public LaudanumRequest(IBurpExtenderCallbacks callbacks, URL url, String method) { this.callbacks = callbacks; if (method.equalsIgnoreCase("POST")) { defaultParamType = IParameter.PARAM_BODY; } else { defaultParamType = IParameter.PARAM_URL; } requestBytes = callbacks.getHelpers().buildHttpRequest(url); }
private void check() throws IOException { log.info("Trying check SSRF hashes"); if (requestedInsertionPoints.isEmpty()) { return; } /** * Make request for DNS logs */ URL url = new URL(DNS_LOOKUP_SERVER_LOGS); byte[] response = callbacks.makeHttpRequest(url.getHost(), 80, false, helpers.buildHttpRequest(url)); String dnsResponseString = helpers.bytesToString(response); /** * Remove all insertion points * and add Issue to scanner for insertion points which contains in DNS Logs */ requestedInsertionPoints.entrySet().removeIf(entry -> { boolean contains = dnsResponseString.contains(entry.getKey()); if (contains) { log.warn("SSRF Found: " + entry.getKey()); callbacks.addScanIssue(new SSRFScanIssue(callbacks, entry.getKey(), entry.getValue())); return true; } return false; }); }
byte[] jbosstest = helpers.buildHttpRequest(urlToTest);
byte[] oastest = helpers.buildHttpRequest(urlToTest);
urlToTest = new URL(protocol, url.getHost(), url.getPort(), JBOSS_jBPM_PATH); byte[] jbosstest = helpers.buildHttpRequest(urlToTest);
byte[] oastest = helpers.buildHttpRequest(urlToTest);
byte[] manReq = callbacks.getHelpers().buildHttpRequest(new URL(url + reqString)); if(method.toString().equalsIgnoreCase("requestmethod.post") || method.toString().equalsIgnoreCase("post")) manReq = callbacks.getHelpers().toggleRequestMethod(manReq);
byte[] jbosstest = helpers.buildHttpRequest(urlToTest);
byte[] oastest = helpers.buildHttpRequest(urlToTest);
@Override protected Object doInBackground() throws Exception { URL url = new URL(VERSION_URI + "?v=" + currentVersion.getVersionString() + "&t=" + (automatic ? "a" : "m") + // reports if automated or manual update "&b=" + (CO2Config.isLoadedFromBappStore(AboutTab.this.callbacks) ? "y" : "n") // loaded from a bappstore version? ); byte[] request = callbacks.getHelpers().buildHttpRequest(url); byte[] response = callbacks.makeHttpRequest("burpco2.com", 80, false, request); IResponseInfo responseInfo = callbacks.getHelpers().analyzeResponse(response); if (responseInfo.getStatusCode() == 200) { String body = new String(response).substring(responseInfo.getBodyOffset()).trim(); String[] versionText = body.split(","); Version[] versions = new Version[versionText.length]; for (int i = 0; i < versions.length; i++) { versions[i] = new Version(versionText[i]); } return versions; } else { return null; } }
byte[] jbosstest = helpers.buildHttpRequest(urlToTest);
byte[] oastest = helpers.buildHttpRequest(urlToTest);
byte[] jbosstest = helpers.buildHttpRequest(urlToTest);
byte[] jbosswstest = helpers.buildHttpRequest(urlToTest);
byte[] udditest = helpers.buildHttpRequest(urlToTest); byte[] response = callbacks.makeHttpRequest(url.getHost(), url.getPort(), isSSL, udditest); byte[] ssrfRootRequest = helpers.buildHttpRequest(ssrfUrlToTest);
byte[] nodejstest = helpers.buildHttpRequest(urlToTest);
byte[] jsfmessage = helpers.buildHttpRequest(payload);
byte[] weblogictest = helpers.buildHttpRequest(urlToTest); byte[] response = callbacks.makeHttpRequest(url.getHost(), url.getPort(), isSSL, weblogictest);
credentials = wp.getCredentials(); byte[] httpAuthTest = helpers.buildHttpRequest(urlToTest);
byte[] oastest = helpers.buildHttpRequest(urlToTest);