From 43b39e889d042704b46d8b30af054c2ae6668f5e Mon Sep 17 00:00:00 2001 From: vah_13 Date: Wed, 11 Jan 2017 18:15:34 +0300 Subject: [PATCH] Add files via upload --- burp/BurpExtender.java | 172 +++++ burp/CustomScanIssue.java | 82 +++ burp/IBurpExtender.java | 31 + burp/IBurpExtenderCallbacks.java | 800 +++++++++++++++++++++ burp/IContextMenuFactory.java | 38 + burp/IContextMenuInvocation.java | 156 ++++ burp/ICookie.java | 53 ++ burp/IExtensionHelpers.java | 352 +++++++++ burp/IExtensionStateListener.java | 27 + burp/IHttpListener.java | 37 + burp/IHttpRequestResponse.java | 102 +++ burp/IHttpRequestResponsePersisted.java | 26 + burp/IHttpRequestResponseWithMarkers.java | 44 ++ burp/IHttpService.java | 39 + burp/IInterceptedProxyMessage.java | 116 +++ burp/IIntruderAttack.java | 31 + burp/IIntruderPayloadGenerator.java | 50 ++ burp/IIntruderPayloadGeneratorFactory.java | 40 ++ burp/IIntruderPayloadProcessor.java | 45 ++ burp/IMenuItemHandler.java | 36 + burp/IMessageEditor.java | 64 ++ burp/IMessageEditorController.java | 49 ++ burp/IMessageEditorTab.java | 102 +++ burp/IMessageEditorTabFactory.java | 38 + burp/IParameter.java | 104 +++ burp/IProxyListener.java | 37 + burp/IRequestInfo.java | 95 +++ burp/IResponseInfo.java | 73 ++ burp/IScanIssue.java | 120 ++++ burp/IScanQueueItem.java | 80 +++ burp/IScannerCheck.java | 89 +++ burp/IScannerInsertionPoint.java | 156 ++++ burp/IScannerInsertionPointProvider.java | 38 + burp/IScannerListener.java | 30 + burp/IScopeChangeListener.java | 25 + burp/ISessionHandlingAction.java | 51 ++ burp/ITab.java | 38 + burp/ITempFile.java | 33 + burp/ITextEditor.java | 90 +++ burp/MatchRule.java | 29 + burp/ScannetMatch.java | 39 + burp/checkResult.java | 39 + 42 files changed, 3696 insertions(+) create mode 100644 burp/BurpExtender.java create mode 100644 burp/CustomScanIssue.java create mode 100644 burp/IBurpExtender.java create mode 100644 burp/IBurpExtenderCallbacks.java create mode 100644 burp/IContextMenuFactory.java create mode 100644 burp/IContextMenuInvocation.java create mode 100644 burp/ICookie.java create mode 100644 burp/IExtensionHelpers.java create mode 100644 burp/IExtensionStateListener.java create mode 100644 burp/IHttpListener.java create mode 100644 burp/IHttpRequestResponse.java create mode 100644 burp/IHttpRequestResponsePersisted.java create mode 100644 burp/IHttpRequestResponseWithMarkers.java create mode 100644 burp/IHttpService.java create mode 100644 burp/IInterceptedProxyMessage.java create mode 100644 burp/IIntruderAttack.java create mode 100644 burp/IIntruderPayloadGenerator.java create mode 100644 burp/IIntruderPayloadGeneratorFactory.java create mode 100644 burp/IIntruderPayloadProcessor.java create mode 100644 burp/IMenuItemHandler.java create mode 100644 burp/IMessageEditor.java create mode 100644 burp/IMessageEditorController.java create mode 100644 burp/IMessageEditorTab.java create mode 100644 burp/IMessageEditorTabFactory.java create mode 100644 burp/IParameter.java create mode 100644 burp/IProxyListener.java create mode 100644 burp/IRequestInfo.java create mode 100644 burp/IResponseInfo.java create mode 100644 burp/IScanIssue.java create mode 100644 burp/IScanQueueItem.java create mode 100644 burp/IScannerCheck.java create mode 100644 burp/IScannerInsertionPoint.java create mode 100644 burp/IScannerInsertionPointProvider.java create mode 100644 burp/IScannerListener.java create mode 100644 burp/IScopeChangeListener.java create mode 100644 burp/ISessionHandlingAction.java create mode 100644 burp/ITab.java create mode 100644 burp/ITempFile.java create mode 100644 burp/ITextEditor.java create mode 100644 burp/MatchRule.java create mode 100644 burp/ScannetMatch.java create mode 100644 burp/checkResult.java diff --git a/burp/BurpExtender.java b/burp/BurpExtender.java new file mode 100644 index 0000000..a4ec91e --- /dev/null +++ b/burp/BurpExtender.java @@ -0,0 +1,172 @@ +package burp; + +import java.io.IOException; +import java.io.OutputStream; +import java.net.URL; +import java.util.*; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + + +public class BurpExtender implements IBurpExtender, IScannerCheck, IHttpListener { + private IBurpExtenderCallbacks callbacks; + private IExtensionHelpers helpers; + private OutputStream output; + + //CRLF variables + private static final String CRLFHeader = "Burp-Verification-Header: "; + private static final Pattern CRLFPattern = Pattern.compile("\\n\\s*" + CRLFHeader); + private static final List CRLFSplitters = new ArrayList(); + private static String CRLFDescription = ""; + + + public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { + this.callbacks = callbacks; + + this.helpers = callbacks.getHelpers(); + this.output = callbacks.getStdout(); + + + callbacks.setExtensionName("Burp CRLF plugin"); + callbacks.registerScannerCheck(BurpExtender.this); + callbacks.registerHttpListener(BurpExtender.this); + println("Burp CRLF plugin"); + + initCRLFSplitters(); + + CRLFDescription = "HTTP response splitting occurs when:
    " + + "
  • Data enters a web application through an untrusted source, most frequently an HTTP request.
    • \n" + + "
  • The data is included in an HTTP response header sent to a web user without being validated for malicious characters.
\n" + + "HTTP response splitting is a means to an end, not an end in itself. At its root, the attack is straightforward: \n" + + "an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header.

\n" + + "To mount a successful exploit, the application must allow input that contains CR (carriage return, also given by %0d or \\r) \n" + + "and LF (line feed, also given by %0a or \\n)characters into the header AND the underlying platform must be vulnerable to the injection\n" + + "of such characters. These characters not only give attackers control of the remaining headers and body of the response the application intends"+ + "to send, but also allow them to create additional responses entirely under their control.

\n" + + "The example below uses a Java example, but this issue has been fixed in virtually all modern Java EE application servers." + + "If you are concerned about this risk, you should test on the platform of concern to see if the underlying platform allows for CR or LF characters"+ + "to be injected into headers. We suspect that, in general, this vulnerability has been fixed in most modern application servers, regardless of what language the code has been written in."; + + } + + public List doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { + baseRequestResponse.getHttpService().getHost(); + List results = new ArrayList(); + checkResult res = doCRLF(baseRequestResponse, insertionPoint); + if (res!=null) + { + IHttpRequestResponse attack = res.getAttack(); + results.add(new CustomScanIssue(attack.getHttpService(), + this.helpers.analyzeRequest(attack).getUrl(), + new IHttpRequestResponse[]{attack}, + "HTTP Response Splitting", + "Vulnerability detected by BurpCRLFPlugin

" + res.getAttackDetails(), + CRLFDescription, res.getPriority(), "Firm")); + } + + + return results; + } + + public List doPassiveScan(IHttpRequestResponse baseRequestResponse){ + return null; + } + + + public int consolidateDuplicateIssues(IScanIssue existingIssue, IScanIssue newIssue) + { + return 0; + } + + + public checkResult doCRLF(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint){ + + String uuid = UUID.randomUUID().toString().replaceAll("-", ""); + + IHttpService httpService = baseRequestResponse.getHttpService(); + IHttpRequestResponse checkUUID = this.callbacks.makeHttpRequest(httpService, + insertionPoint.buildRequest(this.helpers.stringToBytes(uuid))); + + String respHeaders = String.join("\n", this.helpers.analyzeResponse(checkUUID.getResponse()).getHeaders()); + + + if (respHeaders.contains(uuid)) { + for (String payload: CRLFSplitters) { + String finalPayload = new StringBuffer().append(uuid.substring(0,5)) + .append(payload) + .append(CRLFHeader) + .append(uuid.substring(6)) + .toString(); + + IHttpRequestResponse attack = this.callbacks.makeHttpRequest(httpService, + insertionPoint.buildRequest(this.helpers.stringToBytes(finalPayload))); + + String respAttackHeaders = String.join("\n",this.helpers.analyzeResponse(attack.getResponse()).getHeaders()); + + Matcher m = CRLFPattern.matcher(respAttackHeaders); + + if (m.find() ){ + String body = this.helpers.bytesToString(attack.getResponse()); + + List requestMarkers = new ArrayList(1); + requestMarkers.add(insertionPoint.getPayloadOffsets(this.helpers.stringToBytes(finalPayload))); + List responseMarkers = new ArrayList(1); + //println(Integer.toString(body.indexOf(CRLFHeader))); + //println(Integer.toString(body.indexOf(CRLFHeader)+CRLFHeader.length())); + responseMarkers.add(new int[]{body.indexOf(CRLFHeader), body.indexOf(CRLFHeader)+CRLFHeader.length() }); + + + String attackDetails = "Vulnerability detected at " + insertionPoint.getInsertionPointName() + ", " + + "payload was set to " + this.helpers.urlEncode(finalPayload) + "
" + + "Found response: " + m.group(); + return new checkResult(true, + finalPayload, + this.callbacks.applyMarkers(attack,requestMarkers,responseMarkers), + "High", + attackDetails); + } + } + } + return null; + } + + + public void initCRLFSplitters() + { + byte[] CDRIVES = new byte[] {(byte)0xE5, (byte)0x98, (byte)0x8A, (byte)0xE5, (byte)0x98, (byte)0x8D, }; + CRLFSplitters.add(this.helpers.bytesToString(CDRIVES)); + CRLFSplitters.add("\r\n"); + CRLFSplitters.add("\r "); + CRLFSplitters.add("\r\t"); + CRLFSplitters.add("\r\n "); + CRLFSplitters.add("\r\n\t"); + CRLFSplitters.add("\r\n\t"); + + CRLFSplitters.add("%0d"); + CRLFSplitters.add("%0a"); + CRLFSplitters.add("%0d%0a"); + CRLFSplitters.add("%0d%0a%09"); + CRLFSplitters.add("%0d+"); + CRLFSplitters.add("%0d%20"); + CRLFSplitters.add("%0d%0a+"); + CRLFSplitters.add("%E5%98%8A%E5%98%8D"); + CRLFSplitters.add("%E5%98%8A%E5%98%8D%E5%98%8A%E5%98%8D"); + } + + + private void println(String toPrint) { + try { + this.output.write(toPrint.getBytes()); + this.output.write("\n".getBytes()); + this.output.flush(); + } catch (IOException ioe) { + ioe.printStackTrace(); + } + } + + @Override + public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { + // TODO Auto-generated method stub + + } +} diff --git a/burp/CustomScanIssue.java b/burp/CustomScanIssue.java new file mode 100644 index 0000000..59cc402 --- /dev/null +++ b/burp/CustomScanIssue.java @@ -0,0 +1,82 @@ +package burp; + +import java.net.URL; + +class CustomScanIssue implements IScanIssue { + private IHttpService httpService; + private URL url; + private IHttpRequestResponse[] httpMessages; + private String name; + private String detail; + private String severity; + private String confidence; + private String background; + + public CustomScanIssue(IHttpService httpService, URL url, IHttpRequestResponse[] httpMessages, String name, + String detail, String background, String severity, String confidence) + { + this.httpService = httpService; + this.url = url; + this.httpMessages = httpMessages; + this.name = name; + this.detail = detail; + this.severity = severity; + this.confidence = confidence; + this.background = background; + } + + public URL getUrl() + { + return this.url; + } + + public String getIssueName() + { + return this.name; + } + + public int getIssueType() + { + return 0; + } + + public String getSeverity() + { + return this.severity; + } + + public String getConfidence() + { + return this.confidence; + } + + public String getIssueBackground() + { + return this.background; + } + + public String getRemediationBackground() + { + return null; + } + + public String getIssueDetail() + { + return this.detail; + } + + public String getRemediationDetail() + { + return null; + } + + public IHttpRequestResponse[] getHttpMessages() + { + return this.httpMessages; + } + + public IHttpService getHttpService() + { + return this.httpService; + } +} \ No newline at end of file diff --git a/burp/IBurpExtender.java b/burp/IBurpExtender.java new file mode 100644 index 0000000..fc59f61 --- /dev/null +++ b/burp/IBurpExtender.java @@ -0,0 +1,31 @@ +package burp; + +/* + * @(#)IBurpExtender.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * All extensions must implement this interface. + * + * Implementations must be called BurpExtender, in the package burp, must be + * declared public, and must provide a default (public, no-argument) + * constructor. + */ +public interface IBurpExtender +{ + /** + * This method is invoked when the extension is loaded. It registers an + * instance of the + * IBurpExtenderCallbacks interface, providing methods that may + * be invoked by the extension to perform various actions. + * + * @param callbacks An + * IBurpExtenderCallbacks object. + */ + void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); +} diff --git a/burp/IBurpExtenderCallbacks.java b/burp/IBurpExtenderCallbacks.java new file mode 100644 index 0000000..6cb138a --- /dev/null +++ b/burp/IBurpExtenderCallbacks.java @@ -0,0 +1,800 @@ +package burp; + +/* + * @(#)IBurpExtenderCallbacks.