String getLocation() { return collab.getCollaboratorServerLocation(); }
private boolean isCollaboratorLocationIpBased(IBurpCollaboratorClientContext collaboratorContext) { return collaboratorContext .getCollaboratorServerLocation() .matches("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") || collaboratorContext .getCollaboratorServerLocation() .contains(":"); }
String generateCollabId(int requestCode, String type) { String id = collab.generatePayload(false); idToRequestID.put(id, requestCode); idToType.put(id, type); return id+"."+collab.getCollaboratorServerLocation(); }
String getPayload() { interactionId = collaborator.generatePayload(false); return interactionId + "." + collaborator.getCollaboratorServerLocation(); } }
for(int i=0;i<collaboratorContextList.size();i++) { try { stdout.println("Polling " + collaboratorContextList.get(i).getCollaboratorServerLocation()); } catch(IllegalStateException e) { stdout.println("Can't fetch interactions while Collaborator is disabled (Burp Suite limitation)");
public ArrayList<Payload> getRCEPayloads(IIntruderAttack attack) { _collabContext = _callbacks.createBurpCollaboratorClientContext(); // String host = attack.getHttpService().getHost(); String host = _collabContext.getCollaboratorServerLocation(); ArrayList<Payload> result = new ArrayList<>(); if (_timeBasedPayloads.size() > 0) result.addAll(_timeBasedPayloads); for (CollaboratorPayload payload : _collaboratorPayloads) { Payload p; if (payload.isBinary()) { p = new Payload(generateCollaboratorBytePayload(payload.getPayloadName(), host)); } else { p = new Payload(generateCollaboratorTextPayload(payload.getPayloadName(), host).getBytes()); } result.add(p); } return result; } }
String collaboratorRegex = "\\w{30}\\." + BurpExtender.callbacks.createBurpCollaboratorClientContext().getCollaboratorServerLocation(); if(Pattern.compile(collaboratorRegex).matcher(payload).find())
public void addIssue(IBurpCollaboratorInteraction interaction, IBurpCollaboratorClientContext collaboratorContext) { IHttpRequestResponse requestResponse = processedRequestResponse.get(interactionId + "." + collaboratorContext.getCollaboratorServerLocation()); collaboratorContext.getCollaboratorServerLocation() + "<br /><br />" + "The lookup was received from IP address " + interaction.getProperty("client_ip") + " at " + localTimestamp + "<br /><br />" + "DNS query (encoded in Base64)<br />" + "." + collaboratorContext.getCollaboratorServerLocation() + ".<br /><br />The request was received from IP address " + interaction.getProperty("client_ip") + " at " + localTimestamp + "<br /><br />" + "Request to collaborator (encoded in Base64)<br />" + interaction.getProperty("request") + "<br /><br />" + interaction.getProperty("interaction_id") + "." + collaboratorContext.getCollaboratorServerLocation() + ")";
if (!p.isBinary()) { try { payloadBytes = _helpers.stringToBytes(generateCollaboratorTextPayload(p.getPayloadName(), collabId + "." + _collabContext.getCollaboratorServerLocation())); } catch (NullPointerException npe) { dbgLog("[-] Null pointer exception in " + _targetName); payloadBytes = generateCollaboratorBytePayload(p.getPayloadName(), collabId + "." + _collabContext.getCollaboratorServerLocation()); reqMarkers = new ArrayList<>(); reqMarkers.add(insertionPoint.getPayloadOffsets(payloadBytes)); _collabRecords.add(new CollaboratorRecord(collabId, collabId + "." + _collabContext.getCollaboratorServerLocation(), baseReqRes, newReqRes, reqMarkers, true)); payloadBytes = _helpers.stringToBytes(_helpers.base64Encode(generateCollaboratorBytePayload(p.getPayloadName(), collabId + "." + _collabContext.getCollaboratorServerLocation()))); if (payloadBytes == null) { throw new IllegalStateException("The module " + _targetName + " is flagged as RCE-capable " + reqMarkers = new ArrayList<>(); reqMarkers.add(insertionPoint.getPayloadOffsets(payloadBytes)); _collabRecords.add(new CollaboratorRecord(collabId, collabId + "." + _collabContext.getCollaboratorServerLocation(), baseReqRes, newReqRes, reqMarkers, true));