@Override public boolean isEnabled(byte[] respBytes, boolean isRequest) { if (isRequest) { return false; } else { //The tab will appears if it has at least one CSP header IResponseInfo responseInfo = helpers.analyzeResponse(respBytes); Map<String,String> cspHeaders = BurpPolicyBuilder.getCspHeader(responseInfo); return cspHeaders.size() > 0; } }
private String getStringResponseBody(IHttpRequestResponse baseRequestResponse) { String response = null; try { response = new String(baseRequestResponse.getResponse(), "UTF-8"); response = response.substring(helpers.analyzeResponse(baseRequestResponse.getResponse()).getBodyOffset()); } catch (UnsupportedEncodingException e) { System.out.println("Error converting string"); } return response; }
public short getStatusCode(IHttpRequestResponse messageInfo) { IResponseInfo analyzedResponse = helpers.analyzeResponse(messageInfo.getResponse()); return analyzedResponse.getStatusCode(); } public List<IParameter> getParas(IHttpRequestResponse messageInfo){
private void processLoginPossibilities(IHttpRequestResponse httpRequestResponse) { final byte[] responseBytes = httpRequestResponse.getResponse(); IResponseInfo responseInfo = helpers.analyzeResponse(responseBytes); checkRequestForOpenIdLoginMetadata(responseInfo, httpRequestResponse); }
@Override public void setMessage(byte[] respBytes, boolean isRequest) { this.message = respBytes; try { IResponseInfo responseInfo = helpers.analyzeResponse(respBytes); List<ContentSecurityPolicy> p = BurpPolicyBuilder.buildFromResponse(responseInfo); cspHeaders.displayPolicy(p); } catch (Exception e) { Log.error(e.getMessage()); } }
protected List<String> getHeaders() { if (message == null) { return new ArrayList<String>(); } if (isRequest) { IRequestInfo requestInfo = helpers.analyzeRequest(message); return requestInfo.getHeaders(); } else { IResponseInfo responseInfo = helpers.analyzeResponse(message); return responseInfo.getHeaders(); } }
public imageDownloader(IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers, IHttpService httpService,byte[] request) { IHttpRequestResponse message = callbacks.makeHttpRequest(httpService,request); IResponseInfo response = helpers.analyzeResponse(message.getResponse()); List<String> headers = response.getHeaders(); for(String header:headers) { if(header.toLowerCase().startsWith("content-type:")) { fileType= header.substring(header.indexOf("/")+1, header.indexOf(";")); } } int bodyOffset = response.getBodyOffset(); int length = message.getResponse().length; byte[] byte_body = Arrays.copyOfRange(message.getResponse(), bodyOffset, length-1); byte_image = byte_body; }
@Override public List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse) { // IRequestInfo requestInfo = helpers.analyzeRequest(baseRequestResponse.getRequest()); IResponseInfo responseInfo = helpers.analyzeResponse(baseRequestResponse.getResponse()); List<ContentSecurityPolicy> csp = BurpPolicyBuilder.buildFromResponse(responseInfo); List<CspIssue> cspIssues = HeaderValidation.validateCspConfig(csp); if(cspIssues.size() == 0) return new ArrayList<IScanIssue>(); return convertIssues(cspIssues,baseRequestResponse); }
@Override public boolean isEnabled(byte[] content, boolean isRequest) { if (!isRequest && tab.getBeautifierEnabled()) { IResponseInfo respinfo = callbacks.getHelpers().analyzeResponse(content); return ("script".equals(respinfo.getStatedMimeType()) || "script".equals(respinfo.getInferredMimeType())); } else { return false; } }
public String getHeaderString(boolean messageIsRequest,IHttpRequestResponse messageInfo) { List<String> headers =null; StringBuilder headerString = new StringBuilder(); if(messageIsRequest) { IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); headers = analyzeRequest.getHeaders(); }else { IResponseInfo analyzeResponse = helpers.analyzeResponse(messageInfo.getResponse()); headers = analyzeResponse.getHeaders(); } for (String header : headers) { headerString.append(header); } return headerString.toString(); }
protected int getBodyOffset() { if (isRequest) { IRequestInfo requestInfo = helpers.analyzeRequest(message); return requestInfo.getBodyOffset(); } else { IResponseInfo responseInfo = helpers.analyzeResponse(message); return responseInfo.getBodyOffset(); } }
@Override public IScanIssue grep(IHttpRequestResponse baseRequestResponse) { IResponseInfo resp = helpers.analyzeResponse(baseRequestResponse.getResponse()); if (resp == null) return null; if (resp.getStatusCode() != 200) return null; List<String> contentTypes = Arrays.asList("text/html", "application/xml"); List<String> headers = resp.getHeaders(); String contentTypeHeader = Utils.getContentType(resp); if (contentTypeHeader == null) return analyseHeaders(baseRequestResponse, headers); if (contentTypes.contains(contentTypeHeader.toLowerCase())) return analyseHeaders(baseRequestResponse, headers); return null; }
