void analyzeResults(IResponseInfo responseInfo, byte[] response) { responseSize = response.length - responseInfo.getBodyOffset(); responseCode = Short.toString(responseInfo.getStatusCode()); testResponse = response; }
private boolean checkStatusCode(IHttpRequestResponse messageInfo) { IResponseInfo analyzedResponse = BurpExtender.getHelpers().analyzeResponse(messageInfo.getResponse()); try { short responseCodeAsShort = Short.parseShort(this.matchCondition); switch (this.matchRelationship) { case "Is Greater Than": return analyzedResponse.getStatusCode() > responseCodeAsShort; case "Is Less Than": return analyzedResponse.getStatusCode() < responseCodeAsShort; case "Equals": return (analyzedResponse.getStatusCode() == responseCodeAsShort); default: return !(analyzedResponse.getStatusCode() == responseCodeAsShort); } } catch (NumberFormatException e) { return false; } }
public short getStatusCode(IHttpRequestResponse messageInfo) { IResponseInfo analyzedResponse = helpers.analyzeResponse(messageInfo.getResponse()); return analyzedResponse.getStatusCode(); } public List<IParameter> getParas(IHttpRequestResponse messageInfo){
@Override public IScanIssue grep(IHttpRequestResponse baseRequestResponse) { IResponseInfo resp = helpers.analyzeResponse(baseRequestResponse.getResponse()); if (resp == null) return null; if (resp.getStatusCode() != 200) return null; List<String> contentTypes = Arrays.asList("text/html", "application/xml"); List<String> headers = resp.getHeaders(); String contentTypeHeader = Utils.getContentType(resp); if (contentTypeHeader == null) return analyseHeaders(baseRequestResponse, headers); if (contentTypes.contains(contentTypeHeader.toLowerCase())) return analyseHeaders(baseRequestResponse, headers); return null; }
public IScanIssue analyzeResponse(IHttpRequestResponse requestResponse) { IResponseInfo resp = helpers.analyzeResponse(requestResponse.getResponse()); if (resp == null || resp.getStatusCode() < 300 || resp.getStatusCode() >= 400) return null; List<String> headers = resp.getHeaders(); String locationHeader = Utils.getHeaderValue(headers, "Location"); if (locationHeader == null) return null; Matcher redirectMatcher = REDIRECT_PATTERN.matcher(locationHeader.toUpperCase()); if (redirectMatcher.find()) { String attackDetails = "A open redirect vulnerability was found at: <b>" + helpers.analyzeRequest(requestResponse).getUrl().toString() + "</b>\n"; List responseMarkers = new ArrayList(1); responseMarkers.add(new int[]{helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION"), helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION") + "LOCATION".length()}); return new CustomScanIssue(requestResponse.getHttpService(), this.helpers.analyzeRequest(requestResponse).getUrl(), new IHttpRequestResponse[]{this.callbacks.applyMarkers(requestResponse, null, responseMarkers)}, attackDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", "", ""); } return null; } }
if (jbossUndertowInfo.getStatusCode() == 200) {
public IScanIssue analyzeResponse(IHttpRequestResponse requestResponse) { IResponseInfo resp = helpers.analyzeResponse(requestResponse.getResponse()); if (resp == null || resp.getStatusCode() < 300 || resp.getStatusCode() >= 400) return null; List<String> headers = resp.getHeaders(); String locationHeader = Utils.getHeaderValue(headers, "Location"); if (locationHeader == null) return null; for (String redirect : REDIRECTS) { if (locationHeader.toUpperCase().startsWith(redirect)) { String attackDetails = "Open redirect vulnerability was found at: <b>" + helpers.analyzeRequest(requestResponse).getUrl().toString() + "</b>\n"; List responseMarkers = new ArrayList(1); responseMarkers.add(new int[]{helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION"), helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION") + "LOCATION".length()}); return new CustomScanIssue(requestResponse.getHttpService(), this.helpers.analyzeRequest(requestResponse).getUrl(), new IHttpRequestResponse[]{this.callbacks.applyMarkers(requestResponse, null, responseMarkers)}, attackDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", "", ""); } } return null; } }
if (jbossAdminInfo.getStatusCode() == 200) {
if (statusInfo.getStatusCode() == 200) {
@Override public IScanIssue grep(IHttpRequestResponse baseRequestResponse) { IResponseInfo resp = helpers.analyzeResponse(baseRequestResponse.getResponse()); if (resp == null) return null; short statusCode = resp.getStatusCode(); if (ignoreCodes != null && ignoreCodes.contains(new Integer(statusCode))) return null; List<String> contentTypes = Arrays.asList("application/javascript", "text/css", "image/gif", "text/html", "image/x-icon", "image/png", "image/jpg", "image/jpeg", "application/x-javascript"); List<String> headers = resp.getHeaders(); String xContentTypeOptionsHeader = Utils.getHeaderValue(headers, "X-Content-Type-Options"); if (xContentTypeOptionsHeader != null && xContentTypeOptionsHeader.toUpperCase().contains("NOSNIFF")) return null; String contentTypeHeader = Utils.getContentType(resp); if (contentTypeHeader != null && !contentTypes.contains(contentTypeHeader.toLowerCase())) return null; String issueDetails = "The URL <b> " + helpers.analyzeRequest(baseRequestResponse).getUrl().toString() + "</b>\n" + "returned an HTTP response without the recommended HTTP header X-Content-Type-Options"; return new CustomScanIssue(baseRequestResponse.getHttpService(), helpers.analyzeRequest(baseRequestResponse).getUrl(), new IHttpRequestResponse[]{this.callbacks.applyMarkers(baseRequestResponse, null, null)}, issueDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", "", ""); } }