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.awt.Component; +import java.io.OutputStream; +import java.util.List; +import java.util.Map; + +/** + * This interface is used by Burp Suite to pass to extensions a set of callback + * methods that can be used by extensions to perform various actions within + * Burp. + * + * When an extension is loaded, Burp invokes its + * registerExtenderCallbacks() method and passes an instance of the + * IBurpExtenderCallbacks interface. The extension may then invoke + * the methods of this interface as required in order to extend Burp's + * functionality. + */ +public interface IBurpExtenderCallbacks +{ + /** + * Flag used to identify Burp Suite as a whole. + */ + static final int TOOL_SUITE = 0x00000001; + /** + * Flag used to identify the Burp Target tool. + */ + static final int TOOL_TARGET = 0x00000002; + /** + * Flag used to identify the Burp Proxy tool. + */ + static final int TOOL_PROXY = 0x00000004; + /** + * Flag used to identify the Burp Spider tool. + */ + static final int TOOL_SPIDER = 0x00000008; + /** + * Flag used to identify the Burp Scanner tool. + */ + static final int TOOL_SCANNER = 0x00000010; + /** + * Flag used to identify the Burp Intruder tool. + */ + static final int TOOL_INTRUDER = 0x00000020; + /** + * Flag used to identify the Burp Repeater tool. + */ + static final int TOOL_REPEATER = 0x00000040; + /** + * Flag used to identify the Burp Sequencer tool. + */ + static final int TOOL_SEQUENCER = 0x00000080; + /** + * Flag used to identify the Burp Decoder tool. + */ + static final int TOOL_DECODER = 0x00000100; + /** + * Flag used to identify the Burp Comparer tool. + */ + static final int TOOL_COMPARER = 0x00000200; + /** + * Flag used to identify the Burp Extender tool. + */ + static final int TOOL_EXTENDER = 0x00000400; + + /** + * This method is used to set the display name for the current extension, + * which will be displayed within the user interface for the Extender tool. + * + * @param name The extension name. + */ + void setExtensionName(String name); + + /** + * This method is used to obtain an + * IExtensionHelpers object, which can be used by the extension + * to perform numerous useful tasks. + * + * @return An object containing numerous helper methods, for tasks such as + * building and analyzing HTTP requests. + */ + IExtensionHelpers getHelpers(); + + /** + * This method is used to obtain the current extension's standard output + * stream. Extensions should write all output to this stream, allowing the + * Burp user to configure how that output is handled from within the UI. + * + * @return The extension's standard output stream. + */ + OutputStream getStdout(); + + /** + * This method is used to obtain the current extension's standard error + * stream. Extensions should write all error messages to this stream, + * allowing the Burp user to configure how that output is handled from + * within the UI. + * + * @return The extension's standard error stream. + */ + OutputStream getStderr(); + + /** + * This method is used to register a listener which will be notified of + * changes to the extension's state. Note: Any extensions that start + * background threads or open system resources (such as files or database + * connections) should register a listener and terminate threads / close + * resources when the extension is unloaded. + * + * @param listener An object created by the extension that implements the + * IExtensionStateListener interface. + */ + void registerExtensionStateListener(IExtensionStateListener listener); + + /** + * This method is used to register a listener which will be notified of + * requests and responses made by any Burp tool. Extensions can perform + * custom analysis or modification of these messages by registering an HTTP + * listener. + * + * @param listener An object created by the extension that implements the + * IHttpListener interface. + */ + void registerHttpListener(IHttpListener listener); + + /** + * This method is used to register a listener which will be notified of + * requests and responses being processed by the Proxy tool. Extensions can + * perform custom analysis or modification of these messages, and control + * in-UI message interception, by registering a proxy listener. + * + * @param listener An object created by the extension that implements the + * IProxyListener interface. + */ + void registerProxyListener(IProxyListener listener); + + /** + * This method is used to register a listener which will be notified of new + * issues that are reported by the Scanner tool. Extensions can perform + * custom analysis or logging of Scanner issues by registering a Scanner + * listener. + * + * @param listener An object created by the extension that implements the + * IScannerListener interface. + */ + void registerScannerListener(IScannerListener listener); + + /** + * This method is used to register a listener which will be notified of + * changes to Burp's suite-wide target scope. + * + * @param listener An object created by the extension that implements the + * IScopeChangeListener interface. + */ + void registerScopeChangeListener(IScopeChangeListener listener); + + /** + * This method is used to register a factory for custom context menu items. + * When the user invokes a context menu anywhere within Burp, the factory + * will be passed details of the invocation event, and asked to provide any + * custom context menu items that should be shown. + * + * @param factory An object created by the extension that implements the + * IContextMenuFactory interface. + */ + void registerContextMenuFactory(IContextMenuFactory factory); + + /** + * This method is used to register a factory for custom message editor tabs. + * For each message editor that already exists, or is subsequently created, + * within Burp, the factory will be asked to provide a new instance of an + * IMessageEditorTab object, which can provide custom rendering + * or editing of HTTP messages. + * + * @param factory An object created by the extension that implements the + * IMessageEditorTabFactory interface. + */ + void registerMessageEditorTabFactory(IMessageEditorTabFactory factory); + + /** + * This method is used to register a provider of Scanner insertion points. + * For each base request that is actively scanned, Burp will ask the + * provider to provide any custom scanner insertion points that are + * appropriate for the request. + * + * @param provider An object created by the extension that implements the + * IScannerInsertionPointProvider interface. + */ + void registerScannerInsertionPointProvider( + IScannerInsertionPointProvider provider); + + /** + * This method is used to register a custom Scanner check. When performing + * scanning, Burp will ask the check to perform active or passive scanning + * on the base request, and report any Scanner issues that are identified. + * + * @param check An object created by the extension that implements the + * IScannerCheck interface. + */ + void registerScannerCheck(IScannerCheck check); + + /** + * This method is used to register a factory for Intruder payloads. Each + * registered factory will be available within the Intruder UI for the user + * to select as the payload source for an attack. When this is selected, the + * factory will be asked to provide a new instance of an + * IIntruderPayloadGenerator object, which will be used to + * generate payloads for the attack. + * + * @param factory An object created by the extension that implements the + * IIntruderPayloadGeneratorFactory interface. + */ + void registerIntruderPayloadGeneratorFactory( + IIntruderPayloadGeneratorFactory factory); + + /** + * This method is used to register a custom Intruder payload processor. Each + * registered processor will be available within the Intruder UI for the + * user to select as the action for a payload processing rule. + * + * @param processor An object created by the extension that implements the + * IIntruderPayloadProcessor interface. + */ + void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor); + + /** + * This method is used to register a custom session handling action. Each + * registered action will be available within the session handling rule UI + * for the user to select as a rule action. Users can choose to invoke an + * action directly in its own right, or following execution of a macro. + * + * @param action An object created by the extension that implements the + * ISessionHandlingAction interface. + */ + void registerSessionHandlingAction(ISessionHandlingAction action); + + /** + * This method is used to unload the extension from Burp Suite. + */ + void unloadExtension(); + + /** + * This method is used to add a custom tab to the main Burp Suite window. + * + * @param tab An object created by the extension that implements the + * ITab interface. + */ + void addSuiteTab(ITab tab); + + /** + * This method is used to remove a previously-added tab from the main Burp + * Suite window. + * + * @param tab An object created by the extension that implements the + * ITab interface. + */ + void removeSuiteTab(ITab tab); + + /** + * This method is used to customize UI components in line with Burp's UI + * style, including font size, colors, table line spacing, etc. + * + * @param component The UI component to be customized. + */ + void customizeUiComponent(Component component); + + /** + * This method is used to create a new instance of Burp's HTTP message + * editor, for the extension to use in its own UI. + * + * @param controller An object created by the extension that implements the + * IMessageEditorController interface. This parameter is + * optional and may be null. If it is provided, then the + * message editor will query the controller when required to obtain details + * about the currently displayed message, including the + * IHttpService for the message, and the associated request or + * response message. If a controller is not provided, then the message + * editor will not support context menu actions, such as sending requests to + * other Burp tools. + * @param editable Indicates whether the editor created should be editable, + * or used only for message viewing. + * @return An object that implements the IMessageEditor + * interface, and which the extension can use in its own UI. + */ + IMessageEditor createMessageEditor(IMessageEditorController controller, + boolean editable); + + /** + * This method returns the command line arguments that were passed to Burp + * on startup. + * + * @return The command line arguments that were passed to Burp on startup. + */ + String[] getCommandLineArguments(); + + /** + * This method is used to save configuration settings for the extension in a + * persistent way that survives reloads of the extension and of Burp Suite. + * Saved settings can be retrieved using the method + * loadExtensionSetting(). + * + * @param name The name of the setting. + * @param value The value of the setting. If this value is null + * then any existing setting with the specified name will be removed. + */ + void saveExtensionSetting(String name, String value); + + /** + * This method is used to load configuration settings for the extension that + * were saved using the method + * saveExtensionSetting(). + * + * @param name The name of the setting. + * @return The value of the setting, or null if no value is + * set. + */ + String loadExtensionSetting(String name); + + /** + * This method is used to create a new instance of Burp's plain text editor, + * for the extension to use in its own UI. + * + * @return An object that implements the ITextEditor interface, + * and which the extension can use in its own UI. + */ + ITextEditor createTextEditor(); + + /** + * This method can be used to send an HTTP request to the Burp Repeater + * tool. The request will be displayed in the user interface, but will not + * be issued until the user initiates this action. + * + * @param host The hostname of the remote HTTP server. + * @param port The port of the remote HTTP server. + * @param useHttps Flags whether the protocol is HTTPS or HTTP. + * @param request The full HTTP request. + * @param tabCaption An optional caption which will appear on the Repeater + * tab containing the request. If this value is null then a + * default tab index will be displayed. + */ + void sendToRepeater( + String host, + int port, + boolean useHttps, + byte[] request, + String tabCaption); + + /** + * This method can be used to send an HTTP request to the Burp Intruder + * tool. The request will be displayed in the user interface, and markers + * for attack payloads will be placed into default locations within the + * request. + * + * @param host The hostname of the remote HTTP server. + * @param port The port of the remote HTTP server. + * @param useHttps Flags whether the protocol is HTTPS or HTTP. + * @param request The full HTTP request. + */ + void sendToIntruder( + String host, + int port, + boolean useHttps, + byte[] request); + + /** + * This method can be used to send an HTTP request to the Burp Intruder + * tool. The request will be displayed in the user interface, and markers + * for attack payloads will be placed into the specified locations within + * the request. + * + * @param host The hostname of the remote HTTP server. + * @param port The port of the remote HTTP server. + * @param useHttps Flags whether the protocol is HTTPS or HTTP. + * @param request The full HTTP request. + * @param payloadPositionOffsets A list of index pairs representing the + * payload positions to be used. Each item in the list must be an int[2] + * array containing the start and end offsets for the payload position. + */ + void sendToIntruder( + String host, + int port, + boolean useHttps, + byte[] request, + List payloadPositionOffsets); + + /** + * This method can be used to send a seed URL to the Burp Spider tool. If + * the URL is not within the current Spider scope, the user will be asked if + * they wish to add the URL to the scope. If the Spider is not currently + * running, it will be started. The seed URL will be requested, and the + * Spider will process the application's response in the normal way. + * + * @param url The new seed URL to begin spidering from. + */ + void sendToSpider( + java.net.URL url); + + /** + * This method can be used to send an HTTP request to the Burp Scanner tool + * to perform an active vulnerability scan. If the request is not within the + * current active scanning scope, the user will be asked if they wish to + * proceed with the scan. + * + * @param host The hostname of the remote HTTP server. + * @param port The port of the remote HTTP server. + * @param useHttps Flags whether the protocol is HTTPS or HTTP. + * @param request The full HTTP request. + * @return The resulting scan queue item. + */ + IScanQueueItem doActiveScan( + String host, + int port, + boolean useHttps, + byte[] request); + + /** + * This method can be used to send an HTTP request to the Burp Scanner tool + * to perform an active vulnerability scan, based on a custom list of + * insertion points that are to be scanned. If the request is not within the + * current active scanning scope, the user will be asked if they wish to + * proceed with the scan. + * + * @param host The hostname of the remote HTTP server. + * @param port The port of the remote HTTP server. + * @param useHttps Flags whether the protocol is HTTPS or HTTP. + * @param request The full HTTP request. + * @param insertionPointOffsets A list of index pairs representing the + * positions of the insertion points that should be scanned. Each item in + * the list must be an int[2] array containing the start and end offsets for + * the insertion point. + * @return The resulting scan queue item. + */ + IScanQueueItem doActiveScan( + String host, + int port, + boolean useHttps, + byte[] request, + List insertionPointOffsets); + + /** + * This method can be used to send an HTTP request to the Burp Scanner tool + * to perform a passive vulnerability scan. + * + * @param host The hostname of the remote HTTP server. + * @param port The port of the remote HTTP server. + * @param useHttps Flags whether the protocol is HTTPS or HTTP. + * @param request The full HTTP request. + * @param response The full HTTP response. + */ + void doPassiveScan( + String host, + int port, + boolean useHttps, + byte[] request, + byte[] response); + + /** + * This method can be used to issue HTTP requests and retrieve their + * responses. + * + * @param httpService The HTTP service to which the request should be sent. + * @param request The full HTTP request. + * @return An object that implements the IHttpRequestResponse + * interface, and which the extension can query to obtain the details of the + * response. + */ + IHttpRequestResponse makeHttpRequest(IHttpService httpService, + byte[] request); + + /** + * This method can be used to issue HTTP requests and retrieve their + * responses. + * + * @param host The hostname of the remote HTTP server. + * @param port The port of the remote HTTP server. + * @param useHttps Flags whether the protocol is HTTPS or HTTP. + * @param request The full HTTP request. + * @return The full response retrieved from the remote server. + */ + byte[] makeHttpRequest( + String host, + int port, + boolean useHttps, + byte[] request); + + /** + * This method can be used to query whether a specified URL is within the + * current Suite-wide scope. + * + * @param url The URL to query. + * @return Returns true if the URL is within the current + * Suite-wide scope. + */ + boolean isInScope(java.net.URL url); + + /** + * This method can be used to include the specified URL in the Suite-wide + * scope. + * + * @param url The URL to include in the Suite-wide scope. + */ + void includeInScope(java.net.URL url); + + /** + * This method can be used to exclude the specified URL from the Suite-wide + * scope. + * + * @param url The URL to exclude from the Suite-wide scope. + */ + void excludeFromScope(java.net.URL url); + + /** + * This method can be used to display a specified message in the Burp Suite + * alerts tab. + * + * @param message The alert message to display. + */ + void issueAlert(String message); + + /** + * This method returns details of all items in the Proxy history. + * + * @return The contents of the Proxy history. + */ + IHttpRequestResponse[] getProxyHistory(); + + /** + * This method returns details of items in the site map. + * + * @param urlPrefix This parameter can be used to specify a URL prefix, in + * order to extract a specific subset of the site map. The method performs a + * simple case-sensitive text match, returning all site map items whose URL + * begins with the specified prefix. If this parameter is null, the entire + * site map is returned. + * + * @return Details of items in the site map. + */ + IHttpRequestResponse[] getSiteMap(String urlPrefix); + + /** + * This method returns all of the current scan issues for URLs matching the + * specified literal prefix. + * + * @param urlPrefix This parameter can be used to specify a URL prefix, in + * order to extract a specific subset of scan issues. The method performs a + * simple case-sensitive text match, returning all scan issues whose URL + * begins with the specified prefix. If this parameter is null, all issues + * are returned. + * @return Details of the scan issues. + */ + IScanIssue[] getScanIssues(String urlPrefix); + + /** + * This method is used to generate a report for the specified Scanner + * issues. The report format can be specified. For all other reporting + * options, the default settings that appear in the reporting UI wizard are + * used. + * + * @param format The format to be used in the report. Accepted values are + * HTML and XML. + * @param issues The Scanner issues to be reported. + * @param file The file to which the report will be saved. + */ + void generateScanReport(String format, IScanIssue[] issues, java.io.File file); + + /** + * This method is used to retrieve the contents of Burp's session handling + * cookie jar. Extensions that provide an + * ISessionHandlingAction can query and update the cookie jar + * in order to handle unusual session handling mechanisms. + * + * @return A list of ICookie objects representing the contents + * of Burp's session handling cookie jar. + */ + List getCookieJarContents(); + + /** + * This method is used to update the contents of Burp's session handling + * cookie jar. Extensions that provide an + * ISessionHandlingAction can query and update the cookie jar + * in order to handle unusual session handling mechanisms. + * + * @param cookie An ICookie object containing details of the + * cookie to be updated. If the cookie jar already contains a cookie that + * matches the specified domain and name, then that cookie will be updated + * with the new value and expiration, unless the new value is + * null, in which case the cookie will be removed. If the + * cookie jar does not already contain a cookie that matches the specified + * domain and name, then the cookie will be added. + */ + void updateCookieJar(ICookie cookie); + + /** + * This method can be used to add an item to Burp's site map with the + * specified request/response details. This will overwrite the details of + * any existing matching item in the site map. + * + * @param item Details of the item to be added to the site map + */ + void addToSiteMap(IHttpRequestResponse item); + + /** + * This method can be used to restore Burp's state from a specified saved + * state file. This method blocks until the restore operation is completed, + * and must not be called from the event dispatch thread. + * + * @param file The file containing Burp's saved state. + */ + void restoreState(java.io.File file); + + /** + * This method can be used to save Burp's state to a specified file. This + * method blocks until the save operation is completed, and must not be + * called from the event dispatch thread. + * + * @param file The file to save Burp's state in. + */ + void saveState(java.io.File file); + + /** + * This method causes Burp to save all of its current configuration as a Map + * of name/value Strings. + * + * @return A Map of name/value Strings reflecting Burp's current + * configuration. + */ + Map saveConfig(); + + /** + * This method causes Burp to load a new configuration from the Map of + * name/value Strings provided. Any settings not specified in the Map will + * be restored to their default values. To selectively update only some + * settings and leave the rest unchanged, you should first call + * saveConfig() to obtain Burp's current configuration, modify + * the relevant items in the Map, and then call + * loadConfig() with the same Map. + * + * @param config A map of name/value Strings to use as Burp's new + * configuration. + */ + void loadConfig(Map config); + + /** + * This method sets the master interception mode for Burp Proxy. + * + * @param enabled Indicates whether interception of Proxy messages should be + * enabled. + */ + void setProxyInterceptionEnabled(boolean enabled); + + /** + * This method retrieves information about the version of Burp in which the + * extension is running. It can be used by extensions to dynamically adjust + * their behavior depending on the functionality and APIs supported by the + * current version. + * + * @return An array of Strings comprised of: the product name (e.g. Burp + * Suite Professional), the major version (e.g. 1.5), the minor version + * (e.g. 03) + */ + String[] getBurpVersion(); + + /** + * This method can be used to shut down Burp programmatically, with an + * optional prompt to the user. If the method returns, the user canceled the + * shutdown prompt. + * + * @param promptUser Indicates whether to prompt the user to confirm the + * shutdown. + */ + void exitSuite(boolean promptUser); + + /** + * This method is used to create a temporary file on disk containing the + * provided data. Extensions can use temporary files for long-term storage + * of runtime data, avoiding the need to retain that data in memory. + * + * @param buffer The data to be saved to a temporary file. + * @return An object that implements the ITempFile interface. + */ + ITempFile saveToTempFile(byte[] buffer); + + /** + * This method is used to save the request and response of an + * IHttpRequestResponse object to temporary files, so that they + * are no longer held in memory. Extensions can used this method to convert + * IHttpRequestResponse objects into a form suitable for + * long-term storage. + * + * @param httpRequestResponse The IHttpRequestResponse object + * whose request and response messages are to be saved to temporary files. + * @return An object that implements the + * IHttpRequestResponsePersisted interface. + */ + IHttpRequestResponsePersisted saveBuffersToTempFiles( + IHttpRequestResponse httpRequestResponse); + + /** + * This method is used to apply markers to an HTTP request or response, at + * offsets into the message that are relevant for some particular purpose. + * Markers are used in various situations, such as specifying Intruder + * payload positions, Scanner insertion points, and highlights in Scanner + * issues. + * + * @param httpRequestResponse The IHttpRequestResponse object + * to which the markers should be applied. + * @param requestMarkers A list of index pairs representing the offsets of + * markers to be applied to the request message. Each item in the list must + * be an int[2] array containing the start and end offsets for the marker. + * The markers in the list should be in sequence and not overlapping. This + * parameter is optional and may be null if no request markers + * are required. + * @param responseMarkers A list of index pairs representing the offsets of + * markers to be applied to the response message. Each item in the list must + * be an int[2] array containing the start and end offsets for the marker. + * The markers in the list should be in sequence and not overlapping. This + * parameter is optional and may be null if no response markers + * are required. + * @return An object that implements the + * IHttpRequestResponseWithMarkers interface. + */ + IHttpRequestResponseWithMarkers applyMarkers( + IHttpRequestResponse httpRequestResponse, + List requestMarkers, + List responseMarkers); + + /** + * This method is used to obtain the descriptive name for the Burp tool + * identified by the tool flag provided. + * + * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY, + * TOOL_SCANNER, etc.). Tool flags are defined within this + * interface. + * @return The descriptive name for the specified tool. + */ + String getToolName(int toolFlag); + + /** + * This method is used to register a new Scanner issue. Note: + * Wherever possible, extensions should implement custom Scanner checks + * using + * IScannerCheck and report issues via those checks, so as to + * integrate with Burp's user-driven workflow, and ensure proper + * consolidation of duplicate reported issues. This method is only designed + * for tasks outside of the normal testing workflow, such as importing + * results from other scanning tools. + * + * @param issue An object created by the extension that implements the + * IScanIssue interface. + */ + void addScanIssue(IScanIssue issue); + + /** + * This method parses the specified request and returns details of each + * request parameter. + * + * @param request The request to be parsed. + * @return An array of: String[] { name, value, type } + * containing details of the parameters contained within the request. + * @deprecated Use IExtensionHelpers.analyzeRequest() instead. + */ + @Deprecated + String[][] getParameters(byte[] request); + + /** + * This method parses the specified request and returns details of each HTTP + * header. + * + * @param message The request to be parsed. + * @return An array of HTTP headers. + * @deprecated Use IExtensionHelpers.analyzeRequest() or + * IExtensionHelpers.analyzeResponse() instead. + */ + @Deprecated + String[] getHeaders(byte[] message); + + /** + * This method can be used to register a new menu item which will appear on + * the various context menus that are used throughout Burp Suite to handle + * user-driven actions. + * + * @param menuItemCaption The caption to be displayed on the menu item. + * @param menuItemHandler The handler to be invoked when the user clicks on + * the menu item. + * @deprecated Use registerContextMenuFactory() instead. + */ + @Deprecated + void registerMenuItem( + String menuItemCaption, + IMenuItemHandler menuItemHandler); +} diff --git a/burp/IContextMenuFactory.java b/burp/IContextMenuFactory.java new file mode 100644 index 0000000..3b12b59 --- /dev/null +++ b/burp/IContextMenuFactory.java @@ -0,0 +1,38 @@ +package burp; + +/* + * @(#)IContextMenuFactory.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.util.List; +import javax.swing.JMenuItem; + +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerContextMenuFactory() to register + * a factory for custom context menu items. + */ +public interface IContextMenuFactory +{ + /** + * This method will be called by Burp when the user invokes a context menu + * anywhere within Burp. The factory can then provide any custom context + * menu items that should be displayed in the context menu, based on the + * details of the menu invocation. + * + * @param invocation An object that implements the + * IMessageEditorTabFactory interface, which the extension can + * query to obtain details of the context menu invocation. + * @return A list of custom menu items (which may include sub-menus, + * checkbox menu items, etc.) that should be displayed. Extensions may + * return + * null from this method, to indicate that no menu items are + * required. + */ + List createMenuItems(IContextMenuInvocation invocation); +} diff --git a/burp/IContextMenuInvocation.java b/burp/IContextMenuInvocation.java new file mode 100644 index 0000000..a408870 --- /dev/null +++ b/burp/IContextMenuInvocation.java @@ -0,0 +1,156 @@ +package burp; + +/* + * @(#)IContextMenuInvocation.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.awt.event.InputEvent; + +/** + * This interface is used when Burp calls into an extension-provided + * IContextMenuFactory with details of a context menu invocation. + * The custom context menu factory can query this interface to obtain details of + * the invocation event, in order to determine what menu items should be + * displayed. + */ +public interface IContextMenuInvocation +{ + /** + * Used to indicate that the context menu is being invoked in a request + * editor. + */ + static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; + /** + * Used to indicate that the context menu is being invoked in a response + * editor. + */ + static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; + /** + * Used to indicate that the context menu is being invoked in a non-editable + * request viewer. + */ + static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; + /** + * Used to indicate that the context menu is being invoked in a non-editable + * response viewer. + */ + static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; + /** + * Used to indicate that the context menu is being invoked in the Target + * site map tree. + */ + static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4; + /** + * Used to indicate that the context menu is being invoked in the Target + * site map table. + */ + static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; + /** + * Used to indicate that the context menu is being invoked in the Proxy + * history. + */ + static final byte CONTEXT_PROXY_HISTORY = 6; + /** + * Used to indicate that the context menu is being invoked in the Scanner + * results. + */ + static final byte CONTEXT_SCANNER_RESULTS = 7; + /** + * Used to indicate that the context menu is being invoked in the Intruder + * payload positions editor. + */ + static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; + /** + * Used to indicate that the context menu is being invoked in an Intruder + * attack results. + */ + static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; + /** + * Used to indicate that the context menu is being invoked in a search + * results window. + */ + static final byte CONTEXT_SEARCH_RESULTS = 10; + + /** + * This method can be used to retrieve the native Java input event that