public static int getResponseBodyLength(IResponseInfo responseInfo, byte[] response) { for (String header: responseInfo.getHeaders()) { if (header.toLowerCase().startsWith("content-length:")) { return Integer.parseInt(header.substring(header.indexOf(":") + 1).trim()); } } // if no content-length header returned, let's calculate it manually String resp = new String(response); String body = resp.substring(responseInfo.getBodyOffset()); return body.length(); }
void analyzeResults(IResponseInfo responseInfo, byte[] response) { responseSize = response.length - responseInfo.getBodyOffset(); responseCode = Short.toString(responseInfo.getStatusCode()); testResponse = response; }
static byte[] filterResponse(byte[] response) { if (response == null) { return new byte[]{'n','u','l','l'}; } byte[] filteredResponse; IResponseInfo details = helpers.analyzeResponse(response); String inferredMimeType = details.getInferredMimeType(); if(inferredMimeType.isEmpty()) { inferredMimeType = details.getStatedMimeType(); } inferredMimeType = inferredMimeType.toLowerCase(); if(inferredMimeType.contains("text") || inferredMimeType.equals("html") || inferredMimeType.contains("xml") || inferredMimeType.contains("script") || inferredMimeType.contains("css") || inferredMimeType.contains("json")) { filteredResponse = helpers.stringToBytes(helpers.bytesToString(response).toLowerCase()); } else { String headers = helpers.bytesToString(Arrays.copyOfRange(response, 0, details.getBodyOffset())) + details.getInferredMimeType(); filteredResponse = helpers.stringToBytes(headers.toLowerCase()); } if(details.getStatedMimeType().toLowerCase().contains("json") && (inferredMimeType.contains("json") || inferredMimeType.contains("javascript"))) { String headers = helpers.bytesToString(Arrays.copyOfRange(response, 0, details.getBodyOffset())); String body = helpers.bytesToString(Arrays.copyOfRange(response, details.getBodyOffset(), response.length)); filteredResponse = helpers.stringToBytes(headers + StringEscapeUtils.unescapeJson(body)); } return filteredResponse; }
@Override public boolean isEnabled(byte[] content, boolean isRequest) { if (!isRequest && tab.getBeautifierEnabled()) { IResponseInfo respinfo = callbacks.getHelpers().analyzeResponse(content); return ("script".equals(respinfo.getStatedMimeType()) || "script".equals(respinfo.getInferredMimeType())); } else { return false; } }
@Override public IScanIssue grep(IHttpRequestResponse baseRequestResponse) { IResponseInfo resp = helpers.analyzeResponse(baseRequestResponse.getResponse()); if (resp == null) return null; if (resp.getStatusCode() != 200) return null; List<String> contentTypes = Arrays.asList("text/html", "application/xml"); List<String> headers = resp.getHeaders(); String contentTypeHeader = Utils.getContentType(resp); if (contentTypeHeader == null) return analyseHeaders(baseRequestResponse, headers); if (contentTypes.contains(contentTypeHeader.toLowerCase())) return analyseHeaders(baseRequestResponse, headers); return null; }
private String getStringResponseBody(IHttpRequestResponse baseRequestResponse) { String response = null; try { response = new String(baseRequestResponse.getResponse(), "UTF-8"); response = response.substring(helpers.analyzeResponse(baseRequestResponse.getResponse()).getBodyOffset()); } catch (UnsupportedEncodingException e) { System.out.println("Error converting string"); } return response; }
private boolean checkStatusCode(IHttpRequestResponse messageInfo) { IResponseInfo analyzedResponse = BurpExtender.getHelpers().analyzeResponse(messageInfo.getResponse()); try { short responseCodeAsShort = Short.parseShort(this.matchCondition); switch (this.matchRelationship) { case "Is Greater Than": return analyzedResponse.getStatusCode() > responseCodeAsShort; case "Is Less Than": return analyzedResponse.getStatusCode() < responseCodeAsShort; case "Equals": return (analyzedResponse.getStatusCode() == responseCodeAsShort); default: return !(analyzedResponse.getStatusCode() == responseCodeAsShort); } } catch (NumberFormatException e) { return false; } }
public static String getResponseHeaderValue(IResponseInfo responseInfo, String headerName) { headerName = headerName.toLowerCase().replace(":", ""); for (String header : responseInfo.getHeaders()) { if (header.toLowerCase().startsWith(headerName)) { return header.split(":", 0)[1]; } } return null; }
private boolean checkRequestForOpenIdLoginMetadata(IResponseInfo responseInfo, IHttpRequestResponse httpRequestResponse) { if (responseInfo.getStatusCode() == STATUS_OK && MIMETYPE_HTML.equals(responseInfo.getStatedMimeType())) { final byte[] responseBytes = httpRequestResponse.getResponse(); final int bodyOffset = responseInfo.getBodyOffset(); final String responseBody = (new String(responseBytes)).substring(bodyOffset); final String response = helpers.bytesToString(responseBytes);
String mime_type = respInfo.getStatedMimeType(); request_id += respInfo.getStatusCode() + mime_type; if (mimetypes.contains(mime_type) && statuscodes.contains(String.valueOf(respInfo.getStatusCode()))) { suitableForPerHostScans = true; if (!BurpExtender.scanned.contains(request_id+"Host")) {
key = key + info.getStatusCode() + info.getInferredMimeType();
String contentType = respInfo.getStatedMimeType();