public void loadResponse(IHttpRequestResponse response){ this.requestResponse = response; IResponseInfo req = burpCallback.getHelpers().analyzeResponse(response.getResponse()); loadData(response.getResponse(), new LinkedList<IParameter>(), req.getHeaders()); }
public void addHeader(String headerToAdd) { List<String> headers; int offset; if (isRequest) { IRequestInfo requestInfo = helpers.analyzeRequest(message); headers = requestInfo.getHeaders(); offset = requestInfo.getBodyOffset(); } else { IResponseInfo responseInfo = helpers.analyzeResponse(message); headers = responseInfo.getHeaders(); offset = responseInfo.getBodyOffset(); } headers.add(headerToAdd); this.message = helpers.buildHttpMessage(headers, Arrays.copyOfRange(message, offset, message.length)); }
public List<String> getHeaderList(boolean messageIsRequest,IHttpRequestResponse messageInfo) { if(messageIsRequest) { IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); List<String> headers = analyzeRequest.getHeaders(); return headers; }else { IResponseInfo analyzeResponse = helpers.analyzeResponse(messageInfo.getResponse()); List<String> headers = analyzeResponse.getHeaders(); return headers; } }
public byte[] getBody(boolean messageIsRequest,IHttpRequestResponse messageInfo) { if(messageIsRequest) { IRequestInfo analyzeRequest = helpers.analyzeRequest(messageInfo); int bodyOffset = analyzeRequest.getBodyOffset(); byte[] byte_Request = messageInfo.getRequest(); byte[] byte_body = Arrays.copyOfRange(byte_Request, bodyOffset, byte_Request.length);//not length-1 //String body = new String(byte_body); //byte[] to String return byte_body; }else { IResponseInfo analyzeResponse = helpers.analyzeResponse(messageInfo.getResponse()); int bodyOffset = analyzeResponse.getBodyOffset(); byte[] byte_Request = messageInfo.getResponse(); byte[] byte_body = Arrays.copyOfRange(byte_Request, bodyOffset, byte_Request.length);//not length-1 return byte_body; } }
@Override public void setMessage(byte[] content, boolean isRequest) { if (content == null) { editor.setText(null); currentMessage = null; } else { int bodyOffset = callbacks.getHelpers().analyzeResponse(content).getBodyOffset(); byte[] bodyContent = Arrays.copyOfRange(content, bodyOffset, content.length); currentMessage = content; editor.setText(beautifyJS(bodyContent)); } editor.setEditable(false); }
public boolean isFullDuplicate(IHttpRequestResponse messageInfo) { PrintWriter stdout = new PrintWriter(callbacks.getStdout(), true); IResponseInfo respInfo = helpers.analyzeResponse(messageInfo.getResponse()); if (dubBloomFilter == null) return false; HashFunction m_hash = Hashing.murmur3_32(); if (helpers.bytesToString(messageInfo.getResponse()).length() > respInfo.getBodyOffset()) { String body = helpers.bytesToString(messageInfo.getResponse()).substring(respInfo.getBodyOffset()); /* full-dub detection */ String dedupHashValue = m_hash.hashBytes(helpers.stringToBytes(body)).toString(); if (dubBloomFilter.mightContain(dedupHashValue)) { return true; } dubBloomFilter.put(dedupHashValue); } return false; }
private boolean checkStatusCode(IHttpRequestResponse messageInfo) { IResponseInfo analyzedResponse = BurpExtender.getHelpers().analyzeResponse(messageInfo.getResponse()); try { short responseCodeAsShort = Short.parseShort(this.matchCondition); switch (this.matchRelationship) { case "Is Greater Than": return analyzedResponse.getStatusCode() > responseCodeAsShort; case "Is Less Than": return analyzedResponse.getStatusCode() < responseCodeAsShort; case "Equals": return (analyzedResponse.getStatusCode() == responseCodeAsShort); default: return !(analyzedResponse.getStatusCode() == responseCodeAsShort); } } catch (NumberFormatException e) { return false; } }
public static void scanVulnerabilities(IHttpRequestResponse baseRequestResponse, IBurpExtenderCallbacks callbacks) { IExtensionHelpers helpers = callbacks.getHelpers(); byte[] rawRequest = baseRequestResponse.getRequest(); byte[] rawResponse = baseRequestResponse.getResponse(); IRequestInfo reqInfo = helpers.analyzeRequest(baseRequestResponse); IResponseInfo respInfo = helpers.analyzeResponse(rawResponse); //Body (without the headers) String reqBody = getBodySection(rawRequest, reqInfo.getBodyOffset()); String respBody = getBodySection(rawResponse, respInfo.getBodyOffset()); String httpServerHeader = HTTPParser.getResponseHeaderValue(respInfo, "Server"); String contentTypeResponse = HTTPParser.getResponseHeaderValue(respInfo, "Content-Type"); String xPoweredByHeader = HTTPParser.getResponseHeaderValue(respInfo, "X-Powered-By"); for(PassiveRule scanner : PASSIVE_RULES) { scanner.scan(callbacks,baseRequestResponse,reqBody,respBody,reqInfo,respInfo, httpServerHeader,contentTypeResponse, xPoweredByHeader); } }