was + * the trigger for the context menu invocation. + * + * @return The InputEvent that was the trigger for the context + * menu invocation. + */ + InputEvent getInputEvent(); + + /** + * This method can be used to retrieve the Burp tool within which the + * context menu was invoked. + * + * @return A flag indicating the Burp tool within which the context menu was + * invoked. Burp tool flags are defined in the + * IBurpExtenderCallbacks interface. + */ + int getToolFlag(); + + /** + * This method can be used to retrieve the context within which the menu was + * invoked. + * + * @return An index indicating the context within which the menu was + * invoked. The indices used are defined within this interface. + */ + byte getInvocationContext(); + + /** + * This method can be used to retrieve the bounds of the user's selection + * into the current message, if applicable. + * + * @return An int[2] array containing the start and end offsets of the + * user's selection in the current message. If the user has not made any + * selection in the current message, both offsets indicate the position of + * the caret within the editor. If the menu is not being invoked from a + * message editor, the method returns null. + */ + int[] getSelectionBounds(); + + /** + * This method can be used to retrieve details of the HTTP requests / + * responses that were shown or selected by the user when the context menu + * was invoked. + * + * Note: For performance reasons, the objects returned from this + * method are tied to the originating context of the messages within the + * Burp UI. For example, if a context menu is invoked on the Proxy intercept + * panel, then the + * IHttpRequestResponse returned by this method will reflect + * the current contents of the interception panel, and this will change when + * the current message has been forwarded or dropped. If your extension + * needs to store details of the message for which the context menu has been + * invoked, then you should query those details from the + * IHttpRequestResponse at the time of invocation, or you + * should use + * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a + * persistent read-only copy of the + * IHttpRequestResponse. + * + * @return An array of IHttpRequestResponse objects + * representing the items that were shown or selected by the user when the + * context menu was invoked. This method returns null if no + * messages are applicable to the invocation. + */ + IHttpRequestResponse[] getSelectedMessages(); + + /** + * This method can be used to retrieve details of the Scanner issues that + * were selected by the user when the context menu was invoked. + * + * @return An array of IScanIssue objects representing the + * issues that were selected by the user when the context menu was invoked. + * This method returns null if no Scanner issues are applicable + * to the invocation. + */ + IScanIssue[] getSelectedIssues(); +} diff --git a/burp/ICookie.java b/burp/ICookie.java new file mode 100644 index 0000000..a79ac6c --- /dev/null +++ b/burp/ICookie.java @@ -0,0 +1,53 @@ +package burp; + +/* + * @(#)ICookie.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.util.Date; + +/** + * This interface is used to hold details about an HTTP cookie. + */ +public interface ICookie +{ + /** + * This method is used to retrieve the domain for which the cookie is in + * scope. + * + * @return The domain for which the cookie is in scope. Note: For + * cookies that have been analyzed from responses (by calling + * IExtensionHelpers.analyzeResponse() and then + * IResponseInfo.getCookies(), the domain will be + * null if the response did not explicitly set a domain + * attribute for the cookie. + */ + String getDomain(); + + /** + * This method is used to retrieve the expiration time for the cookie. + * + * @return The expiration time for the cookie, or + * null if none is set (i.e., for non-persistent session + * cookies). + */ + Date getExpiration(); + + /** + * This method is used to retrieve the name of the cookie. + * + * @return The name of the cookie. + */ + String getName(); + + /** + * This method is used to retrieve the value of the cookie. + * @return The value of the cookie. + */ + String getValue(); +} diff --git a/burp/IExtensionHelpers.java b/burp/IExtensionHelpers.java new file mode 100644 index 0000000..021c160 --- /dev/null +++ b/burp/IExtensionHelpers.java @@ -0,0 +1,352 @@ +package burp; + +/* + * @(#)IExtensionHelpers.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.net.URL; +import java.util.List; + +/** + * This interface contains a number of helper methods, which extensions can use + * to assist with various common tasks that arise for Burp extensions. + * + * Extensions can call + * IBurpExtenderCallbacks.getHelpers to obtain an instance of this + * interface. + */ +public interface IExtensionHelpers +{ + /** + * This method can be used to analyze an HTTP request, and obtain various + * key details about it. + * + * @param request An + * IHttpRequestResponse object containing the request to be + * analyzed. + * @return An + * IRequestInfo object that can be queried to obtain details + * about the request. + */ + IRequestInfo analyzeRequest(IHttpRequestResponse request); + + /** + * This method can be used to analyze an HTTP request, and obtain various + * key details about it. + * + * @param httpService The HTTP service associated with the request. This is + * optional and may be + * null, in which case the resulting + * IRequestInfo object will not include the full request URL. + * @param request The request to be analyzed. + * @return An + * IRequestInfo object that can be queried to obtain details + * about the request. + */ + IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); + + /** + * This method can be used to analyze an HTTP request, and obtain various + * key details about it. The resulting + * IRequestInfo object will not include the full request URL. + * To obtain the full URL, use one of the other overloaded + * analyzeRequest() methods. + * + * @param request The request to be analyzed. + * @return An + * IRequestInfo object that can be queried to obtain details + * about the request. + */ + IRequestInfo analyzeRequest(byte[] request); + + /** + * This method can be used to analyze an HTTP response, and obtain various + * key details about it. + * + * @param response The response to be analyzed. + * @return An + * IResponseInfo object that can be queried to obtain details + * about the response. + */ + IResponseInfo analyzeResponse(byte[] response); + + /** + * This method can be used to retrieve details of a specified parameter + * within an HTTP request. Note: Use + * analyzeRequest() to obtain details of all parameters within + * the request. + * + * @param request The request to be inspected for the specified parameter. + * @param parameterName The name of the parameter to retrieve. + * @return An + * IParameter object that can be queried to obtain details + * about the parameter, or + * null if the parameter was not found. + */ + IParameter getRequestParameter(byte[] request, String parameterName); + + /** + * This method can be used to URL-decode the specified data. + * + * @param data The data to be decoded. + * @return The decoded data. + */ + String urlDecode(String data); + + /** + * This method can be used to URL-encode the specified data. Any characters + * that do not need to be encoded within HTTP requests are not encoded. + * + * @param data The data to be encoded. + * @return The encoded data. + */ + String urlEncode(String data); + + /** + * This method can be used to URL-decode the specified data. + * + * @param data The data to be decoded. + * @return The decoded data. + */ + byte[] urlDecode(byte[] data); + + /** + * This method can be used to URL-encode the specified data. Any characters + * that do not need to be encoded within HTTP requests are not encoded. + * + * @param data The data to be encoded. + * @return The encoded data. + */ + byte[] urlEncode(byte[] data); + + /** + * This method can be used to Base64-decode the specified data. + * + * @param data The data to be decoded. + * @return The decoded data. + */ + byte[] base64Decode(String data); + + /** + * This method can be used to Base64-decode the specified data. + * + * @param data The data to be decoded. + * @return The decoded data. + */ + byte[] base64Decode(byte[] data); + + /** + * This method can be used to Base64-encode the specified data. + * + * @param data The data to be encoded. + * @return The encoded data. + */ + String base64Encode(String data); + + /** + * This method can be used to Base64-encode the specified data. + * + * @param data The data to be encoded. + * @return The encoded data. + */ + String base64Encode(byte[] data); + + /** + * This method can be used to convert data from String form into an array of + * bytes. The conversion does not reflect any particular character set, and + * a character with the hex representation 0xWXYZ will always be converted + * into a byte with the representation 0xYZ. It performs the opposite + * conversion to the method + * bytesToString(), and byte-based data that is converted to a + * String and back again using these two methods is guaranteed to retain its + * integrity (which may not be the case with conversions that reflect a + * given character set). + * + * @param data The data to be converted. + * @return The converted data. + */ + byte[] stringToBytes(String data); + + /** + * This method can be used to convert data from an array of bytes into + * String form. The conversion does not reflect any particular character + * set, and a byte with the representation 0xYZ will always be converted + * into a character with the hex representation 0x00YZ. It performs the + * opposite conversion to the method + * stringToBytes(), and byte-based data that is converted to a + * String and back again using these two methods is guaranteed to retain its + * integrity (which may not be the case with conversions that reflect a + * given character set). + * + * @param data The data to be converted. + * @return The converted data. + */ + String bytesToString(byte[] data); + + /** + * This method searches a piece of data for the first occurrence of a + * specified pattern. It works on byte-based data in a way that is similar + * to the way the native Java method + * String.indexOf() works on String-based data. + * + * @param data The data to be searched. + * @param pattern The pattern to be searched for. + * @param caseSensitive Flags whether or not the search is case-sensitive. + * @param from The offset within + * data where the search should begin. + * @param to The offset within + * data where the search should end. + * @return The offset of the first occurrence of the pattern within the + * specified bounds, or -1 if no match is found. + */ + int indexOf(byte[] data, + byte[] pattern, + boolean caseSensitive, + int from, + int to); + + /** + * This method builds an HTTP message containing the specified headers and + * message body. If applicable, the Content-Length header will be added or + * updated, based on the length of the body. + * + * @param headers A list of headers to include in the message. + * @param body The body of the message, of + * null if the message has an empty body. + * @return The resulting full HTTP message. + */ + byte[] buildHttpMessage(List headers, byte[] body); + + /** + * This method creates a GET request to the specified URL. The headers used + * in the request are determined by the Request headers settings as + * configured in Burp Spider's options. + * + * @param url The URL to which the request should be made. + * @return A request to the specified URL. + */ + byte[] buildHttpRequest(URL url); + + /** + * This method adds a new parameter to an HTTP request, and if appropriate + * updates the Content-Length header. + * + * @param request The request to which the parameter should be added. + * @param parameter An + * IParameter object containing details of the parameter to be + * added. Supported parameter types are: + * PARAM_URL, + * PARAM_BODY and + * PARAM_COOKIE. + * @return A new HTTP request with the new parameter added. + */ + byte[] addParameter(byte[] request, IParameter parameter); + + /** + * This method removes a parameter from an HTTP request, and if appropriate + * updates the Content-Length header. + * + * @param request The request from which the parameter should be removed. + * @param parameter An + * IParameter object containing details of the parameter to be + * removed. Supported parameter types are: + * PARAM_URL, + * PARAM_BODY and + * PARAM_COOKIE. + * @return A new HTTP request with the parameter removed. + */ + byte[] removeParameter(byte[] request, IParameter parameter); + + /** + * This method updates the value of a parameter within an HTTP request, and + * if appropriate updates the Content-Length header. Note: This + * method can only be used to update the value of an existing parameter of a + * specified type. If you need to change the type of an existing parameter, + * you should first call + * removeParameter() to remove the parameter with the old type, + * and then call + * addParameter() to add a parameter with the new type. + * + * @param request The request containing the parameter to be updated. + * @param parameter An + * IParameter object containing details of the parameter to be + * updated. Supported parameter types are: + * PARAM_URL, + * PARAM_BODY and + * PARAM_COOKIE. + * @return A new HTTP request with the parameter updated. + */ + byte[] updateParameter(byte[] request, IParameter parameter); + + /** + * This method can be used to toggle a request's method between GET and + * POST. Parameters are relocated between the URL query string and message + * body as required, and the Content-Length header is created or removed as + * applicable. + * + * @param request The HTTP request whose method should be toggled. + * @return A new HTTP request using the toggled method. + */ + byte[] toggleRequestMethod(byte[] request); + + /** + * This method constructs an + * IHttpService object based on the details provided. + * + * @param host The HTTP service host. + * @param port The HTTP service port. + * @param protocol The HTTP service protocol. + * @return An + * IHttpService object based on the details provided. + */ + IHttpService buildHttpService(String host, int port, String protocol); + + /** + * This method constructs an + * IHttpService object based on the details provided. + * + * @param host The HTTP service host. + * @param port The HTTP service port. + * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. + * @return An + * IHttpService object based on the details provided. + */ + IHttpService buildHttpService(String host, int port, boolean useHttps); + + /** + * This method constructs an + * IParameter object based on the details provided. + * + * @param name The parameter name. + * @param value The parameter value. + * @param type The parameter type, as defined in the + * IParameter interface. + * @return An + * IParameter object based on the details provided. + */ + IParameter buildParameter(String name, String value, byte type); + + /** + * This method constructs an + * IScannerInsertionPoint object based on the details provided. + * It can be used to quickly create a simple insertion point based on a + * fixed payload location within a base request. + * + * @param insertionPointName The name of the insertion point. + * @param baseRequest The request from which to build scan requests. + * @param from The offset of the start of the payload location. + * @param to The offset of the end of the payload location. + * @return An + * IScannerInsertionPoint object based on the details provided. + */ + IScannerInsertionPoint makeScannerInsertionPoint( + String insertionPointName, + byte[] baseRequest, + int from, + int to); +} diff --git a/burp/IExtensionStateListener.java b/burp/IExtensionStateListener.java new file mode 100644 index 0000000..c958210 --- /dev/null +++ b/burp/IExtensionStateListener.java @@ -0,0 +1,27 @@ +package burp; + +/* + * @(#)IExtensionStateListener.