if (statusInfo.getStatusCode() == 200) {
@Override protected Object doInBackground() throws Exception { URL url = new URL(VERSION_URI + "?v=" + currentVersion.getVersionString() + "&t=" + (automatic ? "a" : "m") + // reports if automated or manual update "&b=" + (CO2Config.isLoadedFromBappStore(AboutTab.this.callbacks) ? "y" : "n") // loaded from a bappstore version? ); byte[] request = callbacks.getHelpers().buildHttpRequest(url); byte[] response = callbacks.makeHttpRequest("burpco2.com", 80, false, request); IResponseInfo responseInfo = callbacks.getHelpers().analyzeResponse(response); if (responseInfo.getStatusCode() == 200) { String body = new String(response).substring(responseInfo.getBodyOffset()).trim(); String[] versionText = body.split(","); Version[] versions = new Version[versionText.length]; for (int i = 0; i < versions.length; i++) { versions[i] = new Version(versionText[i]); } return versions; } else { return null; } }
if (helpers.analyzeResponse(attack.getResponse()).getStatusCode() == 101) { String issueDetails = "Information system uses Websocket technology. This technology allows you to do cross-domain requests to bypass the Same Origin Policy (SOP)\n" + "Websocket does not verify the Origin, which leads to the possibility to establish a Websocket connection from any Origin.\n" +
IHttpRequestResponse attackRequestResponse = callbacks.makeHttpRequest(baseRequestResponse.getHttpService(), attackReq); if (helpers.analyzeResponse(attackRequestResponse.getResponse()).getStatusCode() != 404 && helpers.bytesToString(attackRequestResponse.getResponse()).toLowerCase().contains("connections")) {
short statusCode = resp.getStatusCode(); if (ignoreCodes != null && ignoreCodes.contains(new Integer(statusCode))) return null;
if (resp == null || req == null || resp.getStatusCode() != 200) return null;
private IScanIssue analyzeResponse(IHttpRequestResponse requestResponse, String payload) { IResponseInfo resp = helpers.analyzeResponse(requestResponse.getResponse()); if (resp == null || resp.getStatusCode() != 200) return null; String bodySample = extractPrefix(helpers.bytesToString(Arrays.copyOfRange( requestResponse.getResponse(), resp.getBodyOffset(), resp.getBodyOffset() + BODY_SAMPLE_LEN ))); int payloadIndex = bodySample.indexOf(payload); if (payloadIndex > -1) { String attackDetails = "JSONP callback injection was found at: <b>" + helpers.analyzeRequest(requestResponse).getUrl().toString() + "</b>\n"; List<int[]> responseMarkers = Arrays.asList(new int[]{ resp.getBodyOffset() + payloadIndex, resp.getBodyOffset() + payloadIndex + payload.length() }); return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(), new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, null, responseMarkers)}, attackDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", "", ""); } return null; }
this.originalResponseStatus = originalAnalyzedResponse.getStatusCode(); this.modifiedResponseStatus = modifiedAnalyzedResponse.getStatusCode();
public void addRequests(IHttpRequestResponse requestResponse[]){ for(IHttpRequestResponse rr: requestResponse) { IRequestInfo info = burpCallback.getHelpers().analyzeRequest(rr); // The response may be null if being sent from the proxy, prior to a drop //{"Method", "URL", "Parms", "Response Code", REQUEST_OBJECT_KEY} IHttpRequestResponsePersisted rrp = burpCallback.saveBuffersToTempFiles(rr); String sc; if(rr.getResponse() != null){ sc = Short.toString(burpCallback.getHelpers().analyzeResponse(rr.getResponse()).getStatusCode()); } else { sc = "n/a"; } requestTableModel.addRow(new Object[]{ ++reqIdx, info.getMethod(), info.getUrl(), (info.getParameters().size() > 0), sc, rrp }); } }
private boolean tryStatusCache(PayloadInjector injector, String param, int attackDedication, short get404Code) { String canary = Utilities.generateCanary()+".jpg"; byte[] setPoison200Req = injector.getInsertionPoint().buildRequest(Utilities.helpers.stringToBytes(addStatusPayload(param))); setPoison200Req = Utilities.appendToPath(setPoison200Req, canary); byte[] getPoison200Req = injector.getInsertionPoint().buildRequest(Utilities.helpers.stringToBytes(addStatusPayload("xyz"+param+"z"))); getPoison200Req = Utilities.appendToPath(getPoison200Req, canary); for(int j=0; j<attackDedication; j++) { Utilities.attemptRequest(injector.getService(), setPoison200Req); } for(int j=0; j<attackDedication; j+=3) { IHttpRequestResponse getPoison200 = Utilities.attemptRequest(injector.getService(), getPoison200Req); short getPoison200Code = Utilities.helpers.analyzeResponse(getPoison200.getResponse()).getStatusCode(); if (getPoison200Code != get404Code) { Utilities.callbacks.addScanIssue(new CustomScanIssue(getPoison200.getHttpService(), Utilities.getURL(getPoison200), getPoison200, "Dubious cache poisoning " + j, "Cache poisoning: '" + param + "'. Diff based cache poisoning. Good luck confirming", "High", "Tentative", "Investigate")); } return true; } return false; }