public static byte[] fixContentLength(byte[] request) { if (countMatches(request, helpers.stringToBytes("Content-Length: ")) > 0) { int start = Utilities.getBodyStart(request); int contentLength = request.length - start; return setHeader(request, "Content-Length", Integer.toString(contentLength)); } else { return request; } }
public static byte[] fixContentLength(byte[] request) { if (countMatches(request, helpers.stringToBytes("Content-Length: ")) > 0) { int start = Utilities.getBodyStart(request); int contentLength = request.length - start; return setHeader(request, "Content-Length", Integer.toString(contentLength)); } else { return request; } }
private Attack add(byte[] response, String anchor) { assert (firstRequest != null); response = Utilities.filterResponse(response); responseKeywords.updateWith(response); responseDetails.updateWith(response); if(anchor.equals("")) { responseReflections = INCALCULABLE; } else { int reflections = Utilities.countMatches(response, anchor.getBytes()); if (responseReflections == UNINITIALISED) { responseReflections = reflections; } else if (responseReflections != reflections && responseReflections != INCALCULABLE) { responseReflections = DYNAMIC; } } regeneratePrint(); return this; }
private Attack add(byte[] response, String anchor) { assert (firstRequest != null); response = Utilities.filterResponse(response); responseKeywords.updateWith(response); responseDetails.updateWith(response); if(anchor.equals("")) { responseReflections = INCALCULABLE; } else { int reflections = Utilities.countMatches(response, anchor.getBytes()); if (responseReflections == UNINITIALISED) { responseReflections = reflections; } else if (responseReflections != reflections && responseReflections != INCALCULABLE) { responseReflections = DYNAMIC; } } regeneratePrint(); return this; }
@Override public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) { List<JMenuItem> options = new ArrayList<>(); if (invocation == null || invocation.getSelectedMessages() == null || invocation.getSelectedMessages().length == 0) { return options; } IHttpRequestResponse req = invocation.getSelectedMessages()[0]; byte[] resp = req.getRequest(); if (resp == null) { return options; } if (Utilities.countMatches(resp, Utilities.helpers.stringToBytes("%253c%2561%2560%2527%2522%2524%257b%257b%255c")) > 0) { JMenuItem probeButton = new JMenuItem("*Identify backend parameters*"); probeButton.addActionListener(new TriggerParamGuesser(req)); options.add(probeButton); } return options; } }
IHttpRequestResponse req = reqs[0]; byte[] resp = req.getRequest(); if (Utilities.countMatches(resp, Utilities.helpers.stringToBytes("%253c%2561%2560%2527%2522%2524%257b%257b%255c")) > 0) { JMenuItem backendProbeButton = new JMenuItem("*Identify backend parameters*"); backendProbeButton.addActionListener(new TriggerParamGuesser(reqs, true, IParameter.PARAM_URL, paramGrabber, taskEngine));
private void addCacheBusters(IHttpRequestResponse messageInfo) { byte[] placeHolder = Utilities.helpers.stringToBytes("$randomplz"); if (Utilities.countMatches(messageInfo.getRequest(), placeHolder) > 0) { messageInfo.setRequest( Utilities.fixContentLength(Utilities.replace(messageInfo.getRequest(), placeHolder, Utilities.helpers.stringToBytes(Utilities.generateCanary()))) ); } String cacheBusterName = null; if (Utilities.globalSettings.getBoolean("Add dynamic cachebuster")) { cacheBusterName = Utilities.generateCanary(); } else if (Utilities.globalSettings.getBoolean("Add 'fcbz' cachebuster")) { cacheBusterName = "fcbz"; } if (cacheBusterName != null) { IParameter cacheBuster = burp.Utilities.helpers.buildParameter(cacheBusterName, "1", IParameter.PARAM_URL); messageInfo.setRequest(Utilities.helpers.addParameter(messageInfo.getRequest(), cacheBuster)); } }