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerExtensionStateListener() to + * register an extension state listener. The listener will be notified of + * changes to the extension's state. Note: Any extensions that start + * background threads or open system resources (such as files or database + * connections) should register a listener and terminate threads / close + * resources when the extension is unloaded. + */ +public interface IExtensionStateListener +{ + /** + * This method is called when the extension is unloaded. + */ + void extensionUnloaded(); +} diff --git a/burp/IHttpListener.java b/burp/IHttpListener.java new file mode 100644 index 0000000..6fcf570 --- /dev/null +++ b/burp/IHttpListener.java @@ -0,0 +1,37 @@ +package burp; + +/* + * @(#)IHttpListener.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerHttpListener() to register an + * HTTP listener. The listener will be notified of requests and responses made + * by any Burp tool. Extensions can perform custom analysis or modification of + * these messages by registering an HTTP listener. + */ +public interface IHttpListener +{ + /** + * This method is invoked when an HTTP request is about to be issued, and + * when an HTTP response has been received. + * + * @param toolFlag A flag indicating the Burp tool that issued the request. + * Burp tool flags are defined in the + * IBurpExtenderCallbacks interface. + * @param messageIsRequest Flags whether the method is being invoked for a + * request or response. + * @param messageInfo Details of the request / response to be processed. + * Extensions can call the setter methods on this object to update the + * current message and so modify Burp's behavior. + */ + void processHttpMessage(int toolFlag, + boolean messageIsRequest, + IHttpRequestResponse messageInfo); +} diff --git a/burp/IHttpRequestResponse.java b/burp/IHttpRequestResponse.java new file mode 100644 index 0000000..6813443 --- /dev/null +++ b/burp/IHttpRequestResponse.java @@ -0,0 +1,102 @@ +package burp; + +/* + * @(#)IHttpRequestResponse.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to retrieve and update details about HTTP messages. + * + * Note: The setter methods generally can only be used before the message + * has been processed, and not in read-only contexts. The getter methods + * relating to response details can only be used after the request has been + * issued. + */ +public interface IHttpRequestResponse +{ + /** + * This method is used to retrieve the request message. + * + * @return The request message. + */ + byte[] getRequest(); + + /** + * This method is used to update the request message. + * + * @param message The new request message. + */ + void setRequest(byte[] message); + + /** + * This method is used to retrieve the response message. + * + * @return The response message. + */ + byte[] getResponse(); + + /** + * This method is used to update the response message. + * + * @param message The new response message. + */ + void setResponse(byte[] message); + + /** + * This method is used to retrieve the user-annotated comment for this item, + * if applicable. + * + * @return The user-annotated comment for this item, or null if none is set. + */ + String getComment(); + + /** + * This method is used to update the user-annotated comment for this item. + * + * @param comment The comment to be assigned to this item. + */ + void setComment(String comment); + + /** + * This method is used to retrieve the user-annotated highlight for this + * item, if applicable. + * + * @return The user-annotated highlight for this item, or null if none is + * set. + */ + String getHighlight(); + + /** + * This method is used to update the user-annotated highlight for this item. + * + * @param color The highlight color to be assigned to this item. Accepted + * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, + * or a null String to clear any existing highlight. + */ + void setHighlight(String color); + + /** + * This method is used to retrieve the HTTP service for this request / + * response. + * + * @return An + * IHttpService object containing details of the HTTP service. + */ + IHttpService getHttpService(); + + /** + * This method is used to update the HTTP service for this request / + * response. + * + * @param httpService An + * IHttpService object containing details of the new HTTP + * service. + */ + void setHttpService(IHttpService httpService); + +} diff --git a/burp/IHttpRequestResponsePersisted.java b/burp/IHttpRequestResponsePersisted.java new file mode 100644 index 0000000..b53c565 --- /dev/null +++ b/burp/IHttpRequestResponsePersisted.java @@ -0,0 +1,26 @@ +package burp; + +/* + * @(#)IHttpRequestResponsePersisted.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used for an + * IHttpRequestResponse object whose request and response messages + * have been saved to temporary files using + * IBurpExtenderCallbacks.saveBuffersToTempFiles(). + */ +public interface IHttpRequestResponsePersisted extends IHttpRequestResponse +{ + /** + * This method is used to permanently delete the saved temporary files. It + * will no longer be possible to retrieve the request or response for this + * item. + */ + void deleteTempFiles(); +} diff --git a/burp/IHttpRequestResponseWithMarkers.java b/burp/IHttpRequestResponseWithMarkers.java new file mode 100644 index 0000000..905419a --- /dev/null +++ b/burp/IHttpRequestResponseWithMarkers.java @@ -0,0 +1,44 @@ +package burp; + +/* + * @(#)IHttpRequestResponseWithMarkers.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.util.List; + +/** + * This interface is used for an + * IHttpRequestResponse object that has had markers applied. + * Extensions can create instances of this interface using + * IBurpExtenderCallbacks.applyMarkers(), or provide their own + * implementation. Markers are used in various situations, such as specifying + * Intruder payload positions, Scanner insertion points, and highlights in + * Scanner issues. + */ +public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse +{ + /** + * This method returns the details of the request markers. + * + * @return A list of index pairs representing the offsets of markers for the + * request message. Each item in the list is an int[2] array containing the + * start and end offsets for the marker. The method may return + * null if no request markers are defined. + */ + List getRequestMarkers(); + + /** + * This method returns the details of the response markers. + * + * @return A list of index pairs representing the offsets of markers for the + * response message. Each item in the list is an int[2] array containing the + * start and end offsets for the marker. The method may return + * null if no response markers are defined. + */ + List getResponseMarkers(); +} diff --git a/burp/IHttpService.java b/burp/IHttpService.java new file mode 100644 index 0000000..82ad004 --- /dev/null +++ b/burp/IHttpService.java @@ -0,0 +1,39 @@ +package burp; + +/* + * @(#)IHttpService.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to provide details about an HTTP service, to which + * HTTP requests can be sent. + */ +public interface IHttpService +{ + /** + * This method returns the hostname or IP address for the service. + * + * @return The hostname or IP address for the service. + */ + String getHost(); + + /** + * This method returns the port number for the service. + * + * @return The port number for the service. + */ + int getPort(); + + /** + * This method returns the protocol for the service. + * + * @return The protocol for the service. Expected values are "http" or + * "https". + */ + String getProtocol(); +} diff --git a/burp/IInterceptedProxyMessage.java b/burp/IInterceptedProxyMessage.java new file mode 100644 index 0000000..0dca538 --- /dev/null +++ b/burp/IInterceptedProxyMessage.java @@ -0,0 +1,116 @@ +package burp; + +/* + * @(#)IInterceptedProxyMessage.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.net.InetAddress; + +/** + * This interface is used to represent an HTTP message that has been intercepted + * by Burp Proxy. Extensions can register an + * IProxyListener to receive details of proxy messages using this + * interface. * + */ +public interface IInterceptedProxyMessage +{ + /** + * This action causes Burp Proxy to follow the current interception rules to + * determine the appropriate action to take for the message. + */ + static final int ACTION_FOLLOW_RULES = 0; + /** + * This action causes Burp Proxy to present the message to the user for + * manual review or modification. + */ + static final int ACTION_DO_INTERCEPT = 1; + /** + * This action causes Burp Proxy to forward the message to the remote server + * or client, without presenting it to the user. + */ + static final int ACTION_DONT_INTERCEPT = 2; + /** + * This action causes Burp Proxy to drop the message. + */ + static final int ACTION_DROP = 3; + /** + * This action causes Burp Proxy to follow the current interception rules to + * determine the appropriate action to take for the message, and then make a + * second call to processProxyMessage. + */ + static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; + /** + * This action causes Burp Proxy to present the message to the user for + * manual review or modification, and then make a second call to + * processProxyMessage. + */ + static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; + /** + * This action causes Burp Proxy to skip user interception, and then make a + * second call to processProxyMessage. + */ + static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; + + /** + * This method retrieves a unique reference number for this + * request/response. + * + * @return An identifier that is unique to a single request/response pair. + * Extensions can use this to correlate details of requests and responses + * and perform processing on the response message accordingly. + */ + int getMessageReference(); + + /** + * This method retrieves details of the intercepted message. + * + * @return An IHttpRequestResponse object containing details of + * the intercepted message. + */ + IHttpRequestResponse getMessageInfo(); + + /** + * This method retrieves the currently defined interception action. The + * default action is + * ACTION_FOLLOW_RULES. If multiple proxy listeners are + * registered, then other listeners may already have modified the + * interception action before it reaches the current listener. This method + * can be used to determine whether this has occurred. + * + * @return The currently defined interception action. Possible values are + * defined within this interface. + */ + int getInterceptAction(); + + /** + * This method is used to update the interception action. + * + * @param interceptAction The new interception action. Possible values are + * defined within this interface. + */ + void setInterceptAction(int interceptAction); + + /** + * This method retrieves the name of the Burp Proxy listener that is + * processing the intercepted message. + * + * @return The name of the Burp Proxy listener that is processing the + * intercepted message. The format is the same as that shown in the Proxy + * Listeners UI - for example, "127.0.0.1:8080". + */ + String getListenerInterface(); + + /** + * This method retrieves the client IP address from which the request for + * the intercepted message was received. + * + * @return The client IP address from which the request for the intercepted + * message was received. + */ + InetAddress getClientIpAddress(); +} diff --git a/burp/IIntruderAttack.java b/burp/IIntruderAttack.java new file mode 100644 index 0000000..c460f76 --- /dev/null +++ b/burp/IIntruderAttack.java @@ -0,0 +1,31 @@ +package burp; + +/* + * @(#)IIntruderAttack.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to hold details about an Intruder attack. + */ +public interface IIntruderAttack +{ + /** + * This method is used to retrieve the HTTP service for the attack. + * + * @return The HTTP service for the attack. + */ + IHttpService getHttpService(); + + /** + * This method is used to retrieve the request template for the attack. + * + * @return The request template for the attack. + */ + byte[] getRequestTemplate(); + +} diff --git a/burp/IIntruderPayloadGenerator.java b/burp/IIntruderPayloadGenerator.java new file mode 100644 index 0000000..802098c --- /dev/null +++ b/burp/IIntruderPayloadGenerator.java @@ -0,0 +1,50 @@ +package burp; + +/* + * @(#)IIntruderPayloadGenerator.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used for custom Intruder payload generators. Extensions + * that have registered an + * IIntruderPayloadGeneratorFactory must return a new instance of + * this interface when required as part of a new Intruder attack. + */ +public interface IIntruderPayloadGenerator +{ + /** + * This method is used by Burp to determine whether the payload generator is + * able to provide any further payloads. + * + * @return Extensions should return + * false when all the available payloads have been used up, + * otherwise + * true. + */ + boolean hasMorePayloads(); + + /** + * This method is used by Burp to obtain the value of the next payload. + * + * @param baseValue The base value of the current payload position. This + * value may be + * null if the concept of a base value is not applicable (e.g. + * in a battering ram attack). + * @return The next payload to use in the attack. + */ + byte[] getNextPayload(byte[] baseValue); + + /** + * This method is used by Burp to reset the state of the payload generator + * so that the next call to + * getNextPayload() returns the first payload again. This + * method will be invoked when an attack uses the same payload generator for + * more than one payload position, for example in a sniper attack. + */ + void reset(); +} diff --git a/burp/IIntruderPayloadGeneratorFactory.java b/burp/IIntruderPayloadGeneratorFactory.java new file mode 100644 index 0000000..fd38553 --- /dev/null +++ b/burp/IIntruderPayloadGeneratorFactory.java @@ -0,0 +1,40 @@ +package burp; + +/* + * @(#)IIntruderPayloadGeneratorFactory.