private boolean checkHttpMethod(IHttpRequestResponse messageInfo) { IRequestInfo analyzedRequest = BurpExtender.getHelpers().analyzeRequest(messageInfo); switch (this.matchRelationship) { case "Matches": return analyzedRequest.getMethod().matches(this.matchCondition); default: return !analyzedRequest.getMethod().matches(this.matchCondition); } }
public void updateTableModel() { data.clear(); // this is safe because we update this one first List<IHttpRequestResponse> rrs = tabbedReplayDetails.getOriginalDetailsPanel().listHTTPRequestsResponses; for (int i = 0; i < rrs.size(); i++) { IHttpRequestResponse reqres = rrs.get(i); //IHttpService httpService = reqres.getHttpService(); IRequestInfo reqInfo = helpers.analyzeRequest(reqres); String method = reqInfo.getMethod(); String url = reqInfo.getUrl().toString(); String[] row = new String[3]; row[0] = Integer.toString(i+1); row[1] = method; row[2] = url; data.add(row); } //log("updating model..."); fireTableDataChanged(); }
public boolean isDuplicateURL(IHttpRequestResponse messageInfo) { if (dubBloomFilter == null) return false; IRequestInfo requestInfo = helpers.analyzeRequest(messageInfo.getHttpService(), messageInfo.getRequest()); if (requestInfo == null) return true; HashFunction m_hash = Hashing.murmur3_32(); /* don't know if Burp has a deduplication here, make it sure */ String hashInput = requestInfo.getUrl().getPath() + "?"; if (requestInfo.getUrl().getQuery() != null && requestInfo.getUrl().getQuery().length() > 0) { List<String> qsList = Splitter.on('&').trimResults().splitToList(requestInfo.getUrl().getQuery()); if (qsList.size() > 0) { for (String param : qsList) { for (String k : Splitter.on("=").splitToList(param)) { hashInput += "&" + k; } } } } String dedupHashValue = "URL:" + requestInfo.getMethod() + m_hash.hashBytes(helpers.stringToBytes(hashInput)).toString(); if (dubBloomFilter.mightContain(dedupHashValue)) { return true; } dubBloomFilter.put(dedupHashValue); return false; }
public List<IScanIssue> doScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { IResponseInfo resp = helpers.analyzeResponse(baseRequestResponse.getResponse()); IRequestInfo req = helpers.analyzeRequest(baseRequestResponse.getRequest()); if (resp == null | req == null) return null; URL url = helpers.analyzeRequest(baseRequestResponse).getUrl(); if (flags.contains(url.toString())) return null; else flags.add(url.toString()); List<IScanIssue> issues = new ArrayList<>(); IHttpService httpService = baseRequestResponse.getHttpService(); List<String> headers = req.getHeaders(); for (String i : Payloads) { String finalPayload = req.getMethod() + " " + url.getPath() + i + " HTTP/1.1"; headers.set(0, finalPayload); byte[] body = helpers.stringToBytes(helpers.bytesToString(baseRequestResponse.getRequest()).substring(req.getBodyOffset())); byte[] modifiedReq = helpers.buildHttpMessage(headers, body); IHttpRequestResponse attack = this.callbacks.makeHttpRequest(httpService, modifiedReq); IScanIssue res = analyzeResponse(attack); if (res != null) issues.add(res); } if (issues.size() > 0) return issues; return issues; }
/** * Construct a new table entry. * @param counter The number of the entry position in the history. * @param protocol The single sign-on protocol. * @param token The token or unique id for the protocol flow. * @param requestResponse The content of the request/response. * @param callbacks Helper provided by the Burp Suite api. */ public TableEntry(String counter, String protocol, String token, IHttpRequestResponsePersisted requestResponse, IBurpExtenderCallbacks callbacks) { this.callbacks = callbacks; this.helpers = callbacks.getHelpers(); this.counter = counter; this.protocol = protocol; this.host = helpers.analyzeRequest(requestResponse).getUrl().getHost(); this.method = helpers.analyzeRequest(requestResponse).getMethod(); this.url = helpers.analyzeRequest(requestResponse).getUrl().getPath(); this.token = token; LocalTime t = LocalTime.now(); this.timestamp = t; this.time = t.toString().substring(0, t.toString().length()-2); this.length = (new Integer(requestResponse.getResponse().length)).toString(); this.comment = requestResponse.getComment(); this.fullMessage = requestResponse; }
IHttpService httpService = baseRequestResponse.getHttpService(); URL url = helpers.analyzeRequest(baseRequestResponse).getUrl(); if (flags.contains(req.getMethod() + url.toString())) return null; else flags.add(req.getMethod() + url.toString()); List<String> headers = req.getHeaders(); String finalPayload = req.getMethod() + " " + url.getPath() + "\\" + i + " HTTP/1.1"; headers.set(0, finalPayload); byte[] body = helpers.stringToBytes(helpers.bytesToString(baseRequestResponse.getRequest()).substring(req.getBodyOffset()));
