@Override public IHttpService getHttpService() { return baseRequestResponse.getHttpService(); }
@Override public IHttpService getHttpService() { return baseRequestResponse.getHttpService(); }
PayloadInjector(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) { this.service = baseRequestResponse.getHttpService(); this.base = baseRequestResponse; this.insertionPoint = insertionPoint; }
@Override public IHttpService getHttpService() { return requestResponse.getHttpService(); } }
@Override public IHttpService getHttpService() { return displayedItem.getHttpService(); } }
@Override public IHttpService getHttpService() { return requestResponse.getHttpService(); } }
/** * Get the {@link burp.IHttpService} of the displayed message * @return The {@link burp.IHttpService} of the displayed message. */ @Override public IHttpService getHttpService() { return currentlyDisplayedItem.getHttpService(); }
private boolean checkProtocol(IHttpRequestResponse messageInfo) { String protocol = messageInfo.getHttpService().getProtocol(); switch (this.matchRelationship) { case "Is HTTP": return protocol.equals("http"); default: return !protocol.equals("http"); } }
private boolean checkDomainName(IHttpRequestResponse messageInfo) { switch (this.matchRelationship) { case "Matches": return messageInfo.getHttpService().getHost().equals(this.matchCondition); default: return !messageInfo.getHttpService().getHost().equals(this.matchCondition); } }
private boolean checkListenerPort(IHttpRequestResponse messageInfo) { if (this.matchType.equals("Matches")) { return messageInfo.getHttpService().getPort() == Integer.parseInt(this.matchCondition); } else { return !(messageInfo.getHttpService().getPort() == Integer.parseInt(this.matchCondition)); } }
@Override public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { if (!messageIsRequest) { // Add the response body to the hashmap responseHashMap.put(messageInfo.getHttpService().getHost(), new Response(messageInfo.getResponse())); } } }
IHttpRequestResponse buildRequest(String payload, boolean needCacheBuster) { byte[] request = insertionPoint.buildRequest(payload.getBytes()); if (needCacheBuster) { IParameter cacheBuster = burp.Utilities.helpers.buildParameter(Utilities.generateCanary(), "1", IParameter.PARAM_URL); request = burp.Utilities.helpers.addParameter(request, cacheBuster); } IHttpRequestResponse requestResponse = burp.Utilities.attemptRequest(baseRequestResponse.getHttpService(), request); return requestResponse;// Utilities.buildRequest(baseRequestResponse, insertionPoint, payload) }
private static URL getURL(IHttpRequestResponse request) { IHttpService service = request.getHttpService(); URL url; try { url = new URL(service.getProtocol(), service.getHost(), service.getPort(), getPathFromRequest(request.getRequest())); } catch (java.net.MalformedURLException e) { url = null; } return url; }
public static URL getURL(IHttpRequestResponse request) { IHttpService service = request.getHttpService(); URL url; try { url = new URL(service.getProtocol(), service.getHost(), service.getPort(), getPathFromRequest(request.getRequest())); } catch (java.net.MalformedURLException e) { url = null; } return url; }
public static URL getURL(IHttpRequestResponse request) { IHttpService service = request.getHttpService(); URL url; try { url = new URL(service.getProtocol(), service.getHost(), service.getPort(), getPathFromRequest(request.getRequest())); } catch (java.net.MalformedURLException e) { url = null; } return url; }
private HashSet<String> recordHandling(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint, String probe) { String leftAnchor = Utilities.randomString(3); String middleAnchor = "z"+Integer.toString(Utilities.rnd.nextInt(9)); String rightAnchor = "z"+Utilities.randomString(3); String payload = leftAnchor + "\\\\" + middleAnchor + probe + rightAnchor; IHttpRequestResponse attack = callbacks.makeHttpRequest( baseRequestResponse.getHttpService(), insertionPoint.buildRequest(payload.getBytes())); // Utilities.buildRequest(baseRequestResponse, insertionPoint, payload) return getTransformationResults(leftAnchor + "\\" + middleAnchor, rightAnchor, helpers.stringToBytes(helpers.bytesToString(Utilities.filterResponse(attack.getResponse())))); }
private void sendToScanner(IBurpExtenderCallbacks callbacks, String url) { IHttpRequestResponse[] responses = callbacks.getSiteMap(url); for (IHttpRequestResponse response : responses) { IHttpService service = response.getHttpService(); boolean useHttps = service.getProtocol().equalsIgnoreCase("https"); callbacks.doActiveScan(service.getHost(), service.getPort(), useHttps, response.getRequest()); } }
private IScanIssue reportIssue(String payload, IHttpRequestResponse sentRequestResponse, IBurpCollaboratorInteraction collaboratorInteraction) { IHttpRequestResponse[] httpMessages = new IHttpRequestResponse[]{callbacks.applyMarkers(sentRequestResponse, buildRequestHighlights(payload, sentRequestResponse), Collections.emptyList())}; String issueDetail = buildIssueDetail(payload, collaboratorInteraction); return new CustomScanIssue(sentRequestResponse.getHttpService(), helpers.analyzeRequest(sentRequestResponse).getUrl(), httpMessages, issueDetail, ISSUE_TYPE, ISSUE_NAME, SEVERITY, CONFIDENCE, "", ISSUE_BACKGROUND, REMEDIATION_BACKGROUND); }
static Attack buildTransformationAttack(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint, String leftAnchor, String payload, String rightAnchor) { IHttpRequestResponse req = attemptRequest(baseRequestResponse.getHttpService(), insertionPoint.buildRequest(helpers.stringToBytes(insertionPoint.getBaseValue() + leftAnchor + payload + rightAnchor))); return new Attack(Utilities.highlightRequestResponse(req, leftAnchor, leftAnchor+payload+rightAnchor, insertionPoint), null, payload, ""); }
static Attack buildTransformationAttack(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint, String leftAnchor, String payload, String rightAnchor) { IHttpRequestResponse req = attemptRequest(baseRequestResponse.getHttpService(), insertionPoint.buildRequest(helpers.stringToBytes(insertionPoint.getBaseValue() + leftAnchor + payload + rightAnchor))); return new Attack(Utilities.highlightRequestResponse(req, leftAnchor, leftAnchor+payload+rightAnchor, insertionPoint), null, payload, ""); }