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() + * to register a factory for custom Intruder payloads. + */ +public interface IIntruderPayloadGeneratorFactory +{ + /** + * This method is used by Burp to obtain the name of the payload generator. + * This will be displayed as an option within the Intruder UI when the user + * selects to use extension-generated payloads. + * + * @return The name of the payload generator. + */ + String getGeneratorName(); + + /** + * This method is used by Burp when the user starts an Intruder attack that + * uses this payload generator. + * + * @param attack An + * IIntruderAttack object that can be queried to obtain details + * about the attack in which the payload generator will be used. + * @return A new instance of + * IIntruderPayloadGenerator that will be used to generate + * payloads for the attack. + */ + IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); +} diff --git a/burp/IIntruderPayloadProcessor.java b/burp/IIntruderPayloadProcessor.java new file mode 100644 index 0000000..ccd4725 --- /dev/null +++ b/burp/IIntruderPayloadProcessor.java @@ -0,0 +1,45 @@ +package burp; + +/* + * @(#)IIntruderPayloadProcessor.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to + * register a custom Intruder payload processor. + */ +public interface IIntruderPayloadProcessor +{ + /** + * This method is used by Burp to obtain the name of the payload processor. + * This will be displayed as an option within the Intruder UI when the user + * selects to use an extension-provided payload processor. + * + * @return The name of the payload processor. + */ + String getProcessorName(); + + /** + * This method is invoked by Burp each time the processor should be applied + * to an Intruder payload. + * + * @param currentPayload The value of the payload to be processed. + * @param originalPayload The value of the original payload prior to + * processing by any already-applied processing rules. + * @param baseValue The base value of the payload position, which will be + * replaced with the current payload. + * @return The value of the processed payload. This may be + * null to indicate that the current payload should be skipped, + * and the attack will move directly to the next payload. + */ + byte[] processPayload( + byte[] currentPayload, + byte[] originalPayload, + byte[] baseValue); +} diff --git a/burp/IMenuItemHandler.java b/burp/IMenuItemHandler.java new file mode 100644 index 0000000..dc89560 --- /dev/null +++ b/burp/IMenuItemHandler.java @@ -0,0 +1,36 @@ +package burp; + +/* + * @(#)IMenuItemHandler.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerMenuItem() to register a custom + * context menu item. + * + * @deprecated Use + * IContextMenuFactory instead. + */ +@Deprecated +public interface IMenuItemHandler +{ + /** + * This method is invoked by Burp Suite when the user clicks on a custom + * menu item which the extension has registered with Burp. + * + * @param menuItemCaption The caption of the menu item which was clicked. + * This parameter enables extensions to provide a single implementation + * which handles multiple different menu items. + * @param messageInfo Details of the HTTP message(s) for which the context + * menu was displayed. + */ + void menuItemClicked( + String menuItemCaption, + IHttpRequestResponse[] messageInfo); +} diff --git a/burp/IMessageEditor.java b/burp/IMessageEditor.java new file mode 100644 index 0000000..abea96b --- /dev/null +++ b/burp/IMessageEditor.java @@ -0,0 +1,64 @@ +package burp; + +/* + * @(#)IMessageEditor.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.awt.Component; + +/** + * This interface is used to provide extensions with an instance of Burp's HTTP + * message editor, for the extension to use in its own UI. Extensions should + * call + * IBurpExtenderCallbacks.createMessageEditor() to obtain an + * instance of this interface. + */ +public interface IMessageEditor +{ + /** + * This method returns the UI component of the editor, for extensions to add + * to their own UI. + * + * @return The UI component of the editor. + */ + Component getComponent(); + + /** + * This method is used to display an HTTP message in the editor. + * + * @param message The HTTP message to be displayed. + * @param isRequest Flags whether the message is an HTTP request or + * response. + */ + void setMessage(byte[] message, boolean isRequest); + + /** + * This method is used to retrieve the currently displayed message, which + * may have been modified by the user. + * + * @return The currently displayed HTTP message. + */ + byte[] getMessage(); + + /** + * This method is used to determine whether the current message has been + * modified by the user. + * + * @return An indication of whether the current message has been modified by + * the user since it was first displayed. + */ + boolean isMessageModified(); + + /** + * This method returns the data that is currently selected by the user. + * + * @return The data that is currently selected by the user, or + * null if no selection is made. + */ + byte[] getSelectedData(); +} diff --git a/burp/IMessageEditorController.java b/burp/IMessageEditorController.java new file mode 100644 index 0000000..81ba7b1 --- /dev/null +++ b/burp/IMessageEditorController.java @@ -0,0 +1,49 @@ +package burp; + +/* + * @(#)IMessageEditorController.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used by an + * IMessageEditor to obtain details about the currently displayed + * message. Extensions that create instances of Burp's HTTP message editor can + * optionally provide an implementation of + * IMessageEditorController, which the editor will invoke when it + * requires further information about the current message (for example, to send + * it to another Burp tool). Extensions that provide custom editor tabs via an + * IMessageEditorTabFactory will receive a reference to an + * IMessageEditorController object for each tab instance they + * generate, which the tab can invoke if it requires further information about + * the current message. + */ +public interface IMessageEditorController +{ + /** + * This method is used to retrieve the HTTP service for the current message. + * + * @return The HTTP service for the current message. + */ + IHttpService getHttpService(); + + /** + * This method is used to retrieve the HTTP request associated with the + * current message (which may itself be a response). + * + * @return The HTTP request associated with the current message. + */ + byte[] getRequest(); + + /** + * This method is used to retrieve the HTTP response associated with the + * current message (which may itself be a request). + * + * @return The HTTP response associated with the current message. + */ + byte[] getResponse(); +} diff --git a/burp/IMessageEditorTab.java b/burp/IMessageEditorTab.java new file mode 100644 index 0000000..b980d44 --- /dev/null +++ b/burp/IMessageEditorTab.java @@ -0,0 +1,102 @@ +package burp; + +/* + * @(#)IMessageEditorTab.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.awt.Component; + +/** + * Extensions that register an + * IMessageEditorTabFactory must return instances of this + * interface, which Burp will use to create custom tabs within its HTTP message + * editors. + */ +public interface IMessageEditorTab +{ + /** + * This method returns the caption that should appear on the custom tab when + * it is displayed. Note: Burp invokes this method once when the tab + * is first generated, and the same caption will be used every time the tab + * is displayed. + * + * @return The caption that should appear on the custom tab when it is + * displayed. + */ + String getTabCaption(); + + /** + * This method returns the component that should be used as the contents of + * the custom tab when it is displayed. Note: Burp invokes this + * method once when the tab is first generated, and the same component will + * be used every time the tab is displayed. + * + * @return The component that should be used as the contents of the custom + * tab when it is displayed. + */ + Component getUiComponent(); + + /** + * The hosting editor will invoke this method before it displays a new HTTP + * message, so that the custom tab can indicate whether it should be enabled + * for that message. + * + * @param content The message that is about to be displayed. + * @param isRequest Indicates whether the message is a request or a + * response. + * @return The method should return + * true if the custom tab is able to handle the specified + * message, and so will be displayed within the editor. Otherwise, the tab + * will be hidden while this message is displayed. + */ + boolean isEnabled(byte[] content, boolean isRequest); + + /** + * The hosting editor will invoke this method to display a new message or to + * clear the existing message. This method will only be called with a new + * message if the tab has already returned + * true to a call to + * isEnabled() with the same message details. + * + * @param content The message that is to be displayed, or + * null if the tab should clear its contents and disable any + * editable controls. + * @param isRequest Indicates whether the message is a request or a + * response. + */ + void setMessage(byte[] content, boolean isRequest); + + /** + * This method returns the currently displayed message. + * + * @return The currently displayed message. + */ + byte[] getMessage(); + + /** + * This method is used to determine whether the currently displayed message + * has been modified by the user. The hosting editor will always call + * getMessage() before calling this method, so any pending + * edits should be completed within + * getMessage(). + * + * @return The method should return + * true if the user has modified the current message since it + * was first displayed. + */ + boolean isModified(); + + /** + * This method is used to retrieve the data that is currently selected by + * the user. + * + * @return The data that is currently selected by the user. This may be + * null if no selection is currently made. + */ + byte[] getSelectedData(); +} diff --git a/burp/IMessageEditorTabFactory.java b/burp/IMessageEditorTabFactory.java new file mode 100644 index 0000000..8882bb5 --- /dev/null +++ b/burp/IMessageEditorTabFactory.java @@ -0,0 +1,38 @@ +package burp; + +/* + * @(#)IMessageEditorTabFactory.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to + * register a factory for custom message editor tabs. This allows extensions to + * provide custom rendering or editing of HTTP messages, within Burp's own HTTP + * editor. + */ +public interface IMessageEditorTabFactory +{ + /** + * Burp will call this method once for each HTTP message editor, and the + * factory should provide a new instance of an + * IMessageEditorTab object. + * + * @param controller An + * IMessageEditorController object, which the new tab can query + * to retrieve details about the currently displayed message. This may be + * null for extension-invoked message editors where the + * extension has not provided an editor controller. + * @param editable Indicates whether the hosting editor is editable or + * read-only. + * @return A new + * IMessageEditorTab object for use within the message editor. + */ + IMessageEditorTab createNewInstance(IMessageEditorController controller, + boolean editable); +} diff --git a/burp/IParameter.java b/burp/IParameter.java new file mode 100644 index 0000000..c9d3e50 --- /dev/null +++ b/burp/IParameter.java @@ -0,0 +1,104 @@ +package burp; + +/* + * @(#)IParameter.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to hold details about an HTTP request parameter. + */ +public interface IParameter +{ + /** + * Used to indicate a parameter within the URL query string. + */ + static final byte PARAM_URL = 0; + /** + * Used to indicate a parameter within the message body. + */ + static final byte PARAM_BODY = 1; + /** + * Used to indicate an HTTP cookie. + */ + static final byte PARAM_COOKIE = 2; + /** + * Used to indicate an item of data within an XML structure. + */ + static final byte PARAM_XML = 3; + /** + * Used to indicate the value of a tag attribute within an XML structure. + */ + static final byte PARAM_XML_ATTR = 4; + /** + * Used to indicate the value of a parameter attribute within a multi-part + * message body (such as the name of an uploaded file). + */ + static final byte PARAM_MULTIPART_ATTR = 5; + /** + * Used to indicate an item of data within a JSON structure. + */ + static final byte PARAM_JSON = 6; + + /** + * This method is used to retrieve the parameter type. + * + * @return The parameter type. The available types are defined within this + * interface. + */ + byte getType(); + + /** + * This method is used to retrieve the parameter name. + * + * @return The parameter name. + */ + String getName(); + + /** + * This method is used to retrieve the parameter value. + * + * @return The parameter value. + */ + String getValue(); + + /** + * This method is used to retrieve the start offset of the parameter name + * within the HTTP request. + * + * @return The start offset of the parameter name within the HTTP request, + * or -1 if the parameter is not associated with a specific request. + */ + int getNameStart(); + + /** + * This method is used to retrieve the end offset of the parameter name + * within the HTTP request. + * + * @return The end offset of the parameter name within the HTTP request, or + * -1 if the parameter is not associated with a specific request. + */ + int getNameEnd(); + + /** + * This method is used to retrieve the start offset of the parameter value + * within the HTTP request. + * + * @return The start offset of the parameter value within the HTTP request, + * or -1 if the parameter is not associated with a specific request. + */ + int getValueStart(); + + /** + * This method is used to retrieve the end offset of the parameter value + * within the HTTP request. + * + * @return The end offset of the parameter value within the HTTP request, or + * -1 if the parameter is not associated with a specific request. + */ + int getValueEnd(); +} diff --git a/burp/IProxyListener.java b/burp/IProxyListener.java new file mode 100644 index 0000000..50811d3 --- /dev/null +++ b/burp/IProxyListener.java @@ -0,0 +1,37 @@ +package burp; + +/* + * @(#)IProxyListener.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerProxyListener() to register a + * Proxy listener. The listener will be notified of requests and responses being + * processed by the Proxy tool. Extensions can perform custom analysis or + * modification of these messages, and control in-UI message interception, by + * registering a proxy listener. + */ +public interface IProxyListener +{ + /** + * This method is invoked when an HTTP message is being processed by the + * Proxy. + * + * @param messageIsRequest Indicates whether the HTTP message is a request + * or a response. + * @param message An + * IInterceptedProxyMessage object that extensions can use to + * query and update details of the message, and control whether the message + * should be intercepted and displayed to the user for manual review or + * modification. + */ + void processProxyMessage( + boolean messageIsRequest, + IInterceptedProxyMessage message); +} diff --git a/burp/IRequestInfo.java b/burp/IRequestInfo.java new file mode 100644 index 0000000..f10cbd9 --- /dev/null +++ b/burp/IRequestInfo.java @@ -0,0 +1,95 @@ +package burp; + +/* + * @(#)IRequestInfo.