public IScanIssue scanRootDirectory(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { IRequestInfo req = helpers.analyzeRequest(baseRequestResponse.getRequest()); IHttpService httpService = baseRequestResponse.getHttpService(); String uuid = UUID.randomUUID().toString().replaceAll("-", ""); String uuidPayload = req.getMethod() + " /" + uuid + " HTTP/1.1"; List<String> reqHeaders = req.getHeaders(); reqHeaders.set(0, uuidPayload); byte[] body = helpers.stringToBytes(helpers.bytesToString(baseRequestResponse.getRequest()).substring(req.getBodyOffset())); byte[] modifiedReq = helpers.buildHttpMessage(reqHeaders, body); IHttpRequestResponse checkUUID = this.callbacks.makeHttpRequest(httpService, modifiedReq); if (checkUUID == null || checkUUID.getResponse() == null) return null; String respHeaders = String.join("\n", this.helpers.analyzeResponse(checkUUID.getResponse()).getHeaders()); if (respHeaders.contains(uuid)) { for (String payload : CRLFSplitters) { String finalPayload = uuid.substring(0, 5) + payload + CRLFHeader + uuid.substring(6); String finalRequestUriBuilder = req.getMethod() + " /" + finalPayload + " HTTP/1.1"; reqHeaders.set(0, finalRequestUriBuilder); body = helpers.stringToBytes(helpers.bytesToString(baseRequestResponse.getRequest()).substring(req.getBodyOffset())); modifiedReq = helpers.buildHttpMessage(reqHeaders, body); IHttpRequestResponse attack = this.callbacks.makeHttpRequest(httpService, modifiedReq); IScanIssue res = analyzeResponse(attack, insertionPoint, finalPayload); if (res != null) return res; } } return null; }
String finalPayload = req.getMethod() + " " + url.getPath() + status + " HTTP/1.1"; headers.set(0, finalPayload); byte[] attackReq = helpers.buildHttpMessage(headers, null);
return new HttpRequestInfo(requestInfo.getMethod(), url.toString(), paramsGet, paramsPost, requestBodyString, headers,multiPartParameters);
if (reqInfo.getMethod().equals("POST")) { guessType = IParameter.PARAM_BODY;
/** * Create a new table entry. * @param ssoProtocol The {@link SSOProtocol}. * @param callbacks {@link burp.IBurpExtenderCallbacks} */ public TableEntry(SSOProtocol ssoProtocol, IBurpExtenderCallbacks callbacks) { this.callbacks = callbacks; this.helpers = callbacks.getHelpers(); this.counter = ""+ssoProtocol.getCounter(); this.protocol = ssoProtocol.getProtocol(); this.fullMessage = callbacks.saveBuffersToTempFiles(ssoProtocol.getMessage()); this.host = helpers.analyzeRequest(this.fullMessage ).getUrl().getHost(); this.method = helpers.analyzeRequest(this.fullMessage ).getMethod(); this.url = helpers.analyzeRequest(this.fullMessage ).getUrl().getPath(); this.token = ssoProtocol.getToken(); LocalTime t = LocalTime.now(); this.timestamp = t; this.time = t.toString().substring(0, t.toString().length()-4); this.length = (new Integer(this.fullMessage.getResponse().length)).toString(); this.comment = this.fullMessage .getComment(); this.ssoProtocol = ssoProtocol; }
/** * Add {@link URL}s from the sitemap to scope and send them to the Burp scanner. * * @param siteMapUrlPrefix Base URL to scan from */ private void scanSiteMap(URL siteMapUrlPrefix) { if (siteMapUrlPrefix != null) { IHttpRequestResponse[] siteMapItems = callbacks.getSiteMap(config.getSiteMap().toString()); if (siteMapItems == null) { return; } log("Scanning [" + siteMapItems.length + "] from sitemap [" + config.getSiteMap().toString() + "]"); for (IHttpRequestResponse siteMapItem : siteMapItems) { IRequestInfo requestInfo = helpers.analyzeRequest(siteMapItem); URL url = requestInfo.getUrl(); if (verbose) { log("Scanning: " + requestInfo.getMethod() + " : " + url); } if (!config.getExclusions().contains(url)) { callbacks.includeInScope(url); sendToScanner(siteMapItem); } } } }
if (!reqInfo.getMethod().equals("GET")) { return issues;
public void addRequests(IHttpRequestResponse requestResponse[]){ for(IHttpRequestResponse rr: requestResponse) { IRequestInfo info = burpCallback.getHelpers().analyzeRequest(rr); // The response may be null if being sent from the proxy, prior to a drop //{"Method", "URL", "Parms", "Response Code", REQUEST_OBJECT_KEY} IHttpRequestResponsePersisted rrp = burpCallback.saveBuffersToTempFiles(rr); String sc; if(rr.getResponse() != null){ sc = Short.toString(burpCallback.getHelpers().analyzeResponse(rr.getResponse()).getStatusCode()); } else { sc = "n/a"; } requestTableModel.addRow(new Object[]{ ++reqIdx, info.getMethod(), info.getUrl(), (info.getParameters().size() > 0), sc, rrp }); } }
replayedRequestInfo.getMethod(), originalRequestInfo.getUrl(), (replayedRequestInfo.getParameters().size() > 0),
private boolean isSAMLMessage(byte[] content) { IRequestInfo info = helpers.analyzeRequest(content); httpMethod = helpers.analyzeRequest(content).getMethod(); if (info.getContentType() == IRequestInfo.CONTENT_TYPE_XML) { isSOAPMessage = true;