() + " /" + uuid + " HTTP/1.1"; List<String> reqHeaders = req.getHeaders(); reqHeaders.set(0, uuidPayload); byte[] body = helpers.stringToBytes(helpers.bytesToString(baseRequestResponse.getRequest()).substring(req.getBodyOffset())); byte[] modifiedReq = helpers.buildHttpMessage(reqHeaders, body); IHttpRequestResponse checkUUID = this.callbacks.makeHttpRequest(httpService, modifiedReq); if (checkUUID == null || checkUUID.getResponse() == null) return null; String respHeaders = String.join("\n", this.helpers.analyzeResponse(checkUUID.getResponse()).getHeaders()); if (respHeaders.contains(uuid)) { for (String payload : CRLFSplitters) { String finalPayload = uuid.substring(0, 5) + payload + CRLFHeader + uuid.substring(6); String finalRequestUriBuilder = req.getMethod() + " /" + finalPayload + " HTTP/1.1"; reqHeaders.set(0, finalRequestUriBuilder); body = helpers.stringToBytes(helpers.bytesToString(baseRequestResponse.getRequest()).substring(req.getBodyOffset())); modifiedReq = helpers.buildHttpMessage(reqHeaders, body); IHttpRequestResponse attack = this.callbacks.makeHttpRequest(httpService, modifiedReq); IScanIssue res = analyzeResponse(attack, insertionPoint, finalPayload); if (res != null) return res; } } return null; }
public void loadRequest(IHttpRequestResponse request){ this.requestResponse = request; IRequestInfo req = burpCallback.getHelpers().analyzeRequest(request); loadData(request.getRequest(), req.getParameters(), req.getHeaders()); }
public static ArrayList<IParameter> getMultipartParameters(byte[] request) { IExtensionHelpers helpers = BurpExtender.getHelpers(); IRequestInfo analyzedRequest = helpers.analyzeRequest(request); ArrayList<IParameter> parameters = new ArrayList<>(); String boundary = getMultipartBoundary(request); String requestBodyString = new String(Arrays.copyOfRange(request, analyzedRequest.getBodyOffset(), request.length)); int index = requestBodyString.indexOf(boundary); while (index >= 0) { //BurpExtender.getCallbacks().printOutput(Integer.toString(index)); int nextNewLineIndex = requestBodyString.indexOf('\n', index); index = requestBodyString.indexOf(boundary, index+1); } return parameters; }
private boolean isSAMLMessage(byte[] content) { IRequestInfo info = helpers.analyzeRequest(content); httpMethod = helpers.analyzeRequest(content).getMethod(); if (info.getContentType() == IRequestInfo.CONTENT_TYPE_XML) { isSOAPMessage = true; try { IRequestInfo requestInfo = helpers.analyzeRequest(content); int bodyOffset = requestInfo.getBodyOffset(); String soapMessage = new String(content, bodyOffset, content.length - bodyOffset, "UTF-8"); Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(soapMessage); try { IRequestInfo requestInfo = helpers.analyzeRequest(content); isWSSUrlEncoded = requestInfo.getContentType() == IRequestInfo.CONTENT_TYPE_URL_ENCODED; isWSSMessage = true; IParameter parameter = helpers.getRequestParameter(content, "wresult");
private boolean checkHttpMethod(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); switch (this.matchRelationship) { case "Matches": return analyzedRequest.getMethod().matches(this.matchCondition); default: return !analyzedRequest.getMethod().matches(this.matchCondition); } }
public static byte[] signRequest(IHttpRequestResponse messageInfo, IExtensionHelpers helpers, String service, String region, String accessKey, String secretKey) throws Exception { IRequestInfo requestInfo = helpers.analyzeRequest(messageInfo); List<String> headers = requestInfo.getHeaders(); List<String> newHeaders = new ArrayList<>(headers); headers.remove(0); String payloadHash; if (!requestInfo.getMethod().equals("GET")){ int bodyOffset = requestInfo.getBodyOffset(); body = new String(request, bodyOffset, request.length - bodyOffset, "UTF-8").trim(); payloadHash = Hashing.sha256().hashString(body, StandardCharsets.UTF_8).toString().toLowerCase(); String canonicalURI = requestInfo.getUrl().getPath(); String canonicalQueryString = requestInfo.getUrl().getQuery(); String canonicalRequest = requestInfo.getMethod() + '\n' + canonicalURI + '\n' + canonicalQueryString + '\n' + canonicalHeaders +'\n' + signedHeaders + '\n' + payloadHash;
public boolean isDuplicateURL(IHttpRequestResponse messageInfo) { if (dubBloomFilter == null) return false; IRequestInfo requestInfo = helpers.analyzeRequest(messageInfo.getHttpService(), messageInfo.getRequest()); if (requestInfo == null) return true; HashFunction m_hash = Hashing.murmur3_32(); /* don't know if Burp has a deduplication here, make it sure */ String hashInput = requestInfo.getUrl().getPath() + "?"; if (requestInfo.getUrl().getQuery() != null && requestInfo.getUrl().getQuery().length() > 0) { List<String> qsList = Splitter.on('&').trimResults().splitToList(requestInfo.getUrl().getQuery()); if (qsList.size() > 0) { for (String param : qsList) { for (String k : Splitter.on("=").splitToList(param)) { hashInput += "&" + k; } } } } String dedupHashValue = "URL:" + requestInfo.getMethod() + m_hash.hashBytes(helpers.stringToBytes(hashInput)).toString(); if (dubBloomFilter.mightContain(dedupHashValue)) { return true; } dubBloomFilter.put(dedupHashValue); return false; }
public void addRequests(IHttpRequestResponse requestResponse[]){ for(IHttpRequestResponse rr: requestResponse) { IRequestInfo info = burpCallback.getHelpers().analyzeRequest(rr); // The response may be null if being sent from the proxy, prior to a drop //{"Method", "URL", "Parms", "Response Code", REQUEST_OBJECT_KEY} IHttpRequestResponsePersisted rrp = burpCallback.saveBuffersToTempFiles(rr); String sc; if(rr.getResponse() != null){ sc = Short.toString(burpCallback.getHelpers().analyzeResponse(rr.getResponse()).getStatusCode()); } else { sc = "n/a"; } requestTableModel.addRow(new Object[]{ ++reqIdx, info.getMethod(), info.getUrl(), (info.getParameters().size() > 0), sc, rrp }); } }
boolean matchesRequest(IRequestInfo request) throws JSONException { return isEnabled() && matchesTool("Extender") && matchesIParams(request.getParameters()) && matchesUrl(request.getUrl()); }
public static String getRequestHeaderValue(IRequestInfo requestInfo, String headerName) { headerName = headerName.toLowerCase().replace(":", ""); for (String header : requestInfo.getHeaders()) { if (header.toLowerCase().startsWith(headerName)) { return header.split(":", 0)[1]; } } return null; }
void setBaselineRequest(byte[] request){ this.baselineRequestBytes = request; IRequestInfo requestInfo = this.callbacks.getHelpers().analyzeRequest(request); List<IParameter> params = requestInfo.getParameters(); tests.clear(); tests.add(new SessionTestCase()); // add null entry for baseline. for (IParameter param:params){ if(isSupportedType(param)) { tests.add(new SessionTestCase(param)); } } List<String> headers = requestInfo.getHeaders(); for(String header:headers) { if (header.toLowerCase().startsWith("authorization:")) { tests.add(new SessionTestCase(header)); } } fireTableDataChanged(); }