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.net.URL; +import java.util.List; + +/** + * This interface is used to retrieve key details about an HTTP request. + * Extensions can obtain an + * IRequestInfo object for a given request by calling + * IExtensionHelpers.analyzeRequest(). + */ +public interface IRequestInfo +{ + /** + * Used to indicate that there is no content. + */ + static final byte CONTENT_TYPE_NONE = 0; + /** + * Used to indicate URL-encoded content. + */ + static final byte CONTENT_TYPE_URL_ENCODED = 1; + /** + * Used to indicate multi-part content. + */ + static final byte CONTENT_TYPE_MULTIPART = 2; + /** + * Used to indicate XML content. + */ + static final byte CONTENT_TYPE_XML = 3; + /** + * Used to indicate JSON content. + */ + static final byte CONTENT_TYPE_JSON = 4; + /** + * Used to indicate AMF content. + */ + static final byte CONTENT_TYPE_AMF = 5; + /** + * Used to indicate unknown content. + */ + static final byte CONTENT_TYPE_UNKNOWN = -1; + + /** + * This method is used to obtain the HTTP method used in the request. + * + * @return The HTTP method used in the request. + */ + String getMethod(); + + /** + * This method is used to obtain the URL in the request. + * + * @return The URL in the request. + */ + URL getUrl(); + + /** + * This method is used to obtain the HTTP headers contained in the request. + * + * @return The HTTP headers contained in the request. + */ + List getHeaders(); + + /** + * This method is used to obtain the parameters contained in the request. + * + * @return The parameters contained in the request. + */ + List getParameters(); + + /** + * This method is used to obtain the offset within the request where the + * message body begins. + * + * @return The offset within the request where the message body begins. + */ + int getBodyOffset(); + + /** + * This method is used to obtain the content type of the message body. + * + * @return An indication of the content type of the message body. Available + * types are defined within this interface. + */ + byte getContentType(); +} diff --git a/burp/IResponseInfo.java b/burp/IResponseInfo.java new file mode 100644 index 0000000..a7a3551 --- /dev/null +++ b/burp/IResponseInfo.java @@ -0,0 +1,73 @@ +package burp; + +/* + * @(#)IResponseInfo.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.util.List; + +/** + * This interface is used to retrieve key details about an HTTP response. + * Extensions can obtain an + * IResponseInfo object for a given response by calling + * IExtensionHelpers.analyzeResponse(). + */ +public interface IResponseInfo +{ + /** + * This method is used to obtain the HTTP headers contained in the response. + * + * @return The HTTP headers contained in the response. + */ + List getHeaders(); + + /** + * This method is used to obtain the offset within the response where the + * message body begins. + * + * @return The offset within the response where the message body begins. + */ + int getBodyOffset(); + + /** + * This method is used to obtain the HTTP status code contained in the + * response. + * + * @return The HTTP status code contained in the response. + */ + short getStatusCode(); + + /** + * This method is used to obtain details of the HTTP cookies set in the + * response. + * + * @return A list of ICookie objects representing the cookies + * set in the response, if any. + */ + List getCookies(); + + /** + * This method is used to obtain the MIME type of the response, as stated in + * the HTTP headers. + * + * @return A textual label for the stated MIME type, or an empty String if + * this is not known or recognized. The possible labels are the same as + * those used in the main Burp UI. + */ + String getStatedMimeType(); + + /** + * This method is used to obtain the MIME type of the response, as inferred + * from the contents of the HTTP message body. + * + * @return A textual label for the inferred MIME type, or an empty String if + * this is not known or recognized. The possible labels are the same as + * those used in the main Burp UI. + */ + String getInferredMimeType(); +} diff --git a/burp/IScanIssue.java b/burp/IScanIssue.java new file mode 100644 index 0000000..6348d05 --- /dev/null +++ b/burp/IScanIssue.java @@ -0,0 +1,120 @@ +package burp; + +/* + * @(#)IScanIssue.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to retrieve details of Scanner issues. Extensions can + * obtain details of issues by registering an + * IScannerListener or by calling + * IBurpExtenderCallbacks.getScanIssues(). Extensions can also add + * custom Scanner issues by registering an + * IScannerCheck or calling + * IBurpExtenderCallbacks.addScanIssue(), and providing their own + * implementations of this interface + */ +public interface IScanIssue +{ + /** + * This method returns the URL for which the issue was generated. + * + * @return The URL for which the issue was generated. + */ + java.net.URL getUrl(); + + /** + * This method returns the name of the issue type. + * + * @return The name of the issue type (e.g. "SQL injection"). + */ + String getIssueName(); + + /** + * This method returns a numeric identifier of the issue type. See the Burp + * Scanner help documentation for a listing of all the issue types. + * + * @return A numeric identifier of the issue type. + */ + int getIssueType(); + + /** + * This method returns the issue severity level. + * + * @return The issue severity level. Expected values are "High", "Medium", + * "Low", "Information" or "False positive". + * + */ + String getSeverity(); + + /** + * This method returns the issue confidence level. + * + * @return The issue confidence level. Expected values are "Certain", "Firm" + * or "Tentative". + */ + String getConfidence(); + + /** + * This method returns a background description for this type of issue. + * + * @return A background description for this type of issue, or + * null if none applies. + */ + String getIssueBackground(); + + /** + * This method returns a background description of the remediation for this + * type of issue. + * + * @return A background description of the remediation for this type of + * issue, or + * null if none applies. + */ + String getRemediationBackground(); + + /** + * This method returns detailed information about this specific instance of + * the issue. + * + * @return Detailed information about this specific instance of the issue, + * or + * null if none applies. + */ + String getIssueDetail(); + + /** + * This method returns detailed information about the remediation for this + * specific instance of the issue. + * + * @return Detailed information about the remediation for this specific + * instance of the issue, or + * null if none applies. + */ + String getRemediationDetail(); + + /** + * This method returns the HTTP messages on the basis of which the issue was + * generated. + * + * @return The HTTP messages on the basis of which the issue was generated. + * Note: The items in this array should be instances of + * IHttpRequestResponseWithMarkers if applicable, so that + * details of the relevant portions of the request and response messages are + * available. + */ + IHttpRequestResponse[] getHttpMessages(); + + /** + * This method returns the HTTP service for which the issue was generated. + * + * @return The HTTP service for which the issue was generated. + */ + IHttpService getHttpService(); + +} diff --git a/burp/IScanQueueItem.java b/burp/IScanQueueItem.java new file mode 100644 index 0000000..e0c50d7 --- /dev/null +++ b/burp/IScanQueueItem.java @@ -0,0 +1,80 @@ +package burp; + +/* + * @(#)IScanQueueItem.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to retrieve details of items in the Burp Scanner + * active scan queue. Extensions can obtain references to scan queue items by + * calling + * IBurpExtenderCallbacks.doActiveScan(). + */ +public interface IScanQueueItem +{ + /** + * This method returns a description of the status of the scan queue item. + * + * @return A description of the status of the scan queue item. + */ + String getStatus(); + + /** + * This method returns an indication of the percentage completed for the + * scan queue item. + * + * @return An indication of the percentage completed for the scan queue + * item. + */ + byte getPercentageComplete(); + + /** + * This method returns the number of requests that have been made for the + * scan queue item. + * + * @return The number of requests that have been made for the scan queue + * item. + */ + int getNumRequests(); + + /** + * This method returns the number of network errors that have occurred for + * the scan queue item. + * + * @return The number of network errors that have occurred for the scan + * queue item. + */ + int getNumErrors(); + + /** + * This method returns the number of attack insertion points being used for + * the scan queue item. + * + * @return The number of attack insertion points being used for the scan + * queue item. + */ + int getNumInsertionPoints(); + + /** + * This method allows the scan queue item to be canceled. + */ + void cancel(); + + /** + * This method returns details of the issues generated for the scan queue + * item. Note: different items within the scan queue may contain + * duplicated versions of the same issues - for example, if the same request + * has been scanned multiple times. Duplicated issues are consolidated in + * the main view of scan results. Extensions can register an + * IScannerListener to get details only of unique, newly + * discovered Scanner issues post-consolidation. + * + * @return Details of the issues generated for the scan queue item. + */ + IScanIssue[] getIssues(); +} diff --git a/burp/IScannerCheck.java b/burp/IScannerCheck.java new file mode 100644 index 0000000..db371ca --- /dev/null +++ b/burp/IScannerCheck.java @@ -0,0 +1,89 @@ +package burp; + +/* + * @(#)IScannerCheck.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.util.List; + +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerScannerCheck() to register a + * custom Scanner check. When performing scanning, Burp will ask the check to + * perform active or passive scanning on the base request, and report any + * Scanner issues that are identified. + */ +public interface IScannerCheck +{ + /** + * The Scanner invokes this method for each base request / response that is + * passively scanned. Note: Extensions should not only analyze the + * HTTP messages provided during passive scanning, and should not make any + * new HTTP requests of their own. + * + * @param baseRequestResponse The base HTTP request / response that should + * be passively scanned. + * @return A list of + * IScanIssue objects, or + * null if no issues are identified. + */ + List doPassiveScan(IHttpRequestResponse baseRequestResponse); + + /** + * The Scanner invokes this method for each insertion point that is actively + * scanned. Extensions may issue HTTP requests as required to carry out + * active scanning, and should use the + * IScannerInsertionPoint object provided to build scan + * requests for particular payloads. Note: Extensions are responsible + * for ensuring that attack payloads are suitably encoded within requests + * (for example, by URL-encoding relevant metacharacters in the URL query + * string). Encoding is not automatically carried out by the + * IScannerInsertionPoint, because this would prevent Scanner + * checks from testing for certain input filter bypasses. Extensions should + * query the + * IScannerInsertionPoint to determine its type, and apply any + * encoding that may be appropriate. + * + * @param baseRequestResponse The base HTTP request / response that should + * be actively scanned. + * @param insertionPoint An + * IScannerInsertionPoint object that can be queried to obtain + * details of the insertion point being tested, and can be used to build + * scan requests for particular payloads. + * @return A list of + * IScanIssue objects, or + * null if no issues are identified. + */ + List doActiveScan( + IHttpRequestResponse baseRequestResponse, + IScannerInsertionPoint insertionPoint); + + /** + * The Scanner invokes this method when the custom Scanner check has + * reported multiple issues for the same URL path. This can arise either + * because there are multiple distinct vulnerabilities, or because the same + * (or a similar) request has been scanned more than once. The custom check + * should determine whether the issues are duplicates. In most cases, where + * a check uses distinct issue names or descriptions for distinct issues, + * the consolidation process will simply be a matter of comparing these + * features for the two issues. + * + * @param existingIssue An issue that was previously reported by this + * Scanner check. + * @param newIssue An issue at the same URL path that has been newly + * reported by this Scanner check. + * @return An indication of which issue(s) should be reported in the main + * Scanner results. The method should return + * -1 to report the existing issue only, + * 0 to report both issues, and + * 1 to report the new issue only. + */ + int consolidateDuplicateIssues( + IScanIssue existingIssue, + IScanIssue newIssue); +} diff --git a/burp/IScannerInsertionPoint.java b/burp/IScannerInsertionPoint.java new file mode 100644 index 0000000..043c95e --- /dev/null +++ b/burp/IScannerInsertionPoint.java @@ -0,0 +1,156 @@ +package burp; + +/* + * @(#)IScannerInsertionPoint.