@Override public URL getUrl() { return helpers.analyzeRequest(baseRequestResponse).getUrl(); }
@Override public URL getUrl() { return helpers.analyzeRequest(baseRequestResponse).getUrl(); }
@Override public List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse) { List<IScanIssue> issues = super.doPassiveScan(baseRequestResponse); URL url = helpers.analyzeRequest(baseRequestResponse).getUrl(); /* * Here we check possible vulnerabilities related on request path */ if ((tabComponent.getCbxPathScanInScope().isSelected() && !callbacks.isInScope(url)) || !tabComponent.getCbxPathSearch().isSelected()) { return issues; } String domainName = url.getHost(); String path = url.getPath(); Domain domain = domains.get(domainName); if (domain == null) { domains.put(domainName, domain = new Domain()); } if (!domain.getPaths().containsKey(path)) { callbacks.printOutput("[Vulners] adding new path '" + path + "' for domain " + domainName); domain.getPaths().put(path, null); vulnersService.checkURLPath(domainName, path, baseRequestResponse); } return issues; }
String domainName = helpers.analyzeRequest(baseRequestResponse).getUrl().getHost(); List<int[]> startStop = new ArrayList<>(1); callbacks.printOutput("[Vulners] Processing issues for: " + domainName);
public static boolean isRequestMultipartForm(byte[] request) { IExtensionHelpers helpers = BurpExtender.getHelpers(); IRequestInfo analyzedRequest = helpers.analyzeRequest(request); List<String> headers = analyzedRequest.getHeaders(); return headers.stream().anyMatch((h) -> h.startsWith("Content-Type: multipart/form-data;")); }
private boolean checkParamName(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); List<IParameter> parametersByName = analyzedRequest.getParameters() .stream() .filter(p -> p.getName().matches(this.matchCondition)) .collect(Collectors.toList()); switch (this.matchRelationship) { case "Matches": return parametersByName.size() > 0; default: return !(parametersByName.size() > 0); } }
private boolean checkParamValue(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); List<IParameter> parametersByValue = analyzedRequest.getParameters() .stream() .filter(p -> p.getValue().matches(this.matchCondition)) .collect(Collectors.toList()); switch (this.matchRelationship) { case "Matches": return parametersByValue.size() > 0; default: return !(parametersByValue.size() > 0); } }
public static String getMultipartBoundary(byte[] request) { IExtensionHelpers helpers = BurpExtender.getHelpers(); IRequestInfo analyzedRequest = helpers.analyzeRequest(request); List<String> headers = analyzedRequest.getHeaders(); return headers.stream() .filter((h) -> h.startsWith("Content-Type: multipart/form-data;")) .findFirst() .map((h) -> getStringAfterSubstring(h, "Content-Type: multipart/form-data;")) .map((h) -> getStringAfterSubstring(h, "boundary=")) .map((h) -> "--"+h) .orElse(null); }
private boolean checkRequestBody(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); byte[] request = messageInfo.getRequest(); String bodyString = new String( Arrays.copyOfRange(request, analyzedRequest.getBodyOffset(), request.length)); switch (this.matchRelationship) { case ("Matches"): return bodyString.matches(this.matchCondition); default: return !bodyString.matches(this.matchCondition); } }
private byte[] addHeader(byte[] request) { IExtensionHelpers helpers = BurpExtender.getHelpers(); IRequestInfo analyzedRequest = helpers.analyzeRequest(request); List<String> headers = analyzedRequest.getHeaders(); // Strip content-length to make sure it's the last param if (headers.get(headers.size()-1).startsWith("Content-Length:")) { headers.remove(headers.size()-1); } byte[] body = Arrays.copyOfRange(request, analyzedRequest.getBodyOffset(), request.length); headers.add(this.replace); return helpers.buildHttpMessage(headers, body); }
private boolean checkFileExtension(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); String fileExtension = Files.getFileExtension(analyzedRequest.getUrl().toString()); switch (this.matchRelationship) { case "Matches": return fileExtension.matches(this.matchCondition); default: return !fileExtension.matches(this.matchCondition); } }
private boolean checkHttpMethod(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); switch (this.matchRelationship) { case "Matches": return analyzedRequest.getMethod().matches(this.matchCondition); default: return !analyzedRequest.getMethod().matches(this.matchCondition); } }
protected List<String> getHeaders() { if (message == null) { return new ArrayList<String>(); } if (isRequest) { IRequestInfo requestInfo = helpers.analyzeRequest(message); return requestInfo.getHeaders(); } else { IResponseInfo responseInfo = helpers.analyzeResponse(message); return responseInfo.getHeaders(); } }
private boolean checkUrl(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); switch (this.matchRelationship) { case "Is In Scope": return BurpExtender.getCallbacks().isInScope(analyzedRequest.getUrl()); case "Matches": return analyzedRequest.getUrl().toString().matches(this.matchCondition); default: return !analyzedRequest.getUrl().toString().matches(this.matchCondition); } }
private IParameter getParameterFromInsertionPoint(IScannerInsertionPoint insertionPoint, byte[] request) { IParameter baseParam = null; int basePayloadStart = insertionPoint.getPayloadOffsets("x".getBytes())[0]; List<IParameter> params = helpers.analyzeRequest(request).getParameters(); for (IParameter param : params) { if (param.getValueStart() == basePayloadStart && insertionPoint.getBaseValue().equals(param.getValue())) { baseParam = param; break; } } return baseParam; }
protected int getBodyOffset() { if (isRequest) { IRequestInfo requestInfo = helpers.analyzeRequest(message); return requestInfo.getBodyOffset(); } else { IResponseInfo responseInfo = helpers.analyzeResponse(message); return responseInfo.getBodyOffset(); } }
public List<String> getHeaderList(boolean messageIsRequest,IHttpRequestResponse messageInfo) { if(messageIsRequest) { IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); List<String> headers = analyzeRequest.getHeaders(); return headers; }else { IResponseInfo analyzeResponse = helpers.analyzeResponse(messageInfo.getResponse()); List<String> headers = analyzeResponse.getHeaders(); return headers; } }
/** * {@inheritDoc} */ @Override public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) { if (verbose && messageIsRequest) { IRequestInfo requestInfo = callbacks.getHelpers().analyzeRequest(message.getMessageInfo()); log("Proxy request to " + requestInfo.getUrl()); } }
private IScanIssue reportIssue(String payload, IHttpRequestResponse sentRequestResponse, IBurpCollaboratorInteraction collaboratorInteraction) { IHttpRequestResponse[] httpMessages = new IHttpRequestResponse[]{callbacks.applyMarkers(sentRequestResponse, buildRequestHighlights(payload, sentRequestResponse), Collections.emptyList())}; String issueDetail = buildIssueDetail(payload, collaboratorInteraction); return new CustomScanIssue(sentRequestResponse.getHttpService(), helpers.analyzeRequest(sentRequestResponse).getUrl(), httpMessages, issueDetail, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", ISSUE_BACKGROUND, REMEDIATION_BACKGROUND); }
public void loadRequest(IHttpRequestResponse request){ this.requestResponse = request; IRequestInfo req = burpCallback.getHelpers().analyzeRequest(request); loadData(request.getRequest(), req.getParameters(), req.getHeaders()); }