void scrubCookies(Collection<String> cookieNames) { IExtensionHelpers helpers = BurpExtender.callbacks.getHelpers(); for (String cookieName : cookieNames) { IParameter cookie = helpers.buildParameter(cookieName, "", IParameter.PARAM_COOKIE); request = helpers.removeParameter(request, cookie); } // If Cookie: header is empty, remove IRequestInfo requestInfo = BurpExtender.callbacks.getHelpers().analyzeRequest(request); byte[] body = Arrays.copyOfRange(request, requestInfo.getBodyOffset(), request.length); List<String> headers = requestInfo.getHeaders(); for (int i = 0; i < headers.size(); i++) { if (headers.get(i).equals("Cookie: ")) { headers.remove(i); request = BurpExtender.callbacks.getHelpers().buildHttpMessage(headers, body); } } }
for (IParameter p: params) { if (p.getName().equals(modName) && this.isOfType(p.getType())) { newReq = helpers.removeParameter(newReq,p);
byte[] generateTestRequest(byte[] baseline, IBurpExtenderCallbacks callbacks) { if (param != null){ IExtensionHelpers helpers = callbacks.getHelpers(); switch(param.getType()) { default: testRequest = helpers.removeParameter(baseline, param); } } else if (testcaseHeader != null) { IRequestInfo requestInfo = callbacks.getHelpers().analyzeRequest(baseline); List<String> originalHeaders = requestInfo.getHeaders(); List<String> newHeaders = new ArrayList<>(originalHeaders.size() - 1); for (String header: originalHeaders) { if (!header.startsWith(testcaseHeader)) { newHeaders.add(header); } } byte[] body = new byte[baseline.length - requestInfo.getBodyOffset()]; System.arraycopy(baseline, requestInfo.getBodyOffset(), body, 0, body.length); byte[] newRequest = callbacks.getHelpers().buildHttpMessage(newHeaders, body); callbacks.printOutput(new String(newRequest)); testRequest = newRequest; } else { testRequest = baseline; } return testRequest; }
public byte[] injectPayloads(byte[] request, Integer requestCode) { //request = Utilities.replaceRequestLine(request, "GET @"+collabId + "/"+collabId.split("[.]")[0] + " HTTP/1.1"); //request = Utilities.addOrReplaceHeader(request, "Referer", "http://portswigger-labs.net/redirect.php?url=https://portswigger-labs.net/"+collabId); request = Utilities.addOrReplaceHeader(request, "Cache-Control", "no-transform"); for (String[] injection: injectionPoints) { String payload = injection[2].replace("%s", collab.generateCollabId(requestCode, injection[1])); // replace %h with corresponding Host header (same as with %s for Collaborator) payload = payload.replace("%h", Utilities.getHeader(request, "Host")); switch ( injection[0] ){ case "param": IParameter param = Utilities.helpers.buildParameter(injection[1], payload, IParameter.PARAM_URL); request = Utilities.helpers.removeParameter(request, param); request = Utilities.helpers.addParameter(request, param); break; case "header": request = Utilities.addOrReplaceHeader(request, injection[1], payload); break; default: Utilities.out("Unrecognised injection type: " + injection[0]); } } return request; }
rawrequest = callbacks.getHelpers().removeParameter(rawrequest, param);
/** * Is called every time new Code is available. * @param evt {@link de.rub.nds.burp.utilities.listeners.AbstractCodeEvent} The new source code. */ @Override public void setCode(AbstractCodeEvent evt) { if(evt instanceof SigAlgoCodeEvent) { sigAlgoChanged = !sigAlgoContent.getValue().equals(evt.getCode()); if(!evt.getCode().equals("")) { currentMessage = helpers.updateParameter(currentMessage, helpers.buildParameter(sigAlgoContent.getName(), evt.getCode(), sigAlgoContent.getType())); } else { // If empty delete SigAlgo parameter currentMessage = helpers.removeParameter(currentMessage, sigAlgoContent); } } else if(evt instanceof SignatureCodeEvent) { sigChanged = !sigContent.getValue().equals(evt.getCode()); if(!evt.getCode().equals("")) { currentMessage = helpers.updateParameter(currentMessage, helpers.buildParameter(sigContent.getName(), evt.getCode(), sigContent.getType())); } else { // If empty delete Signature parameter currentMessage = helpers.removeParameter(currentMessage, sigContent); } } }
rawrequest = callbacks.getHelpers().removeParameter(rawrequest, param);
rawrequest = callbacks.getHelpers().removeParameter(rawrequest, param);
tempRequest = helpers.removeParameter(tempRequest, param);
rawrequest = callbacks.getHelpers().removeParameter(rawrequest, param);
rawrequest = callbacks.getHelpers().removeParameter(rawrequest, param);
byte[] newReq = helpers.removeParameter(baseRequestResponse.getRequest(), baseParam); IParameter newParam = helpers.buildParameter(param_name, baseParam.getValue(), baseParam.getType()); newReq = helpers.addParameter(newReq, helpers.buildParameter(param_name, "", baseParam.getType()));
rawrequest = callbacks.getHelpers().removeParameter(rawrequest, param);
List<IParameter> parameters = helpers.analyzeRequest(currentMessage).getParameters(); for (IParameter param : parameters) { currentMessage = helpers.removeParameter(currentMessage, param);