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to define an insertion point for use by active Scanner + * checks. Extensions can obtain instances of this interface by registering an + * IScannerCheck, or can create instances for use by Burp's own + * scan checks by registering an + * IScannerInsertionPointProvider. + */ +public interface IScannerInsertionPoint +{ + /** + * Used to indicate where the payload is inserted into the value of a URL + * parameter. + */ + static final byte INS_PARAM_URL = 0x00; + /** + * Used to indicate where the payload is inserted into the value of a body + * parameter. + */ + static final byte INS_PARAM_BODY = 0x01; + /** + * Used to indicate where the payload is inserted into the value of an HTTP + * cookie. + */ + static final byte INS_PARAM_COOKIE = 0x02; + /** + * Used to indicate where the payload is inserted into the value of an item + * of data within an XML data structure. + */ + static final byte INS_PARAM_XML = 0x03; + /** + * Used to indicate where the payload is inserted into the value of a tag + * attribute within an XML structure. + */ + static final byte INS_PARAM_XML_ATTR = 0x04; + /** + * Used to indicate where the payload is inserted into the value of a + * parameter attribute within a multi-part message body (such as the name of + * an uploaded file). + */ + static final byte INS_PARAM_MULTIPART_ATTR = 0x05; + /** + * Used to indicate where the payload is inserted into the value of an item + * of data within a JSON structure. + */ + static final byte INS_PARAM_JSON = 0x06; + /** + * Used to indicate where the payload is inserted into the value of an AMF + * parameter. + */ + static final byte INS_PARAM_AMF = 0x07; + /** + * Used to indicate where the payload is inserted into the value of an HTTP + * request header. + */ + static final byte INS_HEADER = 0x20; + /** + * Used to indicate where the payload is inserted into a REST parameter + * within the URL file path. + */ + static final byte INS_URL_REST = 0x21; + /** + * Used to indicate where the payload is inserted into the name of an added + * URL parameter. + */ + static final byte INS_PARAM_NAME_URL = 0x22; + /** + * Used to indicate where the payload is inserted into the name of an added + * body parameter. + */ + static final byte INS_PARAM_NAME_BODY = 0x23; + /** + * Used to indicate where the payload is inserted at a location manually + * configured by the user. + */ + static final byte INS_USER_PROVIDED = 0x40; + /** + * Used to indicate where the insertion point is provided by an + * extension-registered + * IScannerInsertionPointProvider. + */ + static final byte INS_EXTENSION_PROVIDED = 0x41; + /** + * Used to indicate where the payload is inserted at an unknown location + * within the request. + */ + static final byte INS_UNKNOWN = 0x7f; + + /** + * This method returns the name of the insertion point. + * + * @return The name of the insertion point (for example, a description of a + * particular request parameter). + */ + String getInsertionPointName(); + + /** + * This method returns the base value for this insertion point. + * + * @return the base value that appears in this insertion point in the base + * request being scanned, or + * null if there is no value in the base request that + * corresponds to this insertion point. + */ + String getBaseValue(); + + /** + * This method is used to build a request with the specified payload placed + * into the insertion point. Any necessary adjustments to the Content-Length + * header will be made by the Scanner itself when the request is issued, and + * there is no requirement for the insertion point to do this. Note: + * Burp's built-in scan checks do not apply any payload encoding (such as + * URL-encoding) when dealing with an extension-provided insertion point. + * Custom insertion points are responsible for performing any data encoding + * that is necessary given the nature and location of the insertion point. + * + * @param payload The payload that should be placed into the insertion + * point. + * @return The resulting request. + */ + byte[] buildRequest(byte[] payload); + + /** + * This method is used to determine the offsets of the payload value within + * the request, when it is placed into the insertion point. Scan checks may + * invoke this method when reporting issues, so as to highlight the relevant + * part of the request within the UI. + * + * @param payload The payload that should be placed into the insertion + * point. + * @return An int[2] array containing the start and end offsets of the + * payload within the request, or null if this is not applicable (for + * example, where the insertion point places a payload into a serialized + * data structure, the raw payload may not literally appear anywhere within + * the resulting request). + */ + int[] getPayloadOffsets(byte[] payload); + + /** + * This method returns the type of the insertion point. + * + * @return The type of the insertion point. Available types are defined in + * this interface. + */ + byte getInsertionPointType(); +} diff --git a/burp/IScannerInsertionPointProvider.java b/burp/IScannerInsertionPointProvider.java new file mode 100644 index 0000000..c000fcc --- /dev/null +++ b/burp/IScannerInsertionPointProvider.java @@ -0,0 +1,38 @@ +package burp; + +/* + * @(#)IScannerInsertionPointProvider.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.util.List; + +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() + * to register a factory for custom Scanner insertion points. + */ +public interface IScannerInsertionPointProvider +{ + /** + * When a request is actively scanned, the Scanner will invoke this method, + * and the provider should provide a list of custom insertion points that + * will be used in the scan. Note: these insertion points are used in + * addition to those that are derived from Burp Scanner's configuration, and + * those provided by any other Burp extensions. + * + * @param baseRequestResponse The base request that will be actively + * scanned. + * @return A list of + * IScannerInsertionPoint objects that should be used in the + * scanning, or + * null if no custom insertion points are applicable for this + * request. + */ + List getInsertionPoints( + IHttpRequestResponse baseRequestResponse); +} diff --git a/burp/IScannerListener.java b/burp/IScannerListener.java new file mode 100644 index 0000000..76edc4e --- /dev/null +++ b/burp/IScannerListener.java @@ -0,0 +1,30 @@ +package burp; + +/* + * @(#)IScannerListener.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerScannerListener() to register a + * Scanner listener. The listener will be notified of new issues that are + * reported by the Scanner tool. Extensions can perform custom analysis or + * logging of Scanner issues by registering a Scanner listener. + */ +public interface IScannerListener +{ + /** + * This method is invoked when a new issue is added to Burp Scanner's + * results. + * + * @param issue An + * IScanIssue object that the extension can query to obtain + * details about the new issue. + */ + void newScanIssue(IScanIssue issue); +} diff --git a/burp/IScopeChangeListener.java b/burp/IScopeChangeListener.java new file mode 100644 index 0000000..6a6d7d1 --- /dev/null +++ b/burp/IScopeChangeListener.java @@ -0,0 +1,25 @@ +package burp; + +/* + * @(#)IScopeChangeListener.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerScopeChangeListener() to register + * a scope change listener. The listener will be notified whenever a change + * occurs to Burp's suite-wide target scope. + */ +public interface IScopeChangeListener +{ + /** + * This method is invoked whenever a change occurs to Burp's suite-wide + * target scope. + */ + void scopeChanged(); +} diff --git a/burp/ISessionHandlingAction.java b/burp/ISessionHandlingAction.java new file mode 100644 index 0000000..fb011cf --- /dev/null +++ b/burp/ISessionHandlingAction.java @@ -0,0 +1,51 @@ +package burp; + +/* + * @(#)ISessionHandlingAction.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * Extensions can implement this interface and then call + * IBurpExtenderCallbacks.registerSessionHandlingAction() to + * register a custom session handling action. Each registered action will be + * available within the session handling rule UI for the user to select as a + * rule action. Users can choose to invoke an action directly in its own right, + * or following execution of a macro. + */ +public interface ISessionHandlingAction +{ + /** + * This method is used by Burp to obtain the name of the session handling + * action. This will be displayed as an option within the session handling + * rule editor when the user selects to execute an extension-provided + * action. + * + * @return The name of the action. + */ + String getActionName(); + + /** + * This method is invoked when the session handling action should be + * executed. This may happen as an action in its own right, or as a + * sub-action following execution of a macro. + * + * @param currentRequest The base request that is currently being processed. + * The action can query this object to obtain details about the base + * request. It can issue additional requests of its own if necessary, and + * can use the setter methods on this object to update the base request. + * @param macroItems If the action is invoked following execution of a + * macro, this parameter contains the result of executing the macro. + * Otherwise, it is + * null. Actions can use the details of the macro items to + * perform custom analysis of the macro to derive values of non-standard + * session handling tokens, etc. + */ + void performAction( + IHttpRequestResponse currentRequest, + IHttpRequestResponse[] macroItems); +} diff --git a/burp/ITab.java b/burp/ITab.java new file mode 100644 index 0000000..57f1680 --- /dev/null +++ b/burp/ITab.java @@ -0,0 +1,38 @@ +package burp; + +/* + * @(#)ITab.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.awt.Component; + +/** + * This interface is used to provide Burp with details of a custom tab that will + * be added to Burp's UI, using a method such as + * IBurpExtenderCallbacks.addSuiteTab(). + */ +public interface ITab +{ + /** + * Burp uses this method to obtain the caption that should appear on the + * custom tab when it is displayed. + * + * @return The caption that should appear on the custom tab when it is + * displayed. + */ + String getTabCaption(); + + /** + * Burp uses this method to obtain the component that should be used as the + * contents of the custom tab when it is displayed. + * + * @return The component that should be used as the contents of the custom + * tab when it is displayed. + */ + Component getUiComponent(); +} diff --git a/burp/ITempFile.java b/burp/ITempFile.java new file mode 100644 index 0000000..5281766 --- /dev/null +++ b/burp/ITempFile.java @@ -0,0 +1,33 @@ +package burp; + +/* + * @(#)ITempFile.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +/** + * This interface is used to hold details of a temporary file that has been + * created via a call to + * IBurpExtenderCallbacks.saveToTempFile(). + * + */ +public interface ITempFile +{ + /** + * This method is used to retrieve the contents of the buffer that was saved + * in the temporary file. + * + * @return The contents of the buffer that was saved in the temporary file. + */ + byte[] getBuffer(); + + /** + * This method is used to permanently delete the temporary file when it is + * no longer required. + */ + void delete(); +} diff --git a/burp/ITextEditor.java b/burp/ITextEditor.java new file mode 100644 index 0000000..0d5f6d0 --- /dev/null +++ b/burp/ITextEditor.java @@ -0,0 +1,90 @@ +package burp; + +/* + * @(#)ITextEditor.java + * + * Copyright PortSwigger Ltd. All rights reserved. + * + * This code may be used to extend the functionality of Burp Suite Free Edition + * and Burp Suite Professional, provided that this usage does not violate the + * license terms for those products. + */ +import java.awt.Component; + +/** + * This interface is used to provide extensions with an instance of Burp's raw + * text editor, for the extension to use in its own UI. Extensions should call + * IBurpExtenderCallbacks.createTextEditor() to obtain an instance + * of this interface. + */ +public interface ITextEditor +{ + /** + * This method returns the UI component of the editor, for extensions to add + * to their own UI. + * + * @return The UI component of the editor. + */ + Component getComponent(); + + /** + * This method is used to control whether the editor is currently editable. + * This status can be toggled on and off as required. + * + * @param editable Indicates whether the editor should be currently + * editable. + */ + void setEditable(boolean editable); + + /** + * This method is used to update the currently displayed text in the editor. + * + * @param text The text to be displayed. + */ + void setText(byte[] text); + + /** + * This method is used to retrieve the currently displayed text. + * + * @return The currently displayed text. + */ + byte[] getText(); + + /** + * This method is used to determine whether the user has modified the + * contents of the editor. + * + * @return An indication of whether the user has modified the contents of + * the editor since the last call to + * setText(). + */ + boolean isTextModified(); + + /** + * This method is used to obtain the currently selected text. + * + * @return The currently selected text, or + * null if the user has not made any selection. + */ + byte[] getSelectedText(); + + /** + * This method can be used to retrieve the bounds of the user's selection + * into the displayed text, if applicable. + * + * @return An int[2] array containing the start and end offsets of the + * user's selection within the displayed text. If the user has not made any + * selection in the current message, both offsets indicate the position of + * the caret within the editor. + */ + int[] getSelectionBounds(); + + /** + * This method is used to update the search expression that is shown in the + * search bar below the editor. The editor will automatically highlight any + * regions of the displayed text that match the search expression. + * + * @param expression The search expression. + */ + void setSearchExpression(String expression); +} diff --git a/burp/MatchRule.java b/burp/MatchRule.java new file mode 100644 index 0000000..a33d963 --- /dev/null +++ b/burp/MatchRule.java @@ -0,0 +1,29 @@ +package burp; + +import java.util.regex.Pattern; + +class MatchRule +{ + private Pattern pattern; + private Integer matchGroup; + private String type; + + public MatchRule(Pattern pattern, Integer matchGroup, String type) + { + this.pattern = pattern; + this.matchGroup = matchGroup; + this.type = type; + } + + public Pattern getPattern() { + return this.pattern; + } + + public Integer getMatchGroup() { + return this.matchGroup; + } + + public String getType() { + return this.type; + } +} \ No newline at end of file diff --git a/burp/ScannetMatch.java b/burp/ScannetMatch.java new file mode 100644 index 0000000..ce1d289 --- /dev/null +++ b/burp/ScannetMatch.java @@ -0,0 +1,39 @@ +package burp; + +class ScannerMatch + implements Comparable +{ + private Integer start; + private int end; + private String match; + private String type; + + public ScannerMatch(int start, int end, String match, String type) + { + this.start = Integer.valueOf(start); + this.end = end; + this.match = match; + this.type = type; + } + + public int getStart() { + return this.start.intValue(); + } + + public int getEnd() { + return this.end; + } + + public String getMatch() { + return this.match; + } + + public String getType() { + return this.type; + } + + public int compareTo(ScannerMatch m) + { + return this.start.compareTo(Integer.valueOf(m.getStart())); + } +} \ No newline at end of file diff --git a/burp/checkResult.java b/burp/checkResult.java new file mode 100644 index 0000000..70c6f8f --- /dev/null +++ b/burp/checkResult.java @@ -0,0 +1,39 @@ +package burp; + +public class checkResult { + + private boolean status; + private String payload; + private IHttpRequestResponse attack; + private String priority; + private String attackDetails; + + public boolean status() { + return status; + } + + public String getPayload() { + return payload; + } + + public IHttpRequestResponse getAttack() { + return attack; + } + + public String getPriority() { + return priority; + } + + public String getAttackDetails() { return attackDetails;} + + + + public checkResult(boolean status, String payload, IHttpRequestResponse attack, String priority, String attackDetails) { + this.status = status; + this.payload = payload; + this.attack = attack; + this.priority = priority; + this.attackDetails = attackDetails; + } + +}