IResponseInfo respInfo = helpers.analyzeResponse(reqResp.getResponse()); String mimeType = respInfo.getInferredMimeType().toUpperCase(); //Uppercase is applied because to make the content-type uniform
public IScanIssue analyzeResponse(IHttpRequestResponse requestResponse) { IResponseInfo resp = helpers.analyzeResponse(requestResponse.getResponse()); if (resp == null || resp.getStatusCode() < 300 || resp.getStatusCode() >= 400) return null; List<String> headers = resp.getHeaders(); String locationHeader = Utils.getHeaderValue(headers, "Location"); if (locationHeader == null) return null; Matcher redirectMatcher = REDIRECT_PATTERN.matcher(locationHeader.toUpperCase()); if (redirectMatcher.find()) { String attackDetails = "A open redirect vulnerability was found at: <b>" + helpers.analyzeRequest(requestResponse).getUrl().toString() + "</b>\n"; List responseMarkers = new ArrayList(1); responseMarkers.add(new int[]{helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION"), helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION") + "LOCATION".length()}); return new CustomScanIssue(requestResponse.getHttpService(), this.helpers.analyzeRequest(requestResponse).getUrl(), new IHttpRequestResponse[]{this.callbacks.applyMarkers(requestResponse, null, responseMarkers)}, attackDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", "", ""); } return null; } }
/** * Get the body of the http message. * @param content The http message as bytes. * @param isRequest True if request, false if response. * @return JSON as a string. */ private String getJSON(byte[] content, boolean isRequest){ if(isRequest){ IRequestInfo iri = helpers.analyzeRequest(content); String body = (new String(content)).substring(iri.getBodyOffset()); return body; } else { IResponseInfo iri = helpers.analyzeResponse(content); String body = (new String(content)).substring(iri.getBodyOffset()); return body; } }
public short getStatusCode(IHttpRequestResponse messageInfo) { IResponseInfo analyzedResponse = helpers.analyzeResponse(messageInfo.getResponse()); return analyzedResponse.getStatusCode(); } public List<IParameter> getParas(IHttpRequestResponse messageInfo){
public static String getHeaderValue(IResponseInfo resp, String headerName) { for (String header : resp.getHeaders()) { String[] chunks = header.split(":", 2); if (chunks.length != 2 || !chunks[0].toLowerCase().equals(headerName.toLowerCase())) continue; return chunks[1].trim(); } return null; }
public imageDownloader(IBurpExtenderCallbacks callbacks, IExtensionHelpers helpers, IHttpService httpService,byte[] request) { IHttpRequestResponse message = callbacks.makeHttpRequest(httpService,request); IResponseInfo response = helpers.analyzeResponse(message.getResponse()); List<String> headers = response.getHeaders(); for(String header:headers) { if(header.toLowerCase().startsWith("content-type:")) { fileType= header.substring(header.indexOf("/")+1, header.indexOf(";")); } } int bodyOffset = response.getBodyOffset(); int length = message.getResponse().length; byte[] byte_body = Arrays.copyOfRange(message.getResponse(), bodyOffset, length-1); byte_image = byte_body; }
private IScanIssue analyzeResponse(IHttpRequestResponse requestResponse, String payload) { IResponseInfo resp = helpers.analyzeResponse(requestResponse.getResponse()); if (resp == null || resp.getStatusCode() != 200) return null; String bodySample = extractPrefix(helpers.bytesToString(Arrays.copyOfRange( requestResponse.getResponse(), resp.getBodyOffset(), resp.getBodyOffset() + BODY_SAMPLE_LEN ))); int payloadIndex = bodySample.indexOf(payload); if (payloadIndex > -1) { String attackDetails = "JSONP callback injection was found at: <b>" + helpers.analyzeRequest(requestResponse).getUrl().toString() + "</b>\n"; List<int[]> responseMarkers = Arrays.asList(new int[]{ resp.getBodyOffset() + payloadIndex, resp.getBodyOffset() + payloadIndex + payload.length() }); return new CustomScanIssue(requestResponse.getHttpService(), helpers.analyzeRequest(requestResponse).getUrl(), new IHttpRequestResponse[]{callbacks.applyMarkers(requestResponse, null, responseMarkers)}, attackDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", "", ""); } return null; }
public IScanIssue analyzeResponse(IHttpRequestResponse requestResponse) { IResponseInfo resp = helpers.analyzeResponse(requestResponse.getResponse()); if (resp == null || resp.getStatusCode() < 300 || resp.getStatusCode() >= 400) return null; List<String> headers = resp.getHeaders(); String locationHeader = Utils.getHeaderValue(headers, "Location"); if (locationHeader == null) return null; for (String redirect : REDIRECTS) { if (locationHeader.toUpperCase().startsWith(redirect)) { String attackDetails = "Open redirect vulnerability was found at: <b>" + helpers.analyzeRequest(requestResponse).getUrl().toString() + "</b>\n"; List responseMarkers = new ArrayList(1); responseMarkers.add(new int[]{helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION"), helpers.bytesToString(requestResponse.getResponse()).toUpperCase().indexOf("LOCATION") + "LOCATION".length()}); return new CustomScanIssue(requestResponse.getHttpService(), this.helpers.analyzeRequest(requestResponse).getUrl(), new IHttpRequestResponse[]{this.callbacks.applyMarkers(requestResponse, null, responseMarkers)}, attackDetails, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", "", ""); } } return null; } }